| ../irclogs/#mantishelp.2010-09-02.log | ||
| --- scribe started --- | 00:00 | |
| davidinc_ | Hi | 07:22 |
|---|---|---|
| davidinc_ | Ok finally I get the recent version of ManTweet pluigin | 07:22 |
| davidinc_ | there is small bug Fatal error: Call to undefined function db_unixtimestamp() in /var/www/mantisbtd/plugins/ManTweet/mantweet_api.php on line 119 | 07:23 |
| davidinc_ | this happens when you try to post | 07:23 |
| davidinc_ | if I commit those lines it works | 07:24 |
| davidinc_ | nuclear_eclipse: Any suggestion?? | 07:37 |
| CIA-100 | Mantisbt: roland master-1.2.x * r085097fc6861 /core/summary_api.php: Fix #12309: XSS issues when viewing Summary page | 11:24 |
| CIA-100 | Mantisbt: roland * r61e90d0653f1 /core/summary_api.php: Fix #12309: XSS issues when viewing Summary page | 11:25 |
| CIA-100 | Mantisbt: hickseydr * redb817991b99 /library/nusoap/ (class.wsdl.php nusoap.php): Fix #12312: NuSOAP web description XSS vulnerability | 12:01 |
| CIA-100 | Mantisbt: hickseydr * rc4f0d68e287f /library/ (2 files in 2 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs | 12:01 |
| CIA-100 | Mantisbt: hickseydr master-1.2.x * rbce955ce73a1 /library/ (2 files in 2 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs | 12:01 |
| CIA-100 | Mantisbt: hickseydr master-1.2.x * r6b2e71539e59 /library/nusoap/ (class.wsdl.php nusoap.php): Fix #12312: NuSOAP web description XSS vulnerability | 12:01 |
| dhx_m | nuclear_eclipse: any chance we could push out 1.2.3 when you get a free moment? | 12:06 |
| dhx_m | giallu, micahg: you may want to ping NuSOAP package maintainers about the NuSOAP issue in case upstream takes a while to respond | 12:10 |
| dhx_m | giallu, micahg: a patch is provided at http://www.mantisbt.org/bugs/view.php?id=12312 and the upstream report is at http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 | 12:10 |
| dhx_m | the patch is not thoroughly tested yet however | 12:12 |
| nuclear_eclipse | dhx_m: if I get a chance today or tomorrow I will | 12:14 |
| dhx_m | nuclear_eclipse: thanks :) | 12:14 |
| dhx_m | nuclear_eclipse: the change log is essentially "a few security fixes and minor bug fixes" | 12:15 |
| dhx_m | nothing exciting this time | 12:15 |
| nuclear_eclipse | the XSS in NuSOAP *is* the exciting part :P | 12:16 |
| dhx_m | well... about 6 XSS issues of which 1-2 are exploitable by anyone, the other 4-5 require a rogue MantisBT administrator (highly unlikely) | 12:16 |
| dhx_m | yep | 12:17 |
| dhx_m | ah it seems Oliver Berger maintains NuSOAP in Debian (he has been involved with MantisBT development in the past months) | 12:19 |
| dhx_m | I'll send a message | 12:19 |
| giallu | dhx_m, this is what we get for bundling libs | 13:05 |
| dhx_m | giallu: it's an unpatched vulnerability in NuSOAP | 13:08 |
| dhx_m | and I agree on bundling... it sucks (I have wanted to banish our bundled libraries for a long time) | 13:08 |
| giallu | yeah. which would not force _us_ to release a new version | 13:08 |
| giallu | if it wasn't there... | 13:08 |
| nuclear_eclipse | giallu: if we didn't bundle libs, then everybody would bitch at us when either a) they can't figure out how to get it to work, or b) the installation process involves too much "download this, this, and this".... =\ | 13:08 |
| dhx_m | giallu: the upshot is that we're 1000 times faster at patching it than NuSOAP :p | 13:09 |
| dhx_m | nuclear_eclipse: I recon the bundled libraries should only be added at build time (rather than be bundled in our source tree) | 13:10 |
| dhx_m | of course, that could make it harder for people to work with the git repository | 13:11 |
| dhx_m | so we'd need to document an easy/proper way of setting up a MantisBT development environment | 13:11 |
| nuclear_eclipse | dhx_m: except then either we need to maintain more repositories, or we would need to set up and maintain some sort of patch queue to apply to an upstream build... | 13:11 |
| nuclear_eclipse | either way it gets a lot more complicated | 13:11 |
| dhx_m | yep | 13:12 |
| dhx_m | dropping outdated libraries would help too :) | 13:12 |
| nuclear_eclipse | yeah, have fun with that :P | 13:12 |
| dhx_m | I didn't offer my assistance btw :p | 13:12 |
| nuclear_eclipse | exactly, everyone here dislikes the current bundled library situation, but nobody has the time or the right answer to fix it ;) | 13:14 |
| giallu | anyway. I reported https://bugzilla.redhat.com/show_bug.cgi?id=629585 | 13:36 |
| giallu | any other info for the packager? patch or something? | 13:36 |
| giallu | ah sorry | 13:36 |
| giallu | just saw the link | 13:36 |
| lrojas | nuclear_eclipse: morning! | 14:23 |
| lrojas | nuclear_eclipse: are you by any chance awake? | 14:24 |
| nuclear_eclipse | lrojas: at work right now, but ask away and I'll respond when I get the chance | 14:32 |
| lrojas | nuclear_eclipse: thanks, i will try not to take up too much of your time, i am just trying to figure out how to configure the Source integration plugin for mantis | 14:36 |
| lrojas | nuclear_eclipse: i enabled the SourceSVN and SourceWebSVN on top of meta and Source | 14:37 |
| lrojas | but i am having issues making it "work", probably i am configuring it wrong... | 14:38 |
| lrojas | can you please explain a bit what i need to set up for it to work with svn ? | 14:38 |
| lrojas | all i can find on the web is related to 0.13, and 0.16 looks suficiently diferent that i am a bit lost | 14:39 |
| nuclear_eclipse | lrojas: what server OS, what version of SVN are you using? | 14:42 |
| lrojas | Server is Snow Leopard OS X 10.6.4, svn is 1.6.5 | 14:42 |
| lrojas | and mantis 1.2.2 | 14:43 |
| nuclear_eclipse | lrojas: a) make sure your PHP is configured to allow shell calls, b) make sure that `svn` is either in the web server's default path, or configure sourcesvn to tell it the full path to `svn`, and c) if you're using https/ssh, make sure the web server account can validate the server certificates | 14:46 |
| nuclear_eclipse | if you've checked all three of those, then my only suggestion is to start adding debug output in sourcesvn to show the result of the `svn` shell calls and see if you can find any error messages that might clue in on the problem | 14:47 |
| lrojas | nuclear_eclipse: that's one of the things i find weird about the 0.16 version, in the screenshots for the 0.13 i see the sourcesvn plugin has a link in it's name but in 0.16 that link is not there | 14:48 |
| nuclear_eclipse | lrojas: the config options for sourcesvn have been merged into the basic source integration configuration screen | 14:49 |
| lrojas | i tried there to put the path to the svn binary, ( my binary is at /svn/bin/svn ) but i get is an invalid location... | 14:52 |
| lrojas | the error i get is : http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.sshtricks | 14:53 |
| lrojas | *sigh* | 14:53 |
| lrojas | sorry | 14:53 |
| lrojas | is: Path to Subversion binary invalid or inaccessible | 14:54 |
| lrojas | ahhh | 14:55 |
| lrojas | hold on | 14:55 |
| lrojas | since the www "user" has no home or nothing... shouldnt www have the standard path thus having svn on the path and /usr/bin/svn would be valid? | 14:56 |
| lrojas | nuclear_eclipse: when setting a repository of type SVN, can the url be file:///Path/to/repository ? | 15:18 |
| lrojas | nuclear_eclipse: i ask because, we use svn over ssh it's usually svn+ssh | 15:18 |
| lrojas | nuclear_eclipse: can the software handle svn+ssh for SVN or WebSVN repository types? if not, what is the propper url type for a server that is not running svnserve but gets launched on ssh connections | 15:47 |
| lrojas | nuclear_eclipse: another more important question i think is, how do i make sure the plugin in mantis monitors svn commits so that commits get added automatically ? instead of having to import latest transactions always | 15:54 |
| nuclear_eclipse | lrojas: any repo url should be fine as long as the web server's shell account can access that location | 15:58 |
| Github | mantisbt: master-1.2.x Roland Becker * 085097f (1 files in 1 dirs): Fix #12309: XSS issues when viewing Summary page ... | 16:30 |
| Github | mantisbt: master-1.2.x David Hicks * 6b2e715 (2 files in 1 dirs): Fix #12312: NuSOAP web description XSS vulnerability ... | 16:30 |
| Github | mantisbt: master-1.2.x David Hicks * bce955c (1 files in 1 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs | 16:30 |
| Github | mantisbt: master-1.2.x commits 2de04c7...bce955c - http://bit.ly/9cmYua | 16:30 |
| lrojas | nuclear_eclipse: sorry to bother you, i got everything working.. just one more question | 22:00 |
| lrojas | nuclear_eclipse: is there any way to make a commit hook in svn so that latest changes are automatically imported ? | 22:01 |
| lrojas | nevr mind, just found the post_commit template inside the dir | 22:12 |
| CIA-100 | Mantisbt: giallu * rb91694764c8a /docbook/Admin_Guide/ (8 files in 2 dirs): Create skeleton for new xml based admin guide with publican. | 23:26 |
| CIA-100 | Mantisbt: giallu * r72a1b5102e91 /docbook/Admin_Guide/en-US/ (14 files): Import former SGML manual | 23:26 |
| CIA-100 | Mantisbt: giallu * r47d77d67f15c /docbook/Admin_Guide/en-US/Admin_Guide.xml: Hide generic preface stuff for now | 23:26 |
| CIA-100 | Mantisbt: giallu * r8b23ec292c07 /docbook/Developers_Guide/ (8 files in 2 dirs): Add empty Developers Guide created with publican | 23:26 |
| CIA-100 | Mantisbt: giallu * r23d138c70dbf /docbook/Developers_Guide/en-US/ (17 files): Convert SGML files to XML | 23:26 |
| CIA-100 | Mantisbt: giallu * r09a2d8cd5c39 /docbook/ (36 files in 3 dirs): Remove old SGML manual | 23:26 |
| giallu | whoa... spam! | 23:26 |
| CIA-100 | Mantisbt: giallu * r2d0e00a4598c /docbook/Admin_Guide/en-US/ (4 files): replace "link" tag with "xref" for cross references | 23:26 |
Generated by irclog2html.py