[Zope-Checkins] SVN: Zope/trunk/src/Products/Five/security.py - Zope 2 permissions should not be unicode

2009-07-19 Thread Yvo Schubbe
Log message for revision 101998: - Zope 2 permissions should not be unicode Changed: U Zope/trunk/src/Products/Five/security.py -=- Modified: Zope/trunk/src/Products/Five/security.py === ---

[Zope-Checkins] SVN: Zope/branches/2.12/src/Zope2/Startup/zopectl.py - added potential entry point

2009-07-19 Thread Yvo Schubbe
Log message for revision 102008: - added potential entry point Changed: U Zope/branches/2.12/src/Zope2/Startup/zopectl.py -=- Modified: Zope/branches/2.12/src/Zope2/Startup/zopectl.py === ---

[Zope-Checkins] SVN: Zope/trunk/src/Zope2/Startup/zopectl.py - added potential entry point

2009-07-19 Thread Yvo Schubbe
Log message for revision 102009: - added potential entry point Changed: U Zope/trunk/src/Zope2/Startup/zopectl.py -=- Modified: Zope/trunk/src/Zope2/Startup/zopectl.py === --- Zope/trunk/src/Zope2/Startup/zopectl.py

[Zope-Checkins] SVN: Zope/branches/2.12/ - LP #399633: fixed interpreter paths

2009-07-19 Thread Andreas Jung
Log message for revision 102010: - LP #399633: fixed interpreter paths Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/src/ZPublisher/tests/generate_conflicts.py U Zope/branches/2.12/src/Zope2/utilities/check_catalog.py U

[Zope-Checkins] SVN: Zope/trunk/ - LP #399633: fixed interpreter paths

2009-07-19 Thread Andreas Jung
Log message for revision 102011: - LP #399633: fixed interpreter paths Changed: U Zope/trunk/doc/CHANGES.rst U Zope/trunk/src/ZPublisher/tests/generate_conflicts.py U Zope/trunk/src/Zope2/utilities/check_catalog.py U Zope/trunk/src/Zope2/utilities/compilezpy.py U

[Zope-dev] Zope Tests: 3 OK, 5 Failed

2009-07-19 Thread Zope Tests Summarizer
Summary of messages to the zope-tests list. Period Sat Jul 18 12:00:00 2009 UTC to Sun Jul 19 12:00:00 2009 UTC. There were 8 messages: 8 from Zope Tests. Test failures - Subject: FAILED (failures=1) : Zope-2.12 Python-2.6.2 : Linux From: Zope Tests Date: Sat Jul 18 20:50:01 EDT

Re: [Zope-dev] Broken authentication with zope.app.component 3.4.1 BBB code

2009-07-19 Thread Jim Fulton
On Wed, Jul 15, 2009 at 4:08 PM, Marius Gedminasmar...@gedmin.as wrote: ... This is a pretty serious issue, so I'd appreciate some review from people who know about local component registries.  The fix is here:  http://svn.zope.org/zope.app.component/?rev=101931view=rev Thanks for digging

Re: [Zope-dev] Broken authentication with zope.app.component 3.4.1 BBB code

2009-07-19 Thread Marius Gedminas
On Sun, Jul 19, 2009 at 11:55:45AM -0400, Jim Fulton wrote: On Wed, Jul 15, 2009 at 4:08 PM, Marius Gedminasmar...@gedmin.as wrote: ... This is a pretty serious issue, so I'd appreciate some review from people who know about local component registries.  The fix is here:  

Re: [Zope-dev] Broken authentication with zope.app.component 3.4.1 BBB code

2009-07-19 Thread Jim Fulton
On Sun, Jul 19, 2009 at 4:25 PM, Marius Gedminasmar...@gedmin.as wrote: On Sun, Jul 19, 2009 at 11:55:45AM -0400, Jim Fulton wrote: ... You should use a generation to fix the problem rather hacking __setstate__.  The hard part of this is figuring out where to put the generation. I wonder where

[Zope] ZSyncer-0.71 problems

2009-07-19 Thread Dennis Allison
Zope 2.11, Python 2.4 The authentication issue has been resolved. Our Zopes run with Pound as a reverse proxy front-end. Current versions of Pound demand conformity to the http protocol which ZSyncer violates. The error returned was interpreted incorrectly as an Authentication Error.

[Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread TsungWei Hu
I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a security notice as follows. Is it sufficient to fix this just installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/ = Name = Zope HTTP Request Denial of Service Vulnerability = Description = A

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Chris McDonough
I have no idea who Foundstone Labs is, nor if the denial of service vulnerability they're talking about is indeed the one fixed by http://www.zope.org/advisories/advisory-2008-08-12/ but: a) if it is, if you read it closely, you'll note that it's for Zope instances where untrusted users have

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Chris McDonough
I just sent the below via http://www.foundstone.com/us/contact-form.aspx . I'd suggest that others do the same; this company is totally wrong about this conclusion... You recently issued a security warning to the effect: = Name = Zope HTTP Request Denial of Service Vulnerability =

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Ricardo Newbery
It might be premature to blame this on Foundstone. I can't seem to find this security advisory online at all. No advisory id was included nor any reference at all and the recommendation doesn't look at all like what usually comes from a legit advisory. I smeil a fake. Ric On Jul 19,

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Chris McDonough
This may be true. However, I notice that whomever makes the Foundstone website can't spell either (Costumer for Customer in the How you found out about us dropdown). ;-) So... guilty till proven innocent as far as I'm concerned. - C On 7/19/09 11:45 PM, Ricardo Newbery wrote: It might be

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Andreas Jung
On 20.07.09 04:06, TsungWei Hu wrote: I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a security notice as follows. Is it sufficient to fix this just installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/ Although the Zope development environment is

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Andrew Milton
+---[ Chris McDonough ]-- | This may be true. However, I notice that whomever makes the Foundstone website | can't spell either (Costumer for Customer in the How you found out about | us dropdown). ;-) So... guilty till proven innocent as far as I'm concerned. Don't

Re: [Zope] ZSyncer-0.71 problems

2009-07-19 Thread Dieter Maurer
Dennis Allison wrote at 2009-7-19 17:03 -0700: Zope 2.11, Python 2.4 ... # EOFError # # Traceback (most recent call last): ... dest_base_info, dest_sub_info = self._getRemoteList(remote, path) File /opt/zope/zinstances/xxx/Products/ZSyncer/ZSyncer.py, line 1211, in _getRemoteList return