[Checkins] SVN: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/ Add hotfix for vulnerability reported today.
Tres Seaver
tseaver at palladion.com
Mon Oct 24 21:46:18 UTC 2011
Log message for revision 123148:
Add hotfix for vulnerability reported today.
Changed:
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt
A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py
-=-
Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt 2011-10-24 21:46:18 UTC (rev 123148)
@@ -0,0 +1,8 @@
+'Products.Zope_Hotfix_20111024' Changelog
+=========================================
+
+
+1.0 (2011-10-24)
+----------------
+
+- Initial release.
Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py 2011-10-24 21:46:18 UTC (rev 123148)
@@ -0,0 +1,4 @@
+def initialize(context):
+ from AccessControl.User import BasicUserFolder
+ from App.class_init import InitializeClass
+ InitializeClass(BasicUserFolder)
Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py 2011-10-24 21:46:18 UTC (rev 123148)
@@ -0,0 +1,6 @@
+# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
+try:
+ __import__('pkg_resources').declare_namespace(__name__)
+except ImportError:
+ from pkgutil import extend_path
+ __path__ = extend_path(__path__, __name__)
Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt 2011-10-24 21:46:18 UTC (rev 123148)
@@ -0,0 +1,78 @@
+'Products.Zope_Hotfix_20111024' README
+======================================
+
+Overview
+--------
+
+This hotfix addresses a serious vulnerability in the Zope2 application
+server. Affected versions of Zope2 include:
+
+- 2.12.x <= 2.12.20
+
+- 2.13.x <= 2.13.6
+
+Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
+
+The Zope2 security response team recommends that all users of these
+releases upgrade to an unaffected release (2.12.21 or 2.13.11) as soon as
+they become available.
+
+Until that upgrade is feasible, deploying this hotfix also mitigates the
+vulnerability.
+
+
+Installing the Hotfix: Via 'easy_install'
+-------------------------------------------
+
+If the Python which runs your Zope instance has 'setuptools' installed (or
+is a 'virtualenv'), you can install the hotfix directly from PyPI::
+
+ $ /prefix/bin/easy_install Products.Zope_Hotfix_20111024
+
+and then restart the Zope instance, e.g.:
+
+ $ /path/to/instance/bin/zopectl restart
+
+
+Installing the Hotfix: Via 'zc.buildout'
+-----------------------------------------
+
+If your Zope instance is managed via 'zc.buildout', you can install
+the hotfix directly from PyPI. Edit the 'buildout.cfg' file, adding
+"Products.Zope_Hotfix_20111024" to the "eggs" section of the instance.
+E.g.::
+
+ [instance]
+ recipe = plone.recipe.zope2instance
+ #...
+ eggs =
+ ${buildout:eggs}
+ Products.Zope_Hotfix_20111024
+
+Next, re-run the buildout::
+
+ $ /path/to/buildout/bin/buildout
+
+and then restart the Zope instance, e.g.:
+
+ $ /path/to/buildout/bin/instance restart
+
+
+Installing the Hotfix: Manual Installation
+-------------------------------------------
+
+You may also install this hotfix by unpacking the tarball and adding a
+'products' key to the 'etc/zope.conf' of your instance. E.g.::
+
+ products /path/to/Products.Zope_Hotfix_20111024/Products
+
+
+Verifying the Installation
+--------------------------
+
+After restarting the Zope instance, check the 'Control_Panel/Products'
+folder in the Zope Management Interface, e.g.:
+
+ http://localhost:8080/Control_Panel/Products/manage_main
+
+You should see the 'Zope_Hotfix_20111024' product folder there.
Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py 2011-10-24 21:46:18 UTC (rev 123148)
@@ -0,0 +1,27 @@
+from setuptools import setup, find_packages
+
+version = '1.0'
+
+setup(name='Products.Zope_Hotfix_20111024',
+ version=version,
+ description="Hotfix for Zope 2.12 + 2.13",
+ long_description=open("README.txt").read() + "\n" +
+ open("CHANGES.txt").read(),
+ classifiers=[
+ "Programming Language :: Python",
+ "Framework :: Zope2",
+ "License :: OSI Approved :: Zope Public License",
+ ],
+ keywords='security hotfix patch',
+ author='Zope Foundation and Contributors',
+ author_email='zope-dev at zope.org',
+ url='http://svn.zope.org/Zope/hotfixes/Products.Zope_Hotfix_20111024',
+ license='ZPL 2.1',
+ packages=find_packages(exclude=['ez_setup']),
+ namespace_packages=['Products'],
+ include_package_data=True,
+ zip_safe=False,
+ install_requires=[
+ 'setuptools',
+ ],
+ )
More information about the checkins
mailing list