[Zope-Checkins] SVN: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/ hotfix for CVE 2010-3198 / bug #627988 on older Zopes
David Glick
davidglick at onenw.org
Thu Sep 2 16:05:08 EDT 2010
Log message for revision 116161:
hotfix for CVE 2010-3198 / bug #627988 on older Zopes
Changed:
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt
A Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py
-=-
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/__init__.py 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,2 @@
+def initialize(context):
+ import patch
\ No newline at end of file
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/Zope_Hotfix_CVE_2010_3198/patch.py 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,37 @@
+import logging
+LOG = logging.getLogger('ZServerPublisher')
+
+def new_init(self, accept):
+ from ZPublisher import publish_module
+ try:
+ from ZPublisher.WSGIPublisher import publish_module as publish_wsgi
+ HAS_WSGI = True
+ except ImportError:
+ HAS_WSGI = False
+ while 1:
+ try:
+ name, a, b=accept()
+ if name == "Zope2":
+ try:
+ publish_module(
+ name,
+ request=a,
+ response=b)
+ finally:
+ b._finish()
+ a=b=None
+
+ elif HAS_WSGI and name == "Zope2WSGI":
+ try:
+ res = publish_wsgi(a, b)
+ for r in res:
+ a['wsgi.output'].write(r)
+ finally:
+ # TODO: Support keeping connections open.
+ a['wsgi.output']._close = 1
+ a['wsgi.output'].close()
+ except:
+ LOG.error('exception caught', exc_info=True)
+
+from ZServer.PubCore.ZServerPublisher import ZServerPublisher
+ZServerPublisher.__init__ = new_init
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/Products/__init__.py 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,6 @@
+# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
+try:
+ __import__('pkg_resources').declare_namespace(__name__)
+except ImportError:
+ from pkgutil import extend_path
+ __path__ = extend_path(__path__, __name__)
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/README.txt 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,14 @@
+Introduction
+============
+
+This Zope hotfix fixes `CVE 2010-3198`_.
+
+.. _`CVE 2010-3198`: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3198
+
+This hotfix is mainly intended for use with Zope < 2.10. Users of
+Zope 2.10 and greater should instead update to the latest minor revision, which
+already includes this fix.
+
+.. WARNING:: Zope < 2.12 is no longer officially supported, and may have
+ other unpatched vulnerabilities. You are encouraged to upgrade to
+ a supported Zope 2.
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/docs/HISTORY.txt 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,7 @@
+Changelog
+=========
+
+1.0 (2010-09-02)
+----------------
+
+- Initial release
Added: Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py
===================================================================
--- Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py (rev 0)
+++ Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198/trunk/setup.py 2010-09-02 20:05:07 UTC (rev 116161)
@@ -0,0 +1,29 @@
+from setuptools import setup, find_packages
+import os
+
+version = '1.0'
+
+setup(name='Products.Zope_Hotfix_CVE_2010_3198',
+ version=version,
+ description="Hotfix to fix CVE 2010-3198 for Zope < 2.10",
+ long_description=open("README.txt").read() + "\n" +
+ open(os.path.join("docs", "HISTORY.txt")).read(),
+ classifiers=[
+ "Programming Language :: Python",
+ "Framework :: Zope2",
+ "License :: OSI Approved :: Zope Public License",
+ ],
+ keywords='security hotfix patch',
+ author='Zope Foundation and Contributors',
+ author_email='zope-dev at zope.org',
+ url='http://svn.zope.org/Zope/hotfixes/Products.Zope_Hotfix_CVE_2010_3198',
+ license='ZPL 2.1',
+ packages=find_packages(exclude=['ez_setup']),
+ namespace_packages=['Products'],
+ include_package_data=True,
+ zip_safe=False,
+ install_requires=[
+ 'setuptools',
+ # -*- Extra requirements: -*-
+ ],
+ )
More information about the Zope-Checkins
mailing list