[Zope-Annce] Security Hotfix 20110622 released
Last week, the Zope and Plone security teams announced the discovery of a serious security issue affecting all recent versions of Zope and Plone, as well as the planned release of a Hotfix to address this issue to be made today, June 28th at 1500 UTC. The Plone and Zope security teams are announcing that this security hotfix is now available for download. For full instructions on how to get and install the Hotfix, go here: http://plone.org/products/plone-hotfix/releases/20110622 To find out more about the details of the issue, answers to common questions and which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 Assistance in installing this hotfix is available free of charge via IRC in #plone-tuneup. If you don't have in-house server administrators or a service agreement supporting your website, you can find consultancy companies under the providers section of Plone.org - http://plone.org/support/network On behalf of the Zope and Plone security teams, Laurence ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Checkins] SVN: Zope/branches/2.12/ Prepare Zope2 2.12.19.
Log message for revision 122019: Prepare Zope2 2.12.19. Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/setup.py U Zope/branches/2.12/src/Products/Five/configure.zcml A Zope/branches/2.12/src/Products/Five/traversing.py U Zope/branches/2.12/src/Products/Five/traversing.zcml U Zope/branches/2.12/versions.cfg -=- Modified: Zope/branches/2.12/doc/CHANGES.rst === --- Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 15:01:07 UTC (rev 122019) @@ -5,12 +5,14 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.12.19 (unreleased) +2.12.19 (2011-06-28) Bugs Fixed ++ +- Fixed a serious privilege escalation issue. For more information see: + http://plone.org/products/plone/security/advisories/20110622 Features Modified: Zope/branches/2.12/setup.py === --- Zope/branches/2.12/setup.py 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/setup.py 2011-06-28 15:01:07 UTC (rev 122019) @@ -16,7 +16,7 @@ from setuptools import setup, find_packages, Extension setup(name='Zope2', -version='2.12.19dev', +version='2.12.19', url='http://www.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.12/src/Products/Five/configure.zcml === --- Zope/branches/2.12/src/Products/Five/configure.zcml 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/src/Products/Five/configure.zcml 2011-06-28 15:01:07 UTC (rev 122019) @@ -1,6 +1,9 @@ configure xmlns=http://namespaces.zope.org/zope; xmlns:five=http://namespaces.zope.org/five; + !-- Disable unsupported Zope Toolkit functionality -- + exclude package=zope.traversing / + include file=meta.zcml / include file=permissions.zcml / include file=i18n.zcml / Added: Zope/branches/2.12/src/Products/Five/traversing.py === --- Zope/branches/2.12/src/Products/Five/traversing.py (rev 0) +++ Zope/branches/2.12/src/Products/Five/traversing.py 2011-06-28 15:01:07 UTC (rev 122019) @@ -0,0 +1,14 @@ +from zExceptions import Forbidden +from zope.interface.interface import InterfaceClass +from zope.traversing import namespace + + +class resource(namespace.view): + +def traverse(self, name, ignored): +# The context is important here, since it becomes the parent of the +# resource, which is needed to generate the absolute URL. +res = namespace.getResource(self.context, name, self.request) +if isinstance(res, InterfaceClass): +raise Forbidden('Access to traverser is forbidden.') +return res Property changes on: Zope/branches/2.12/src/Products/Five/traversing.py ___ Added: svn:eol-style + native Modified: Zope/branches/2.12/src/Products/Five/traversing.zcml === --- Zope/branches/2.12/src/Products/Five/traversing.zcml2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/src/Products/Five/traversing.zcml2011-06-28 15:01:07 UTC (rev 122019) @@ -1,7 +1,61 @@ -configure xmlns=http://namespaces.zope.org/zope; - xmlns:five=http://namespaces.zope.org/five; +configure xmlns=http://namespaces.zope.org/zope; !-- define default namespace adapters, etc. -- - include package=zope.traversing / + adapter + for=* + factory=zope.traversing.adapters.Traverser + provides=zope.location.interfaces.ITraverser / + adapter + for=* + factory=zope.traversing.adapters.DefaultTraversable + provides=zope.traversing.interfaces.ITraversable / + + adapter + name=etc + for=* + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + adapter + name=etc + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + + adapter + name=adapter + for=* + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.adapter + / + adapter + name=adapter + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.adapter + / + + adapter + name=skin + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.skin + / + + adapter + name=resource + for=*
[Zope-Checkins] SVN: Zope/tags/2.12.19/ Tagged Zope2 2.12.19.
Log message for revision 122020: Tagged Zope2 2.12.19. Changed: A Zope/tags/2.12.19/ -=- ___ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/branches/2.13/ Prepare Zope2 2.13.8.
Log message for revision 122021: Prepare Zope2 2.13.8. Changed: U Zope/branches/2.13/doc/CHANGES.rst U Zope/branches/2.13/setup.py U Zope/branches/2.13/src/Zope2/App/configure.zcml U Zope/branches/2.13/src/Zope2/App/exclude.zcml A Zope/branches/2.13/src/Zope2/App/traversing.py A Zope/branches/2.13/src/Zope2/App/traversing.zcml U Zope/branches/2.13/versions.cfg -=- Modified: Zope/branches/2.13/doc/CHANGES.rst === --- Zope/branches/2.13/doc/CHANGES.rst 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/doc/CHANGES.rst 2011-06-28 15:01:43 UTC (rev 122021) @@ -5,12 +5,15 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.13.8 (unreleased) +2.13.8 (2011-06-28) --- Bugs Fixed ++ +- Fixed a serious privilege escalation issue. For more information see: + http://plone.org/products/plone/security/advisories/20110622 + - Ensure __name__ is not None as well as __name__ existing. For example, object could be a widget within a z3c.form MultiWidget, which do not have __name__ set. Modified: Zope/branches/2.13/setup.py === --- Zope/branches/2.13/setup.py 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/setup.py 2011-06-28 15:01:43 UTC (rev 122021) @@ -23,7 +23,7 @@ setup(name='Zope2', -version='2.13.8dev', +version='2.13.8', url='http://zope2.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.13/src/Zope2/App/configure.zcml === --- Zope/branches/2.13/src/Zope2/App/configure.zcml 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/src/Zope2/App/configure.zcml 2011-06-28 15:01:43 UTC (rev 122021) @@ -5,7 +5,7 @@ include file=meta.zcml / include package=AccessControl file=permissions.zcml / - include package=zope.traversing / + include file=traversing.zcml / include package=OFS / include package=ZPublisher / Modified: Zope/branches/2.13/src/Zope2/App/exclude.zcml === --- Zope/branches/2.13/src/Zope2/App/exclude.zcml 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/src/Zope2/App/exclude.zcml 2011-06-28 15:01:43 UTC (rev 122021) @@ -4,6 +4,7 @@ exclude package=zope.browsermenu file=meta.zcml / exclude package=zope.browserresource file=meta.zcml / exclude package=zope.publisher file=meta.zcml / + exclude package=zope.traversing / exclude package=zope.viewlet file=meta.zcml / /configure Added: Zope/branches/2.13/src/Zope2/App/traversing.py === --- Zope/branches/2.13/src/Zope2/App/traversing.py (rev 0) +++ Zope/branches/2.13/src/Zope2/App/traversing.py 2011-06-28 15:01:43 UTC (rev 122021) @@ -0,0 +1,14 @@ +from zExceptions import Forbidden +from zope.interface.interface import InterfaceClass +from zope.traversing import namespace + + +class resource(namespace.view): + +def traverse(self, name, ignored): +# The context is important here, since it becomes the parent of the +# resource, which is needed to generate the absolute URL. +res = namespace.getResource(self.context, name, self.request) +if isinstance(res, InterfaceClass): +raise Forbidden('Access to traverser is forbidden.') +return res Property changes on: Zope/branches/2.13/src/Zope2/App/traversing.py ___ Added: svn:eol-style + native Added: Zope/branches/2.13/src/Zope2/App/traversing.zcml === --- Zope/branches/2.13/src/Zope2/App/traversing.zcml (rev 0) +++ Zope/branches/2.13/src/Zope2/App/traversing.zcml2011-06-28 15:01:43 UTC (rev 122021) @@ -0,0 +1,61 @@ +configure xmlns=http://namespaces.zope.org/zope; + + !-- define default namespace adapters, etc. -- + adapter + for=* + factory=zope.traversing.adapters.Traverser + provides=zope.traversing.interfaces.ITraverser / + + adapter + for=* + factory=zope.traversing.adapters.DefaultTraversable + provides=zope.traversing.interfaces.ITraversable / + + adapter + name=etc + for=* + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + adapter + name=etc + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + + adapter + name=adapter + for=* + provides=zope.traversing.interfaces.ITraversable +
[Zope-Checkins] SVN: Zope/tags/2.13.8/ Tagged Zope2 2.13.8.
Log message for revision 122023: Tagged Zope2 2.13.8. Changed: A Zope/tags/2.13.8/ -=- ___ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/trunk/src/Zope2/App/ Merge security fix from 2.13 branch
Log message for revision 122024: Merge security fix from 2.13 branch Changed: U Zope/trunk/src/Zope2/App/configure.zcml U Zope/trunk/src/Zope2/App/exclude.zcml A Zope/trunk/src/Zope2/App/traversing.py A Zope/trunk/src/Zope2/App/traversing.zcml -=- Modified: Zope/trunk/src/Zope2/App/configure.zcml === --- Zope/trunk/src/Zope2/App/configure.zcml 2011-06-28 15:01:56 UTC (rev 122023) +++ Zope/trunk/src/Zope2/App/configure.zcml 2011-06-28 15:02:22 UTC (rev 122024) @@ -5,7 +5,7 @@ include file=meta.zcml / include package=AccessControl file=permissions.zcml / - include package=zope.traversing / + include file=traversing.zcml / include package=OFS / include package=ZPublisher / Modified: Zope/trunk/src/Zope2/App/exclude.zcml === --- Zope/trunk/src/Zope2/App/exclude.zcml 2011-06-28 15:01:56 UTC (rev 122023) +++ Zope/trunk/src/Zope2/App/exclude.zcml 2011-06-28 15:02:22 UTC (rev 122024) @@ -3,6 +3,7 @@ exclude package=zope.browserpage file=meta.zcml / exclude package=zope.browsermenu file=meta.zcml / exclude package=zope.browserresource file=meta.zcml / + exclude package=zope.traversing / exclude package=zope.publisher file=meta.zcml / exclude package=zope.viewlet file=meta.zcml / Added: Zope/trunk/src/Zope2/App/traversing.py === --- Zope/trunk/src/Zope2/App/traversing.py (rev 0) +++ Zope/trunk/src/Zope2/App/traversing.py 2011-06-28 15:02:22 UTC (rev 122024) @@ -0,0 +1,14 @@ +from zExceptions import Forbidden +from zope.interface.interface import InterfaceClass +from zope.traversing import namespace + + +class resource(namespace.view): + +def traverse(self, name, ignored): +# The context is important here, since it becomes the parent of the +# resource, which is needed to generate the absolute URL. +res = namespace.getResource(self.context, name, self.request) +if isinstance(res, InterfaceClass): +raise Forbidden('Access to traverser is forbidden.') +return res Property changes on: Zope/trunk/src/Zope2/App/traversing.py ___ Added: svn:eol-style + native Added: Zope/trunk/src/Zope2/App/traversing.zcml === --- Zope/trunk/src/Zope2/App/traversing.zcml(rev 0) +++ Zope/trunk/src/Zope2/App/traversing.zcml2011-06-28 15:02:22 UTC (rev 122024) @@ -0,0 +1,61 @@ +configure xmlns=http://namespaces.zope.org/zope; + + !-- define default namespace adapters, etc. -- + adapter + for=* + factory=zope.traversing.adapters.Traverser + provides=zope.traversing.interfaces.ITraverser / + + adapter + for=* + factory=zope.traversing.adapters.DefaultTraversable + provides=zope.traversing.interfaces.ITraversable / + + adapter + name=etc + for=* + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + adapter + name=etc + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.etc + / + + adapter + name=adapter + for=* + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.adapter + / + adapter + name=adapter + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.adapter + / + + adapter + name=skin + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.skin + / + + adapter + name=resource + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=Zope2.App.traversing.resource + / + + adapter + name=view + for=* zope.publisher.interfaces.IRequest + provides=zope.traversing.interfaces.ITraversable + factory=zope.traversing.namespace.view + / + +/configure Property changes on: Zope/trunk/src/Zope2/App/traversing.zcml ___ Added: svn:eol-style + native ___ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/branches/2.12/ vb
Log message for revision 122025: vb Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/setup.py U Zope/branches/2.12/versions.cfg -=- Modified: Zope/branches/2.12/doc/CHANGES.rst === --- Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 15:02:22 UTC (rev 122024) +++ Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 15:02:58 UTC (rev 122025) @@ -5,6 +5,10 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. +2.12.20 (unreleased) + + + 2.12.19 (2011-06-28) Modified: Zope/branches/2.12/setup.py === --- Zope/branches/2.12/setup.py 2011-06-28 15:02:22 UTC (rev 122024) +++ Zope/branches/2.12/setup.py 2011-06-28 15:02:58 UTC (rev 122025) @@ -16,7 +16,7 @@ from setuptools import setup, find_packages, Extension setup(name='Zope2', -version='2.12.19', +version='2.12.20dev', url='http://www.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.12/versions.cfg === --- Zope/branches/2.12/versions.cfg 2011-06-28 15:02:22 UTC (rev 122024) +++ Zope/branches/2.12/versions.cfg 2011-06-28 15:02:58 UTC (rev 122025) @@ -2,7 +2,7 @@ versions = versions [versions] -Zope2 = 2.12.19 +Zope2 = Acquisition = 2.13.8 buildout.dumppickedversions = 0.4 ClientForm = 0.2.10 ___ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-dev] Security announcement update
This is an update on today's security hotfix release. The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 For installation instructions, please see: http://plone.org/products/plone-hotfix/releases/20110622 On behalf of the Zope and Plone security teams, Laurence ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zope-tests - OK: 85, UNKNOWN: 1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [1]UNKNOWN UNKNOWN : Zope Buildbot / zope2.13_win-py2.6 slave-win https://mail.zope.org/pipermail/zope-tests/2011-June/044329.html exceptions.WindowsError: [Error 145] The directory is not empty: 'C:\\Users\\richard\\Desktop\\buildslave\\zope2.13_win-py2.6_slave-win\\build\\src\\Products\\Sessions\\.svn' ] - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4Jyj4ACgkQ+gerLs4ltQ4f8gCeNV/G2LmcHJ4ikhu/j6hP7vsF hNYAoLSVtJJNXhwxP2p+hyIn6R79USJV =TOMj -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security announcement update
(Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Regards, Sascha ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Security announcement update
On Tue, Jun 28, 2011 at 15:30, Sascha Welter zopel...@betabug.ch wrote: It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Indeed, Zope 2.9 is not affected, with or without the previous hotfix. -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Security announcement update
On Tue, Jun 28, 2011 at 15:40, Norbert Marrale norbertmarr...@yahoo.com wrote: Why must PluggableAuthService (+ its dependencies) even be installed? It is a dependency of Plone itself. -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Security announcement update
On 28 June 2011 14:40, Norbert Marrale norbertmarr...@yahoo.com wrote: This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even be installed? The Plone Hotfix for CVE-2011-0720 included patches to PluggableAuthService. If you use PluggableAuthService outside of Plone then you need to update to a release that includes that fix. If you don't run PluggableAuthService it is not required to install it. Laurence ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] versions on zope.org and launchpad.net
hi all, there is a different version set on zope.org and launchpad. on http://www.zope.org/Products/Zope/swpackage_releases there are zope 2.8.12, 2.9.12, 2.10.13 and 2.11.8 available, where on launchpad they are not. IMO it would be better to move all versions up to launchpad and drop the download section on zope.org (and zope.org will be soon relaunched anyways). cheers, johannes raggam ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] versions on zope.org and launchpad.net
On 28/06/2011 18:28, Johannes Raggam wrote: on http://www.zope.org/Products/Zope/swpackage_releases there are zope 2.8.12, 2.9.12, 2.10.13 and 2.11.8 available, where on launchpad they are not. Not to mention that http://www.zope.org/Products/ is out of date and lists Zope 2.11.4 as the latest 2.11 release, for example... IMO it would be better to move all versions up to launchpad and drop the download section on zope.org (and zope.org will be soon relaunched anyways). Yeah yeah, we'll see ;-) Chris -- Simplistix - Content Management, Batch Processing Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] versions on zope.org and launchpad.net
On Tue, 2011-06-28 at 18:17 -0400, Tres Seaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/28/2011 01:28 PM, Johannes Raggam wrote: there is a different version set on zope.org and launchpad. on http://www.zope.org/Products/Zope/swpackage_releases there are zope 2.8.12, 2.9.12, 2.10.13 and 2.11.8 available, where on launchpad they are not. [...] - PyPI is the canonical download location for the current releases: launchpad should just be pointing there. thats the case since Zope 2.12. older releases aren't there. i think that launchpad should have all releases available, which are listed on zope.org. hannes, Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4KUxUACgkQ+gerLs4ltQ5YEACgzzpRkzcDHWUNZgqcXL1Z6uWy b/0AoJp3yhIooYsjXq7ajwiqggz8wtoZ =j2FU -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] zope-tests - OK: 102, UNKNOWN: 1
This is the summary for test reports received on the zope-tests list between 2011-06-27 00:00:00 UTC and 2011-06-28 00:00:00 UTC: See the footnotes for test reports of unsuccessful builds. An up-to date view of the builders is also available in our buildbot documentation: http://docs.zope.org/zopetoolkit/process/buildbots.html#the-nightly-builds Reports received Bluebream / Python2.4.6 64bit linux Bluebream / Python2.5.5 64bit linux Bluebream / Python2.6.5 64bit linux [1]UNKNOWN : Zope Buildbot / zope2.13_win-py2.6 slave-win ZTK 1.0 / Python2.4.6 Linux 64bit ZTK 1.0 / Python2.5.5 Linux 64bit ZTK 1.0 / Python2.6.5 Linux 64bit ZTK 1.0dev / Python2.4.6 Linux 64bit ZTK 1.0dev / Python2.5.5 Linux 64bit ZTK 1.0dev / Python2.6.5 Linux 64bit Zope 3.4 KGS / Python2.4.6 64bit linux Zope 3.4 KGS / Python2.5.5 64bit linux Zope 3.4 Known Good Set / py2.4-32bit-linux Zope 3.4 Known Good Set / py2.4-64bit-linux Zope 3.4 Known Good Set / py2.5-32bit-linux Zope 3.4 Known Good Set / py2.5-64bit-linux Zope Buildbot / zope2.12-py2.6 slave-osx Zope Buildbot / zope2.12-py2.6 slave-osx Zope Buildbot / zope2.12-py2.6 slave-ubuntu32 Zope Buildbot / zope2.12-py2.6 slave-ubuntu32 Zope Buildbot / zope2.12-py2.6 slave-ubuntu64 Zope Buildbot / zope2.12-py2.6 slave-ubuntu64 Zope Buildbot / zope2.13-py2.6 slave-osx Zope Buildbot / zope2.13-py2.6 slave-osx Zope Buildbot / zope2.13-py2.6 slave-ubuntu32 Zope Buildbot / zope2.13-py2.6 slave-ubuntu32 Zope Buildbot / zope2.13-py2.6 slave-ubuntu64 Zope Buildbot / zope2.13-py2.6 slave-ubuntu64 Zope Buildbot / zope2.13-py2.7 slave-osx Zope Buildbot / zope2.13-py2.7 slave-osx Zope Buildbot / zope2.13-py2.7 slave-ubuntu32 Zope Buildbot / zope2.13-py2.7 slave-ubuntu32 Zope Buildbot / zope2.13-py2.7 slave-ubuntu64 Zope Buildbot / zope2.13-py2.7 slave-ubuntu64 Zope Buildbot / zope2.13_win-py2.6 slave-win Zope Buildbot / zope2.13_win-py2.7 slave-win Zope Buildbot / zope2.13_win-py2.7 slave-win Zope Buildbot / zope2.14-py2.6 slave-osx Zope Buildbot / zope2.14-py2.6 slave-osx Zope Buildbot / zope2.14-py2.6 slave-ubuntu32 Zope Buildbot / zope2.14-py2.6 slave-ubuntu32 Zope Buildbot / zope2.14-py2.6 slave-ubuntu64 Zope Buildbot / zope2.14-py2.6 slave-ubuntu64 Zope Buildbot / zope2.14-py2.7 slave-osx Zope Buildbot / zope2.14-py2.7 slave-osx Zope Buildbot / zope2.14-py2.7 slave-ubuntu32 Zope Buildbot / zope2.14-py2.7 slave-ubuntu32 Zope Buildbot / zope2.14-py2.7 slave-ubuntu64 Zope Buildbot / zope2.14-py2.7 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.0-py2.4 slave-osx Zope Buildbot / zopetoolkit-1.0-py2.4 slave-ubuntu32 Zope Buildbot / zopetoolkit-1.0-py2.4 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.0-py2.5 slave-osx Zope Buildbot / zopetoolkit-1.0-py2.5 slave-ubuntu32 Zope Buildbot / zopetoolkit-1.0-py2.5 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.0-py2.6 slave-osx Zope Buildbot / zopetoolkit-1.0-py2.6 slave-ubuntu32 Zope Buildbot / zopetoolkit-1.0-py2.6 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.0_win-py2.4 slave-win Zope Buildbot / zopetoolkit-1.0_win-py2.5 slave-win Zope Buildbot / zopetoolkit-1.0_win-py2.6 slave-win Zope Buildbot / zopetoolkit-1.1-py2.5 slave-osx Zope Buildbot / zopetoolkit-1.1-py2.5 slave-ubuntu32 Zope Buildbot / zopetoolkit-1.1-py2.5 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.1-py2.6 slave-osx Zope Buildbot / zopetoolkit-1.1-py2.6 slave-ubuntu32 Zope Buildbot / zopetoolkit-1.1-py2.6 slave-ubuntu64 Zope Buildbot / zopetoolkit-1.1_win-py2.5 slave-win Zope Buildbot / zopetoolkit-1.1_win-py2.6 slave-win Zope Buildbot / zopetoolkit-py2.5 slave-osx Zope Buildbot / zopetoolkit-py2.5 slave-ubuntu32 Zope Buildbot / zopetoolkit-py2.5 slave-ubuntu64 Zope Buildbot / zopetoolkit-py2.6 slave-osx Zope Buildbot / zopetoolkit-py2.6 slave-ubuntu32 Zope Buildbot / zopetoolkit-py2.6 slave-ubuntu64 Zope Buildbot / zopetoolkit_win-py2.5 slave-win Zope Buildbot / zopetoolkit_win-py2.6 slave-win Zope-2.10 Python-2.4.6 : Linux Zope-2.11 Python-2.4.6 : Linux Zope-2.12 Python-2.6.6 : Linux Zope-2.12-alltests Python-2.6.6 : Linux Zope-2.13 Python-2.6.6 : Linux Zope-2.13-alltests Python-2.6.6 : Linux Zope-trunk Python-2.6.6 : Linux Zope-trunk-alltests Python-2.6.6 : Linux winbot / ZODB_dev py_254_win32 winbot / ZODB_dev py_265_win32 winbot / ZODB_dev py_265_win64 winbot / ZODB_dev py_270_win32 winbot / ZODB_dev py_270_win64 winbot / ztk_10 py_254_win32
Re: [Zope] Retrieving an image from MySQL
Hi Jibin, You are now trying to put an image file (the actual image data) into the src attribute of your img tag. I think the src attribute should contain the url pointing to your StockChartManagePreview_Handler script. This is, assuming that your script does correctly return the image file. Bart Op 28-06-11 05:56, Jibin K.J schreef: I have an image stored in MSQL.(Don't tell me its not proper do that,I know already).Anyways I need to display it in DTML. StockChartManagePreview (DTML) dtml-var standard_html_header img src=StockChartManagePreview_Handler dtml-var standard_html_footer StockChartManagePreview_Handler (python script) request = container.REQUEST response = request.RESPONSE photo = context.StockChartManage_getImage(ID = ) context.REQUEST.RESPONSE.setHeader('content-type','image/jpeg') return photo[0].image.read() #I already tried - return photo[0].image #it gives an error image cannot be displayed because it contains errors StockChartManage_getImage (Z SQL Method) SELECT image FROM `imagebase` WHERE imageID =dtml-sqlvar ID type=string Now my problem is that Zope asks for a login every time I view the DTML (StockChartManagePreview ) Please Help. ref : https://mail.zope.org/pipermail/zope-db/2004-July/003336.html http://www.zope.org/Members/murphy/MySQL-BLOBs http://www.gossamer-threads.com/lists/zope/db/168437 ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Security announcement update
This is an update on today's security hotfix release. The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 For installation instructions, please see: http://plone.org/products/plone-hotfix/releases/20110622 On behalf of the Zope and Plone security teams, Laurence ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
(Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Regards, Sascha ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On Tue, Jun 28, 2011 at 15:30, Sascha Welter zopel...@betabug.ch wrote: It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Indeed, Zope 2.9 is not affected, with or without the previous hotfix. -- Martijn Pieters ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even be installed? -N On 6/28/2011 3:30 PM, Sascha Welter wrote: (Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Regards, Sascha ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On Tue, Jun 28, 2011 at 15:40, Norbert Marrale norbertmarr...@yahoo.com wrote: Why must PluggableAuthService (+ its dependencies) even be installed? It is a dependency of Plone itself. -- Martijn Pieters ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On 28 June 2011 14:40, Norbert Marrale norbertmarr...@yahoo.com wrote: This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even be installed? The Plone Hotfix for CVE-2011-0720 included patches to PluggableAuthService. If you use PluggableAuthService outside of Plone then you need to update to a release that includes that fix. If you don't run PluggableAuthService it is not required to install it. Laurence ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Retrieving an image from MySQL
Whoeps, I misread your post. You are doing exactly what I adviced. You can ignore my previous reply. Sorry. Bart PS. thanks Peter for informing me. Op 28-06-11 13:28, Bart Jansen schreef: Hi Jibin, You are now trying to put an image file (the actual image data) into the src attribute of yourimg tag. I think the src attribute should contain the url pointing to your StockChartManagePreview_Handler script. This is, assuming that your script does correctly return the image file. Bart Op 28-06-11 05:56, Jibin K.J schreef: I have an image stored in MSQL.(Don't tell me its not proper do that,I know already).Anyways I need to display it in DTML. StockChartManagePreview (DTML) dtml-var standard_html_header img src=StockChartManagePreview_Handler dtml-var standard_html_footer StockChartManagePreview_Handler (python script) request = container.REQUEST response = request.RESPONSE photo = context.StockChartManage_getImage(ID = ) context.REQUEST.RESPONSE.setHeader('content-type','image/jpeg') return photo[0].image.read() #I already tried - return photo[0].image #it gives an error image cannot be displayed because it contains errors StockChartManage_getImage (Z SQL Method) SELECT image FROM `imagebase` WHERE imageID =dtml-sqlvar ID type=string Now my problem is that Zope asks for a login every time I view the DTML (StockChartManagePreview ) Please Help. ref : https://mail.zope.org/pipermail/zope-db/2004-July/003336.html http://www.zope.org/Members/murphy/MySQL-BLOBs http://www.gossamer-threads.com/lists/zope/db/168437 ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Security Hotfix 20110622 released
Last week, the Zope and Plone security teams announced the discovery of a serious security issue affecting all recent versions of Zope and Plone, as well as the planned release of a Hotfix to address this issue to be made today, June 28th at 1500 UTC. The Plone and Zope security teams are announcing that this security hotfix is now available for download. For full instructions on how to get and install the Hotfix, go here: http://plone.org/products/plone-hotfix/releases/20110622 To find out more about the details of the issue, answers to common questions and which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 Assistance in installing this hotfix is available free of charge via IRC in #plone-tuneup. If you don't have in-house server administrators or a service agreement supporting your website, you can find consultancy companies under the providers section of Plone.org - http://plone.org/support/network On behalf of the Zope and Plone security teams, Laurence ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-CMF] cmf-tests - OK: 4
This is the summary for test reports received on the cmf-tests list between 2011-06-27 00:00:00 UTC and 2011-06-28 00:00:00 UTC: See the footnotes for test reports of unsuccessful builds. An up-to date view of the builders is also available in our buildbot documentation: http://docs.zope.org/zopetoolkit/process/buildbots.html#the-nightly-builds Reports received CMF-2.2 Zope-2.12 Python-2.6.6 : Linux CMF-2.2 Zope-2.13 Python-2.6.6 : Linux CMF-trunk Zope-2.13 Python-2.6.6 : Linux CMF-trunk Zope-trunk Python-2.6.6 : Linux Non-OK results -- ___ Zope-CMF maillist - Zope-CMF@zope.org https://mail.zope.org/mailman/listinfo/zope-cmf See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests