r2546 - in zope2.13/trunk/debian/patches (1 file)
mejo at users.alioth.debian.org
mejo at users.alioth.debian.org
Fri Oct 28 11:37:39 UTC 2011
Date: Friday, October 28, 2011 @ 11:37:38
Author: mejo
Revision: 2546
update Zope2-fix_serious_authentication_vulnerability.patch
Modified:
zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
Modified: zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
===================================================================
--- zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch 2011-10-28 11:33:18 UTC (rev 2545)
+++ zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch 2011-10-28 11:37:38 UTC (rev 2546)
@@ -2,14 +2,54 @@
Author: Zope Foundation and Contributors <zope-dev at zope.org>
Last-Update: 2011-10-24
---- a/source/AccessControl/src/AccessControl/userfolder.py
-+++ b/source/AccessControl/src/AccessControl/userfolder.py
-@@ -355,6 +355,8 @@
- """ returns true if domain auth mode is set to true"""
- return getattr(self, '_domain_auth_mode', None)
+--- a/source/Zope2/doc/CHANGES.rst
++++ b/source/Zope2/doc/CHANGES.rst
+@@ -8,6 +8,7 @@
+ 2.13.11 (unreleased)
+ --------------------
++- Fixed serious authentication vulnerability in stock configuration.
+
+ 2.13.10 (2011-10-04)
+ --------------------
+--- a/source/Zope2/src/OFS/userfolder.py
++++ b/source/Zope2/src/OFS/userfolder.py
+@@ -293,6 +293,8 @@
+ message='Cannot change the id of a UserFolder',
+ action='./manage_main'))
+
+InitializeClass(BasicUserFolder)
+
- class UserFolder(BasicUserFolder):
+ class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder):
"""Standard UserFolder object
+--- a/source/Zope2/src/OFS/tests/test_userfolder.py
++++ b/source/Zope2/src/OFS/tests/test_userfolder.py
+@@ -17,7 +17,15 @@
+ # TODO class Test_readUserAccessFile(unittest.TestCase)
+
+
+-# TODO class BasicUserFoldertests(unittest.TestCase)
++class BasicUserFolderTests(unittest.TestCase):
++
++ def _getTargetClass(self):
++ from OFS.userfolder import BasicUserFolder
++ return BasicUserFolder
++
++ def test_manage_users_security_initialized(self):
++ uf = self._getTargetClass()()
++ self.assertTrue(hasattr(uf, 'manage_users__roles__'))
+
+
+ class UserFolderTests(unittest.TestCase):
+@@ -171,6 +179,8 @@
+
+
+ def test_suite():
+- suite = unittest.TestSuite()
+- suite.addTest(unittest.makeSuite(UserFolderTests))
++ suite = unittest.TestSuite((
++ unittest.makeSuite(BasicUserFolderTests),
++ unittest.makeSuite(UserFolderTests),
++ ))
+ return suite
More information about the pkg-zope-developers
mailing list