Log message for revision 116161:
  hotfix for CVE 2010-3198 / bug #627988 on older Zopes

Changed:
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/
  A   
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/
  A   
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
  A   
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
  A   
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt
  A   Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py

-=-
Added: 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
===================================================================
--- 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
                               (rev 0)
+++ 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
       2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,2 @@
+def initialize(context):
+    import patch
\ No newline at end of file

Added: 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
===================================================================
--- 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
                          (rev 0)
+++ 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
  2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,37 @@
+import logging
+LOG = logging.getLogger('ZServerPublisher')
+
+def new_init(self, accept):
+    from ZPublisher import publish_module
+    try:
+        from ZPublisher.WSGIPublisher import publish_module as publish_wsgi
+        HAS_WSGI = True
+    except ImportError:
+        HAS_WSGI = False
+    while 1:
+        try:
+            name, a, b=accept()
+            if name == "Zope2":
+                try:
+                    publish_module(
+                        name,
+                        request=a,
+                        response=b)
+                finally:
+                    b._finish()
+                    a=b=None
+
+            elif HAS_WSGI and name == "Zope2WSGI":
+                try:
+                    res = publish_wsgi(a, b)
+                    for r in res:
+                        a['wsgi.output'].write(r)
+                finally:
+                    # TODO: Support keeping connections open.
+                    a['wsgi.output']._close = 1
+                    a['wsgi.output'].close()
+        except:
+            LOG.error('exception caught', exc_info=True)
+
+from ZServer.PubCore.ZServerPublisher import ZServerPublisher
+ZServerPublisher.__init__ = new_init

Added: 
Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py 
                        (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py 
2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,6 @@
+# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
+try:
+    __import__('pkg_resources').declare_namespace(__name__)
+except ImportError:
+    from pkgutil import extend_path
+    __path__ = extend_path(__path__, __name__)

Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt           
                (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt   
2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,14 @@
+Introduction
+============
+
+This Zope hotfix fixes `CVE 2010-3198`_.
+
+.. _`CVE 2010-3198`: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3198
+
+This hotfix is mainly intended for use with Zope < 2.10.  Users of
+Zope 2.10 and greater should instead update to the latest minor revision, which
+already includes this fix.
+
+.. WARNING:: Zope < 2.12 is no longer officially supported, and may have
+             other unpatched vulnerabilities. You are encouraged to upgrade to
+             a supported Zope 2.

Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt     
                        (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt     
2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,7 @@
+Changelog
+=========
+
+1.0 (2010-09-02)
+----------------
+
+- Initial release

Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py             
                (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py     
2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,29 @@
+from setuptools import setup, find_packages
+import os
+
+version = '1.0'
+
+setup(name='Products.Zope_Hotfix_CVE_2010_3198',
+      version=version,
+      description="Hotfix to fix CVE 2010-3198 for Zope < 2.10",
+      long_description=open("README.txt").read() + "\n" +
+                       open(os.path.join("docs", "HISTORY.txt")).read(),
+      classifiers=[
+        "Programming Language :: Python",
+        "Framework :: Zope2",
+        "License :: OSI Approved :: Zope Public License",
+        ],
+      keywords='security hotfix patch',
+      author='Zope Foundation and Contributors',
+      author_email='zope-...@zope.org',
+      
url='http://svn.zope.org/Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198',
+      license='ZPL 2.1',
+      packages=find_packages(exclude=['ez_setup']),
+      namespace_packages=['Products'],
+      include_package_data=True,
+      zip_safe=False,
+      install_requires=[
+          'setuptools',
+          # -*- Extra requirements: -*-
+      ],
+      )

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to