*** Joins: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) | 01:54 | |
*** Joins: giallu (~giallu@fedora/giallu) | 02:01 | |
*** Joins: kirillka (~Miranda@global-n01.vester.ru) | 02:02 | |
*** Joins: Cupertino (~Cupez@unaffiliated/cupertino) | 02:29 | |
*** Quits: siebrand (~beis@sm.xs4all.nl) (Ping timeout: 245 seconds) | 02:37 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 258 seconds) | 02:38 | |
davidinc | Who is responsible for preparing and arranging the docbook for mantisbt???? | 02:39 |
---|---|---|
davidinc | hi | 02:39 |
*** Joins: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) | 03:07 | |
*** Quits: kirillka (~Miranda@global-n01.vester.ru) (Quit: kirillka) | 03:11 | |
*** Joins: giallu (~giallu@fedora/giallu) | 03:22 | |
davidinc | nuclear_eclipse: Hi | 03:28 |
*** Joins: thefake (838267d2@gateway/web/freenode/ip.131.130.103.210) | 03:47 | |
thefake | hi there, i've a question about the roadmap, specially versions: Hot to remove the release date "Scheduled For Release" like the Mantis Project did at it's own installation, do i really have to edit the source by my own? | 03:49 |
thefake | found it in an old ticket :) $g_show_roadmap_dates = OFF; | 03:56 |
thefake | thx for | 03:56 |
thefake | audience ;) | 03:56 |
*** Quits: thefake (838267d2@gateway/web/freenode/ip.131.130.103.210) (Quit: Page closed) | 03:56 | |
*** Joins: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) | 04:10 | |
*** Quits: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) (Ping timeout: 252 seconds) | 04:53 | |
*** Joins: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) | 05:00 | |
*** Joins: fanno (~Morten@90.184.93.233) | 05:05 | |
*** Joins: paulr (~paul@cpc1-enfi9-0-0-cust389.hari.cable.virginmedia.com) | 05:08 | |
*** Quits: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) (Ping timeout: 252 seconds) | 05:22 | |
*** Joins: samtuke (~samtuke@p57A0D252.dip.t-dialin.net) | 06:06 | |
samtuke | hi, as I recall there used to be a feature allowing documents to be added to a mantis install, allowing users to view them. I can't see this link or configuration option in 1.2.1, has it been depreciated, or how do I use it? I'm referring to the old 'project documentation' | 06:08 |
samtuke | has this been moved to a plugin? | 06:10 |
dhx_m | it's still built in | 06:15 |
dhx_m | but it doesn't get used much by MantisBT users so it could be buggy/non-functional at the moment | 06:16 |
dhx_m | it's a prime candidate for being cut out into a separate plugin | 06:16 |
dhx_m | see config_defaults_inc.php for settings that control this feature on/off, etc | 06:16 |
samtuke | hmm, why was it removed, seems like a simple and useful feature? | 06:16 |
samtuke | thanks, ive found it there | 06:18 |
dhx_m | it's not removed | 06:18 |
samtuke | ill re-enable it and see what happens | 06:18 |
dhx_m | yep | 06:18 |
samtuke | OK, I mean, why was it disabled and not maintained | 06:18 |
dhx_m | it's disabled by default like a lot of MantisBT features | 06:18 |
dhx_m | and it's "not maintained" in the sense that few people (especially developers) seem to use the feature | 06:19 |
*** Joins: atrol (57a67003@gateway/web/freenode/ip.87.166.112.3) | 06:19 | |
*** Quits: atrol (57a67003@gateway/web/freenode/ip.87.166.112.3) (Client Quit) | 06:20 | |
samtuke | OK, thanks for the info :) | 06:24 |
*** Quits: samtuke (~samtuke@p57A0D252.dip.t-dialin.net) (Quit: Leaving) | 06:24 | |
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer) | 06:42 | |
*** Joins: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) | 07:34 | |
nuclear_eclipse | davidinc: hi | 07:34 |
davidinc | nuclear_eclipse: hi | 07:34 |
nuclear_eclipse | I wrote almost everything in the developer guide, but the admin guide is more or less a conversion of the old 1.0.x and 1.1.x manuals, and nobody is officially in charge of maintaining them... =\ | 07:35 |
*** Joins: mantisbt_04241 (c2d05861@gateway/web/freenode/ip.194.208.88.97) | 07:35 | |
davidinc | ok | 07:40 |
dhx_m | I heard there is an opening for "Official MantisBT Documentation Maintainer" with davidinc's name written all over it :p | 07:44 |
nuclear_eclipse | lol | 07:44 |
* nuclear_eclipse shakes davidinc's hand | 07:44 | |
dhx_m | ... by force? :p | 07:45 |
davidinc | no pro | 07:45 |
davidinc | cool | 07:45 |
nuclear_eclipse | dammit man, think of the *children*! | 07:45 |
nuclear_eclipse | just imagine all those classrooms full of innocent kids, crying because our manual is out of date... *you* can change that... | 07:46 |
davidinc | *YOU* mean dhx_m | 07:47 |
dhx_m | lol | 07:48 |
davidinc | lol | 07:48 |
nuclear_eclipse | it was an all-inclusive "you"; I don't care who it is as long as it isn't me.. ;) | 07:48 |
*** Joins: LFH_SPA (52960006@gateway/web/freenode/ip.82.150.0.6) | 08:07 | |
LFH_SPA | Hello | 08:07 |
LFH_SPA | I am new in the mantis world | 08:07 |
LFH_SPA | and I am facing some problems when i try to install it with SQL server | 08:08 |
LFH_SPA | I am getting the folliwing error: Database query failed. Error received from database was #206: Conflicto de tipos de operandos: int es incompatible con text for the query: INSERT INTO mantis_config_table | 08:08 |
LFH_SPA | I had applied the patchs especified in http://www.mantisbt.org/bugs/view.php?id=10742 | 08:09 |
LFH_SPA | but they didn´t help | 08:09 |
LFH_SPA | the ecosystem is: Win XP, PHP 5.2, SQL Server 2005, Mantis 1.2.2 | 08:11 |
paulr | dhx_m: yours :P | 08:11 |
dhx_m | paulr: yours :P get the Moodle DB layer working already :p | 08:12 |
dhx_m | LFH_SPA: we have known issues with database upgrades when using MS SQL (perhaps other database types too) due to inconsistencies between database server SQL implementations | 08:14 |
paulr | dhx_m: ahh I was gonna ask you about that | 08:14 |
dhx_m | LFH_SPA: I suggest upgrading to 1.2.0, then 1.2.1 then 1.2.2 (don't skip versions)? | 08:14 |
paulr | dhx_m: if we write our own layer based on the moodle code, it wouldn't be GPL right? | 08:14 |
dhx_m | LFH_SPA: AFAIK I broke things in 1.2.1 by dropping some of our custom ADOdb hacks (hence why paulr palmed off this issue to me!)... I am ideally trying to get those patches accepted upstream where they belong | 08:15 |
*** Joins: fanno (~b3g@193.3.95.240) | 08:16 | |
dhx_m | paulr: I suspect not... depending on just how much it is based | 08:16 |
paulr | do we need to support db2? | 08:17 |
dhx_m | do any developers use it? if not, then no... as no one will have any interest in maintaining that support | 08:18 |
dhx_m | if a DB2 user wants to help maintain DB2 support then they can always add that support later | 08:18 |
dhx_m | IMO anyway ;) | 08:18 |
LFH_SPA | I am not upgradding | 08:19 |
LFH_SPA | it´s a brand new installation | 08:19 |
dhx_m | brand new database? :o | 08:20 |
LFH_SPA | DHX_M: What should I do? Install teh 1.2.0 version? | 08:20 |
dhx_m | probably, yes | 08:20 |
dhx_m | then upgrade 1.2.0 to 1.2.2 | 08:20 |
dhx_m | at least until we fix things up | 08:20 |
LFH_SPA | ok | 08:20 |
LFH_SPA | thanks for your help | 08:20 |
LFH_SPA | I will do it and let you know | 08:21 |
dhx_m | no problem, let me know how you go | 08:21 |
LFH_SPA | by the way | 08:22 |
LFH_SPA | where is the 1.2.0 version available | 08:22 |
dhx_m | sourceforge should have it | 08:23 |
LFH_SPA | I took a look and the 1.2.2 is the only stable one available | 08:23 |
LFH_SPA | ok | 08:23 |
LFH_SPA | ok | 08:24 |
LFH_SPA | thanks | 08:24 |
LFH_SPA | bye | 08:24 |
dhx_m | sounds like you have to go urgently? cya | 08:25 |
*** Quits: LFH_SPA (52960006@gateway/web/freenode/ip.82.150.0.6) (Quit: Page closed) | 08:25 | |
*** Quits: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) (Ping timeout: 264 seconds) | 08:33 | |
*** Joins: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) | 08:57 | |
*** Joins: dhx_z (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) | 09:11 | |
*** Quits: dhx_m (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) (Ping timeout: 264 seconds) | 09:12 | |
*** Quits: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) (Ping timeout: 252 seconds) | 09:17 | |
*** Joins: nkj (~nkj252@rb5db132.net.upc.cz) | 09:22 | |
*** Joins: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) | 09:22 | |
nkj | hi everyone | 09:22 |
nkj | i just setup v1.2.2 on my server | 09:22 |
nkj | however, i'm having trouble getting any new accounts created. | 09:22 |
nkj | everytime i get the new account link (to set the password for the first time) after filling out the form I get the error #2800 | 09:23 |
nkj | "Invalid form security token. Did you submit the form twice by accident?" | 09:23 |
nkj | which I didn't | 09:23 |
nkj | same thing happens when I try to submit the 'lost password' form, i enter my username and email address, and click submit - and get the error #2800 | 09:24 |
nkj | seems to be happening with any form submission at all | 09:25 |
nkj | i don't see any errors in the apache log files | 09:26 |
nkj | does anyone have any ideas as to what this might be? | 09:26 |
nkj | searching on google has come up with no relevant, up to date, info on the problem | 09:27 |
nkj | apparently people have had similar issues, but nothing related to simply trying to activate an account in the first place. | 09:27 |
nkj | and most issues i found on google were reported & fixed/resolved on the 1.1.x branch up to 2 years ago. | 09:28 |
nkj | which makes me think this has got to be a configuration issue, just not sure where to start looking. | 09:28 |
nkj | as I'm not sure how mantisBT decides that error #2800 is what it should display | 09:29 |
nkj | i could reverse engineer it, but my time is very limited and so I thought I'd ask for help/advice/tips/clues here first. | 09:30 |
nuclear_eclipse | nkj: is there a proxy server between your machine and the mantis server? | 09:33 |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 258 seconds) | 09:33 | |
nkj | nuclear_eclipse: the server is on the rackspace cloud, but i dont think there is any proxying going on | 09:34 |
nuclear_eclipse | nkj: ah, it sounds like the server's aren't correctly sharing your session data | 09:35 |
nkj | nuclear_eclipse: i had the default ubuntu package installed first (1.1.8 i believe) but removed it and installed 1.2.2 from tarball. | 09:35 |
nkj | the ubuntu package seemed to work fine. | 09:36 |
nkj | nuclear_eclipse: so far, it's just running on one server | 09:36 |
nuclear_eclipse | oh | 09:36 |
nkj | the dev server is solo | 09:36 |
nuclear_eclipse | well, you can disable form security protection, but do note that it opens a potential attack vector against administrators: http://en.wikipedia.org/wiki/Cross-site_request_forgery | 09:37 |
nuclear_eclipse | ubuntu may have disabled it by default, or maybe they are using a patched version of 1.1.x of some sort | 09:37 |
nkj | nuclear_eclipse: that exploit is only possible from an already trusted user, correct? | 09:39 |
nuclear_eclipse | no | 09:39 |
nkj | from someone with no account at all? | 09:39 |
nkj | ah | 09:39 |
nkj | i think i get it | 09:40 |
nkj | hmm, well - i will have the site protected behind http auth as well | 09:40 |
nkj | so i think it should be ok | 09:40 |
nuclear_eclipse | a malicious person could post an <img> tag on a site that points to some form on your site, and anyone already logged into your site that views that <img> tag could unknowingly submit forms, like creating a new user, etc | 09:40 |
nkj | right - hijacking the session cookie | 09:40 |
nuclear_eclipse | nkj: the attack has to be specifically targetted against your site, so private sites at least are obscure enough to have a low chance of attack, but it's still possible | 09:41 |
nkj | nuclear_eclipse: how do I disable the security protection> | 09:41 |
nkj | is it g_session_validation? | 09:42 |
nuclear_eclipse | the main cause for problems with that protection is proxy servers (or even reverse proxy servers) that incorrectly cache pages and serve old versions with stale or invalid CSRF tokens | 09:42 |
nuclear_eclipse | no | 09:42 |
nuclear_eclipse | $g_form_security_validation = ON; | 09:42 |
nkj | ok | 09:43 |
nkj | nuclear_eclipse: thanks, i'll give it a shot now | 09:44 |
nuclear_eclipse | I'd imagine that rackspace cloud probably has a reverse proxy in front of their servers that's either ignoring the caching headers we send or something of the sort | 09:44 |
nkj | thats very possible, this is my first time using them so i don't know how their systems are setup | 09:49 |
nkj | nuclear_eclipse: that solved the problem, thanks - however now I've got a problem actually setting the new users password | 10:25 |
nkj | when I enter the desired password, click submit, i don't get the error, it then redirects to the main login page... when I test the username/password i get the incorrect login error message | 10:26 |
nkj | "Your account may be disabled or blocked or the username/password you entered is incorrect." | 10:26 |
nkj | checking in the DB, it looks like the password field for the user was not updated. | 10:26 |
nuclear_eclipse | hate to say it, but it sounds like whatever underlying issue that caused the form security errors might be causing the same problem with the actual form submissions... =\ | 10:27 |
*** Quits: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) (Ping timeout: 252 seconds) | 10:28 | |
nkj | hmmm | 10:28 |
nuclear_eclipse | nkj: is php properly configured to store session data? | 10:28 |
nkj | nuclear_eclipse: which setting in the php ini is required? | 10:30 |
nuclear_eclipse | nkj: the entire [session] block (session.*) should looked over and configured to match your setup | 10:32 |
nuclear_eclipse | specifically, session.save_path needs to point somewhere that the webserver account has write access to | 10:32 |
nuclear_eclipse | and session.use_cookies must be enabled | 10:32 |
nuclear_eclipse | depending on the situation, you may also need to update mantis' configuration options for cookies too | 10:33 |
nkj | ok i'll give it a look over | 10:37 |
*** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (Quit: I give up...) | 11:02 | |
*** Quits: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) (Quit: Rixie) | 11:26 | |
*** Joins: giallu (~giallu@fedora/giallu) | 11:48 | |
*** Joins: istvanb (d917e473@gateway/web/freenode/ip.217.23.228.115) | 11:55 | |
istvanb | Hi there | 11:55 |
istvanb | The question I have: is there any company deals with Mantis support officially? | 11:56 |
nuclear_eclipse | istvanb: not that I know of | 11:57 |
istvanb | hmm | 11:58 |
istvanb | our IT has this concern that what if we have issues, how can we fix without support | 11:58 |
nuclear_eclipse | istvanb: you can always request help from a mailing list, or you can find the problem and fix it yourself since it's open source... | 11:59 |
istvanb | oh yeah, I completely agree with you. In the other hand I understand the concerns of the IT as well, since if we have a major problem it would be nice to have a phone number where we can ask for help (and pay for them as well:) | 12:00 |
nuclear_eclipse | istvanb: this is the best I can offer: http://www.mantisbt.org/consulting.php | 12:02 |
istvanb | I have dropped a mail there 2 weeks ago when I went for vacation, but recieved no response :( | 12:02 |
nuclear_eclipse | istvanb: I'm not sure where that mail goes to, so I unfortunately can't help you there | 12:03 |
istvanb | :) | 12:04 |
istvanb | its ok | 12:04 |
istvanb | I am not really concerned about this, however for sure it would be great to have something like that! | 12:05 |
nuclear_eclipse | yeah, I agree | 12:05 |
paulr | istvanb: you can pay me for support | 12:16 |
paulr | if anything breaks | 12:17 |
paulr | i'll hit nuclear_eclipse on irc until he fixes it | 12:17 |
nuclear_eclipse | paulr: good luck, I already have a busy enough life... :P | 12:17 |
istvanb | haha :) | 12:19 |
istvanb | funny mate :) | 12:19 |
istvanb | my plan is to introduce Mantis, screw it then quit and make a support company :) | 12:19 |
istvanb | now I gotta go, but ttys guys | 12:20 |
*** Quits: istvanb (d917e473@gateway/web/freenode/ip.217.23.228.115) (Quit: Page closed) | 12:20 | |
*** Quits: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) (Ping timeout: 276 seconds) | 12:31 | |
*** Joins: moto-moi (~hylke@cara.xs4all.nl) | 12:31 | |
*** Joins: mantisbt_46530 (ca419e64@gateway/web/freenode/ip.202.65.158.100) | 13:08 | |
mantisbt_46530 | hi | 13:08 |
*** Quits: mantisbt_46530 (ca419e64@gateway/web/freenode/ip.202.65.158.100) (Client Quit) | 13:08 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Read error: Operation timed out) | 13:32 | |
*** Joins: siebrand (~beis@sm.xs4all.nl) | 13:44 | |
*** Quits: fanno (~b3g@193.3.95.240) (Read error: Connection reset by peer) | 14:05 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 14:11 | |
*** Joins: fanno (~Morten@90.184.93.233) | 14:37 | |
*** Joins: thraxisp (~thraxisp@24.139.16.154) | 15:32 | |
*** Quits: thraxisp (~thraxisp@24.139.16.154) (Client Quit) | 15:34 | |
*** Joins: Shakra (d065b84e@gateway/web/freenode/ip.208.101.184.78) | 15:34 | |
*** Joins: rolfkleef (~rolf@urtica.xs4all.nl) | 15:35 | |
Shakra | dhx_z: are you around today? | 15:36 |
Shakra | I may have found another bug in bug_update.php. | 15:37 |
*** Joins: thraxisp (~thraxisp@24.139.16.154) | 15:38 | |
*** Quits: thraxisp (~thraxisp@24.139.16.154) (Client Quit) | 15:39 | |
*** Quits: nkj (~nkj252@rb5db132.net.upc.cz) (Ping timeout: 246 seconds) | 15:54 | |
paulr | he's sleeping | 16:02 |
paulr | :) | 16:02 |
Shakra | ok no problem :) do you know when he's normally up and about? | 16:15 |
nuclear_eclipse | Shakra: he lives in Australia :P | 16:53 |
paulr | he said he wont be in tomorrow | 17:18 |
paulr | so probably in 30 hours from now | 17:19 |
*** Quits: moto-moi (~hylke@cara.xs4all.nl) (Quit: Ex-Chat) | 17:21 | |
killefiz | giallu: is there a reason (except lack of time) why you haven't updated mantis in fedora to 1.2.x yet? | 18:26 |
nuclear_eclipse | tsk tsk giallu, falling behind! | 18:28 |
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer) | 18:29 | |
*** Quits: Shakra (d065b84e@gateway/web/freenode/ip.208.101.184.78) (Quit: Page closed) | 18:32 | |
*** Quits: rolfkleef (~rolf@urtica.xs4all.nl) (Read error: Operation timed out) | 18:33 | |
giallu | killefiz, well. IIRC 1.2.0 was not that good and 1.2.1 had his share of issues as well (but yes, I also lacked time) ;) | 18:33 |
giallu | now we have CVE-2010-2802 | 18:34 |
nuclear_eclipse | giallu: it's called bleeding edge for a reason ;0 | 18:34 |
giallu | nuclear_eclipse, well, no, 1.2.0 was supposed to be stable | 18:34 |
giallu | master is bleeding edge... | 18:34 |
nuclear_eclipse | tis a joke buddy | 18:35 |
giallu | oh sorry ;) | 18:35 |
nuclear_eclipse | if we had kept 1.2.0 in the wings any longer it would have been born with grey hair and a wheelchair | 18:35 |
giallu | anyway john, I don't also like to push 1.2 on older Fedora releases because of the manual steps involved | 18:36 |
nuclear_eclipse | oh, I understand | 18:36 |
giallu | but, I'd probably bite the bullet if we haven't a fix for the CVE | 18:36 |
nuclear_eclipse | packaging is difficult with all the restrictions distros put in place... | 18:36 |
nuclear_eclipse | giallu: btw, how the hell do CVE's get created/reported? | 18:36 |
giallu | not sure, I just get notified by Red Hat/Fedora security team | 18:37 |
giallu | nuclear_eclipse, do you have a point for the commit fixing the issue? | 18:37 |
giallu | pointer even | 18:37 |
nuclear_eclipse | hmm, sec | 18:38 |
nuclear_eclipse | giallu: it's related to bug 11952 | 18:38 |
foobot | Bug 11952 - dhx - fixed - closed | 18:38 |
foobot | Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks - http://www.mantisbt.org/bugs/view.php?id=11952 | 18:38 |
nuclear_eclipse | giallu: http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff;h=618f45ac57a45854fa96bcfd79f9f44dcdfcfab3 | 18:39 |
giallu | anyway: http://seclists.org/oss-sec/2010/q3/136 | 18:39 |
giallu | let's see, isn't fileinfo based detection only in 1.2.x? | 18:40 |
nuclear_eclipse | I dunno, ask dhx :P | 18:41 |
giallu | asking google instead... | 18:41 |
nuclear_eclipse | he said he apparently got a request from Red Hat to backport the issue to 1.1.x, so my guess is that it affects that too | 18:42 |
giallu | uhm, I'm pretty sure FileInfo based detection was added later | 18:44 |
giallu | and google agrees with me. now I'd need an 1.2.1 instance to test | 18:45 |
nuclear_eclipse | giallu: you can use my tracker at http://leetcode.net/mantis if you'd like... | 18:46 |
nuclear_eclipse | I haven't gotten around to pulling the latest from git | 18:46 |
killefiz | giallu: ok - let me know if you need any help with the update | 18:47 |
killefiz | I guess at least rawhide and probably f14 should be moved to 1.2.2 | 18:48 |
giallu | killefiz, ok, I also prepared a semi decent spec with unbundled libs, but the transition to git is slowing me down a bit (need to learn the new workflow) | 18:48 |
killefiz | i haven't pushed any update with git yet either but it looks like being able to merge between releases is going to be a huge timesaver in the future | 18:50 |
nuclear_eclipse | giallu: that actually looks really nifty | 18:51 |
nuclear_eclipse | gitolite is also pretty nifty | 18:51 |
nuclear_eclipse | tempted to try and set that up on our git server at work | 18:51 |
giallu | http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=d85822de161fcede76fa54ce1f8081135387e8a5 | 18:54 |
giallu | killefiz, well. I was always trying to keep branches in sync by copying the spec file. not sure if it will be faster | 18:56 |
giallu | anyway | 18:56 |
paulr | nuclear_eclipse: gitolite ? | 19:05 |
giallu | nuclear_eclipse, you don't enable showing of uploaded images right? | 19:13 |
paulr | giallu | 19:20 |
paulr | <nuclear_eclipse> he said he apparently got a request from Red Hat to backport the issue to 1.1.x, so my guess is that it affects that too | 19:20 |
paulr | do we still support 1.1? | 19:20 |
giallu | irrelevant | 19:20 |
giallu | at least in this context | 19:20 |
paulr | mm, ok | 19:20 |
giallu | but I did not hear anything on the topic from other mantis devs | 19:21 |
giallu | traditionally we stopped support of older stable releases | 19:21 |
giallu | albeit with git it should be a bit easier to backport selected stuff | 19:21 |
paulr | pretty sure dhx (as opposed to nuclear_eclipse) has said he'd like to move to a different version numbering scheme | 19:21 |
paulr | even with git | 19:22 |
paulr | historically there's been so much churn in source, you've got no chance :) | 19:22 |
giallu | I'm not opposed to changes, just tell him to throw the proposal on the dev-list for those who can't be here all the time ;) | 19:23 |
nuclear_eclipse | paulr: gitolite is a repo/acl management system for git that supposedly allows you to have fine grained ACL setups similar to what you get with SVN | 19:23 |
nuclear_eclipse | Fedora has adopted it for their package development workflow | 19:24 |
giallu | anyone with a IE handy? | 19:24 |
paulr | giallu: I think in principle, it was along lines of just use year.month for release or whatever | 19:24 |
* paulr has IE | 19:24 | |
paulr | nuclear_eclipse: ahh | 19:24 |
giallu | paulr, can you click on the attachment here: http://leetcode.net/mantis/view.php?id=170 | 19:25 |
nuclear_eclipse | paulr: I've told debian/ubuntu people that we'd at least support major security issues in 1.1.x | 19:25 |
nuclear_eclipse | I also told them we might not make a full release of it, but we'd at least accept patches into our repo | 19:25 |
giallu | paulr, what happens with IE there? | 19:26 |
paulr | it offers me a file download of a 48byte file | 19:26 |
* paulr loads fiddler | 19:27 | |
paulr | i'll just give you the headers | 19:27 |
nuclear_eclipse | giallu: if you need me to modify config somehow, let me know | 19:27 |
paulr | X-Content-Type-Options: nosniff | 19:28 |
paulr | Content-Disposition: filename="html_in_disguise.gif" | 19:28 |
nuclear_eclipse | I think it's pretty much default configs for the most part | 19:28 |
paulr | that's got the x-content header in | 19:28 |
giallu | uhm | 19:28 |
giallu | nuclear_eclipse, did you upgrade the tracker to 1.2.2? | 19:28 |
giallu | I'm not sure what I should be looking at right now... | 19:29 |
nuclear_eclipse | ohh.. | 19:30 |
nuclear_eclipse | I forgot just how long that patch has been around... | 19:30 |
nuclear_eclipse | lemme checkout 1.2.1 for the site real quick | 19:30 |
paulr | http://bugs.mantisforge.org/file_download.php?file_id=1&type=bug | 19:30 |
nuclear_eclipse | ok, it's at 1.2.1 now | 19:31 |
paulr | Content-Type: image/gif | 19:31 |
paulr | Content-Disposition: filename="html_in_disguise.gif" | 19:31 |
paulr | IE just displays the text for me | 19:31 |
paulr | no javascript alert | 19:31 |
paulr | maybe you need <html> etc at top of file | 19:32 |
nuclear_eclipse | paulr: it's only when you view the img inline in the page | 19:32 |
nuclear_eclipse | going through file_download.php can't trigger it | 19:32 |
paulr | http://bugs.mantisforge.org/view.php?id=1 | 19:33 |
paulr | isn't that what that does? | 19:33 |
paulr | img alt="" style="border: 0; max-height:250px;" src="file_download.php?file_id=1&type=bug" />< | 19:34 |
paulr | although that might be older then dhx's initial changes | 19:34 |
nuclear_eclipse | try again on my tracker, I checked out release-1.2.1 on it | 19:35 |
paulr | url | 19:36 |
nuclear_eclipse | http://leetcode.net/mantis/view.php?id=170 | 19:36 |
paulr | not getting a popup | 19:36 |
paulr | ahh | 19:36 |
paulr | do when i go to download the file | 19:36 |
paulr | so i'd be inclined to think | 19:36 |
paulr | that dhx broke it | 19:37 |
paulr | then fixed | 19:37 |
paulr | so it might be ok prior to 1.2.1 | 19:37 |
paulr | or prior to 1.2.0 | 19:37 |
paulr | can you checkout 1.2.0 onto it? | 19:37 |
giallu | nuclear_eclipse, paulr thanks for checking | 19:37 |
nuclear_eclipse | does it only happen to IE? | 19:37 |
nuclear_eclipse | or will Chrome repro it too? | 19:37 |
giallu | nuclear_eclipse, yeah FF looks ok | 19:37 |
giallu | dunno, I've chrome only on windows | 19:38 |
giallu | will check tomorrow | 19:38 |
giallu | now I need some sleep... | 19:38 |
giallu | bye | 19:38 |
nuclear_eclipse | because if I can reproduce it, I can use git-bisect to figure out exactly where it "broke" | 19:38 |
nuclear_eclipse | cya giallu | 19:38 |
giallu | nuclear_eclipse, have a look at the commit I linked before | 19:38 |
paulr | nuclear_eclipse: I can probably tell you that ;p | 19:39 |
nuclear_eclipse | giallu: that was a merge commit? | 19:39 |
giallu | september 8, 2009 | 19:39 |
giallu | yeah merge a finfo branch | 19:39 |
nuclear_eclipse | oh, that's when that feature first went in? | 19:39 |
giallu | guess so | 19:40 |
giallu | try a checkout of the previous commit | 19:40 |
nuclear_eclipse | it's checked out on my tracker now | 19:41 |
paulr | think I need sleep too | 19:41 |
*** Quits: siebrand (~beis@sm.xs4all.nl) (Ping timeout: 248 seconds) | 19:42 | |
nuclear_eclipse | I just got the JS popup on that, but didn't with 1.2.1 checked out | 19:42 |
nuclear_eclipse | giallu: ping me tomorrow and I'll help you work this all out | 19:42 |
*** Quits: paulr (~paul@cpc1-enfi9-0-0-cust389.hari.cable.virginmedia.com) () | 19:46 | |
*** Joins: siebrand (~beis@sm.xs4all.nl) | 19:47 | |
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 20:00 | |
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 20:00 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 260 seconds) | 21:57 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 22:30 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Remote host closed the connection) | 22:32 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 22:33 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Remote host closed the connection) | 22:38 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 22:43 |
Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!