From parasew at gmail.com Sun Feb 18 16:40:21 2007 From: parasew at gmail.com (Matthias Tarasiewicz) Date: Sun, 18 Feb 2007 22:40:21 +0100 Subject: [Instiki-devel] current trunk on windows 98// rails on windows 98? Message-ID: <78ccd8360702181340t1d0b8c10v1876421ae1173172@mail.gmail.com> hi list, i just tried various tests on windows98 with ruby, instiki and so on. the current 0.11 version runs on windows98 without any problems. the current edge-version of instiki seems to have problems (see the attached production.log error) i found out, that the error might be related to an update after rails 1.1.2 http://forum.rubyonbr.org/forums/1/topics/216?page=2 so with 1.1.2 it should work. anyone knows if we can patch the current rails 1.2 to get it running on win98? or could maybe changing the session store fix our problem? feedback, please! -matthias -- production.log error output -- Invalid argument ? C:/WINDOWS/TEMP/ruby_sess.94f5988a51e2605c C:/RUBY/lib/ruby/1.8/pstore.rb:292:in `flock' C:/RUBY/lib/ruby/1.8/pstore.rb:292:in `transaction' C:/RUBY/lib/ruby/1.8/cgi/session/pstore.rb:62:in `initialize' C:/RUBY/lib/ruby/1.8/cgi/session.rb:273:in `new' C:/RUBY/lib/ruby/1.8/cgi/session.rb:273:in `initialize' ./script/../config/../vendor/rails/actionpack/lib/action_controller/cgi_process.rb:122:in `new' ./script/../config/../vendor/rails/actionpack/lib/action_controller/cgi_process.rb:122:in `session' ./script/../config/../vendor/rails/actionpack/lib/action_controller/cgi_process.rb:154:in `stale_session_check!' ./script/../config/../vendor/rails/actionpack/lib/action_controller/cgi_process.rb:109:in `session' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:1052:in `assign_shortcuts_without_flash' ./script/../config/../vendor/rails/actionpack/lib/action_controller/flash.rb:140:in `assign_shortcuts' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:424:in `process_without_filters' ./script/../config/../vendor/rails/actionpack/lib/action_controller/filters.rb:624:in `process_without_session_management_support' ./script/../config/../vendor/rails/actionpack/lib/action_controller/session_management.rb:114:in `process' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:330:in `process' ./script/../config/../vendor/rails/railties/lib/dispatcher.rb:41:in `dispatch' ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:113:in `handle_dispatch' ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:79:in `service' C:/RUBY/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' C:/RUBY/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' C:/RUBY/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' C:/RUBY/lib/ruby/1.8/webrick/server.rb:162:in `start' C:/RUBY/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' C:/RUBY/lib/ruby/1.8/webrick/server.rb:95:in `start' C:/RUBY/lib/ruby/1.8/webrick/server.rb:92:in `each' C:/RUBY/lib/ruby/1.8/webrick/server.rb:92:in `start' C:/RUBY/lib/ruby/1.8/webrick/server.rb:23:in `start' C:/RUBY/lib/ruby/1.8/webrick/server.rb:82:in `start' ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:63:in `dispatch' script/server:49 From parasew at gmail.com Wed Feb 21 06:19:33 2007 From: parasew at gmail.com (Matthias Tarasiewicz) Date: Wed, 21 Feb 2007 12:19:33 +0100 Subject: [Instiki-devel] Fwd: instiki osx package for 0.11 In-Reply-To: <5b08c9d90702210223k2247218ci3d0b0a8647ee53aa@mail.gmail.com> References: <78ccd8360702081447y5027137ah8fae7000f9c02d2a@mail.gmail.com> <5b08c9d90702111149x2eca7dfbi5f3b9560e36dc30e@mail.gmail.com> <78ccd8360702120035t7e8643bblcb82149d866bf16e@mail.gmail.com> <5b08c9d90702210223k2247218ci3d0b0a8647ee53aa@mail.gmail.com> Message-ID: <78ccd8360702210319l23763f4dv96321fac62191161@mail.gmail.com> hello list, Oleg Kourapov will help creating an osx package for the 0.11 version of instiki. hopefully also for the upcoming 0.12 release. anyone can help out with how to package ruby to include with the osx package, so instiki would not use the 1.8.2 that comes with osx? thanks, matthias ---------- Forwarded message ---------- From: Oleg Kourapov Date: Feb 21, 2007 11:23 AM Subject: Re: instiki osx package for 0.11 To: Matthias Tarasiewicz Hi! I really don't have time for long e-mails so sorry it took me so long to answer you. The problem I get running stock Instiki on my MacBook Pro is related to the built-in version of ruby - it quits with errors when trying to do basic stuff, i.e. it will show the first page no problem but when you click a link or do just about anything else it will bail out. The solution I discussed previously with Alex, ex-maintainer, was to bundle the latest custom-built ruby with the package. However, I has not succeded trying to run ruby from custom directory yet - if you can give me any hints, I'd appreciate that. This week we have a holiday in Russia so I'll have an extra day on weekend and am willing to spend at least a part of it hacking together a MacOSX build of v0.11. Cheers! On 2/12/07, Matthias Tarasiewicz wrote: > hi oleg! > great to hear back from you -- the main changes from 0.10 to 0.11 was > the support of activerecord and attachments (files, pictures). in the > upcoming 0.12 release, there is lots of bugfixing, anti-spam-features, > better pdf and latex support and an admin-login, where pages and webs > can be deleted. also lots of small changes are currently making it > into the trunk. > > as there are lots of people running instiki on osx i thought it might > be the best to release a 0.11 osx package until the 0.12 version is > out. the current osx packages don't really work -- most people are > experiencing only a "connection refused", see the reported bugs on > http://dev.instiki.org > > maybe just go ahead and try to make a package out of 0.11 -- if you > tell me what i could help out with, i am also on osx tiger (i am just > not really into xcode, but i know a little). > > greetings, > matthias > > > On 2/11/07, Oleg Kourapov wrote: > > Hi! > > > > I'm there and still willing to support the development of Mac-native > > Instiki packages but I'm severely short on time. BTW, thanks for the > > notion of my site going down - in fact, it's just a problem with my > > main CMS - www.2sheds.ru/blog (served as static pages generated by > > Blogger) still works. But this will give you an idea of how hard it is > > for ,e to re-focus on anything at the moment. > > > > But anyway, I'll try to do my best. Hope you can give me some kind of > > a short run-down on the most important changes going on recently in > > Instiki project's main branch so I will be able to get to speed on > > that. > > > > Cheers, > > Oleg > > > > On 2/9/07, Matthias Tarasiewicz wrote: > > > hello oleg this is parasew, the current maintainer of the instiki project. > > > your site is down, i found your email adress via google cache. > > > please reply, since i wanted to ask you if you want to create a > > > package of the 0.11 version of instiki as well as for the upcoming > > > 0.12 release! > > > > > > hope to hear from you, > > > greetings > > > parasew From parasew at gmail.com Wed Feb 28 04:35:46 2007 From: parasew at gmail.com (Matthias Tarasiewicz) Date: Wed, 28 Feb 2007 10:35:46 +0100 Subject: [Instiki-devel] *security* Instiki 0.11.pl1 Released! XSS cross site scripting vulnerability Message-ID: <78ccd8360702280135r185ce321r9cebc6ce2cbf02a9@mail.gmail.com> Jaques Distler reported a vulnerability of instiki to Cross-Site Scripting (XSS). That's why i released a new version of Instiki yesterday: Instiki 0.11.pl1 (Patch Level 1) People running Instiki 0.11 should update immediately to Instiki 0.11pl1 - on the usual Location: http://rubyforge.org/frs/?group_id=186 This version also includes some fixes and minor enhancements. It is also the last version to support windows 98. See the Changelog for more information http://rubyforge.org/frs/shownotes.php?group_id=186&release_id=10014 People running OSX should consider running the current trunk version of instiki, as 0.11.pl1 still has the same issues as 0.11 had regarding sqlite and readline. Oleg Kourapov and me are searching for ways to get the three-step installation feature back for OSX. We are already working on 0.12, please be patient, since this security-release now delayed the 0.12 version a little. all the best, parasew