[FFe] Update zodb to 1:3.8.3-1 from Debian unstable (main)

zodb is currently uninstallable in karmic as it has a dependency on python2.3 (bug #412880). The changes necessary for it could probably be backported to the version currently in karmic (based on the changelog entries) but the new version fixes three CVEs so it would be good to have it in.

As the zodb package in Debian unstable contains a bashism in debian/rules an Ubuntu delta is necessary, but it's already forwarded to Debian as bug 545150.

Making the package installable again is also needed to remove the zope3 dependency in gaphor (bug #144377) as one of the dependencies needs python-zodb (zope3 is scheduled for removal (a removal bug is already filed)).

Debian changelog:

zodb (1:3.8.3-1) unstable; urgency=low

  * New upstream release.

 -- Fabio Tranchitella <email address hidden> Wed, 02 Sep 2009 07:19:54 +0200

zodb (1:3.8.2-2) unstable; urgency=low

  * Get rid of the python2.3 dependency patching the ZEO and ZODB scripts to
    not hardcode python2.3. (Closes: #541972)

 -- Fabio Tranchitella <email address hidden> Sat, 29 Aug 2009 16:03:01 +0200

zodb (1:3.8.2-1) unstable; urgency=high

  * New upstream release, fixes security issues. (Closes: #540465)
  * Standards-Version: 3.8.3, no changed required.
  * A rebuild is enough to get rid of the python2.3 dependency.
    (Closes: #541972)

 -- Fabio Tranchitella <email address hidden> Fri, 28 Aug 2009 11:06:03 +0200

Upstream changelog:

Whats new in ZODB 3.8.3
=======================

New Feature:

- There's a new utility script, strip_versions that strips version
  data from storages. This is needed to prepare databases containing
  version records for using ZODB 3.9, which no-longer supports
  versions.

Bugs Fixed:

- CVE-2009-2701: Fixed a vulnerability in ZEO storage servers when
  blobs are available. Someone with write access to a ZEO server
  configured to support blobs could read any file on the system
  readable by the server process and remove any file removable by the
  server process.

- Fixed ``NameError`` in cases where a directory cannot be created,
  e.g. when the necessary permissions are missing.

- Fixed a pack test that was not compatible with storages that always
  return an object count of 0.

- Calling __setstate__ on a persistent object could under certain
  uncommon cause the process to crash.

Whats new in ZODB 3.8.2
=======================

Bugs Fixed:

- Fixed vulnerabilities in the ZEO network protocol that allow:

  - CVE-2009-0668 Arbitrary Python code execution in ZODB ZEO storage servers
  - CVE-2009-0669 Authentication bypass in ZODB ZEO storage servers

  The vulnerabilities only apply if you are using ZEO to share a
  database among multiple applications or application instances and if
  untrusted clients are able to connect to your ZEO servers.

- Limit the number of object ids that can be allocated at once to
  avoid running out of memory.

Diffstat for the debdiff:

 NEWS.txt | 44 +++++++++++
 PKG-INFO | 46 ++++++++++++
 debian/changelog | 28 +++++++
 debian/control | 5 -
 debian/rules | 8 ++
 setup.py | 4 -
 src/ZEO/StorageServer.py | 15 +++-
 src/ZEO/auth/auth_digest.py | 2
 src/ZEO/scripts/zeoserverlog.py | 10 +-
 src/ZEO/tests/auth_plaintext.py | 2
 src/ZEO/tests/testZEO.py | 59 +--------------
 src/ZEO/zrpc/connection.py | 3
 src/ZEO/zrpc/marshal.py | 32 ++++++++
 src/ZODB/blob.py | 2
 src/ZODB/scripts/strip_versions.py | 110 +++++++++++++++++++++++++++++
 src/ZODB/scripts/strip_versions.test | 119 ++++++++++++++++++++++++++++++++
 src/ZODB/scripts/tests.py | 7 +
 src/ZODB/tests/PackableStorage.py | 3
 src/ZODB3.egg-info/PKG-INFO | 46 ++++++++++++
 src/ZODB3.egg-info/SOURCES.txt | 2
 src/ZODB3.egg-info/entry_points.txt | 1
 src/persistent/cPersistence.c | 54 +++++++-------
 src/persistent/tests/test_persistent.py | 25 +++++-
 23 files changed, 527 insertions(+), 100 deletions(-)