This just came to my attention. The processing of pkg-descr since we moved to using a jail-based solution is wrong. The function which reads and processes the contents of pkg-descr is not using the jail to read the file. I’ll fix the bug soon, and refresh all commits which touched pkg-descr.
Noted by koobs with respect to security/py-pycrypto.
I think this is the fix:
$ cvs di -u port.pm
Index: port.pm
===================================================================
RCS file: /home/repositories/freshports-1/scripts/port.pm,v
retrieving revision 1.72
diff -u -r1.72 port.pm
--- port.pm 23 Mar 2013 20:48:17 -0000 1.72
+++ port.pm 23 Apr 2013 15:26:52 -0000
@@ -665,7 +665,7 @@
my $longdescription = '';
my $homepage = '';
if (defined($RealDescrPath) && -f $RealDescrPath) {
- print "invoking _GetDescrAndHomePage()\n";
+ print "invoking _GetDescrAndHomePage() with '$RealDescrPath'\n";
($longdescription, $homepage) = _GetDescrAndHomePage($RealDescrPath);
}
@@ -989,7 +989,8 @@
my $url;
my $DESCR;
- open (F,$file) || FreshPorts::Utilities::ReportError('warning', "couldn't open $file: $!", 1);
+ # this needs to open relative to the jail root.
+ open (F, $FreshPorts::Config::JailBaseDir . $file) || FreshPorts::Utilities::ReportError('warning', "couldn't open $file: $!", 1);
$DESCR = "";
while(<F>){
Update 2013-14-23 2150
The dev website has been updated.
Update 2013-14-24 0615
The beta website has been updated.
Update 2013-14-24 0625
The prod website has been updated.
