r2546 - in zope2.13/trunk/debian/patches (1 file)

[mejo at users.alioth.debian.org]

    Date: Friday, October 28, 2011 @ 11:37:38
  Author: mejo
Revision: 2546

update Zope2-fix_serious_authentication_vulnerability.patch

Modified:
  zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch

Modified: zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
===================================================================
--- zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-28 11:33:18 UTC (rev 2545)
+++ zope2.13/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-28 11:37:38 UTC (rev 2546)
@@ -2,14 +2,54 @@
 Author: Zope Foundation and Contributors <zope-dev at zope.org>
 Last-Update: 2011-10-24
 
---- a/source/AccessControl/src/AccessControl/userfolder.py
-+++ b/source/AccessControl/src/AccessControl/userfolder.py
-@@ -355,6 +355,8 @@
-         """ returns true if domain auth mode is set to true"""
-         return getattr(self, '_domain_auth_mode', None)
+--- a/source/Zope2/doc/CHANGES.rst
++++ b/source/Zope2/doc/CHANGES.rst
+@@ -8,6 +8,7 @@
+ 2.13.11 (unreleased)
+ --------------------
  
++- Fixed serious authentication vulnerability in stock configuration.
+ 
+ 2.13.10 (2011-10-04)
+ --------------------
+--- a/source/Zope2/src/OFS/userfolder.py
++++ b/source/Zope2/src/OFS/userfolder.py
+@@ -293,6 +293,8 @@
+                 message='Cannot change the id of a UserFolder',
+                 action='./manage_main'))
+ 
 +InitializeClass(BasicUserFolder)
 +
  
- class UserFolder(BasicUserFolder):
+ class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder):
      """Standard UserFolder object
+--- a/source/Zope2/src/OFS/tests/test_userfolder.py
++++ b/source/Zope2/src/OFS/tests/test_userfolder.py
+@@ -17,7 +17,15 @@
+ # TODO class Test_readUserAccessFile(unittest.TestCase)
+ 
+ 
+-# TODO class BasicUserFoldertests(unittest.TestCase)
++class BasicUserFolderTests(unittest.TestCase):
++ 
++    def _getTargetClass(self):
++        from OFS.userfolder import BasicUserFolder
++        return BasicUserFolder
++ 
++    def test_manage_users_security_initialized(self):
++        uf = self._getTargetClass()()
++        self.assertTrue(hasattr(uf, 'manage_users__roles__'))
+ 
+ 
+ class UserFolderTests(unittest.TestCase):
+@@ -171,6 +179,8 @@
+ 
+ 
+ def test_suite():
+-    suite = unittest.TestSuite()
+-    suite.addTest(unittest.makeSuite(UserFolderTests))
++    suite = unittest.TestSuite((
++        unittest.makeSuite(BasicUserFolderTests),
++        unittest.makeSuite(UserFolderTests),
++    ))
+     return suite