The trick is to do something like this which is what I did: $ cd /usr/lib/zope-2.7.5/lib/python/ $ wget http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert/Hotfix_2005-10-09.tar.gz $ tar -zxvf Hotfix_2005-10-09.tar.gz $ chmod -R 644 . $ chmod -R +X .
That's on a debian to. YMMV. 2005/10/13, John Schinnerer <[EMAIL PROTECTED]>: > Aloha, > > FWIW here's what I found while backing out the hotfix on my zope 2.7.5: > > The hotfix-installed files are set to an owner, group and perms that do > not work with an existing install (zope fails to start up > completely/correctly). I don't know if there are other problems also, > but that was the relevant issue for me. > > More importantly, and more annoyingly for trying to back out, the > owner, group and perms for the Products folder is altered to the same > dysfunctional settings! > > I use debian, so I simply tried to reinstall the zope2.7 debian package > to get the pre-hotfix files back. > First I got some explicit errors on the hotfix-installed files that > pointed me to the owner/group/perms problems with those. > > Then the debian package *appeared* to install, but zope still failed to > actually start once installed and configured. > > It took me a while to notice that the owner/group/perms on the Products > folder itself had been changed to the same settings, blocking > correct/complete reinstall of the original files. > > Unfortunately the package install didn't raise any errors on this. > > Once I fixed the messed-up perms on the Products folder and did the > install again, all was well. > > I put this info on the hotfix alert comments also. > > John S. > > --- John Schinnerer <[EMAIL PROTECTED]> wrote: > > > Aloha, > > > > I just applied the below hotfix as directed to a zope 2.7.5 > > installation on my development machine. > > > > It broke something bad, now the browser just says > > > > The connection was refused when attempting to contact localhost:9673 > > > > I cannot access the ZMI nor any site pages, not on localhost:9673 nor > > on 127.0.0.1:9673 > > > > That is the port it was installed and had been working on. > > I did nothing but install the hotfix as directed on the linked page > > below. > > > > I have completely restarted the machine. > > At boot time the messages indicate that zope started fine, as usual. > > > > Any help appreciated, the sooner the better. > > > > thanks, > > John S. > > > > --- Andreas Jung <[EMAIL PROTECTED]> wrote: > > > > > Hello, > > > > > > a security issue with the Docutils package coming with Zope 2.6 or > > > higher > > > has been discovered. Sites that expose reStructuredText > > functionality > > > to > > > untrusted users (typically portal sites allowing registered users > > to > > > edit > > > content) are possibly affected. > > > > > > Download location and installation are available from > > > > > > > > http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert > > > > > > The hotfix is supposed to work with any Zope 2.7 and 2.8 version. > > > It might work for Zope 2.6 and Python 2.1 but we can not give a > > > guarantee > > > since Zope 2.6 is no longer maintained. Plone sites do not seem to > > be > > > > > > affected (there seems to be some additional code on top of Zope's > > > reST implementation avoiding the failure) however this not a > > > guarantee. > > > The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the > > > hotfix. > > > > > > > > > Andreas Jung > > > > > > > _______________________________________________ > > > Zope-Announce maillist - Zope-Announce@zope.org > > > http://mail.zope.org/mailman/listinfo/zope-announce > > > > > > Zope-Announce for Announcements only - no discussions > > > > > > (Related lists - > > > Users: http://mail.zope.org/mailman/listinfo/zope > > > Developers: http://mail.zope.org/mailman/listinfo/zope-dev ) > > > > > > > > > > > > > __________________________________ > > Yahoo! Music Unlimited > > Access over 1 million songs. Try it free. > > http://music.yahoo.com/unlimited/ > > _______________________________________________ > > Zope maillist - Zope@zope.org > > http://mail.zope.org/mailman/listinfo/zope > > ** No cross posts or HTML encoding! ** > > (Related lists - > > http://mail.zope.org/mailman/listinfo/zope-announce > > http://mail.zope.org/mailman/listinfo/zope-dev ) > > > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )