r2553 - in zope2.12/branches/squeeze/debian (5 files)
mejo at users.alioth.debian.org
mejo at users.alioth.debian.org
Fri Oct 28 12:06:06 UTC 2011
Date: Friday, October 28, 2011 @ 12:06:04
Author: mejo
Revision: 2553
update squeeze backport to 2.12.20-2
Added:
zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
(from rev 2548, zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch)
Modified:
zope2.12/branches/squeeze/debian/changelog
zope2.12/branches/squeeze/debian/control
zope2.12/branches/squeeze/debian/patches/series
zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in
Modified: zope2.12/branches/squeeze/debian/changelog
===================================================================
--- zope2.12/branches/squeeze/debian/changelog 2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/changelog 2011-10-28 12:06:04 UTC (rev 2553)
@@ -1,13 +1,5 @@
-zope2.12 (2.12.20-1~bpo60+2) squeeze-backports; urgency=low
+zope2.12 (2.12.20-2~bpo60+1) squeeze-backports; urgency=low
- * Build again for squeez backports.
- * Change Depends on zope-common from (>= 0.5.51) to (>= 0.5.51~), to make
- zope2.12 installable in squeeze with backports.
-
- -- Jonas Meurer <mejo at debian.org> Wed, 26 Oct 2011 02:50:15 +0200
-
-zope2.12 (2.12.20-1~bpo60+1) squeeze-backports; urgency=low
-
* Build for squeeze backports.
* Migrate back to python-support for Debian Squeeze and Ubuntu Natty support.
- Remove versioned build-depends on python and python2.6-dev.
@@ -15,8 +7,22 @@
- Remove --with python2 from dh in debian/rules, dh_pysupport is invoked
automatically.
- -- Jonas Meurer <mejo at debian.org> Sun, 23 Oct 2011 23:18:33 +0200
+ -- Jonas Meurer <mejo at debian.org> Fri, 28 Oct 2011 14:05:32 +0200
+zope2.12 (2.12.20-2) unstable; urgency=high
+
+ * Update Homepage field to point to correct page http://zope2.zope.org/.
+ * Change Depends on zope-common from (>= 0.5.51) to (>= 0.5.51~), to ease
+ backports to squeeze.
+ * Add debian/patches/Zope2-fix_serious_authentication_vulnerability.patch,
+ fixing a serious authentication vulnerability in stock configuration.
+ No CVE number assigned yet.
+ See https://mail.zope.org/pipermail/zope-dev/2011-October/043592.html
+ for further information.
+ * Set urgency=high in order to push the security fix to testing.
+
+ -- Jonas Meurer <mejo at debian.org> Fri, 28 Oct 2011 13:51:41 +0200
+
zope2.12 (2.12.20-1) unstable; urgency=low
* Zope 2.12.20 release.
Modified: zope2.12/branches/squeeze/debian/control
===================================================================
--- zope2.12/branches/squeeze/debian/control 2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/control 2011-10-28 12:06:04 UTC (rev 2553)
@@ -10,7 +10,7 @@
zope-debhelper (>= 0.3.12)
Standards-Version: 3.9.2
XS-Python-Version: 2.6
-Homepage: http://www.zope.org/
+Homepage: http://zope2.zope.org/
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-zope/zope2.12/trunk
Vcs-Svn: svn://svn.debian.org/pkg-zope/zope2.12/trunk
@@ -18,7 +18,7 @@
Architecture: any
Pre-Depends: zope-common (>= 0.5.51~)
Depends: lsb-base, ${shlibs:Depends}, debconf | debconf-2.0, ${misc:Depends},
- ${python:Depends}, python2.6, python-clientform (>= 0.2.10),
+ ${python:Depends}, python-clientform (>= 0.2.10),
python-docutils (>= 0.7), python-mechanize (>= 0.1.11),
python-pkg-resources (>= 0.6.16-1.1) |
python-pkg-resources (<< 0.6.15), python-tz, python-initgroups
Copied: zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch (from rev 2548, zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch)
===================================================================
--- zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch (rev 0)
+++ zope2.12/branches/squeeze/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch 2011-10-28 12:06:04 UTC (rev 2553)
@@ -0,0 +1,55 @@
+Description: Fix serious authentication vulnerability in stock configuration.
+Author: Zope Foundation and Contributors <zope-dev at zope.org>
+Last-Update: 2011-10-24
+
+--- a/source/Zope2/src/AccessControl/User.py
++++ b/source/Zope2/src/AccessControl/User.py
+@@ -1027,6 +1027,8 @@
+ """ returns true if domain auth mode is set to true"""
+ return getattr(self, '_domain_auth_mode', None)
+
++InitializeClass(BasicUserFolder)
++
+
+ class UserFolder(BasicUserFolder):
+
+--- a/source/Zope2/src/AccessControl/tests/testUser.py
++++ b/source/Zope2/src/AccessControl/tests/testUser.py
+@@ -227,7 +227,15 @@
+ # TODO class Test_readUserAccessFile(unittest.TestCase)
+
+
+-# TODO class BasicUserFoldertests(unittest.TestCase)
++class BasicUserFolderTests(unittest.TestCase):
++
++ def _getTargetClass(self):
++ from AccessControl.User import BasicUserFolder
++ return BasicUserFolder
++
++ def test_manage_users_security_initialized(self):
++ uf = self._getTargetClass()()
++ self.assertTrue(hasattr(uf, 'manage_users__roles__'))
+
+
+ class UserFolderTests(unittest.TestCase):
+@@ -494,11 +502,12 @@
+
+
+ def test_suite():
+- suite = unittest.TestSuite()
+- suite.addTest(unittest.makeSuite(BasicUserTests))
+- suite.addTest(unittest.makeSuite(SimpleUserTests))
+- suite.addTest(unittest.makeSuite(SpecialUserTests))
+- suite.addTest(unittest.makeSuite(UnrestrictedUserTests))
+- suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests))
+- suite.addTest(unittest.makeSuite(UserFolderTests))
+- return suite
++ return unittest.TestSuite((
++ unittest.makeSuite(BasicUserTests),
++ unittest.makeSuite(SimpleUserTests),
++ unittest.makeSuite(SpecialUserTests),
++ unittest.makeSuite(UnrestrictedUserTests),
++ unittest.makeSuite(NullUnrestrictedUserTests),
++ unittest.makeSuite(BasicUserFolderTests),
++ unittest.makeSuite(UserFolderTests),
++ ))
Modified: zope2.12/branches/squeeze/debian/patches/series
===================================================================
--- zope2.12/branches/squeeze/debian/patches/series 2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/patches/series 2011-10-28 12:06:04 UTC (rev 2553)
@@ -3,3 +3,4 @@
Zope2-webdav_urljoin.patch
Zope2-deb_zopeconf.patch
ZODB3-fix_shebang.patch
+Zope2-fix_serious_authentication_vulnerability.patch
Modified: zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in
===================================================================
--- zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in 2011-10-28 11:56:15 UTC (rev 2552)
+++ zope2.12/branches/squeeze/debian/zopeZVER.lintian-overrides.in 2011-10-28 12:06:04 UTC (rev 2553)
@@ -1,2 +1,3 @@
zope at ZVER@: image-file-in-usr-lib
zope at ZVER@: wrong-path-for-interpreter
+zope at ZVER@: duplicate-changelog-files
More information about the pkg-zope-developers
mailing list