Michal Čihař - Weblog

Weekly phpMyAdmin contributions 2016-W33

Last week was finally a bit calmer on security issues side so I could look into other issues as well. I finally had time to review some of the pull requests and go through the newly opened issues, but still there is lot of work to do.

The biggest change was that we've launched new website. This was mostly finished some weeks ago, but now it is alive. Hopefully it looks better and cleaner as it was created with all current page content in mind and not continuously adding new things on the way. Anyway it feels a bit strange for me doing designer work when I'm not really good at it. Anyway this is probably fourth version of our website I've done...

One other thing worth mentioning is reintroduction of $cfg['PmaAbsoluteUri'] in upcoming 4.6.5 release. It turns out to be needed in some reverse proxy setups.

Handled issues:

Continuous integration on multiple platforms

Over the weekend I've played with continuous integration for Gammu to make it run on more platforms. I had to remember many things from the Windows world on the way and the solution is not yet complete, but the basic build is working, the only problematic part are external dependencies.

First of all we already have Linux builds on Travis CI. These cover compilation with both GCC and Clang compilers, hopefully covering most of the possible problems.

Recently I've added OS X builds on Travis CI, what was pretty much painless and worked out of the box.

The next major architecture to support is Windows. Once I've discovered AppVeyor I thought it might be the way to go. The have free plans for open-source projects (though it has only one parallel build compared to four provided by Travis CI).

As our build system is cross platform based on CMake, it should work pretty much out of the box, right? Well almost, tweaking the basics took some time (unfortunately there is no CMake support on AppVeyor, so you have to script it a bit).

The most painful things on the way:

  • finding our correct way to invoke build and testsuite
  • our code was broken on Windows, making the testsuite to fail
  • how to work with power shell (no, I'm not going to like it)
  • how to download and install executable to PATH
  • test output integration with AppVeyor - done using XSLT transformation and uploading test results manually
  • 32-bit / 64-bit mess, CMake happily finds 32-bit libs during the 64-bit build and vice versa, what makes the build fail later when linking - fixed by trying if code can be built with given library
  • 64-bit code crashes in dummy driver, causing testsuite failures (this has to be something Windows specific as the code works fine on 64-bit Linux) - this seems to be caused by too big allocations on stack, moving them to heap will fix this

You can check our current appveyor.yml in case you're going to try something similar. Current build results are on AppVeyor.

As a nice side effect, we now have up to date Windows binaries for Gammu.

Wammu 0.42

Yesterday, I've released Wammu 0.42. There are no major updates, more likely it's usual localization and minor bugfixes release.

As usual up to date packages are now available in Debian sid, Gammu PPA for Ubuntu or openSUSE buildservice for various RPM based distros.

Want to support further Wammu development? Check our donation options or support Gammu team on BountySource Salt.

Weekly phpMyAdmin contributions 2016-W32

Tonight phpMyAdmin 4.0.10.17, 4.4.15.8, and 4.6.4 were released and you can probably see that there are quite some security issues fixed. Most of them are not really exploitable unless your PHP and webserver are poorly configured, but still it's good idea to upgrade.

If you are running Debian unstable, use our phpMyAdmin PPA for Ubuntu or use phpMyAdmin Docker image upgrading should be as simple as pulling new version.

Besides fixing security issues, we're generally hardening our infrastructure. I'm really grateful that Emanuel Bronshtein (@e3amn2l) is doing great review of all of our code and helps us in this area. This will really make our code and infrastructure much better.

Handled issues:

Revoking old PGP key

It has been already six years since I've moved to using RSA4096 PGP key. For various reasons, the old DSA key was still kept valid till today. This is no longer true and it has been revoked now.

The revoked key is DC3552E836E75604 and new one is 9C27B31342B7511D. In case you've signed the old one and not the new one (quite unlikely if you did not sign it more than six years ago), there has been migration document, where you can verify my new key being signed by the old one.

Gammu 1.37.4

It has been almost three months since last Gammu release and it's time to push fixes out to users. This time the amount of fixes is quite small, covering Huawei devices and text mode for sending SMS.

Full list of changes in 1.37.4:

  • Improved support for Huawei E3131.
  • Fixed SMS support for MULTIBAND 900E.
  • Fixed SMS created in text mode.

Would you like to see more features in Gammu? You an support further Gammu development at Bountysource salt or by direct donation.

Weekly phpMyAdmin contributions 2016-W31

Going back to more or less normal work mode, last week was again more focused on bug handling and improvements.

I've focused on our website, mostly due to some feedback we got from security reviews. It no longer lists MD5 checksums in favor for SHA1 and SHA256. The same change has been applied to themes as well. Besides that I've worked on making the website layout responsive, so that it works reasonably on small screens as well. In the end I've chosen to use Bootstrap for that. This work has been submitted as pull request for review. While working on the hashes, I've realized that we could do more to tell users to verify the downloaded version, so that ended up in second pull request, which adds post download popup showing information how to verify the download (preferring PGP if the release has been signed). Both changes are still pending, but will most likely be merged and put online this week.

Besides website, I've mostly spent time on reviewing pull requests, where we got quite some amount of them and were sitting in the tracker without any feedback. Many of them could be immediately merged, others have received feedback on how to improve them to make them ready for merge.

Handled issues:

Weekly phpMyAdmin contributions 2016-W30

After few weeks of silence, here is another weekly report. The silence was not caused by lack of work being done, but lack of work which could be publicly announced. Things seem to be much calmer now, so regular bug fixing or improvements are on the table now as well.

The biggest improvements this week is cleanup in connection parameters handling, which will allow to specify any additional configuration for control user connection (eg. SSL setup).

Handled issues:

New projects on Hosted Weblate

For almost two months I found very little time to process requests to host free software on Hosted Weblate. Today the queue has been emptied, what means that you can find many new translations there.

To make it short, here is list of new projects:

PS: If you didn't receive reply for your hosting request today, it was probably lost, so don't hesitate to ask again.