Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 1 of 772  Not logged in ELOG logo
ID Date Icon Author Author Email Category OS ELOG Version Subject
  69591   Mon Dec 5 04:15:17 2022 Reply Konstantin Olchanskiolchansk@triumf.caBug reportLinux3.14 EL7 EPELremove elog from EPEL and Fedora.
> elogd binary from EPEL

thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and 
did not include the security patches that went it right before covid started in the Winter of 2020.

the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).

I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").

https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm

https://packages.fedoraproject.org/pkgs/elog/elog/
https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html

note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."

K.O.
  69590   Fri Dec 2 14:44:46 2022 Idea Laurent Jean-Rigaudlollspam@free.frBug reportLinux3.14 EL7 EPELRe: custom css not loaded

Update : i tryed with last git, w/o ldap support and it seems the problem is solved with CCS URL on same machine (just replace the elogd binary from EPEL by new one just build w/o LDAP support and fallback on File to login for testing).

So my problem is the error during build with LDAP auth (since using C++) :-(

...

+ cd elog-3-14
+ make USE_SSL=1 USE_LDAP=1 USE_KRB5=1 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml'
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -c -o mxml.o mxml/mxml.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -w -c -o crypt.o src/crypt.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -c -o strlcpy.o mxml/strlcpy.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -o elog src/elog.cxx mxml.o crypt.o strlcpy.o -lssl -lkrb5 -lldap -llber
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -w -c -o auth.o src/auth.cxx
src/auth.cxx: In function 'int auth_verify_password_ldap(LOGBOOK*, const char*, const char*, char*, int)':
src/auth.cxx:283:60: error: 'ldap_simple_bind_s' was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:290:26: error: 'ldap_unbind' was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:295:23: error: 'ldap_unbind' was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function 'int ldap_adduser_file(LOGBOOK*, const char*, const char*, char*, int)':
src/auth.cxx:323:60: error: 'ldap_simple_bind_s' was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:330:26: error: 'ldap_unbind' was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:358:26: error: 'ldap_unbind' was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:369:62: error: 'ldap_get_values' was not declared in this scope
          if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
                                                              ^
src/auth.cxx:378:35: error: 'ldap_value_free' was not declared in this scope
             ldap_value_free(values);
                                   ^
src/auth.cxx:386:23: error: 'ldap_unbind' was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function 'int auth_verify_password(LOGBOOK*, const char*, const char*, char*, int)':
src/auth.cxx:593:73: error: invalid conversion from 'const char*' to 'char*' [-fpermissive]
          if (get_user_line(lbs, user, NULL, NULL, NULL, NULL, NULL, NULL) == 2) {
                                                                         ^
In file included from src/auth.cxx:30:0:
src/elogd.h:282:5: error:   initializing argument 2 of 'int get_user_line(LOGBOOK*, char*, char*, char*, char*, BOOL*, time_t*, int*)' [-fpermissive]
 int get_user_line(LOGBOOK * lbs, char *user, char *password, char *full_name, char *email,
     ^
make: *** [auth.o] Error 1
error: Bad exit status from /home/il/jeanrigaudl/rpmbuild/tmp/rpm-tmp.cKJL45 (%build)

 

Updated :

  1. from google (https://www.openldap.org/lists/openldap-technical/201104/msg00030.html), it seems it's necessary to add before "#include ldap.h" in src/auth.cxx
#define LDAP_DEPRECATED 1
  1. A cast must be added to src/auth.cxx:593 as already done somewhere with C++ commit :

         if (get_user_line(lbs, (char *) user, NULL, NULL, NULL, NULL, NULL, NULL) == 2) {
 

-> elogd builds now with ldap :-) .

I installed elogd binary and i could login and the css url problem is gone.

 

Thanks to update auth.cxx (2 mods) and buildrpm (2 mods) in git (sorry, no pull request).

 

NB : PAM can not be activated under EL7 with same type of error. I disabled the feature as i do not use it.

 

+ cd elog-3-14
+ make USE_SSL=1 USE_PAM=1 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml'
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_PAM -c -o mxml.o mxml/mxml.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_PAM -w -c -o crypt.o src/crypt.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_PAM -c -o strlcpy.o mxml/strlcpy.cxx
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_PAM -o elog src/elog.cxx mxml.o crypt.o strlcpy.o -lssl -lpam -llber
c++ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_PAM -w -c -o auth.o src/auth.cxx
src/auth.cxx: In function 'int elog_conv(int, const pam_message**, pam_response**, void*)':
src/auth.cxx:452:59: error: invalid conversion from 'void*' to 'pam_response*' [-fpermissive]
    if((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL)
                                                           ^
src/auth.cxx:457:33: error: invalid conversion from 'void*' to 'const char*' [-fpermissive]
    if(!(resptok = strdup(my_data))) {
                                 ^
In file included from src/elogd.h:46:0,
                 from src/auth.cxx:30:
/usr/include/string.h:172:14: error:   initializing argument 1 of 'char* strdup(const char*)' [-fpermissive]
 extern char *strdup (const char *__s)
              ^
make: *** [auth.o] Error 1
error: Bad exit status from /home/il/jeanrigaudl/rpmbuild/tmp/rpm-tmp.V2LE4L (%build)

 

 

 

 

Laurent Jean-Rigaud wrote:

Hi,

I use some CSS for each elog to resize column correcly and it seems that current ELOG version 3.14 available from EPEL for EL7 has a problem (maybe others also).

The browser console displays an error when loading ELOG logbook page (french locale ):

La feuille de style https:/xxxxx.xxx.xx/elog/MCO/1130_171749_REUNION_20221130_Q01.jpgelog-mco.css n’a pas été chargée car son type MIME, « text/html », n’est pas « text/css ».

It seems ELOG server send the css link with enclosure path (https:/xxxxx.xxx.xx/elog/MCO/1130_171749_REUNION_20221130_Q01.jpg) + css file (elog-mco.css) ?!?

I tryed to rebuild the last source from git under EL7 but it fails with LDAP libs (C++ regression already reported in elog:forum/69478). :-(

 

Thanks for help.

Laurent

 

  69589   Fri Dec 2 14:12:35 2022 Warning Laurent Jean-Rigaudlollspam@free.frBug fixLinux3.14 gitBuildrpm / copy .cxx in place of .c

Hi Stefan,

It seems buildrpm should be updated to take care of cpp files. Plz replace "cp <blahblah>.c ..." by "cp <blahblah>.cxx ..." .

Also, uncomment the hostname test witch activates all authentification options by default. It should be done by adding options as follow : buildrpm ver rel -ldap -ker ...

By default, i can not build elog with LDAP.

 

After that mods, rpms are builded under EL7 (w/o LDAP support which is not useful for me).

 

Bye

Laurent

  69588   Fri Dec 2 14:02:49 2022 Warning Laurent Jean-Rigaudlollspam@free.frBug reportLinux3.14 EL7 EPELcustom css not loaded

Hi,

I use some CSS for each elog to resize column correcly and it seems that current ELOG version 3.14 available from EPEL for EL7 has a problem (maybe others also).

The browser console displays an error when loading ELOG logbook page (french locale ):

La feuille de style https:/xxxxx.xxx.xx/elog/MCO/1130_171749_REUNION_20221130_Q01.jpgelog-mco.css n’a pas été chargée car son type MIME, « text/html », n’est pas « text/css ».

It seems ELOG server send the css link with enclosure path (https:/xxxxx.xxx.xx/elog/MCO/1130_171749_REUNION_20221130_Q01.jpg) + css file (elog-mco.css) ?!?

I tryed to rebuild the last source from git under EL7 but it fails with LDAP libs (C++ regression already reported in elog:forum/69478). :-(

 

Thanks for help.

Laurent

  69587   Mon Nov 21 13:32:04 2022 Reply David PilgramDavid.Pilgram@epost.org.ukQuestionWindows3-1-4Re: Planned maintenance at the top of ELOG listing

The way to do this is to ensure that the date of the entry is in the future.  As a hard -core linux (ab)user of elog, I create an entry, then dive into the yymmdda.log files, and edit it so that the date at the top of the entry is, for example, Sat, 31 Dec 2022 23:59:59.  Then, that entry will remain at the top of the listings until the New Year.  I do this very thing for the very same reason, i.e. to keep one entry at the top of the listings until after a certain date.

It may be that if you have "date of entry" field and sort by that, you could set the date of entry in the future.  I've not tried that.

The same effect could be done by adjusting the computer/server's date to the future, make the entry and then reset back to the present, but that may well be unpopular and impractical.  On a single computer, I have done this, although I then changed to editing the yymmdda.log file directly.

Finn Junker wrote:

We use our instance of ELOG as a operations log so that newest events are sorted at the top.

Sometimes we are also up front informed about planned maintenance, and i would be nice to could "pin" them at the top - before the sorting, so that operatores could have them in mind when starting a new shift. Have anyone found a way to solve this?

Kind Regards Finn

 

  69586   Mon Nov 21 09:46:46 2022 Question Finn Junkerfj@tvis.netQuestionWindows3-1-4Planned maintenance at the top of ELOG listing

We use our instance of ELOG as a operations log so that newest events are sorted at the top.

Sometimes we are also up front informed about planned maintenance, and i would be nice to could "pin" them at the top - before the sorting, so that operatores could have them in mind when starting a new shift. Have anyone found a way to solve this?

Kind Regards Finn

  69585   Wed Nov 16 12:01:29 2022 Reply Hayg Gulerhayg.guler@ijclab.in2p3.frQuestionLinux 3.1.4-395e101Re: Post using html form

Dear Stefan,

that is strange since I logged in ... 

It seems like when I go in the shift check topic in the elog, it does not get my login id ... is there something coming from the HTML file that should be set in order to get the login from elog ?

see in the attached image : I am logged in but I still need to feed the Author item. And even If I fill it, 

And then if I Click on new to write a new filling form, author is not filled as you could see on the second image "Author ?"  ...

so I don' see from where appears the problem

 

Stefan Ritt wrote:

Probably people have to log in to the logbook before opening the form. I guess the "submit not allowed" comes from the fact that they access the logbook as a guest.

Stefan

Hayg Guler wrote:

Dear All,

we are trying to post from an HTML form, as included in our config file :

 

[ShiftCheck]
Comment = Shift Check List (exemple a modifier)
Attributes = Author, D, M, Y, Shift, LasE, LasIris, Q, E, Li, TL, RI
Quick filter = Shift, Author
Options Shift = Morning, Evening, Night

Enable attachments = 0
Show text = 1
Custom new form = /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html
Custom edit form =  /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html
Custom display form =  /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html

 

we are facing the following problem when trying to submit :

--> Error: Command "Submit" not allowed

 

is there something missing in our config file ?

 

Many thanks in advance

 

 

Attachment 1: elog.png
elog.png
Attachment 2: elog2.png
elog2.png
  Draft   Wed Nov 16 11:13:33 2022 Reply Hayg Gulerhayg.guler@ijclab.in2p3.frQuestionLinux 3.1.4-395e101Re: Post using html form

Dear Stefan,

that is strange since I logged in ... 

It seems like when I go in the shift check topic in the elog, it does not get my login id ... is there something coming from the HTML file that should be set in order to get the login from elog ?

Stefan Ritt wrote:

Probably people have to log in to the logbook before opening the form. I guess the "submit not allowed" comes from the fact that they access the logbook as a guest.

Stefan

Hayg Guler wrote:

Dear All,

we are trying to post from an HTML form, as included in our config file :

 

[ShiftCheck]
Comment = Shift Check List (exemple a modifier)
Attributes = Author, D, M, Y, Shift, LasE, LasIris, Q, E, Li, TL, RI
Quick filter = Shift, Author
Options Shift = Morning, Evening, Night

Enable attachments = 0
Show text = 1
Custom new form = /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html
Custom edit form =  /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html
Custom display form =  /www/Web/htdocs/elog/sites/THOMX/shiftcheck.html

 

we are facing the following problem when trying to submit :

--> Error: Command "Submit" not allowed

 

is there something missing in our config file ?

 

Many thanks in advance

 

 

ELOG V3.1.4-bcd7b50