| Commit message (Expand) | Author | Age |
|---|
| * | t/img.t: test determinism of PNG resizing. | intrigeri | 2017-09-01 |
| * | t/img.t: Give better diagnostics if we can't load an image | Simon McVittie | 2017-06-22 |
| * | Exclude working directory from library path (CVE-2016-1238)•••Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.
Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.
In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
| Simon McVittie | 2016-07-28 |
| * | img test: exercise upper-case extensions for image files | Simon McVittie | 2016-05-09 |
| * | Fix spelling of "ratio" in test. | Amitai Schlair | 2016-05-08 |
| * | img: make img_allowed_formats case-insensitive | Simon McVittie | 2016-05-07 |
| * | update test suite for svg passthrough by img directive•••Remove build dependency libmagickcore-6.q16-2-extra which was only there
for this test.
| Joey Hess | 2016-05-06 |
| * | img: check magic number before giving common formats to ImageMagick•••This mitigates CVE-2016-3714 and similar vulnerabilities by
avoiding passing obviously-wrong input to ImageMagick decoders.
| Simon McVittie | 2016-05-05 |
| * | img: restrict to JPEG, PNG and GIF images by default•••This mitigates CVE-2016-3714. Wiki administrators who know that they
have prevented arbitrary code execution via other formats can re-enable
the other formats if desired.
| Simon McVittie | 2016-05-05 |
| * | img test: use the right filenames when testing that deletion occurs•••Also use a less misleading name for the sample SVG: it is no longer empty.
Since commit 105f285a it has contained a blue square.
| Simon McVittie | 2016-01-19 |
| * | img test: skip testing PDFs if unsupported | Simon McVittie | 2016-01-19 |
| * | t/img.t: do not spuriously skip | Simon McVittie | 2015-11-30 |
| * | Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure | Simon McVittie | 2015-11-30 |
| * | Sans ImageMagick, bail gracefully. | Amitai Schlair | 2015-08-22 |
| * | img test: set old timestamp on source file that will change•••This is so that the test will pass even if it takes less than 1 second.
| Simon McVittie | 2015-06-14 |
| * | img: stop ImageMagick trying to be clever if filenames contain a colon•••$im->Read() takes a filename-like argument with several sets of special
syntax. Most of the possible metacharacters are escaped by the
default `wiki_file_chars` (and in any case not particularly disruptive),
but the colon ":" is not.
It seems the way to force ImageMagick to treat colons within the
filename as literal is to prepend a colon, so do that.
| Simon McVittie | 2015-06-13 |
| * | Standardize on --long-option instead of -long-option•••[[forum/refresh_and_setup]] indicates some confusion between --setup
and -setup. Both work, but it's clearer if we stick to one in
documentation and code.
A 2012 commit to [[plugins/theme]] claims that "-setup" is required
and "--setup" won't work, but I cannot find any evidence in ikiwiki's
source code that this has ever been the case.
| Simon McVittie | 2015-03-01 |
| * | Work around Debian #771047: use a non-blank SVG for the regression test•••Inkscape loses the bounding box of a SVG with no content when it
converts it to EPS, and ImageMagick does not have a special case for
converting SVG to PNG with Inkscape in one step (which Inkscape can do);
it prefers to convert SVG to EPS with Inkscape, then EPS to whatever.
| Simon McVittie | 2014-11-26 |
| * | img test: skip SVG tests if unsupported by Image::Magick | Simon McVittie | 2014-09-16 |
| * | Pass -templatedir to get this test passing again. | Amitai Schlair | 2014-09-15 |
| * | use readfile() instead of reinventing it•••This avoids potential action-at-a-distance from locally redefining $/
but never reaching the end of the redefinition's scope.
| Simon McVittie | 2014-09-01 |
| * | unit test for bugs/image_rescaling_distorts_with_small_pictures | chrysn | 2014-07-15 |
| * | make img unittest easier to debug | chrysn | 2014-07-15 |
| * | img plugin: split resizing calculations and actual resizing•••there is now a size calculating part (which chooses a final size) and a
scaling part (which triggers if the sizes calculated by the former
indicate a downscaling).
this solves the issue of unproportional upscalings
(bugs/image_rescaling_distorts_with_small_pictures).
also, "small" pdf files (or pdf files without explicit size settings),
which would not be converted under the old mechanism, now get rendered
to pngs.
this commit affects a unit test: while svgs were previously
unconditionally rendered to pngs, this now only happens on downscaling.
this is intentional -- while a small version of an svg graphic is
likely to be more compact when rendered (eg as a preview), a large
version would not have that benefit, and why convert something that
browsers basically can show and be inconsistend with how other images
are handled. the new unit test simply makes the original svg larger to
check for the same behaviros as before.
| chrysn | 2014-07-15 |
| * | drop unittest workaround for new perlmagick•••just install -extra to make it work
| chrysn | 2014-07-04 |
| * | drop unittest workaround for perlmagick•••this was actually http://bugs.debian.org/753770
| chrysn | 2014-07-04 |
| * | make unittest work with all all three packages that provide perlmagick | chrysn | 2014-07-04 |
| * | add unittests for img•••this focuses on the features introduced in
http://ikiwiki.info/bugs/svg_and_pdf_conversion_fails/
| chrysn | 2014-07-04 |