| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
| |
Remove openid provider icons from login selector, since openid providers
are increasingly not working. Verisign retired theirs, and aol and
yahoo/flickr are not commonly used for openid. Any users who still clicked
those icons to login will need to instead enter their openid url.
This commit was sponsored by andrea rota.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* emailauth: Fix cookie problem when user is on https and the cgiurl
uses http, by making the emailed login link use https.
* passwordauth: Use https for emailed password reset link when user
is on https.
Not entirely happy with this approach, but I don't currently see a
better one.
I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.
This commit was sponsored by Michael Magin.
|
| |
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
directory.
Due to the use/abuse of CGI::Session to generate a token for the login
process, a new session database was created for each login, and left behind
afterwards. While each file is small, with many logings this could bloat
the size of /tmp significantly. Fixed by making CGI::Session write to
/dev/null, since there does not seem to be a way to entirely prevent the
writing.
This commit was sponsored by Henrik Riomar on Patreon.
|
|
|
|
|
| |
It wasn't in old Perls, but might be in Perl >= 5.21.1 due to commit
https://perl5.git.perl.org/perl.git/commit/9717af6 (Closes: #869240)
|
|
|
|
|
|
|
| |
Those were not in the original html5 spec, but have been added in the
whatwg html living standard and have wide browser support.
This commit was sponsored by John Peloquin on Patreon.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
savestate is not the right place to write wiki content, and in particular
this breaks websetup if osm's dependencies are not installed, even if
the osm plugin is not actually enabled. (Closes: #719913)
This is not a full solution: it should be possible to render the PoI files
for only the maps that changed, from the format, changes or rendered
hook. However, getting that right would require more understanding of
this plugin, and this version is enough to not break websetup. This
version is the closest correct hook to the one where this previously
took place.
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids misinterpreting initials ("C. S. Lewis was an author"),
the abbreviation for Monsieur ("M. Descartes was a philosopher") and
German page numbering ("S. 42") as ordered lists if they happen to
begin a line.
This only affects the default Discount implementation: Text::Markdown
and Text::MultiMarkdown do not have this feature anyway. A new
mdwn_alpha_list option can be used to restore the old interpretation.
|
|
|
|
|
| |
A new mdwn_footnotes option can be used to disable footnotes in
MultiMarkdown and Discount.
|
|
|
|
|
| |
We can ask libdiscount not to elide <style> blocks, which means we
don't have to work around them.
|
|
|
|
|
| |
$@ could be clobbered by the "exception handler", and in practice
it seems that it is. This can be seen on stderr of t/git-cgi.t.
|
|
|
|
|
|
| |
A frequently cut-and-pasted HTTP basic authentication configuration
for nginx sets it to the empty string when not authenticated, which
is not useful.
|
|
|
|
|
|
|
|
|
|
|
| |
This hopefully fixes a race condition in which the test failed
around 6% of the time.
If we don't wait, the mtime (which is rounded down to 1 second precision
in the APIs we use) will not necessarily change, so the update will not
necessarily cause the page to be refreshed.
Bug-Debian: https://bugs.debian.org/862494
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The virtual package libmagickcore-extra is now merely an alternative,
to help autopkgtest to do the right thing.
|
| |
|
|
|
|
| |
Moin Moin
|
| |
|
|
|
|
| |
It does not make much sense there.
|
|
|
|
|
| |
It does not seem to have any more current URL, and in any case our
version is a fork.
|
|
|
|
| |
intended interpretation
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
We exclude .git/hooks from symlinking into the temporary working tree,
which avoids the commit hook being run for the temporary branch anyway.
This avoids the wiki not being updated if an orthogonal change is
received in process A, while process B prepares a revert that is
subsequently cancelled.
|
| |
|
| |
|
|
|
|
| |
Thanks to the Debian security team for allocating these.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().
It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.
OVE-20161226-0002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0. Force it into scalar context where it is used
in an argument list.
This prevents two (relatively minor) commit metadata forgery
vulnerabilities:
* In the comments plugin, an attacker who was able to post a comment
could give it a user-specified author and author-URL even if the wiki
configuration did not allow for that, by crafting multiple values
to other fields.
* In the editpage plugin, an attacker who was able to edit a page
could potentially forge commit authorship by crafting multiple values
for the rcsinfo field.
The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.
OVE-20161226-0001
|
| |
|
|
|
|
|
|
| |
The intention here seems to be that $prev may be undefined, and the
only way that can legitimately happen is for $params{token} to be
undefined too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.
I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
|
| |
|
| |
|
| |
|