From d87cdb86090c105ceb48e3949a81bd9918e057b5 Mon Sep 17 00:00:00 2001 From: George Clark Date: Sun, 7 May 2017 19:21:55 -0400 Subject: [PATCH 1/7] Item13883: Clarify when the upgrade procedure is required. --- core/data/System/UpgradeGuide.txt | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/core/data/System/UpgradeGuide.txt b/core/data/System/UpgradeGuide.txt index d3d270c250..e669cba9c5 100644 --- a/core/data/System/UpgradeGuide.txt +++ b/core/data/System/UpgradeGuide.txt @@ -1,12 +1,19 @@ -%META:TOPICINFO{author="ProjectContributor" comment="" date="1493146093" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" comment="" date="1494199312" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% %STARTINCLUDE% ---+ Foswiki Upgrade Guide -This guide covers upgrading from a previous version of Foswiki to Foswiki 2.0 +This guide covers upgrading from a previous version of Foswiki to Foswiki 2.x. +
+%X% This upgrade procedure is used to upgrade a +to a new *major version* of Foswiki (1.x to 2.x) or from TWiki. Generally, upgrades of +a minor Foswiki version (2.0 to 2.1), or Foswiki patch releases (2.1.3 to 2.1.4) can be done by using the +=-upgrade-= version of the Foswiki package, and follow the Release Notes for the new +release.
+ %TOC% ---++ Overview @@ -22,7 +29,7 @@ If you are upgrading from TWiki to Foswiki, please refer to Foswiki:Support.Upgr * Before upgrading, a backup of your topics is strongly recommended. * Once the upgrade has been applied, an existing earlier installation will still be able to read all the topics, but should not be used to write. ----++ Upgrading to a new patch release +---++ Upgrading to a new patch or minor release To upgrade to a new patch release — for example, from Foswiki 1.1.0 to 1.1.2 — an upgrade package can be used that will not overwrite typical customizations. Unless otherwise stated in the release notes, we do not recommend upgrading between major or minor versions using the patch (For ex. 1.1.9 to 2.0). A re-installation is recommended. @@ -97,7 +104,7 @@ For patch releases you will find a brief upgrade procedure on the download page %T% If you use the Foswiki !PageCaching feature, be sure to refresh the cache after upgrading to a new Foswiki version. Visit your site with the Query parameter =?refresh=all= ----++ Upgrade procedure: upgrading to a new major or minor version +---++ Upgrade procedure: upgrading to a new major version The following is a high level view of the upgrade procedure: From 7d80b80a0726bbcd9ae1019f3c69e847dd373d60 Mon Sep 17 00:00:00 2001 From: George Clark Date: Sun, 7 May 2017 21:24:56 -0400 Subject: [PATCH 2/7] Item13883: Add some docs on checking the installation --- core/data/System/InstallationGuide.txt | 8 +++++++- core/data/System/UpgradeGuide.txt | 14 +++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/core/data/System/InstallationGuide.txt b/core/data/System/InstallationGuide.txt index 6a0d40a19b..0d197734e0 100644 --- a/core/data/System/InstallationGuide.txt +++ b/core/data/System/InstallationGuide.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1490124221" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494206626" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% ---+!! Installation Guide @@ -414,6 +414,12 @@ And the configuration can then be checked, with optional verbose output: tools/configure -check -verbose +File system permissions can also be checked for any of +={DataDir}=, ={LocalesDir}=, ={PubDir}=, ={ScriptDir}=, ={TemplateDir}=, ={ToolsDir}= and ={WorkingDir}=, for ex: + +tools/configure -check {DataDir} -method validate_permissions + + Configuration settings can be searched and queried as well: tools/configure -search Umask diff --git a/core/data/System/UpgradeGuide.txt b/core/data/System/UpgradeGuide.txt index e669cba9c5..57599d0a92 100644 --- a/core/data/System/UpgradeGuide.txt +++ b/core/data/System/UpgradeGuide.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" comment="" date="1494199312" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" comment="" date="1494206626" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% %STARTINCLUDE% ---+ Foswiki Upgrade Guide @@ -413,6 +413,18 @@ In your new installation, default copies of the following topics were installed: If you customized these topics in your old installation, transfer the changes to these topics in the new installation. Use the corresponding files in the =<oldwiki>/<old_system_web>/= directory as a reference. +---+++ Check your configuration and installation +Configure provides some tools to validate your installation. They should be +run as the web server userid: + +cd +sudo -u www-data tools/configure -check +sudo -u www-data perl tools/configure -check {DataDir} -method validate_permissions +sudo -u www-data perl tools/configure -check {PubDir} -method validate_permissions + ... also can be run on: + {LocalesDir} {ScriptDir} {TemplateDir} {ToolsDir} {WorkingDir} + + ---+++ Validate your Wiki applications and other key functionality Execute your test plan to validate the Wiki applications and other key functionality that need to be up and running after the upgrade. From 43d484c7e109f9a86da0bfb451314831a5d7cd1c Mon Sep 17 00:00:00 2001 From: George Clark Date: Sun, 7 May 2017 21:25:50 -0400 Subject: [PATCH 3/7] Item14392: Comment out empty DENY rules And any other unused ACLs. Add a bit of documentation to the ACLs as well including a note that restricting WikiGuest view of System web is advisable for public sites. --- core/data/Main/WebPreferences.txt | 13 +++++++------ core/data/Sandbox/WebPreferences.txt | 13 +++++++------ core/data/System/WebPreferences.txt | 7 +++++-- core/data/_default/WebPreferences.txt | 13 +++++++------ 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/core/data/Main/WebPreferences.txt b/core/data/Main/WebPreferences.txt index b218e1099a..af5c00519e 100644 --- a/core/data/Main/WebPreferences.txt +++ b/core/data/Main/WebPreferences.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1457197356" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494206626" format="1.1" version="1"}% %META:TOPICPARENT{name="WebHome"}% ---+!! %WEB% Web Preferences @@ -22,15 +22,16 @@ ---++ Access control Users or groups who are allowed to view, change and rename topics in the %WEB% web. Empty settings are not meaningful. -Use ==*== to indicate everyone including the guest users. DENY the WikiGuest user to restrict an action to authenticated (logged-in) users. +Remove the comment ==#== character to enable a settting. +Use ==*== to indicate everyone including the guest users. DENY the %USERSWEB%.WikiGuest user to restrict an action to authenticated (logged-in) users. If you intend to lock down the %USERSWEB% to only allow registration, you need to add the built in =RegistrationAgent= to the =ALLOWWEBCHANGE= setting. - * Set DENYWEBVIEW = - * Set ALLOWWEBVIEW = + * #Set DENYWEBVIEW = + * #Set ALLOWWEBVIEW = * Set DENYWEBCHANGE = %USERSWEB%.WikiGuest - * Set ALLOWWEBCHANGE = + * #Set ALLOWWEBCHANGE = * Set DENYWEBRENAME = %USERSWEB%.WikiGuest - * Set ALLOWWEBRENAME = + * #Set ALLOWWEBRENAME = If ={FeatureAccess}{AllowRaw}= is set to =acl= in configure, then the following rules can also be used: * #Set DENYWEBHISTORY = %USERSWEB%.WikiGuest diff --git a/core/data/Sandbox/WebPreferences.txt b/core/data/Sandbox/WebPreferences.txt index 4811578256..ec25d5f133 100644 --- a/core/data/Sandbox/WebPreferences.txt +++ b/core/data/Sandbox/WebPreferences.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1457197356" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494206626" format="1.1" version="1"}% ---+!! %WEB% Web Preferences %TOC% @@ -20,14 +20,15 @@ ---++ Access control Users or groups who are allowed to view, change and rename topics in the %WEB% web. Empty settings are not meaningful. -Use ==*== to indicate everyone including the guest users. DENY the WikiGuest user to restrict an action to authenticated (logged-in) users. +Remove the comment ==#== character to enable a settting. +Use ==*== to indicate everyone including the guest users. DENY the %USERSWEB%.WikiGuest user to restrict an action to authenticated (logged-in) users. - * Set DENYWEBVIEW = - * Set ALLOWWEBVIEW = + * #Set DENYWEBVIEW = + * #Set ALLOWWEBVIEW = * Set DENYWEBCHANGE = %USERSWEB%.WikiGuest - * Set ALLOWWEBCHANGE = + * #Set ALLOWWEBCHANGE = * Set DENYWEBRENAME = %USERSWEB%.WikiGuest - * Set ALLOWWEBRENAME = + * #Set ALLOWWEBRENAME = If ={FeatureAccess}{AllowRaw}= is set to =acl= in configure, then the following rules can also be used: * #Set DENYWEBHISTORY = %USERSWEB%.WikiGuest diff --git a/core/data/System/WebPreferences.txt b/core/data/System/WebPreferences.txt index 71e9b37793..acd1ca92a8 100644 --- a/core/data/System/WebPreferences.txt +++ b/core/data/System/WebPreferences.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1457496285" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494206626" format="1.1" version="1"}% %META:TOPICPARENT{name="WebHome"}% ---+!! %WEB% Web Preferences @@ -35,8 +35,11 @@ ---++ Access control -Users or groups who are allowed to view, change and rename topics in the %WEB% web +Users or groups who are allowed to view, change and rename topics in the %WEB% web. Public sites should consider denying %USERSWEB%.WikiGuest +view access on the System web to minimize search bot activity. Remove the comment ==#== character to enable a settting. Use ==*== to indicate everyone including the guest users. + * #Set DENYWEBVIEW = %USERSWEB%.WikiGuest + * #Set ALLOWWEBVIEW = * Set ALLOWWEBCHANGE = %USERSWEB%.AdminGroup * Set ALLOWWEBRENAME = %USERSWEB%.AdminGroup diff --git a/core/data/_default/WebPreferences.txt b/core/data/_default/WebPreferences.txt index 984c1da365..8463cfbd54 100644 --- a/core/data/_default/WebPreferences.txt +++ b/core/data/_default/WebPreferences.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1457197356" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494206626" format="1.1" version="1"}% ---+!! %WEB% Web Preferences %TOC% @@ -28,13 +28,14 @@ ---++ Access control Users or groups who are allowed to view, change and rename topics in the %WEB% web. Empty settings are not meaningful. -Use ==*== to indicate everyone including the guest users. DENY the WikiGuest user to restrict an action to authenticated (logged-in) users. +Remove the comment ==#== character to enable a settting. +Use ==*== to indicate everyone including the guest users. DENY the %USERSWEB%.WikiGuest user to restrict an action to authenticated (logged-in) users. - * Set DENYWEBVIEW = - * Set ALLOWWEBVIEW = - * Set DENYWEBCHANGE = + * #Set DENYWEBVIEW = + * #Set ALLOWWEBVIEW = + * #Set DENYWEBCHANGE = * Set ALLOWWEBCHANGE = %USERSWEB%.AdminGroup - * Set DENYWEBRENAME = + * #Set DENYWEBRENAME = * Set ALLOWWEBRENAME = %USERSWEB%.AdminGroup If ={FeatureAccess}{AllowRaw}= is set to =acl= in configure, then the following rules can also be used: From e7ff161697de104d62123bd925e89ff3a843f326 Mon Sep 17 00:00:00 2001 From: George Clark Date: Mon, 8 May 2017 23:11:36 -0400 Subject: [PATCH 4/7] Item13883: Wrong package names for Centos dependencies --- core/data/System/SystemRequirements.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/core/data/System/SystemRequirements.txt b/core/data/System/SystemRequirements.txt index b33e72eedf..1070995732 100644 --- a/core/data/System/SystemRequirements.txt +++ b/core/data/System/SystemRequirements.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1460213988" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494299493" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% ---+ System Requirements @@ -129,14 +129,17 @@ Install apache2, rcs, and perl-CPAN | JSON | =perl-JSON= | | | Locale::Language | =perl-Locale-Codes= | | | Locale::Maketext | =perl-Locale-Maketext= | | -| Locale::Maketext::Lexicon | =perl-Locale-Maketext-Lexicon= | Optional, needed for internationalization | -| Locale::Msgfmt | =perl-Locale-Msgfmt= | Optional, needed for internationalization | +| Locale::Maketext::Lexicon | =perl-Locale-Maketext-Lexicon= | Optional, needed for internationalization ** | +| Locale::Msgfmt | =perl-Locale-Msgfmt= | Optional, needed for internationalization ** | | LWP | =perl-libwww-perl= | | -| LWP::Protocol::https | =perl-liblwp-protocol-https= | | +| LWP::Protocol::https | =perl-LWP-Protocol-https= | | | URI | =perl-URI= | | -| version | =perl-Perl-Version= | Must be version 0.77 or newer, included with perl 5.10.1 and newer. | +| version | =perl-version= | Must be version 0.77 or newer, included with perl 5.10.1 and newer. | ---+++++!! To install the above packages on CentOS +Note, =Locale::Maketext::Lexicon= and =Locale::Msgfmt= are not available on +Centos. Install using CPAN if Internationalization is required. + First add the appropriate perl module repository, and then install the packages.
=yum install -y epel-release= %BR% From 8ecb5f6c0fcd7dd0681d8348407f67b3a42f874e Mon Sep 17 00:00:00 2001 From: George Clark Date: Thu, 11 May 2017 21:35:09 -0400 Subject: [PATCH 5/7] Item14396: Don't use relative paths in redirect location: --- UnitTestContrib/test/unit/ClientTests.pm | 12 ++++++++---- UnitTestContrib/test/unit/RenameTests.pm | 1 + core/lib/Foswiki/Response.pm | 11 +++++++++++ 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/UnitTestContrib/test/unit/ClientTests.pm b/UnitTestContrib/test/unit/ClientTests.pm index 71ba62675e..3f3c02f74e 100644 --- a/UnitTestContrib/test/unit/ClientTests.pm +++ b/UnitTestContrib/test/unit/ClientTests.pm @@ -213,8 +213,10 @@ sub verify_sudo_login { $this->{session} ->getScriptUrl( 0, $script, $this->{test_web}, $this->{test_topic} ); $this->assert_matches( qr/^302/, $this->{session}->{response}->status() ); - $this->assert_matches( qr/^$surly/, - $this->{session}->{response}->headers()->{Location} ); + $this->assert_matches( + qr/^$Foswiki::cfg{DefaultUrlHost}$surly/, + $this->{session}->{response}->headers()->{Location} + ); # Verify that old crypted password works $crypted = crypt( $secret, "12" ); @@ -240,8 +242,10 @@ sub verify_sudo_login { $this->{session} ->getScriptUrl( 0, $script, $this->{test_web}, $this->{test_topic} ); $this->assert_matches( qr/^302/, $this->{session}->{response}->status() ); - $this->assert_matches( qr/^$surly/, - $this->{session}->{response}->headers()->{Location} ); + $this->assert_matches( + qr/^$Foswiki::cfg{DefaultUrlHost}$surly/, + $this->{session}->{response}->headers()->{Location} + ); return; } diff --git a/UnitTestContrib/test/unit/RenameTests.pm b/UnitTestContrib/test/unit/RenameTests.pm index 1575780a1f..3f6c281b30 100644 --- a/UnitTestContrib/test/unit/RenameTests.pm +++ b/UnitTestContrib/test/unit/RenameTests.pm @@ -1376,6 +1376,7 @@ THIS . $Foswiki::cfg{ScriptSuffix} . '/'; $ss = $Foswiki::cfg{ScriptUrlPaths}{view} . '/' if ( defined $Foswiki::cfg{ScriptUrlPaths}{view} ); + $ss = $Foswiki::cfg{DefaultUrlHost} . $ss; $this->assert_matches( qr([lL]ocation:\s+$ss$this->{test_web}/UpperCase)s, $text ); $this->check( $this->{test_web}, 'UpperCase', $topicObject, <<'THIS', 100 ); diff --git a/core/lib/Foswiki/Response.pm b/core/lib/Foswiki/Response.pm index 5a93329883..ebbf5c1b74 100644 --- a/core/lib/Foswiki/Response.pm +++ b/core/lib/Foswiki/Response.pm @@ -410,6 +410,17 @@ sub redirect { ) if DEBUG; return if ( $status && $status !~ /^\s*3\d\d.*/ ); +# Per https://tools.ietf.org/html/rfc3875#section-6.2.2, if the CGI script returns +# a local path, it must not provide any other headers, such as cookies. So make sure +# the location is an absolute location. + unless ( $url =~ m{^https?://}i ) { + my $base = + ( $Foswiki::cfg{ForceDefaultUrlHost} ) + ? $Foswiki::cfg{DefaultUrlHost} + : $Foswiki::Plugins::SESSION->{request}->url( base => 1, full => 1 ); + $url = $base . $url; + } + my @headers = ( -Location => $url ); push @headers, '-Status' => $status; push @headers, '-Cookie' => $cookies if $cookies; From 93b6527737e77f611b528343c12ac652c8eb444b Mon Sep 17 00:00:00 2001 From: George Clark Date: Thu, 11 May 2017 21:36:47 -0400 Subject: [PATCH 6/7] Item13883: Preparing for another release. --- core/data/System/ReleaseNotes02x01.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/data/System/ReleaseNotes02x01.txt b/core/data/System/ReleaseNotes02x01.txt index 4e5235bc53..f55901f15c 100644 --- a/core/data/System/ReleaseNotes02x01.txt +++ b/core/data/System/ReleaseNotes02x01.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1493948714" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494553001" format="1.1" version="1"}% %META:TOPICPARENT{name="ReleaseHistory"}% ---+!! Foswiki Release 2.1.4-RC1 @@ -502,10 +502,13 @@ Foswiki thanks the Translators for their efforts. If you are interesting in hel | [[%BUGS%/Item14366][Item14366]] | =use CGI::Carp= in bin scripts BEGIN block cannot be found via LocalLib.cfg override. | | [[%BUGS%/Item14368][Item14368]] | Failure to handle edge cases leads to obscure bug in RCS. | | [[%BUGS%/Item14369][Item14369]] | Document parameters for USERNAME, WIKINAME and WIKIUSERNAME macros. | +| [[%BUGS%/Item14370][Item14370]] | Foswiki::Func::removeUserFromGroup docmentation is incorrect. | | [[%BUGS%/Item14372][Item14372]] | JQueryPlugin ui-draggable got dropped from Config.spec. | | [[%BUGS%/Item14377][Item14377]] | Error message requires some encoding. | | [[%BUGS%/Item14381][Item14381]] | mod_perl unexpectedly decodes the URI, and X-FoswikiURI header should be debug only. | | [[%BUGS%/Item14388][Item14388]] | NatEditPlugin does not honor the ScriptSuffix setting, and doesn't accommodate short URLs. | +| [[%BUGS%/Item14392][Item14392]] | WebPreferences topics contain empty DENY rules that would be honored if ={AccessControlACL}{EnableDeprecatedEmptyDeny}= is enabled. | +| [[%BUGS%/Item14396][Item14396]] | Don't redirect to relative paths. 302 redirects should be absolute Locations. | From f38555ddbcf795e79fbab4726c2bd1687908a67d Mon Sep 17 00:00:00 2001 From: George Clark Date: Thu, 11 May 2017 21:42:40 -0400 Subject: [PATCH 7/7] Item13883: Prepare for another release --- core/data/System/ReleaseHistory.txt | 8 ++++++-- core/data/System/ReleaseNotes02x01.txt | 6 +++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/core/data/System/ReleaseHistory.txt b/core/data/System/ReleaseHistory.txt index b323a28c5d..01e1fec4ff 100644 --- a/core/data/System/ReleaseHistory.txt +++ b/core/data/System/ReleaseHistory.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1493948714" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494553358" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% History of Foswiki %STARTINCLUDE% @@ -7,7 +7,11 @@ History of Foswiki ---+ Appendix A: Foswiki Development Time-line %TOC% ----++ Foswiki Release 2.1.4-Beta1 - 4 May 2017 +---++ Foswiki Release 2.1.4-RC2 - 13 May 2017 + +Foswiki 2.1.4-RC2 was built on 13 May 2017. It is a release that contains 24 fixes. + +---++ Foswiki Release 2.1.4-RC1 - 4 May 2017 Foswiki 2.1.4-RC1 was built on 04 May 2017. It is a release that contains 21 fixes. diff --git a/core/data/System/ReleaseNotes02x01.txt b/core/data/System/ReleaseNotes02x01.txt index f55901f15c..40594ea3ad 100644 --- a/core/data/System/ReleaseNotes02x01.txt +++ b/core/data/System/ReleaseNotes02x01.txt @@ -1,6 +1,6 @@ -%META:TOPICINFO{author="ProjectContributor" date="1494553001" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1494553358" format="1.1" version="1"}% %META:TOPICPARENT{name="ReleaseHistory"}% ----+!! Foswiki Release 2.1.4-RC1 +---+!! Foswiki Release 2.1.4-RC2 %TWISTY{showlink="Table of Contents..." hidelink="hide TOC"}% %TOC% @@ -55,7 +55,7 @@ Foswiki is released under the GNU General Public License. * Foswiki 2.1.1 was built on 30 Apr 2016. It is a release that contains 36 fixes and 21 enhancements. * Foswiki 2.1.2 was built on 2 May 2016. It is a release that contains 1 fix. * Foswiki 2.1.3 was built on 12 Feb 2017. It is a release that contains 68 fixes and 21 enhancements. - * Foswiki 2.1.4-RC1 was built on 04 May 2017. It is a release that contains 21 fixes. + * Foswiki 2.1.4-RC2 was built on 13 May 2017. It is a release that contains 24 fixes. ---++ Pre-installed Extensions