[#516] use newer ViewVC - Several vulnerabilities were found in ViewVC

Description

Summary:

Detailed description

vulnerabilities: http://www.debian.org/security/2012/dsa-2563

FusionForge uses an old version of ViewVC (1.0.0) [May 2006] latest stable is 1.1.17 [Thursday, October 25, 2012]

We should try to build in a newer Version of ViewVC to fix the security issues or try to sperate fusionforge and viewvc (use os stable).

i think viewvc is a nice feature for quick access to the repo to compare revisions etc... so it should be available for users ;)

General Information
Submitted by:
Mathias Gebbe
Date Submitted: 2012-11-06 10:53
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2014-10-30 15:40
Permalink: https://fusionforge.org/tracker/a_follow.php/516
Actions
Internal Fields
Data Type: Feature requests
Assigned to: Sylvain Beucler (beuc-inria)
State: Closed
Priority: 3
Extra Fields
Resolution:
Accepted
Difficulty:
none
Target release:
6.0
Follow-up tabs
Message  ↓
Date: 2014-10-30 15:40
Sender: Sylvain Beucler

We externalized viewvc in the development version.

Date: 2012-12-04 13:29
Sender: Mathias Gebbe

i build in the debian distribution ViewVC this was quite easy (if you know how to do)

I. apt-get install viewvc II. edit /etc/viewvc.conf and set /etc/viewvc.conf: rootparents = /var/lib/gforge/chroot/scmrepos/svn/: svn rootasurlcomponent = 0 (to make the old links compatible) III. edit /usr/share/gforge/www/scm/include/viewvcutils.php: #$viewcvspath.'/bin/cgi/viewvc.cgi 2>&1'; '/usr/lib/viewvc/cgi-bin/viewvc.cgi 2>&1'; IV. link new images to old docroot: ln -s /usr/share/viewvc/docroot/images/ /usr/share/gforge/www/themes/gforge/viewvc/images/

that works 4 me. take a look: http://wald.intevation.org/scm/viewvc.php/?root=openvas

No attached documents

No related commits.

Field Old Value Date By
status_idOpen2014-10-30 15:40
Sylvain Beucler
close_dateNone2014-10-30 15:40
Sylvain Beucler
assigned_tonone2014-10-30 15:40
Sylvain Beucler
ResolutionNone2014-10-30 15:40
Sylvain Beucler
Target releaseNone2014-10-30 15:40
Sylvain Beucler

No relations found.