r2545 - in zope2.12/trunk/debian/patches (1 file)

mejo at users.alioth.debian.org mejo at users.alioth.debian.org
Fri Oct 28 11:33:19 UTC 2011 

    Date: Friday, October 28, 2011 @ 11:33:18
  Author: mejo
Revision: 2545

update Zope2-fix_serious_authentication_vulnerability.patch

Modified:
  zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch

Modified: zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
===================================================================
--- zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-27 12:06:18 UTC (rev 2544)
+++ zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-28 11:33:18 UTC (rev 2545)
@@ -2,6 +2,16 @@
 Author: Zope Foundation and Contributors <zope-dev at zope.org>
 Last-Update: 2011-10-24
 
+--- a/source/doc/CHANGES.rst
++++ b/source/doc/CHANGES.rst
+@@ -8,6 +8,7 @@
+ 2.12.21 (unreleased)
+ --------------------
+ 
++- Fixed serious authentication vulnerability in stock configuration.
+ 
+ 2.12.20 (2011-10-04)
+ --------------------
 --- a/source/Zope2/src/AccessControl/User.py
 +++ b/source/Zope2/src/AccessControl/User.py
 @@ -1027,6 +1027,8 @@
@@ -13,3 +23,43 @@
  
  class UserFolder(BasicUserFolder):
  
+--- a/source/Zope2/src/AccessControl/tests/testUser.py
++++ b/source/Zope2/src/AccessControl/tests/testUser.py
+@@ -227,7 +227,15 @@
+ # TODO class Test_readUserAccessFile(unittest.TestCase)
+ 
+ 
+-# TODO class BasicUserFoldertests(unittest.TestCase)
++class BasicUserFolderTests(unittest.TestCase):
++ 
++    def _getTargetClass(self):
++        from AccessControl.User import BasicUserFolder
++        return BasicUserFolder
++ 
++    def test_manage_users_security_initialized(self):
++        uf = self._getTargetClass()()
++        self.assertTrue(hasattr(uf, 'manage_users__roles__'))
+ 
+ 
+ class UserFolderTests(unittest.TestCase):
+@@ -494,11 +502,12 @@
+ 
+ 
+ def test_suite():
+-    suite = unittest.TestSuite()
+-    suite.addTest(unittest.makeSuite(BasicUserTests))
+-    suite.addTest(unittest.makeSuite(SimpleUserTests))
+-    suite.addTest(unittest.makeSuite(SpecialUserTests))
+-    suite.addTest(unittest.makeSuite(UnrestrictedUserTests))
+-    suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests))
+-    suite.addTest(unittest.makeSuite(UserFolderTests))
+-    return suite
++    return unittest.TestSuite((
++        unittest.makeSuite(BasicUserTests),
++        unittest.makeSuite(SimpleUserTests),
++        unittest.makeSuite(SpecialUserTests),
++        unittest.makeSuite(UnrestrictedUserTests),
++        unittest.makeSuite(NullUnrestrictedUserTests),
++        unittest.makeSuite(BasicUserFolderTests),
++        unittest.makeSuite(UserFolderTests),
++    ))

More information about the pkg-zope-developers mailing list