| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67049
|
Fri Apr 15 08:49:26 2011 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.9.0 | Re: Elog 2.9.0 buffer overflow crash bug ubuntu linux |
> When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
>
> Apr 9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
> #015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
> Apr 9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
> 2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
>
> openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
>
> Startup info:
>
> Apr 9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr 9 2011, 17:49:08
> Apr 9 19:35:54 unixland elogd[21584]: revision 2411
>
> -- rouilj
I haven't tried openvas, but added a check for the negative content-length you have in the request
above in SVN revision 2413. Can you try if it still crashes?
- Stefan |
|
67051
|
Fri Apr 15 12:02:50 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | All | 2.9.0 | Re: Self Register = 3 doesn't work any longer |
| Olivier Callot wrote: |
|
I tried again and confirm the version number. I never got this pannel saying that my request will be processed by an adminstrator. Maybe the installation was incomplete? Is this pannel outside the standard src files? I receive the mail as administrator, but the accout is already valid BEFORE I validate it.
This was working in previous versions, i.e. the entry was not created at all. And login wasn't possible.
We went back to 2.8.0 as the server is regularly crashing with 2.9.0 and we have to keep it alive for our running experiment. We are trying to isolate and reproduce the problem...
|
Try to use the simple config file, and see what happens there. Maybe it's a config option you use differently in the experiment. If you identify the config option which triggers the problem, I can probably reproduce it and fix it. Concerning crashes of 2.9.0: We have it running stably for our experiments, that's why I released it. But there are major changes since 2.8.0, mainly the Kerberos authentification (actually people from CERN asked for that). So it could be that in your case there are problems I don't see. In that case you have to test with which options in the config file the problems start. If elogd crashes, a stack dump would maybe also be helpful for me. |
|
67067
|
Tue May 17 16:37:42 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | All | 2.9.0 | Re: Self Register = 3 doesn't work any longer |
| Olivier Callot wrote: |
|
Dear Stefan, after a long time I managed to get a test setup. The line that creates the misbehaviour is
Guest Menu Commands = List, Find, Login, Help
which seems inocuous! But with this line a user with inactive account can login without validation. Without this line I get also the proper web page indicating that the account has to be activated when I register as new user.
Another little annoyance: When a user is prevented from login ("The account is currently deactivated") there is NO WAY to login, as any action with Elog tries to use the (non activated) username and password. I can't get back the login page!
Thanks
|
Great. This this description I could reproduce the error and fix it. The fix is in SVN revision 2414.
Cheers, Stefan. |
|
67080
|
Thu Jun 2 21:28:19 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Info | Windows | 2.x | Re: Is there maximum number of entries? |
| Hung Dao wrote: |
|
Does anyone know whether ELOG has limit number of entries or it can create new entries as many as it can go? Thanks.
|
The number of entries is not limited. But if there are very many entries, searching can get a bit slow. We have installations with ~100'000 entries and they work still fine. |
|
67085
|
Mon Jun 20 17:53:58 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.9.0-2414 | Re: segmentation fault when "restrict edit" is used and "new" is allowed for anonymous users |
| You are the first one allowing guests to enter new entries, so this probes a code path which was never used before. I fixed the crash in SVN revision 2416, but it might be that there are more issues with that. Just keep reporting. |
|
67090
|
Wed Jul 20 13:50:34 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | All | 2.8.1-1 | Re: changing raw style when empty attribute value |
| Zbigniew Reszela wrote: |
|
Dear all,
I wonder if anyone of you already tried to change raw style in case of empty attribute value.
In my configuration file I have defined attribute "End date" (without quotation marks) and it's type is datetime.
How should I configure extra style for entries where this attribute doesn't have value.
My tries were:
Style End date = background-color:red
Style End date "" = background-color:red
Style End date " " = background-color:red
Style End date - = background-color:red
But they didn't work.
Any ideas?
|
This functionality was not implemented. I added it in SVN revision #2420, so it will be contained in the next release. |
|
67093
|
Wed Jul 20 17:39:25 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | All | 2.8.1-1 | Re: List page displays internal 'Text' attribute header with some alias |
| Zbigniew Reszela wrote: |
|
I would like to have different header for 'Text' internal attribute: e.g. an alias "Notes". So on the list page header of Text attribute column is Notes.
Is it already possible? I couldn't find it in Administrator's Guide.
If not is it possible to add this feature?
|
No, this is not possible. I put this on the wish list. |
|
67106
|
Wed Aug 31 15:13:02 2011 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | All | 2.9.0-2411 | Re: Attachments (again) |
| Andreas Luedeke wrote: |
|
> In my case the original .pdf file is elsewhere, I've no need to have duplicates scatted in various logbooks, and
> while ideally that would also be true of the thumbnail, it is fair enough for this to be stored in each logbook
> where it is required. This removes the issue of how to have an attachment in a different logbook (other than by
> links, which would get rather tiresome to have to keep making).
>
> Anyone any ideas?
If you just want to show a thumbnail of an attachment in a public logbook, then just add a link to it. like
<img src="https://abk.web.psi.ch/tmp/t.png" alt="" />
or in your example you show the thumbnail in the hidden logbook by adding in the text body:
<img src="<your-host-url>/public/110705_235520_whatthis-0.png" alt="" />
Of course the attachment has to be in the public logbook and the link in the hidden one.
|
Sure, but that works only from a hidden logbook into a public one, not the other way, but I think this is what David wants. Since the hidden attachment is not accessible from the public logbook, there is no way around that other than physically copy the message, then strip maybe the text. He is concerned about having the same attachment twice on disk, which I cannot fully understand. Even large attachments are maybe 10 or 20 MB, otherwise they take forever to go through your browser. With a modern 1 TB disk these are 50.000 attachments...  |