Samizdat 0.6.2: Security, Plugins, Flowplayer


#1

Dedication

Samizdat 0.6.2 release is dedicated to the memory of Stanislav Markelov
and
Anastasia Baburova, activists murdered in Moscow on January 19, 2009.

What is Samizdat?

Samizdat is a generic RDF-based engine for building collaboration and
open publishing web sites. Samizdat provides users with means to
cooperate and coordinate on all kinds of activities, including media
activism, resource sharing, education and research, advocacy, and so on.
Samizdat intends to promote values of freedom, openness, equality, and
cooperation.

Samizdat library includes four stand-alone modules that can be used
outside the Samizdat engine: Cache (thread-safe time-limited object
cache with flexible replacement policy), Storage (RDF storage over a
relational database), Sanitize (whitelist XSS filter based on HTMLTidy
and REXML), and Antispam (simple wiki spam filter).

What’s new in Samizdat 0.6.2?

The most important part of this release is the long list of security
improvements in various parts of Samizdat engine. Password encryption is
now as
strong as it gets, HTTPS now gets the emphasis it deserves, cross-site
scripting
protection has been tightened, and in general the engine is even more
paranoid
about user-submitted data than before.

End users will be most interested in the integration with Flowplayer
free Flash
video player and the thumbnailing capabilities of the new image plugin.
Both
features are enabled by the new plugin mechanism, which, in addition to
handling
different content types, allows to add fancy member profile parameters
and
alternative access control schemes.

Due to the number of security improvements in this release, it is highly
recommended that all Samizdat installations update to this version. If
you are
not able to update your installation immediately, you should apply the
following
patches (applicable to vanilla Samizdat 0.6.1) at the first opportunity:

[0]
http://samizdat.nongnu.org/release-notes/sanitize-0.6.1-xss-escape-title.patch
[1]
http://samizdat.nongnu.org/release-notes/sanitize-0.6.1-tidy-binary.patch

Changes in more detail:

  • cross-site scripting fixes: several cases of unsanitized
    user-submitted HTML
    strings are fixed in this release; these vulnerabilities allowed
    attackers to
    perform cross-site scripting attacks by publishing specially crafted
    messages
    or user names (CVE-2009-0359)

  • passwords: over the past several years, multiple attacks on the MD5
    hash
    function were demonstrated, making this algorithm less than optimal
    for
    password encryption; while Samizdat 0.6.2 still supports old MD5
    passwords,
    all new passwords will use salted SHA-512; users of Samizdat sites are
    advised
    to update their passwords to take advantage of stronger password
    encryption

  • HTTPS logins: it is now possible to ensure that all authenticated
    access to a
    Samizdat site goes only over an encrypted HTTPS connection; comments
    in the
    https section of config.yaml explain how to make this work

  • plugins: the new plugin system allows to augment and customize various
    parts
    of Samizdat engine, including content rendering, member profile
    parameters,
    and access control

  • image thumbnails: new image plugin automatically generates and uses
    reduced
    versions of uploaded images with help of the RMagick library

  • Flowplayer: flowplayer plugin integrates this free Flash video player
    into
    Samizdat pages, allowing to display FLV and MP4/H.264 files inline in
    addition
    to the usual download link; as of this release, Flowplayer doesn’t
    reliably
    work with free Flash plugins Gnash and SWFdec, more collaboration
    between
    these projects is needed to implement a fully free Flash video stack

  • GPL3: Samizdat license has been upgraded to the latest version of GPL
    and now
    reads: “You can distribute/modify this program under the terms of the
    GNU
    General Public License version 3 or later.”

  • Mahoro: instead of relying on inconsistent and untrustworthy content
    type
    headers supplied by web browser, Samizdat now uses Mahoro bindings to
    libmagic
    library to determine real content type of the uploaded files

  • Sanitize: due to incompatibility of Tidy/DL bindings with the latest
    Ruby 1.8
    releases, Sanitize now prefers to invoke tidy binary through a pipe
    instead of
    linking to a shared library; more Tidy errors are now handled and
    reported
    back to the user, single quote special character is now escaped as
    ’ for
    compatibility with browsers that don’t support XHTML 1.0 character
    entities
    (e.g. Internet Explorer)

  • member profile: member settings page is split into account, profile,
    and
    settings pages; settings page controls UI preferences available both
    to
    members and guests; profile page allows to edit public information
    about a
    member, such as full name (which is now optional) or occupation
    (enabled by
    the occupation profile plugin); account parameters such as password
    and email
    are edited on the account page

  • new translations: Japanese translation has been reviewed and corrected
    by a
    native speaker and is now enabled by default, bringing the count of
    supported
    languages up to 10

  • documentation: several key aspects of Samizdat architecture are
    explained in
    new Dia diagrams and the LVEE’2008 presentation slides

  • other: exported RSS feeds now include item descriptions, tainted data
    handling
    is now more robust, more bugfixes and UI improvements

How do I upgrade from Samizdat 0.6.1?

First of all, make sure tidy binary (and not just libtidy shared
library) is
installed on your system. By default, sanitize.rb checks for
/usr/bin/tidy or
/usr/local/bin/tidy. On Debian 5.0/lenny or later, run apt-get install tidy.
Debian 4.0/etch has an old Tidy version that doesn’t support some of the
options
used in Samizdat 0.6.2, so you may need to install the backported Tidy
package [2].

[2] http://people.debian.org/~angdraug/tidy/

Since moderator list is now stored in database, you need to move your
list of
moderators from your yaml config to the database:

CREATE TABLE Role (member INTEGER REFERENCES Member, role TEXT);
CREATE INDEX Role_member_idx ON Role (member);
GRANT INSERT, UPDATE, SELECT ON Role TO samizdat;
INSERT INTO Role (member, role) SELECT id, ‘moderator’ FROM Member
WHERE login IN (‘moderator1’, ‘moderator2’, …);

In the last line, replace (‘moderator1’, ‘moderator2’, …) with your
current moderator list, that can be produced by the following command
line:

grep moderators /etc/samizdat/sites/*|sed “s/, /’, '/g”

You will also need to update your Apache or Lighttpd configuration to
make js/ directory visible via the Web server (see doc/examples/).

Finally, if your access control configuration differs from Samizdat
default (e.g. guests are allowed to post), see defaults.yaml on how
role plugin is configured.

Where to get it?

Project page: http://samizdat.nongnu.org/
Download:
http://savannah.nongnu.org/download/samizdat/samizdat-0.6.2.tar.gz
Debian package: apt-get install samizdat
(http://packages.qa.debian.org/s/samizdat.html)


#2

2009/2/12 Dmitry B. removed_email_address@domain.invalid:

Samizdat 0.6.2 release is dedicated to the memory of Stanislav Markelov and
Anastasia Baburova, activists murdered in Moscow on January 19, 2009.
(…)

Hi Dmitry, nice to read from you again. We once met in Karlsruhe a
couple of years ago, where you talked about Samizdat at EuRuKo. I
always liked your reasoning for the name Samizdat, and now also the
dedication of the new release. Unfortunately I don’t have anything to
do with RDF, so can’t say more to Samizdat itself.

Regards,
Pit


#3

On Thu, Feb 12, 2009 at 10:24 PM, Dmitry B. removed_email_address@domain.invalid
wrote:

a shame actually that we couldn’t establish EuRuKo as a regular event…

Heh, just noticed I’m a bit wrong about this, looks like it did pick up,
after
all! Now there’s my chance for a soapbox :wink:


#4

On Thu, Feb 12, 2009 at 9:18 PM, Pit C. removed_email_address@domain.invalid
wrote:

Hi Dmitry, nice to read from you again. We once met in Karlsruhe a
couple of years ago, where you talked about Samizdat at EuRuKo. I
always liked your reasoning for the name Samizdat, and now also the
dedication of the new release. Unfortunately I don’t have anything to
do with RDF, so can’t say more to Samizdat itself.

Hi Pit!

Thanks for your support, much appreciated! I remember you from Karlsuhe,
too :slight_smile: It was a nice time, a shame actually that we couldn’t establish
EuRuKo as a regular event…

You know, over the last years focus of Samizdat development shifted away
from RDF and more towards open publishing. It still does RDF, and RDF
code has become more advanced (and, by necessity, much more
well-structured), but it has taken a back seat to things that matter in
real world: security, usability, multimedia support, etc. If the
prominent place RDF takes in Samizdat’s description scares people off
like that, I should probably rephrase it: Samizdat is no longer an RDF
system that incidentally does open publishing, it’s an open publishing
system that happens to have RDF under the hood.

I think that other standalone modules in Samizdat library, while small
and single-purpose, deserve more attention than that scary RDF storage.
For example, the story of the Sync#try_lock bug kind of proves that
Samizdat Cache module is the most advanced Ruby object cache
implementation out there (unless I’m missing something and there is a
way to do thread-safe two-level locking without that API :wink:

I’m also quite proud of the Sanitize module: it might be comparatively
slow due to invoking both Tidy and REXML, but it is small and elegant,
making it easy to understand and to keep secure. With tools like that
out there, who would need another HTML parser?

The point is, Samizdat is more than an RDF engine. It has other bells
and whistles that may just as interesting!