aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2016-12-24 12:27:21 +0000
committerSimon McVittie <smcv@debian.org>2016-12-28 21:32:11 +0000
commit7c34df633d6dd0d16538b1911694351b604104ef (patch)
treeb2007e0ee8f54befe52af7060373a45054e8ac39 /debian
parenta9b876e1fad659f72ffe55a9a82601ba31fb652e (diff)
downloadikiwiki-7c34df633d6dd0d16538b1911694351b604104ef.tar
ikiwiki-7c34df633d6dd0d16538b1911694351b604104ef.tar.gz
git_revert test: reinstate ikiwiki.setup, and make it work uninstalled
Previously it was relying on running with an installed ikiwiki and being able to copy in recentchanges.mdwn and wikiicons/ from the underlay in /usr. The underlay in ./underlays/basewiki can't be used (yet) because ikiwiki doesn't allow following symlinks, even from underlays. I'd like to make ikiwiki follow symlinks whose destinations can be verified to be safe (for example making it willing to expose /usr/share/javascript to the web, but not /etc/passwd), at least from underlays, but this is security-sensitive so I'm not going to rush into it.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog1
1 files changed, 1 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 031403830..4a84b28a6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
ikiwiki (3.20161220) UNRELEASED; urgency=medium
* Add CVE references for CVE-2016-10026
+ * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
-- Simon McVittie <smcv@debian.org> Wed, 21 Dec 2016 13:03:07 +0000