CAcert Code Development list.

[<ulrich AT cacert.org>]

today I've tried to git pull my local repository against cacert.git and
cacert-devel.git and received a conflict message regarding
cacert-devel.git
by includes/account.php and www/wot.php
Once "rm -f filename"'d I could resolve the problem.
I didn't changed anything in the repository as I only hold these
repositories as a copy of the main repositories
so I don't know what happened in the meanwhile with these two
repositories in the meanwhile.

I'm remembering me about an issue 2, 3 or 4 weeks ago
where dirk tried to transfer bug 1054 patches into the repository
Michael received similar conflicts while merging the patches
into the testserver repository

Maybe Michael has an idea what happens all around this issues,
but Michael isn't available for the 2 upcoming Tuesdays meetings
so probably your last chance is to contact Michael directly
to get an answer before he leaves


regards, uli   ;-)


-----Original Message-----
From: Benny Baumann 
[mailto:benbe AT cacert.org]
 
Sent: Wednesday, October 31, 2012 8:01 PM
To: Wytze van der Raay
Cc: 
cacert-devel AT lists.cacert.org;
 
critical-admin AT cacert.org;
 Michael
Tänzer; Ulrich Schröter
Subject: Re: Patch Request: Bug #978


Hi Wytze,

Am 31.10.2012 11:32, schrieb Wytze van der Raay:
> Hi Benny,
>
> On 30.10.2012 22:38, Benny Baumann wrote:
>> We have a fix for https://bugs.cacert.org/view.php?id=978
>> "Invalid SPKAC requests are not properly validated"
>>
>> The fix was reviewed by Michael Tänzer 
>> (NEO@NHNG)
>>  and me (BenBE).
>> Tests were performed by Ulrich Schröter (Uli60) and JensK.
>>
>> The patch containing the changes is attached. Please also run the
>> makefile so our translators see the new strings (if present) on
>> https://translations.cacert.org/ and new translation get imported into
>> the system.
>>
>> Changed Files (+410/-359):
>> - includes/account.php (+1/-0)
>> - includes/account_stuff.php (+0/-358)
>> - includes/lib/check_weak_key.php (+323/-0) [NEW]
>> - includes/lib/general.php (+83/-1)
>> - www/api/ccsr.php (+3/-0)
> The patch has been installed on the production server on October 31,
2012.
Thanks.
> See also the attached log message.
> Note that one unusual event occurred during the application of the
patch:
> we received a rejection of the patch for includes/account.php:
>
> ***************
> *** 16,21 ****
>       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> 02110-1301  USA
>   */
>       require_once("../includes/loggedin.php");
>
>       loadem("account");
>
> --- 16,22 ----
>       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> 02110-1301  USA
>   */
>       require_once("../includes/loggedin.php");
> +     require_once('lib/check_weak_key.php');
>
>       loadem("account");
>
>
> While it is clear what is intended by the patch, it concerns me that the
> patch as delivered did *not* match the current production version of the
> application code. This should *not* happen. Please re-check your
procedures
> in order to prevent a reoccurrence (with possibly worse consequences) in
> the future.
First a small note on the patch creation:
- The patch was done on release(something around 8dbf200)...bug-978,
thus missing out on the modifications done by af9600cf5d and 8c1b4680.
What I wonder is why those were non-empty commits (at least for the
merge of the tarball branch).

I accidentially did not produce the diff after git checkout release &&
git merge bug-978 via git diff HEAD^..HEAD

Interestingly the line you mentioned was introduced (according to git
blame) just when re-importing the tarball into the release branch.

I'll recheck the situation with the others in the upcoming telco next
Tuesday so we can sort out the full situation here.
> The translation upload and downloads were performed as requested, and
the
> Apache webserver has been restarted to effectuate the changes.
Thanks.

Regards,
BenBE.
> Regards,
> -- wytze
>
>> Have a nice day,
>> Benny Baumann
>> CAcert SoftWare Assessment Team
>>

Attachment: smime.p7s
Description: S/MIME cryptographic signature