Home My Page Projects FusionForge
Summary Activity Forums Tracker Lists News SCM Files Mediawiki Hudson/Jenkins

[#516] use newer ViewVC - Several vulnerabilities were found in ViewVC

Date:
2012-11-06 10:53
Priority:
3
State:
Closed
Submitted by:
Mathias Gebbe (mgebbe)
Assigned to:
Sylvain Beucler (beuc-inria)
Resolution:
Accepted
Difficulty:
none
Target release:
6.0
Summary:
use newer ViewVC - Several vulnerabilities were found in ViewVC

Detailed description
vulnerabilities: http://www.debian.org/security/2012/dsa-2563

FusionForge uses an old version of ViewVC (1.0.0) [May 2006] latest stable is 1.1.17
[Thursday, October 25, 2012]

We should try to build in a newer Version of ViewVC to fix the security issues or try to sperate fusionforge and viewvc (use os stable).

i think viewvc is a nice feature for quick access to the repo to compare revisions etc... so it should be available for users ;)

Message  ↓
Date: 2014-10-30 15:40
Sender: Sylvain Beucler

We externalized viewvc in the development version.

Date: 2012-12-04 13:29
Sender: Mathias Gebbe

i build in the debian distribution ViewVC
this was quite easy (if you know how to do)

I. apt-get install viewvc
II. edit /etc/viewvc.conf and set
/etc/viewvc.conf:
root_parents = /var/lib/gforge/chroot/scmrepos/svn/: svn
root_as_url_component = 0 (to make the old links compatible)
III. edit /usr/share/gforge/www/scm/include/viewvc_utils.php:
#$viewcvs_path.'/bin/cgi/viewvc.cgi 2>&1';
'/usr/lib/viewvc/cgi-bin/viewvc.cgi 2>&1';
IV. link new images to old docroot:
ln -s /usr/share/viewvc/docroot/images/ /usr/share/gforge/www/themes/gforge/viewvc/images/

that works 4 me.
take a look:
http://wald.intevation.org/scm/viewvc.php/?root=openvas

Field Old Value Date By
status_idOpen2014-10-30 15:40beuc-inria
close_dateNone2014-10-30 15:40beuc-inria
assigned_tonone2014-10-30 15:40beuc-inria
ResolutionNone2014-10-30 15:40beuc-inria
Target releaseNone2014-10-30 15:40beuc-inria