Roland Mas [Fri, 28 Jun 2013 07:41:32 +0000 (09:41 +0200)]
Let's call this 5.2.2
Roland Mas [Thu, 27 Jun 2013 08:37:46 +0000 (10:37 +0200)]
Made Apache config snippets compatible with Apache 2.4 (for installation from sources on Debian systems)
Roland Mas [Wed, 26 Jun 2013 14:48:44 +0000 (16:48 +0200)]
More porting to Apache 2.4: WSGI parts (for the scmbzr and moinmoin plugins)
Roland Mas [Wed, 26 Jun 2013 10:18:18 +0000 (12:18 +0200)]
Made Apache config snippets compatible with Apache 2.4 (ported from Thorsten's branch, thanks)
Franck Villaume [Fri, 21 Jun 2013 13:40:16 +0000 (15:40 +0200)]
port from master: docman: fix upload when user has submit perms only
Roland Mas [Fri, 14 Jun 2013 12:44:43 +0000 (14:44 +0200)]
Fixed PHP warning
Roland Mas [Fri, 14 Jun 2013 08:09:27 +0000 (10:09 +0200)]
Fixed PHP warning
Thorsten Glaser [Thu, 13 Jun 2013 13:15:00 +0000 (15:15 +0200)]
fix typo (‘=’ ipv ‘==’)
Thorsten Glaser [Thu, 13 Jun 2013 12:57:06 +0000 (14:57 +0200)]
some error checking for widgets
Franck Villaume [Fri, 7 Jun 2013 15:12:38 +0000 (17:12 +0200)]
utils: fix util_get_maxuploadfilesize function
Roland Mas [Thu, 6 Jun 2013 14:45:20 +0000 (16:45 +0200)]
Merged from 5.1: Don't die if one tempfile() invocation fails, return an error instead
Thorsten Glaser [Wed, 5 Jun 2013 07:28:41 +0000 (09:28 +0200)]
Merge branch 'Branch_5_1' into Branch_5_2
Conflicts:
src/debian/control
tests/lxc/Makefile
tests/scripts/start_lxc.sh
Thorsten Glaser [Wed, 5 Jun 2013 07:26:33 +0000 (09:26 +0200)]
Workaround for Debian #711098 – explicitly declare the charset
Roland Mas [Wed, 29 May 2013 16:09:29 +0000 (18:09 +0200)]
Fixed regexp used to determine current wiki in moinmoin plugin
Thorsten Glaser [Fri, 24 May 2013 15:23:28 +0000 (17:23 +0200)]
need to trigger MW DB upgrade for plugin changes, too
also, MW changes outside of maintenance/postgres since,
at least since 1.19, the maintenance scripts include
more generic scripts, and that’s also where changes can be
Roland Mas [Fri, 24 May 2013 11:36:03 +0000 (11:36 +0000)]
Guard against non-empty dir
Thorsten Glaser [Fri, 24 May 2013 11:31:31 +0000 (13:31 +0200)]
regenerate
Thorsten Glaser [Fri, 24 May 2013 11:31:04 +0000 (13:31 +0200)]
Demote libapache2-svn to Recommends since Debian disables DAV anyway
Roland Mas [Fri, 24 May 2013 09:54:38 +0000 (09:54 +0000)]
Remove/recreate buildplace dir (for permissions)
Roland Mas [Fri, 24 May 2013 08:41:43 +0000 (08:41 +0000)]
Only remove current build directory
Roland Mas [Thu, 23 May 2013 17:59:58 +0000 (19:59 +0200)]
Install nscd from the proper distribution for the Debian testsuite
Roland Mas [Thu, 23 May 2013 16:28:19 +0000 (18:28 +0200)]
Force install of nscd for the Debian testsuite
Roland Mas [Thu, 23 May 2013 15:39:11 +0000 (15:39 +0000)]
Fix determination of where to store LXC templates on the buildbot
Roland Mas [Thu, 23 May 2013 15:39:09 +0000 (15:39 +0000)]
Fix determination of where to store LXC templates on the buildbot
Roland Mas [Thu, 23 May 2013 13:45:18 +0000 (13:45 +0000)]
Backport from master: Fix determination of where to store LXC templates on the buildbot
Thorsten Glaser [Thu, 23 May 2013 10:40:18 +0000 (12:40 +0200)]
Merge branch 'Branch_5_1' into Branch_5_2
Conflicts:
src/www/admin/index.php
Thorsten Glaser [Thu, 23 May 2013 10:38:32 +0000 (12:38 +0200)]
the second argument to mkdir is *not* the file permbits afterwards
instead, it’s the default value to use, before umask processing
Roland Mas [Wed, 22 May 2013 07:31:54 +0000 (09:31 +0200)]
Cope with users creating Bazaar branches at the top of their repositories
Roland Mas [Wed, 15 May 2013 09:46:54 +0000 (11:46 +0200)]
Actually we still require jessie for loggerhead
Roland Mas [Wed, 15 May 2013 09:43:10 +0000 (11:43 +0200)]
Actually we still require jessie for loggerhead
Roland Mas [Wed, 15 May 2013 09:36:34 +0000 (11:36 +0200)]
No longer require unstable APT sources
Thorsten Glaser [Wed, 15 May 2013 09:02:17 +0000 (11:02 +0200)]
Roland Mas [Wed, 15 May 2013 08:56:05 +0000 (10:56 +0200)]
LXC templates moved to /usr/share/lxc
Franck Villaume [Wed, 8 May 2013 14:29:14 +0000 (16:29 +0200)]
top stats: fix wrong var
Thorsten Glaser [Tue, 7 May 2013 08:23:49 +0000 (10:23 +0200)]
Also fix number of pending projects on MyAdmin widget
Thorsten Glaser [Tue, 7 May 2013 08:23:35 +0000 (10:23 +0200)]
Fix number of projects shown (site admin; feature_boxes)
Roland Mas [Fri, 3 May 2013 08:48:08 +0000 (08:48 +0000)]
Fixed mailing-list updating script (missing variable assignment)
Thorsten Glaser [Mon, 29 Apr 2013 08:55:05 +0000 (10:55 +0200)]
add helper scripts to dump/restore pages+images+files of a wiki
Franck Villaume [Sat, 27 Apr 2013 11:52:40 +0000 (13:52 +0200)]
patch #532: fix double header when no result. enhance the patch to include project search
Roland Mas [Fri, 26 Apr 2013 13:44:39 +0000 (15:44 +0200)]
Ship config file to its appropriate place
Roland Mas [Fri, 26 Apr 2013 13:32:24 +0000 (15:32 +0200)]
Fixed database management scripts for plugin-blocks
Roland Mas [Fri, 26 Apr 2013 13:21:52 +0000 (15:21 +0200)]
Fixed path to SQL file
Roland Mas [Fri, 26 Apr 2013 13:12:11 +0000 (15:12 +0200)]
Actually ship the scripts in the Debian packages
Roland Mas [Fri, 26 Apr 2013 13:01:34 +0000 (15:01 +0200)]
Included scripts to install and remove DB table for blocks plugin
Franck Villaume [Tue, 23 Apr 2013 22:31:21 +0000 (00:31 +0200)]
patch #534: remove unset var
Franck Villaume [Tue, 23 Apr 2013 19:34:57 +0000 (21:34 +0200)]
patch #538: partial merge: fix validate function, fix double parent risk, fix display of wrong projects in hierarchy
Thorsten Glaser [Tue, 23 Apr 2013 13:43:29 +0000 (15:43 +0200)]
Fix a MediaWiki error spotted by Andreas “gecko2” Gockel:
Call to a member function getFullUrl() on a non-object in \
/usr/share/mediawiki/includes/SpecialPageFactory.php on line 458
Franck Villaume [Thu, 18 Apr 2013 18:54:30 +0000 (20:54 +0200)]
docman: fix apostrophe in title and description when editing file
Franck Villaume [Thu, 18 Apr 2013 18:51:21 +0000 (20:51 +0200)]
Revert "use correct JSON encoding"
This reverts commit
88e6ca54e50e1631d4233da4c158502c8f2452bc.
Roland Mas [Wed, 17 Apr 2013 12:54:16 +0000 (14:54 +0200)]
Update moinmoin plugin to use new format for session cookies
Roland Mas [Wed, 17 Apr 2013 10:01:23 +0000 (12:01 +0200)]
Contentless merge from 5.1
Roland Mas [Wed, 17 Apr 2013 09:55:00 +0000 (09:55 +0000)]
Handle PHP 5.1's restricted setcookie()
Roland Mas [Wed, 17 Apr 2013 09:54:52 +0000 (09:54 +0000)]
Fixed error where you couldn't create a mailing-list if forums weren't enabled
Roland Mas [Wed, 17 Apr 2013 09:53:15 +0000 (11:53 +0200)]
Handle PHP 5.1's restricted setcookie()
Roland Mas [Wed, 17 Apr 2013 09:37:13 +0000 (11:37 +0200)]
Reinstate 'invalid password' message
Franck Villaume [Mon, 15 Apr 2013 21:41:23 +0000 (23:41 +0200)]
fix #428: latest-zip does not increment download stats
Franck Villaume [Mon, 15 Apr 2013 20:00:06 +0000 (22:00 +0200)]
apply #533: improve activity display : final merge
Franck Villaume [Sun, 14 Apr 2013 18:14:32 +0000 (20:14 +0200)]
partial apply #533: improve the display
Franck Villaume [Sun, 14 Apr 2013 17:58:18 +0000 (19:58 +0200)]
apply #543: fix licence, fix rss display
Franck Villaume [Sat, 6 Apr 2013 18:39:17 +0000 (20:39 +0200)]
fix #447: setStatus does not check the correct user for permission, add missing default value in config files
Thorsten Glaser [Mon, 25 Mar 2013 16:15:31 +0000 (17:15 +0100)]
(mostly) Merge branch 'Branch_5_1' into Branch_5_2
Conflicts:
src/common/include/session.php
⇒ someone *MUST* look at this, I think this couldn’t really work
Thorsten Glaser [Mon, 25 Mar 2013 15:57:19 +0000 (16:57 +0100)]
Merge branch 'Branch_5_2' of git+ssh://scm.fusionforge.org//var/lib/gforge/chroot/scmrepos/git/fusionforge/fusionforge into Branch_5_2
Thorsten Glaser [Mon, 25 Mar 2013 14:30:54 +0000 (15:30 +0100)]
oops, use raw octet HMAC output (for size reasons)
this does work as tested on CentOS 5 (php-cli-5.1.6-39.el5_8)…
Thorsten Glaser [Mon, 25 Mar 2013 14:09:58 +0000 (15:09 +0100)]
remove commented-out EvolvisForge compat stuff
Thorsten Glaser [Mon, 25 Mar 2013 13:50:29 +0000 (14:50 +0100)]
SECURITY: use HMAC-SHA256 (for now) to protect the session cookie
NOTE: after installing this patch, it is *vital* to change your
forge_get_config('session_key') because you *MUST* assume that
the old value is insecure and/or has been leaked!
Thorsten Glaser [Mon, 25 Mar 2013 13:08:54 +0000 (14:08 +0100)]
make this closer to the code in EvolvisForge (should be no change)
everything that would change FF behaviour is commented out atm
Thorsten Glaser [Mon, 25 Mar 2013 13:01:43 +0000 (14:01 +0100)]
merge from Evolvis: for session_set_admin use the lowest-uid one
instead of impersonating a random person who’s got forge admin rights
Thorsten Glaser [Mon, 25 Mar 2013 13:01:05 +0000 (14:01 +0100)]
merge from Evolvis: better session_redirect()
Thorsten Glaser [Mon, 25 Mar 2013 12:50:18 +0000 (13:50 +0100)]
emit a newline after the warning
Thorsten Glaser [Mon, 25 Mar 2013 12:36:59 +0000 (13:36 +0100)]
merge from Evolvis: group home permission changes
• fallback if /usr/share/gforge/lib/private_default_page.php does
not exist
• change index file and incoming directory to be group-writable
(with sgid bit set) by default, to be actually useful
Thorsten Glaser [Mon, 25 Mar 2013 12:36:15 +0000 (13:36 +0100)]
merge from Evolvis: some more variables and compat functions
Thorsten Glaser [Mon, 25 Mar 2013 12:30:58 +0000 (13:30 +0100)]
SudoEffectiveUser needs unix_name, not uid, of the target
unbreaks group homedir creation for the n-th time
Thorsten Glaser [Mon, 25 Mar 2013 12:11:56 +0000 (13:11 +0100)]
revert most of the CVE patch and “do it right”
directly after creating the new group home directory, as root,
there is no race that can appear due to *users* creating stuff
inside, so do not account for it; also make this code legible
Roland Mas [Sun, 24 Mar 2013 13:35:59 +0000 (13:35 +0000)]
Fixed permissions for Git repositories created before anonscm is enabled
Roland Mas [Tue, 19 Mar 2013 13:59:59 +0000 (14:59 +0100)]
Merged from 5.1
Roland Mas [Tue, 19 Mar 2013 13:55:13 +0000 (13:55 +0000)]
Fixed syntax error
Franck Villaume [Mon, 18 Mar 2013 19:17:37 +0000 (20:17 +0100)]
widget: fix survey widget when project does not use survey
Franck Villaume [Sun, 17 Mar 2013 16:36:33 +0000 (17:36 +0100)]
RBAC: fix tracker & task check
Franck Villaume [Sun, 17 Mar 2013 15:37:41 +0000 (16:37 +0100)]
scmsvn: fix svn repo create
Roland Mas [Tue, 12 Mar 2013 12:38:38 +0000 (13:38 +0100)]
Another fix for project creation
Roland Mas [Tue, 12 Mar 2013 10:38:45 +0000 (11:38 +0100)]
Fixed project creation
Franck Villaume [Sun, 10 Mar 2013 12:59:28 +0000 (13:59 +0100)]
tracker: fix redirect when click on admin link
db: fix warning
Franck Villaume [Sat, 9 Mar 2013 18:15:51 +0000 (19:15 +0100)]
fix #497: Number of pending projects miscounted/misleading on site admin tab
Franck Villaume [Sat, 9 Mar 2013 17:48:54 +0000 (18:48 +0100)]
fix #527: unable to delete project when use_forum = no in config.ini
Franck Villaume [Sat, 9 Mar 2013 16:33:56 +0000 (17:33 +0100)]
fix #528: complains about forums when creating mailing-list even if forum tool is deactivated
Franck Villaume [Wed, 6 Mar 2013 19:45:56 +0000 (20:45 +0100)]
docman: fix missing )
Franck Villaume [Wed, 6 Mar 2013 19:45:21 +0000 (20:45 +0100)]
fix scm session rights check and redirect
Thorsten Glaser [Mon, 4 Mar 2013 08:34:37 +0000 (09:34 +0100)]
use correct JSON encoding
Franck Villaume [Sun, 3 Mar 2013 16:31:14 +0000 (17:31 +0100)]
fix copyrights
Franck Villaume [Sun, 3 Mar 2013 16:27:20 +0000 (17:27 +0100)]
fix #546: Protect apostrophe in a directory name in docman, patch from French Ministry of National Education
Thorsten Glaser [Thu, 28 Feb 2013 13:19:24 +0000 (14:19 +0100)]
merge fix from EvolvisForge
revno: 10310
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: tarent-5.1
timestamp: Fri 2012-01-20 16:10:48 +0100
message:
fix DTD: accidentally deleted a href too much
Thorsten Glaser [Thu, 28 Feb 2013 13:14:50 +0000 (14:14 +0100)]
move www/DTD/ to common/DTD/ like I did in EvolvisForge
otherwise, this will merge-conflict in git Every. Single. Time. Gah!
Thorsten Glaser [Thu, 28 Feb 2013 12:47:28 +0000 (13:47 +0100)]
bump year
Roland Mas [Wed, 27 Feb 2013 08:52:14 +0000 (09:52 +0100)]
Marked the merge
Roland Mas [Wed, 27 Feb 2013 08:52:01 +0000 (09:52 +0100)]
Merged from 5.1
Roland Mas [Wed, 27 Feb 2013 08:49:33 +0000 (09:49 +0100)]
Marked the merge
Roland Mas [Wed, 27 Feb 2013 08:44:54 +0000 (09:44 +0100)]
Merged from 5.1
Thorsten Glaser [Wed, 27 Feb 2013 08:33:16 +0000 (09:33 +0100)]
use util_randbytes() to get six random bytes
it’s computationally, and on the kernel pool, much cheaper than
openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
which eats more bytes from the kernel pool
Thorsten Glaser [Wed, 27 Feb 2013 08:26:55 +0000 (09:26 +0100)]
use posix_initgroups() to get the user’s group vector
calling 'su' inside createUserRepo() isn’t going to work because
that function is already run with reduced privilegues; instead,
if the old user is root use posix_initgroups() to switch the
group vector to the new user’s and restore root’s later (if the
old user is not root, we have no way to do that anyway as, in
my tests, posix_initgroups() only works if the current EUID is
0); posix_getgroups() can be used to save the old group list,
but there is no posix_setgroups(), so we need to use this way
Roland Mas [Tue, 26 Feb 2013 16:35:35 +0000 (17:35 +0100)]
Fixed logic