| Commit message (Expand) | Author | Age |
|---|
| * | Exclude working directory from library path (CVE-2016-1238)•••Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.
Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.
In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
| Simon McVittie | 2016-07-28 |
| * | Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure | Simon McVittie | 2015-11-30 |
| * | Standardize on --long-option instead of -long-option•••[[forum/refresh_and_setup]] indicates some confusion between --setup
and -setup. Both work, but it's clearer if we stick to one in
documentation and code.
A 2012 commit to [[plugins/theme]] claims that "-setup" is required
and "--setup" won't work, but I cannot find any evidence in ikiwiki's
source code that this has ever been the case.
| Simon McVittie | 2015-03-01 |
| * | If the title of a trail or trail-member changes, rebuild affected pages•••If the title of a trail changes, each member of that trail must be
rebuilt, for its prev/up/next box to reflect the new title.
If the title of a member changes, its next and previous items (if any)
must be rebuilt, for their prev/up/next boxes to reflect the new title.
| Simon McVittie | 2013-01-02 |
| * | Add more trail regression tests•••Some of these untested bits have in fact regressed, and as such, are
marked as TODO.
| Simon McVittie | 2013-01-02 |
| * | trail, inline: treat pagenames as a list of literal names, not links | Simon McVittie | 2012-04-06 |
| * | add some seatbelts to toad's jalopy•••This does not change the number of failing tests I see, but it does
make it show the expected result, which makes analysis easier.
| Joey Hess | 2012-04-04 |
| * | Use utime to make initial files in trail test come from the past•••This ensures that when we do the second phase of the test (edit some
files and refresh), the changes get a different mtime and are picked up,
even if the entire test happened between two 1-second "clock ticks".
| Simon McVittie | 2012-03-19 |
| * | Replace [[!trailinline]] directive with [[!inline trail=yes]] | Simon McVittie | 2012-03-18 |
| * | Split trail directive into trailitems, trailoptions | Simon McVittie | 2011-11-12 |
| * | trail: improve and test sorting | Simon McVittie | 2011-11-12 |
| * | trail: new plugin (3rd attempt) | Simon McVittie | 2011-11-09 |