Redmine Entr’ouvert: Demandeshttps://dev.entrouvert.org/https://dev.entrouvert.org/favicon.ico?15861920342024-03-25T14:19:35ZRedmine Entr’ouvert
Redmine Passerelle - Development #88641 (Nouveau): jobs: pouvoir filtrer sur le statuthttps://dev.entrouvert.org/issues/886412024-03-25T14:19:35ZBenjamin Dauvergne
<p>Et par défaut ne pas afficher les demandes terminées.</p> Lasso - Development #86867 (Résolu (à déployer)): Patches following call for testing lasso 2.9.0 ...https://dev.entrouvert.org/issues/868672024-02-12T14:51:59ZXavier Bachelot
<p>Hi,</p>
<p>Following call for testing lasso 2.9.0 pre-release, I gave it a try on Fedora Rawhide, which uses gcc 14.<br />Please find attached 2 patches I needed to get lasso to build.</p>
<p>Regards,<br />Xavier</p> ldaptools - Development #86510 (Résolu (à déployer)): Abandonner le support python2https://dev.entrouvert.org/issues/865102024-02-03T14:07:11ZBenjamin Dauvergne
<p>.</p> Lasso - Bug #86472 (Résolu (à déployer)): Segmentation fault inside test suitehttps://dev.entrouvert.org/issues/864722024-02-01T19:17:24ZMartin Schreiner
<p>Hello,</p>
<p>On some systems, such as SUSE Linux Enterprise 15 SP5, we're seeing that <strong>lasso-2.6.1</strong> and <strong>lasso-2.8.2</strong> fail to build, as its <strong>test suite hits a segmentation fault</strong> .<br />Through careful analysis, we've discovered the exact instruction that triggers the segfault.</p>
<pre><code>0x7ffff7c84b00 &lt;xmlDictOwns&gt; test %rsi,%rsi <br /> 0x7ffff7c84b03 &lt;xmlDictOwns+3&gt; sete %cl <br /> 0x7ffff7c84b06 &lt;xmlDictOwns+6&gt; test %rdi,%rdi <br /> 0x7ffff7c84b09 &lt;xmlDictOwns+9&gt; je 0x7ffff7c84b4e &lt;xmlDictOwns+78&gt; <br /> 0x7ffff7c84b0b &lt;xmlDictOwns+11&gt; test %cl,%cl <br /> 0x7ffff7c84b0d &lt;xmlDictOwns+13&gt; jne 0x7ffff7c84b4e &lt;xmlDictOwns+78&gt; <br />--> 0x7ffff7c84b0f &lt;xmlDictOwns+15&gt; mov 0x20(%rdi),%rax <br /> 0x7ffff7c84b13 &lt;xmlDictOwns+19&gt; test %rax,%rax <br /> 0x7ffff7c84b16 &lt;xmlDictOwns+22&gt; je 0x7ffff7c84b37 &lt;xmlDictOwns+55&gt; <br /> 0x7ffff7c84b18 &lt;xmlDictOwns+24&gt; nopl 0x0(%rax,%rax,1) <br /> 0x7ffff7c84b20 &lt;xmlDictOwns+32&gt; lea 0x28(%rax),%rdx <br /> 0x7ffff7c84b24 &lt;xmlDictOwns+36&gt; cmp %rdx,%rsi <br /> 0x7ffff7c84b27 &lt;xmlDictOwns+39&gt; jb 0x7ffff7c84b2f &lt;xmlDictOwns+47&gt; <br /> 0x7ffff7c84b29 &lt;xmlDictOwns+41&gt; cmp %rsi,0x8(%rax) <br /> 0x7ffff7c84b2d &lt;xmlDictOwns+45&gt; jae 0x7ffff7c84b48 &lt;xmlDictOwns+72&gt;</code></pre>
<p>This happens when running the following test: <strong>test16_test_get_issuer_fn (basic_tests.c:1019)</strong> .<br />This test contains a loop, and it doesn't happen the first time the instruction is executed. It takes over 30 thousand attempts, but then it always causes a segfault.<br />Various other tests, typically login-related ones, also trigger this issue.</p>
<p>On SLE 15 SP5 specifically, we're using libxml2 version 2.10.3.</p>
<p>I'm including a patch we've written that seems to mitigate the issue, hopefully you can have a look and see how it might mitigate this problem, and maybe other people are also being affected.</p>
<p>We have a build of lasso-2.8.2 running here, with the patch:<br /><a class="external" href="https://build.opensuse.org/package/show/home:pgajdos/lasso">https://build.opensuse.org/package/show/home:pgajdos/lasso</a></p>
<p>Thanks.</p> Passerelle - Development #86412 (Information nécessaire): qrcode: mise en cache du lecteurhttps://dev.entrouvert.org/issues/864122024-02-01T09:46:15ZBenjamin Dauvergne
<p>Discussion initiale: <a class="external" href="https://pad.entrouvert.org/qrcode#PWA--mise-en-cache-du-lecteur">https://pad.entrouvert.org/qrcode#PWA--mise-en-cache-du-lecteur</a></p>
<p>On va éviter de passer par un service-worker et essayer de se dépatouiller uniquement via l'entête cache-control et les directives max-age et stale-while-revalidate, au niveau des fichiers statiques (#86409) et ici au niveau de la page servie. Le but étant qu'un lien vers un lecteur mis en bookmark (ou reçu par SMS ou email) s'ouvre immédiatement dans le téléphone même hors ligne.</p> Django Journal - Bug #86369 (Résolu (à déployer)): jenkins, échec de build après montée de versio...https://dev.entrouvert.org/issues/863692024-01-31T10:07:45ZFrédéric Pétersfpeters@entrouvert.com
<p><a class="external" href="https://jenkins.entrouvert.org/job/django-journal/1751/">https://jenkins.entrouvert.org/job/django-journal/1751/</a></p> Hobo - Development #86346 (Solution proposée): Le cache de RemoteTemplate lève trop d'erreurs inu...https://dev.entrouvert.org/issues/863462024-01-30T18:36:43ZBenjamin Dauvergne
<p>On a régulièrement des traces sentry de ce type<sup><a href="#fn1">1</a></sup>:<br /><pre>
HTTPSConnectionPool(host='demarches.ville-sens.fr', port=443): Read timed out. (read timeout=10)
ReadTimeout: HTTPSConnectionPool(host='demarches.ville-sens.fr', port=443): Read timed out. (read timeout=10)
File "threading.py", line 892, in run
self._target(*self._args, **self._kwargs)
File "hobo/context_processors.py", line 116, in update_content
r = requests.get(
File "requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
</pre><br />qui ne nous apporte pas grand choses à part du bruit.</p>
<p>Je propose d'augmenter de ne lever une erreur que si ça fait plus d'1 heure qu'une mise à jour n'a pas eu lieu.</p>
<p id="fn1" class="footnote"><sup>1</sup> <a class="external" href="https://sentry.entrouvert.org/entrouvert/publik/issues/113170/">https://sentry.entrouvert.org/entrouvert/publik/issues/113170/</a></p> Authentic 2 - Bug #86086 (Solution proposée): FileNotFoundError en cherchant à créer un fichier t...https://dev.entrouvert.org/issues/860862024-01-24T16:47:56ZSentry Io
<p><a class="external" href="https://sentry.entrouvert.org/entrouvert/publik/issues/116003/">https://sentry.entrouvert.org/entrouvert/publik/issues/116003/</a></p>
<pre>
FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/authentic2-multitenant/tenants/.../media/user_imports/zqufzrvg7zaupozms33tow5pum/tmp0s9rr07q'
File "threading.py", line 892, in run
self._target(*self._args, **self._kwargs)
File "authentic2/manager/user_import.py", line 257, in thread_worker
data['duration'] = duration
File "contextlib.py", line 124, in __exit__
next(self.gen)
File "authentic2/manager/user_import.py", line 179, in data_update
with AtomicWriter(self.path, mode='wb', overwrite=True).open() as fd:
File "contextlib.py", line 117, in __enter__
return next(self.gen)
File "__init__.py", line 166, in _open
with get_fileobject(**self._open_kwargs) as f:
File "__init__.py", line 183, in get_fileobject
descriptor, name = tempfile.mkstemp(suffix=suffix, prefix=prefix,
File "tempfile.py", line 471, in mkstemp
return _mkstemp_inner(dir, prefix, suffix, flags, output_type)
File "tempfile.py", line 390, in _mkstemp_inner
fd = _os.open(file, flags, 0o600)
</pre> Lasso - Development #86080 (Résolu (à déployer)): Adjust to structured error callback argument ch...https://dev.entrouvert.org/issues/860802024-01-24T14:15:24ZBenjamin Dauvergne
<p>Patch provided on the mailing list by Florian Weimer of RedHat.</p>
<pre>
diff --git a/lasso/lasso.c b/lasso/lasso.c
index 42b7d6bb2392525e..bc75f5e674b5e657 100644
--- a/lasso/lasso.c
+++ b/lasso/lasso.c
@@ -138,7 +138,13 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
#include "types.c"
static void
-lasso_xml_structured_error_func(G_GNUC_UNUSED void *user_data, xmlErrorPtr error)
+lasso_xml_structured_error_func(G_GNUC_UNUSED void *user_data,
+#if LIBXML_VERSION >= 21200
+ const xmlError *error
+#else
+ xmlErrorPtr error
+#endif
+ )
{
g_log("libxml2", G_LOG_LEVEL_DEBUG, "libxml2: %s", error->message);
}
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index bbc87d9f1e7eb20d..4d5fa78a28222f1a 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -1450,7 +1450,14 @@ lasso_concat_url_query(const char *url, const char *query)
}
}
-static void structuredErrorFunc (void *userData, xmlErrorPtr error) {
+static void structuredErrorFunc (void *userData,
+#if LIBXML_VERSION >= 21200
+ const xmlError *error
+#else
+ xmlErrorPtr error
+#endif
+ )
+{
*(int*)userData = error->code;
</pre> Hobo - Development #85759 (Solution proposée): Avoir une section "Sécurité" pour y définir un éve...https://dev.entrouvert.org/issues/857592024-01-16T21:46:22ZBenjamin Dauvergne
<p>On a pas réussi à déterminer une valeur sûr pour tous les déploiements dans #84055, pour palier à ça il faudrait permettre aux client de poser la politique qui leur va.</p>
<p>Donc 1 écran dans hobo + 1 middleware supplémentaire pour poser ça sur les réponses.</p> Lasso - Development #85339 (Solution proposée): lasso 2.8.2 regression build failure against libx...https://dev.entrouvert.org/issues/853392024-01-05T21:03:09ZRui Chen
<p>Happy new year!</p>
<p>This is Rui, a homebrew maintainer, while we are trying to upgrade<br />libxmlsec1 from 1.3.2 to 1.3.3, we ran into some build failure:</p>
<p>```<br />libtool: link: clang -dynamiclib -o .libs/liblasso.3.dylib<br />.libs/lasso.o .libs/errors.o .libs/registry.o .libs/utils.o<br />.libs/logging.o .libs/key.o<br />-Wl,-force_load,../lasso/xml/ecp/.libs/liblasso-xml-ecp.a<br />-Wl,-force_load,../lasso/xml/.libs/liblasso-xml.a<br />-Wl,-force_load,../lasso/xml/saml-2.0/.libs/liblasso-xml-saml2.a<br />-Wl,-force_load,../lasso/xml/soap-1.1/.libs/liblasso-xml-soap11.a<br />-Wl,-force_load,../lasso/xml/dsig/.libs/liblasso-xml-dsig.a<br />-Wl,-force_load,../lasso/id-ff/.libs/liblasso-id-ff.a<br />-Wl,-force_load,../lasso/saml-2.0/.libs/liblasso-saml-20.a<br />-L/opt/homebrew/Cellar/lasso/2.8.2_2/lib -lz<br />-L/opt/homebrew/Cellar/glib/2.78.3/lib -L/opt/homebrew/opt/gettext/lib<br />-L/opt/homebrew/Cellar/libxml2/2.12.3/lib<br />-L/opt/homebrew/Cellar/openssl@3/3.2.0_1/lib<br />-L/opt/homebrew/Cellar/libxmlsec1/1.3.3/lib<br />-L/opt/homebrew/opt/openssl@3/lib -lgobject-2.0 -lglib-2.0 -lintl<br />-lxmlsec1-openssl -lxmlsec1 -lxslt -lxml2 -lssl -lcrypto<br />-install_name /opt/homebrew/Cellar/lasso/2.8.2_2/lib/liblasso.3.dylib<br />-compatibility_version 19 -current_version 19.2<br />-Wl,-exported_symbols_list,.libs/liblasso-symbols.expsym<br />ld: Undefined symbols:<br /> _xmlSecCryptoAppKeyLoad, referenced from:<br /> _lasso_get_public_key_from_pem_file in liblasso-xml.a<sup><a href="#fn2">2</a></sup>(tools.o)<br />clang: error: linker command failed with exit code 1 (use -v to see invocation)<br />```</p>
<p>This is due to the fact that `xmlSecCryptoAppKeyLoad` is now removed<br />in the 1.3.3 release. See this commit for details,<br /><a class="external" href="https://github.com/lsh123/xmlsec/commit/114f580409e076bbe7b352eb74008d818c6e3e93">https://github.com/lsh123/xmlsec/commit/114f580409e076bbe7b352eb74008d818c6e3e93</a></p>
<p>Let me know if I need to provide more info.</p> w.c.s. - Bug #75777 (Solution proposée): Doublon d'utilisateur au provisionninghttps://dev.entrouvert.org/issues/757772023-03-24T10:45:18ZBenjamin Dauvergne
<p>La logique pour prévenir des doublons est bancale (my bad) il faudrait toujours ré-essaier plutôt que de tenter de deviner qu'elle est le doublon le plus récent à partir des id en base, technique qui ne marche pas (il n'y pas de lien entre l'ordre d'une séquence et l'ordre des commits).</p> Authentic 2 - Development #72462 (Résolu (à déployer)): BO: inclure courriels dans l'import/expor...https://dev.entrouvert.org/issues/724622022-12-15T09:00:14ZAnaïs Ecuvillon
<p>On a la possibilité d'ajouter un ou des courriels (souvent générique.s) lors de la création d'un rôle.</p>
<p>Ce serait utile de pouvoir importer (et donc exporter) un rôle avec cette donnée, les formats json et CSV sont concernés.</p> Authentic 2 - Bug #56850 (En cours): sur la page des rôles d'un utilisateur, liste des OU, IndexE...https://dev.entrouvert.org/issues/568502021-09-10T09:26:38ZSentry Io
<p><a class="external" href="https://sentry.entrouvert.org/entrouvert/publik/issues/51660/">https://sentry.entrouvert.org/entrouvert/publik/issues/51660/</a></p>
<pre>
IndexError: list index out of range
(6 additional frame(s) were not displayed)
...
File "authentic2/manager/views.py", line 125, in dispatch
return super().dispatch(request, *args, **kwargs)
File "authentic2/manager/views.py", line 176, in dispatch
self.search_form = self.get_search_form()
File "authentic2/manager/views.py", line 173, in get_search_form
return form_class(**self.get_search_form_kwargs())
File "authentic2/manager/forms.py", line 465, in __init__
data[ou_key] = str(self.ou_qs[0].pk)
File "django/db/models/query.py", line 291, in __getitem__
return self._result_cache[k]
</pre> Authentic 2 - Development #40685 (Solution proposée): squash des migrationshttps://dev.entrouvert.org/issues/406852020-03-12T11:40:20ZBenjamin Dauvergne
<p>En utilisant django-replace-migrations plutôt que la commande Django qui est difficile à utiliser en cas dépendances croisées (on pourra travailler à limiter ces dépendances ensuite, une fois les migrations nettoyées).</p>