diff -pruN 2.11.2-1/debian/changelog 2.11.4-1/debian/changelog --- 2.11.2-1/debian/changelog 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/changelog 2009-08-12 20:21:47.000000000 +0100 @@ -1,3 +1,38 @@ +zope2.11 (2.11.4-1) unstable; urgency=high + + * New upstream release, fixes two vulnerabilities in the ZEO network + protocol: CVE-2009-0668 and CVE-2009-0669. (closes: #540463) + * Add support to start a particular instance to initscript. + * Bump pre-depends on zope-common to 0.5.49 and build-depends on debhelper + to 0.3.14 to use invoke-rc.d in maintainer scripts. (closes: #540158) + * Set urgency=high as this upload fixes two serious bugs. + + -- Jonas Meurer Sun, 09 Aug 2009 16:00:28 +0200 + +zope2.11 (2.11.3-1) unstable; urgency=low + + * New upstream release + * Minor improvement to the long description of zope2.11-sandbox. + (closes: #527030) + * Don't delete lib/python/pytz/LICENSE.txt as it is not provided any longer. + * Reorder targets and dependencies in debian/rules to actually fix + parallel building. Still disable parallel building for now, as suggested + by Lucas Nussbaum. (closes: #534013) + * Migrate from python-central to python-support: + - add debian/pyversions, remove debian/pycompat + - add depends on ${python:Depends} + - add pycentral cleanup code to debian/zopeZVER.preinst.in + * Exclude lib/python/RestrictedPython/tests and lib/python/mechanize from + byte-compiling with dh_pysupport, as both include code for python2.5+ that + fails to compile with python2.4. + * Bump standards-version to 3.8.2, no changes needed. + * Check for /etc/default/zope2.10 before including it in initscript. + * lintian cleanup: + - zopeZVER-sandbox.copyright.in: link to GPL-2 instead of GPL. + - *.{post|pre}{inst|rm}: use set -e instead of /bin/sh -e. + + -- Jonas Meurer Fri, 03 Jul 2009 14:42:22 +0200 + zope2.11 (2.11.2-1) unstable; urgency=low * New major upstream release. New source package. diff -pruN 2.11.2-1/debian/control 2.11.4-1/debian/control --- 2.11.2-1/debian/control 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/control 2009-08-12 20:21:47.000000000 +0100 @@ -3,8 +3,8 @@ Section: zope Priority: optional Maintainer: Debian/Ubuntu Zope Team Uploaders: Fabio Tranchitella , Jonas Meurer , Bernd Zeimetz -Build-Depends: debhelper (>= 5.0.0), python-central (>= 0.5.6), python2.4-dev (>= 2.4.3), python2.4, python, zope-debhelper (>= 0.3.6), lsb-release, dpatch -Standards-Version: 3.8.1 +Build-Depends: debhelper (>= 5.0.0), python-support (>= 0.5.3), python2.4-dev (>= 2.4.3), python2.4, python, zope-debhelper (>= 0.3.14), lsb-release, dpatch +Standards-Version: 3.8.2 XS-Python-Version: 2.4 Homepage: http://www.zope.org/ Vcs-Browser: http://svn.debian.org/wsvn/pkg-zope/zope2.11/trunk @@ -13,7 +13,7 @@ Vcs-Svn: svn://svn.debian.org/pkg-zope/z Package: zope2.11 Architecture: any Pre-Depends: zope-common (>= 0.5.21) -Depends: python2.4 (>= 2.4.3), python-tz, lsb-base, ${shlibs:Depends}, ${misc:Depends}, debconf | debconf-2.0 +Depends: python2.4 (>= 2.4.3), python-tz, lsb-base, ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, debconf | debconf-2.0 Provides: zope Suggests: python-unit, zope-book, zope-devguide XB-Python-Version: 2.4 @@ -39,7 +39,7 @@ Architecture: all Depends: ${zope:Depends}, ${misc:Depends}, debconf | debconf-2.0 Suggests: zope-book, zope-devguide Description: sandbox instance for the zope2.11 web application server - Package which creates a "sandbox" instance, getting all Zope + This package creates a "sandbox" instance, getting all Zope products and packages available which are installed as Debian packages. . The sandbox is usable for development and testing. For production diff -pruN 2.11.2-1/debian/pycompat 2.11.4-1/debian/pycompat --- 2.11.2-1/debian/pycompat 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/pycompat 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -2 diff -pruN 2.11.2-1/debian/pyversions 2.11.4-1/debian/pyversions --- 2.11.2-1/debian/pyversions 1970-01-01 01:00:00.000000000 +0100 +++ 2.11.4-1/debian/pyversions 2009-08-12 20:21:47.000000000 +0100 @@ -0,0 +1 @@ +2.4 diff -pruN 2.11.2-1/debian/rules 2.11.4-1/debian/rules --- 2.11.2-1/debian/rules 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/rules 2009-08-12 20:21:47.000000000 +0100 @@ -19,11 +19,6 @@ else endif CFLAGS = -Wall -g -INSTALL = install -INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644 -INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755 -INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755 -INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 @@ -33,10 +28,11 @@ endif ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s endif -ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) - NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) - MAKEFLAGS += -j$(NUMJOBS) -endif +# disable parallel building for now, as the package builds fast enough +# ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# MAKEFLAGS += -j$(NUMJOBS) +# endif # Include dpatch stuff. include /usr/share/dpatch/dpatch.make @@ -47,7 +43,7 @@ PACKAGE := zope$(ZVER) DEBIAN := $(shell pwd)/debian/$(PACKAGE) PYTHONVER := 2.4 PYTHONBIN := /usr/bin/python$(PYTHONVER) -ZBASE := Zope-2.11.2-final +ZBASE := Zope-2.11.4-final distribution := $(shell lsb_release -is) @@ -55,7 +51,7 @@ unpack: unpack-stamp unpack-stamp: tar xfz $(ZBASE).tgz mv $(ZBASE) z - touch unpack-stamp + touch $@ clean: unpatch dh_testdir @@ -64,23 +60,22 @@ clean: unpatch generated=`echo $$f | sed 's,.in$$,,;s,ZVER,$(ZVER),'`; \ rm -f $$generated $$generated.tmp; \ done - rm -f build-arch-stamp build-indep-stamp unpack-stamp rm -f -r build-base $(ZBASE) z - dh_clean + dh_clean unpack-stamp build-indep-stamp build-arch-stamp build: build-arch build-indep -build-arch: unpack-stamp patch-stamp build-arch-stamp -build-arch-stamp: +build-arch: build-arch-stamp +build-arch-stamp: unpack-stamp patch-stamp cd z && CFLAGS="$(CFLAGS)" ./configure \ --prefix=$(DEBIAN)/usr/lib/$(ZOPE) \ --with-python=$(PYTHONBIN) cd z && make - touch build-arch-stamp + touch $@ build-indep: build-indep-stamp build-indep-stamp: - touch build-indep-stamp + touch $@ install: install-indep install-arch @@ -141,24 +136,28 @@ install-arch: done # Remove duplicated license information, zope already is licensed under the ZPL - rm $(DEBIAN)/usr/lib/zope2.11/lib/python/zope/formlib/LICENSE.txt \ - $(DEBIAN)/usr/lib/zope2.11/lib/python/Products/Five/COPYING.txt \ - $(DEBIAN)/usr/lib/zope2.11/lib/python/pytz/LICENSE.txt + rm $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/zope/formlib/LICENSE.txt \ + $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/Products/Five/COPYING.txt # Remove zope documentation, as it is redundant - rm -fr $(DEBIAN)/usr/lib/zope2.11/doc + rm -fr $(DEBIAN)/usr/lib/$(ZOPE)/doc + + # Remove tests for python2.5 and python2.6, we don't use it anyway + #rm $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/RestrictedPython/tests/before_and_after25.py \ + # $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/RestrictedPython/tests/before_and_after26.py \ + # $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/RestrictedPython/tests/security_in_syntax26.py # Fix permissions for files - chmod 755 $(DEBIAN)/usr/lib/zope2.11/lib/python/DocumentTemplate/release.sh \ - $(DEBIAN)/usr/lib/zope2.11/lib/python/ZPublisher/Client.py \ - $(DEBIAN)/usr/lib/zope2.11/lib/python/ZPublisher/Test.py + chmod 755 $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/DocumentTemplate/release.sh \ + $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/ZPublisher/Client.py \ + $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/ZPublisher/Test.py - find $(DEBIAN)/usr/lib/zope2.11/lib/python -type f -a \ + find $(DEBIAN)/usr/lib/$(ZOPE)/lib/python -type f -a \ \( -name *.gif -o -name *.html -o -name *.dtml -o -name *.txt -o -name *.bat -o -name *.jpg \) -exec chmod 644 {} \; - chmod 644 $(DEBIAN)/usr/lib/zope2.11/bin/reindex_catalog.py \ - $(DEBIAN)/usr/lib/zope2.11/skel/import/README.txt \ - $(DEBIAN)/usr/lib/zope2.11/lib/python/Products/ZSQLMethods/Setup + chmod 644 $(DEBIAN)/usr/lib/$(ZOPE)/bin/reindex_catalog.py \ + $(DEBIAN)/usr/lib/$(ZOPE)/skel/import/README.txt \ + $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/Products/ZSQLMethods/Setup # Lintian overrides (images in /usr/lib) mkdir -p -m 0755 $(DEBIAN)/usr/share/lintian/overrides @@ -166,15 +165,15 @@ install-arch: $(DEBIAN)/usr/share/lintian/overrides/$(ZOPE) # use python-tz instead of shipping it - rm -fr $(DEBIAN)/usr/lib/zope2.11/lib/python/pytz + rm -fr $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/pytz # fix some of the lintian warnings rmdir $(DEBIAN)/usr/sbin - rm $(DEBIAN)/usr/lib/zope2.11/lib/python/docutils/svn-commit.tmp + rm $(DEBIAN)/usr/lib/$(ZOPE)/lib/python/docutils/svn-commit.tmp dh_installdocs -p$(ZOPE) z/README.txt dh_installexamples -p$(ZOPE) z/lib/python/Products/PageTemplates/examples/* - dh_pycentral -p$(ZOPE) /usr/lib/$(ZOPE) -V $(PYTHONVER) + dh_pysupport -p$(ZOPE) -V $(PYTHONVER) -Xlib/python/RestrictedPython/tests -Xlib/python/mechanize/_firefox3cookiejar.py /usr/lib/$(ZOPE) binary-common: dh_testdir diff -pruN 2.11.2-1/debian/zopeZVER.default.in 2.11.4-1/debian/zopeZVER.default.in --- 2.11.2-1/debian/zopeZVER.default.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.default.in 2009-08-12 20:21:47.000000000 +0100 @@ -15,6 +15,11 @@ # # ALL means that you would like to start all servers/instances, NONE (or an # empty value) means, well, none. +# +# The init script support to start particular servers/instances in case that +# either ZEOSERVER= or INSTANCE= is given to the init +# script as second argument. That feature works even if either of the +# ZEOSERVER/INSTANCES variable is set to NONE here. # ZEO servers ZEOSERVERS="ALL" diff -pruN 2.11.2-1/debian/zopeZVER.init.in 2.11.4-1/debian/zopeZVER.init.in --- 2.11.2-1/debian/zopeZVER.init.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.init.in 2009-08-12 20:21:47.000000000 +0100 @@ -16,16 +16,23 @@ ZVER=@ZVER@ [ -d /var/lib/zope$ZVER/instance -a -d /var/lib/zope$ZVER/zeo -a -d /usr/lib/zope$ZVER ] || exit 0 . /lib/lsb/init-functions -. /etc/default/zope$ZVER -if [ "$ZEOSERVERS" = "NONE" -o "$ZEOSERVERS" = "" ]; then +if [ -f "/etc/default/zope$ZVER" ]; then + . /etc/default/zope$ZVER +fi + +if [ -n "$2" -a "${2%ZEOSERVER=}" != "$2" ]; then + ZEOSERVERS="${2#ZEOSERVER=}" +elif [ "$ZEOSERVERS" = "NONE" -o "$ZEOSERVERS" = "" ]; then ZEOSERVERS='' log_warning_msg "Zope$ZVER: ZEO servers have been disabled, edit /etc/default/zope$ZVER to enable them." elif [ "$ZEOSERVERS" = "ALL" ]; then ZEOSERVERS='*' fi -if [ "$INSTANCES" = "NONE" -o "$INSTANCES" = "" ]; then +if [ -n "$2" -a "${2#INSTANCE=}" != "$2" ]; then + INSTANCES="${2#INSTANCE=}" +elif [ "$INSTANCES" = "NONE" -o "$INSTANCES" = "" ]; then INSTANCES='' log_warning_msg "Zope$ZVER: instances have been disabled, edit /etc/default/zope$ZVER to enable them." elif [ "$INSTANCES" = "ALL" ]; then @@ -82,7 +89,7 @@ case "$1" in ;; *) - echo "Usage: /etc/init.d/zope$ZVER {start|stop|restart|force-reload}" + echo "Usage: /etc/init.d/zope$ZVER {start|stop|restart|force-reload} [ZEOSERVER=|INSTANCE=]" exit 1 ;; esac diff -pruN 2.11.2-1/debian/zopeZVER.postinst.in 2.11.4-1/debian/zopeZVER.postinst.in --- 2.11.2-1/debian/zopeZVER.postinst.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.postinst.in 2009-08-12 20:21:47.000000000 +0100 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e . /usr/share/debconf/confmodule diff -pruN 2.11.2-1/debian/zopeZVER.postrm.in 2.11.4-1/debian/zopeZVER.postrm.in --- 2.11.2-1/debian/zopeZVER.postrm.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.postrm.in 2009-08-12 20:21:47.000000000 +0100 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e zope=zope@ZVER@ diff -pruN 2.11.2-1/debian/zopeZVER.preinst.in 2.11.4-1/debian/zopeZVER.preinst.in --- 2.11.2-1/debian/zopeZVER.preinst.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.preinst.in 2009-08-12 20:21:47.000000000 +0100 @@ -1,4 +1,6 @@ -#! /bin/sh -e +#!/bin/sh + +set -e # summary of how this script can be called: # * `install' @@ -11,6 +13,9 @@ case "$1" in if [ -h /usr/share/doc/zope@ZVER@ ]; then rm -f /usr/share/doc/zope@ZVER@ fi + if dpkg --compare-versions "$2" lt 2.11.3-1; then + pycentral pkgremove zope2.11 + fi ;; install) diff -pruN 2.11.2-1/debian/zopeZVER.prerm.in 2.11.4-1/debian/zopeZVER.prerm.in --- 2.11.2-1/debian/zopeZVER.prerm.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER.prerm.in 2009-08-12 20:21:47.000000000 +0100 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e zope=zope@ZVER@ diff -pruN 2.11.2-1/debian/zopeZVER-sandbox.copyright.in 2.11.4-1/debian/zopeZVER-sandbox.copyright.in --- 2.11.2-1/debian/zopeZVER-sandbox.copyright.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER-sandbox.copyright.in 2009-08-12 20:21:47.000000000 +0100 @@ -2,4 +2,4 @@ Copyright (C) 2005-2008 Fabio Tranchitel This package was created and released by the Debian Zope team, under the terms of the Gnu General Public License, version 2 or later. -See /usr/share/common-licenses/GPL for the full text of that license. +See /usr/share/common-licenses/GPL-2 for the full text of that license. diff -pruN 2.11.2-1/debian/zopeZVER-sandbox.postinst.in 2.11.4-1/debian/zopeZVER-sandbox.postinst.in --- 2.11.2-1/debian/zopeZVER-sandbox.postinst.in 2009-08-12 20:27:12.000000000 +0100 +++ 2.11.4-1/debian/zopeZVER-sandbox.postinst.in 2009-08-12 20:21:47.000000000 +0100 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e . /usr/share/debconf/confmodule Binary files 2.11.2-1/Zope-2.11.2-final.tgz and 2.11.4-1/Zope-2.11.2-final.tgz differ Binary files 2.11.2-1/Zope-2.11.4-final.tgz and 2.11.4-1/Zope-2.11.4-final.tgz differ