Re: Segfault on elog-3.1.5-1 when uploading file., posted by Stefan Ritt on Fri Dec 13 15:11:08 2024
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan |
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by gary holman on Fri Dec 13 19:40:57 2024
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by Evinrude Motor on Tue Jan 7 20:32:10 2025
|
When will the new src be in the standard repos? I'm on ubuntu and
| gary holman wrote: |
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by Evinrude Motor on Tue Jan 7 20:35:23 2025
|
When will the new source be in the standard download area ? I'm on ubuntu .
| gary holman wrote: |
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by Stefan Ritt on Tue Jan 7 20:41:13 2025
|
It is in the usual download area which is referenced at https://elog.psi.ch/elog/download.html
Stefan
| Evinrude Motor wrote: |
|
When will the new source be in the standard download area ? I'm on ubuntu .
| gary holman wrote: |
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
|
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by Evinrude Motor on Sun Apr 13 13:56:05 2025
|
So this never made it into the download area ? elog-latest.tar is elog-3.1.5-1 and contains no files from 2024 or 2025 .
Thanks
| Stefan Ritt wrote: |
|
It is in the usual download area which is referenced at https://elog.psi.ch/elog/download.html
Stefan
| Evinrude Motor wrote: |
|
When will the new source be in the standard download area ? I'm on ubuntu .
| gary holman wrote: |
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
|
|
|
Re: Segfault on elog-3.1.5-1 when uploading file., posted by Stefan Ritt on Thu Apr 17 13:10:43 2025
|
I stopped making tar files, since most people building elog from sources just pull it from the bitbucket repository:
$ git clone https://bitbucket.org/ritt/elog --recursive
$ cd elog
$ mkdir build; cd build;
$ cmake ..; make
| Evinrude Motor wrote: |
|
So this never made it into the download area ? elog-latest.tar is elog-3.1.5-1 and contains no files from 2024 or 2025 .
Thanks
| Stefan Ritt wrote: |
|
It is in the usual download area which is referenced at https://elog.psi.ch/elog/download.html
Stefan
| Evinrude Motor wrote: |
|
When will the new source be in the standard download area ? I'm on ubuntu .
| gary holman wrote: |
|
Thanks Stefen!
I built from source (ELOG V3.1.5-3a5f2f00) and I confirmed as fixed.
| Stefan Ritt wrote: |
|
Thanks to your stack trace, I found a case where a string might get overwritten, but only if the attachment file name is longer than 256 chars. I fixed the code and made a new RPM:
https://www.dropbox.com/scl/fi/r37qx9aka5ytt3j7vn4km/elog-3.1.5-20241213.el8.x86_64.rpm?rlkey=knct99pdltggunrbmyr2hpfe5&st=pkre24aq&dl=0
Alternatively, you can compile from sources. Give it a try.
Stefan
|
|
|
|
|
|
|
Re: Security (passwords over web browser), posted by Stefan Ritt on Wed Feb 26 10:34:12 2003
|
> Stefan - Just to say that this is an excellent piece of work well done.
Thanks.
> 1) is there a way around seeing the password in text when self
regestering,
> if I turn this option off when the user changes his password will this
> password still be seen?
Where did you see the password? Was it on this logbook or on your own? Did
you use "self register" equal 3 or 2? The password should never be visible
in plain text, so after you submit it (during registration or login), the
page gets immediately redirected since the password is contained in the
URL. After the redirection, it is not visible any more. Now it might happen
that the redirection takes a few seconds, depending on the network speed,
then you see it for this few seconds. But in an intranet installation, this
should not happen.
> 2) I have changed all the files to be owned on my RedHat Server by the
> user:group as elog:elog and set and moved the logbooks to another
directory
> other than in /usr/local/elog namely /home/elog/logbooks, my concern is
is
> I was to upgrade to a newer version would it be a simple install over the
> top? any caveats?
Yes, if you upgrade, the new version will again to into /usr/local/elog
unless you tell "rpm" to relocate the package. Unfortunately I'm not a
specialist with "rpm", but you might figure it out yourself (just try to
reinstall the same version and look where the files go wiht "rpm -ql elog"). |