[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9526 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #5 from Unnilennium--- # tail -f /var/log/httpd/admin_error_log [Thu May 26 11:36:22 2016] [notice] Digest: generating secret for digest authentication ... [Thu May 26 11:36:22 2016] [notice] Digest: done [Thu May 26 11:36:22 2016] [notice] Apache/2.2.15 (Unix) mod_auth_tkt/2.1.0 configured -- resuming normal operations [Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] Can't locate esmith/FormMagick/Panel/dungogdansguardian.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /etc/e-smith/web/panels/manager/cgi-bin/dungogdansguardian line 14., referer: https://192.168.80.49/server-manager/navigation [Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] BEGIN failed--compilation aborted at /etc/e-smith/web/panels/manager/cgi-bin/dungogdansguardian line 14., referer: https://192.168.80.49/server-manager/navigation [Thu May 26 12:52:28 2016] [error] [client 127.0.0.1] Premature end of script headers: dungogdansguardian, referer: https://192.168.80.49/server-manager/navigation so wrong module path I fixed this, should work with release 8 available in repos in few minutes -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9526 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #4 from Unnilennium--- (In reply to Seve Semple from comment #3) > Thank you for your comments. > I tried to install by simply putting the below command in the console. > This worked ... sort of . > yum install smeserver-dansguardian-panel > --enablerepo=smedev,smetest,smecontribs > > It installed perfectly and then I rebooted with the proper reboot commands. > > When It came up there was a dungog.net menu item on the left and then under > that Dansguardian. > But when I click on DansguardianI see the message to the right: > > Internal Server Error > The server encountered an internal error or misconfiguration and was unable > to complete your request. > Please contact the server administrator admin and inform them of the time > the error occurred and anything you might have done that may have caused the > error. > More information about this error may be available in the server error log. ok this is a panel error I can test and correct on my own, I should have tested it before. sme9 is a little more strict than 8 where it diplayed fine when I tested. > > I also can't surf the web with the workstation connected to it. All sites > say Dansguardian Access denied. it is then working effectively!! ( a little too much I have to admit) > > I can format and start from scratch if you think that is best. (not first > choice) but I am willing to do this if maybe there is crap left over from > previous tries ?? > Or is there some configuration I need to look at. no; you could stop the service service dansguardian stop or yum remove dansguardian smeserver-dansguardian smeserver-dansguardian-panel signal-event post-update; signal-event reboot should do the trick. -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9514] smeserver-coova-chilli update
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9514 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #20 from Stefano Zamboni--- (In reply to Unnilennium from comment #19) > > > but this is more like the ini script has been designed for debian as > start-stop-daemon is part of debian / ubuntu > > we should maybe revert it to the version of previous sme7 rpm, as maybe > opensuse has integrated some debian specifics... ok.. I think it's just negligible noise, but.. > > we might need to investigate this. > > did you configure the dns on the client ? no, client receives IP and dns from chilli.. config setprop chilli dns1 8.8.8.8 dns2 8.8.4.4 signal-event chilli-update > > > > I would rather say this is a bug, but is it upstream or ours ... > > it is maybe configured to give a limited time of connection ? maybe that is > why ? yes, I think you're right.. unfortunately now I have no time to change the timeout value via db, restart the service and wait for the timeout to.. timeout :-D will do -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9514] smeserver-coova-chilli update
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9514 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #19 from Unnilennium--- (In reply to Stefano Zamboni from comment #17) > during boot I see a message like > > "starting chilli: which: no start-stop-daemon in.." > > I see it comes from /etc/rc.d/init.d/chilli I have seen the following too : Sarting chilli: which: no start-stop-deamon in (/sbin:/usr/sbin:/bin:/usr/sbin) but this is more like the ini script has been designed for debian as start-stop-daemon is part of debian / ubuntu we should maybe revert it to the version of previous sme7 rpm, as maybe opensuse has integrated some debian specifics... > > anyway, chilli is up & running > > the defalut dns doesn't work for me, but once changed them with google's > ones and logged in as a valid user, it works we might need to investigate this. did you configure the dns on the client ? (In reply to Stefano Zamboni from comment #18) > something strange.. > > closing the logout popup (and even clicking on the "logout" link) seems to > have no effect.. if I reopen my browser I'm still able to surf.. if I reboot > the client, I'm still able to surf.. > > is it a feature or so "by design" or is it a bug? I would rather say this is a bug, but is it upstream or ours ... it is maybe configured to give a limited time of connection ? maybe that is why ? -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9514] smeserver-coova-chilli update
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9514 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #18 from Stefano Zamboni--- something strange.. closing the logout popup (and even clicking on the "logout" link) seems to have no effect.. if I reopen my browser I'm still able to surf.. if I reboot the client, I'm still able to surf.. is it a feature or so "by design" or is it a bug? -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9514] smeserver-coova-chilli update
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9514 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #17 from Stefano Zamboni--- during boot I see a message like "starting chilli: which: no start-stop-daemon in.." I see it comes from /etc/rc.d/init.d/chilli anyway, chilli is up & running the defalut dns doesn't work for me, but once changed them with google's ones and logged in as a valid user, it works -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9526] new fragments requested for /etc/dansguardian/dansguardian.conf template
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9526 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added Summary|These are the fragments |new fragments requested for |requested for dansguardian |/etc/dansguardian/dansguard ||ian.conf template -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 7974] should change phpwebftp to alternate upstream project
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=7974 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added Blocks||8679 -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added Blocks||8679 -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 8679] first import to sme9 tree [smeserver-phpwebftp]
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=8679 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added CC||te...@pialasse.com Depends on||9528, 7974 -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Bug ID: 9528 Summary: XSS security issue in phpwebftp 3.3b Classification: Contribs Product: SME Contribs Version: 8.2 Hardware: --- OS: --- Status: CONFIRMED Severity: normal Priority: P3 Component: smeserver-phpwebftp Assignee: jean-p...@leclere.org Reporter: te...@pialasse.com QA Contact: contribteam@lists.contribs.org https://packetstormsecurity.com/files/137001/phpwebftp-xss.txt from what i know we use 3.3a, so it might be present too PHPWebFTP ver 3.3b - xss vulnerability , by N_A. N_A [at] tutanota.com Vendor has notified Description phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your web server to the FTP server and transferring the files to your web client over the http protocol Vulnerability - PHPWebFTP ver 3.3b allows malicious code injection due to some variables we can control. This allows an attacker to inject malicious code to carry out XSS attacks upon the program. snip , index.php $server=$_SESSION['server']; $user=$_SESSION['user']; $password=$_SESSION['password']; $language=$_SESSION['language']; $port=$_SESSION['port']; $passive=$_SESSION['passive']; snip , index.php further down in the code, the variables are passed without any security/filtering checks: snip, index.php $ftp = new ftp($server, $port, $user, $password, $passive); $ftp->setMode($mode); $ftp->setCurrentDir($currentDir); snip, index.php Code injected into the [server] field: alert('executed'); This is also possible for the [username],[port] and [field] options. N_A [at] tutanota.com -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9526] These are the fragments requested for dansguardian
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9526 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Unnilennium --- imported your work and created new tempalte by adding the existing configuration options. I also added in the template the followings: - contentscanner could be none or clamscan (default none) - reportinglevel could be a numeric value as stated in conf file, default 1 this need to be added to the wiki, this should also be added as available options in the panel. Seve, can you test the new package and report its functionality ? build smeserver-dansguardian-panel smeserver-dansguardian-panel-2_11-7 contribs9 Package smeserver-dansguardian-panel enqueued. Job ID: 1178. yum install smeserver-dansguardian-panel --enablerepo=smedev,smetest,smecontribs -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9526] These are the fragments requested for dansguardian
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9526 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added CC||te...@pialasse.com --- Comment #1 from Unnilennium --- Seve, thank you for your time and efforts. Great work, I am integrating the perl magic from the previous old template. -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/