Log message for revision 123148: Add hotfix for vulnerability reported today.
Changed: A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/ A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/ A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt A Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py -=- Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt =================================================================== --- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt (rev 0) +++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/CHANGES.txt 2011-10-24 21:46:18 UTC (rev 123148) @@ -0,0 +1,8 @@ +'Products.Zope_Hotfix_20111024' Changelog +========================================= + + +1.0 (2011-10-24) +---------------- + +- Initial release. Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py =================================================================== --- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py (rev 0) +++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/Zope_Hotfix_20111024/__init__.py 2011-10-24 21:46:18 UTC (rev 123148) @@ -0,0 +1,4 @@ +def initialize(context): + from AccessControl.User import BasicUserFolder + from App.class_init import InitializeClass + InitializeClass(BasicUserFolder) Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py =================================================================== --- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py (rev 0) +++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/Products/__init__.py 2011-10-24 21:46:18 UTC (rev 123148) @@ -0,0 +1,6 @@ +# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages +try: + __import__('pkg_resources').declare_namespace(__name__) +except ImportError: + from pkgutil import extend_path + __path__ = extend_path(__path__, __name__) Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt =================================================================== --- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt (rev 0) +++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/README.txt 2011-10-24 21:46:18 UTC (rev 123148) @@ -0,0 +1,78 @@ +'Products.Zope_Hotfix_20111024' README +====================================== + +Overview +-------- + +This hotfix addresses a serious vulnerability in the Zope2 application +server. Affected versions of Zope2 include: + +- 2.12.x <= 2.12.20 + +- 2.13.x <= 2.13.6 + +Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. + +The Zope2 security response team recommends that all users of these +releases upgrade to an unaffected release (2.12.21 or 2.13.11) as soon as +they become available. + +Until that upgrade is feasible, deploying this hotfix also mitigates the +vulnerability. + + +Installing the Hotfix: Via 'easy_install' +------------------------------------------- + +If the Python which runs your Zope instance has 'setuptools' installed (or +is a 'virtualenv'), you can install the hotfix directly from PyPI:: + + $ /prefix/bin/easy_install Products.Zope_Hotfix_20111024 + +and then restart the Zope instance, e.g.: + + $ /path/to/instance/bin/zopectl restart + + +Installing the Hotfix: Via 'zc.buildout' +----------------------------------------- + +If your Zope instance is managed via 'zc.buildout', you can install +the hotfix directly from PyPI. Edit the 'buildout.cfg' file, adding +"Products.Zope_Hotfix_20111024" to the "eggs" section of the instance. +E.g.:: + + [instance] + recipe = plone.recipe.zope2instance + #... + eggs = + ${buildout:eggs} + Products.Zope_Hotfix_20111024 + +Next, re-run the buildout:: + + $ /path/to/buildout/bin/buildout + +and then restart the Zope instance, e.g.: + + $ /path/to/buildout/bin/instance restart + + +Installing the Hotfix: Manual Installation +------------------------------------------- + +You may also install this hotfix by unpacking the tarball and adding a +'products' key to the 'etc/zope.conf' of your instance. E.g.:: + + products /path/to/Products.Zope_Hotfix_20111024/Products + + +Verifying the Installation +-------------------------- + +After restarting the Zope instance, check the 'Control_Panel/Products' +folder in the Zope Management Interface, e.g.: + + http://localhost:8080/Control_Panel/Products/manage_main + +You should see the 'Zope_Hotfix_20111024' product folder there. Added: Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py =================================================================== --- Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py (rev 0) +++ Zope/hotfixes/Products.Zope_Hotfix_20111024/trunk/setup.py 2011-10-24 21:46:18 UTC (rev 123148) @@ -0,0 +1,27 @@ +from setuptools import setup, find_packages + +version = '1.0' + +setup(name='Products.Zope_Hotfix_20111024', + version=version, + description="Hotfix for Zope 2.12 + 2.13", + long_description=open("README.txt").read() + "\n" + + open("CHANGES.txt").read(), + classifiers=[ + "Programming Language :: Python", + "Framework :: Zope2", + "License :: OSI Approved :: Zope Public License", + ], + keywords='security hotfix patch', + author='Zope Foundation and Contributors', + author_email='zope-...@zope.org', + url='http://svn.zope.org/Zope/hotfixes/Products.Zope_Hotfix_20111024', + license='ZPL 2.1', + packages=find_packages(exclude=['ez_setup']), + namespace_packages=['Products'], + include_package_data=True, + zip_safe=False, + install_requires=[ + 'setuptools', + ], + ) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins