[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9526

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #5 from Unnilennium  ---
# tail -f /var/log/httpd/admin_error_log
[Thu May 26 11:36:22 2016] [notice] Digest: generating secret for digest
authentication ...
[Thu May 26 11:36:22 2016] [notice] Digest: done
[Thu May 26 11:36:22 2016] [notice] Apache/2.2.15 (Unix) mod_auth_tkt/2.1.0
configured -- resuming normal operations
[Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] Can't locate
esmith/FormMagick/Panel/dungogdansguardian.pm in @INC (@INC contains:
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at
/etc/e-smith/web/panels/manager/cgi-bin/dungogdansguardian line 14., referer:
https://192.168.80.49/server-manager/navigation
[Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] BEGIN failed--compilation
aborted at /etc/e-smith/web/panels/manager/cgi-bin/dungogdansguardian line 14.,
referer: https://192.168.80.49/server-manager/navigation
[Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] Premature end of script
headers: dungogdansguardian, referer:
https://192.168.80.49/server-manager/navigation



so wrong module path


I fixed this, should work with release 8 available in repos in few minutes

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9526

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #4 from Unnilennium  ---
(In reply to Seve Semple from comment #3)
> Thank you for your comments.
> I tried to install by simply putting the below command in the console.
> This worked ... sort of .
> yum install smeserver-dansguardian-panel
> --enablerepo=smedev,smetest,smecontribs
> 
> It installed perfectly and then I rebooted with the proper reboot commands.
> 
> When It came up there was a dungog.net menu item on the left and then under
> that Dansguardian.
> But when I click on DansguardianI see the message to the right:
> 
> Internal Server Error
> The server encountered an internal error or misconfiguration and was unable
> to complete your request.
> Please contact the server administrator admin and inform them of the time
> the error occurred and anything you might have done that may have caused the
> error.
> More information about this error may be available in the server error log.

ok this is a panel error I can test and correct on my own, I should have tested
it before.
sme9 is a little more strict than 8 where it diplayed fine when I tested.

> 
> I also can't surf the web with the workstation connected to it. All sites
> say Dansguardian Access denied.

it is then working  effectively!! ( a little too much I have to admit)

> 
> I can format and start from scratch if you think that is best. (not first
> choice) but I am willing to do this if maybe there is crap left over from
> previous tries ?? 
> Or is there some configuration I need to look at.

no; 

you could stop the service

service dansguardian stop 

or 

yum remove dansguardian smeserver-dansguardian smeserver-dansguardian-panel
signal-event post-update; signal-event reboot

should do the trick.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9514] smeserver-coova-chilli update

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9514

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #20 from Stefano Zamboni  ---
(In reply to Unnilennium from comment #19)
> 
> 
> but this is more like the ini script has been designed for debian  as
> start-stop-daemon is part of debian / ubuntu
> 
> we should maybe revert it to the version of previous sme7 rpm, as maybe
> opensuse has integrated some debian specifics...

ok.. I think it's just negligible noise, but..

> 

> we might need to investigate this.
> 
> did you configure the dns on the client ?

no, client receives IP and dns from chilli..

config setprop chilli dns1 8.8.8.8 dns2 8.8.4.4 
signal-event chilli-update

> 
> 

> 
> I would rather say this is a bug, but is it upstream or ours ...
> 
> it is maybe configured to give a limited time of connection ? maybe that is
> why ?

yes, I think you're right.. unfortunately now I have no time to change the
timeout value via db, restart the service and wait for the timeout to.. timeout
:-D

will do

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9514] smeserver-coova-chilli update

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9514

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #19 from Unnilennium  ---
(In reply to Stefano Zamboni from comment #17)
> during boot I see a message like
> 
> "starting chilli: which: no start-stop-daemon in.."
> 
> I see it comes from /etc/rc.d/init.d/chilli
I have seen the following too :

Sarting chilli: which: no start-stop-deamon in (/sbin:/usr/sbin:/bin:/usr/sbin)


but this is more like the ini script has been designed for debian  as
start-stop-daemon is part of debian / ubuntu

we should maybe revert it to the version of previous sme7 rpm, as maybe
opensuse has integrated some debian specifics...


> 
> anyway, chilli is up & running
> 
> the defalut dns doesn't work for me, but once changed them with google's
> ones and logged in as a valid user, it works

we might need to investigate this.

did you configure the dns on the client ?



(In reply to Stefano Zamboni from comment #18)
> something strange..
> 
> closing the logout popup (and even clicking on the "logout" link) seems to
> have no effect.. if I reopen my browser I'm still able to surf.. if I reboot
> the client, I'm still able to surf..
> 
> is it a feature or so "by design" or is it a bug?

I would rather say this is a bug, but is it upstream or ours ...

it is maybe configured to give a limited time of connection ? maybe that is why
?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9514] smeserver-coova-chilli update

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9514

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #18 from Stefano Zamboni  ---
something strange..

closing the logout popup (and even clicking on the "logout" link) seems to have
no effect.. if I reopen my browser I'm still able to surf.. if I reboot the
client, I'm still able to surf..

is it a feature or so "by design" or is it a bug?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9514] smeserver-coova-chilli update

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9514

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #17 from Stefano Zamboni  ---
during boot I see a message like

"starting chilli: which: no start-stop-daemon in.."

I see it comes from /etc/rc.d/init.d/chilli

anyway, chilli is up & running

the defalut dns doesn't work for me, but once changed them with google's ones
and logged in as a valid user, it works

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9526

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

Summary|These are the fragments |new fragments requested for
   |requested for dansguardian  |/etc/dansguardian/dansguard
   ||ian.conf template

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 7974] should change phpwebftp to alternate upstream project

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=7974

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 Blocks||8679

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 Blocks||8679

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 8679] first import to sme9 tree [smeserver-phpwebftp]

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=8679

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 CC||te...@pialasse.com
 Depends on||9528, 7974

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Bug ID: 9528
   Summary: XSS security issue in phpwebftp 3.3b
Classification: Contribs
   Product: SME Contribs
   Version: 8.2
  Hardware: ---
OS: ---
Status: CONFIRMED
  Severity: normal
  Priority: P3
 Component: smeserver-phpwebftp
  Assignee: jean-p...@leclere.org
  Reporter: te...@pialasse.com
QA Contact: contribteam@lists.contribs.org

https://packetstormsecurity.com/files/137001/phpwebftp-xss.txt

from what i know we use 3.3a, so it might be present too

PHPWebFTP ver 3.3b - xss vulnerability , by N_A.
N_A [at] tutanota.com


Vendor has notified



Description




phpWebFTP enables connections to FTP servers, even behind a firewall not 
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection 
from your web server to the FTP server and transferring the files to your web 
client over the http protocol



Vulnerability
-


PHPWebFTP ver 3.3b allows malicious code injection due to some variables we 
can control. This allows an attacker to inject malicious code to carry out 
XSS attacks upon the program.


snip , index.php

$server=$_SESSION['server'];
$user=$_SESSION['user'];
$password=$_SESSION['password'];
$language=$_SESSION['language'];
$port=$_SESSION['port'];
$passive=$_SESSION['passive'];

snip , index.php





further down in the code, the variables are passed without any 
security/filtering checks:

snip, index.php

$ftp = new ftp($server, $port, $user, $password, $passive);
$ftp->setMode($mode);
$ftp->setCurrentDir($currentDir);

snip, index.php





Code injected into the [server] field: alert('executed');
This is also possible for the [username],[port] and [field] options.




N_A [at] tutanota.com




--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9526] These are the fragments requested for dansguardian

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9526

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Unnilennium  ---
imported your work and created new tempalte by adding the existing
configuration options.

I also added in the template the followings:

- contentscanner could be none or clamscan (default none)
- reportinglevel could be a numeric value as stated in conf file, default 1

this need to be added to the wiki,
this should also be added as available options in the panel.

Seve,
can you test the new package and report its functionality ?

build smeserver-dansguardian-panel smeserver-dansguardian-panel-2_11-7
contribs9
Package smeserver-dansguardian-panel enqueued.  Job ID: 1178.

yum install smeserver-dansguardian-panel
--enablerepo=smedev,smetest,smecontribs

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9526] These are the fragments requested for dansguardian

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9526

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 CC||te...@pialasse.com

--- Comment #1 from Unnilennium  ---
Seve,

thank you for your time and efforts. 
Great work,  I am integrating the perl magic from the previous old template.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/