Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Exclude working directory from library path (CVE-2016-1238) | Simon McVittie | 2016-07-28 |
| | | | | | | | | | | | | | | | | | | | | | Current Perl versions put '.' at the end of the library search path @INC, although this will be fixed in a future Perl release. This means that when software loads an optionally-present module, it will be looked for in the current working directory before giving up. An attacker could use this to execute arbitrary Perl code from ikiwiki's current working directory. Removing '.' from the library search path in Perl is the correct fix for this vulnerability, but is not trivial to do due to backwards-compatibility concerns. Mitigate this (even if ikiwiki is run with a vulnerable Perl version) by explicitly removing '.' from the search path, and instead looking for ikiwiki's own modules relative to the absolute path of the executable when run from the source directory. In tests that specifically want to use the current working directory, use "-I".getcwd instead of "-I." so we use its absolute path, which is immune to the removal of ".". | ||
* | Revert strange translation of this page to French | Joey Hess | 2016-07-25 |
| | |||
* | (no commit message) | https://me.yahoo.com/acidburn095#b6c38 | 2016-07-25 |
| | |||
* | (no commit message) | https://me.yahoo.com/acidburn095#b6c38 | 2016-07-25 |
| | |||
* | Everyone is using comments here... let's go with the crowd | Martian | 2016-06-30 |
| | |||
* | Added a comment: Using multiple setup files | Martian | 2016-06-30 |
| | |||
* | Add todo/multiple setup option on command line | Martian | 2016-06-30 |
| | |||
* | Add information about multiple setup options. | Martian | 2016-06-30 |
| | |||
* | (no commit message) | sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41 | 2016-06-26 |
| | |||
* | wkhtmltopdf project has moved off of Google Code onto a dedicated site | sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41 | 2016-06-26 |
| | |||
* | update | Joey Hess | 2016-06-23 |
| | |||
* | (no commit message) | Martian | 2016-06-22 |
| | |||
* | apache on fedora and suid bit | Martian | 2016-06-22 |
| | |||
* | yes, not committing the setup file to the same VCS is a security thing | smcv | 2016-06-22 |
| | |||
* | Why not putting setup file in git? | Martian | 2016-06-22 |
| | |||
* | Added a comment | https://me.yahoo.com/zoredache#d4929 | 2016-06-20 |
| | |||
* | (no commit message) | rsayers | 2016-06-16 |
| | |||
* | Link to a work-in-progress plugin | spalax | 2016-06-14 |
| | |||
* | Added a comment: More thought about the `pageversion` plugin | spalax | 2016-06-14 |
| | |||
* | Added a comment: more info required | smcv | 2016-06-11 |
| | |||
* | Added a comment | smcv | 2016-06-11 |
| | |||
* | Added a comment: More information | spalax | 2016-06-10 |
| | |||
* | (no commit message) | https://me.yahoo.com/zoredache#d4929 | 2016-06-09 |
| | |||
* | (no commit message) | https://me.yahoo.com/zoredache#d4929 | 2016-06-09 |
| | |||
* | new user: www.s4-ausbau.de | aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f | 2016-06-09 |
| | |||
* | Added a comment: I'm not so sure that copying metadata is desirable | smcv | 2016-06-09 |
| | |||
* | Questions about a new plugin | spalax | 2016-06-07 |
| | |||
* | Added a comment: cool! | http://schmonz.livejournal.com/ | 2016-06-07 |
| | |||
* | Added a comment | openmedi | 2016-06-07 |
| | |||
* | Added a comment: ok | http://schmonz.livejournal.com/ | 2016-06-07 |
| | |||
* | Added a comment | openmedi | 2016-06-07 |
| | |||
* | Added a comment | openmedi | 2016-06-07 |
| | |||
* | Add required packages | spalax | 2016-06-07 |
| | |||
* | Added a comment: what didn't work with pkgsrc? | http://schmonz.livejournal.com/ | 2016-06-06 |
| | |||
* | Added a comment | openmedi | 2016-06-06 |
| | |||
* | Update plugins/contrib/compile documentation | spalax | 2016-06-05 |
| | |||
* | (no commit message) | aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f | 2016-06-05 |
| | |||
* | refer to openid delegation | https://id.koumbit.net/anarcat | 2016-06-03 |
| | |||
* | Added a comment | smcv | 2016-06-03 |
| | |||
* | Merge branch 'master' of ssh://git.ikiwiki.info | Joey Hess | 2016-06-03 |
|\ | |||
| * | Added a comment: why not keep using pkgsrc? | http://schmonz.livejournal.com/ | 2016-06-02 |
| | | |||
| * | Added a comment | openmedi | 2016-06-02 |
| | | |||
| * | (no commit message) | openmedi | 2016-06-02 |
| | | |||
| * | More about security | spalax | 2016-05-31 |
| | | |||
| * | More thought about "bibtex2html" and "compile" | spalax | 2016-05-31 |
| | | |||
| * | link to discussion | https://id.koumbit.net/anarcat | 2016-05-31 |
| | | |||
| * | expand on the exec idea | https://id.koumbit.net/anarcat | 2016-05-31 |
| | | |||
| * | a list of arbitrary shell delegates, what could possibly go wrong? | smcv | 2016-05-31 |
| | | |||
| * | answer: an exec plugin? | https://id.koumbit.net/anarcat | 2016-05-31 |
| | | |||
* | | add freedombox as a kind of ikiwiki hosting service | Joey Hess | 2016-06-03 |
| | |