Mikael Nordfeldth | 25 Oct 15:19 2014
Picon

GNU social XSS vulnerability, version bumped to v1.1.2

Hi all, I'm the maintainer of GNU social. Feel free to download my
attached public OpenPGP key if you think it might be of use in the future.

I wish to announce that a GNU social XSS vulnerability was discovered in
the Bookmark plugin, which is enabled by default. I have not asked
whether I can name the person who found the issue, but will give proper
attribution if this person would like that.

Affects: GNU social master repository up until commit #048af5a.
Also affects: StatusNet, all versions (since Bookmark plugin).

Reason: There was no proper check on the input value of the Bookmark
URL, making it possible to enter a value such as
'javascript:alert("Resistance is futile!")'.

Severity: Reasonably, this would require a user to click the link rather
than have anything automatically execute. Should this be a bad
assumption from my side, please voice it on this list and to whomever
may need that info.

Fix: I patched this in commit 39b5e08 visible at
https://gitorious.org/social/mainline/commit/39b5e08d44e22cd3ecd3bf3ba9011ba4944a9c4b
and can easily be applied by hand to StatusNet code.

The resulting source update bumped the version number to 1.1.2-alpha1,
since I figure that might get people to update quicker.

Standard update procedure applies, though no database changes have been
applied lately:
# Stop daemons if you're running them.
(Continue reading)

Knut Erik Hollund | 5 Oct 21:31 2014

Config of GNUsocial for e-mail (smtp). Knowledge sharing.


Hi all,

Some knowledge sharing about setting up eMail notifications in
GNUsocial. (Instance - quitter.no )

I tried to set the configuration in the config.php in the following way:
//Mail
$config['mail']['domain'] = 'quitter.no';
$config['mail']['host'] = 'smtp.domeneshop.no';
$config['mail']['notifyfrom'] = '"Quitter.no" <microblog@...>';
$config['mail']['auth'] = true;
$config['mail']['check_domain'] = false;
$config['mail']['port'] = '587';
$config['mail']['username'] = ‘myusername’;
$config['mail']['password'] = ‘my_secret’_password;
$config['mail']['backend'] = 'smtp';
$config['mail']['debug'] = false;

However this setup did not work.
I read through /lib/mail.php code and discovered that the
configuration is consumed in a differnt way.
One important line is in the function mail_backend() - /lib/mail.php file.

The following code appear :
$backend = Mail::factory(common_config('mail', 'backend'),
                    common_config('mail', 'params') ?: array());

The config’s are read through the ‘params’ array, which does not fit
to my config.php file.
(Continue reading)

Paweł Kosiński | 5 Oct 20:30 2014
Picon

Is this list still alive?

I just want to try if it works.

Regards,
Paweł Kosiński (pskosinski)
Rob Myers | 10 Jul 23:03 2014

Fwd: Re: Recent changes break Twitter integration


Torsten Grote:
> 
> Is there any issue tracker for gnu-social that I could use instead 
> of writing here?

We have a shiny new bug tracker at:

https://bugz.foocorp.net/

> At the moment it is no longer possible to repeat notices that came 
> from Twitter. Twidere just gets an 400 error via the API and the 
> website just tells me "Problem saving notice. Too long." even 
> though the notice in question is not too long.
> 
> Sometimes, you want to find the tweet to the notice in your 
> gnu-social instance. This used to be possible by clicking the 
> "about X hours ago" link. But this now only leads to the same page 
> with the notice.

Thank you for finding and reporting this, would it be possible for you
to add it to the tracker?

> In general I am very happy to see how the development is 
> progressing. Thanks Mikael!

Yes Mikael's doing an awesome job!

Rob.
(Continue reading)

Torsten Grote | 10 Jul 19:22 2014
Picon

Recent changes break Twitter integration

Dear all,

I am aware that there is no official GNU Social release and that development 
is ongoing. Still, I'd like to point out that recent changes to git master 
broke the Twitter integration in some parts.

Is there any issue tracker for gnu-social that I could use instead of writing 
here?

At the moment it is no longer possible to repeat notices that came from 
Twitter. Twidere just gets an 400 error via the API and the website just tells 
me "Problem saving notice. Too long." even though the notice in question is 
not too long.

Sometimes, you want to find the tweet to the notice in your gnu-social 
instance. This used to be possible by clicking the "about X hours ago" link. 
But this now only leads to the same page with the notice.

In general I am very happy to see how the development is progressing. Thanks 
Mikael!

Kind Regards,
Torsten
Charles-Edouard Coste | 16 Jun 18:29 2014
Picon

just a test

Here I am

--

-- 
Charles-Edouard Coste
コスト チャーレジュアー

Consultant NTIC
Synap System EURL
6 Rue du Canal
34070 Montpellier

Tel:    +33 (0) 4 11 93 40 11
Mobile: +33 (0) 6 60 29 61 99

Attachment (smime.p7s): application/pkcs7-signature, 5045 bytes
Emanuele Vedova | 30 Apr 15:48 2014
Picon

twitter bridge doesn't working

hi guys,

GNU Social 1.1.1

PHP 5.3 on centos

afeter logging in

  http://example.org/mublog/twitter/authorization

is like to be a blank page, and no subscription has been made

the facebbok bridge works very well…. this not!

the live site is
http://mublog.net/twitter/authorization

thank you to all

Emanuele Vedova
macgyver@...

Emanuele Vedova | 30 Apr 15:48 2014
Picon

test


Emanuele Vedova
macgyver@...

Enda | 14 Apr 22:00 2014
Picon

Deleting a tweet in GNU social does not delete tweet in Twitter

In GNU social, when I post a "tweet", it is mirrored in Twitter through the connected Twitter account,
however I delete the tweet in GNU social, it is not deleted in Twitter. Can this be done?

-- Enda

Enda | 14 Apr 22:00 2014
Picon

GNU social to Twitter cuts tweet

I type the following "tweet" into GNU social, and it is mirrored in Twitter through my connected account.

GNU social (formerly StatusNet) is social communication software for both public and private communications https://en.wikipedia.org/wiki/GNU_Social

On Twitter however it is 

GNU social (formerly StatusNet) is social communication software for both public and private
communications https://en.wikipedia.org/wiki/GN

with a t.co URL which can fit in the tweet and yet has the wrong URL. Can this be fixed?

Many thanks,

Enda

Enda | 14 Apr 21:53 2014
Picon

Posting messages via email

Posting messages via email used to be possible

http://status.net/wiki/Email

Is it still possible?

-- Enda


Gmane