[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds
Lucas_Werkmeister_WMDE added a comment. The change adding the test was reverted in Id2eeeb781b (I’m not sure why @gerritbot didn’t leave a comment), and since then I haven’t seen any more occurrences of this bug, so the CI issue seems to be resolved. However, I assume we still want to have some test for CVE-2014-5461, so I’m not sure how to proceed. Perhaps close this task and reopen T209232: Add a unit test to Scribunto testing it is not vulnerable to CVE-2014-5461? (Though I’m not sure if it’s still suitable for GCI with these added complications.)TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: Lucas_Werkmeister_WMDECc: gerritbot, Michael, hoo, Jdforrester-WMF, matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, CucyNoiD, Nandana, NebulousIris, Gaboe420, A.S.Kochergin, Versusxo, Majesticalreaper22, Giuliamocci, Adrian1985, God, Cpaulf30, Lahi, Gq86, Baloch007, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, LawExplorer, Lewizho99, Maathavan, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds
gerritbot added a comment. Change 476854 had a related patch set uploaded (by Lucas Werkmeister (WMDE); owner: Lucas Werkmeister (WMDE)): [mediawiki/extensions/Scribunto@master] Fix stack overflows being reported as OOM errors https://gerrit.wikimedia.org/r/476854TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Michael, hoo, Jdforrester-WMF, matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds
matmarex added a comment. Also occurred on https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Math/+/476339TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: matmarexCc: matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds
Anomie added a comment. Or you could have someone else try it again.TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: AnomieCc: Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds
Bawolff added a comment. The gci task is already accepted - we cant force the student to do more work (we can of course ask nicely) In T210634#4782783, @Anomie wrote: Apparently the test added for T209232: Add a unit test to Scribunto testing it is not vulnerable to CVE-2014-5461 is sometimes running out of allowed memory (set by ulimit most likely) before it runs out of Lua stack space (a constant set in Lua's C code), so it's giving a different error from the one that was expected. If nothing else we could revert rELUA7a7f5226765e: Adding a unit test for CVE-2014-5461 in Scribunto. and let them try again on that task. TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: BawolffCc: Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs