README.txt

Hotfix README.

Title: README.txt Subject: Publisher: No publisher Description: Hotfix README. Contributors: Effective_date: None Expiration_date: None Type: Document Format: text/plain Language: Rights: SafetyBelt: 1152132942.11

Hotfix-20060705 README

This hotfix corrects an information disclosure vulnerability in Zope2, due to Zope2's use of the docutils module to parse and render "restructured text".

Sites which allow untrusted users to create restructured text as through-the-web content should apply this hotfix.

The hotfix may be removed after upgrading to a version of Zope2 more recent than this hotfix.

Affected Versions

Zope 2.7.0 - 2.7.8
Zope 2.8.0 - 2.8.7
Zope 2.9.0 - 2.9.3

Installing the Hotfix

This hotfix is installed as a standard Zope2 product. The following examples assume that your Zope instance is located at '/var/zope/instance': please adjust according to your actual instance path. Also note that hotfix products are not intended for installation into the "software home" of your Zope.

Unpack the tarball / zipfile for the Hotfix into a temporary location:
```
          $ cd /tmp
          $ tar xzf ~/Hotfix_20060704.tar.gz
```
Copy or move the product directory from the unpacked directory to the Products directory of your Zope instance:
```
          $ cp -a /tmp/Hotfix_20060704/ /var/zope/instance/Products/
```

Restart Zope:

          $ /var/zope/instance/bin/zopectl restart

Uninstalling the Hotfix

After upgrading Zope to one of the fixed versions, you should remove this hotfix product from your Zope instance.

Remove the product directory from your instance 'Products':

          $ rm -rf /var/zope/instance/Products/Hotfix_20060704/

Restart Zope:

          $ /var/zope/instance/bin/zopectl restart

Comment

Zope instance not restarting

Posted by: bagt at 2006-07-12

Hi,

I have installed the Hotfix in my zope instance ( /home/mysite/Products ).

When I restart my zope instance, Zope shut down

EVENT.LOG

2006-07-12T17:38:51 INFO(0) PlacelessTranslationService Initialized: [plone-pt-br.po, plone-es-ar.po, plone-es-es.po, plone-zh-cn.po, plone-zh-hk.po, plone-zh-tw.po, plone-af.po, plone-bg.po, plone-ar.po, plone-ca.po, plone-da.po, plone-de.po, plone-cs.po, plone-el.po, plone-fa.po, plone-en.po, plone-eo.po, plone-es.po, plone-fi.po, plone-et.po, plone-eu.po, plone-fr.po, plone-he.po, plone-hr.po, plone-hu.po, plone-ja.po, plone-hy.po, plone-it.po, plone-ka.po, plone-ko.po, plone-lt.po, plone-nl.po, plone-nn.po, plone-no.po, plone-pl.po, plone-pt.po, plone-ro.po, plone-ru.po, plone-sk.po, plone-sv.po, plone-tr.po, plone-uk.po, plone-vi.po, 'plone-zh.po'] from /home/mysite/Products/PloneTranslations/i18n

------ 2006-07-12T17:38:51 INFO(0) Zope Ready to handle requests

2006-07-12T17:46:50 INFO(0) Z2 Caught signal SIGTERM ------ 2006-07-12T17:46:50 INFO(0) Z2 Shutting down fast ------ 2006-07-12T17:46:50 INFO(0) ZServer closing HTTP to new connections ------ 2006-07-12T17:46:50 INFO(0) ZServer closing FTP to new connections ------ 2006-07-12T17:46:50 INFO(0) ZServer closing HTTP to new connections ------ 2006-07-12T17:46:50 INFO(0) Zope Shutting down with exit code 0

If I delete the Hotfix folder and restart Zope, it's OK.

Thanks for your help.

Bagt

Replies to this comment

don't know a solution (not enough info in your traceback) (Posted by d2m at 2006-07-13)

Comment

Hotfix install pb.

Posted by: ABrenner at 2006-08-04

I have had an installation problem with this Hotfix product.

The details of my problem can be found under: http://www.zope.org/Collectors/Zope/2161

It looks similar to the problem reported on http://paste.plone.org/5124 and discussed on https://zope3.pov.lt/irclogs/%23zope3-dev.2006-07-08.log.html

If I can help any more, please ask me !

Best regards, Antoine