Page MenuHomePhorge

PhorgeProject
ActivePublic

Subprojects

Details

Description

Work related to Phorge.

Recent Activity

May 31 2022

dtf edited the content of Welcome.
May 31 2022, 19:42 · Phorge

May 28 2022

golyalpha added a comment to T15094: Catch up the master branch to upstream.

To be fair, I wouldn't discount already needing access as a viable attack vector, even on private installations.

May 28 2022, 06:38 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

It sounds specific to people who already have access, thank you -- do very much need to pull in latest

May 28 2022, 06:32 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.

The disclosed issue is that someone can gain access to Files objects they don't have access to by, for example, getting someone with permissions to edit a task they wrote (by including a reference to that file which gets "activated" when the person with permissions to view it saves the edit), which makes the file accessible via the task description.

May 28 2022, 06:19 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

Thanks -- Offhand do you know if this is related to login in that a malicious actor can gain access to source code when unpatched?

May 28 2022, 06:11 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.

Upstream-T13683

IMPORTANT: This release mitigates a severe security issue which allows attackers with few permission to gain access to files they can not otherwise see. All installs are strongly advised to upgrade.
May 28 2022, 05:10 · Trusted Contributors, Phorge
roguelazer added a comment to T15094: Catch up the master branch to upstream.

FYI today's release (2022 week 21 stable) has a some pretty serious security content

May 28 2022, 00:12 · Trusted Contributors, Phorge

May 21 2022

speck added a comment to T15094: Catch up the master branch to upstream.

@dcog I think the differences with the Harbormaster changes are due to the different approach taken. We planned to do the approach which you took in D25036 which re-played the Phorge diffs on top of phabricator, however in D25040 I just did a merge of the phab/master branch into phorge/master where the Harbormaster changes already existed. Since upstream didn't modify the same Harbormaster files there were no conflicts and things merged appropriately. I did a sanity check of files changed on D25005 with the files changed on D25040.

May 21 2022, 17:06 · Trusted Contributors, Phorge
speck added a comment to T15094: Catch up the master branch to upstream.

Do we even have servers to run the tests on?

May 21 2022, 16:56 · Trusted Contributors, Phorge
speck added a revision to T15094: Catch up the master branch to upstream: D25039: merge phab/master -> phorge/master.
May 21 2022, 16:43 · Trusted Contributors, Phorge
speck added a revision to T15094: Catch up the master branch to upstream: D25040: merge phab/master -> phorge/master.
May 21 2022, 16:43 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.
In T15094#2292, @speck wrote:

I did not think we had Harbormaster set up to run unit tests - I think that involves configuring both Harbormaster and Drydock, and possibly Almanac which I don't think anyone has done.

I'll go back and review those Harbormaster file changes. Thanks for pointing that out!

May 21 2022, 16:40 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.
In T15094#2281, @dcog wrote:

This would be a legitimately good exercise to try and do "properly"... although, the thought of not doing it optimally can be a bit of a barrier to starting..

Given the edge cases outlined in T15094#2279, would there be cases in step 2 (or 1?) from T15094#2259 that might benefit from Git cherry-picking? @golyalpha, any thoughts on that? I nearly never have to use cherry-picking, or maybe I should, but either way I'm not very familiar with it other than I'm wondering if it may be relevant

After some reading I'm finding that, as far as I can tell, it's not designed to pick/integrate *specific lines* from a diff, but rather a specific whole commit (from any local or remote branch most likely).. if I'm understanding it correctly

But, perhaps, it could still have the same effect as removing lines from one, and keeping lines from the other when grabbing specific whole commits

The more I think about this the more I'm confusing myself, but hopefully some fraction of this makes sense

May 21 2022, 16:37 · Trusted Contributors, Phorge
speck added a comment to T15094: Catch up the master branch to upstream.

I did not think we had Harbormaster set up to run unit tests - I think that involves configuring both Harbormaster and Drydock, and possibly Almanac which I don't think anyone has done.

May 21 2022, 16:24 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

I would think that your method produced the results we want... though I was noticing this:

May 21 2022, 15:34 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

I see it looks Harbormaster itself does the testing?

May 21 2022, 15:21 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

My vote is that if tests pass we go ahead and do the thing.... More changes in upstream seems fine, and moving forward if we keep up it should get easier and easier hopefully

May 21 2022, 15:18 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

Oh nice!!

May 21 2022, 15:17 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.
May 21 2022, 15:15 · Trusted Contributors, Phorge
speck added a comment to T15094: Catch up the master branch to upstream.

Though it does appear additional work has been landing upstream today

May 21 2022, 00:52 · Trusted Contributors, Phorge
speck added a comment to T15094: Catch up the master branch to upstream.

Any concerns about landing those changes? Once I land I'll see about updating this instance which should make accessing the repositories possible again.

May 21 2022, 00:45 · Trusted Contributors, Phorge

May 20 2022

speck added a comment to T15094: Catch up the master branch to upstream.

Merged the arcanist repository in D25039

May 20 2022, 03:06 · Trusted Contributors, Phorge

May 17 2022

dcog added a comment to T15094: Catch up the master branch to upstream.

This would be a legitimately good exercise to try and do "properly"... although, the thought of not doing it optimally can be a bit of a barrier to starting..

May 17 2022, 19:51 · Trusted Contributors, Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

Here is one thing I noticed... In at least a couple of the files, there may be changes that:

May 17 2022, 19:21 · Trusted Contributors, Phorge

May 12 2022

golyalpha added a comment to T15094: Catch up the master branch to upstream.

If we merge, a force-push should not be required - unless you mean something other than standard git merge here. (Force-push is required when rewriting already pushed history - git merge simply adds a new commit that applies the changes on top of the branch)

May 12 2022, 06:19 · Trusted Contributors, Phorge

May 3 2022

speck added a comment to T15094: Catch up the master branch to upstream.

It looks like upstream has issued a number of updates which we'll want to pull in. From {E4} we discussed doing the following:

May 3 2022, 19:20 · Trusted Contributors, Phorge

Apr 28 2022

speck added a comment to T15077: Rebrand: Tracking task.

Evan recently landed a boatload of changes to address this under https://secure.phabricator.com/T13658

Apr 28 2022, 14:21 · Phorge

Apr 20 2022

Matthew added a comment to T15026: Create a migration guide to move from Phabricator to Phorge.

As of right now, we have made no changes to the database and other "internals" - our work has been focused on rebranding as "Phabricator" is a trademarked name. For this reason, a rough migration path would be to check out the master branch of rP, copy the config directory from Phabricator to Phorge, and then point Phorge to your Phabricator database. I have tested it myself locally and it appears to work, however; if you have any issues feel free to ask a question on Ponder here and we can get back to you!

Apr 20 2022, 13:47 · Phorge
Higgs added a comment to T15026: Create a migration guide to move from Phabricator to Phorge.

We are now at a decision point where we either install Phorge from Scratch or migrate Phabricator to Phorge.

Apr 20 2022, 09:57 · Phorge
dcog added a comment to T15094: Catch up the master branch to upstream.

Created {D25036}

Apr 20 2022, 02:04 · Trusted Contributors, Phorge
dcog created T15094: Catch up the master branch to upstream.
Apr 20 2022, 01:41 · Trusted Contributors, Phorge

Apr 5 2022

Matthew added a comment to T15012: Update Diviner documentation to reference Phorge.

As discussed in {E2}, we might add temporary banners to Diviner to state that we are rebranding. This would allow some time for us to handle the code rebrand and address the underlying Diviner issues before we edit everything twice.

Apr 5 2022, 19:56 · Phorge
Matthew added a comment to T15012: Update Diviner documentation to reference Phorge.

I will note that also the tech docs aren’t fully generated since there should be docs for most of the phorge/phabricator classes. Also the arcanist docs aren’t generated at all.

Apr 5 2022, 18:57 · Phorge

Apr 4 2022

golyalpha added a comment to T15059: Phabricator doesn't email @outlook.com addresses.

Alright, I've just went through a similar process - they apparently have changed their process a little but there still is a form to fill out: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3 (you need a Microsoft Account to fill it out, but they'll contact you on the contact email you give in the form)

Apr 4 2022, 10:06 · Phorge

Mar 29 2022

golyalpha added a comment to T15077: Rebrand: Tracking task.

Since all changes are going to be submitted to the upstream prior to landing here in Phorge it would be easiest if changes were made to a clone of Phabricator and not a clone of Phorge.

Mar 29 2022, 07:26 · Phorge
speck added a comment to T15006: Re-brand Phorge.

As part of {E1} we reviewed this as a priority item, and have created T15077: Rebrand: Tracking task for concrete first steps forwards. There is a lot of text to update and review and that task is setup with instructions on how we're approaching it as well as listing out all the individual applications to update. Anyone interested in assisting please review that task and feel free to put your name on an application/folder, as well as ask any questions for clarification.

Mar 29 2022, 03:17 · Phorge
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 03:13 · Phorge
speck added a comment to T15077: Rebrand: Tracking task.

I put up some coding guidelines that I could recall from when I was working with upstream on example changes. I won't be back at my home office for another week so there may be some things I'm missing but I think a number of things were covered/discussed with Evan on the example changes in https://secure.phabricator.com/D21712.

Mar 29 2022, 03:08 · Phorge
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 03:00 · Phorge
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 02:35 · Phorge
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 02:35 · Phorge
Matthew updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 00:42 · Phorge

Mar 22 2022

golyalpha updated the task description for T15077: Rebrand: Tracking task.
Mar 22 2022, 12:39 · Phorge
Matthew updated the task description for T15077: Rebrand: Tracking task.
Mar 22 2022, 04:00 · Phorge

Mar 21 2022

avivey triaged T15077: Rebrand: Tracking task as High priority.
Mar 21 2022, 20:17 · Phorge

Mar 16 2022

golyalpha added a comment to T15059: Phabricator doesn't email @outlook.com addresses.

I had experience with emails from my self-hosted mailserver not reaching Microsoft-hosted mailboxes. As far as I remember, their SMTP replies to "suspicious" mail servers with a message that includes a link to some sort of a form which the mail admin should fill out. That worked for me - might need to dig through the server logs to see the link though.

Mar 16 2022, 11:17 · Phorge

Mar 14 2022

MacFan4000 added a comment to T15030: Support a Phorge Extensions ecosystem.

@20after4 per commits like https://secure.phabricator.com/D9202 the changes were abandoned - there is no MediaWiki auth provider in core

Mar 14 2022, 13:59 · Phorge
20after4 added a comment to T15030: Support a Phorge Extensions ecosystem.

@MacFan4000 the mediawiki auth is in core afaik. There is some custom stuff for the wikimedia ldap setup but the oauth part was merged upstream ages ago.

Mar 14 2022, 05:02 · Phorge

Mar 2 2022

MacFan4000 added a comment to D25031: Fix most PHP 8.1 issues.

Yeah if that RFC passes then that would make things way easier. And yes I used sed for a lot of the changes.

Mar 2 2022, 02:21 · Phorge
0 added a comment to D25031: Fix most PHP 8.1 issues.

This patch suppresses the deprecation errors at each site, but there might be a simpler workaround in the same spirit: change the error_reporting calls (of which there are only a handful) to exclude E_DEPRECATED. That would risk masking any other deprecations (probably fine in production, but not in development), whereas this patch risks hiding any non-deprecation errors at these locations.

Mar 2 2022, 01:20 · Phorge