Non-maintainer commit: Version bump for security bug 278824.

Package-Manager: portage-2.2_rc33/cvs/Linux x86_64

9 files changed, 587 insertions, 3 deletions

diff --git a/net-zope/zodb/ChangeLog b/net-zope/zodb/ChangeLog
index 077f13281f6b..c99f08ab03ed 100644
--- a/net-zope/zodb/ChangeLog
+++ b/net-zope/zodb/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-zope/zodb
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-zope/zodb/ChangeLog,v 1.28 2009/06/01 09:15:43 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zodb/ChangeLog,v 1.29 2009/08/17 10:17:42 a3li Exp $
+
+*zodb-3.6.0-r1 (17 Aug 2009)
+*zodb-3.3.1-r1 (17 Aug 2009)
+
+  17 Aug 2009; Alex Legler <a3li@gentoo.org> +zodb-3.3.1-r1.ebuild,
+  +files/zodb-3.3.1-CVE-2009-0668+0669.patch, +zodb-3.6.0-r1.ebuild,
+  +files/zodb-3.6.0-CVE-2009-0668+0669.patch:
+  Non-mainatiner commit: Version bump for security bug 278824.
 
   01 Jun 2009; Samuli Suominen <ssuominen@gentoo.org> zodb-3.3.1.ebuild,
   zodb-3.6.0.ebuild:
diff --git a/net-zope/zodb/files/zodb-3.3.1-CVE-2009-0668+0669.patch b/net-zope/zodb/files/zodb-3.3.1-CVE-2009-0668+0669.patch
new file mode 100644
index 000000000000..d9cff752cd1f
--- /dev/null
+++ b/net-zope/zodb/files/zodb-3.3.1-CVE-2009-0668+0669.patch
@@ -0,0 +1,117 @@
+=== StorageServer.py
+==================================================================
+Index: ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/StorageServer.py
+===================================================================
+--- ZODB3-3.3.1.orig/Dependencies/ZEO-ZODB3-3.3.1/ZEO/StorageServer.py
++++ ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/StorageServer.py
+@@ -98,7 +98,7 @@ class ZEOStorage:
+         for func in self.extensions:
+             self._extensions[func.func_name] = None
+ 
+-    def finish_auth(self, authenticated):
++    def _finish_auth(self, authenticated):
+         if not self.auth_realm:
+             return 1
+         self.authenticated = authenticated
+@@ -350,6 +350,7 @@ class ZEOStorage:
+ 
+     def new_oids(self, n=100):
+         """Return a sequence of n new oids, where n defaults to 100"""
++        n = min(n, 100)
+         if self.read_only:
+             raise ReadOnlyError()
+         if n <= 0:
+Index: ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/auth/auth_digest.py
+===================================================================
+--- ZODB3-3.3.1.orig/Dependencies/ZEO-ZODB3-3.3.1/ZEO/auth/auth_digest.py
++++ ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/auth/auth_digest.py
+@@ -121,7 +121,7 @@ class StorageClass(ZEOStorage):
+         check = hexdigest("%s:%s" % (h_up, challenge))
+         if check == response:
+             self.connection.setSessionKey(session_key(h_up, self._key_nonce))
+-        return self.finish_auth(check == response)
++        return self._finish_auth(check == response)
+ 
+     extensions = [auth_get_challenge, auth_response]
+ 
+Index: ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/tests/auth_plaintext.py
+===================================================================
+--- ZODB3-3.3.1.orig/Dependencies/ZEO-ZODB3-3.3.1/ZEO/tests/auth_plaintext.py
++++ ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/tests/auth_plaintext.py
+@@ -41,7 +41,7 @@ class StorageClass(ZEOStorage):
+             self.connection.setSessionKey(session_key(username,
+                                                       self.database.realm,
+                                                       password))
+-        return self.finish_auth(dbpw == password_dig)
++        return self._finish_auth(dbpw == password_dig)
+ 
+ class PlaintextClient(Client):
+     extensions = ["auth"]
+Index: ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/connection.py
+===================================================================
+--- ZODB3-3.3.1.orig/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/connection.py
++++ ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/connection.py
+@@ -22,7 +22,7 @@ import logging
+ import ThreadedAsync
+ from ZEO.zrpc import smac
+ from ZEO.zrpc.error import ZRPCError, DisconnectedError
+-from ZEO.zrpc.marshal import Marshaller
++from ZEO.zrpc.marshal import Marshaller, ServerMarshaller
+ from ZEO.zrpc.trigger import trigger
+ from ZEO.zrpc.log import short_repr, log
+ from ZODB.loglevels import BLATHER, TRACE
+@@ -716,6 +716,7 @@ class ManagedServerConnection(Connection
+     def __init__(self, sock, addr, obj, mgr):
+         self.mgr = mgr
+         self.__super_init(sock, addr, obj, 'S')
++        self.marshal = ServerMarshaller()
+         self.obj.notifyConnected(self)
+ 
+     def handshake(self):
+Index: ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/marshal.py
+===================================================================
+--- ZODB3-3.3.1.orig/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/marshal.py
++++ ZODB3-3.3.1/Dependencies/ZEO-ZODB3-3.3.1/ZEO/zrpc/marshal.py
+@@ -53,6 +53,20 @@ class Marshaller:
+                 level=logging.ERROR)
+             raise
+ 
++class ServerMarshaller(Marshaller):
++
++    def decode(self, msg):
++        """Decodes msg and returns its parts"""
++        unpickler = cPickle.Unpickler(StringIO(msg))
++        unpickler.find_global = server_find_global
++
++        try:
++            return unpickler.load() # msgid, flags, name, args
++        except:
++            log("can't decode message: %s" % short_repr(msg),
++                level=logging.ERROR)
++            raise
++
+ _globals = globals()
+ _silly = ('__doc__',)
+ 
+@@ -77,3 +91,21 @@ def find_global(module, name):
+         return r
+ 
+     raise ZRPCError("Unsafe global: %s.%s" % (module, name))
++
++def server_find_global(module, name):
++    """Helper for message unpickler"""
++    try:
++        m = __import__(module, _globals, _globals, _silly)
++    except ImportError, msg:
++        raise ZRPCError("import error %s: %s" % (module, msg))
++
++    try:
++        r = getattr(m, name)
++    except AttributeError:
++        raise ZRPCError("module %s has no global %s" % (module, name))
++
++    safe = getattr(r, '__no_side_effects__', 0)
++    if safe:
++        return r
++
++    raise ZRPCError("Unsafe global: %s.%s" % (module, name))
diff --git a/net-zope/zodb/files/zodb-3.6.0-CVE-2009-0668+0669.patch b/net-zope/zodb/files/zodb-3.6.0-CVE-2009-0668+0669.patch
new file mode 100644
index 000000000000..e39248603d00
--- /dev/null
+++ b/net-zope/zodb/files/zodb-3.6.0-CVE-2009-0668+0669.patch
@@ -0,0 +1,117 @@
+=== StorageServer.py
+==================================================================
+Index: ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/StorageServer.py
+===================================================================
+--- ZODB3-3.6.0.orig/Dependencies/ZEO-ZODB3-3.6.0/ZEO/StorageServer.py
++++ ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/StorageServer.py
+@@ -98,7 +98,7 @@ class ZEOStorage:
+         for func in self.extensions:
+             self._extensions[func.func_name] = None
+ 
+-    def finish_auth(self, authenticated):
++    def _finish_auth(self, authenticated):
+         if not self.auth_realm:
+             return 1
+         self.authenticated = authenticated
+@@ -350,6 +350,7 @@ class ZEOStorage:
+ 
+     def new_oids(self, n=100):
+         """Return a sequence of n new oids, where n defaults to 100"""
++        n = min(n, 100)
+         if self.read_only:
+             raise ReadOnlyError()
+         if n <= 0:
+Index: ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/auth/auth_digest.py
+===================================================================
+--- ZODB3-3.6.0.orig/Dependencies/ZEO-ZODB3-3.6.0/ZEO/auth/auth_digest.py
++++ ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/auth/auth_digest.py
+@@ -121,7 +121,7 @@ class StorageClass(ZEOStorage):
+         check = hexdigest("%s:%s" % (h_up, challenge))
+         if check == response:
+             self.connection.setSessionKey(session_key(h_up, self._key_nonce))
+-        return self.finish_auth(check == response)
++        return self._finish_auth(check == response)
+ 
+     extensions = [auth_get_challenge, auth_response]
+ 
+Index: ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/tests/auth_plaintext.py
+===================================================================
+--- ZODB3-3.6.0.orig/Dependencies/ZEO-ZODB3-3.6.0/ZEO/tests/auth_plaintext.py
++++ ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/tests/auth_plaintext.py
+@@ -41,7 +41,7 @@ class StorageClass(ZEOStorage):
+             self.connection.setSessionKey(session_key(username,
+                                                       self.database.realm,
+                                                       password))
+-        return self.finish_auth(dbpw == password_dig)
++        return self._finish_auth(dbpw == password_dig)
+ 
+ class PlaintextClient(Client):
+     extensions = ["auth"]
+Index: ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/connection.py
+===================================================================
+--- ZODB3-3.6.0.orig/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/connection.py
++++ ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/connection.py
+@@ -22,7 +22,7 @@ import logging
+ import ThreadedAsync
+ from ZEO.zrpc import smac
+ from ZEO.zrpc.error import ZRPCError, DisconnectedError
+-from ZEO.zrpc.marshal import Marshaller
++from ZEO.zrpc.marshal import Marshaller, ServerMarshaller
+ from ZEO.zrpc.trigger import trigger
+ from ZEO.zrpc.log import short_repr, log
+ from ZODB.loglevels import BLATHER, TRACE
+@@ -716,6 +716,7 @@ class ManagedServerConnection(Connection
+     def __init__(self, sock, addr, obj, mgr):
+         self.mgr = mgr
+         self.__super_init(sock, addr, obj, 'S')
++        self.marshal = ServerMarshaller()
+         self.obj.notifyConnected(self)
+ 
+     def handshake(self):
+Index: ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/marshal.py
+===================================================================
+--- ZODB3-3.6.0.orig/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/marshal.py
++++ ZODB3-3.6.0/Dependencies/ZEO-ZODB3-3.6.0/ZEO/zrpc/marshal.py
+@@ -53,6 +53,20 @@ class Marshaller:
+                 level=logging.ERROR)
+             raise
+ 
++class ServerMarshaller(Marshaller):
++
++    def decode(self, msg):
++        """Decodes msg and returns its parts"""
++        unpickler = cPickle.Unpickler(StringIO(msg))
++        unpickler.find_global = server_find_global
++
++        try:
++            return unpickler.load() # msgid, flags, name, args
++        except:
++            log("can't decode message: %s" % short_repr(msg),
++                level=logging.ERROR)
++            raise
++
+ _globals = globals()
+ _silly = ('__doc__',)
+ 
+@@ -77,3 +91,21 @@ def find_global(module, name):
+         return r
+ 
+     raise ZRPCError("Unsafe global: %s.%s" % (module, name))
++
++def server_find_global(module, name):
++    """Helper for message unpickler"""
++    try:
++        m = __import__(module, _globals, _globals, _silly)
++    except ImportError, msg:
++        raise ZRPCError("import error %s: %s" % (module, msg))
++
++    try:
++        r = getattr(m, name)
++    except AttributeError:
++        raise ZRPCError("module %s has no global %s" % (module, name))
++
++    safe = getattr(r, '__no_side_effects__', 0)
++    if safe:
++        return r
++
++    raise ZRPCError("Unsafe global: %s.%s" % (module, name))
diff --git a/net-zope/zodb/zodb-3.3.1-r1.ebuild b/net-zope/zodb/zodb-3.3.1-r1.ebuild
new file mode 100644
index 000000000000..a666014239a2
--- /dev/null
+++ b/net-zope/zodb/zodb-3.3.1-r1.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zodb/zodb-3.3.1-r1.ebuild,v 1.1 2009/08/17 10:17:42 a3li Exp $
+EAPI=2
+
+inherit distutils
+
+MY_P=ZODB
+DESCRIPTION="Zope Object DataBase"
+HOMEPAGE="http://zope.org/Products/ZODB3.3"
+SRC_URI="http://zope.org/Products/${MY_P}3.3/${MY_P}%20${PV}/${MY_P}3-${PV}.tgz"
+
+LICENSE="ZPL"
+SLOT="3.3"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND=">=dev-lang/python-2.4"
+DEPEND="${RDEPEND}
+	!net-zope/zopeinterface"
+
+S=${WORKDIR}/${MY_P}3-${PV}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PF}_umaskbug.patch \
+		"${FILESDIR}"/${P}-CVE-2009-0668+0669.patch
+}
+
+src_install() {
+	distutils_src_install
+	dohtml -a html -r Doc ExtensionClass
+}
diff --git a/net-zope/zodb/zodb-3.6.0-r1.ebuild b/net-zope/zodb/zodb-3.6.0-r1.ebuild
new file mode 100644
index 000000000000..46754427eacf
--- /dev/null
+++ b/net-zope/zodb/zodb-3.6.0-r1.ebuild
@@ -0,0 +1,26 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zodb/zodb-3.6.0-r1.ebuild,v 1.1 2009/08/17 10:17:42 a3li Exp $
+EAPI=2
+
+inherit distutils
+
+MY_P="ZODB"
+DESCRIPTION="Zope Object DataBase"
+HOMEPAGE="http://zope.org/Products/ZODB3.6"
+SRC_URI="http://zope.org/Products/${MY_P}3.6/${MY_P}%20${PV}/${MY_P}3-${PV}.tgz"
+
+LICENSE="ZPL"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+RDEPEND=">=dev-lang/python-2.4"
+DEPEND="${RDEPEND}
+	!net-zope/zopeinterface"
+
+S=${WORKDIR}/${MY_P}3-${PV}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2009-0668+0669.patch
+}
diff --git a/net-zope/zope/ChangeLog b/net-zope/zope/ChangeLog
index 059dad0f29ef..55b832bbedf8 100644
--- a/net-zope/zope/ChangeLog
+++ b/net-zope/zope/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-zope/zope
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.151 2008/11/24 09:14:04 tupone Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.152 2009/08/17 10:14:28 a3li Exp $
+
+*zope-2.10.7-r1 (17 Aug 2009)
+*zope-2.9.10-r1 (17 Aug 2009)
+
+  17 Aug 2009; Alex Legler <a3li@gentoo.org> +zope-2.9.10-r1.ebuild,
+  +zope-2.10.7-r1.ebuild, +files/CVE-2009-0668+0669.patch:
+  Non-maintainer commit: Version bump for security bug 278824.
 
   24 Nov 2008; Alfredo Tupone <tupone@gentoo.org> -zope-2.9.7.ebuild,
   -zope-2.9.8.ebuild, -zope-2.9.9.ebuild, -zope-2.10.3.ebuild,
diff --git a/net-zope/zope/files/CVE-2009-0668+0669.patch b/net-zope/zope/files/CVE-2009-0668+0669.patch
new file mode 100644
index 000000000000..ba8ca9711cc9
--- /dev/null
+++ b/net-zope/zope/files/CVE-2009-0668+0669.patch
@@ -0,0 +1,117 @@
+=== StorageServer.py
+==================================================================
+Index: lib/python/ZEO/StorageServer.py
+===================================================================
+--- lib/python/ZEO/StorageServer.py
++++ lib/python/ZEO/StorageServer.py
+@@ -98,7 +98,7 @@ class ZEOStorage:
+         for func in self.extensions:
+             self._extensions[func.func_name] = None
+ 
+-    def finish_auth(self, authenticated):
++    def _finish_auth(self, authenticated):
+         if not self.auth_realm:
+             return 1
+         self.authenticated = authenticated
+@@ -350,6 +350,7 @@ class ZEOStorage:
+ 
+     def new_oids(self, n=100):
+         """Return a sequence of n new oids, where n defaults to 100"""
++        n = min(n, 100)
+         if self.read_only:
+             raise ReadOnlyError()
+         if n <= 0:
+Index: lib/python/ZEO/auth/auth_digest.py
+===================================================================
+--- lib/python/ZEO/auth/auth_digest.py
++++ lib/python/ZEO/auth/auth_digest.py
+@@ -121,7 +121,7 @@ class StorageClass(ZEOStorage):
+         check = hexdigest("%s:%s" % (h_up, challenge))
+         if check == response:
+             self.connection.setSessionKey(session_key(h_up, self._key_nonce))
+-        return self.finish_auth(check == response)
++        return self._finish_auth(check == response)
+ 
+     extensions = [auth_get_challenge, auth_response]
+ 
+Index: lib/python/ZEO/tests/auth_plaintext.py
+===================================================================
+--- lib/python/ZEO/tests/auth_plaintext.py
++++ lib/python/ZEO/tests/auth_plaintext.py
+@@ -41,7 +41,7 @@ class StorageClass(ZEOStorage):
+             self.connection.setSessionKey(session_key(username,
+                                                       self.database.realm,
+                                                       password))
+-        return self.finish_auth(dbpw == password_dig)
++        return self._finish_auth(dbpw == password_dig)
+ 
+ class PlaintextClient(Client):
+     extensions = ["auth"]
+Index: lib/python/ZEO/zrpc/connection.py
+===================================================================
+--- lib/python/ZEO/zrpc/connection.py
++++ lib/python/ZEO/zrpc/connection.py
+@@ -22,7 +22,7 @@ import logging
+ import ThreadedAsync
+ from ZEO.zrpc import smac
+ from ZEO.zrpc.error import ZRPCError, DisconnectedError
+-from ZEO.zrpc.marshal import Marshaller
++from ZEO.zrpc.marshal import Marshaller, ServerMarshaller
+ from ZEO.zrpc.trigger import trigger
+ from ZEO.zrpc.log import short_repr, log
+ from ZODB.loglevels import BLATHER, TRACE
+@@ -716,6 +716,7 @@ class ManagedServerConnection(Connection
+     def __init__(self, sock, addr, obj, mgr):
+         self.mgr = mgr
+         self.__super_init(sock, addr, obj, 'S')
++        self.marshal = ServerMarshaller()
+         self.obj.notifyConnected(self)
+ 
+     def handshake(self):
+Index: lib/python/ZEO/zrpc/marshal.py
+===================================================================
+--- lib/python/ZEO/zrpc/marshal.py
++++ lib/python/ZEO/zrpc/marshal.py
+@@ -53,6 +53,20 @@ class Marshaller:
+                 level=logging.ERROR)
+             raise
+ 
++class ServerMarshaller(Marshaller):
++
++    def decode(self, msg):
++        """Decodes msg and returns its parts"""
++        unpickler = cPickle.Unpickler(StringIO(msg))
++        unpickler.find_global = server_find_global
++
++        try:
++            return unpickler.load() # msgid, flags, name, args
++        except:
++            log("can't decode message: %s" % short_repr(msg),
++                level=logging.ERROR)
++            raise
++
+ _globals = globals()
+ _silly = ('__doc__',)
+ 
+@@ -77,3 +91,21 @@ def find_global(module, name):
+         return r
+ 
+     raise ZRPCError("Unsafe global: %s.%s" % (module, name))
++
++def server_find_global(module, name):
++    """Helper for message unpickler"""
++    try:
++        m = __import__(module, _globals, _globals, _silly)
++    except ImportError, msg:
++        raise ZRPCError("import error %s: %s" % (module, msg))
++
++    try:
++        r = getattr(m, name)
++    except AttributeError:
++        raise ZRPCError("module %s has no global %s" % (module, name))
++
++    safe = getattr(r, '__no_side_effects__', 0)
++    if safe:
++        return r
++
++    raise ZRPCError("Unsafe global: %s.%s" % (module, name))
diff --git a/net-zope/zope/zope-2.10.7-r1.ebuild b/net-zope/zope/zope-2.10.7-r1.ebuild
new file mode 100644
index 000000000000..75102edfc336
--- /dev/null
+++ b/net-zope/zope/zope-2.10.7-r1.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/zope-2.10.7-r1.ebuild,v 1.1 2009/08/17 10:14:28 a3li Exp $
+EAPI=2
+
+inherit eutils multilib
+
+DESCRIPTION="Zope is a web application platform used for building high-performance, dynamic web sites"
+HOMEPAGE="http://www.zope.org"
+SRC_URI="http://www.zope.org/Products/Zope/${PV}/Zope-${PV}-final.tgz"
+
+LICENSE="ZPL"
+SLOT="${PV}"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND="=dev-lang/python-2.4*"
+
+S="${WORKDIR}/Zope-${PV}-final"
+ZUID=zope
+ZGID=zope
+ZS_DIR=${ROOT%/}/usr/$(get_libdir)
+ZSERVDIR=${ZS_DIR}/${P}
+
+# Narrow the scope of ownership/permissions.
+# Security plan:
+# * ZUID is the superuser for all zope instances.
+# * ZGID is for a single instance's administration.
+# * Other' should not have any access to ${ZSERVDIR},
+#   because they can work through the Zope web interface.
+#   This should protect our code/data better.
+#
+# UPDATE: ${ZSERVDIR} is a lib directory and should be world readable
+# like e.g /usr/lib/python we do not store any user data there,
+# currently removed all custom permission stuff, for ${ZSERVDIR}
+src_prepare() {
+	epatch "${FILESDIR}"/CVE-2009-0668+0669.patch
+}
+
+src_configure() {
+	./configure  --prefix="${D}${ZSERVDIR}" --with-python=/usr/bin/python2.4 || die "Failed to execute ./configure ..."
+}
+
+src_install() {
+	dodoc README.txt
+	dodoc doc/*.txt
+	docinto PLATFORMS ; dodoc doc/PLATFORMS/*
+	docinto ZEO ; dodoc doc/ZEO/*
+
+	make install prefix="${D}${ZSERVDIR}" || die "Failed to install into ${D}${ZSERVDIR}"
+	rm -rf "${D}${ZSERVDIR}"/doc
+	dosym ../../share/doc/${PF} ${ZSERVDIR}/doc
+
+	# copy the init script skeleton to skel directory of our installation
+	insinto "${ZSERVDIR}"/skel
+	doins "${FILESDIR}"/zope.initd
+}
+
+src_test() {
+	einfo "Tests disabled by Gentoo team."
+}
+
+pkg_postinst() {
+	# create the zope user and group for backward compatibility
+	enewgroup ${ZGID} 261
+	usermod -g ${ZGID} ${ZUID} 2>&1 >/dev/null || \
+	enewuser ${ZUID} 261 -1 /var/$(get_libdir)/zope  ${ZGID}
+
+	einfo "Be warned that you need at least one zope instance to run zope."
+	einfo "Please emerge zope-config for futher instance management."
+}
+
+pkg_prerm() {
+	#Remove old compiled code
+	rm ${ZSERVDIR}/bin/copyzopeskel.pyc
+
+	#need to remove this symlink because portage keeps links to
+	#existing targets
+	rm ${ZSERVDIR}/bin/python
+}
diff --git a/net-zope/zope/zope-2.9.10-r1.ebuild b/net-zope/zope/zope-2.9.10-r1.ebuild
new file mode 100644
index 000000000000..feafff5d00bd
--- /dev/null
+++ b/net-zope/zope/zope-2.9.10-r1.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/zope-2.9.10-r1.ebuild,v 1.1 2009/08/17 10:14:28 a3li Exp $
+EAPI=2
+
+inherit eutils multilib
+
+DESCRIPTION="Zope is a web application platform used for building high-performance, dynamic web sites"
+HOMEPAGE="http://www.zope.org"
+SRC_URI="http://www.zope.org/Products/Zope/${PV}/Zope-${PV}-final.tgz"
+
+LICENSE="ZPL"
+SLOT="${PV}"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND="=dev-lang/python-2.4*"
+
+S="${WORKDIR}/Zope-${PV}-final"
+ZUID=zope
+ZGID=zope
+ZS_DIR=${ROOT%/}/usr/$(get_libdir)
+ZSERVDIR=${ZS_DIR}/${P}
+
+# Narrow the scope of ownership/permissions.
+# Security plan:
+# * ZUID is the superuser for all zope instances.
+# * ZGID is for a single instance's administration.
+# * Other' should not have any access to ${ZSERVDIR},
+#   because they can work through the Zope web interface.
+#   This should protect our code/data better.
+#
+# UPDATE: ${ZSERVDIR} is a lib directory and should be world readable
+# like e.g /usr/lib/python we do not store any user data there,
+# currently removed all custom permission stuff, for ${ZSERVDIR}
+
+src_prepare() {
+	epatch "${FILESDIR}"/CVE-2009-0668+0669.patch
+}
+
+src_configure() {
+	./configure  --prefix="${D}${ZSERVDIR}" --with-python=/usr/bin/python2.4 || die "Failed to execute ./configure ..."
+}
+
+src_install() {
+	dodoc README.txt
+	dodoc Zope/doc/*.txt
+	docinto PLATFORMS ; dodoc Zope/doc/PLATFORMS/*
+	docinto ZEO ; dodoc Zope/doc/ZEO/*
+
+	make install prefix="${D}"${ZSERVDIR} || die "Failed to install into ${D}${ZSERVDIR}"
+	rm -rf "${D}"${ZSERVDIR}/doc
+	dosym ../../share/doc/${PF} ${ZSERVDIR}/doc
+
+	# copy the init script skeleton to skel directory of our installation
+	cp "${FILESDIR}"/zope.initd "${D}"/${ZSERVDIR}/skel/zope.initd
+}
+
+src_test() {
+	einfo "Tests disabled by Gentoo team."
+}
+
+pkg_postinst() {
+	# create the zope user and group for backward compatibility
+	enewgroup ${ZGID} 261
+	usermod -g ${ZGID} ${ZUID} 2>&1 >/dev/null || \
+	enewuser ${ZUID} 261 -1 /var/$(get_libdir)/zope  ${ZGID}
+
+	einfo "Be warned that you need at least one zope instance to run zope."
+	einfo "Please emerge zope-config for futher instance management."
+}
+
+pkg_prerm() {
+	#Remove old compiled code
+	rm ${ZSERVDIR}/bin/copyzopeskel.pyc
+
+	#need to remove this symlink because portage keeps links to
+	#existing targets
+	rm ${ZSERVDIR}/bin/python
+}