aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/news/version_3.20150614.mdwn8
-rw-r--r--doc/news/version_3.20161219.mdwn14
-rw-r--r--doc/security.mdwn17
3 files changed, 31 insertions, 8 deletions
diff --git a/doc/news/version_3.20150614.mdwn b/doc/news/version_3.20150614.mdwn
deleted file mode 100644
index 1b08f5a79..000000000
--- a/doc/news/version_3.20150614.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-ikiwiki 3.20150614 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * inline: change default sort order from age to "age title" for
- determinism, partially fixing deterministic build for git-annex,
- ikiwiki-hosting etc. (Closes: #[785757](http://bugs.debian.org/785757))
- * img: avoid ImageMagick misinterpreting filenames containing a colon
- * img test: set old timestamp on source file that will change, so that
- the test will pass even if it takes less than 1 second"""]] \ No newline at end of file
diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn
new file mode 100644
index 000000000..3b64cb8a8
--- /dev/null
+++ b/doc/news/version_3.20161219.mdwn
@@ -0,0 +1,14 @@
+ikiwiki 3.20161219 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+ * inline: Prevent creating a file named ".mdwn" when the
+ postform is submitted with an empty title.
+ * [ Simon McVittie ]
+ * Security: tell `git revert` not to follow renames. If it does, then
+ renaming a file can result in a revert writing outside the wiki srcdir
+ or altering a file that the reverting user should not be able to alter,
+ an authorization bypass. Thanks, intrigeri
+ * cgitemplate: remove some dead code. Thanks, blipvert
+ * Restrict CSS matches against header class to not break
+ Pandoc tables with header rows. Thanks, karsk
+ * Make pagestats output more deterministic. Thanks, intrigeri"""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9dee6d904..a5db9b410 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -546,3 +546,20 @@ vulnerability to execute arbitrary Perl code. An upgrade is recommended
for sites where an untrusted user is able to attach files with arbitrary
names and/or run a setuid ikiwiki wrapper with a working directory of
their choice.
+
+## Editing restriction bypass for git revert
+
+intrigeri discovered that a web or git user could revert a change to a
+page they are not allowed to edit, if the change being reverted was made
+before the page was moved from a location where that user had permission
+to edit it. For example, if a file is moved from `drafts/policy.mdwn`
+(editable by less-trusted users) to `policy.mdwn` (only editable
+by more-trusted users), a less-trusted user could revert a change
+that was made to `drafts/policy.mdwn` prior to that move, and it would
+result in `policy.mdwn` being altered.
+
+This affects sites with the `git` VCS and the `recentchanges` plugin,
+which are both used in most ikiwiki installations.
+
+This bug was reported on 2016-12-17. The fixed version 3.20161219
+was released on 2016-12-19.