Back to the main page

ViewVC upgrade

ViewVC is a browser interface for CVS and Subversion version control repositories.
Some older versions are vulnarable to cross sire scripting (xss) and this is example of update to version 1.0.13 that's not sensitive for specific xss attack.

Download viewvc-1.0.13.tar.gz from viewvc.tigris.org and unzip/untar it. 
[root@host viewvc-1.0.13]#  ./viewvc-install 
This is the ViewVC 1.0.13 installer.

It will allow you to choose the install path for ViewVC.  You will now
be asked some installation questions.  Defaults are given in square brackets.
Just hit [Enter] if a default is okay.

Installation path [/usr/local/viewvc-1.0.13]:
DESTDIR path (generally only used by package maintainers) []:
Installing ViewVC to /usr/local/viewvc-1.0.13:
   created   /usr/local/viewvc-1.0.13/bin/cgi/
   installed /usr/local/viewvc-1.0.13/bin/cgi/viewvc.cgi
   installed /usr/local/viewvc-1.0.13/bin/cgi/query.cgi
   created   /usr/local/viewvc-1.0.13/bin/mod_python/
   installed /usr/local/viewvc-1.0.13/bin/mod_python/viewvc.py
  ... shortened ..
  installed /usr/local/viewvc-1.0.13/templates-contrib/viewsvn/templates/roots.ezt
   installed /usr/local/viewvc-1.0.13/templates-contrib/viewsvn/templates/rss.ezt

ViewVC file installation complete.

Consult the INSTALL document for detailed information on completing the
installation and configuration of ViewVC on your system.  Here's a brief
overview of the remaining steps:

  1) Edit the /usr/local/viewvc-1.0.13/viewvc.conf file.

  2) Either configure an existing web server to run
     /usr/local/viewvc-1.0.13/bin/cgi/viewvc.cgi.

     Or, copy /usr/local/viewvc-1.0.13/bin/cgi/viewvc.cgi to an
     already-configured cgi-bin directory.

     Or, use the standalone server provided by this distribution at
     /usr/local/viewvc-1.0.13/bin/standalone.py.

Restore viewvc conf file. 
[root@host viewvc-1.0.13]# cp -p viewvc.conf viewvc.conf-original-1.0.13
[root@host viewvc-1.0.13]# cp -p ../viewvc/viewvc.conf .
cp: overwrite `./viewvc.conf'? y

Somehow one file has to be renamed ... !? 
[root@host mod_python]# cat readme
The file viewvc.py has been renamed to mpviewvc.py

More info from apache conf file:
#### !NOTE! mod_python/mpviewvc.py has to be renamed to this.
####   The original name was mod_python/viewvc.py
####   there is a conflict with the library of the same name!

[root@host mod_python]# mv viewvc.py mpviewvc.py

[root@host mod_python]# ls -la
total 28
drwxr-xr-x 2 root root 4096 Jan  6 11:00 .
drwxr-xr-x 4 root root 4096 Jan  6 10:58 ..
-rwxr-xr-x 1 root root  924 Jan  6 10:58 handler.py
-rwxr-xr-x 1 root root   67 Jan  6 10:58 .htaccess
-rwxr-xr-x 1 root root 1672 Jan  6 10:58 mpviewvc.py
-rwxr-xr-x 1 root root 1880 Jan  6 10:58 query.py
-rw-r--r-- 1 root root  260 Jan  6 11:00 readme


Finally remove symbolic link from current version and create new one to ver 1.0.13, and reload apache. 
[root@host /usr/local]# unlink viewvc

[root@host /usr/local]# ln -s viewvc-1.0.13 viewvc

[root@host ]# service httpd configtest
Syntax OK
[root@host ]# service httpd reload
Reloading httpd:                     [  OK  ]







Back to the main page