Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 12 of 236  Not logged in ELOG logo
Entry   Paid version , posted by Vasio on Mon Jul 4 12:32:01 2022 

Good day all ,

does Elog has a paid version that is not open soureced 

 

regards


William Vasio 

icon5.gif   Slow performance, posted by Alan Grant on Tue Jun 28 18:53:50 2022 

We're up to 30 logbooks, 3.2GB data total and Elog damen has now become slow. Performance stats show 100%CPU on startup then reduces. Searches and general UI activity is slow. It runs on a VM with 4GB memory allocated. Up to 15 concurrent users.

Trimming and archiving some data files may help but I gather overall this is underpowered hardware in this instance so what is recommended system requirements for a config like this?

    icon2.gif   Re: Slow performance, posted by Andreas Luedeke on Sat Jul 2 14:39:41 2022 

We have 68 logbooks and currently 60 GB data total. We run it as well on a VM, in our case with 8GB RAM.
The speed of ELOG is mostly given by the filesystem: when we had AFS it was very slow. With NFS it was better. But we now use a local disk on the VM: that is much better.
If you want to have the best performance (upload of large files can still slow down all users) then I would recomment local SSD for the file system of elogd.

You might talk to your system administrator: they can likely provide a local SSD on the VM server host.

Alan Grant wrote:

We're up to 30 logbooks, 3.2GB data total and Elog damen has now become slow. Performance stats show 100%CPU on startup then reduces. Searches and general UI activity is slow. It runs on a VM with 4GB memory allocated. Up to 15 concurrent users.

Trimming and archiving some data files may help but I gather overall this is underpowered hardware in this instance so what is recommended system requirements for a config like this?

 

icon5.gif   Edit entry from command line and appending attachment, posted by Andrea Capra on Sun Jun 26 01:47:02 2022 

I would like to edit an existing entry by adding new attachments at each call of elog from the command line.

If I issue

elog -h localhost -p 8XXX -l test -f /path/to/file_0.pdf -e N -x

and then 

elog -h localhost -p 8XXX -l test -f /path/to/file_1.pdf -e N -x

file_1.pdf replaces file_0.pdf, while I'd like entry N to have both pdfs.

Is there a workaround?

 

 

icon1.gif   ladp Invalid user name or password!, posted by Fred Nerks on Wed May 11 09:54:17 2022 

Hi I am running elog on windows 2022 server and trying to use ldap for Auth.

No matter what i do I cannot get it to authenticate against the DC.

Invalid user name or password!

11-May-2022 17:09:15 [xxx.xxx.xxx.xxx] {TrainingHouse1} LOGIN user "xxxxx" (attempt)

Using an LDAP browser I can connect to the DC without issue so not firewall.

Not sure what I am doing wrong.

[global]
port = 5050
Page title = Elog Training
Entries per page = 25
Password file = password.pwd
List page title = Elog Training
Login page title = Elog Training
Show top groups = 0
Logbook tabs = 0
Menu commands = Back, New, Find, Download, Logout
List Menu commands = New, Find, Logout
Self register = 0
Max content length = 100000
Allow password change = 0
Enable attachments = 0
Show attachments = 0
Hide attachments = 1
List after submit = 1
Logout to main = 0
Allowed encoding = 5
Default encoding = 1
Welcome title = Elog Training LogBook.
## Welcome title = <font size=5 color=white>Elog Training LogBook </font><img src="elog.png">
Summary lines = 5
Summary line length = 100
Search all logbooks = 0
Refresh = 300
Login expiration = 0
Reply string = 
Suppress default = 2
Thread display = $category entered by $author on $Entry time
Thread icon = Icon
Preset on reply author = $long_name
All display limit = 300
Start page = ?last=31
Bottom text =
Bottom text login = <font size=5 color=Red><center></br>ELOG Training web site</center></font>

[ADTrainingHouse1]
Hidden = 0
Authentication = LDAP, File
LDAP server = ldap://xxxxxx.xxxxx.xxxx.xxxx.xxxx.au:389
LDAP userbase = OU=Users,OU=CP,DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx,DC=au
LDAP login attribute = uid
LDAP register = 0
Theme = default
Comment =Training House 1 LogBook
Preset Author = $long_name
Locked Attributes = Author
Attributes = Category, Codes, Residents Involved, Medical, Synopsis, Event Date, Author
Options Synopsis = Yes, No
MOptions Medical = Yes
MOptions Residents Involved = Pleaseadd, Test User
Extendable options = Residents Involved
Style Synopsis Yes = background-color:yellow
Style Medical Yes = background-color:green
Type Event Date = datetime
Preset Event Date = $datetime
Date format %A %B %d %Y %H:%M 
List Display = ID, Event Date, Category, Medical, Codes, Residents Involved, Synopsis, Date, Author
MOptions Category = Assault, Death, Fire, Illness, Inappropriate Sexualised Behaviour, Injury To Child, Injury To Staff, Property Damage, Self-Harm, Substance Misuse, Theft/Loss, Threat
MOptions Codes = MED, ACH, LEGAL, MPR, P/C, PSYCH, MFP, BEH, INC, CM, FAM, INFO, MVT, OBS, POLICE, PROG, ROU, VIS, S/O
Required Attributes = Author, Event Date, Codes
Style Codes MED = background-color:green
Page Title = DCP Elog Training
Reverse sort = 1
Quick filter = Date, Category, Codes, Medical,
Sort Attributes = Event Date
Logfile = traininghouse1.log
Logging level = 3
Bottom text =

    icon2.gif   Re: ladp Invalid user name or password!, posted by Fred Nerks on Mon May 23 07:48:40 2022 

 

Fred Nerks wrote:

Hi I am running elog on windows 2022 server and trying to use ldap for Auth.

No matter what i do I cannot get it to authenticate against the DC.

Invalid user name or password!

11-May-2022 17:09:15 [xxx.xxx.xxx.xxx] {TrainingHouse1} LOGIN user "xxxxx" (attempt)

Using an LDAP browser I can connect to the DC without issue so not firewall.

Not sure what I am doing wrong.

[global]
port = 5050
Page title = Elog Training
Entries per page = 25
Password file = password.pwd
List page title = Elog Training
Login page title = Elog Training
Show top groups = 0
Logbook tabs = 0
Menu commands = Back, New, Find, Download, Logout
List Menu commands = New, Find, Logout
Self register = 0
Max content length = 100000
Allow password change = 0
Enable attachments = 0
Show attachments = 0
Hide attachments = 1
List after submit = 1
Logout to main = 0
Allowed encoding = 5
Default encoding = 1
Welcome title = Elog Training LogBook.
## Welcome title = <font size=5 color=white>Elog Training LogBook </font><img src="elog.png">
Summary lines = 5
Summary line length = 100
Search all logbooks = 0
Refresh = 300
Login expiration = 0
Reply string = 
Suppress default = 2
Thread display = $category entered by $author on $Entry time
Thread icon = Icon
Preset on reply author = $long_name
All display limit = 300
Start page = ?last=31
Bottom text =
Bottom text login = <font size=5 color=Red><center></br>ELOG Training web site</center></font>

[ADTrainingHouse1]
Hidden = 0
Authentication = LDAP, File
LDAP server = ldap://xxxxxx.xxxxx.xxxx.xxxx.xxxx.au:389
LDAP userbase = OU=Users,OU=CP,DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx,DC=au
LDAP login attribute = uid
LDAP register = 0
Theme = default
Comment =Training House 1 LogBook
Preset Author = $long_name
Locked Attributes = Author
Attributes = Category, Codes, Residents Involved, Medical, Synopsis, Event Date, Author
Options Synopsis = Yes, No
MOptions Medical = Yes
MOptions Residents Involved = Pleaseadd, Test User
Extendable options = Residents Involved
Style Synopsis Yes = background-color:yellow
Style Medical Yes = background-color:green
Type Event Date = datetime
Preset Event Date = $datetime
Date format %A %B %d %Y %H:%M 
List Display = ID, Event Date, Category, Medical, Codes, Residents Involved, Synopsis, Date, Author
MOptions Category = Assault, Death, Fire, Illness, Inappropriate Sexualised Behaviour, Injury To Child, Injury To Staff, Property Damage, Self-Harm, Substance Misuse, Theft/Loss, Threat
MOptions Codes = MED, ACH, LEGAL, MPR, P/C, PSYCH, MFP, BEH, INC, CM, FAM, INFO, MVT, OBS, POLICE, PROG, ROU, VIS, S/O
Required Attributes = Author, Event Date, Codes
Style Codes MED = background-color:green
Page Title = DCP Elog Training
Reverse sort = 1
Quick filter = Date, Category, Codes, Medical,
Sort Attributes = Event Date
Logfile = traininghouse1.log
Logging level = 3
Bottom text =

Is anyone able to assist with what I am doing wrong is anyone successful used LDAP in windows elog

icon4.gif   PDF preview special steps to enable, posted by Konstantin Olchanski on Fri May 6 21:12:11 2022 
Ubuntu LTS 20.04 and others have elog PDF preview disabled by default. To enable,
please follow these steps, see https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Enable_elog_PDF_preview

Enable elog PDF preview
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion

xemacs -nw /etc/ImageMagick-6/policy.xml
remove this section at the end:
<!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />

K.O.
    icon2.gif   Re: PDF preview special steps to enable, posted by Stefan Ritt on Tue May 10 22:40:26 2022 img.pdf.gz
I have a PDF file created by root which ImageMagic cannot convert to a .png file. If I do

convert img.pdf img.png

it works on my mac, but under RH7.4 the program goes into an infinite loop eating 100% CPU.

I attached the img.pdf, but compressed it to img.pdf.gz, otherwise I cannot post here.

Can anyone figure out why ImageMagick won't convert that file?
icon5.gif   elog root path, posted by Antonio Bulgheroni on Thu May 5 11:14:20 2022 

Dear all, 

I have a question for you. On my elog server I have plenty of images not included in any logbook entry, but that nevertheless I would the user to have access to that via the browser. In order words, I would like to have a link like this https://myelog/my_pics_folder/my_pic.png

I have realized that if I put my_pics_folder in the script folder, then it works as I wanted, but I strongly doubt this is the right position. If I put in the resources folder, it is not found and the elogd displays a message saying that my_pics_folder is not a valid logbook.

Do you have any suggestions for this problem? 

 

Thanks in advance and enjoy your day!

toto

icon5.gif   Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022 

Hi, I have been using elog for years at CERN.

Now I installed in my local workstation at my home inistitue

and sysadmin reported the following vulnerabilities:

  - Configuration File Disclosure (CVE-2019-3992)

  - Password Hash Disclosure (CVE-2019-3993)

  - Use After Free (CVE-2019-3994)

  - NULL Pointer Dereference (CVE-2019-3995)

  - Unintended Proxy (CVE-2019-3996)

Am I doing soimething wrong?

sysadmin will not allow me to use it until it is fixed....

Any help is welcome.

 

    icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022 
The CVEs you refer to are very old and have been fixed a long time ago.

Please refer to:
https://www.tenable.com/security/research/tra-2019-53

This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.

Note that the elog git history does not refer to these CVEs because
they were fixed before the CVE number was assigned, per "Disclosure Timeline"
in the above document. The relevant commits are listed under "Additional References".

K.O.
       icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022 
Ok, many many thanks!
I will pass the info to my sysadmin.
Best Regards.

> The CVEs you refer to are very old and have been fixed a long time ago.
> 
> Please refer to:
> https://www.tenable.com/security/research/tra-2019-53
> 
> This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
> 
> Note that the elog git history does not refer to these CVEs because
> they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> in the above document. The relevant commits are listed under "Additional References".
> 
> K.O.
          icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022 
> Ok, many many thanks!
> I will pass the info to my sysadmin.
> Best Regards.
> 
> > The CVEs you refer to are very old and have been fixed a long time ago.
> > 
> > Please refer to:
> > https://www.tenable.com/security/research/tra-2019-53
> > 
> > This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
> > 
> > Note that the elog git history does not refer to these CVEs because
> > they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> > in the above document. The relevant commits are listed under "Additional References".
> > 
> > K.O.

Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?
             icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022 
> > > The CVEs you refer to are very old and have been fixed a long time ago.
> 
> Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?

I confirm. Windows executables at https://elog.psi.ch/elog/download/windows/
and Debian packages at https://packages.debian.org/search?keywords=elog all
appear to be older than the cve fixes.

I trust Stefan is reading this thread and will do something about it. My vote would
be to remove the download link to the windows executables and ask Debian to remove
the elog package. I think they have a way for upstream developers (Stefan) to request
removal of unmaintained out-of-date insecure versions of their stuff. ROOT
was in the same situation years ago, the Debian package for ROOT was very old version,
also built incorrectly, and everybody complained to us that our stuff does
not work (midas, rootana, etc).

K.O.
                icon2.gif   Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022 
> I trust Stefan is reading this thread and will do something about it. My vote would
> be to remove the download link to the windows executables and ask Debian to remove
> the elog package. I think they have a way for upstream developers (Stefan) to request
> removal of unmaintained out-of-date insecure versions of their stuff. ROOT
> was in the same situation years ago, the Debian package for ROOT was very old version,
> also built incorrectly, and everybody complained to us that our stuff does
> not work (midas, rootana, etc).

Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
If anybody can compile the Windows version with the current source code I would be happy.

Stefan
                   icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022 
> 
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
> switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
> If anybody can compile the Windows version with the current source code I would be happy.
> 
> Stefan

That would be most welcome!
I tried to recompile the windows version a while ago but didn't manage it.
I'm just a simple ELOG __user__ ^^
Looking forward to the new precompiled Windows version.

Thnx in advance!

daniel
                   icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Mon Mar 7 17:46:39 2022 
> > I trust Stefan is reading this thread and will do something about it. My vote would
> > be to remove the download link to the windows executables and ask Debian to remove
> > the elog package. I think they have a way for upstream developers (Stefan) to request
> > removal of unmaintained out-of-date insecure versions of their stuff. ROOT
> > was in the same situation years ago, the Debian package for ROOT was very old version,
> > also built incorrectly, and everybody complained to us that our stuff does
> > not work (midas, rootana, etc).
> 
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
> switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
> If anybody can compile the Windows version with the current source code I would be happy.
> 
> Stefan

FWIW: you could cross-compile on Linux using 
   make CC=x86_64-w64-mingw32-gcc CFLAGS="-D_MSC_VER -DHAVE_VASPRintF -Imxml" LIBS="-Wl,--allow-multiple-definition -ladvapi32 -lwsock32 -lssl -lcrypto"
or so I thought... with build 3.1.4 - 395e101 I did manage, finally. 
However, with the latest git version everything seems to have been renamed to .cxx files (though it's still plain C ??!?!?) and my quick and dirty compile hack did not work. The binaries do work, I can start the server and access it via the web interface.
                      icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Wed Mar 9 17:55:31 2022 elog-3.1.4-1ebfd06c-win64.zip
I've built the last C version of elog in git, revision 1ebfd06c using mingw-64 ; the resulting binaries work for me on Windows 2019.
Attached is a zip file with the binaries.
I was not able to create a new installer, these are just the executables
                         icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 15:47:59 2022 
> I've built the last C version of elog in git, revision 1ebfd06c using mingw-64 ; the resulting binaries work for me on Windows 2019.
> Attached is a zip file with the binaries.
> I was not able to create a new installer, these are just the executables

I tried to just exchange the attached binaries in my installation but this didn't worked.
elogd was not able to start.

Regards,

daniel
                            icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Tue Apr 19 17:02:57 2022 
> > I've built the last C version of elog in git, revision 1ebfd06c using mingw-64 ; the resulting binaries work for me on Windows 2019.
> > Attached is a zip file with the binaries.
> > I was not able to create a new installer, these are just the executables
> 
> I tried to just exchange the attached binaries in my installation but this didn't worked.
> elogd was not able to start.

hmmm strange - did you get an error message or did the binary simply not start?  I've only tested this on a single Windows machine....
                               icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 20:13:04 2022 
> > > I've built the last C version of elog in git, revision 1ebfd06c using mingw-64 ; the resulting binaries work for me on Windows 2019.
> > > Attached is a zip file with the binaries.
> > > I was not able to create a new installer, these are just the executables
> > 
> > I tried to just exchange the attached binaries in my installation but this didn't worked.
> > elogd was not able to start.
> 
> hmmm strange - did you get an error message or did the binary simply not start?  I've only tested this on a single Windows machine....

Error message is:

Error 1053: The service did not respond to the start or control request in a timely fashion.

I have to admit that I'm doing all this on a Server 2012 machine.
                                  icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Fri Apr 22 17:10:24 2022 
> > > > I've built the last C version of elog in git, revision 1ebfd06c using mingw-64 ; the resulting binaries work for me on Windows 2019.
> > > > Attached is a zip file with the binaries.
> > > > I was not able to create a new installer, these are just the executables
> > > 
> > > I tried to just exchange the attached binaries in my installation but this didn't worked.
> > > elogd was not able to start.
> > 
> > hmmm strange - did you get an error message or did the binary simply not start?  I've only tested this on a single Windows machine....
> 
> Error message is:
> 
> Error 1053: The service did not respond to the start or control request in a timely fashion.
> 
> I have to admit that I'm doing all this on a Server 2012 machine.


Windows Server 2012 itself is almost EOL but it should still work, I believe.  I did see that the elog314-2.exe file is a Win32 binary whereas my binaries are 64bit. On Windows Server 2019 did not cause any issues.
Can you try the following
- extract the new elogd.exe binary somewhere , e.g. c:\temp\elogd.exe
- then type
  cd \Program Files (x86)\ELOG
  \temp\elogd.exe

- post the output/error code that you see.


  
                   icon2.gif   Re: Vulnerability?, posted by Laurent Jean-Rigaud on Mon Mar 7 22:07:54 2022 elog-3.1.4-395e101.zip
> > I trust Stefan is reading this thread and will do something about it. My vote would
> > be to remove the download link to the windows executables and ask Debian to remove
> > the elog package. I think they have a way for upstream developers (Stefan) to request
> > removal of unmaintained out-of-date insecure versions of their stuff. ROOT
> > was in the same situation years ago, the Debian package for ROOT was very old version,
> > also built incorrectly, and everybody complained to us that our stuff does
> > not work (midas, rootana, etc).
> 
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
> switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
> If anybody can compile the Windows version with the current source code I would be happy.
> 
> Stefan

Hi Stefan,

I don't find any howto to build elog under windows, so i tried to compile elog-latest sources with cygwin (packages gcc + openssl-devel + openldap-devel + make). 
It builds, i could start elogd.exe and connect to localhost:8080 ! 
I generate a zip with cygwin dll needed to launch elogd and tools. I think they could be enclosed (maybe the cygwin licence file have to be added ?).

Btw it should be possible to crossbuild it under Mac or Linux. The problem is to test it ;-). On Mac, you can use UTM to create a Windows VM to do the work.

Bye
Laurent
                   icon2.gif   Re: Vulnerability?, posted by Florian Heigl on Mon Apr 18 19:16:36 2022 
> > I trust Stefan is reading this thread and will do something about it. My vote would
> > be to remove the download link to the windows executables and ask Debian to remove
> > the elog package. I think they have a way for upstream developers (Stefan) to request
> > removal of unmaintained out-of-date insecure versions of their stuff. ROOT
> > was in the same situation years ago, the Debian package for ROOT was very old version,
> > also built incorrectly, and everybody complained to us that our stuff does
> > not work (midas, rootana, etc).
> 
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
> switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
> If anybody can compile the Windows version with the current source code I would be happy.

it would be good if the current state was listed in https://elog.psi.ch/elogs/Vulnerabilities/ 
It seems there's now updated builds for at least windows, and the debian package still outdated?

Personally, I don't think removing download links and pulling packages should be more than a temporary measure.
Treating people fairly IMHO means they should be able to reach a safe version by the same means that brought and left them exposed.

A clear central source would be best, one that has 

- package autobuilds
- source
- cve list

If I understand correctly, currently only the source is up to date?


(I found py_elog on Github, so it could be an easy option to mirror ELOG there and let some free service handle the autobuilds.
I don't know how well one can flag vulnerabilities there, but likely it's possible, and ideally more people would help there.)


p.s.: My hat is off to the sysadmin who checked carefully, I wanted to introduce ELOG in a windows-centric place and I can't swear I would have checked this (official) download as well.
                      icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 19 21:15:19 2022 
> it would be good if the current state was listed in https://elog.psi.ch/elogs/Vulnerabilities/
> It seems there's now updated builds for at least windows

I checked with Stefan and he plans to address both of those fairly soon.

> debian package still outdated?

We reached to the package maintainer (who is not us), if he cannot help,
we will request package removal through debian official channels. Then we have
to repeat same for the ubuntu package.

> A clear central source would be best ...

this already exists. git clone, make, run.

> p.s.: My hat is off to the sysadmin who checked carefully, I wanted to introduce ELOG in a windows-centric place and I can't swear I 
would have checked this (official) download as well.

I usually check the date of stuff I install and go "hmm..." if it is not super fresh or very fresh.

K.O.
                         icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Fri Apr 22 21:15:37 2022 
> > debian package still outdated?
> We reached to the package maintainer

the good Roger Kalt requested removal of debian package elog
and it is now removed from debian-unstable. I am not sure
if it can be removed from debian-stable releases (debian-11, debian-10).

https://tracker.debian.org/pkg/elog
https://tracker.debian.org/news/1320035/removed-313-1-1-from-unstable/

K.O.
                            icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 17:39:49 2022 
> > > debian package still outdated?
> removed from debian-unstable
> https://tracker.debian.org/pkg/elog
> https://tracker.debian.org/news/1320035/removed-313-1-1-from-unstable/

contacted security@debian.org and they requested removal from the next buster/bullseye point releases:

https://bugs.debian.org/1010196
https://bugs.debian.org/1010197

next is to request removal of ubuntu package.

K.O.
                               icon2.gif   history of long-removed freebsd package, Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 18:03:03 2022 
> > > > debian package still outdated?

the freebsd elog package was removed back in 2014 during
a purge of "not staged" packages. Originally submitted
in 2006, went through at least two maintainers.

https://www.freshports.org/www/elog/

K.O.
                               icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Wed Apr 27 19:36:25 2022 
> next is to request removal of ubuntu package.

contacted ubuntu security team, got very quick response.

they noted our request and informed us that ubuntu cannot remove packages from existing releases.

https://bugs.launchpad.net/ubuntu/+source/elog/+bug/1970480

K.O.
                      icon12.gif   Re: Vulnerability?, posted by Andreas Luedeke on Fri Apr 22 12:55:21 2022 
 
> it would be good if the current state was listed in https://elog.psi.ch/elogs/Vulnerabilities/ 
> It seems there's now updated builds for at least windows, and the debian package still outdated?
> 
> Personally, I don't think removing download links and pulling packages should be more than a temporary measure.
> Treating people fairly IMHO means they should be able to reach a safe version by the same means that brought and left them exposed.
> 
> A clear central source would be best, one that has 
> 
> - package autobuilds
> - source
> - cve list
> 
> If I understand correctly, currently only the source is up to date?
> 
> 
> (I found py_elog on Github, so it could be an easy option to mirror ELOG there and let some free service handle the autobuilds.
> I don't know how well one can flag vulnerabilities there, but likely it's possible, and ideally more people would help there.)
> 
> 
> p.s.: My hat is off to the sysadmin who checked carefully, I wanted to introduce ELOG in a windows-centric place and I can't swear I would have checked this (official) download as well.

Very good ideas! Go ahead and implement them! We very much appreciate your contribution.
       icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sat Apr 23 18:05:57 2022 
> The CVEs you refer to are very old and have been fixed a long time ago.
> 
> Please refer to:
> https://www.tenable.com/security/research/tra-2019-53
> 
> This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
> 
> Note that the elog git history does not refer to these CVEs because
> they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> in the above document. The relevant commits are listed under "Additional References".
> 
> K.O.

I should better capture these "additional references" and the "disclosure timeline"
before they vanish from tenable.com:
https://www.tenable.com/security/research/tra-2019-53

Additional References
https://bitbucket.org/ritt/elog/commits/7367647d40d9b43d529d952d3a063d53606697cb
https://bitbucket.org/ritt/elog/commits/38c08aceda8e5ac4bfdcc040710b5792bd5fe4d3
https://bitbucket.org/ritt/elog/commits/32ba07e19241e0bcc68aaa640833424fb3001956
https://bitbucket.org/ritt/elog/commits/15787c1edec1bbe1034b5327a9d6efa710db480b
https://bitbucket.org/ritt/elog/commits/283534d97d5a181b09960ae1f0c53dbbe42d8a90

Disclosure Timeline
12/3/2019 - Notice sent to stefan.ritt - AT - psi.ch. 90 day is March 3, 2020
12/4/2019 - Dr. Ritt acknowledges the report.
12/9/2019 - Dr. Ritt stages fixes in bitbucket.
12/9/2019 - Tenable provides feedback.
12/10/2019 - Dr. Ritt acknowledges.
12/11/2019 - Tenable reserves CVE.
12/11/2019 - Tenable notes the various ELOG instances maintained by Paul Scherrer Institute are patched.
12/11/2019 - Tenable informs Dr. Ritt and Mr. Roger Kalt (Debian/Ubuntu package manager) of intent to publish CVE tomorrow (Dec. 
12).

K.O.
icon5.gif   Download attachments from command line, posted by Maarten de Jong on Sat Apr 16 10:37:24 2022 

Would it be possible to download attachments (e.g. with elog or wget) from the command line?

    icon2.gif   Re: Download attachments from command line, posted by Stefan Ritt on Tue Apr 19 10:24:47 2022 

Sure. Just figure out the URL from your browser and then use it in wget, e.g.

wget https://elog.psi.ch/elogs/Forum/220309_175728/elog-3.1.4-1ebfd06c-win64.zip

to download one attachement from this forum.

Stefan

Maarten de Jong wrote:

Would it be possible to download attachments (e.g. with elog or wget) from the command line?

 

       icon2.gif   Re: Download attachments from command line, posted by Maarten de Jong on Thu Apr 21 14:19:35 2022 

Thanks - I can confirm that the given command works.
However, for an e-log with username and password protection, this no longer seems to work.
It would be very useful if the elog command can be used to also download attachments (and not only a message).

Stefan Ritt wrote:

Sure. Just figure out the URL from your browser and then use it in wget, e.g.

wget https://elog.psi.ch/elogs/Forum/220309_175728/elog-3.1.4-1ebfd06c-win64.zip

to download one attachement from this forum.

Stefan

Maarten de Jong wrote:

Would it be possible to download attachments (e.g. with elog or wget) from the command line?

 

 

ELOG V3.1.5-3fb85fa6