[Zope] Backing out the Zope Hotfix 2005-10-09 that broke my zope 2.7.5

Peter Bengtsson peter at fry-it.com
Thu Oct 13 04:08:18 EDT 2005


The trick is to do something like this which is what I did:

$ cd /usr/lib/zope-2.7.5/lib/python/
$ wget http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert/Hotfix_2005-10-09.tar.gz
$ tar -zxvf Hotfix_2005-10-09.tar.gz
$ chmod -R 644 .
$ chmod -R +X .

That's on a debian to. YMMV.

2005/10/13, John Schinnerer <johnschinnerer at yahoo.com>:
> Aloha,
>
> FWIW here's what I found while backing out the hotfix on my zope 2.7.5:
>
> The hotfix-installed files are set to an owner, group and perms that do
> not work with an existing install (zope fails to start up
> completely/correctly).  I don't know if there are other problems also,
> but that was the relevant issue for me.
>
> More importantly, and more annoyingly for trying to back out, the
> owner, group and perms for the Products folder is altered to the same
> dysfunctional settings!
>
> I use debian, so I simply tried to reinstall the zope2.7 debian package
> to get the pre-hotfix files back.
> First I got some explicit errors on the hotfix-installed files that
> pointed me to the owner/group/perms problems with those.
>
> Then the debian package *appeared* to install, but zope still failed to
> actually start once installed and configured.
>
> It took me a while to notice that the owner/group/perms on the Products
> folder itself had been changed to the same settings, blocking
> correct/complete reinstall of the original files.
>
> Unfortunately the package install didn't raise any errors on this.
>
> Once I fixed the messed-up perms on the Products folder and did the
> install again, all was well.
>
> I put this info on the hotfix alert comments also.
>
> John S.
>
> --- John Schinnerer <johnschinnerer at yahoo.com> wrote:
>
> > Aloha,
> >
> > I just applied the below hotfix as directed to a zope 2.7.5
> > installation on my development machine.
> >
> > It broke something bad, now the browser just says
> >
> > The connection was refused when attempting to contact localhost:9673
> >
> > I cannot access the ZMI nor any site pages, not on localhost:9673 nor
> > on 127.0.0.1:9673
> >
> > That is the port it was installed and had been working on.
> > I did nothing but install the hotfix as directed on the linked page
> > below.
> >
> > I have completely restarted the machine.
> > At boot time the messages indicate that zope started fine, as usual.
> >
> > Any help appreciated, the sooner the better.
> >
> > thanks,
> > John S.
> >
> > --- Andreas Jung <lists at andreas-jung.com> wrote:
> >
> > > Hello,
> > >
> > > a security issue with the Docutils package coming with Zope 2.6 or
> > > higher
> > > has been discovered. Sites that expose reStructuredText
> > functionality
> > > to
> > > untrusted users (typically portal sites allowing registered users
> > to
> > > edit
> > > content) are possibly affected.
> > >
> > > Download location and installation are available from
> > >
> > >
> > http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
> > >
> > > The hotfix is supposed to work with any Zope 2.7 and 2.8 version.
> > > It might work for Zope 2.6 and Python 2.1 but we can not give a
> > > guarantee
> > > since Zope 2.6 is no longer maintained. Plone sites do not seem to
> > be
> > >
> > > affected (there seems to be some additional code on top of Zope's
> > > reST implementation avoiding the failure) however this not a
> > > guarantee.
> > > The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the
> > > hotfix.
> > >
> > >
> > > Andreas Jung
> > >
> > > > _______________________________________________
> > > Zope-Announce maillist  -  Zope-Announce at zope.org
> > > http://mail.zope.org/mailman/listinfo/zope-announce
> > >
> > >   Zope-Announce for Announcements only - no discussions
> > >
> > > (Related lists -
> > >  Users: http://mail.zope.org/mailman/listinfo/zope
> > >  Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
> > >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Music Unlimited
> > Access over 1 million songs. Try it free.
> > http://music.yahoo.com/unlimited/
> > _______________________________________________
> > Zope maillist  -  Zope at zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://mail.zope.org/mailman/listinfo/zope-announce
> >  http://mail.zope.org/mailman/listinfo/zope-dev )
> >
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com


More information about the Zope mailing list