| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
943
|
Mon Feb 14 18:49:44 2005 |
 | Recai Oktas | roktas@omu.edu.tr | Info | Linux | 2.5.7 | Re: ELOG security vulnerability fixed, IMPORTANT!!!! |
Attention to Debian users;
I've prepared the fixed package and also contacted to Debian Security Team for
an urgent security upload. Since then you may wish to update your package from
the following URL:
http://l10n-turkish.alioth.debian.org/debian/elog_2.5.7+r1558-1_i386.deb
Or you can also make an update via apt-get by adding the below line to your
'/etc/apt/sources.list' file:
deb http://l10n-turkish.alioth.debian.org/debian/ ./
> The second vulnerability had to do with write passwords. If you put a "write
> password = xxx" statement into your config file, it was still possible to
> download the config file with a special hand-written URL, and decode the
> write password, which is usually only base-64 encoded unless you haven't
> compiled elog with the -DHAVE_CRYPT flag.
FYI, Debian package has already been compiled with this flag.
-- Recai Oktas, Maintainer of Debian package |
|
953
|
Sat Feb 19 18:39:52 2005 |
 | Heiko Scheit | h.scheit@mpi-hd.mpg.de | Bug fix | Linux | 2.5.7 | Problem with 'Show Attributes' option |
There is a problem with the 'Show Attributes' option
causing the 'Format ...' options to be ignored.
See attachment for patch. |
| Attachment 1: patch
|
--- elogd.c_20050219 Sat Feb 19 18:15:09 2005
+++ elogd.c Sat Feb 19 18:25:55 2005
@@ -8169,7 +8169,7 @@
if (format_flags[index] & AFF_SAME_LINE)
/* if attribute on same line, do nothing */
rsprintf("");
- else if (index < n_attr - 1 && (format_flags[index + 1] & AFF_SAME_LINE)) {
+ else if (aindex < n_disp_attr - 1 && (format_flags[attr_index[aindex + 1]] & AFF_SAME_LINE)) {
/* if next attribute on same line, start a new subtable */
rsprintf("<tr><td colspan=2><table width=\"100%%\" cellpadding=0 cellspacing=0><tr>");
subtable = 1;
@@ -8469,7 +8469,7 @@
}
}
- if (index < n_attr - 1 && (format_flags[index + 1] & AFF_SAME_LINE) == 0) {
+ if (aindex < n_disp_attr - 1 && (format_flags[attr_index[aindex + 1]] & AFF_SAME_LINE) == 0) {
/* if next attribute not on same line, close row or subtable */
if (subtable) {
rsprintf("</table></td></tr>\n");
@@ -8479,7 +8479,7 @@
}
/* if last attribute, close row or subtable */
- if (index == n_attr - 1) {
+ if (aindex == n_disp_attr - 1) {
if (subtable) {
rsprintf("</table></td></tr>\n");
subtable = 0;
|
|
954
|
Sun Feb 20 15:30:04 2005 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug fix | Linux | 2.5.7 | Re: Problem with 'Show Attributes' option |
> There is a problem with the 'Show Attributes' option
> causing the 'Format ...' options to be ignored.
>
> See attachment for patch.
Thanks a lot. I applied your patch and committed the changes to CVS. |
|
955
|
Tue Feb 22 01:24:41 2005 |
| Neil Swartz | neilswartz@verizon.net | Bug report | Linux | 2.5.7 | Space in logbook name with password list results in "List" menu acting strange |
If you have a space in a logbook name and you enable password list, then
the "List" menu option forces you to the login page each time.
The URL says "aaa+bbb", but when you do not have passwords enabled, the
URL is "aaa bbb" |
|
956
|
Tue Feb 22 10:35:17 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.5.7 | Re: Space in logbook name with password list results in "List" menu acting strange |
> If you have a space in a logbook name and you enable password list, then
> the "List" menu option forces you to the login page each time.
> The URL says "aaa+bbb", but when you do not have passwords enabled, the
> URL is "aaa bbb"
Thanks for reporting this. I fixed it in the current CVS version. |
|
976
|
Tue Mar 8 17:31:55 2005 |
 | Benjamin Brown | brownbr@hotmail.com | Question | Linux | 2.5.7 | Compilation flag/file question |
If I want to go to the latest CVS release, what files do I have to compile
along with the elogd.c file? Also, do I need to use any special gcc flags
for the compilation? Thanks. |
|
977
|
Tue Mar 8 17:34:05 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.5.7 | Re: Compilation flag/file question |
> If I want to go to the latest CVS release, what files do I have to compile
> along with the elogd.c file? Also, do I need to use any special gcc flags
> for the compilation? Thanks.
You need elogd.c, mxml.c and regex.c, the Makefile you can get from CVS as well
http://midas.psi.ch/cgi-bin/cvsweb/elog/Makefile |
|
978
|
Tue Mar 8 19:23:14 2005 |
| Benjamin Brown | brownbr@hotmail.com | Question | Linux | 2.5.7 | Re: Compilation flag/file question |
> > If I want to go to the latest CVS release, what files do I have to compile
> > along with the elogd.c file? Also, do I need to use any special gcc flags
> > for the compilation? Thanks.
>
> You need elogd.c, mxml.c and regex.c, the Makefile you can get from CVS as well
>
> http://midas.psi.ch/cgi-bin/cvsweb/elog/Makefile
Worked like a charm. Thanks again. |