| Commit message (Expand) | Author | Age |
|---|
| * | git_revert test: reinstate ikiwiki.setup, and make it work uninstalled•••Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.
I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
| Simon McVittie | 2016-12-28 |
| * | Added a comment | spalax | 2016-12-26 |
| * | Added a comment | smcv | 2016-12-26 |
| * | Question about default timezone ":/etc/localtime" | spalax | 2016-12-25 |
| * | Add CVE references for CVE-2016-10026 | Simon McVittie | 2016-12-21 |
| * | Replied. | intrigeri | 2016-12-20 |
| * | Announce 3.20161219 | Simon McVittie | 2016-12-19 |
| * | Release 3.20161219 | Simon McVittie | 2016-12-19 |
| * | mention security contacts here too | smcv | 2016-12-19 |
| * | Opt in to whatever spam this may bring. | Amitai Schleier | 2016-12-19 |
| * | changelog | Simon McVittie | 2016-12-19 |
| * | Make pagestats output more deterministic.•••Sort in lexical order the pages that have the same number of hits.
| intrigeri | 2016-12-19 |
| * | Update changelog | Simon McVittie | 2016-12-19 |
| * | Restrict CSS matches on .header to not affect <tr>•••Pandoc generates <tr class="header"> to hold <th> elements, and
we don't want to make those be display: block.
Signed-off-by: Simon McVittie <smcv@debian.org>
| Simon McVittie | 2016-12-19 |
| * | List security contacts•••We still don't have a security@ alias; listing personal emails is
unfortunately the next-best thing.
| Simon McVittie | 2016-12-19 |
| * | Add a manual test for reverting git commits•••Signed-off-by: Simon McVittie <smcv@debian.org>
| Simon McVittie | 2016-12-19 |
| * | Tell `git revert` not to follow renames•••Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().
Signed-off-by: Simon McVittie <smcv@debian.org>
| Simon McVittie | 2016-12-19 |
| * | Added a comment: no, not supported | smcv | 2016-12-19 |
| * | rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_... | smcv | 2016-12-19 |
| * | Not possible as stated, but could be adapted into a valid feature request | smcv | 2016-12-19 |
| * | (no commit message) | smcv | 2016-12-19 |
| * | cgitemplate: actually remove dead code•••Signed-off-by: Simon McVittie <smcv@debian.org>
| Simon McVittie | 2016-12-19 |
| * | cgitemplate: remove dead code•••blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this
variable has not been used since commit a052771
"Now that we're always using HTML5, <base href> can be relative".
Signed-off-by: Simon McVittie <smcv@debian.org>
| Simon McVittie | 2016-12-19 |
| * | Report authorization bypass via RCS revert. | intrigeri | 2016-12-17 |
| * | (no commit message) | blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 | 2016-12-14 |
| * | (no commit message) | blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 | 2016-12-14 |
| * | (no commit message) | blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 | 2016-12-14 |
| * | (no commit message) | jeff+ikiwiki@b5854f0ab9935492e3dfefa98419b6530c92b049 | 2016-11-26 |
| * | pagestats determinism: report bug + patch. | intrigeri | 2016-11-20 |
| * | svetlana.nfshost | svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9 | 2016-11-17 |
| * | Added custom solution | Juego | 2016-11-16 |
| * | rename forum/FastCGI_problem_on_Arch.mdwn to forum/__91__Solved__93__FastCGI_... | Juego | 2016-11-16 |
| * | Update my personal site URL. | Amitai Schleier | 2016-11-12 |
| * | update my site links. | james@2468840dc8f314e837e1fde99a5fb1b884fa993a | 2016-11-12 |
| * | Added a comment | openmedi | 2016-11-10 |
| * | Added a comment | openmedi | 2016-11-10 |
| * | (no commit message) | openmedi | 2016-11-10 |
| * | Added a comment | openmedi | 2016-11-06 |
| * | Added a comment | openmedi | 2016-11-03 |
| * | (no commit message) | vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 | 2016-11-03 |
| * | (no commit message) | vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 | 2016-11-03 |
| * | consider portier as a successor to OpenID? | https://id.koumbit.net/anarcat | 2016-11-01 |
| * | introduce portier here as well, while i'm here | https://id.koumbit.net/anarcat | 2016-11-01 |
| * | nextgen persona? | https://id.koumbit.net/anarcat | 2016-11-01 |
| * | another look at bootstrap and packaging strategies | https://id.koumbit.net/anarcat | 2016-11-01 |
| * | The C2 wiki appears to have moved. | Amitai Schleier | 2016-10-23 |
| * | (no commit message) | openmedi | 2016-10-16 |
| * | (no commit message) | icydee | 2016-10-07 |
| * | That was a (curious) mistake.•••This reverts commit 1bfe2e2e19bf45bac52c0cc0bc0b17cea64887b6
| karsk | 2016-09-30 |
| * | removed | karsk | 2016-09-30 |