Thursday, 2010-09-02

« Wednesday, 2010-09-01 Index Friday, 2010-09-03 »
*** Joins: kirillka (~Miranda@194-82-52-95.baltnet.ru)01:21
*** Quits: siebrand (~beis@sm.xs4all.nl) (Read error: Connection reset by peer)01:57
*** Joins: siebrand (~beis@sm.xs4all.nl)01:58
*** Quits: mellen (~thansen@x1-6-00-22-02-00-0c-40.k253.webspeed.dk) (Ping timeout: 276 seconds)02:25
*** Joins: davidinc_ (d5374b3d@gateway/web/freenode/ip.213.55.75.61)02:34
*** Joins: Cupertino (~Cupez@unaffiliated/cupertino)02:37
*** Joins: mellen (~thansen@x1-6-00-22-02-00-0c-40.k253.webspeed.dk)02:48
*** Quits: kirillka (~Miranda@194-82-52-95.baltnet.ru) (Ping timeout: 258 seconds)02:48
*** Quits: siebrand (~beis@sm.xs4all.nl) ()02:53
davidinc_Hi03:22
davidinc_Ok finally I get the recent version of ManTweet pluigin03:22
davidinc_there is small bug Fatal error: Call to undefined function db_unixtimestamp() in /var/www/mantisbtd/plugins/ManTweet/mantweet_api.php on line 11903:23
davidinc_this happens when you try to post03:23
davidinc_if I commit those lines it works03:24
davidinc_nuclear_eclipse: Any suggestion??03:37
*** Joins: giallu (~giallu@fedora/giallu)04:02
*** Joins: Al_Chapone (~chatzilla@ATuileries-152-1-70-86.w83-202.abo.wanadoo.fr)04:22
*** Quits: dhx_m (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) (Ping timeout: 258 seconds)04:50
*** Joins: mantisbt_97477 (57a6663d@gateway/web/freenode/ip.87.166.102.61)04:52
*** Joins: dhx_m (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au)04:54
*** Joins: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk)04:57
*** Quits: mantisbt_97477 (57a6663d@gateway/web/freenode/ip.87.166.102.61) (Quit: Page closed)04:57
*** Quits: davidinc_ (d5374b3d@gateway/web/freenode/ip.213.55.75.61) (Ping timeout: 252 seconds)05:05
*** Joins: test_ (~chatzilla@p57A6663D.dip.t-dialin.net)05:07
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 276 seconds)06:36
*** Joins: giallu (~giallu@fedora/giallu)06:42
*** Quits: Al_Chapone (~chatzilla@ATuileries-152-1-70-86.w83-202.abo.wanadoo.fr) (Ping timeout: 245 seconds)06:55
CIA-100Mantisbt: roland master-1.2.x * r085097fc6861 /core/summary_api.php: Fix #12309: XSS issues when viewing Summary page07:24
*** Joins: davicinc (d5374b3d@gateway/web/freenode/ip.213.55.75.61)07:25
CIA-100Mantisbt: roland * r61e90d0653f1 /core/summary_api.php: Fix #12309: XSS issues when viewing Summary page07:25
CIA-100Mantisbt: hickseydr * redb817991b99 /library/nusoap/ (class.wsdl.php nusoap.php): Fix #12312: NuSOAP web description XSS vulnerability08:01
CIA-100Mantisbt: hickseydr * rc4f0d68e287f /library/ (2 files in 2 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs08:01
CIA-100Mantisbt: hickseydr master-1.2.x * rbce955ce73a1 /library/ (2 files in 2 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs08:01
CIA-100Mantisbt: hickseydr master-1.2.x * r6b2e71539e59 /library/nusoap/ (class.wsdl.php nusoap.php): Fix #12312: NuSOAP web description XSS vulnerability08:01
dhx_mnuclear_eclipse: any chance we could push out 1.2.3 when you get a free moment?08:06
dhx_mgiallu, micahg: you may want to ping NuSOAP package maintainers about the NuSOAP issue in case upstream takes a while to respond08:10
dhx_mgiallu, micahg: a patch is provided at http://www.mantisbt.org/bugs/view.php?id=12312 and the upstream report is at http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/383400508:10
dhx_mthe patch is not thoroughly tested yet however08:12
*** Joins: Al_Chapone (~chatzilla@ATuileries-152-1-70-86.w83-202.abo.wanadoo.fr)08:13
nuclear_eclipsedhx_m: if I get a chance today or tomorrow I will08:14
dhx_mnuclear_eclipse: thanks :)08:14
dhx_mnuclear_eclipse: the change log is essentially "a few security fixes and minor bug fixes"08:15
dhx_mnothing exciting this time08:15
nuclear_eclipsethe XSS in NuSOAP *is* the exciting part :P08:16
dhx_mwell... about 6 XSS issues of which 1-2 are exploitable by anyone, the other 4-5 require a rogue MantisBT administrator (highly unlikely)08:16
dhx_myep08:17
dhx_mah it seems Oliver Berger maintains NuSOAP in Debian (he has been involved with MantisBT development in the past months)08:19
dhx_mI'll send a message08:19
*** Quits: test_ (~chatzilla@p57A6663D.dip.t-dialin.net) (Quit: ChatZilla 0.9.86 [Firefox 3.6.7/20100723203800])08:39
gialludhx_m, this is what we get for bundling libs09:05
dhx_mgiallu: it's an unpatched vulnerability in NuSOAP09:08
dhx_mand I agree on bundling... it sucks (I have wanted to banish our bundled libraries for a long time)09:08
gialluyeah. which would not force _us_ to release a new version09:08
gialluif it wasn't there...09:08
nuclear_eclipsegiallu: if we didn't bundle libs, then everybody would bitch at us when either a) they can't figure out how to get it to work, or b) the installation process involves too much "download this, this, and this".... =\09:08
dhx_mgiallu: the upshot is that we're 1000 times faster at patching it than NuSOAP :p09:09
dhx_mnuclear_eclipse: I recon the bundled libraries should only be added at build time (rather than be bundled in our source tree)09:10
dhx_mof course, that could make it harder for people to work with the git repository09:11
dhx_mso we'd need to document an easy/proper way of setting up a MantisBT development environment09:11
nuclear_eclipsedhx_m: except then either we need to maintain more repositories, or we would need to set up and maintain some sort of patch queue to apply to an upstream build...09:11
nuclear_eclipseeither way it gets a lot more complicated09:11
dhx_myep09:12
dhx_mdropping outdated libraries would help too :)09:12
nuclear_eclipseyeah, have fun with that :P09:12
dhx_mI didn't offer my assistance btw :p09:12
nuclear_eclipseexactly, everyone here dislikes the current bundled library situation, but nobody has the time or the right answer to fix it ;)09:14
*** Joins: daryn (~daryn@h158.249.190.173.static.ip.windstream.net)09:25
gialluanyway. I reported https://bugzilla.redhat.com/show_bug.cgi?id=62958509:36
gialluany other info for the packager? patch or something?09:36
gialluah sorry09:36
giallujust saw the link09:36
*** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (Quit: I give up...)10:04
*** Quits: davicinc (d5374b3d@gateway/web/freenode/ip.213.55.75.61) (Ping timeout: 252 seconds)10:14
*** Joins: lrojas (~lrojas@76.65.240.2)10:21
*** Quits: lrojas (~lrojas@76.65.240.2) (Remote host closed the connection)10:22
*** Joins: lrojas (~lrojas@76.65.240.2)10:22
lrojasnuclear_eclipse: morning!10:23
lrojasnuclear_eclipse: are you by any chance awake?10:24
nuclear_eclipselrojas: at work right now, but ask away and I'll respond when I get the chance10:32
lrojasnuclear_eclipse: thanks, i will try not to take up too much of your time, i am just trying to figure out how to configure the Source integration plugin for mantis10:36
lrojasnuclear_eclipse: i enabled the SourceSVN and SourceWebSVN on top of meta and Source10:37
lrojasbut i am having issues making it "work", probably i am configuring it wrong...10:38
lrojascan you please explain a bit what i need to set up for it to work with svn ?10:38
lrojasall i can find on the web is related to 0.13, and 0.16 looks suficiently diferent that i am a bit lost10:39
nuclear_eclipselrojas: what server OS, what version of SVN are you using?10:42
lrojasServer is Snow Leopard OS X 10.6.4, svn is 1.6.510:42
lrojasand mantis 1.2.210:43
nuclear_eclipselrojas: a) make sure your PHP is configured to allow shell calls, b) make sure that `svn` is either in the web server's default path, or configure sourcesvn to tell it the full path to `svn`, and c) if you're using https/ssh, make sure the web server account can validate the server certificates10:46
nuclear_eclipseif you've checked all three of those, then my only suggestion is to start adding debug output in sourcesvn to show the result of the `svn` shell calls and see if you can find any error messages that might clue in on the problem10:47
lrojasnuclear_eclipse: that's one of the things i find weird about the 0.16 version, in the screenshots for the 0.13 i see the sourcesvn plugin has a link in it's name but in 0.16 that link is not there10:48
nuclear_eclipselrojas: the config options for sourcesvn have been merged into the basic source integration configuration screen10:49
lrojasi tried there to put the path to the svn binary, ( my binary is at /svn/bin/svn ) but i get is an invalid location...10:52
lrojasthe error i get is : http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.sshtricks10:53
lrojas*sigh*10:53
lrojassorry10:53
lrojasis: Path to Subversion binary invalid or inaccessible10:54
lrojasahhh10:55
lrojashold on10:55
lrojassince the www "user" has no home or nothing... shouldnt www have the standard path thus having svn on the path and /usr/bin/svn would be valid?10:56
*** Parts: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk)11:10
lrojasnuclear_eclipse: when setting a repository of type SVN, can the url be file:///Path/to/repository ?11:18
lrojasnuclear_eclipse: i ask because, we use svn over ssh it's usually svn+ssh11:18
lrojasnuclear_eclipse: can the software handle svn+ssh for SVN or WebSVN repository types? if not, what is the propper url type for a server that is not running svnserve but gets launched on ssh connections11:47
lrojasnuclear_eclipse: another more important question i think is, how do i make sure the plugin in mantis monitors svn commits so that commits get added automatically ? instead of having to import latest transactions always11:54
nuclear_eclipselrojas: any repo url should be fine as long as the web server's shell account can access that location11:58
*** Joins: siebrand (~beis@sm.xs4all.nl)11:58
*** Quits: Al_Chapone (~chatzilla@ATuileries-152-1-70-86.w83-202.abo.wanadoo.fr) (Quit: ChatZilla 0.9.86 [Firefox 3.6.8/20100722155716])12:09
*** Joins: fanno (~b3g@193.3.95.240)12:22
*** Joins: moto-moi (~hylke@cara.xs4all.nl)12:26
*** Joins: Github (~Github@sh1-ext.rs.github.com)12:30
Githubmantisbt: master-1.2.x Roland Becker * 085097f (1 files in 1 dirs): Fix #12309: XSS issues when viewing Summary page ...12:30
Githubmantisbt: master-1.2.x David Hicks * 6b2e715 (2 files in 1 dirs): Fix #12312: NuSOAP web description XSS vulnerability ...12:30
Githubmantisbt: master-1.2.x David Hicks * bce955c (1 files in 1 dirs): Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs12:30
Githubmantisbt: master-1.2.x commits 2de04c7...bce955c - http://bit.ly/9cmYua12:30
*** Parts: Github (~Github@sh1-ext.rs.github.com)12:30
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 240 seconds)13:09
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 260 seconds)13:23
*** Joins: paulr (~IceChat09@2001:470:9310:aaaa:549d:9b3e:9dc:89b4)14:00
*** Joins: micahg (~micah@ubuntu/member/micahg)14:06
*** Quits: micahg (~micah@ubuntu/member/micahg) (Read error: Connection reset by peer)15:13
*** Joins: micahg (~micah@ubuntu/member/micahg)15:15
*** Joins: pferate (~pferate@173-10-116-125-BusName-Washington.hfc.comcastbusiness.net)15:46
*** Quits: micahg (~micah@ubuntu/member/micahg) (Quit: Leaving.)15:51
*** Joins: micahg (~micah@ubuntu/member/micahg)15:52
*** Quits: PennStater (Aaron@unaffiliated/pennstater) (Quit: Never look down on someone unless you're helping them up.)16:20
*** Joins: PennStater (Aaron@unaffiliated/pennstater)16:20
*** Quits: fanno (~b3g@193.3.95.240) (Read error: Connection reset by peer)16:48
*** Joins: giallu (~giallu@fedora/giallu)16:56
*** Quits: moto-moi (~hylke@cara.xs4all.nl) (Ping timeout: 240 seconds)17:22
*** Quits: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) (Quit: Ex-Chat)17:23
lrojasnuclear_eclipse: sorry to bother you, i got everything working.. just one more question18:00
lrojasnuclear_eclipse: is there any way to make a commit hook in svn so that latest changes are automatically imported ?18:01
lrojasnevr mind, just found the post_commit template inside the dir18:12
*** Quits: lrojas (~lrojas@76.65.240.2) (Remote host closed the connection)18:24
*** Joins: fanno (~Morten@90.184.93.233)18:43
*** Quits: paulr (~IceChat09@2001:470:9310:aaaa:549d:9b3e:9dc:89b4) (Quit: Some folks are wise, and some otherwise.)19:20
CIA-100Mantisbt: giallu * rb91694764c8a /docbook/Admin_Guide/ (8 files in 2 dirs): Create skeleton for new xml based admin guide with publican.19:26
CIA-100Mantisbt: giallu * r72a1b5102e91 /docbook/Admin_Guide/en-US/ (14 files): Import former SGML manual19:26
CIA-100Mantisbt: giallu * r47d77d67f15c /docbook/Admin_Guide/en-US/Admin_Guide.xml: Hide generic preface stuff for now19:26
CIA-100Mantisbt: giallu * r8b23ec292c07 /docbook/Developers_Guide/ (8 files in 2 dirs): Add empty Developers Guide created with publican19:26
CIA-100Mantisbt: giallu * r23d138c70dbf /docbook/Developers_Guide/en-US/ (17 files): Convert SGML files to XML19:26
CIA-100Mantisbt: giallu * r09a2d8cd5c39 /docbook/ (36 files in 3 dirs): Remove old SGML manual19:26
gialluwhoa... spam!19:26
CIA-100Mantisbt: giallu * r2d0e00a4598c /docbook/Admin_Guide/en-US/ (4 files): replace "link" tag with "xref" for cross references19:26
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 258 seconds)19:43
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection)20:00
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de)20:00
*** Joins: daryn (~daryn@h209.152.16.98.dynamic.ip.windstream.net)20:55
*** Quits: daryn (~daryn@h209.152.16.98.dynamic.ip.windstream.net) (Ping timeout: 245 seconds)21:05
*** Joins: daryn (~daryn@h103.64.29.71.dynamic.ip.windstream.net)21:08
*** Quits: daryn (~daryn@h103.64.29.71.dynamic.ip.windstream.net) (Ping timeout: 265 seconds)21:28
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 264 seconds)21:28
*** Joins: micahg (~micah@ubuntu/member/micahg)22:25
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer)23:36
« Wednesday, 2010-09-01 Index Friday, 2010-09-03 »

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!