This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 8eee465d4358f1068ccd0b8e21d3911f5b0e6b6a (commit)
via 92f420968b43c7611930f10f29a93f0cbd1508b4 (commit)
via d4d50d53bb607ef153a54b557902a8085af4656c (commit)
via ebedd04b5ab2b88b87bdb0d15dc95717b0edf854 (commit)
via 6f214057cea6d5df6adc66d6b39cdb76592041da (commit)
via 074146f0c2c277d34ee5d19b0a384067571b87c0 (commit)
via a20462664cf7dd5940d51420cb36604b96109913 (commit)
via f550b3852ddb33f181b7e19e915e9c1717b1e04a (commit)
via abbc33eb52741597b3586fbbeb5a2b1980a2fd1f (commit)
via caef270d5dc7582fe5d9b0e41a069135e329d082 (commit)
via afcfe76f5195af4566ff3a8280714383fcdb5a67 (commit)
via 1c81c9af0fbc67212109e869e17c53f5b1ea7ea0 (commit)
from f9d6eaef248c8a3f809fa9fdc6e748277d075671 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8eee465d4358f1068ccd0b8e21d3911f5b0e6b6a
Merge: f9d6eae 92f4209
Author: Roland Mas <[email protected]>
Date: Thu May 28 11:15:22 2015 +0200
Merge branch '6.0'
-----------------------------------------------------------------------
Summary of changes:
src/bin/systasksd | 3 ++-
src/common/include/Group.class.php | 4 ++--
src/common/include/RBAC.php | 4 ++--
src/common/include/utils.php | 2 +-
src/etc/httpd.conf.d/vhost-list.inc | 11 +++++++++++
src/plugins/scmgit/common/GitPlugin.class.php | 11 ++++++++---
.../scmhook/library/scmgit/hooks/committracker/post.php | 4 ++--
.../scmhook/library/scmsvn/hooks/committracker/post.php | 4 ++--
src/post-install.d/lists/lists.sh | 7 +++++++
src/www/mail/admin/index.php | 2 +-
10 files changed, 38 insertions(+), 14 deletions(-)
diff --git a/src/bin/systasksd b/src/bin/systasksd
index db8a416..7130077 100755
--- a/src/bin/systasksd
+++ b/src/bin/systasksd
@@ -89,7 +89,8 @@ if (isset($options['v']) or isset($options['verbose'])) {
// Proper daemon
posix_setsid();
chdir('/');
-umask(0);
+//umask(0); // programmers usually expect umask=0022, and this would default
mkdir to 0777
+umask(0022);
$log_path = forge_get_config('log_path');
if (!$verbose) {
// Hack to reopen stdin/stdout/stderr, order is important
diff --git a/src/common/include/Group.class.php
b/src/common/include/Group.class.php
index 5e9fc17..8927950 100644
--- a/src/common/include/Group.class.php
+++ b/src/common/include/Group.class.php
@@ -2355,6 +2355,8 @@ class Group extends Error {
return false;
}
+ db_commit();
+
// Switch to system language for item creation
setup_gettext_from_sys_lang();
@@ -2581,8 +2583,6 @@ class Group extends Error {
session_set_internal($saved_session->getID());
setup_gettext_from_context();
- db_commit();
-
$this->sendApprovalEmail();
$this->addHistory(_('Approved'), 'x');
diff --git a/src/common/include/RBAC.php b/src/common/include/RBAC.php
index 4ee2096..384fec5 100644
--- a/src/common/include/RBAC.php
+++ b/src/common/include/RBAC.php
@@ -874,8 +874,8 @@ abstract class BaseRole extends Error {
}
}
- # Change repo permissions when we change anonymous
access
- if ($sect == 'scm' && $this->getID() == $anon->getID())
{
+ # Change repo permissions when we edit anonymous access
for a single project
+ if ($sect == 'scm' && $this->getID() == $anon->getID()
&& count($refs) == 1) {
$systasksq = new SysTasksQ();
$systasksq->add(SYSTASK_CORE,
'SCM_REPO', $refid);
}
diff --git a/src/common/include/utils.php b/src/common/include/utils.php
index 3733f8e..6287faa 100644
--- a/src/common/include/utils.php
+++ b/src/common/include/utils.php
@@ -1013,7 +1013,7 @@ function util_make_uri($path) {
}
/**
- * util_make_link - Construct proper (relative) URI from path & text
+ * util_make_link - Construct proper URL/URI from path & text
*
* @param string $path
* @param string $text
diff --git a/src/etc/httpd.conf.d/vhost-list.inc
b/src/etc/httpd.conf.d/vhost-list.inc
index 92cfd09..2518219 100644
--- a/src/etc/httpd.conf.d/vhost-list.inc
+++ b/src/etc/httpd.conf.d/vhost-list.inc
@@ -6,3 +6,14 @@ IncludeOptional
${FF__core__config_path}/httpd.conf.d/lists-vhost-plugin-*.inc
RewriteEngine on
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R=301]
+
+ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
+
+Alias /pipermail /var/lib/mailman/archives/public
+<Directory /var/lib/mailman/archives/public>
+ AllowOverride Options
+ Options FollowSymLinks
+ Require all granted
+</Directory>
+
+Alias /images/mailman /usr/share/images/mailman
diff --git a/src/plugins/scmgit/common/GitPlugin.class.php
b/src/plugins/scmgit/common/GitPlugin.class.php
index c7cca15..e5cece1 100644
--- a/src/plugins/scmgit/common/GitPlugin.class.php
+++ b/src/plugins/scmgit/common/GitPlugin.class.php
@@ -503,6 +503,10 @@ control over it to the project's administrator.");
$repo_name = db_result($result,$i,'repo_name');
$description = db_result($result,$i,'description');
$clone_url = db_result($result,$i,'clone_url');
+ // Clone URLs need to be validated to prevent a potential
arbitrary command execution
+ if (!preg_match('|^[-a-zA-Z0-9:./_]+$|', $clone_url)) {
+ $clone_url = '';
+ }
$repodir = $root . '/' . $repo_name . '.git';
if (!is_file("$repodir/HEAD") &&
!is_dir("$repodir/objects") && !is_dir("$repodir/refs")) {
if ($clone_url != '') {
@@ -959,7 +963,7 @@ control over it to the project's administrator.");
}
if (in_array('scmgit', $params['show']) ||
(count($params['show']) < 1)) {
$repo = forge_get_config('repos_path', 'scmgit') . '/'
. $project->getUnixName() . '/' . $project->getUnixName() . '.git';
- if (is_dir($repo) && !is_dir($repo.'/refs')) {
+ if (is_dir($repo) && is_dir($repo.'/refs')) {
$start_time = $params['begin'];
$end_time = $params['end'];
$pipe = popen("GIT_DIR=\"$repo\" git log
--date=raw --since=@$start_time --until=@$end_time --all
--pretty='format:%ad||%ae||%s||%h' --name-status", 'r' );
@@ -1034,8 +1038,9 @@ control over it to the project's administrator.");
if ($url == '') {
// Start from empty
$clone = $url;
- } elseif (preg_match('|^git://|', $url) ||
preg_match('|^https?://|', $url)) {
- // External URLs: OK
+ } elseif ((preg_match('|^git://|', $url) ||
preg_match('|^https?://|', $url))
+ && preg_match('|^[-a-zA-Z0-9:./_]+$|', $url)) {
+ // External URLs: OK, but they need to be
validated to prevent a potential arbitrary command execution
$clone = $url;
} elseif ($url == $project->getUnixName()) {
$clone = $url;
diff --git a/src/plugins/scmhook/library/scmgit/hooks/committracker/post.php
b/src/plugins/scmhook/library/scmgit/hooks/committracker/post.php
index a9008a5..779ffe4 100755
--- a/src/plugins/scmhook/library/scmgit/hooks/committracker/post.php
+++ b/src/plugins/scmhook/library/scmgit/hooks/committracker/post.php
@@ -176,8 +176,8 @@ $artifacts_involved = getInvolvedArtifacts($log);
if ((!is_array($tasks_involved) || count($tasks_involved) < 1) &&
(!is_array($artifacts_involved) || count($artifacts_involved) < 1)) {
- //nothing to post
- die("No artifacts nor tasks in the commit log\n");
+ // No artifacts nor tasks in the commit log
+ exit(0);
}
$i = 0;
diff --git a/src/plugins/scmhook/library/scmsvn/hooks/committracker/post.php
b/src/plugins/scmhook/library/scmsvn/hooks/committracker/post.php
index 7fa2572..078131a 100755
--- a/src/plugins/scmhook/library/scmsvn/hooks/committracker/post.php
+++ b/src/plugins/scmhook/library/scmsvn/hooks/committracker/post.php
@@ -116,8 +116,8 @@ $tasks_involved = getInvolvedTasks($log);
$artifacts_involved = getInvolvedArtifacts($log);
if ((!is_array($tasks_involved) || count($tasks_involved) < 1) &&
(!is_array($artifacts_involved) || count($artifacts_involved) < 1)) {
- //nothing to post
- die("No artifacts nor tasks in the commit log\n");
+ // No artifacts nor tasks in the commit log
+ exit(0);
}
foreach ($changed as $onefile) {
diff --git a/src/post-install.d/lists/lists.sh
b/src/post-install.d/lists/lists.sh
index c3ed79d..ef5fb20 100755
--- a/src/post-install.d/lists/lists.sh
+++ b/src/post-install.d/lists/lists.sh
@@ -27,9 +27,16 @@ case "$1" in
chown www-data:list /var/lib/mailman/archives/private
chmod 2770 /var/lib/mailman/archives/private
fi
+
# Managed by mailman, but referencing it to document where it is:
# echo "Use 'mmsitepass' to set the Mailman master password"
# echo "Cf. /var/lib/mailman/data/adm.pw"
+
+ # Normally defined in per-list config, but needed e.g. in default empty
archives page
+ lists_host=$(forge_get_config lists_host)
+ sed -i -e "s/^DEFAULT_EMAIL_HOST.*/DEFAULT_EMAIL_HOST = '$lists_host'/"
\
+ -e "s/^DEFAULT_URL_HOST.*/DEFAULT_URL_HOST = '$lists_host'/" \
+ /etc/mailman/mm_cfg.py
;;
*)
echo "Usage: $0 {configure}"
diff --git a/src/www/mail/admin/index.php b/src/www/mail/admin/index.php
index 104ef89..becdc48 100644
--- a/src/www/mail/admin/index.php
+++ b/src/www/mail/admin/index.php
@@ -296,7 +296,7 @@ if ($group_id) {
if($currentList->getStatus() ==
MAIL__MAILING_LIST_IS_REQUESTED) {
echo _('Not activated yet');
} else {
- echo
util_make_link($currentList->getExternalAdminUrl(), _('Administration'));
+ echo
util_make_link($currentList->getExternalAdminUrl(), _('Administration'), false,
true);
}
echo '</td>';
echo '<td class="align-center">';
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
