From sheila at thinkspot.net Sun Jan 1 07:22:41 2006 From: sheila at thinkspot.net (Sheila King) Date: Sat, 31 Dec 2005 12:22:41 -0800 Subject: [albatross-users] Documentation for arbitrary attributes on any tag... Message-ID: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> OK, I hope this isn't a silly question, but shouldn't this information: http://object-craft.com.au/projects/albatross/albatross/rel-1.30-anytag.html Be included in this part of the docs? http://object-craft.com.au/projects/albatross/albatross/tag-ref.html I just LOVE this recent feature addition. It solves soooo many issues with not being able to nest al-tags. :) Seems to me it deserves to be mentioned in the main docs... -- Sheila King sheila at thinkspot.net http://www.thinkspot.net/sheila/ From fabbe at paniq.net Sun Jan 1 21:38:37 2006 From: fabbe at paniq.net (Fabian Fagerholm) Date: Sun, 01 Jan 2006 12:38:37 +0200 Subject: [albatross-users] Release 1.33 and freshmeat.net entry Message-ID: <1136111917.4384.6.camel@localhost.localdomain> Hi everyone, and Happy New Year! I noticed there hasn't been any announcement for albatross 1.33, even though it is listed as the latest release. The changes from 1.32 were minor, so perhaps you decided not to make an announcement? Also, I found albatross listed at freshmeat.net, but the entry there hasn't been updated since version 1.01. Have you given up the freshmeat listing, or just forgotten to update it? Cheers, -- Fabian Fagerholm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From andrewm at object-craft.com.au Tue Jan 3 18:09:32 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Tue, 03 Jan 2006 18:09:32 +1100 Subject: [albatross-users] Documentation for arbitrary attributes on any tag... In-Reply-To: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> References: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> Message-ID: <20060103070932.49EF16F447C@longblack.object-craft.com.au> >OK, I hope this isn't a silly question, but shouldn't this information: > >http://object-craft.com.au/projects/albatross/albatross/rel-1.30-anytag.html > >Be included in this part of the docs? >http://object-craft.com.au/projects/albatross/albatross/tag-ref.html It certainly should be documented - I had been putting it off because I couldn't work out how to explain it! >I just LOVE this recent feature addition. It solves soooo many issues with >not being able to nest al-tags. :) And the result is much cleaner than nested tags! >Seems to me it deserves to be mentioned in the main docs... Yes. Keep reminding me until I do it. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From andrewm at object-craft.com.au Tue Jan 3 18:11:38 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Tue, 03 Jan 2006 18:11:38 +1100 Subject: [albatross-users] Release 1.33 and freshmeat.net entry In-Reply-To: <1136111917.4384.6.camel@localhost.localdomain> References: <1136111917.4384.6.camel@localhost.localdomain> Message-ID: <20060103071138.D6F9D6F447C@longblack.object-craft.com.au> >I noticed there hasn't been any announcement for albatross 1.33, even >though it is listed as the latest release. The changes from 1.32 were >minor, so perhaps you decided not to make an announcement? Sorry, I had been meaning to make an announcement, but it got lost in the chaos of Christmas. >Also, I found albatross listed at freshmeat.net, but the entry there >hasn't been updated since version 1.01. Have you given up the freshmeat >listing, or just forgotten to update it? Whew, at last, something that isn't my fault! I think Dave has lost his freshmeat login or something. I'll see what I can do. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From sheila at thinkspot.net Wed Jan 4 02:59:33 2006 From: sheila at thinkspot.net (Sheila King) Date: Tue, 03 Jan 2006 07:59:33 -0800 Subject: [albatross-users] Documentation for arbitrary attributes on any tag... In-Reply-To: <20060103070932.49EF16F447C@longblack.object-craft.com.au> References: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> <20060103070932.49EF16F447C@longblack.object-craft.com.au> Message-ID: <766E98D4046541CBFBE6EDEF@Sheila-Kings-Computer.local> --On January 3, 2006 6:09:32 PM +1100 Andrew McNamara wrote: >> Seems to me it deserves to be mentioned in the main docs... > > Yes. Keep reminding me until I do it. Hrrm. Well, relying on me as a reminder tool may be a bit unreliable, but I'll try... -- Sheila King sheila at thinkspot.net http://www.thinkspot.net/sheila/ From djc at object-craft.com.au Wed Jan 4 10:21:54 2006 From: djc at object-craft.com.au (Dave Cole) Date: Wed, 04 Jan 2006 10:21:54 +1100 Subject: [albatross-users] Release 1.33 and freshmeat.net entry In-Reply-To: <20060103071138.D6F9D6F447C@longblack.object-craft.com.au> References: <1136111917.4384.6.camel@localhost.localdomain> <20060103071138.D6F9D6F447C@longblack.object-craft.com.au> Message-ID: <43BB0712.9040001@object-craft.com.au> Andrew McNamara wrote: >>I noticed there hasn't been any announcement for albatross 1.33, even >>though it is listed as the latest release. The changes from 1.32 were >>minor, so perhaps you decided not to make an announcement? > > > Sorry, I had been meaning to make an announcement, but it got lost in > the chaos of Christmas. I got lost in the chaos of receiving Civ IV for Christmas ;-). >>Also, I found albatross listed at freshmeat.net, but the entry there >>hasn't been updated since version 1.01. Have you given up the freshmeat >>listing, or just forgotten to update it? > > Whew, at last, something that isn't my fault! I think Dave has lost his > freshmeat login or something. I'll see what I can do. Lost my brain more like it. - Dave -- http://www.object-craft.com.au From andrewm at object-craft.com.au Wed Jan 4 11:53:04 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Wed, 04 Jan 2006 11:53:04 +1100 Subject: [albatross-users] Albatross 1.33 released Message-ID: <20060104005304.F3F836F447D@longblack.object-craft.com.au> As noted by Fabian, version 1.33 of Albatross has been released. This release is to address a problem with merging form fields. The problem, although obscure, could be exploited by remote users, so we recommend upgrading as soon as possible. I apologise for not posting a notification of this earlier. Fabian - a backport of the fix to stable's version 1.20 should be easy enough - are you happy doing this? -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From fabbe at paniq.net Fri Jan 6 00:02:58 2006 From: fabbe at paniq.net (Fabian Fagerholm) Date: Thu, 05 Jan 2006 15:02:58 +0200 Subject: [albatross-users] Albatross 1.33 released In-Reply-To: <20060104005304.F3F836F447D@longblack.object-craft.com.au> References: <20060104005304.F3F836F447D@longblack.object-craft.com.au> Message-ID: <1136466178.4567.46.camel@localhost.localdomain> On Wed, 2006-01-04 at 11:53 +1100, Andrew McNamara wrote: > I apologise for not posting a notification of this earlier. Fabian - > a backport of the fix to stable's version 1.20 should be easy enough - > are you happy doing this? Sure: I'm now working on getting the Debian stable 1.20 version security-updated. Can anyone think of any changes beside the ones in albatross/context.py that affect the security issue? If not, I'm going to move forward with the attached patch being the only code change. It's simply a diff for context.py from 1.32 to 1.33, adjusted to apply cleanly to 1.20 (only the line numbers have changed). Cheers, -- Fabian Fagerholm -------------- next part -------------- A non-text attachment was scrubbed... Name: 1.20.diff Type: text/x-patch Size: 3292 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From andrewm at object-craft.com.au Fri Jan 6 01:08:01 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Fri, 06 Jan 2006 01:08:01 +1100 Subject: [albatross-users] Albatross 1.33 released In-Reply-To: <1136466178.4567.46.camel@localhost.localdomain> References: <20060104005304.F3F836F447D@longblack.object-craft.com.au> <1136466178.4567.46.camel@localhost.localdomain> Message-ID: <20060105140801.50FB46F447D@longblack.object-craft.com.au> >> I apologise for not posting a notification of this earlier. Fabian - >> a backport of the fix to stable's version 1.20 should be easy enough - >> are you happy doing this? > >Sure: I'm now working on getting the Debian stable 1.20 version >security-updated. Much appreciated - thankyou. >Can anyone think of any changes beside the ones in albatross/context.py >that affect the security issue? I think that's the only security issue since 1.20. >If not, I'm going to move forward with the attached patch being the only >code change. It's simply a diff for context.py from 1.32 to 1.33, adjusted >to apply cleanly to 1.20 (only the line numbers have changed). Yes - that looks correct (check it still passes the tests, however). -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From fabbe at paniq.net Fri Jan 6 02:07:58 2006 From: fabbe at paniq.net (Fabian Fagerholm) Date: Thu, 05 Jan 2006 17:07:58 +0200 Subject: [albatross-users] Albatross 1.33 released In-Reply-To: <20060105140801.50FB46F447D@longblack.object-craft.com.au> References: <20060104005304.F3F836F447D@longblack.object-craft.com.au> <1136466178.4567.46.camel@localhost.localdomain> <20060105140801.50FB46F447D@longblack.object-craft.com.au> Message-ID: <1136473679.4569.81.camel@localhost.localdomain> On Fri, 2006-01-06 at 01:08 +1100, Andrew McNamara wrote: > Yes - that looks correct (check it still passes the tests, however). All tests pass. Ok, thanks Andrew, now I'm waiting for the Debian security procedures to run their course and an update is hopefully around the corner. Cheers, -- Fabian Fagerholm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From gnb at itga.com.au Fri Jan 6 10:15:11 2006 From: gnb at itga.com.au (Gregory Bond) Date: Fri, 06 Jan 2006 10:15:11 +1100 Subject: [albatross-users] Albatross 1.33 released In-Reply-To: <20060104005304.F3F836F447D@longblack.object-craft.com.au> References: <20060104005304.F3F836F447D@longblack.object-craft.com.au> Message-ID: <43BDA87F.7060807@itga.com.au> Andrew McNamara wrote: >As noted by Fabian, version 1.33 of Albatross has been released. > The FreeBSD port has been updated. From andrewm at object-craft.com.au Mon Jan 9 17:00:56 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Mon, 09 Jan 2006 17:00:56 +1100 Subject: [albatross-users] Documentation for arbitrary attributes on any tag... In-Reply-To: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> References: <86AD581C7F4CACBDA70ADFE4@Sheila-Kings-Computer.local> Message-ID: <20060109060056.846826F44D2@longblack.object-craft.com.au> >OK, I hope this isn't a silly question, but shouldn't this information: > >http://object-craft.com.au/projects/albatross/albatross/rel-1.30-anytag.html > >Be included in this part of the docs? >http://object-craft.com.au/projects/albatross/albatross/tag-ref.html Okay - I've added a new section to the manual: http://www.object-craft.com.au/projects/albatross/albatross/tag-any.html It's only in the online version, at the moment. The documentation tarball, the pdf, and the source will see the change in the next release. -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From sheila at thinkspot.net Tue Jan 17 12:45:40 2006 From: sheila at thinkspot.net (Sheila King) Date: Mon, 16 Jan 2006 17:45:40 -0800 Subject: [albatross-users] Vulnerability? Security Focus site says... Message-ID: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> Any comments/reactions to this alert from Security Focus regarding Albatross vulnerability? Albatross Remote Arbitrary Code Execution Vulnerability http://www.securityfocus.com/bid/16252/info -- Sheila King sheila at thinkspot.net http://www.thinkspot.net/sheila/ From tchur at optushome.com.au Tue Jan 17 12:58:58 2006 From: tchur at optushome.com.au (Tim Churches) Date: Tue, 17 Jan 2006 12:58:58 +1100 Subject: [albatross-users] Vulnerability? Security Focus site says... In-Reply-To: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> References: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> Message-ID: <43CC4F62.8070906@optushome.com.au> Sheila King wrote: > Any comments/reactions to this alert from Security Focus regarding > Albatross vulnerability? > > Albatross Remote Arbitrary Code Execution Vulnerability > http://www.securityfocus.com/bid/16252/info > Yes, Andrew McNamara mentioned it on this list: http://www.object-craft.com.au/pipermail/albatross-users/2006-January/001254.html It is fixed in v1.33 with the fix back-ported to v1.20 on debian. Andrew, you need to add a note abot v1.33 on the News page for Albatross. We have not encountered any problems after upgrading to v1.33, and no code chnages were needed to any of our applications. Tim C From andrewm at object-craft.com.au Tue Jan 17 13:45:50 2006 From: andrewm at object-craft.com.au (Andrew McNamara) Date: Tue, 17 Jan 2006 13:45:50 +1100 Subject: [albatross-users] Vulnerability? Security Focus site says... In-Reply-To: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> References: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> Message-ID: <20060117024550.90CB76F4AC7@longblack.object-craft.com.au> >Any comments/reactions to this alert from Security Focus regarding >Albatross vulnerability? > >Albatross Remote Arbitrary Code Execution Vulnerability >http://www.securityfocus.com/bid/16252/info They don't list a CVE number (it is still tagged as private in the CVE database, but it's CVE-2006-0044), but I'm almost certain this is the issue 1.33 was released to address (certainly, the Debian advisory DSA-942-1 is in reference to the 1.33 issue). http://www.object-craft.com.au/projects/albatross/download/albatross-1.33.tar.gz -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/ From sheila at thinkspot.net Tue Jan 17 13:52:35 2006 From: sheila at thinkspot.net (Sheila King) Date: Mon, 16 Jan 2006 18:52:35 -0800 Subject: [albatross-users] Vulnerability? Security Focus site says... In-Reply-To: <43CC4F62.8070906@optushome.com.au> References: <05B3A101489EA7EA5523DB90@Sheila-Kings-Computer.local> <43CC4F62.8070906@optushome.com.au> Message-ID: <44C0B60A1778AD9C35A2F29F@Sheila-Kings-Computer.local> --On January 17, 2006 12:58:58 PM +1100 Tim Churches wrote: > Yes, Andrew McNamara mentioned it on this list: > > http://www.object-craft.com.au/pipermail/albatross-users/2006-January/00 > 1254.html > > It is fixed in v1.33 with the fix back-ported to v1.20 on debian. > > Andrew, you need to add a note abot v1.33 on the News page for Albatross. Hmm. Somehow I missed that. Since it is a security/vulnerability issue, the subject line might've mentioned something more compelling than simply Albatross 1.33 released In any case, the Security Focus page doesn't indicate any resolution. Just kind of leaves you high and dry. Someone might want to submit more info to that Security Focus ticket so that others who see it will know this is addressed and resolved by version 1.33 ? -- Sheila King sheila at thinkspot.net http://www.thinkspot.net/sheila/