From 848ceb4370825e3cbec27d86c294c2e4a3a2f5e5 Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Tue, 10 Nov 2015 14:19:17 +0100 Subject: [PATCH 1/9] Removed non-printable characters at beginning of file --- scripts/ckeditor-config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ckeditor-config.js b/scripts/ckeditor-config.js index b8d69ce7..e3be337f 100755 --- a/scripts/ckeditor-config.js +++ b/scripts/ckeditor-config.js @@ -1,4 +1,4 @@ -/** +/** * @license Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved. * For licensing, see LICENSE.html or http://ckeditor.com/license */ From 37da0441dadaf0c4ce51bd374425e00da4725ebe Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Thu, 10 Dec 2015 19:57:00 +0100 Subject: [PATCH 2/9] Updated FSF address --- COPYING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/COPYING b/COPYING index a43ea212..b050f300 100755 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. From 51cda31f5dc2f780b8a682b72c9f3b95454009dd Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Tue, 22 Dec 2015 10:03:33 +0100 Subject: [PATCH 3/9] Use git revision in elog --- src/elog.c | 22 +++++++++++++++------- xcode/elog.xcodeproj/project.pbxproj | 5 +---- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/elog.c b/src/elog.c index 634a2080..cd67e541 100755 --- a/src/elog.c +++ b/src/elog.c @@ -20,12 +20,12 @@ Contents: Electronic logbook utility - $Id$ - \********************************************************************/ #include "elog-version.h" -char svn_revision[] = "$Id$"; +#include "git-revision.h" +const char *_git_revision = GIT_REVISION; + #include #include @@ -73,6 +73,17 @@ char text[TEXT_SIZE], old_text[TEXT_SIZE], new_text[TEXT_SIZE]; /*------------------------------------------------------------------*/ + +const char *git_revision() +{ + const char *p = _git_revision; + if (strrchr(p, '-')) + p = strrchr(p, '-')+2; + return p; +} + +/*------------------------------------------------------------------*/ + char *map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; void base64_encode(unsigned char *s, unsigned char *d, int size) @@ -1051,10 +1062,7 @@ int main(int argc, char *argv[]) } else { usage: printf("%s ", ELOGID); - strcpy(str, svn_revision + 13); - if (strchr(str, ' ')) - *strchr(str, ' ') = 0; - printf("revision %s\n", str); + printf("revision %s\n", git_revision()); printf("\nusage: elog\n"); printf("elog -h [-p port] [-d subdir]\n"); printf(" Location where elogd is running\n"); diff --git a/xcode/elog.xcodeproj/project.pbxproj b/xcode/elog.xcodeproj/project.pbxproj index 975e49fe..348536bd 100644 --- a/xcode/elog.xcodeproj/project.pbxproj +++ b/xcode/elog.xcodeproj/project.pbxproj @@ -187,10 +187,7 @@ COPY_PHASE_STRIP = NO; GCC_DYNAMIC_NO_PIC = NO; GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - HAVE_SSL, - DEBUG, - ); + GCC_PREPROCESSOR_DEFINITIONS = DEBUG; GCC_WARN_64_TO_32_BIT_CONVERSION = NO; OTHER_LDFLAGS = "-lssl"; PRODUCT_NAME = "$(TARGET_NAME)"; From 2c84e3f27b280e46ea6979f53f8f22d92d32ac9a Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Mon, 25 Jan 2016 08:38:58 +0100 Subject: [PATCH 4/9] Updated translation from Fred --- resources/eloglang.french | 73 ++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 39 deletions(-) mode change 100755 => 100644 resources/eloglang.french diff --git a/resources/eloglang.french b/resources/eloglang.french old mode 100755 new mode 100644 index cec36098..586e961f --- a/resources/eloglang.french +++ b/resources/eloglang.french @@ -1,9 +1,8 @@ # # French translation by Fred Pacquier -# (for 2.9.1+) +# (for 3.1.1+) # A more recent version may be available at : -# http://savannah.psi.ch/viewcvs/trunk/resources/eloglang.french?root=elog -# +# https://bitbucket.org/ritt/elog/src/b4d2a375a1c1991daa94427455f57665f7497df0/resources/eloglang.french?at=master&fileviewer=file-view-default New = Créer Edit = Modifier @@ -324,19 +323,19 @@ Preview = Pr FONT = POLICE SIZE = TAILLE COLOR = COULEUR -astonished = -smiling = -happy = -winking = -big grin = -crying = -cool = -frowning = -confused = -mad = -pleased = -tongue = -yawn = +astonished = surpris +smiling = souriant +happy = heureux +winking = clin d'oeuil +big grin = grand sourire +crying = plure +cool = tranquille +frowning = fronce les sourcils +confused = perdu +mad = furieux +pleased = content +tongue = tire la langue +yawn = baille Encoding = Encodage User "%s" not found in password file = Utilisateur "%s" non trouvé dans le fichier des comptes Cannot write to file %s = Impossible d'écrire dans le fichier %s @@ -467,26 +466,22 @@ This is an automatically generated account recovery email for host %s = Ceci est Please click on following link to recover your account = Veuillez cliquer sur le lien suivant pour récupérer votre compte Email address "%s" not registered = L'adresse mail "%s" n'est pas enregistrée User name "%s" not registered = Le nom d'utilisateur "%s" n'est pas enregistré - -# -#---- please translate following items and then remove this comment ----# -# -Error accessing password file = -CSV (";" separated) + Text = -Entry can only be deleted %1.2lg hours after creation = -Drop attachments here... = -Insert Timestamp = -Pending draft available = -%d pending drafts available = -Create new entry = -If you leave this page you will lose your unsaved changes = -Edited = -All time = -Draft = -Restrict seach to last = -days = -Draft saved at = -You might however then overwrite each other's modifications = -Draft entry created on %s by %s = -Really delete this entry? = -This is a draft message, edit and submit it to make it permanent = +Error accessing password file = Problème d'accès au fichier des mots de passe +CSV (";" separated) + Text = CSV (séparateur ";") + Texte +Entry can only be deleted %1.2lg hours after creation = Une entrée ne peut être supprimée que %1.2lg heures après sa création +Drop attachments here... = Glisser les attachements ici... +Insert Timestamp = Insérer horodatage +Pending draft available = Brouillon en attente disponible +%d pending drafts available = %d brouillons en attente disponibles +Create new entry = Créer une nouvelle entrée +If you leave this page you will lose your unsaved changes = Si vous quittez cette page vos modifications non enregistrées seront perdues +Edited = Modifié +All time = Tous temps +Draft = Brouillon +Restrict seach to last = Restreindre la recherche aux +days = derniers jours +Draft saved at = Brouillon enregistré le +You might however then overwrite each other's modifications = Vous pourriez toutefois écraser mutuellement vos modifications +Draft entry created on %s by %s = Brouillon créé le %s par %s +Really delete this entry? = Supprimer cette entrée, vraiment ? +This is a draft message, edit and submit it to make it permanent = Ceci est un brouillon, modifiez-le et validez-le pour le rendre définitif From 89f48c21e0772bf83121fbd804df8ba15a63fa38 Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Wed, 3 Feb 2016 14:17:05 +0100 Subject: [PATCH 5/9] Increased strings because of buffer overflow for long file names. --- src/elogd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/elogd.c b/src/elogd.c index 5afdfd4a..26e01d50 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -24143,7 +24143,7 @@ int get_thumb_name(const char *file_name, char *thumb_name, int size, int index) void call_image_magick(LOGBOOK * lbs) { - char str[256], cmd[256], file_name[256], thumb_name[256], subdir[256]; + char str[1024], cmd[1024], file_name[256], thumb_name[256], subdir[256]; int cur_width, cur_height, new_size, cur_rot, new_rot, thumb_status; if (!isparam("req") || !isparam("img")) { From ff1542320a20c96db1b0f162d7b832223fb72eb2 Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Fri, 26 Feb 2016 09:08:48 +0100 Subject: [PATCH 6/9] Fixed missing curly brackets --- src/elogd.c | 3 ++- xcode/elogd.xcodeproj/project.pbxproj | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/elogd.c b/src/elogd.c index 26e01d50..daf5f9fd 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -22563,7 +22563,7 @@ int execute_shell(LOGBOOK * lbs, int message_id, char attrib[MAX_N_ATTR][NAME_LE p = stristr(shell_cmd, "$attachments"); strlcpy(tail, p + strlen("$attachments"), sizeof(tail)); *p = 0; - for (i = 0; i < MAX_ATTACHMENTS; i++) + for (i = 0; i < MAX_ATTACHMENTS; i++) { generate_subdir_name(att_file[i], subdir, sizeof(subdir)); if (att_file[i][0] && strlen(shell_cmd) + strlen(lbs->data_dir) + strlen(subdir) + strlen(att_file[i]) < sizeof(shell_cmd) + 1) { @@ -22576,6 +22576,7 @@ int execute_shell(LOGBOOK * lbs, int message_id, char attrib[MAX_N_ATTR][NAME_LE strcat(p, "\" "); p += strlen(p); } + } strlcat(shell_cmd, tail, sizeof(shell_cmd)); } diff --git a/xcode/elogd.xcodeproj/project.pbxproj b/xcode/elogd.xcodeproj/project.pbxproj index b2aef001..b9a86858 100644 --- a/xcode/elogd.xcodeproj/project.pbxproj +++ b/xcode/elogd.xcodeproj/project.pbxproj @@ -153,7 +153,7 @@ D52BA2F113999DB0000458E3 /* Project object */ = { isa = PBXProject; attributes = { - LastUpgradeCheck = 0630; + LastUpgradeCheck = 0720; ORGANIZATIONNAME = PSI; }; buildConfigurationList = D52BA2F413999DB0000458E3 /* Build configuration list for PBXProject "elogd" */; @@ -218,6 +218,7 @@ CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; From 6bc2290ee096c24340147b7fa70f6e59ab6858e7 Mon Sep 17 00:00:00 2001 From: Jason Gochanour Date: Thu, 28 Apr 2016 14:48:52 -0600 Subject: [PATCH 7/9] XSS Vulnerabilities Patch --- src/elogd.c | 67 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 15 deletions(-) diff --git a/src/elogd.c b/src/elogd.c index 5afdfd4a..843a005e 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -10490,7 +10490,9 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL /*---- add password in case cookie expires during edit ----*/ if (getcfg(lbs->name, "Password file", str, sizeof(str)) && isparam("unm")) { - rsprintf("\n", getparam("unm")); + /* XSS fix: Jason Gochanour */ + strencode2(str, getparam("unm"), sizeof(str)); + rsprintf("\n", str); if (isparam("upwd")) strlcpy(upwd, getparam("upwd"), sizeof(upwd)); else @@ -10577,7 +10579,10 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL rsprintf("%s:", loc("Entry time")); rsprintf("%s\n", str); - rsprintf("\n", date); + + /* XSS fix: Jason Gochanour */ + strencode2(str, date, sizeof(str)); + rsprintf("\n", str); } if (_condition[0]) @@ -11839,7 +11844,9 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL thumb_ref[0] = 0; if (strlen(att[index]) < 14 || att[index][6] != '_' || att[index][13] != '_') { - rsprintf("Error: Invalid attachment \"%s\"
", att); + /* XSS fix: Jason Gochanour */ + strencode2(str, att[index], sizeof(str)); + rsprintf("Error: Invalid attachment \"%s\"
", str); } else { strlcpy(file_name, lbs->data_dir, sizeof(file_name)); @@ -11889,7 +11896,9 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL rsprintf("  \n"); /* ImageMagick available, so get image size */ - rsprintf("%s \n", att[index] + 14); + /* XSS fix: Jason Gochanour */ + strencode2(str, att[index], sizeof(str)); + rsprintf("%s \n", str + 14); if (chkext(file_name, ".pdf") || chkext(file_name, ".ps")) sprintf(cmd, "%s -format '%%wx%%h' '%s[0]'", _identify_cmd, file_name); else @@ -12006,10 +12015,12 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL rsprintf("\n"); } + /* XSS fix: Jason Gochanour */ + strencode2(str, att[index], sizeof(str)); if (thumb_ref[0]) - rsprintf("\n", index, thumb_ref, att[index]); + rsprintf("\n", index, thumb_ref, str); else - rsprintf("\n", index, att[index]); + rsprintf("\n", index, str); rsprintf("\n"); } else @@ -13739,7 +13750,9 @@ void show_config_page(LOGBOOK * lbs) rsprintf("