ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
69591
|
Mon Dec 5 04:15:17 2022 |
| Konstantin Olchanski | olchansk@triumf.ca | Bug report | Linux | 3.14 EL7 EPEL | remove elog from EPEL and Fedora. | > elogd binary from EPEL
thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and
did not include the security patches that went it right before covid started in the Winter of 2020.
the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).
I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").
https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm
https://packages.fedoraproject.org/pkgs/elog/elog/
https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html
note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."
K.O. |
69592
|
Tue Dec 20 17:37:42 2022 |
| Germano Massullo | germano.massullo@cern.ch | Bug report | Linux | 3.14 EL7 EPEL | remove elog from EPEL and Fedora. | > > elogd binary from EPEL
>
> thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and
> did not include the security patches that went it right before covid started in the Winter of 2020.
>
> the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).
>
> I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").
>
> https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm
>
> https://packages.fedoraproject.org/pkgs/elog/elog/
> https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
> https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html
>
> note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."
>
> K.O.
Good day, elog has never been retired in EPEL 7. It is still there
https://src.fedoraproject.org/rpms/elog/tree/epel7
I am pretty sure because I am a Fedora/RHEL package maintainer and a retired package should contain in its Git branch only a file named "dead.package" |
69593
|
Tue Dec 20 21:16:37 2022 |
| Germano Massullo | germano.massullo@cern.ch | Bug report | Linux | 3.1.4 | URL causes elog crash | Hello, the following URL
https://foo.bar/elog/Shift+Reports/?new_user_name=a2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.com&new_full_name=a2seferewd%40fanneat.com&new_user_email=a2seferewd%40fanneat.com&newpwd=asdf&newpwd2=asdf&cmd=Save
causes elog 3.1.4 to crash. I attach full GDB trace
(gdb) set height 0
(gdb) set print elements 0
(gdb) set print frame-arguments all
(gdb) thread apply all backtrace
Thread 1 (Thread 0x7fc6d1624840 (LWP 1126)):
#0 0x00007fc6d06c6387 in raise () from /lib64/libc.so.6
#1 0x00007fc6d06c7a78 in abort () from /lib64/libc.so.6
#2 0x00007fc6d0708f67 in __libc_message () from /lib64/libc.so.6
#3 0x00007fc6d07a87a7 in __fortify_fail () from /lib64/libc.so.6
#4 0x00007fc6d07a6922 in __chk_fail () from /lib64/libc.so.6
#5 0x00007fc6d07a5e2b in _IO_str_chk_overflow () from /lib64/libc.so.6
#6 0x00007fc6d070d031 in __GI__IO_default_xsputn () from /lib64/libc.so.6
#7 0x00007fc6d06dd033 in vfprintf () from /lib64/libc.so.6
#8 0x00007fc6d07a5eb8 in __vsprintf_chk () from /lib64/libc.so.6
#9 0x00007fc6d07a5e0d in __sprintf_chk () from /lib64/libc.so.6
#10 0x0000000000423b5b in sprintf (__fmt=<optimized out>, __s=<optimized out>) at /usr/include/bits/stdio2.h:33
#11 get_user_line (lbs=<optimized out>, lbs@entry=0x2833748,
user=user@entry=0x7fffc84d0780 "a2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.combasar", password=password@entry=0x0, full_name=full_name@entry=0x0, email=email@entry=0x0, email_notify=email_notify@entry=0x0,
last_logout=last_logout@entry=0x0, inactive=inactive@entry=0x0) at src/elogd.c:25739
#12 0x0000000000433d0a in save_user_config (lbs=lbs@entry=0x2833748,
user=0x7704fc <_value+1500> "a2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.coma2seferewd@fonomsdfef.com", new_user=new_user@entry=1) at src/elogd.c:13343
#13 0x0000000000456068 in do_self_register (lbs=0x2833748, command=0x7fffc84d2650 "Save") at src/elogd.c:26768
#14 0x000000000045c1f7 in interprete (lbook=lbook@entry=0x7fffc84f92f0 "Shift Reports", path=path@entry=0x7fffc84d4430 "") at src/elogd.c:27594
#15 0x000000000045ecc6 in decode_get (logbook=logbook@entry=0x7fffc84f92f0 "Shift Reports", string=<optimized out>) at src/elogd.c:28393
#16 0x0000000000460970 in process_http_request (request=<optimized out>,
request@entry=0x284bee8 "GET /Shift+Reports/?new_user_name=a2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.coma2seferewd%402sefddsfgfd.com&new_full_name=a2seferewd%40fanneat.com&new_user_email=a2seferewd%40fanneat.com&newpwd=asdf&newpwd2=asdf&cmd=Save", i_conn=i_conn@entry=1) at src/elogd.c:29201
#17 0x00000000004623d2 in server_loop () at src/elogd.c:30212
#18 0x0000000000404209 in main (argc=8, argv=0x7fffc84fb6c8) at src/elogd.c:3123
|
69594
|
Tue Dec 27 12:44:52 2022 |
| Andrey | kowaraj4stuff@gmail.com | Info | All | ELOG V3.1.4-493 | Duplicated \n in "plain" format with new WebKit | Dear Stefan,
There is a problem with editing an Elog page in "plain" format with the following "User Agent" :
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15"
It duplicates the newline symbols such that "1<CRLF>2" becomes "1<CRLF><CRLF>2". If edited again - "1<CRLF><CRLF><CRLF><CRLF>2".
I blame the new version of the Apple WebKit.
It works fine with Chrome (user agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"). But fails with Safari.
Could you please have a look?
Thank you in advance,
Andrey Pashnin
AMS collaboration
|
69595
|
Wed Dec 28 16:09:30 2022 |
| Andrey | kowaraj4stuff@gmail.com | Info | All | ELOG V3.1.4-493 | bug report to webkit.org | It shound't be a "bug report", sorry. I have changed the category to "Info".
It seems to be really a bug in the WebKit core. I have created a bug report there. For reference: https://bugs.webkit.org/show_bug.cgi?id=249923
I am going to try to patch the ELOG code to handle the content of the textarea in the "plain" format.... it doesn't seem possible though. |
69596
|
Thu Dec 29 20:26:11 2022 |
| Andrey | kowaraj4stuff@gmail.com | Bug fix | All | ELOG V3.1.4-493 | a hack around | FYI.
Removing "wrap=hard" on the line #11461 in the elogd.cxx file resolves my problem.
- rsprintf("<textarea rows=%d cols=%d wrap=hard name=\"Text\">\n", height, width);*/
+ rsprintf("<textarea rows=%d cols=%d name=\"Text\">\n", height, width);
|
69597
|
Fri Dec 30 00:46:03 2022 |
| Konstantin Olchanski | olchansk@triumf.ca | Bug fix | All | ELOG V3.1.4-493 | a hack around | - rsprintf("<textarea rows=%d cols=%d wrap=hard name=\"Text\">\n", height, width);
+ rsprintf("<textarea rows=%d cols=%d name=\"Text\">\n", height, width);
my vote is to remove "wrap=hard":
1) I try to read the specs and my head explodes: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/textarea
2) textarea should just accept input typed by user, should not try to "neatify" it. if user wants long lines, we should let them.
3) this bug (introduced in recent safari, the best I can tell)
K.O. |
69598
|
Mon Jan 2 12:32:13 2023 |
| Andrey Pashnin | kowaraj4stuff@gmail.com | Info | All | ELOG V3.1.4-493 | webkit bug | FYI
They seem to have accepted the bug report:
https://bugs.webkit.org/show_bug.cgi?id=249923 |
|