merge 494993 468159
thanks
Sven Dowideit a écrit :
how would this would be different from ?
Debian Bug report logs - #468159
twiki: Redirect after Template Login failes
Oops. Damn, I forgot to check if that it had been found already. I was
so sure it would have been fixed by the time if
tags 494648 patch
thanks
Hi, Sven
see my patch, please
--
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
diff -u twiki-4.1.2/debian/changelog twiki-4.1.2/debian/changelog
---
similar to the change I have just coded and tested :)
thanks
Dmitry E. Oboukhov wrote:
tags 494648 patch
thanks
Hi, Sven
see my patch, please
--
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438
Hi Sven,
* Sven Dowideit [EMAIL PROTECTED] [2008-08-13 11:05]:
I'd need a second opinion on this report please.
My recollection was that we squashed this in Bug#444982
If not, is there any chance that automated tool users are at least
required to help out with a bit more information that
Nico,
/var/run - I'll keep that in mind for post lenny - I was really hoping
that debian had a place for this sort of session data, but didn't manage
to get there - thanks :)
I'm hoping for the next release that I can move everything into
/var/twiki (rather than scattered around the fs,
On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
I will have to assume that this report is indeed incorrect unless I hear
otherwise.
On my Debian Etch system:
[EMAIL PROTECTED]:~$ apt-get source twiki
Reading package lists... Done
Building dependency tree... Done
Need to get
Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
Nico,
/var/run - I'll keep that in mind for post lenny - I was really hoping
that debian had a place for this sort of session data, but didn't manage
to get there - thanks :)
Maybe there is a web apps policy to be determined
Hi Olivier,
* Olivier Berger [EMAIL PROTECTED] [2008-08-13 12:53]:
Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
[...]
I'm hoping for the next release that I can move everything into
/var/twiki (rather than scattered around the fs, including pollution the
perl lib dirs)
Steve, yes but your information is outdated. (although i'm embarrassed
that we didn't also resolve it in the etch version :/)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982
Found in versions 4.1.2-1, twiki/1:4.1.2-2
Fixed in version twiki/1:4.1.2-3
and so, it seems to me that we're ok
na, sorry, twiki dumps session data into /tmp/twiki
the /var vs /usr thing is a separate thing thta non-DD's get frustrated
with - basically, most people expect twiki to be laid out in the same
way as it is on non-debian system - everything under one twiki dir.
Debian packaging policy confuses
Yes, I would suggest that there is a need for more detailed web apps
policies - not just for where session files should be placed safely, but
also things like safe and consistent ways to configure the webservers
(apache1 vs apache2 are (or were last i looked) already a pain), and
similarly for
Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
I know that I can coerce it into working:
[EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki
[EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
[EMAIL PROTECTED]:~$ sudo
no, its got nothing to do with /var/lib/twiki/data etc, its the location
for session data - produced by CGI::Session etc.
Olivier Berger wrote:
Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
I know that I can coerce
On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:
no, its got nothing to do with /var/lib/twiki/data etc, its the location
for session data - produced by CGI::Session etc.
Yes it does.
The code we're talking about is contained in the file debian/postinst,
and only executes
Le mercredi 13 août 2008 à 12:52 +0200, Olivier Berger a écrit :
Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
Nico,
/var/run - I'll keep that in mind for post lenny - I was really hoping
that debian had a place for this sort of session data, but didn't manage
to get
On 13:57 Wed 13 Aug , Steve Kemp wrote:
SK On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:
SK no, its got nothing to do with /var/lib/twiki/data etc, its the location
SK for session data - produced by CGI::Session etc.
SK Yes it does.
SK The code we're talking about is contained
Le mercredi 13 août 2008 à 13:57 +0100, Steve Kemp a écrit :
My understanding of the discussion thus far is:
a. This is a genuine bug.
b. Which has been fixed.
c. Except in Etch.
No, as :
Le mercredi 13 août 2008 à 16:39 +0400, Dmitry E. Oboukhov a écrit :
reopen 494648
so Dmitry,
if you were trying to actually help get this fixed, I presume you would
have suggested that I just patch the code to
rm /tmp/twiki
and then create it?
or what are you actually suggesting?
Sven
Dmitry E. Oboukhov wrote:
Where?
$curl
On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
so Dmitry,
if you were trying to actually help get this fixed, I presume you would
have suggested that I just patch the code to
rm /tmp/twiki
and then create it?
or what are you actually suggesting?
No. Don't touch/use
these are _WEB_ session files.
there are no user directories.
Dmitry E. Oboukhov wrote:
SD so Dmitry,
SD if you were trying to actually help get this fixed, I presume you would
SD have suggested that I just patch the code to
SD rm /tmp/twiki
SD and then create it?
SD or what are you
So are you suggesting that I instead fill up /tmp directly with
thousands of cgisess_123412 files?
because the location that those files go into needs to be predictable -
so that each cgi script goes to the same place.
Julien Cristau wrote:
On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven
Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
so Dmitry,
if you were trying to actually help get this fixed, I presume you would
have suggested that I just patch the code to
rm /tmp/twiki
and then
No, I was told by Nico or Joey that web apps should not be filling up
the /var filesystem with session files.
this is apparently also _not_ a solution.
/tmp was determined in October 2007 as the best place
Dmitry E. Oboukhov wrote:
On 00:17 Thu 14 Aug , Sven Dowideit wrote:
SD these are
Yes, you should not share CGI::Session files, it does lead to leakage,
and really odd side effects.
Olivier Berger wrote:
Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
so Dmitry,
if you were trying to actually
On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD No, I was told by Nico or Joey that web apps should not be filling up
SD the /var filesystem with session files.
SD this is apparently also _not_ a solution.
SD /tmp was determined in October 2007 as the best place
Ok, Yoy can do it (in your
Dmitry E. Oboukhov wrote:
On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD No, I was told by Nico or Joey that web apps should not be filling up
SD the /var filesystem with session files.
SD this is apparently also _not_ a solution.
SD /tmp was determined in October 2007 as the best
SD On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD No, I was told by Nico or Joey that web apps should not be filling up
SD the /var filesystem with session files.
SD
SD this is apparently also _not_ a solution.
SD
SD /tmp was determined in October 2007 as the best place
SD
SD Ok, Yoy can do
On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
the best irony of this bug, is :
I've implemented Joey's suggestion of 1777 O_EXCL - mostly the files
in tmp are written by CGI::Session, that takes care of things.
I also moved the 1777 tmp dir back to /tmp/twiki, as per
how would this would be different from ?
Debian Bug report logs - #468159
twiki: Redirect after Template Login failes
Olivier Berger wrote:
On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
the best irony of this bug, is :
I've implemented Joey's suggestion of 1777 O_EXCL -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guys,
I'd need a second opinion on this report please.
My recollection was that we squashed this in Bug#444982
If not, is there any chance that automated tool users are at least
required to help out with a bit more information that the alarmist
Package: twiki
Severity: grave
Tags: security
This message about the error concerns a few packages at once. I've
tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
config scripts were tested.
In some packages I've discovered scripts with errors which may be used
by a user
ah, good find.
Ardo and Christian,
If I make an update to the 4.1.2 package, fixing this, and a couple of
other issues that I've been told about in the next 48 days, would one of
you be willing to upload it for me so it gets into Lenny?
Sven
Dmitry E. Oboukhov wrote:
Package: twiki
Quoting Sven Dowideit ([EMAIL PROTECTED]):
ah, good find.
Ardo and Christian,
If I make an update to the 4.1.2 package, fixing this, and a couple of
other issues that I've been told about in the next 48 days, would one of
you be willing to upload it for me so it gets into Lenny?
For the
33 matches
Mail list logo
