r2553 - in zope2.12/branches/squeeze/debian (5 files)

mejo at users.alioth.debian.org mejo at users.alioth.debian.org
Fri Oct 28 12:06:06 UTC 2011 

    Date: Friday, October 28, 2011 @ 12:06:04
  Author: mejo
Revision: 2553

update squeeze backport to 2.12.20-2

Added:
  zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
    (from rev 2548, zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch)
Modified:
  zope2.12/branches/squeeze/debian/changelog
  zope2.12/branches/squeeze/debian/control
  zope2.12/branches/squeeze/debian/patches/series
  zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in

Modified: zope2.12/branches/squeeze/debian/changelog
===================================================================
--- zope2.12/branches/squeeze/debian/changelog	2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/changelog	2011-10-28 12:06:04 UTC (rev 2553)
@@ -1,13 +1,5 @@
-zope2.12 (2.12.20-1~bpo60+2) squeeze-backports; urgency=low
+zope2.12 (2.12.20-2~bpo60+1) squeeze-backports; urgency=low
 
-  * Build again for squeez backports.
-  * Change Depends on zope-common from (>= 0.5.51) to (>= 0.5.51~), to make
-    zope2.12 installable in squeeze with backports.
-
- -- Jonas Meurer <mejo at debian.org>  Wed, 26 Oct 2011 02:50:15 +0200
-
-zope2.12 (2.12.20-1~bpo60+1) squeeze-backports; urgency=low
-
   * Build for squeeze backports.
   * Migrate back to python-support for Debian Squeeze and Ubuntu Natty support.
     - Remove versioned build-depends on python and python2.6-dev.
@@ -15,8 +7,22 @@
     - Remove --with python2 from dh in debian/rules, dh_pysupport is invoked
       automatically.
 
- -- Jonas Meurer <mejo at debian.org>  Sun, 23 Oct 2011 23:18:33 +0200
+ -- Jonas Meurer <mejo at debian.org>  Fri, 28 Oct 2011 14:05:32 +0200
 
+zope2.12 (2.12.20-2) unstable; urgency=high
+
+  * Update Homepage field to point to correct page http://zope2.zope.org/.
+  * Change Depends on zope-common from (>= 0.5.51) to (>= 0.5.51~), to ease
+    backports to squeeze.
+  * Add debian/patches/Zope2-fix_serious_authentication_vulnerability.patch,
+    fixing a serious authentication vulnerability in stock configuration.
+    No CVE number assigned yet.
+    See https://mail.zope.org/pipermail/zope-dev/2011-October/043592.html
+    for further information.
+  * Set urgency=high in order to push the security fix to testing.
+
+ -- Jonas Meurer <mejo at debian.org>  Fri, 28 Oct 2011 13:51:41 +0200
+
 zope2.12 (2.12.20-1) unstable; urgency=low
 
   * Zope 2.12.20 release.

Modified: zope2.12/branches/squeeze/debian/control
===================================================================
--- zope2.12/branches/squeeze/debian/control	2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/control	2011-10-28 12:06:04 UTC (rev 2553)
@@ -10,7 +10,7 @@
                zope-debhelper (>= 0.3.12)
 Standards-Version: 3.9.2
 XS-Python-Version: 2.6
-Homepage: http://www.zope.org/
+Homepage: http://zope2.zope.org/
 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-zope/zope2.12/trunk
 Vcs-Svn: svn://svn.debian.org/pkg-zope/zope2.12/trunk
 
@@ -18,7 +18,7 @@
 Architecture: any
 Pre-Depends: zope-common (>= 0.5.51~)
 Depends: lsb-base, ${shlibs:Depends}, debconf | debconf-2.0, ${misc:Depends},
-         ${python:Depends}, python2.6, python-clientform (>= 0.2.10),
+         ${python:Depends}, python-clientform (>= 0.2.10),
          python-docutils (>= 0.7), python-mechanize (>= 0.1.11),
          python-pkg-resources (>= 0.6.16-1.1) | 
          python-pkg-resources (<< 0.6.15), python-tz, python-initgroups

Copied: zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch (from rev 2548, zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch)
===================================================================
--- zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	                        (rev 0)
+++ zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-28 12:06:04 UTC (rev 2553)
@@ -0,0 +1,55 @@
+Description: Fix serious authentication vulnerability in stock configuration.
+Author: Zope Foundation and Contributors <zope-dev at zope.org>
+Last-Update: 2011-10-24
+
+--- a/source/Zope2/src/AccessControl/User.py
++++ b/source/Zope2/src/AccessControl/User.py
+@@ -1027,6 +1027,8 @@
+         """ returns true if domain auth mode is set to true"""
+         return getattr(self, '_domain_auth_mode', None)
+ 
++InitializeClass(BasicUserFolder)
++
+ 
+ class UserFolder(BasicUserFolder):
+ 
+--- a/source/Zope2/src/AccessControl/tests/testUser.py
++++ b/source/Zope2/src/AccessControl/tests/testUser.py
+@@ -227,7 +227,15 @@
+ # TODO class Test_readUserAccessFile(unittest.TestCase)
+ 
+ 
+-# TODO class BasicUserFoldertests(unittest.TestCase)
++class BasicUserFolderTests(unittest.TestCase):
++ 
++    def _getTargetClass(self):
++        from AccessControl.User import BasicUserFolder
++        return BasicUserFolder
++ 
++    def test_manage_users_security_initialized(self):
++        uf = self._getTargetClass()()
++        self.assertTrue(hasattr(uf, 'manage_users__roles__'))
+ 
+ 
+ class UserFolderTests(unittest.TestCase):
+@@ -494,11 +502,12 @@
+ 
+ 
+ def test_suite():
+-    suite = unittest.TestSuite()
+-    suite.addTest(unittest.makeSuite(BasicUserTests))
+-    suite.addTest(unittest.makeSuite(SimpleUserTests))
+-    suite.addTest(unittest.makeSuite(SpecialUserTests))
+-    suite.addTest(unittest.makeSuite(UnrestrictedUserTests))
+-    suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests))
+-    suite.addTest(unittest.makeSuite(UserFolderTests))
+-    return suite
++    return unittest.TestSuite((
++        unittest.makeSuite(BasicUserTests),
++        unittest.makeSuite(SimpleUserTests),
++        unittest.makeSuite(SpecialUserTests),
++        unittest.makeSuite(UnrestrictedUserTests),
++        unittest.makeSuite(NullUnrestrictedUserTests),
++        unittest.makeSuite(BasicUserFolderTests),
++        unittest.makeSuite(UserFolderTests),
++    ))

Modified: zope2.12/branches/squeeze/debian/patches/series
===================================================================
--- zope2.12/branches/squeeze/debian/patches/series	2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/patches/series	2011-10-28 12:06:04 UTC (rev 2553)
@@ -3,3 +3,4 @@
 Zope2-webdav_urljoin.patch
 Zope2-deb_zopeconf.patch
 ZODB3-fix_shebang.patch
+Zope2-fix_serious_authentication_vulnerability.patch

Modified: zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in
===================================================================
--- zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in	2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in	2011-10-28 12:06:04 UTC (rev 2553)
@@ -1,2 +1,3 @@
 zope at ZVER@: image-file-in-usr-lib
 zope at ZVER@: wrong-path-for-interpreter
+zope at ZVER@: duplicate-changelog-files

More information about the pkg-zope-developers mailing list