--- zope3-3.2.1.orig/debian/copyright +++ zope3-3.2.1/debian/copyright @@ -0,0 +1,141 @@ +This package was debianized by Matthias Klose based +on feedback by Chris McDonough in August 2004. + +It was downloaded from http://dev.zope.org/Zope3/ + +Upstream Author: Zope Corporation + +Copyright: + +Copyright (c) 2001, 2002, 2003, 2004 Zope Corporation and Contributors. +All Rights Reserved. + +This software is subject to the provisions of the Zope Public License, +Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +FOR A PARTICULAR PURPOSE. + +---------------------------------------------------------------------- + +Zope Public License (ZPL) Version 2.1 +------------------------------------- + +A copyright notice accompanies this license document that +identifies the copyright holders. + +This license has been certified as open source. It has also +been designated as GPL compatible by the Free Software +Foundation (FSF). + +Redistribution and use in source and binary forms, with or +without modification, are permitted provided that the +following conditions are met: + +1. Redistributions in source code must retain the + accompanying copyright notice, this list of conditions, + and the following disclaimer. + +2. Redistributions in binary form must reproduce the accompanying + copyright notice, this list of conditions, and the + following disclaimer in the documentation and/or other + materials provided with the distribution. + +3. Names of the copyright holders must not be used to + endorse or promote products derived from this software + without prior written permission from the copyright + holders. + +4. The right to distribute this software or to use it for + any purpose does not give you the right to use + Servicemarks (sm) or Trademarks (tm) of the copyright + holders. Use of them is covered by separate agreement + with the copyright holders. + +5. If any files are modified, you must cause the modified + files to carry prominent notices stating that you changed + the files and the date of any change. + +Disclaimer + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' + AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT + NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + NO EVENT SHALL THE COPYRIGHT HOLDERS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE. + +---------------------------------------------------------------------- + +The XML files in locales directory in the zope.i18n package are +made available under the ICU License: + + ICU License - ICU 1.8.1 and later + + COPYRIGHT AND PERMISSION NOTICE + + Copyright (c) 1995-2002 International Business Machines Corporation + and others + All rights reserved. + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, and/or sell copies of the Software, and to permit persons + to whom the Software is furnished to do so, provided that the above + copyright notice(s) and this permission notice appear in all copies of + the Software and that both the above copyright notice(s) and this + permission notice appear in supporting documentation. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT + OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL + INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Except as contained in this notice, the name of a copyright holder + shall not be used in advertising or otherwise to promote the sale, use + or other dealings in this Software without prior written authorization + of the copyright holder. + + ----------------------------------------------------------------------------- + + All trademarks and registered trademarks mentioned herein are the + property of their respective owners. + +---------------------------------------------------------------------- + +The docutils package was implemented and placed in the public domain by +David Goodger and others. + +We are rereleasing it under the terms of the Zope Public License 2.0. + +Exceptions to this are the following files within the docutils package: + + roman.py, by Mark Pilgrim: + + This program is free software; you can redistribute it and/or modify + it under the terms of the Python 2.1.1 license, available at + http://www.python.org/2.1.1/license.html + +---------------------------------------------------------------------- + +The zope.testing.doctest module is a copy of the doctest module from +the Python 2.4 standard library. It if the property of the Python +Software Foundation (PSF) and is covered by the PSF license agreement +for Python 2.4. We will no-longer distribute this module with Zope at +some point on the future. --- zope3-3.2.1.orig/debian/zopeZVER.postinst.in +++ zope3-3.2.1/debian/zopeZVER.postinst.in @@ -0,0 +1,8 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +#DEBHELPER# + +db_stop +exit 0 --- zope3-3.2.1.orig/debian/rules +++ zope3-3.2.1/debian/rules @@ -0,0 +1,271 @@ +#! /usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# brace expansion used in this Makefile +export SHELL=/bin/bash + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +zbase = Zope-3.2.1 + +# all versions +PYVERS=$(subst -dev,,\ + $(subst python,,\ + $(filter python%-dev,\ + $(shell sed -n '/^Build-Depends/s/,//gp' debian/control)))) +#PV := $(shell python -c 'import sys; print sys.version[:3]') +PV := 2.4 + +PWD := $(shell pwd) +ZVER := 3 +PYVER := python$(PV) +PYTHON = /usr/bin/$(PYVER) +d = debian/tmp +libdir = usr/lib/zope$(ZVER) +pylibdir = usr/lib/$(PYVER)/site-packages + +distribution := $(shell lsb_release -is) +with_zif := yes + +p_lib = zope$(ZVER) +p_doc = zope$(ZVER)-doc + +#p_bin = zope3-scripts +#p_add = zope3-addons +#p_dutil = zope3-docutils + +p_zif = python-zopeinterface +p_zif24 = python2.4-zopeinterface +p_zif23 = python2.3-zopeinterface + +d_lib = debian/$(p_lib) +d_bin = debian/$(p_bin) +d_add = debian/$(p_add) +d_dutil = debian/$(p_dutil) +d_doc = debian/$(p_doc) + +d_zif = debian/$(p_zif) +d_zif24 = debian/$(p_zif24) +d_zif23 = debian/$(p_zif23) +d_zif22 = debian/$(p_zif22) + +unpack: unpack-stamp +unpack-stamp: + tar xfz $(zbase).tgz + mv $(zbase) z + touch unpack-stamp + +configure: config-stamp +config-stamp: unpack-stamp patch-stamp + dh_testdir + cd z && ./configure \ + --prefix=/usr \ + --with-python=$(PYTHON) \ + --force + touch config-stamp + +build: build-arch build-indep check + +build-arch: build-arch-stamp +build-arch-stamp: config-stamp + cd z && $(PYTHON) install.py build +ifeq ($(with_zif),yes) + cd z/Dependencies/zope.interface-$(zbase) \ + && /usr/bin/python2.4 setup.py build +endif + touch build-arch-stamp + +build-indep: build-indep-stamp +build-indep-stamp: + touch build-indep-stamp + +check: build check-stamp +check-stamp: build-arch-stamp + # -cd z && PYTHONPATH=$(shell echo `pwd`/z/build/lib*$(PV)) $(PYTHON) test.py -v + touch check-stamp + +clean: unpatch + dh_testdir + rm -f unpack-stamp config-stamp build-arch-stamp build-indep-stamp check-stamp + rm -rf build z $(zbase) + for f in debian/*.in; do \ + generated=`echo $$f | sed 's,.in$$,,;s,ZVER,$(ZVER),'`; \ + rm -f $$generated $$generated.tmp; \ + done + dh_clean + +install: install-indep install-arch +install-indep: build-indep + +install-arch: build-arch + dh_testdir + dh_testroot + dh_clean -k + for f in debian/*.in; do \ + generated=`echo $$f | sed 's,.in$$,,;s,ZVER,$(ZVER),'`; \ + sed 's,@ZVER@,$(ZVER),g' $$f > $$generated.tmp; \ + if cmp --quiet "$$generated" "$$generated.tmp"; then \ + rm -f $$generated.tmp; \ + else \ + mv -f $$generated.tmp $$generated; \ + fi; \ + done + + dh_installdirs + dh_installzopeinstance -pzope$(ZVER)-sandbox sandbox + cd z && $(PYTHON) install.py install \ + --skip-build --prefix $(PWD)/$(d)/usr + -find $(d) -name '*.py[co]' | xargs -n 100 rm -f + rm -rf $(d)/$(pylibdir)/twisted + + # $(p_lib) + mkdir -p $(d_lib)/$(libdir) + mv $(d)/usr/lib/* $(d_lib)/usr/lib/ + rmdir $(d)/usr/lib + mv $(d)/usr/{bin,zopeskel} $(d_lib)/$(libdir) + mkdir -p $(d_lib)/$(libdir)/lib/python + dh_link -p$(p_lib) /$(pylibdir)/zope /$(libdir)/lib/python/zope + mkdir -p $(d_lib)/etc/zope$(ZVER) \ + $(d_lib)/var/log/zope$(ZVER) \ + $(d_lib)/var/lib/zope$(ZVER)/instance \ + $(d_lib)/var/lib/zope$(ZVER)/zeo + + # Replace all '#!' calls to python with $(PYTHON) + # and make them executable + for i in `find $(d_lib)/$(libdir) -type f`; do \ + sed '1s,#!.*python[^ ]*\(.*\),#! $(PYTHON)\1,' \ + $$i > $$i.temp; \ + if cmp --quiet $$i $$i.temp; then \ + rm -f $$i.temp; \ + else \ + mv -f $$i.temp $$i; \ + chmod 755 $$i; \ + echo "fixed interpreter: $$i"; \ + fi; \ + done + + # install zopeinterface packages + cd z/Dependencies/zope.interface-$(zbase) \ + && /usr/bin/python2.4 setup.py install --prefix=$(PWD)/$(d_zif24)/usr + -find debian/python*-zopeinterface -name '*.py[co]' | xargs rm -f + + # Copy README.txt to the right place + # (Zope needs the README to be there, see #332845) + set -x ; for dir in debian/python2*-zopeinterface ; do \ + pkg=$$(basename $$dir) ; \ + mkdir -p $$dir/usr/share/doc/$$pkg ; \ + cp -p $$(find $$dir -name README.txt) $$dir/usr/share/doc/$$pkg ; \ + done + + # Remove interface module which has been split out + cp -p $(d_lib)/$(pylibdir)/zope/__init__.py \ + $(d_zif24)/usr/lib/python2.4/site-packages/zope/ + rm -rf $(d_lib)/$(pylibdir)/zope/interface + + # remove files from zope3 also in default zopeinterface package + ( \ + cd debian/$(PYVER)-zopeinterface/$(pylibdir) \ + && find . ! -type d \ + ) | ( \ + cd $(d_lib)/$(pylibdir) && xargs rm -f \ + ) + + -find $(d_lib)/$(pylibdir) -depth -type d -empty -exec rmdir {} \; + + # remove docutils and pytz + rm -fr $(d_lib)/usr/lib/python2.4/site-packages/docutils \ + $(d_lib)/usr/lib/python2.4/site-packages/pytz \ + $(d_lib)/usr/lib/python2.4/site-packages/ClientForm.py \ + $(d_lib)/usr/lib/python2.4/site-packages/pullparser.py + + # Lintian and linda overrides + mkdir -p -m 0755 $(d_lib)/usr/share/lintian/overrides + install -m 0644 debian/$(p_lib).lintian-overrides \ + $(d_lib)/usr/share/lintian/overrides/$(p_lib) + mkdir -p -m 0755 $(d_lib)/usr/share/linda/overrides + install -m 0644 debian/$(p_lib).linda-overrides \ + $(d_lib)/usr/share/linda/overrides/$(p_lib) + + # Remove not needed stuff + rm -fr $(d_lib)/usr/lib/python2.4/site-packages/twisted/trial/test/scripttest.py \ + $(d_lib)/usr/lib/python2.4/site-packages/mechanize \ + $(d_lib)/usr/lib/python2.4/site-packages/ClientCookie \ + $(d_lib)/usr/lib/python2.4/site-packages/zope/formlib/LICENSE.txt + +disabled-script-package: + # $(p_bin) + mkdir -p $(d_bin)/$(libdir) + dh_link -p$(p_bin) \ + /$(libdir)/bin/mkzeoinst.py /usr/bin/zope3-mkzeoinst \ + /$(libdir)/bin/mkzopeinstance /usr/bin/zope3-mkzopeinstance \ + /$(libdir)/bin/runzeo.py /usr/bin/zope3-runzeo \ + /$(libdir)/bin/zconfig /usr/bin/zope3-zconfig \ + /$(libdir)/bin/zconfig_schema2html \ + /usr/bin/zope3-zconfig_schema2html \ + /$(libdir)/bin/zdctl.py /usr/bin/zope3-zdctl \ + /$(libdir)/bin/zdrun.py /usr/bin/zope3-zdrun \ + /$(libdir)/bin/zeoctl.py /usr/bin/zope3-zeoctl \ + /$(libdir)/bin/zeopasswd.py /usr/bin/zope3-zeopasswd \ + /$(libdir)/bin/zopetest /usr/bin/zope3-zopetest + + +# Build architecture independant packages using the common target. +binary-indep: build-indep install-indep + dh_testdir + dh_testroot + dh_installchangelogs -i z/Zope/doc/CHANGES.txt + dh_installdocs -i z/README.txt + dh_installdocs -p$(p_doc) \ + -XCHANGES.txt -XINSTALL.txt -XREADME.txt -XMakefile \ + z/Zope/doc/* + dh_installlogrotate -i + dh_installdebconf -i + dh_installinit -i + dh_installman -i + dh_compress -i -X.rst -X.css + dh_fixperms -i + dh_python -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture dependant packages using the common target. +binary-arch: build-arch install-arch + dh_testdir + dh_testroot + dh_installchangelogs -a z/Zope/doc/CHANGES.txt + dh_installdocs -a z/README.txt + dh_installdocs -i +ifeq ($(distribution),Ubuntu) + mv debian/zope3-sandbox/usr/share/doc/zope3-sandbox/README.Debian \ + debian/zope3-sandbox/usr/share/doc/zope3-sandbox/README.Ubuntu + mv debian/zope3/usr/share/doc/zope3/README.Debian \ + debian/zope3/usr/share/doc/zope3/README.Ubuntu +endif + dh_installlogrotate -a + dh_installdebconf -a + dh_installinit -a + dh_installman -a + dh_link -a + dh_strip -a + dh_compress -a -X.rst -X.css + dh_fixperms -a + dh_python -a -V $(PV) /$(libdir)/{bin,lib} + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install install-indep install-arch + +include /usr/share/dpatch/dpatch.make --- zope3-3.2.1.orig/debian/zopeZVER-sandbox.templates.in +++ zope3-3.2.1/debian/zopeZVER-sandbox.templates.in @@ -0,0 +1,3 @@ +Template: zope@ZVER@-sandbox/internal +Type: note +Description: Internal use. --- zope3-3.2.1.orig/debian/zopeZVER.lintian-overrides.in +++ zope3-3.2.1/debian/zopeZVER.lintian-overrides.in @@ -0,0 +1,5 @@ +zope@ZVER@: image-file-in-usr-lib +zope@ZVER@: interpreter-not-absolute +zope@ZVER@: unusual-interpreter +zope@ZVER@: script-not-executable +zope@ZVER@: executable-not-elf-or-script --- zope3-3.2.1.orig/debian/changelog +++ zope3-3.2.1/debian/changelog @@ -0,0 +1,203 @@ +zope3 (3.2.1-1ubuntu1.2) dapper-security; urgency=low + + * SECURITY UPDATE: arbitrary code execution via ZEO network protocol + - debian/patches/security-CVE-2009-066x.dpatch: introduce + ServerMarshaller() and server_find_global() in + Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/{marshal.py,connection.py}. + - CVE-2009-0668 + * SECURITY UPDATE: authentication bypass via ZEO network protocol + - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth() + private in Dependencies/ZEO-Zope-3.2.1/ZEO/{auth/auth_digest.py, + StorageServer.py, tests/auth_plaintext.py}. + - CVE-2009-0669 + * SECURITY UPDATE: denial of service via too many new object identifiers + - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100 + in Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py. + - No CVE + + -- Marc Deslauriers Tue, 13 Oct 2009 13:55:17 -0400 + +zope3 (3.2.1-1ubuntu1) dapper; urgency=low + + * Synchronize with Debian unstable. + + -- Matthias Klose Fri, 7 Apr 2006 21:34:01 +0200 + +zope3 (3.2.1-1) unstable; urgency=low + + * New upstream release. + * debian/rules: Removed temporary patch applied with 3.2.0-4. + * debian/rules: build python2.[34]-zopeinterface binary packages. + + -- Fabio Tranchitella Thu, 30 Mar 2006 10:35:14 +0000 + +zope3 (3.2.0-4) unstable; urgency=low + + * debian/rules: Apply temporary patch to fix munging of sys.modules + in zope.testbrowser. (Closes: #351980) + * debian/control: Add myself to uploaders. + * debian/control: Tighten dependency on python2.4-twisted-web2 (M. Klose). + + -- Brian Sutherland Sun, 19 Feb 2006 19:28:54 +0100 + +zope3 (3.2.0-3) unstable; urgency=low + + * Remove twisted modules from zope3, depend on python2.4-twisted-conch, + python2.4-twisted-web2 (based on feedback from #zope3-dev). + + -- Matthias Klose Mon, 13 Feb 2006 18:49:40 +0100 + +zope3 (3.2.0-2) unstable; urgency=low + + * debian/control: zope3 should depend on python2.4-tz (>= 2005r). + + -- Fabio Tranchitella Fri, 3 Feb 2006 10:41:34 +0000 + +zope3 (3.2.0-1) unstable; urgency=low + + * New upstream release. (Closes: #343445) + * debian/zopeZVER.init.in: fixed a typo which prevents zeo instances + to be started by the init script. (Closes: #341529) + * README.debian for zope3: added a note about pyskel.py and test.py + scripts. (Closes: #337354) + + -- Fabio Tranchitella Sun, 15 Jan 2006 17:48:05 +0000 + +zope3 (3.1.0-3) unstable; urgency=low + + * debian/control: depends on lsb-base. (Closes: #334620) + + -- Fabio Tranchitella Thu, 20 Oct 2005 14:02:55 +0000 + +zope3 (3.1.0-2) unstable; urgency=low + + * Fix installation of README.txt, in case we build our own + python2.x-zopeinterface packages (Brian Sutherland). Closes: #332845. + + -- Matthias Klose Sun, 9 Oct 2005 16:12:37 +0200 + +zope3 (3.1.0-1) unstable; urgency=low + + * New upstream version, final release. + + -- Matthias Klose Tue, 4 Oct 2005 13:55:25 +0000 + +zope3 (3.0.93-1) unstable; urgency=low + + * New upstream candidate release (Zope 3.1.0c2) + * debian/rules: different behaviour between Debian and Ubuntu about + python*-zopeinterface binary packages; building for Debian won't + create them, while Ubuntu builders will do. + * debian/control: upgraded dependency on python-tz (>= 2005k) + (Closes: #317742) + + -- Fabio Tranchitella Thu, 15 Sep 2005 14:47:44 +0000 + +zope3 (3.0.92-4) experimental; urgency=low + + * debian/control: build-depends on lsb-release, and use it in debian/rules + to guess the distribution (Debian or Ubuntu). + + -- Fabio Tranchitella Tue, 23 Aug 2005 14:19:53 +0000 + +zope3 (3.0.92-3) experimental; urgency=low + + * Rebuild with zope-debhelper 0.3.2.7. + * debian/patches/deb-zopeconf.dpatch: added --service-port argument to + mkzopeinstance. + + -- Fabio Tranchitella Thu, 18 Aug 2005 13:10:29 +0000 + +zope3 (3.0.92-2) experimental; urgency=low + + * debian/patches/deb-zopeconf.dpatch: symlink /Products to + /lib/python. This is the simplest way to have dzhandle + working for Zope3. + + -- Fabio Tranchitella Wed, 17 Aug 2005 12:19:27 +0000 + +zope3 (3.0.92-1) experimental; urgency=low + + * Zope-3.1 candidate1 release (Zope3-3.1.0c1.tgz) + * debian/rules: added {lintian,linda}-overrides + * Applied patch from Brian Sutherland to use python2.4-tz instead of + shipping it with zope3-lib. (Closes: #317742) + * debian/control: set Standards-Version to 3.6.2 (no changes) + * debian/control: added myself as uploader + * debian/control: renamed zope3-lib into zope3 (Matthias, I know what + you are thinking while reading this entry, but I think it was necessary) + + -- Fabio Tranchitella Sat, 13 Aug 2005 16:41:56 +0000 + +zope3 (3.0.91-1) unstable; urgency=low + + * Zope-3.1 beta1 release. + * Set maintainer to "Debian Zope Team". + * Provide a zope3-lib package only, packages like schooltool and + schoolbell only need this one. + * Explicitely build using python 2.4. + * Disable building the zopeinterface packages. Conflict with + python2.4-zopeinterface, provide it. + * Run the testsuite in the build, ignore the exit code. + * Upstream ships with corrected file permissions, remove the handling + from the rules file. + * Disable building the zope3-sandbox package until dzhandle is + updated and available in unstable. + + -- Matthias Klose Thu, 23 Jun 2005 12:33:36 +0200 + +zopex3 (3.0.0-6) hoary; urgency=low + + * Add __init__.py to zope package in zopeX.Y-interface packages. + + -- Matthias Klose Sun, 13 Feb 2005 21:27:09 +0100 + +zopex3 (3.0.0-4) experimental; urgency=low + + * Upload to experimental. + + -- Matthias Klose Wed, 2 Feb 2005 20:14:50 +0100 + +zopex3 (3.0.0-3) hoary; urgency=low + + * Rename python*-zope-interface packages to python*-zopeinterface, so that + the upstream name can be found in the package name. + * Rename zopex3-lib to zope3-lib. + * Added fixes/patches from Wichert Akkerman : + - Move README.txt to /usr/share/doc for zope-interface packages + - Fix typo in dependencies: it is zopex3-lib, not zope3-lib + - Do not remove tests: they are useful when creating tests for other + zope packages. Also prevents accidenta.ly delete of zope.app.tests + which is quite essential + * zopex3-lib: Depend on python-zopeinterface. + * Remove docutils from zope3-lib package, depend on python-docutils. + + -- Matthias Klose Tue, 11 Jan 2005 08:30:24 +0100 + +zopex3 (3.0.0-2) hoary; urgency=low + + * Fix zopex3-sandbox dependency on the -lib package. + + -- Matthias Klose Sat, 4 Dec 2004 13:52:25 +0100 + +zopex3 (3.0.0-1) hoary; urgency=low + + * ZopeX3-3.0.0 release. + * Renamed package to zopex3. + * Build zope-interface packages python-zope-interface and pythonX.Y-zope-interface. + + -- Matthias Klose Tue, 9 Nov 2004 18:07:25 +0100 + +zope3 (2.90c3-1) hoary; urgency=low + + * New upstream candidate (ZopeX3-3.0.0c3). + + -- Matthias Klose Thu, 28 Oct 2004 00:06:48 +0200 + +zope3 (2.90b3-1) unstable; urgency=low + + * Initial Release (ZopeX3-3.0.0b3). + * EXPERIMENTAL PACKAGES. NO UPGRADE PATH FROM EARLIER VERSIONS OR + TO UPCOMING VERSIONS PROVIDED UNTIL THE FINAL 3.0 RELEASE. + + -- Matthias Klose Mon, 23 Aug 2004 18:01:33 +0200 --- zope3-3.2.1.orig/debian/zopeZVER.README.Debian.in +++ zope3-3.2.1/debian/zopeZVER.README.Debian.in @@ -0,0 +1,9 @@ +Notes about Debian Zope3 package +-------------------------------- + +Some documents refer to scripts pyskel.py and test.py. Those scripts +are specific to particular instances, and can be found in +/var/lib/zope3/instance/myinstance/bin/. The scripts do *not* have +.py extensions. + + -- Fabio Tranchitella Thu, 15 Jan 2006 18:45:00 +0200 --- zope3-3.2.1.orig/debian/zopeZVER.postrm.in +++ zope3-3.2.1/debian/zopeZVER.postrm.in @@ -0,0 +1,43 @@ +#!/bin/sh -e + +zope=zope@ZVER@ + +delete_pyo_pyc () { + t=`tempfile -p zopedel ` + [ -r /var/lib/$zope/_list_of_pyc_pyo_to_be_deleted_ ] && + cat /var/lib/$zope/_list_of_pyc_pyo_to_be_deleted_ | \ + xargs rm -f 2>&1 + rm -f /usr/lib/$zope/debian/*.py[co] + rm -f /var/lib/$zope/_list_of_pyc_pyo_to_be_deleted_ +} + +case "$1" in + failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + upgrade) + delete_pyo_pyc + ;; + remove) + delete_pyo_pyc + ;; + purge) + if [ -d /var/lib/$zope/instance ] ; then + find /var/lib/$zope/instance -maxdepth 3 -type f \ + -path '*/var/Data.fs.*' -or -path '*/bin/*zope*' \ + -or -path '*/log/*.log*' -or -name README.txt \ + | xargs -r rm -f + fi + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- zope3-3.2.1.orig/debian/zopeZVER.linda-overrides.in +++ zope3-3.2.1/debian/zopeZVER.linda-overrides.in @@ -0,0 +1,10 @@ +Tag: image-in-usr-lib +Data: /usr/lib/python2.4/site-packages/zope/ +Tag: script-not-executable +Data: /usr/lib/python2.4/site-packages/zope/ +Tag: interpreter-not-absolute +Data: /usr/lib/zope3/zopeskel/bin/ +Tag: unusual-interpreter +Data: /usr/lib/zope3/zopeskel/bin/ +Tag: executable-not-elf-or-script +Data: /usr/lib/zope3/zopeskel/bin/ --- zope3-3.2.1.orig/debian/zopeZVER.preinst.in +++ zope3-3.2.1/debian/zopeZVER.preinst.in @@ -0,0 +1,27 @@ +#! /bin/sh -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' + +case "$1" in + upgrade) + ;; + + install) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- zope3-3.2.1.orig/debian/zopeZVER-sandbox.copyright.in +++ zope3-3.2.1/debian/zopeZVER-sandbox.copyright.in @@ -0,0 +1,3 @@ +This package was created and released by the Debian Zope team, under +the terms of the Gnu General Public License, version 2 or later. +See /usr/share/common-licenses/GPL for the full text of that license. --- zope3-3.2.1.orig/debian/zopeZVER.logrotate.in +++ zope3-3.2.1/debian/zopeZVER.logrotate.in @@ -0,0 +1,16 @@ +# Logrotate configuration file fo Zope Debian package + +"/var/log/zope@ZVER@/*/Z2.log" "/var/log/zope@ZVER@/*/access.log"{ + weekly + missingok + rotate 52 + copytruncate + compress + delaycompress + notifempty + create 640 zope zope + sharedscripts + postrotate + sh -c 'for i in /var/lib/zope@ZVER@/instance/* ; do [ -d "$i/log" -a -x "$i/bin/zopectl" -a -r "$i/var/Z2.pid" ] && "$i"/bin/zopectl logreopen ; done' + endscript +} --- zope3-3.2.1.orig/debian/zopeZVER-sandbox.README.Debian.in +++ zope3-3.2.1/debian/zopeZVER-sandbox.README.Debian.in @@ -0,0 +1,24 @@ +Notes about pre-packaged instances +---------------------------------- + +This is a pre-packaged instance of Zope@ZVER@, and it has been installed in +/var/lib/zope@ZVER@/instance/sandbox. You can modify its configuration +editing the file /etc/zope@ZVER@/sandbox/zope.conf. + +During configuration, debconf is used to ask the system administrator the +user and password for initial user of the instance. If debconf had been +configured to not display these questions, a random password has been +generated. In this case, you have to use zpasswd.py utility to specify a +new password for the initial user in order to have access to the Zope +Management Interface of this instance. + +If a zope@ZVER@ instance called `sandbox' already exists without data, +debconf is used to ask to the system administrator if he wants to abort +the installation or instead to remove the instance before creating the +new one. If you chose `abort` and you really want to install the +zope3-sandbox package, please manually remove the old sandbox before +trying to install again the package: + + # rm -fr /var/lib/zope@ZVER@/instance/sandbox + + -- Fabio Tranchitella Thu, 30 Mar 2006 12:38:00 +0200 --- zope3-3.2.1.orig/debian/zopeZVER.init.in +++ zope3-3.2.1/debian/zopeZVER.init.in @@ -0,0 +1,78 @@ +#!/bin/sh + +ZVER=@ZVER@ +[ -d /var/lib/zope$ZVER/instance -a -d /var/lib/zope$ZVER/zeo -a -d /usr/lib/zope$ZVER ] || exit 0 + +. /lib/lsb/init-functions +. /etc/default/zope$ZVER + +if [ "$ZEOSERVERS" = "NONE" -o "$ZEOSERVERS" = "" ]; then + ZEOSERVERS='' + log_warning_msg "Zope$ZVER: ZEO servers have been disabled, edit /etc/default/zope$ZVER to enable them." +elif [ "$ZEOSERVERS" = "ALL" ]; then + ZEOSERVERS='*' +fi + +if [ "$INSTANCES" = "NONE" -o "$INSTANCES" = "" ]; then + INSTANCES='' + log_warning_msg "Zope$ZVER: instances have been disabled, edit /etc/default/zope$ZVER to enable them." +elif [ "$INSTANCES" = "ALL" ]; then + INSTANCES='*' +fi + +case "$1" in + start|stop|restart) + p=''; [ "$1" = "stop" ] && p='p' + + if [ -n "$ZEOSERVERS" ]; then + cd /var/lib/zope$ZVER/zeo + for i in $ZEOSERVERS ; do + if [ "$i" = "*" ]; then + # log_success_msg "Zope$ZVER: no ZEO servers found." + break + elif [ ! -d "$i" ]; then + continue + fi + + if [ -x $i/bin/zeoctl ] ; then + log_begin_msg "Zope$ZVER: ${1}${p}ing $i ZEO server" + $i/bin/zeoctl "$1" >/dev/null 2>&1 + log_end_msg $? + else + log_warning_msg "Zope$ZVER: skipping $i (old/purged)" + fi + done + fi + + if [ -n "$INSTANCES" ]; then + cd /var/lib/zope$ZVER/instance + for i in $INSTANCES ; do + if [ "$i" = "*" ]; then + log_success_msg "Zope$ZVER: no instances found." + break + elif [ ! -d "$i" ]; then + continue + fi + + if [ -x $i/bin/zopectl ] ; then + log_begin_msg "Zope$ZVER: ${1}${p}ing $i instance" + dzhandle -z $ZVER zopectl "$i" $1 >/dev/null 2>&1 + log_end_msg $? + else + log_warning_msg "Zope$ZVER: skipping $i (old/purged)" + fi + done + fi + ;; + + force-reload) + echo "Zope$ZVER doesn't support force-reload, use restart instead." + ;; + + *) + echo "Usage: /etc/init.d/zope$ZVER {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 --- zope3-3.2.1.orig/debian/control +++ zope3-3.2.1/debian/control @@ -0,0 +1,78 @@ +Source: zope3 +Section: web +Priority: optional +Maintainer: Debian/Ubuntu Zope Team +Uploaders: Matthias Klose , Fabio Tranchitella , Brian Sutherland +Build-Depends: python, python2.4-dev, debhelper (>= 4.2.28), zope-debhelper (>= 0.3.2.13), lsb-release, dpatch +Standards-Version: 3.6.2 + +Package: zope3 +Section: python +Architecture: any +Pre-Depends: zope-common +Depends: python2.4 (>= 2.4.2), python2.4-zopeinterface, ${shlibs:Depends}, python-docutils (>= 0.3.7) | python2.4-docutils (>= 0.3.7), python2.4-tz (>= 2005r), python2.4-mechanize (>= 0.0.10a), python2.4-clientcookie (>= 1.0.3), python2.4-twisted-conch (>= 1:0.5), python2.4-twisted-web2 (>= 0.1.0.20060222), python2.4-pullparser (>= 0.0.6b), python2.4-clientform (>= 0.2.0.99-1), lsb-base +Conflicts: zopex3-lib, zope3-lib +Replaces: zopex3-lib, zope3-lib +Provides: zope3-lib +Description: Open Source Web Application Server (Libraries) + Zope is an open source web application server primarily written in + the Python programming language. It features a transactional object + database which can store not only content and custom data, but also + dynamic HTML templates, scripts, a search engine, and relational + database (RDBMS) connections and code. + . + It features a strong through-the-web development model, allowing you + to update your web site from anywhere in the world. To allow for + this, Zope also features a tightly integrated security model. Built + around the concept of "safe delegation of control", Zope's security + architecture also allows you to turn control over parts of a web site + to other organizations or individuals. + . + This package contains the framework and libraries needed to run your + own Zope3 instance. + +Package: zope3-doc +Section: doc +Architecture: all +Suggests: zope3-sandbox +Description: Documentation for Zope3 + Documentation for the Zope3 Web Application Server. + +Package: zope3-sandbox +Section: web +Architecture: all +Depends: ${zope:Depends}, ${misc:Depends} +Recommends: zope3-doc (>= ${Source-Version}) +Description: sandbox instance for the zope3 web application server + Package which creates a "sandbox" instance, getting all Zope + products and packages available which are installed as Debian packages. + . + The sandbox is usable for development and testing. For production + please setup your own Zope 3 instance using dzhandle utility. + +Package: python-zopeinterface +Section: python +Architecture: all +Depends: ${python:Depends} +Conflicts: python-zope-interface +Replaces: python-zope-interface +Provides: python-zope-interface +Description: The implementation of interface definitions for Zope 3 + Zope interfaces are objects that specify (document) the external behavior + of objects that "provide" them. + . + This package contains the interface definitions for the use with the + default python version. + +Package: python2.4-zopeinterface +Section: python +Architecture: any +Depends: ${python:Depends}, ${shlibs:Depends} +Conflicts: python2.4-zope-interface +Replaces: python2.4-zope-interface +Provides: python2.4-zope-interface +Description: The implementation of interface definitions for Zope 3 + Zope interfaces are objects that specify (document) the external behavior + of objects that "provide" them. + . + This package contains the interface definitions for the use with python2.4. --- zope3-3.2.1.orig/debian/patches/deb-zopeconf.dpatch +++ zope3-3.2.1/debian/patches/deb-zopeconf.dpatch @@ -0,0 +1,213 @@ +#! /bin/sh -e +## +## DP: Debian specific configuration; +## DP: Author: Fabio Tranchitella + +. $(dirname $0)/DPATCH + +@DPATCH@ +diff -urN zope3-3.2.1/z/Dependencies/zope.app.server-Zope-3.2.1/zope.app.server/mkzopeinstance.py zope3-3.2.1.debian/z/Dependencies/zope.app.server-Zope-3.2.1/zope.app.server/mkzopeinstance.py +--- zope3-3.2.1/z/Dependencies/zope.app.server-Zope-3.2.1/zope.app.server/mkzopeinstance.py 2006-01-05 20:04:04.000000000 +0000 ++++ zope3-3.2.1.debian/z/Dependencies/zope.app.server-Zope-3.2.1/zope.app.server/mkzopeinstance.py 2006-01-15 18:25:46.000000000 +0000 +@@ -120,8 +120,15 @@ + + options.password = password_manager.encodePassword(options.password) + ++ import pwd, grp ++ uid = pwd.getpwnam(options.srvuser.split(":")[0]) ++ if uid: uid = uid[2] ++ gid = grp.getgrnam(options.srvuser.split(":")[1]) ++ if gid: gid = gid[2] ++ os.chown(options.destination, uid, gid) ++ + # now create the instance! +- self.copy_skeleton() ++ self.copy_skeleton(uid, gid) + if options.add_package_includes: + # need to copy ZCML differently since it's not in the skeleton: + import __main__ +@@ -129,6 +136,18 @@ + os.path.dirname(os.path.realpath(__main__.__file__))) + shutil.copy2(os.path.join(swhome, "securitypolicy.zcml"), + os.path.join(options.destination, "etc")) ++ ++ os.symlink(os.path.join(options.destination, 'lib/python'), \ ++ os.path.join(options.destination, 'Products')) ++ ++ if options.layout == 'fhs': ++ self.movedir(os.path.join(options.destination, 'etc'), ++ os.path.join('/etc/zope3', os.path.basename(options.destination)), ++ uid, gid) ++ self.movedir(os.path.join(options.destination, 'log'), ++ os.path.join('/var/log/zope3', os.path.basename(options.destination)), ++ uid, gid) ++ + return 0 + + def get_skeltarget(self): +@@ -205,7 +224,7 @@ + self.need_blank_line = False + print message + +- def copy_skeleton(self): ++ def copy_skeleton(self, uid, gid): + options = self.options + # TODO we should be able to compute the script + script = os.path.abspath(sys.argv[0]) +@@ -222,17 +241,19 @@ + ("<>", options.destination), + ("<>", zope_home), + ("<>", software_home), ++ ("<>", options.srvuser.split(":")[0]), ++ ("<>", options.srvport), + ] +- self.copytree(self.options.skeleton, self.options.destination) ++ self.copytree(self.options.skeleton, self.options.destination, uid, gid) + if options.zserver: + self.copytree( + os.path.join(os.path.dirname(zope.app.server.__file__), + 'zopeskel'), +- self.options.destination, ++ self.options.destination, uid, gid, + ) + + +- def copytree(self, src, dst): ++ def copytree(self, src, dst, uid, gid): + # Similar to shutil.copytree(), but doesn't care about + # symlinks, doesn't collect errors, and uses self.copyfile() + # instead of shutil.copy2(). +@@ -246,12 +267,13 @@ + if os.path.isdir(srcname): + if not os.path.exists(dstname): + os.mkdir(dstname) +- self.copytree(srcname, dstname) ++ os.chown(dstname, uid, gid) ++ self.copytree(srcname, dstname, uid, gid) + else: +- self.copyfile(srcname, dstname) ++ self.copyfile(srcname, dstname, uid, gid) + # There shouldn't be any need to deal with devices, sockets etc. + +- def copyfile(self, src, dst): ++ def copyfile(self, src, dst, uid, gid): + if dst.endswith(".in"): + dst = dst[:-3] + text = open(src, "rU").read() +@@ -279,6 +301,40 @@ + shutil.copystat(src, dst) + else: + shutil.copy2(src, dst) ++ os.chown(dst, uid, gid) ++ ++ def movedir(self, sourcedir, targetdir, uid, gid): ++ try: ++ os.makedirs(os.path.dirname(targetdir)) ++ if uid is not None: ++ os.chown(os.path.dirname(targetdir), uid, gid) ++ except: ++ pass ++ if not os.path.isdir(targetdir): ++ shutil.move(sourcedir, targetdir) ++ elif os.path.islink(sourcedir): ++ return ++ else: ++ import glob ++ for src in glob.glob(sourcedir + '/*') + glob.glob(targetdir + '/.*'): ++ base = os.path.basename(src) ++ target = os.path.join(targetdir, base) ++ if os.path.exists(target): ++ backup = target + '.old' ++ if os.path.exists(backup): ++ if os.path.isdir(backup): ++ shutil.rmtree(backup, ignore_errors=True) ++ else: ++ os.unlink(backup) ++ os.rename(target, backup) ++ shutil.move(src, target) ++ shutil.rmtree(sourcedir, ignore_errors=True) ++ if uid is not None: ++ os.chown(targetdir, uid, gid) ++ for root, dirs, files in os.walk(targetdir): ++ for name in files + dirs: ++ os.chown(os.path.join(root, name), uid, gid) ++ os.symlink(targetdir, sourcedir) + + SKELTARGET_MESSAGE = """\ + Please choose a directory in which you'd like to install Zope +@@ -318,6 +374,12 @@ + " to be used for encode the password")) + p.add_option("-u", "--user", dest="username", metavar="USER:PASSWORD", + help="set the user name and password of the initial user") ++ p.add_option("-l", "--layout", dest="layout", metavar="LAYOUT", default='zope', ++ help="layout to use while copying the skeleton files (`fhs' or `zope')") ++ p.add_option("", "--service-user", dest="srvuser", metavar="USER:GROUP", default='zope:zope', ++ help="system user to be used to run the instance (default is zope:zope)") ++ p.add_option("", "--service-port", dest="srvport", metavar="PORT", default='9673', ++ help="HTTP port used to run this instance") + p.add_option("--non-interactive", dest="interactive", action="store_false", + default=True, help="do no interactive prompting") + p.add_option("--zserver", dest="zserver", action="store_true", +@@ -346,4 +408,6 @@ + options.password = None + if options.username and ":" in options.username: + options.username, options.password = options.username.split(":", 1) ++ if options.srvuser.count(":") != 1: ++ p.error("service user must be specified as user:group") + return options +diff -urN zope3-3.2.1/z/Zope/zopeskel/etc/zdaemon.conf.in zope3-3.2.1.debian/z/Zope/zopeskel/etc/zdaemon.conf.in +--- zope3-3.2.1/z/Zope/zopeskel/etc/zdaemon.conf.in 2004-08-05 19:10:05.000000000 +0000 ++++ zope3-3.2.1.debian/z/Zope/zopeskel/etc/zdaemon.conf.in 2006-01-15 18:27:38.000000000 +0000 +@@ -1,4 +1,5 @@ + %define INSTANCE <> ++%define ZOPE_USER <> + %define LOGDIR $INSTANCE/log + + +@@ -19,6 +20,9 @@ + # + transcript $LOGDIR/transcript.log + ++ # The user to be used to run this instance ++ user $ZOPE_USER ++ + + + +@@ -26,9 +30,13 @@ + # output (STDOUT). The "path" setting can be a relative or absolute + # filesystem path or the tokens STDOUT or STDERR. + +- +- path $LOGDIR/z3.log +- ++ # This doesn't work: the log will be opened by zdrun.py before the ++ # process spawn, so the owner will be root (0755). The forked ++ # process will SUID to a different user and so won't be able to ++ # write on z3.log and will hang. Let's comment out these bad rows! ++ # ++ # path $LOGDIR/z3.log ++ # + + + path STDOUT +diff -urN zope3-3.2.1/z/Zope/zopeskel/etc/zope.conf.in zope3-3.2.1.debian/z/Zope/zopeskel/etc/zope.conf.in +--- zope3-3.2.1/z/Zope/zopeskel/etc/zope.conf.in 2005-12-11 20:15:15.000000000 +0000 ++++ zope3-3.2.1.debian/z/Zope/zopeskel/etc/zope.conf.in 2006-01-15 18:28:10.000000000 +0000 +@@ -1,6 +1,7 @@ + # This is the configuration file for the Zope Application Server. + + %define INSTANCE <> ++%define HTTPPORT <> + + %define CONFDIR $INSTANCE/etc + %define DATADIR $INSTANCE/var +@@ -19,7 +20,7 @@ + # Server: All Servers + + type HTTP +- address 8080 ++ address $HTTPPORT + + + # Ready to go HTTPS server. You just need to make sure OpenSSL is installed. --- zope3-3.2.1.orig/debian/patches/security-CVE-2009-066x.dpatch +++ zope3-3.2.1/debian/patches/security-CVE-2009-066x.dpatch @@ -0,0 +1,117 @@ +#! /bin/sh -e +## +## DP: Description: fix arbitrary code execution, authentication bypass, and denial of service +## DP: Patch: diff -Naur Zope-3.2.1/Dependencies/ZEO-Zope-3.2.1/ Zope-3.2.4/Dependencies/ZEO-Zope-3.2.4/ +## DP: Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540462 + +. $(dirname $0)/DPATCH + +@DPATCH@ +diff -Naur zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/auth/auth_digest.py zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/auth/auth_digest.py +--- zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/auth/auth_digest.py 2006-03-26 14:25:25.000000000 -0500 ++++ zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/auth/auth_digest.py 2009-10-13 13:54:08.000000000 -0400 +@@ -121,7 +121,7 @@ + check = hexdigest("%s:%s" % (h_up, challenge)) + if check == response: + self.connection.setSessionKey(session_key(h_up, self._key_nonce)) +- return self.finish_auth(check == response) ++ return self._finish_auth(check == response) + + extensions = [auth_get_challenge, auth_response] + +diff -Naur zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py +--- zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py 2006-03-26 14:25:26.000000000 -0500 ++++ zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py 2009-10-13 13:54:08.000000000 -0400 +@@ -98,7 +98,7 @@ + for func in self.extensions: + self._extensions[func.func_name] = None + +- def finish_auth(self, authenticated): ++ def _finish_auth(self, authenticated): + if not self.auth_realm: + return 1 + self.authenticated = authenticated +@@ -350,6 +350,7 @@ + + def new_oids(self, n=100): + """Return a sequence of n new oids, where n defaults to 100""" ++ n = min(n, 100) + if self.read_only: + raise ReadOnlyError() + if n <= 0: +diff -Naur zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/tests/auth_plaintext.py zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/tests/auth_plaintext.py +--- zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/tests/auth_plaintext.py 2006-03-26 14:25:25.000000000 -0500 ++++ zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/tests/auth_plaintext.py 2009-10-13 13:54:09.000000000 -0400 +@@ -41,7 +41,7 @@ + self.connection.setSessionKey(session_key(username, + self.database.realm, + password)) +- return self.finish_auth(dbpw == password_dig) ++ return self._finish_auth(dbpw == password_dig) + + class PlaintextClient(Client): + extensions = ["auth"] +diff -Naur zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/connection.py zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/connection.py +--- zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/connection.py 2006-03-26 14:25:26.000000000 -0500 ++++ zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/connection.py 2009-10-13 13:54:09.000000000 -0400 +@@ -22,7 +22,7 @@ + import ThreadedAsync + from ZEO.zrpc import smac + from ZEO.zrpc.error import ZRPCError, DisconnectedError +-from ZEO.zrpc.marshal import Marshaller ++from ZEO.zrpc.marshal import Marshaller, ServerMarshaller + from ZEO.zrpc.trigger import trigger + from ZEO.zrpc.log import short_repr, log + from ZODB.loglevels import BLATHER, TRACE +@@ -724,6 +724,7 @@ + def __init__(self, sock, addr, obj, mgr): + self.mgr = mgr + self.__super_init(sock, addr, obj, 'S') ++ self.marshal = ServerMarshaller() + self.obj.notifyConnected(self) + + def handshake(self): +diff -Naur zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/marshal.py zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/marshal.py +--- zope3-3.2.1.ori/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/marshal.py 2006-03-26 14:25:26.000000000 -0500 ++++ zope3-3.2.1/z/Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/marshal.py 2009-10-13 13:54:09.000000000 -0400 +@@ -53,6 +53,20 @@ + level=logging.ERROR) + raise + ++class ServerMarshaller(Marshaller): ++ ++ def decode(self, msg): ++ """Decodes msg and returns its parts""" ++ unpickler = cPickle.Unpickler(StringIO(msg)) ++ unpickler.find_global = server_find_global ++ ++ try: ++ return unpickler.load() # msgid, flags, name, args ++ except: ++ log("can't decode message: %s" % short_repr(msg), ++ level=logging.ERROR) ++ raise ++ + _globals = globals() + _silly = ('__doc__',) + +@@ -77,3 +91,19 @@ + return r + + raise ZRPCError("Unsafe global: %s.%s" % (module, name)) ++ ++def server_find_global(module, name): ++ """Helper for message unpickler""" ++ try: ++ if module != 'ZopeUndo.Prefix': ++ raise ImportError ++ m = __import__(module, _globals, _globals, _silly) ++ except ImportError, msg: ++ raise ZRPCError("import error %s: %s" % (module, msg)) ++ ++ try: ++ r = getattr(m, name) ++ except AttributeError: ++ raise ZRPCError("module %s has no global %s" % (module, name)) ++ ++ return r --- zope3-3.2.1.orig/debian/patches/DPATCH +++ zope3-3.2.1/debian/patches/DPATCH @@ -0,0 +1,16 @@ +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch}" + +if [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch $patch_opts -p1 < $0;; + -unpatch) patch $patch_opts -p1 -R < $0;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 --- zope3-3.2.1.orig/debian/patches/00list +++ zope3-3.2.1/debian/patches/00list @@ -0,0 +1,2 @@ +deb-zopeconf +security-CVE-2009-066x --- zope3-3.2.1.orig/debian/zopeZVER-sandbox.dzinstance.in +++ zope3-3.2.1/debian/zopeZVER-sandbox.dzinstance.in @@ -0,0 +1,7 @@ +Package: zope@ZVER@-sandbox +ZopeVersion: @ZVER@ +Name: sandbox +Addon-Mode: all +Addon-Technique: tree-linked +Restart-Policy: end +Port: 8031 --- zope3-3.2.1.orig/debian/compat +++ zope3-3.2.1/debian/compat @@ -0,0 +1 @@ +4 --- zope3-3.2.1.orig/debian/zopeZVER.prerm.in +++ zope3-3.2.1/debian/zopeZVER.prerm.in @@ -0,0 +1,20 @@ +#!/bin/sh -e + +zope=zope@ZVER@ + +dpkg -L zope@ZVER@ | + awk '$0~/\.py$/ {print $0"c\n" $0"o"}' \ + > /var/lib/$zope/_list_of_pyc_pyo_to_be_deleted_ + +case "$1" in + remove|failed-upgrade|upgrade|deconfigure) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- zope3-3.2.1.orig/debian/zopeZVER-sandbox.postinst.in +++ zope3-3.2.1/debian/zopeZVER-sandbox.postinst.in @@ -0,0 +1,7 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +#DEBHELPER# + +db_stop --- zope3-3.2.1.orig/debian/zopeZVER.default.in +++ zope3-3.2.1/debian/zopeZVER.default.in @@ -0,0 +1,23 @@ +# Zope default file +# ----------------- +# +# This file controls the start and the stop of ZEO servers and ZOPE instances +# with the init script provided by zope@ZVER@ package. +# +# The following variables should contain a space sperated list of ZEO server +# and ZOPE instance names which you want to start with the init script. +# Note that ZEO servers will be started _before_ any instance, and that's +# your responsability to check dependencies between ZEO servers and ZOPE +# instances. The order of the variables doesn't matter. +# +# ZEO servers are searched in /var/lib/zope@ZVER@/zeo, while ZOPE instances +# are searched in /var/lib/zope@ZVER@/instance. +# +# ALL means that you would like to start all servers/instances, NONE (or an +# empty value) means, well, none. + +# ZEO servers +ZEOSERVERS="ALL" + +# ZOPE instances +INSTANCES="ALL"