[Zope] Backing out the Zope Hotfix 2005-10-09 that broke my zope 2.7.5

John Schinnerer johnschinnerer at yahoo.com
Thu Oct 13 04:01:35 EDT 2005


Aloha,

FWIW here's what I found while backing out the hotfix on my zope 2.7.5:

The hotfix-installed files are set to an owner, group and perms that do
not work with an existing install (zope fails to start up
completely/correctly).  I don't know if there are other problems also,
but that was the relevant issue for me.

More importantly, and more annoyingly for trying to back out, the
owner, group and perms for the Products folder is altered to the same
dysfunctional settings!

I use debian, so I simply tried to reinstall the zope2.7 debian package
to get the pre-hotfix files back.
First I got some explicit errors on the hotfix-installed files that
pointed me to the owner/group/perms problems with those.

Then the debian package *appeared* to install, but zope still failed to
actually start once installed and configured.

It took me a while to notice that the owner/group/perms on the Products
folder itself had been changed to the same settings, blocking
correct/complete reinstall of the original files.

Unfortunately the package install didn't raise any errors on this.

Once I fixed the messed-up perms on the Products folder and did the
install again, all was well.

I put this info on the hotfix alert comments also.

John S.

--- John Schinnerer <johnschinnerer at yahoo.com> wrote:

> Aloha,
> 
> I just applied the below hotfix as directed to a zope 2.7.5
> installation on my development machine.
> 
> It broke something bad, now the browser just says
> 
> The connection was refused when attempting to contact localhost:9673
> 
> I cannot access the ZMI nor any site pages, not on localhost:9673 nor
> on 127.0.0.1:9673
> 
> That is the port it was installed and had been working on.
> I did nothing but install the hotfix as directed on the linked page
> below.
> 
> I have completely restarted the machine.
> At boot time the messages indicate that zope started fine, as usual.
> 
> Any help appreciated, the sooner the better.
> 
> thanks,
> John S.
> 
> --- Andreas Jung <lists at andreas-jung.com> wrote:
> 
> > Hello,
> > 
> > a security issue with the Docutils package coming with Zope 2.6 or
> > higher 
> > has been discovered. Sites that expose reStructuredText
> functionality
> > to
> > untrusted users (typically portal sites allowing registered users
> to
> > edit 
> > content) are possibly affected.
> > 
> > Download location and installation are available from
> > 
> >   
> http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
> > 
> > The hotfix is supposed to work with any Zope 2.7 and 2.8 version.
> > It might work for Zope 2.6 and Python 2.1 but we can not give a
> > guarantee 
> > since Zope 2.6 is no longer maintained. Plone sites do not seem to
> be
> > 
> > affected (there seems to be some additional code on top of Zope's
> > reST implementation avoiding the failure) however this not a
> > guarantee.
> > The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the
> > hotfix.
> > 
> > 
> > Andreas Jung
> > 
> > > _______________________________________________
> > Zope-Announce maillist  -  Zope-Announce at zope.org
> > http://mail.zope.org/mailman/listinfo/zope-announce
> > 
> >   Zope-Announce for Announcements only - no discussions
> > 
> > (Related lists - 
> >  Users: http://mail.zope.org/mailman/listinfo/zope
> >  Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
> > 
> 
> 
> 
> 		
> __________________________________ 
> Yahoo! Music Unlimited 
> Access over 1 million songs. Try it free.
> http://music.yahoo.com/unlimited/
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com


More information about the Zope mailing list