New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Installation of Foswiki: More info required

1.1.3 -> 1.1.4 upgrade fails completely

I'm trying to upgrade my Foswiki from 1.1.3 to 1.1.4. I've downloaded and unpacked the upgrade tarball and proceeded (basically) as follows on my Linux box:
  1. Stopped my apache: service httpd stop
  2. Backed up my current Foswiki: cd <foswikidir>; mkdir ../fosbackup; find . -print | cpio -pduam ../fosbackup
  3. Upgraded my foswiki: cd <fos1.1.4upg>; find . -print | cpio -pduam <foswikidir>
  4. Restarted apache: service httpd start
Now, when I try to access my Foswiki, I get the following error page:

Software error:

Insecure dependency in unlink while running with -T switch at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 575.
 at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 575
   Foswiki::LoginManager::expireDeadSessions() called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 537
   Foswiki::LoginManager::complete('Foswiki::LoginManager::ApacheLogin=HASH(0xa21ec48)') called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 180
   Foswiki::LoginManager::finish('Foswiki::LoginManager::ApacheLogin=HASH(0xa21ec48)') called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 162
   Foswiki::Users::finish('Foswiki::Users=HASH(0xa129288)') called at /auto/adbuwiki/Foswiki-1.1.4/lib/ line 2096
   Foswiki::finish('Foswiki=HASH(0xa00ca58)') called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 436
   Foswiki::UI::_execute('Foswiki::Request=HASH(0x99ab72c)', 'CODE(0x9ff3e04)', 'view', 1) called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/ line 274
   Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x99ab72c)') called at /auto/adbuwiki/Foswiki-1.1.4/lib/Foswiki/Engine/ line 41
   Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x9bbaa7c)') called at /var/www/foswiki/bin/view line 24

For help, please send mail to the webmaster ( root@localhost), giving this error message and the time and date of the error.

Can anyone tell me what the problem is? I've reverted to 1.1.3 from my backup, but I'd like to get up-to-date.

Initial impression - I'm confused by this. The failing line is in the stale session cleanup code, and that file - has not changed between Foswiki 1.1.3 and 1.1.4. The error is perl complaining that a variable has been obtained from an insecure source - like CGI use input - without being validated. The $Foswiki::cfg variables don't get modified by the user, and are all untainted when LocalSite.cfg is read in. And the $file variable is untainted right below the readdir statement a few lines back.
  • What version of Perl are you using.
  • Did you run bin/configure and save your LocalSite.cfg file before testing,
  • As a possible workaround - to at least see if there are other issues in your environment, you could turn off session file expiration. In bin/configure, Security and Authentication -> Sessions tab, set {UseClientSessions} to a negative number. Read the configure help for that field for more information.
-- GeorgeClark - 07 Jan 2012

  • perl version
  • version (shown under "webserver environment" tab in configure, IIRC)
  • OS/environment
  • Are you using locales (check under Internationalization tab in configure)
  • What is {Site}{CharSet} set to

-- PaulHarvey - 07 Jan 2012

QuestionForm edit

Subject Installation of Foswiki
Version Foswiki 1.1.3
Status More info required
Related Topics
Topic revision: r3 - 07 Jan 2012, PaulHarvey - This page was cached on 20 Mar 2018 - 14:42.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License