[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New snapshot: use HTML Tidy binary in Sanitize
From: |
boud |
Subject: |
Re: New snapshot: use HTML Tidy binary in Sanitize |
Date: |
Wed, 22 Oct 2008 02:09:34 +0200 (CEST) |
User-agent: |
Alpine 1.10 (DEB 962 2008-03-14) |
hi Dmitry,
On Sun, 21 Sep 2008, Dmitry Borodaenko wrote:
Greetings,
This snapshot is a must for anyone using Samizdat with Ruby that
includes recent security fixes in DL library (e.g. Ruby 1.8.7-p72).
Even if you only use Samizdat release 0.6.1, read on: you may find
this update useful.
The DL fixes broke the Ruby/Tidy library [0], and I don't know enough
about DL to fix the root cause, so I had to implement a workaround:
invoke HTML Tidy binary via pipe (File.popen) instead of using the
dynamic library. The code is generic enough, so if you pass it a path
to .so library, it will still try to use library instead of the
binary.
[0] http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/315497
The changes are backwards-compatible and isolated to sanitize.rb. To
use this fix with older Samizdat versions, all you need to do is copy
over sanitize.rb from this snapshot. I did just that with the
samizdat-0.6.1 package in Debian/unstable.
That's *nearly* all you need to do. You also need to... install the
tidy binary. i discovered this by accident, because on one machine
the binary was present, on another it was absent.
As usual, the snapshot can be downloaded from:
http://download.savannah.gnu.org/releases/samizdat/samizdat-snapshot.tar.gz
The versions of Debian packages with this fix are 0.6.1-2 (unstable)
and 0.6.1.20080921-1 (experimental).
IMHO the depends on:
tidy or libtidy-ruby1.8
should be changed to:
depends: tidy
recommends: libtidy-ruby1.8
until the bug gets fixed in libtidy-ruby1.8 or further along
the dependence chain (DL?).
Otherwise, some people who happen to have the library and not the
binary will see a runtime error when they try to publish anything at
all.
cheers
boud
- Re: New snapshot: use HTML Tidy binary in Sanitize,
boud <=