From ad04dac19b1fbba33cbb7dadb17ae0ef0423b2e1 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Sat, 24 Dec 2016 15:58:10 +0000
Subject: Add automated test for using the CGI with git, including
 CVE-2016-10026

---
 debian/changelog | 3 +++
 debian/control   | 1 +
 2 files changed, 4 insertions(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index b057ec7f2..c7d193825 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,9 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium
     (CVE-2016-10026 represents the original vulnerability)
     (OVE-20161226-0002 represents the incomplete fix released in 3.20161219)
   * Add CVE references for CVE-2016-10026
+  * Add automated test for using the CGI with git, including
+    CVE-2016-10026
+    - Build-depend on libipc-run-perl for better build-time test coverage
   * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
   * git: don't issue a warning if the rcsinfo CGI parameter is undefined
   * git: do not fail to commit changes with a recent git version
diff --git a/debian/control b/debian/control
index 9f228c75b..47abb9a29 100644
--- a/debian/control
+++ b/debian/control
@@ -16,6 +16,7 @@ Build-Depends-Indep:
  libhtml-parser-perl,
  libhtml-scrubber-perl,
  libhtml-template-perl,
+ libipc-run-perl,
  libimage-magick-perl | perlmagick,
  libmagickcore-extra,
  libnet-openid-consumer-perl,
-- 
cgit v1.2.3