| Commit message (Expand) | Author | Age |
|---|
| * | mdwn: Enable footnotes by default when using Discount•••A new mdwn_footnotes option can be used to disable footnotes in
MultiMarkdown and Discount.
| Simon McVittie | 2017-05-14 |
| * | mdwn: Don't mangle <style> into <elyts> under some circumstances•••We can ask libdiscount not to elide <style> blocks, which means we
don't have to work around them.
| Simon McVittie | 2017-05-14 |
| * | cgierror: When the CGI fails, print the error to stderr, not "Died"•••$@ could be clobbered by the "exception handler", and in practice
it seems that it is. This can be seen on stderr of t/git-cgi.t.
| Simon McVittie | 2017-05-14 |
| * | httpauth: If REMOTE_USER is empty, behave as though it was unset•••A frequently cut-and-pasted HTTP basic authentication configuration
for nginx sets it to the empty string when not authenticated, which
is not useful.
| Simon McVittie | 2017-05-14 |
| * | t/git-cgi.t: Wait 1 second before doing a revert that should succeed•••This hopefully fixes a race condition in which the test failed
around 6% of the time.
If we don't wait, the mtime (which is rounded down to 1 second precision
in the APIs we use) will not necessarily change, so the update will not
necessarily cause the page to be refreshed.
Bug-Debian: https://bugs.debian.org/862494
| Simon McVittie | 2017-05-14 |
| * | Release 3.20170111 | Simon McVittie | 2017-01-11 |
| * | Document the security fix soon to be released in 3.20170111 | Simon McVittie | 2017-01-11 |
| * | 3.20170110 | Simon McVittie | 2017-01-10 |
| * | Sset libmagickcore-6.q16-3-extra as preferred build-dependency•••The virtual package libmagickcore-extra is now merely an alternative,
to help autopkgtest to do the right thing.
| Simon McVittie | 2017-01-10 |
| * | d/ikiwiki.doc-base: register the documentation with doc-base | Simon McVittie | 2017-01-10 |
| * | d/ikiwiki.lintian-overrides: silence false positive spelling warning for Moin... | Simon McVittie | 2017-01-10 |
| * | d/ikiwiki.lintian-overrides: override script-not-executable warnings | Simon McVittie | 2017-01-10 |
| * | docwiki.setup: exclude TourBusStop from offline documentation•••It does not make much sense there.
| Simon McVittie | 2017-01-10 |
| * | lintian: Override obsolete-url-in-packaging for OpenID Selector•••It does not seem to have any more current URL, and in any case our
version is a fork.
| Simon McVittie | 2017-01-10 |
| * | d/copyright: re-order to put more specific stanzas later, to get the intended... | Simon McVittie | 2017-01-10 |
| * | Set package format to 3.0 (native) | Simon McVittie | 2017-01-10 |
| * | Update changelog | Simon McVittie | 2017-01-09 |
| * | 3.20161229.1 | Simon McVittie | 2016-12-29 |
| * | git: Do not disable commit hook for temporary working tree•••We exclude .git/hooks from symlinking into the temporary working tree,
which avoids the commit hook being run for the temporary branch anyway.
This avoids the wiki not being updated if an orthogonal change is
received in process A, while process B prepares a revert that is
subsequently cancelled.
| Simon McVittie | 2016-12-29 |
| * | git: Attribute reverts to the user doing the revert, not the wiki itself | Simon McVittie | 2016-12-29 |
| * | 3.20161229 | Simon McVittie | 2016-12-29 |
| * | Add CVE references for CVE-2016-9646, CVE-2016-9645•••Thanks to the Debian security team for allocating these.
| Simon McVittie | 2016-12-29 |
| * | Add automated test for using the CGI with git, including CVE-2016-10026 | Simon McVittie | 2016-12-28 |
| * | Try revert operations (on a branch) before approving them•••Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().
It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.
OVE-20161226-0002
| Simon McVittie | 2016-12-28 |
| * | Force CGI::FormBuilder->field to scalar context where necessary•••CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0. Force it into scalar context where it is used
in an argument list.
This prevents two (relatively minor) commit metadata forgery
vulnerabilities:
* In the comments plugin, an attacker who was able to post a comment
could give it a user-specified author and author-URL even if the wiki
configuration did not allow for that, by crafting multiple values
to other fields.
* In the editpage plugin, an attacker who was able to edit a page
could potentially forge commit authorship by crafting multiple values
for the rcsinfo field.
The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.
OVE-20161226-0001
| Simon McVittie | 2016-12-28 |
| * | git: do not fail to commit if committer is anonymous | Simon McVittie | 2016-12-28 |
| * | git: don't issue a warning if rcsinfo is undefined•••The intention here seems to be that $prev may be undefined, and the
only way that can legitimately happen is for $params{token} to be
undefined too.
| Simon McVittie | 2016-12-28 |
| * | git_revert test: reinstate ikiwiki.setup, and make it work uninstalled•••Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.
I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
| Simon McVittie | 2016-12-28 |
| * | Add CVE references for CVE-2016-10026 | Simon McVittie | 2016-12-21 |
| * | Release 3.20161219 | Simon McVittie | 2016-12-19 |
| * | changelog | Simon McVittie | 2016-12-19 |
| * | Update changelog | Simon McVittie | 2016-12-19 |
| * | inline: Prevent creating a file named ".mdwn" when the postform is submitted ... | Joey Hess | 2016-09-21 |
| * | Update my surname to its new legal spelling. | Amitai Schlair | 2016-09-14 |
| * | 3.20160905 | Simon McVittie | 2016-09-05 |
| * | changelog for previous commit•••Closes https://github.com/joeyh/ikiwiki/pull/19
| Joey Hess | 2016-08-03 |
| * | 3.20160728 | Simon McVittie | 2016-07-28 |
| * | Standards-Version: 3.9.8 (no changes required) | Simon McVittie | 2016-07-28 |
| * | Wrapper: allocate new environment dynamically•••Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.
I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
| Simon McVittie | 2016-05-11 |
| * | 3.20160509 | Simon McVittie | 2016-05-09 |
| * | Reference CVE-2016-4561 in 3.20160506 changelog | Simon McVittie | 2016-05-09 |
| * | Remove spurious changelog entry•••This change was new in 3.20141016.3, but was applied to the master
branch several releases ago, so it is not new in 3.20160506.
| Simon McVittie | 2016-05-09 |
| * | 3.20160506 | Simon McVittie | 2016-05-06 |
| * | Document the security fixes in this release | Simon McVittie | 2016-05-06 |
| * | update test suite for svg passthrough by img directive•••Remove build dependency libmagickcore-6.q16-2-extra which was only there
for this test.
| Joey Hess | 2016-05-06 |
| * | img: Add back support for SVG images, bypassing ImageMagick and simply passin...•••SVG scaling by img directives has subtly changed; where before size=wxh
would preserve aspect ratio, this cannot be done when passing them through
and so specifying both a width and height can change the SVG's aspect
ratio.
(This patch looks significantly more complex than it was, because a large
block of code had to be indented.)
[smcv: drop trailing whitespace, fix some spelling]
| Simon McVittie | 2016-05-06 |
| * | changelog for smcv's security fixes•••[smcv: omit a change that was already in 3.20160514]
| Joey Hess | 2016-05-06 |
| * | Changelog: process .md files iff created directly. | Amitai Schlair | 2016-03-08 |
| * | loginselector: When only openid and emailauth are enabled, but passwordauth i... | Joey Hess | 2016-03-02 |
| * | d/control: add Vcs-Browser | Simon McVittie | 2016-01-22 |