DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422022-07-10T10:42:55ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #776 (Resolved): Users are unable to register to projects.duckcorp.orghttps://projects.duckcorp.org/issues/7762022-07-10T10:42:55ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>There is an issue related to the captcha:<br /><pre>
Oops, we failed to validate your reCAPTCHA response. Please try again.
</pre><br />I tried with firefox and chromium.</p>
<p><code>/var/log/redmine/dc/production.log</code> from the <code>redmine</code> LXC container:<br /><pre>
Started POST "/account/register" for 185.238.6.46 at 2022-07-10 12:53:52 +0000
Processing by AccountController#register as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[REDACTED]", "user"=>{"login"=>"pilou_test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "firstname"=>"pilou", "lastname"=>"pilou_test", "mail"=>"pilou_test@ir5.eu", "language"=>"fr"}, "g-recaptcha-response"=>"[REDACTED]", "commit"=>"Soumettre"}
Current user: anonymous
Rendering plugins/recaptcha/app/views/account/register.html.erb within layouts/base
Rendered plugins/recaptcha/app/views/account/register.html.erb within layouts/base (8.8ms)
Completed 200 OK in 3022ms (Views: 14.7ms | ActiveRecord: 1.4ms)
</pre></p> DuckCorp Infrastructure - Enhancement #460 (Resolved): SSL/TLS: check ciphershttps://projects.duckcorp.org/issues/4602015-07-09T00:02:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
Checks:
<ul>
<li>NULL,EXPORT,LOW,3DES,aNULL must be disabled</li>
<li>RC4 must be disabled</li>
<li>SSLv2,SSLv3 must be disabled</li>
<li>TLSv1.1,TLSv1.2 must be enabled</li>
<li>PFS must be enabled</li>
</ul>
<ul>
<li>SSL Compression must be disabled</li>
</ul>
Configuration updates needed:
<ul>
<li>Postgresql (default conf used <code>HIGH:MEDIUM:+3DES:!aNULL</code>)</li>
<li>Apache (<code>RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW</code>)</li>
</ul>
<ul>
<li>References
<ul>
<li><a class="external" href="https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher">https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher</a></li>
<li><a class="external" href="https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/">https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/</a></li>
<li><a class="external" href="http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html">http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html</a></li>
<li><a class="external" href="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations">https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations</a></li>
<li><a class="external" href="https://github.com/ioerror/duraconf">https://github.com/ioerror/duraconf</a></li>
</ul>
</li>
<li>Tools:
<ul>
<li><a class="external" href="https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh">https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh</a></li>
</ul></li>
</ul> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> Bip - Enhancement #270 (Resolved): GIT: use signed taghttps://projects.duckcorp.org/issues/2702012-01-10T01:53:49ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Signed tags must be used.</p> Bip - Bug #269 (Resolved): buffer overflow when number of open file descriptors >= FD_SETSIZEhttps://projects.duckcorp.org/issues/2692012-01-07T10:28:05ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by Julien Tinnes, thanks to him!</p>
<p>Bip doesn't check if fd is equal or larger than FD_SETSIZE.</p>
<p>From select man page:</p>
<blockquote>
<p>Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.</p>
</blockquote> Bip - Bug #253 (Resolved): Build with -Werrorhttps://projects.duckcorp.org/issues/2532011-10-03T22:28:36ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported with a patch by Arnaud Fontaine, thanks to him !</p>
<p>Warnings should be removed.</p> Bip - Bug #212 (Resolved): When global option log is disabled, query are not backloggedhttps://projects.duckcorp.org/issues/2122011-04-07T00:55:25ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h3 >How to reproduce<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h3>
<ol>
<li>set 'log' option to 'false' in bip.conf</li>
<li>(re)start bip, don't connect any client to bip</li>
<li>send a message with another user in a channel where bip is here</li>
<li>send a private message to bip user with another user</li>
<li>connect a client to bip</li>
<li>message in channel is backlogged</li>
<li>private message is not backlogged only "End of backlog" is displayed</li>
</ol> Bip - Enhancement #211 (Resolved): allow to disable logs by connectionhttps://projects.duckcorp.org/issues/2112011-04-07T00:31:59ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>When global log option is enabled, bip save logs into files. It should be possible to disable logs for some connections.</p>
<p>Patch written by Yoann Guillot is attached.</p> Bip - Bug #188 (New): "FATAL: Element with key nohar already in hash 5151a968" when netplit occurshttps://projects.duckcorp.org/issues/1882011-01-19T00:19:39ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Sometimes when a netsplit occurs, bip exits after logging:</p>
<blockquote>
<p>FATAL: Element with key nohar already in hash 5151a968</p>
</blockquote> Bip - Bug #187 (Resolved): "FATAL: list_remove: item not found" when modifying nicknamehttps://projects.duckcorp.org/issues/1872011-01-19T00:13:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="how-to-reproduce"></a>
<h3 >how to reproduce<a href="#how-to-reproduce" class="wiki-anchor">¶</a></h3>
<ol>
<li>query a user which use bip</li>
<li>change the case of the characters of your username using '/nick' irc command</li>
<li>then bip service used by queried user exit with code 200</li>
</ol>
<p>Bug introduced by: <a class="changeset" title="[BUG] Fix fatal on some nick change When a nick changes to one for which we already have a logst..." href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/d2f7840ced065d644ba626413f5e53900efb39ef">d2f7840c</a><br />Fixed by: <a class="changeset" title="Fix "FATAL: list_remove: item not found" Thanks to Jean-Edouard Babin for reporting it. How to ..." href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/4d4710acb955530694f2434d95ed887d7b96ada7">4d4710ac</a></p> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote> Bip - Bug #185 (Resolved): Build error on armelhttps://projects.duckcorp.org/issues/1852011-01-15T17:06:21ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>From debian bug <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597262" class="external">#597262</a> reported by Philipp Kern</p>
<p>There are errors when building on armel:<br /><pre>
gcc -DHAVE_CONFIG_H -I. -I./src -O2 -g -W -Wall -fPIE -c -o src/log.o src/log.c
In file included from src/log.c:18:
src/irc.h:61: error: redefinition of 'struct user'
src/log.c: In function 'log_build_filename':
src/log.c:154: error: 'struct user' has no member named 'name'
src/log.c: In function 'log_add_file':
src/log.c:312: error: 'struct user' has no member named 'backlog'
src/log.c: In function 'log_find_file':
src/log.c:371: error: 'struct user' has no member named 'connections'
src/log.c:419: error: 'struct user' has no member named 'backlog'
src/log.c: In function 'log_client_none_connected':
src/log.c:738: error: 'struct user' has no member named 'always_backlog'
src/log.c: In function 'log_advance_backlogs':
src/log.c:758: error: 'struct user' has no member named 'backlog'
src/log.c:758: error: 'struct user' has no member named 'backlog_lines'
src/log.c:761: error: 'struct user' has no member named 'backlog_lines'
src/log.c: In function 'log_beautify':
src/log.c:861: error: 'struct user' has no member named 'bl_msg_only'
src/log.c:937: error: 'struct user' has no member named 'backlog_no_timestamp'
src/log.c: In function 'log_backread':
src/log.c:1062: error: 'struct user' has no member named 'always_backlog'
src/log.c: In function '_log_write':
src/log.c:1135: error: 'struct user' has no member named 'backlog_lines'
src/log.c:1154: error: 'struct user' has no member named 'always_backlog'
src/log.c: At top level:
src/log.c:1198: error: conflicting types for 'log_new'
src/log.h:65: note: previous declaration of 'log_new' was here
src/log.c: In function 'log_new':
src/log.c:1203: warning: assignment from incompatible pointer type
</pre></p>
<p>Dann Frazier analysed the problem: <cite>sys/user.h on armel has a conflicting definition of 'struct user'</cite>.</p> Bip - Bug #165 (New): doesn't load openssl support for sha-256 digesthttps://projects.duckcorp.org/issues/1652010-10-26T00:21:16ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p><a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601021" class="external">Debian bug #601021</a></p>
<blockquote>
<p>As the subject says, bip doesn't make openssl load support for the sha-256<br />digest algorhytm. I've fixed a similar bug in fetchmail a while ago, see<br />Debian bug #576430 for a bit more info on the matter.<br />Attached is a simple patch that forces openssl to load support for everything<br />it knows :)<br />Sjoerd Simons</p>
</blockquote> MyCyma - Bug #5 (Resolved): Can not modify "technique"/"Support" propertyhttps://projects.duckcorp.org/issues/52009-01-04T01:31:20ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>In admin UI, "technique"/"support" property can not be modified : an error appears.</p>
Steps to reproduce :
<ol>
<li>Log with an admin account</li>
<li>Go to "Gérer la cimaise / gérer les œuvres" </li>
<li>Edit one painting (for example painting with name : "Bosquet et arbres morts / Le pavé des roizes")</li>
<li>Change the technique/support property (select "Papier aquarelle")</li>
<li>Validate modification</li>
<li>Error appears :<br />bq. ActiveRecord::StatementInvalid in Admin/artworksController#update<br />Mysql::Error: Duplicate entry '8' for key 1: INSERT INTO `artworks_techniques` (`id`, `artwork_id`, `technique_id`) VALUES (8, 22, 8)</li>
</ol>
<hr />
<p>Impossible de modifier le support d'une œuvre</p> MyCyma - Bug #1 (Resolved): size's setting when editing item / valeur de la dimension lors de l'e...https://projects.duckcorp.org/issues/12008-11-23T21:22:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>When editing an item, size's value is <strong>always</strong> "250 x 250".</p>
<p>Lorsqu'on édite une œuvre, la dimension affichée n'est pas correcte : la dimension "250 x 250" s'affiche à la place de la dimension saisie lors de la création de l'œuvre.</p>