Roland Mas [Tue, 19 Mar 2013 13:55:13 +0000 (13:55 +0000)]
Fixed syntax error
Thorsten Glaser [Thu, 28 Feb 2013 13:19:24 +0000 (14:19 +0100)]
merge fix from EvolvisForge
revno: 10310
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: tarent-5.1
timestamp: Fri 2012-01-20 16:10:48 +0100
message:
fix DTD: accidentally deleted a href too much
Thorsten Glaser [Thu, 28 Feb 2013 13:14:50 +0000 (14:14 +0100)]
move www/DTD/ to common/DTD/ like I did in EvolvisForge
otherwise, this will merge-conflict in git Every. Single. Time. Gah!
Thorsten Glaser [Thu, 28 Feb 2013 12:47:28 +0000 (13:47 +0100)]
bump year
Thorsten Glaser [Wed, 27 Feb 2013 08:33:16 +0000 (09:33 +0100)]
use util_randbytes() to get six random bytes
it’s computationally, and on the kernel pool, much cheaper than
openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
which eats more bytes from the kernel pool
Thorsten Glaser [Wed, 27 Feb 2013 08:26:55 +0000 (09:26 +0100)]
use posix_initgroups() to get the user’s group vector
calling 'su' inside createUserRepo() isn’t going to work because
that function is already run with reduced privilegues; instead,
if the old user is root use posix_initgroups() to switch the
group vector to the new user’s and restore root’s later (if the
old user is not root, we have no way to do that anyway as, in
my tests, posix_initgroups() only works if the current EUID is
0); posix_getgroups() can be used to save the old group list,
but there is no posix_setgroups(), so we need to use this way
Roland Mas [Tue, 26 Feb 2013 16:35:35 +0000 (17:35 +0100)]
Fixed logic
Roland Mas [Tue, 26 Feb 2013 15:52:50 +0000 (16:52 +0100)]
Obtain user's extra groups so as to be able to chgrp
Thorsten Glaser [Mon, 25 Feb 2013 10:05:14 +0000 (11:05 +0100)]
missing return value in non-void function
Thorsten Glaser [Mon, 25 Feb 2013 09:56:00 +0000 (10:56 +0100)]
I think is_file("$main_repo/HEAD") gives a warning if !is_dir($main_repo)
Thorsten Glaser [Mon, 25 Feb 2013 09:54:54 +0000 (10:54 +0100)]
Merge branch 'Branch_5_1' of git+ssh://scm.fusionforge.org//var/lib/gforge/chroot/scmrepos/git/fusionforge/fusionforge into Branch_5_1
Thorsten Glaser [Mon, 25 Feb 2013 09:53:21 +0000 (10:53 +0100)]
handle case where $main_repo already exists but is no git repo
(there’s still two things: mktemp -d might fail, in which case
we regress to the previous behaviour, and after the check the
$main_repo can come to exist before the mv, with the same outcome,
but since we do check the return value of the mv…)
Roland Mas [Mon, 25 Feb 2013 09:44:53 +0000 (10:44 +0100)]
Fixed syntax of permissions for chmod
Roland Mas [Sun, 24 Feb 2013 09:35:33 +0000 (10:35 +0100)]
SECURITY: Avoid attacks with symbolic or hard links that could lead to
privilege escalation (CVE-2013-1423). Thanks to Helmut Grohne for the
initial report and help in preparing the fix.
Roland Mas [Wed, 13 Feb 2013 17:58:10 +0000 (17:58 +0000)]
Fix problem where updating an artifact would disable monitoring of this artifact for some users
Thorsten Glaser [Thu, 7 Feb 2013 17:03:55 +0000 (18:03 +0100)]
unbreak rendering RSS of group news
Roland Mas [Mon, 28 Jan 2013 15:17:46 +0000 (15:17 +0000)]
Allow planning tasks up to 2038
Thorsten Glaser [Wed, 23 Jan 2013 10:31:18 +0000 (11:31 +0100)]
deleted unix accounts are 'D', not 'N', just like regular statūs
Thorsten Glaser [Wed, 23 Jan 2013 10:16:22 +0000 (11:16 +0100)]
improve compression ratio
Thorsten Glaser [Wed, 23 Jan 2013 10:14:08 +0000 (11:14 +0100)]
SECURITY: do not make homedir archives of deleted users world-readable
Thorsten Glaser [Wed, 23 Jan 2013 10:13:38 +0000 (11:13 +0100)]
make this a bit more legible and fix one case of indentation
Franck Villaume [Sat, 19 Jan 2013 12:21:25 +0000 (13:21 +0100)]
prepare 5.1.2
Roland Mas [Fri, 4 Jan 2013 15:10:47 +0000 (15:10 +0000)]
[#522] Patch by Franck Villaume to fix behaviour of mailing lists in Debian
Franck Villaume [Sun, 30 Dec 2012 14:52:01 +0000 (15:52 +0100)]
fix path
Thorsten Glaser [Sat, 29 Dec 2012 17:35:58 +0000 (18:35 +0100)]
fix updating and purging svnserve from inetd.conf (also, piuparts)
fun fact of the day: update-inetd --remove does *not* accept a
full ENTRY argument, it only takes the SERVICE
Thorsten Glaser [Sat, 29 Dec 2012 17:26:20 +0000 (18:26 +0100)]
use forge_get_config to get the chroot path
grepping for ^gforge_config= in /etc/gforge/gforge.conf in 4.8
was correct; changing this to /etc/fusionforge/fusionforge.conf
in 5.1 wasn’t as the latter file doesn’t contain this entry, and
we’re using forge_get_config nowadays anyway
also remove errorneously empty inetd.conf lines generated on all
systems that were installed during existence of this bug (like
freewrt.org for example)
Thorsten Glaser [Fri, 21 Dec 2012 15:54:50 +0000 (16:54 +0100)]
add mksh(1) script to make some or all mailing lists private
with remote option ☺
Thorsten Glaser [Mon, 17 Dec 2012 16:23:24 +0000 (17:23 +0100)]
Do not trust SimplePie for purifying HTML
This fixes an injection of invalid XHTML vulnerability which I do
not believe to constitute a user security hole, as SimplePie does
strip <script> tags, in the Codendi RSS widget, cf. #696179
Alain Peyrat [Mon, 3 Dec 2012 19:54:03 +0000 (20:54 +0100)]
Apply [#440] CSS Conflict between ViewVC and FusionForge by Jean-Christophe Masson
Alain Peyrat [Thu, 22 Nov 2012 19:56:25 +0000 (20:56 +0100)]
Apply patch [#521] Fix default scm box on register/index.hml by Sébastien Campion
Thorsten Glaser [Wed, 21 Nov 2012 15:17:19 +0000 (16:17 +0100)]
use DB id as tie-breaker for sorting by entrytime
Thorsten Glaser [Mon, 19 Nov 2012 14:48:01 +0000 (15:48 +0100)]
typo
Thorsten Glaser [Mon, 19 Nov 2012 13:01:39 +0000 (14:01 +0100)]
prevent accidentally creating *two* custom status fields in one tracker
also, localise all error messages in the create() method
Thorsten Glaser [Thu, 15 Nov 2012 14:04:40 +0000 (15:04 +0100)]
display status mapping
Thorsten Glaser [Wed, 14 Nov 2012 15:14:24 +0000 (16:14 +0100)]
did I mention I hate dh7?
Thorsten Glaser [Wed, 14 Nov 2012 15:09:21 +0000 (16:09 +0100)]
argh! this is because of someone not understanding make rules…
can’t have a meta-target the same name as an existing directory/file
without marking it phony…
Thorsten Glaser [Wed, 14 Nov 2012 14:55:48 +0000 (15:55 +0100)]
apparently, my last commit may have disturbed the +x bits (why?)
Thorsten Glaser [Wed, 14 Nov 2012 10:15:08 +0000 (11:15 +0100)]
once is enough
debian/rules build is run before debian/rules binary, anyway,
so no need to depend on it; this is easier than using a stampfile
Thorsten Glaser [Mon, 12 Nov 2012 15:08:07 +0000 (16:08 +0100)]
change project_task_vw to include project_task_external_order.external_id
which is required by some code in common/pm/ProjectTask.class.php
that throws warnings otherwise
Thorsten Glaser [Mon, 12 Nov 2012 12:57:36 +0000 (13:57 +0100)]
kill unused and broken getPublicFlag method
Roland Mas [Fri, 9 Nov 2012 12:31:30 +0000 (13:31 +0100)]
merge RBAC fixes from Branch_5_2:
commit
381a3683760f954e70a5aaa9bdf68d2fa1bcdaff
Author: Roland Mas <lolando@debian.org>
Date: Fri Nov 9 13:31:21 2012 +0100
Fixed crash when editing role permissions in projects where forums/pm/trackers are disabled
Thorsten Glaser [Thu, 8 Nov 2012 17:34:50 +0000 (18:34 +0100)]
Revert "someone added an ‘s’ too much"
This reverts commit
8c437df000eab1d93c0e14cef363e3e9c875b6c9.
Apparently, the RPM testsystem is broken and the test correct,
even though it’s still incorrect English TTBOMK…
Thorsten Glaser [Thu, 8 Nov 2012 12:39:23 +0000 (13:39 +0100)]
someone added an ‘s’ too much
Thorsten Glaser [Thu, 8 Nov 2012 10:01:41 +0000 (11:01 +0100)]
merge from Evolvis: make JS sorted tables use a stable sort
revno: 10878
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: tarent-5.1
timestamp: Thu 2012-11-08 10:59:52 +0100
message:
add a stable sort, inspired by SortTable v2 by Stuart Langridge
(who’s also already one of the authors of our sortable)
also, revamp reverse sorting support, all on my own though, luckily
we’ve got the “JavaScript: The Good Parts” thin booklet here at work…
Thorsten Glaser [Thu, 8 Nov 2012 09:41:47 +0000 (10:41 +0100)]
merge from Evolvis: drop borders around sort arrow images
revno: 10629
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: tarent-5.1
timestamp: Tue 2012-06-26 14:57:58 +0200
message:
another case of M*zilla Firef*x displaying too many borders
Thorsten Glaser [Thu, 8 Nov 2012 09:39:12 +0000 (10:39 +0100)]
merge from Evolvis: add arbitrary sorting value attribute feature
revno: 9827.53.48
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: small-fixes
timestamp: Wed 2012-03-14 18:25:02 +0100
message:
if a node (table cell) has an attribute "content" take that ipv. its innerText
the "content" attribute is provided by the RDFa DTD, we misappropriate it
here to allow sorting by arbitrary values instead of the innerText
This makes things possible like:
<tr><th>Foo</th></tr>
<tr><td content="bar"><a href="99">bar</a></td></tr>
<tr><td content="baz"><a href="100">baz</a></td></tr>
This will now sort on the string 'bar' instead of on the
string '<a href="99">bar</a>'.
Thorsten Glaser [Thu, 8 Nov 2012 09:38:34 +0000 (10:38 +0100)]
merge from Evolvis: remove n#n-ASCII chars (replace by Unicode escapes)
revno: 9827.53.47
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: small-fixes
timestamp: Wed 2012-03-14 17:56:39 +0100
Thorsten Glaser [Thu, 8 Nov 2012 09:37:31 +0000 (10:37 +0100)]
merge from Evolvis: reduce diff against upstream sortable.js and include literal licence
revno: 9827.53.44
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: small-fixes
timestamp: Wed 2012-03-14 17:12:10 +0100
Thorsten Glaser [Thu, 8 Nov 2012 09:35:48 +0000 (10:35 +0100)]
merge from Evolvis: do not make table columns with empty th sortable
revno: 10146.1.26
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: theme-tasks
timestamp: Thu 2011-12-08 18:19:25 +0100
message:
ignore empty column headers for the purpose of sorting
Thorsten Glaser [Thu, 8 Nov 2012 09:34:22 +0000 (10:34 +0100)]
merge from Evolvis: make id-less tables sortable
revno: 10146.1.25
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: theme-tasks
timestamp: Thu 2011-12-08 18:17:43 +0100
message:
[#1910] make Tasks browse table sortable
use sortable.js this time, and make id-less tables sortableable
Thorsten Glaser [Wed, 7 Nov 2012 09:51:41 +0000 (09:51 +0000)]
add checks for forum pages for whether the group actually uses the forums tool
with careful checks to avoid breaking the news feature
Thorsten Glaser [Wed, 7 Nov 2012 09:40:49 +0000 (09:40 +0000)]
merge bugfix from Evolvis: circumvent forum/read RBAC check for news_bytes
Franck VILLAUME [Fri, 19 Oct 2012 18:02:44 +0000 (18:02 +0000)]
fix mimetype detection in case of application/octet-stream is found
Roland Mas [Fri, 19 Oct 2012 11:33:16 +0000 (11:33 +0000)]
Require git and gitweb on source installs
Franck VILLAUME [Thu, 18 Oct 2012 22:09:00 +0000 (22:09 +0000)]
fix path: some system does not allow to write in data_path, use the default tmp dir
Franck VILLAUME [Thu, 18 Oct 2012 16:54:09 +0000 (16:54 +0000)]
fix if file already exists
Roland Mas [Thu, 18 Oct 2012 15:49:15 +0000 (15:49 +0000)]
Added skeleton testsuite for the web UI of the scmgit plugin
Roland Mas [Thu, 18 Oct 2012 13:17:40 +0000 (15:17 +0200)]
Syntax fix
Roland Mas [Thu, 18 Oct 2012 12:32:10 +0000 (14:32 +0200)]
Unlink external roles from a project when deleting it (with non-regression test)
Franck VILLAUME [Thu, 18 Oct 2012 06:03:18 +0000 (06:03 +0000)]
fix cleanup: delete file once the job is done
Franck VILLAUME [Thu, 18 Oct 2012 06:00:54 +0000 (06:00 +0000)]
fix retrieve data
Franck VILLAUME [Wed, 17 Oct 2012 21:12:16 +0000 (21:12 +0000)]
fix indent
Franck VILLAUME [Wed, 17 Oct 2012 21:09:33 +0000 (21:09 +0000)]
remove call to unexistant function
Franck VILLAUME [Wed, 17 Oct 2012 20:52:24 +0000 (20:52 +0000)]
remove useless var & use htmlspecialchars when needed
Franck VILLAUME [Wed, 17 Oct 2012 20:51:35 +0000 (20:51 +0000)]
fix sendNotice to make it compliant with mailman & fix missing update data_array on document update
Franck VILLAUME [Wed, 17 Oct 2012 20:49:43 +0000 (20:49 +0000)]
fix typo
Alain Peyrat [Tue, 16 Oct 2012 16:48:59 +0000 (18:48 +0200)]
Fix [#509] Bugtracker eats newlines in descrition and comment
Franck VILLAUME [Tue, 16 Oct 2012 12:29:13 +0000 (12:29 +0000)]
check for use_project_full_list when needed
Franck VILLAUME [Tue, 16 Oct 2012 12:15:49 +0000 (12:15 +0000)]
disable trove link if forge does not use trove
Franck VILLAUME [Tue, 16 Oct 2012 11:41:23 +0000 (11:41 +0000)]
fix wrong url, remove useless amp;
Julien HEYMAN [Mon, 15 Oct 2012 14:50:32 +0000 (16:50 +0200)]
Fix bullet in mediawiki summary
Roland Mas [Fri, 12 Oct 2012 08:48:47 +0000 (08:48 +0000)]
Install xfonts-base for the testsuite
Thorsten Glaser [Sat, 6 Oct 2012 22:21:52 +0000 (22:21 +0000)]
tell the user what is expected *before* they do anything (usability)
instead of throwing incremental error messages (must be PNG, must be size X)
Thorsten Glaser [Sat, 6 Oct 2012 20:27:56 +0000 (20:27 +0000)]
use common code to display number of active site users
which also ignores/skips the 100 user (nobody)
discovered while setting up an Evolvis for Natureshadow
Thorsten Glaser [Thu, 27 Sep 2012 14:20:43 +0000 (14:20 +0000)]
Apply workaround for Debian #683188 (bug in Subversion)
cf. https://evolvis.org/tracker/t_follow.php/3227
"ViewVC: diff broken", discovered by mgebbe, workaround by
me after studying the Debian bug discussion and tinkering
Franck VILLAUME [Wed, 26 Sep 2012 17:38:59 +0000 (17:38 +0000)]
fix #505: port from trunk: set correct header
Roland Mas [Fri, 21 Sep 2012 14:06:27 +0000 (14:06 +0000)]
Fail configuration of the -db-postgresql package if no database is available
Thorsten Glaser [Fri, 21 Sep 2012 12:04:28 +0000 (12:04 +0000)]
MFC revno: 11720
svn revno: 16244 (on /branches/Branch_5_2)
committer: nerville
timestamp: Fri 2012-09-21 10:32:53 +0000
message:
fix update value in db but not in current instance
Thorsten Glaser [Fri, 14 Sep 2012 15:28:15 +0000 (15:28 +0000)]
* make minijson_encode recursion depth safe
* sync with FF trunk version (use "elseif" PHP keyword)
Thorsten Glaser [Mon, 3 Sep 2012 12:09:31 +0000 (12:09 +0000)]
SECURITY: Do not disclose inaccessible groups on user_home/toplist
Thorsten Glaser [Mon, 3 Sep 2012 11:17:58 +0000 (11:17 +0000)]
SECURITY: Upon user deletion, remove their Unix shell account as well
Franck VILLAUME [Sat, 18 Aug 2012 12:43:48 +0000 (12:43 +0000)]
fix #457: Hide "permission denied" for non public mailing list, patch from French National Education Department
Franck VILLAUME [Thu, 16 Aug 2012 10:14:56 +0000 (10:14 +0000)]
fix status update if the mailing-list is not created yet
Franck VILLAUME [Fri, 10 Aug 2012 18:56:05 +0000 (18:56 +0000)]
fix general behavior creating mailing-list : sync with debian specific
Thorsten Glaser [Thu, 26 Jul 2012 13:52:11 +0000 (13:52 +0000)]
I just committed a patch to MediaWiki in Debian (for experimental) that
lets wfSuppressWarnings set a global flag for us to use
Thorsten Glaser [Mon, 23 Jul 2012 11:48:39 +0000 (11:48 +0000)]
ensure we still get valid XHTML/1.0: disable HTML5 explicitly,
for MW 1.16 and up
Thorsten Glaser [Thu, 19 Jul 2012 13:40:51 +0000 (13:40 +0000)]
[#478] tell people how to make groups public/private in PFO-RBAC times
Thorsten Glaser [Tue, 17 Jul 2012 16:58:24 +0000 (16:58 +0000)]
opt out of apport
Franck VILLAUME [Thu, 12 Jul 2012 14:59:10 +0000 (14:59 +0000)]
fix from Evolvis r18497: more secure params test
Thorsten Glaser [Thu, 12 Jul 2012 11:25:41 +0000 (11:25 +0000)]
'foo && bar || baz' != 'if foo; then bar; else baz; fi'
also add more error handling
Franck VILLAUME [Tue, 10 Jul 2012 08:45:41 +0000 (08:45 +0000)]
merge #458 patch from French National Education Department
Franck VILLAUME [Mon, 9 Jul 2012 13:43:19 +0000 (13:43 +0000)]
better output: from branch 5.2
Franck VILLAUME [Sun, 8 Jul 2012 12:32:46 +0000 (12:32 +0000)]
merge patch #439 from French National Education Department
Roland Mas [Fri, 6 Jul 2012 08:46:22 +0000 (08:46 +0000)]
Fixed PATH
Roland Mas [Fri, 6 Jul 2012 07:01:22 +0000 (07:01 +0000)]
Use correct path for Selenium jar
Roland Mas [Thu, 5 Jul 2012 16:19:05 +0000 (16:19 +0000)]
Use current Selenium for testsuite (backport from 5.2/trunk)
Roland Mas [Thu, 5 Jul 2012 12:15:09 +0000 (12:15 +0000)]
Take non-local users into account when updating nss_usergroups table
Roland Mas [Thu, 5 Jul 2012 12:14:11 +0000 (12:14 +0000)]
Destroy VM after stopping it
Roland Mas [Thu, 5 Jul 2012 07:04:04 +0000 (07:04 +0000)]
More logging to try and debug the buildbot's failures
Roland Mas [Wed, 4 Jul 2012 20:03:01 +0000 (20:03 +0000)]
Trying to make the 5.1 LXC scripts to work with the current LXC setup on vladimir