[OPEN-ILS-DEV] Evergreen 2.2.0, 2.1.2 rc2, and 2.0.12 released - with SECURITY fixes
Lebbeous Fogle-Weekley
lebbeous at esilibrary.com
Wed Jun 13 16:25:55 EDT 2012
Evergreen 2.2.0, 2.1.2 rc2, and 2.0.12 released - with SECURITY fixes
( Web-formatted version of this announcement:
http://evergreen-ils.org/blog/?p=776 )
I would like to announce the long awaited Evergreen 2.2.0, the first
official, stable release with the new Template Toolkit OPAC, and a whole
passel of other new features.
You can download it now! http://evergreen-ils.org/downloads.php
The release notes for 2.2.0 are here:
http://evergreen-ils.org/documentation/release/RELEASE_NOTES_2_2_0.html
2.1.2 rc2 and 2.0.12 are also announced (thanks to Dan Scott and Jason
Stephenson, respectively).
2.0.12 is a security update only, and contains no new features.
The technical changelog for 2.2.0 is here:
http://open-ils.org/downloads/ChangeLog-2.1-2.2.0
THESE RELEASES CONTAINS SECURITY UPDATES, so you will want to upgrade as
soon as possible.
Upgrading to the latest release in your series (2.2, 2.1, or 2.0) is
sufficient to protect your site with these security updates:
1) Give away less information with the LOGIN_FAILURE event
2) Prevent deleted and barred users from logging in at all.
3) Require the UPDATE_MARC permission rather than only the CREATE_MARC
permission for users to update biblio graphic records.
More information about the security updates can be found in the ChangeLog.
If you don't wish to upgrade outright to the latest version, sites
running any 2.0, 2.1, or 2.2 code today can get the benefit of the
security updates by following these steps:
1. Download the Evergreen 2.2.0, 2.1.2-rc2, or 2.0.12 release tarball;
whichever belongs to the release series you're currently running.
2. Untar the tarball
3. In the source directory, run ./configure --prefix=/openils
--sysconf=/openils/conf && make to build the libraries
4. Install the chrpath tool (aptitude install chrpath on Debian / Ubuntu
systems)
5. Run "chrpath -d Open-ILS/src/c-apps/.libs/oils_auth.so" to enable the
library to link to the appropriate location
6. Copy your existing oils_auth.so library to a safe location; for
example, "cp /openils/lib/oils_auth.so /openils/oils_auth.so.20120613"
7. Copy your new oils_auth.so library into place: cp
Open-ILS/src/c-apps/.libs/oils_auth.so /openils/lib/.
8. As the root user, run ldconfig to refresh your dynamic linking cache.
9. As the root user:
a. Find the location of Cat.pm running on your system. For systems
running Evergreen 2.1 and up, this looks something like
/usr/local/share/perl/5.10.1/OpenILS/Application/Cat.pm, but the Perl
version number could vary by system. For systems running 2.0.x, this is
likely /openils/lib/perl5/OpenILS/Application/Cat.pm .
b. Open the file in a text editor and find a line exactly like this:
return $e->die_event unless $e->allowed('CREATE_MARC',
$e->requestor->ws_ou);
c. Replace 'CREATE_MARC' with 'UPDATE_MARC'.
d. Save your changes.
10. Restart your OpenSRF services: osrf_ctl.sh -a restart_all (NOTE: you
may require the -l flag on that command, depending on your system).
* To slightly paraphrase Galen Charlton who once referred to similar
instructions for a previous security update:
Note that /openils/lib/oils_auth.so is normally a symbolic link to
oils_auth.so.2.0.0. When applying Dan's fix procedure, make sure that
the final result has all versions of the file name oils_auth.so[.*]
pointing to the same shared object.
--
Lebbeous Fogle-Weekley
| Software Developer
| Equinox Software, Inc. / Your Library's Guide to Open Source
| phone: 1-877-OPEN-ILS (673-6457)
| email: lebbeous at esilibrary.com
| web: http://www.esilibrary.com
More information about the Open-ils-dev
mailing list