[QGIS-Developer] Please help with the changelog for 3.12

2020-02-01 Thread Tim Sutton 
Hi All

QGIS 3.12 will be released in 19 days and our changelog needs a lot of love 
before that. If you are able to, please spend some time documenting new 
features and key improvements in the changelog.

https://changelog.qgis.org/en/qgis/version/3.12/ 


Thanks!

Regards

Tim
—









Tim Sutton

Co-founder: Kartoza
Ex Project chair: QGIS.org

Visit http://kartoza.com  to find out about open source:

Desktop GIS programming services
Geospatial web development
GIS Training
Consulting Services

Skype: timlinux 
IRC: timlinux on #qgis at freenode.net

I'd love to connect. Here's my calendar link  to 
make finding time easy.

___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Booking for 's-Hertogenbosch

2020-02-01 Thread Tim Sutton 
Hi

For clarity the process for requesting travel assistance is to fill out this 
form *before* you attend / spend money and then await approval from Andreas:

https://goo.gl/forms/YKm5fo7ll5GfQEJI3 

Also be aware that if you claim travel assistance, you are expected to 
contribute to an event report that will be posted on the blog.

Regards

Tim

> On 1 Feb 2020, at 11:23, Paolo Cavallini  wrote:
> 
> Hi all,
> I noticed many of us did not yet book for the next Contributor Meeting:
> https://github.com/qgis/QGIS/wiki/24th-Contributor-Meeting-in-'s-Hertogenbosch
> I assume the uncertainty about the reimbursement procedures might have
> had a role. The decision by the PSC was:
> * to invite everybody to think before using the more CO2-unfriendly
> travel means
> * to submit a formal resolution for an environmental policy to the next
> Annual General Meeting
> * to keep reimbursement procedures unchanged for now.
> So please go ahead and book your travel and accommodation.
> See you in 's-Hertogenbosch!
> Cheers.
> -- 
> Paolo Cavallini - www.faunalia.eu
> QGIS.ORG Chair:
> http://planet.qgis.org/planet/user/28/tag/qgis%20board/
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

—









Tim Sutton

Co-founder: Kartoza
Ex Project chair: QGIS.org

Visit http://kartoza.com  to find out about open source:

Desktop GIS programming services
Geospatial web development
GIS Training
Consulting Services

Skype: timlinux 
IRC: timlinux on #qgis at freenode.net

I'd love to connect. Here's my calendar link  to 
make finding time easy.

___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Potential vulnerabilities

2020-02-01 Thread Jonathan Moules 
I can't comment on the security aspect, but at the very least there's a 
bug in the WMS compliance. For the GetCapabilities URL it should be 
returning an XML Service Exception (because it has an invalid SERVICE 
value), not a HTTP 500.


I.e., the same request to a (random) GeoServer box shows the sort of 
thing that should be coming back:


http://si.icnf.pt/geoserver/POEM/ows?REQUEST=GetCapabilities=oGMQJLiHSupcMsIjmfMWZQISJOeWgvtonUKYRXwmroNKJMFRYPEnEZPkowATaGjkELTRHGnDntktuVJGaLGTcBeUUJdggwCZNQVmwtAGVOJnxxYRNoCsJqtRfbPjwKjegCwdCLmaYrUVJabXtdkmZeHXsNLjhpdJhbQOYeXwwOIZwVROYYKwXRZxkjXoeGJvmswRUKPNRMhLLkMQtoLmSfPNrQXYHtuPEuKpFIpFccNsEgRbYndKFXiFpnZqJERjSJreOgtxNGcisVVbPVvfplvDRyRbsKbFnPcmlliuCAyoDmYOffSDlAWUApgewpAiJXXdwLDDYbkPaAiqMNkqPfqkIBxhirwdeQEQmTtBeDYIbGYNbGKPxSOYDRhgiGrGPElskHmqCCUaETOPHTPEXMArEpPNYZyJoChNatgYaPfcqIRjwCwDkmMVgUdlxGWgqXxGZwrgeantfXPvxkacZQLKPwlemJfeOuvIVfZrBiwWtIoybuuQAqapuFJBDuZHtMlaIJemxOjPiefmgMSXOpoSwFAipLYwqVApjJtmbOqUBORkfqesknejRvSFQwmCYlHigIZNpBIAINfVVUxtjHekDrJMdYVNgAiZUNUYSnbSyPrFTWiYmrnFUcqnteOMEogsxDXMlbNLBcMCLwDZJCQLblDTElqcWxmcoKiZGBPqTJuSjIPimsfYklNdmIcnwsGdESbaOhtvVwRcoFIKAAninLCqKfsKFXqDfEwNCkXXRFvbcjnXggYywEynhweSdrvbCngwJtceGDAOlQQqCBhgjHmcuSrCUKwBJOeEToYIhTQCgEdBVpIlCYmIBPsNPLIedfITOfincEBqLscQJNktKIvpfgkQFhLOtiyslSKdGkjCCnYYDNVBrTDJsYxELKJcXlJLUMTBOChSpTsfgZMqKtXLkbMOnulrWQLJhwIElLJZhnQDjfmUvsDiVDAEavsGhUXSYlxbPROgZQElKUIXNBGEmducbcREVLjNoZvlNpxcWnVwhNlKOfSZBREGUZXLRfhEloTuZLPphUaEPpydHoHpcNKhVjqsKfQofaaVTAfDwXoUWQtmQaRSAEdwxCdIqllTvObUFcsdyfGqHRQFDGFvHUdeNuTWhIbgDhcTGnJBTxytfHWvQNjSqSGCBDGNPQJaclWFUHPIjAkbvDxRtqFjwtoVOtfYkbiKVbqcphyngrfcxLkGQpHjSldaqekhLoAYGbkXHdnyeKIraNcalFLUvrEKSVYoNpGoZHrKpDckZJSnPHiMIeaOrTCKRWbNcrSDrddeVIqSfSRIILuZpYnpFLJCyYxVGnRonXgCSEqQXcZreffnyaFvkaFcJyyuCivsGMHGhVViEetLWxPEnFsFGuuHFmlIJCtoyyikChSxeMrKxhZoQanBBfexwUjsjAiLUOLnhYmlyuJlsENAoMDiFbbrcfpXeyqnkJOgmCwYakTGegcbpywwAVYJSQtblnWZhfccMksXoHhkXqqbZxYgAsNwPGbJukfaGZakiImInKPoSwvCXXvpqawURRpUmaebduvgDnAYGUmhCcQGkTKqlKVoGumDuDFgpbhcyRgpnVkuymNFsMRChKBFFyBKJNkcNqTEHKHrJdECHYMnWBjJiVqaXBEJQDjoZyjNFwumfShWeeRoqwIDfYSckglinPSgDvJlFxfLtWmiYTrhVSFRQOjdZKdQRhnmpSXVvQLadJpviByssOKIrjpysnXvXHAvRKrIcGEvsvhWEmZkGKPBcFFmmjtQJQZxZIcTVmFWHEUOEejYvOjNrbqYvPaJxbTyucvdMDohGynKrodTGyRJcuMBdFPNFsPbmEQDiXeCBwPHAGvawOvBTlXoMijuSUalSrftFWCHatRoivbehiDtLbRJUItnteqdEMNdrHsqAwgiCMOPDIVCmovSVTLxkclkmBCuVpIAMJtmkdkkHIklamiCQLqtfkhhUkSocYtbQFOJXvaPBBmFWHIvwZHvnGYeaMxdGKwQjLaVvYevVyLQbWlTmKUQlkoOrQNMXdmPbTKgfXRhdoaqQapCNpsCJXvnFXBvXQemkXOdIyCpRptiJllMSdFsIjlywGJOWbpInDLB=1.3.0


On 2020-02-01 18:33, nadiaspit wrote:

Hi,
I am a student of Cybersecurity Master at University of Pisa. My final
project work is about a Security Test of an installation of qgis server +
lizmap web client.
At a first analysis, I found out that lizmap web client is vulnerable to
"Buffer overflow attack"
https://www.owasp.org/index.php/Buffer_overflow_attack

The problem:
"Potential Buffer Overflow. The script closed the connection and threw a 500
Internal Server Error"
The solution:
"Rewrite the background program using proper return length checking. This
will require a recompile of the background executable."

Here you can view the  report

:

I also posted this question to Lizmap web client Github: Is Buffer Overflow
vulnerability a false positive for Lizmap web client?

They suggested to ask to this group.
Any help would be very appreciated.

Kind Regards,
Nadia Spitilli



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer


___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] QGIS Unix Executable Help

2020-02-01 Thread Green, James Mitchell - green3jm 
Hello,

I am working on a python plugin that produces an output to standard out on Mac 
OS X. When I try and directly run the QGIS unix executable from the terminal 
(/QGIS3.4/Contents/MacOs/QGIS ), I receive an error:


Warning: QWidget::insertAction: Attempt to insert null action
Warning: QWidget::insertAction: Attempt to insert null action
Warning: QWidget::insertAction: Attempt to insert null action
ERROR 4: Unable to open EPSG support file gcs.csv.  Try setting the GDAL_DATA 
environment variable to point to the directory containing EPSG csv files.
ERROR 4: Unable to open EPSG support file gcs.csv.  Try setting the GDAL_DATA 
environment variable to point to the directory containing EPSG csv files.
Could not find platform independent libraries 
Could not find platform dependent libraries 
Consider setting $PYTHONHOME to [:]
Fatal Python error: initfsencoding: unable to load the file system codec
ModuleNotFoundError: No module named 'encodings'

Current thread 0x7fff96d89380 (most recent call first):
Abort trap: 6



Any suggestions helping me out? Thank you!


Regards,

Mitchell G.

___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] Potential vulnerabilities

2020-02-01 Thread nadiaspit 
Hi,
I am a student of Cybersecurity Master at University of Pisa. My final
project work is about a Security Test of an installation of qgis server +
lizmap web client.
At a first analysis, I found out that lizmap web client is vulnerable to
"Buffer overflow attack"
https://www.owasp.org/index.php/Buffer_overflow_attack

The problem:
"Potential Buffer Overflow. The script closed the connection and threw a 500
Internal Server Error"
The solution:
"Rewrite the background program using proper return length checking. This
will require a recompile of the background executable."

Here you can view the  report

 
:

I also posted this question to Lizmap web client Github: Is Buffer Overflow
vulnerability a false positive for Lizmap web client?

They suggested to ask to this group.
Any help would be very appreciated.

Kind Regards,
Nadia Spitilli



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] Plugin [440] Visibility Analysis approval notification.

2020-02-01 Thread noreply 

Plugin Visibility Analysis approval by pcav.
The plugin version "[440] Visibility Analysis 1.1" is now approved
Link: http://plugins.qgis.org/plugins/ViewshedAnalysis/
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] Booking for 's-Hertogenbosch

2020-02-01 Thread Paolo Cavallini 
Hi all,
I noticed many of us did not yet book for the next Contributor Meeting:
https://github.com/qgis/QGIS/wiki/24th-Contributor-Meeting-in-'s-Hertogenbosch
I assume the uncertainty about the reimbursement procedures might have
had a role. The decision by the PSC was:
* to invite everybody to think before using the more CO2-unfriendly
travel means
* to submit a formal resolution for an environmental policy to the next
Annual General Meeting
* to keep reimbursement procedures unchanged for now.
So please go ahead and book your travel and accommodation.
See you in 's-Hertogenbosch!
Cheers.
-- 
Paolo Cavallini - www.faunalia.eu
QGIS.ORG Chair:
http://planet.qgis.org/planet/user/28/tag/qgis%20board/
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] ~/.local/share populated with QGIS files for each test

2020-02-01 Thread Sandro Santilli 
On Sat, Feb 01, 2020 at 10:24:44AM +0100, Matthias Kuhn wrote:
> Expected.
> 
> But not by design or desired.

Thanks. I filed https://github.com/qgis/QGIS/issues/34185 to track it.

--strk;
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] Plugin [1959] xyt approval notification.

2020-02-01 Thread noreply 

Plugin xyt approval by pcav.
The plugin version "[1959] xyt 0.1 Experimental" is now approved
Link: 
http://plugins.qgis.org/plugins/xyt-master-79dc6f527656ba87e4eb65255227aa043a4d3d3c/
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] ~/.local/share populated with QGIS files for each test

2020-02-01 Thread Matthias Kuhn 

Expected.

But not by design or desired.

Matthias

On 2/1/20 10:20 AM, Sandro Santilli wrote:

I found out that my `ctest` runs, under QGIS build dir, result
in a directory created under ~/.local/share/ having the same
name as the source python script the run test is coming from.

Hundreds of such directories.

Is this expected or is it a problem with my setup ?

--strk;
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer


___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] ~/.local/share populated with QGIS files for each test

2020-02-01 Thread Sandro Santilli 
I found out that my `ctest` runs, under QGIS build dir, result
in a directory created under ~/.local/share/ having the same
name as the source python script the run test is coming from.

Hundreds of such directories.

Is this expected or is it a problem with my setup ?

--strk;
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer