the error in \var\log\apache2\error.log
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "gluon/__init__.py", line 15, in <module>
from globals import current
File "gluon/globals.py", line 21, in <module>
from html import xmlescape, TABLE, TR, PRE
File "gluon/html.py", line 29, in <module>
from utils import web2py_uuid, hmac_hash
File "gluon/utils.py", line 98, in <module>
ctokens = initialize_urandom()
File "gluon/utils.py", line 93, in initialize_urandom
logging.warn(
NameError: global name 'logging' is not defined
2011/6/5 Alexandre Andrade <alexandrema...@gmail.com>
> .I updated the new versions (1.96.1 and 196.2) and get a error of
> misconfiguration.
>
>
> the new versions use \dev\urandom but even but give a error in apache error
> log about permissions.
> Even chmod 777 or chown www-data:www-data in \dev\urandom can make it work
> in ubuntu 10.04 and ubuntu 11.04.
>
>
> Alexandre
>
>
> 1/6/3 Massimo Di Pierro <massimo.dipie...@gmail.com>
>
>> We fixed a few more bugs (strangely most of them preexisting 1.96.1).
>> We also addressed two security issues as I will explain later in this
>> email:
>>
>> here is am reporting the 1.96.1 changelog with some additions
>>
>> Changelog:
>> - "from gluon import *" imports in every python module a web2py
>> environment (A, DIV,..SQLFORM, DAL, Field,...) including
>> current.request, current.response, current.session, current.T,
>> current.cache, thanks Jonathan.
>> - conditional models in
>> models/<controller>/a.py and models/<controller>/<function>/a.py
>> - from mymodule import *, looks for mymodule in applications/thisapp/
>> modules first and then in sys.path. No more need for local_import.
>> Thanks Pierre.
>> - usage of generic.* views is - by default - restricted to localhost
>> for security. This can be changed in a granular way with:
>> response.generic_patterns=['*']. This is a slight change of behavior
>> for new app but a major security fix.
>> - all applications have cas 2.0 provider at http://.../user/cas/login
>> - all applications can delegate to login to external provider
>> Auth(...,cas_provider='http://.../other_app/default/user/cas')
>> - A(...,callback=URL(...),larget='id') does Ajax
>> - URL(...,user_signature=True), LOAD(...,user_signature=True) can
>> sign
>> urls and @auth.requires_signature() will check the signature for any
>> decorated action.
>> - DAL(...,migrate_enabled=False) to disable all migrations
>> - DAL(...,fake_migrate_all=True) to rebuild all corrupted metadata
>> - new DAL metadata format (databases/*.table)
>> - DAL(...,adapter_arg={}) allows support for alternate drivers
>> - DAL now allows circular table defintions
>> - DAL(..,auto_import=True) automatically imports tables from metadata
>> without need to db.define_table(...)s.
>> - new alterante syntax for inner joins: db(...).select(join=...)
>> - experimental cubrid database support
>> - DAL 'request_tenant' fields are special, the altomatically filer
>> all
>> records based on their default value.
>> - db._common_fields.append(Field('owner')) allows to add fields to
>> ALL
>> tables
>> - DAL ignores repeated fields with same names
>> - web2py_ajax.html is more modular, thanks Anthony
>> - request.is_local
>> - request.is_http
>> - new sessions2trash.py thanks Jim Karsten
>> - corrupted cache files are automatically deleted
>> - new simpler API gluon.contrib.AuthorizeNet.procss(...)
>> - fixed recaptcha (as they released new API)
>> - messages in validators have default internationalization
>> - No more Auth(globals(),db), just Auth(db). Same for Crud and
>> Service.
>> - scripts/access.wsgi allows apache+mod_wsgi to delegate
>> authentication of any URL to any web2py app
>> - json now supports T(...)
>> - scripts/setup-web2py-nginx-uwsgi-ubuntu.sh
>> - web2py HTTP responses now set: "X-Powered-By: web2py", thanks Bruno
>> - mostly fixed generic.pdf. You can view any page in PDF if you have
>> pdflatex installed or if your html follows the pyfpdf convention.
>> - auth.settings.extra_fields['auth_user'].append(Field('country'))
>> allows to extend auth_* tables without need of definiting a custom
>> auth_* table. Must be placed before auth.define_tables()
>> - {{=response.toolbar()}} to help you debug applications
>> - web based shell now supports object modifications (but no
>> redefinitions of non-serializable types)
>> - jQuery 1.6.1
>> - more secure uuid function to protect sessions form cryptographic
>> attacks
>> - auto logout of appadmin
>> - Lots of bug fixes
>>
>> ## Security wanring
>>
>> This release fixes two security issues:
>>
>> 1) web2py used random to generate uuid. This is mostly fine but it was
>> technically possible for an attacker to retrieve a lot of session
>> uuids, extrapolate information about the pseudo-random-generator and
>> use the information to guess somebody else's session. Our new
>> contributor and security expert David Wager, spotted this problem and
>> suggested rewriting the web2py uuid function used for generating
>> session names. The new function uses /dev/urandom as entropy source
>> and falls back to the old method when the entropy source is not
>> available, issuing a warning.
>>
>> 2) appadmin uses admin authentication but failed to detect expires
>> sessions (60minutes). This has now been corrected.
>>
>
>
>
> --
> Atenciosamente
>
>
> Alexandre Andrade
> Hipercenter.com Classificados Gratuitos
>
--
Atenciosamente
Alexandre Andrade
Hipercenter.com Classificados Gratuitos
