Tags:
create new tag
, view all tags

Hotfix 3 for TWiki 4.0.4

NOTE: This HotFix has been superceeded by a newer version, see TWiki-4.0.4 for latest HotFix

This third hotfix for TWiki-4.0.4 contains the fixes for the important Known Issues found since the release of TWiki-4.0.4

The idea is to provide a more customer friendly approach to providing fixes to the more urgent problems found between releases and provide a quick and easy way for a TWiki administrator to install the hotfix by simply downloading a zip or tgz file, unpack it and copy all the files on top of an existing running production site (a backup is as always recommended).

The Hotfixes are accumulated and contains all the fixes released in earlier Hotfix packages. So you only need to apply the latest Hotfix package to update your current TWiki installation.

Download and Apply the Hotfix

Download the package from either zip or tgz.

  • Download hotfix-4.0.4-3.tgz is best for Linux/Unix as it contains the correct file access rights
  • Download hotfix-4.0.4-3.zip is best for Windows or for a hosted environment where you prefer getting default file access rights.

To make it easy for all - the hotfix is a zip or tgz file with the files placed in the same directories as a normal twiki installation. Simply copy the files on top of the existing files.

On Unix/Linux you may need to re-apply the correct file access rights to the replaced files. See SettingFileAccessRightsLinuxUnix for a quick way to do this in general.

Note that the hotfix is accumulated. It contains all fixes from earlier hotfix releases. You do not need to apply any earlier hotfixes first. If you have already applied an earlier hotfix this is no problem. The same files will simply be over written again

Known Problems Resolved in this Hotfix

All bug fixes from Hotfix 4.0.4-1 and Hotfix 4.0.4-2

See HotFix04x00x04x01 and HotFix04x00x04x02 for detailed lists

Item 2565 - SEARCH parameter newline not documented.

Bugs:Item2565 - Important documentation update

File updated is data/TWiki/VarSEARCH.txt

Item 2631 - Reset Password does not work when $TWiki::cfg{MapUserToWikiName} = 0.

Bugs:Item2631 - When you had disabled MapUserToWikiName in configure, users could not reset their password. Configure says that MapUserToWikiName should be disabled when using simple Apache .htpasswd authentication. This bug had additional consequences. For example when using the actionnotify script in the ActionTrackerPlugin the script could not find the users email address (Bugs:Item2732). There are probably additional issues not yet reported which are cured with this fix.

File updated is lib/TWiki/Users/TWikiUserMapping.pm

Item 2684 - EditTablePlugin Don't complain on lock taken if taken by one self

Bugs:Item2684 - Users of EditTablePlugin would often experience that TWiki told them that a topic containing an edit table was already locked by themselves. This fix resolves this.

Files updated are lib/TWiki/Plugins/EditTablePlugin/Core.pm and data/TWiki/EditTablePlugin.txt

Item 2714 - SECURITY ISSUE! - Topics with ALLOWTOPICVIEW defined in "Edit Settings" (META) can be read by anyone with a specially crafted SEARCH.

Bugs:Item2714 - With TWiki 4 is became possible to set ALLOWTOPICVIEW hidden in META data of the topic. This is done via "More Topic Actions" > "Edit Settings". A bug makes it possible to make a search that bypass this protection when it is in META and read topic you otherwise would not have access to. This security hole and probably additional unknown exploits are plugged with this fix.

Files updated are:

lib/TWiki.pm
lib/TWiki/Access.pm
lib/TWiki/Func.pm
lib/TWiki/Prefs.pm
lib/TWiki/Prefs/Parser.pm
lib/TWiki/Prefs/PrefsCache.pm
lib/TWiki/Search.pm
lib/TWiki/Store.pm
lib/TWiki/Templates.pm
lib/TWiki/UI.pm
lib/TWiki/UI/Manage.pm

Note that some of these files contain other bugfixes as well.

Item 2758 - Updated TWiki.TWikiVariables so that the variable precedence includes both TWiki.TWikiPreferences and Main.TWikiPreferences

Bugs:Item2758 - This is a documentation only update.

File updated is data/TWiki/TWikiVariables.txt

Item 2780 - Rename to non wikiword name gives empty message

Bugs:Item2780 - The empty message confuses many users.

File updated are: templates/messages and lib/TWiki/UI/Manage.pm

Item 2806 - Security Alert CVE-2006-4294 - viewfile doesn't follow rules for mapping attachment names

Bugs:Item2806 - More detailed description at SecurityAlert-CVE-2006-4294

Files updated are: lib/TWiki/Sandbox.pm, lib/TWiki/UI/Upload.pm, and lib/TWiki/UI/View.pm

Item 2821 - Potential bugs from parsing settings in topics when the following line contains white space.

Bugs:Item2821 - No bugs have been reported related to this issue but potentially it is best to have this fixed.

File updated is: lib/TWiki/Prefs/Parser.pm

Item 2825 - Potential source of error related to code that checks access permissions.

Bugs:Item2825 - No bugs have been reported related to this issue but potentially it is best to have this fixed.

File updated is: lib/TWiki/Prefs/Func.pm

Item 2823 - SMTP recipient name format issue

Bugs:Item2823 - Some SMTP servers does not accept email addresses in the form "User Name <userid@domain>". This doesn't change the headers or body of the email being sent, just the format of the email address used in the SMTP protocol itself.

File updated is: lib/TWiki/Net.pm

Item 2829 - EditTablePlugin select drops selected item if cell has whitespace

Bugs:Item2829 - An update to the EditTablePlugin.

Files updated are: data/TWiki/EditTablePlugin.txt and lib/TWiki/Plugins/EditTablePlugin/Core.pm

Files Updated in this Hotfix

bin/.htaccess.txt
bin/configure
data/TWiki/
data/TWiki/EditTablePlugin.txt
data/TWiki/TWikiAccessControl.txt
data/TWiki/CommentPlugin.txt
data/TWiki/TWikiVariables.txt
data/TWiki/VarSEARCH.txt
data/TWiki/CommentPluginTemplate.txt
INSTALL.html
lib/TWiki.pm
lib/TWiki/
lib/TWiki/Prefs/
lib/TWiki/Prefs/PrefsCache.pm
lib/TWiki/Prefs/Parser.pm
lib/TWiki/Render.pm
lib/TWiki/Users/
lib/TWiki/Users/TWikiUserMapping.pm
lib/TWiki/Net.pm
lib/TWiki/Search.pm
lib/TWiki/UI.pm
lib/TWiki/Store/
lib/TWiki/Store/RcsFile.pm
lib/TWiki/UI/
lib/TWiki/UI/Upload.pm
lib/TWiki/UI/Save.pm
lib/TWiki/UI/Register.pm
lib/TWiki/UI/Manage.pm
lib/TWiki/UI/View.pm
lib/TWiki/Prefs.pm
lib/TWiki/If.pm
lib/TWiki/Templates.pm
lib/TWiki/Sandbox.pm
lib/TWiki/Store.pm
lib/TWiki/Access.pm
lib/TWiki/Plugins/
lib/TWiki/Plugins/EditTablePlugin/
lib/TWiki/Plugins/EditTablePlugin/Core.pm
lib/TWiki/Func.pm
pub/TWiki/
pub/TWiki/TWikiJavascripts/
pub/TWiki/TWikiJavascripts/twiki.js
templates/
templates/messages.tmpl
twiki_httpd_conf.txt

-- Contributors: KennethLavrsen - 06 Sep 2006

Discussion

Is there a SVN checkout that corresponds exactly to TWikiRelease04x00x04 HotFix 3? Thanks. M.

-- MartinCleaver - 11 Sep 2006

No. The hotfixes are created by a manual process where I continuously monitor the bugs that are opened and record them as hotfix candidates and when a fix is available I manually apply the fix as a patch after having tested them. I cannot simply take the files from SVN because in parallel there are many enhancements and bug fixes that are not yet tested and I do not want to include these in the hotfixes.

This also means that this method can only be applied for a limited period after a release. Then it becomes too difficult to apply the patches because they depend on other changes to the files.

I have considered a model where I create a hotfix branch on SVN where we can merge in the changes from the main branch. I just need a quick and safe way to create the package of only those files that have changed.

-- KennethLavrsen - 11 Sep 2006

Thanks for the answer. Maybe Vendor Branches http://svnbook.red-bean.com/en/1.1/ch07s05.html would be helpful?

-- MartinCleaver - 13 Sep 2006

Which of these require the file bin/.htaccess.txt and twiki_httpd_conf.txt to be updated? The others are listed twice: once in the summary and again against the specific Item.

-- MartinCleaver - 13 Sep 2006

Nevermind. I found it, in HotFix04x00x04x02 Bugs:Item2669 - Configure robustness update: I'd assumed that I'd be able to search this page for the filenames.

-- MartinCleaver - 13 Sep 2006

Following install of this hotfix I have a lib/TWiki/Users.pm with no finish subroutine (call added in the new lib/TWiki.pm) - is this a known issue? (Many apologies if this is the wrong place for this comment).

-- PeterDavies - 21 Sep 2006

Peter - none of the 4.0.4 hotfixes have included lib/TWiki/Users.pm. The Users.pm has included finish() even back in version 4.0.3.

-- KennethLavrsen - 22 Sep 2006

Aha - I must have jumped a version or two (looks like I was on 4.0.0) and got out of step versions. I'll go for a full upgrade. Thanks Kenneth.

-- PeterDavies - 22 Sep 2006

Topic attachments
I Attachment History Action Size Date Who Comment
Compressed Zip archivetgz hotfix-4.0.4-3.tgz r1 manage 250.0 K 2006-09-06 - 22:26 KennethLavrsen tgz of accumulated Hotfix 3 for TWiki-4.0.4
Compressed Zip archivezip hotfix-4.0.4-3.zip r1 manage 274.8 K 2006-09-06 - 22:27 KennethLavrsen Zipped accumulated Hotfix 3 for TWiki-4.0.4
Edit | Attach | Watch | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r12 - 2006-09-22 - PeterDavies
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.