Ubuntu
zope3 package

zope3 fails on start-up in jaunty

Bug #356137 reported by Henning Eggers
2
Affects Status Importance Assigned to Milestone
zope3 (Ubuntu)
Fix Released
Undecided
Marc Deslauriers

Bug Description

Binary package hint: zope3

Description: Ubuntu jaunty (development branch)
Release: 9.04

After upgrading to Jaunty beta, zope3 won't start anymore. I even purged and re-installed zope3 and zope3-sandbox but when I try to start it, the init script just fails:

 * Zope3: starting sandbox instance [fail]

I cannot find any error output. /var/log/zope3/sandbox is empty apart from the README.txt.

Is Zope 3 known to run on either pyhton 2.5. or 2.6?

zope3:
  Installed: 3.4.0-0ubuntu3
  Candidate: 3.4.0-0ubuntu3
  Version table:
 *** 3.4.0-0ubuntu3 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

zope3-sandbox:
  Installed: 3.4.0-0ubuntu3
  Candidate: 3.4.0-0ubuntu3
  Version table:
 *** 3.4.0-0ubuntu3 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

CVE References

Revision history for this message
Matthias Klose (doko) wrote :

zope3 was removed from karmic; closing this report as won't fix.

Changed in zope3 (Ubuntu):
status: New → Won't Fix
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

zope3 is currently broken in Jaunty. Here are the steps to reproduce:

- apt-get install zope3
- run /usr/lib/zope3/bin/mkzopeinstance -d /var/lib/zope3/instance/testinstance -u adminuser:adminpass
- run /etc/init.d/zope3 start

It looks like the /var/lib/zope3/instance/testinstance/etc/zdaemon.conf file is being filled with:

define ZOPE_USER zope

instead of

%define ZOPE_USER zope

summary: - zope3 fails on start-up
+ zope3 fails on start-up in jaunty
Changed in zope3 (Ubuntu):
status: Won't Fix → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

from debian/patches/deb-zopeconf.dpatch:

--- zope3-3.4.0~c1/z/Zope/zopeskel/etc/zdaemon.conf.in 2006-01-11 17:42:09.0000
00000 +0100
+++ zope3-3.4.0~c1.debian/z/Zope/zopeskel/etc/zdaemon.conf.in 2008-03-19 10:53
:18.000000000 +0100
@@ -1,4 +1,5 @@
 %define INSTANCE <<INSTANCE_HOME>>
+define ZOPE_USER <<ZOPE_USER>>
 %define LOGDIR $INSTANCE/log
 %define DATADIR $INSTANCE/var

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I'll include the fix in my security update.

Changed in zope3 (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package zope3 - 3.4.0-0ubuntu3.3

---------------
zope3 (3.4.0-0ubuntu3.3) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via ZEO network protocol
    - debian/patches/security-CVE-2009-066x.dpatch: introduce
      ServerMarshaller() and server_find_global() in
      Dependencies/ZEO-Zope-3.4.0/ZEO/zrpc/{marshal.py,connection.py}.
    - CVE-2009-0668
  * SECURITY UPDATE: authentication bypass via ZEO network protocol
    - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
      private in Dependencies/ZEO-Zope-3.4.0/ZEO/{auth/auth_digest.py,
      StorageServer.py, tests/auth_plaintext.py}.
    - CVE-2009-0669
  * SECURITY UPDATE: denial of service via too many new object identifiers
    - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
      in Dependencies/ZEO-Zope-3.4.0/ZEO/StorageServer.py.
    - No CVE
  * debian/patches/deb-zopeconf.dpatch: fix typo so ZOPE_USER is properly
    defined. (LP: #356137)

 -- Marc Deslauriers <email address hidden> Tue, 13 Oct 2009 13:39:22 -0400

Changed in zope3 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.