similar to the change I have just coded and tested :)
thanks
Dmitry E. Oboukhov wrote:
> tags 494648 patch
> thanks
>
> Hi, Sven
>
> see my patch, please
>
> --
>
> . ''`. Dmitry E. Oboukhov
> : :’ : [EMAIL PROTECTED]
> `. `~’ GPGKey: 1024D / F8E26537 2006-11-21
> `- 1B23 D4F8 8EC0 D902 0
tags 494648 patch
thanks
Hi, Sven
see my patch, please
--
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
diff -u twiki-4.1.2/debian/changelog twiki-4.1.2/debian/changelog
--- twiki-4.1.2/debi
merge 494993 468159
thanks
Sven Dowideit a écrit :
> how would this would be different from ?
>
> Debian Bug report logs - #468159
> twiki: Redirect after Template Login failes
>
Oops. Damn, I forgot to check if that it had been found already. I was
so sure it would have been fixed by the time
how would this would be different from ?
Debian Bug report logs - #468159
twiki: Redirect after Template Login failes
Olivier Berger wrote:
> On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
>> the best irony of this bug, is :
>>
>>> I've implemented Joey's suggestion of 1777 & O_E
On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
>
> the best irony of this bug, is :
>
> > I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
> in tmp are written by CGI::Session, that takes care of things.
> >
> > I also moved the 1777 tmp dir back to /tmp/twik
SD>> On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD>>> No, I was told by Nico or Joey that web apps should not be filling up
SD>>> the /var filesystem with session files.
SD>>
SD>>> this is apparently also _not_ a solution.
SD>>
SD>>> /tmp was determined in October 2007 as the best place
SD>>
Dmitry E. Oboukhov wrote:
> On 00:38 Thu 14 Aug , Sven Dowideit wrote:
> SD> No, I was told by Nico or Joey that web apps should not be filling up
> SD> the /var filesystem with session files.
>
> SD> this is apparently also _not_ a solution.
>
> SD> /tmp was determined in October 2007 as the
On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD> No, I was told by Nico or Joey that web apps should not be filling up
SD> the /var filesystem with session files.
SD> this is apparently also _not_ a solution.
SD> /tmp was determined in October 2007 as the best place
Ok, Yoy can do it (in your
Yes, you should not share CGI::Session files, it does lead to leakage,
and really odd side effects.
Olivier Berger wrote:
> Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
>> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
>>
>>> so Dmitry,
>>>
>>> if you were trying
No, I was told by Nico or Joey that web apps should not be filling up
the /var filesystem with session files.
this is apparently also _not_ a solution.
/tmp was determined in October 2007 as the best place
Dmitry E. Oboukhov wrote:
> On 00:17 Thu 14 Aug , Sven Dowideit wrote:
> SD> these a
Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
>
> > so Dmitry,
> >
> > if you were trying to actually help get this fixed, I presume you would
> > have suggested that I just patch the code to
> >
> > rm /tmp/twiki
So are you suggesting that I instead fill up /tmp directly with
thousands of cgisess_123412 files?
because the location that those files go into needs to be predictable -
so that each cgi script goes to the same place.
Julien Cristau wrote:
> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowidei
these are _WEB_ session files.
there are no user directories.
Dmitry E. Oboukhov wrote:
> SD> so Dmitry,
>
> SD> if you were trying to actually help get this fixed, I presume you would
> SD> have suggested that I just patch the code to
>
> SD> rm /tmp/twiki
> SD> and then create it?
>
> SD> o
On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
> so Dmitry,
>
> if you were trying to actually help get this fixed, I presume you would
> have suggested that I just patch the code to
>
> rm /tmp/twiki
> and then create it?
>
> or what are you actually suggesting?
>
No. Don't tou
so Dmitry,
if you were trying to actually help get this fixed, I presume you would
have suggested that I just patch the code to
rm /tmp/twiki
and then create it?
or what are you actually suggesting?
Sven
Dmitry E. Oboukhov wrote:
>
> Where?
>
> $curl
> http://ftp.nl.debian.org/debian/pool/
Le mercredi 13 août 2008 à 13:57 +0100, Steve Kemp a écrit :
> My understanding of the discussion thus far is:
>
> a. This is a genuine bug.
> b. Which has been fixed.
> c. Except in Etch.
No, as :
Le mercredi 13 août 2008 à 16:39 +0400, Dmitry E. Oboukhov a écrit :
> reopen 494
On 13:57 Wed 13 Aug , Steve Kemp wrote:
SK> On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:
SK>> no, its got nothing to do with /var/lib/twiki/data etc, its the location
SK>> for session data - produced by CGI::Session etc.
SK> Yes it does.
SK> The code we're talking about is con
Le mercredi 13 août 2008 à 12:52 +0200, Olivier Berger a écrit :
> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
> > Nico,
> >
> > /var/run - I'll keep that in mind for post lenny - I was really hoping
> > that debian had a place for this sort of session data, but didn't manage
>
On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:
> no, its got nothing to do with /var/lib/twiki/data etc, its the location
> for session data - produced by CGI::Session etc.
Yes it does.
The code we're talking about is contained in the file debian/postinst,
and only executes u
no, its got nothing to do with /var/lib/twiki/data etc, its the location
for session data - produced by CGI::Session etc.
Olivier Berger wrote:
> Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
>> On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
>
>>I know that I can c
Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
> On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
>
>I know that I can coerce it into working:
>
> [EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki
> [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
> [EMAIL PROTECTED]:~$ s
Yes, I would suggest that there is a need for more detailed web apps
policies - not just for where session files should be placed safely, but
also things like safe and consistent ways to configure the webservers
(apache1 vs apache2 are (or were last i looked) already a pain), and
similarly for modu
na, sorry, twiki dumps session data into /tmp/twiki
the /var vs /usr thing is a separate thing thta non-DD's get frustrated
with - basically, most people expect twiki to be laid out in the same
way as it is on non-debian system - everything under one twiki dir.
Debian packaging policy confuses the
Steve, yes but your information is outdated. (although i'm embarrassed
that we didn't also resolve it in the etch version :/)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982
Found in versions 4.1.2-1, twiki/1:4.1.2-2
Fixed in version twiki/1:4.1.2-3
and so, it seems to me that we're ok f
Hi Olivier,
* Olivier Berger <[EMAIL PROTECTED]> [2008-08-13 12:53]:
> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
[...]
> > I'm hoping for the next release that I can move everything into
> > /var/twiki (rather than scattered around the fs, including pollution the
> > perl lib
Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
> Nico,
>
> /var/run - I'll keep that in mind for post lenny - I was really hoping
> that debian had a place for this sort of session data, but didn't manage
> to get there - thanks :)
>
Maybe there is a web apps policy to be determ
On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
> I will have to assume that this report is indeed incorrect unless I hear
> otherwise.
On my Debian Etch system:
[EMAIL PROTECTED]:~$ apt-get source twiki
Reading package lists... Done
Building dependency tree... Done
Need to get 430
Nico,
/var/run - I'll keep that in mind for post lenny - I was really hoping
that debian had a place for this sort of session data, but didn't manage
to get there - thanks :)
I'm hoping for the next release that I can move everything into
/var/twiki (rather than scattered around the fs, including
Hi Sven,
* Sven Dowideit <[EMAIL PROTECTED]> [2008-08-13 11:05]:
> I'd need a second opinion on this report please.
>
> My recollection was that we squashed this in Bug#444982
>
> If not, is there any chance that automated tool users are at least
> required to help out with a bit more information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guys,
I'd need a second opinion on this report please.
My recollection was that we squashed this in Bug#444982
If not, is there any chance that automated tool users are at least
required to help out with a bit more information that the alarmist text
Quoting Sven Dowideit ([EMAIL PROTECTED]):
> ah, good find.
>
> Ardo and Christian,
>
> If I make an update to the 4.1.2 package, fixing this, and a couple of
> other issues that I've been told about in the next 48 days, would one of
> you be willing to upload it for me so it gets into Lenny?
F
ah, good find.
Ardo and Christian,
If I make an update to the 4.1.2 package, fixing this, and a couple of
other issues that I've been told about in the next 48 days, would one of
you be willing to upload it for me so it gets into Lenny?
Sven
Dmitry E. Oboukhov wrote:
> Package: twiki
> Severit
Package: twiki
Severity: grave
Tags: security
This message about the error concerns a few packages at once. I've
tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
config scripts were tested.
In some packages I've discovered scripts with errors which may be used
by a user
33 matches
Mail list logo
