-ikiwiki (3.20120204) UNRELEASED; urgency=low
+ikiwiki (3.20120629.2+deb7u2) wheezy-security; urgency=medium
+
+ [ Simon McVittie ]
+ * Security: force CGI::FormBuilder->field to scalar context where
+ necessary, avoiding unintended function argument injection
+ analogous to CVE-2014-1572.
+ - passwordauth: prevent authentication bypass via multiple name
+ parameters (CVE-2017-0356, OVE-20170111-0001)
+ - passwordauth: prevent userinfo forgery via repeated email
+ parameter (also CVE-2017-0356)
+ - comments, editpage: prevent commit metadata forgery
+ (CVE-2016-9646, OVE-20161226-0001)
+ - CGI, attachment, comments, editpage, notifyemail, passwordauth,
+ po, rename: harden against similar issues that are not believed
+ to be exploitable
+ * t/passwordauth.t: new automated test for CVE-2017-0356
+ * Backport IkiWiki::Plugin::git from 3.20170110 to fix the following
+ bugs, including one minor security vulnerability:
+ - Security: try revert operations before approving them. Previously,
+ automatic rename detection could result in a revert writing outside
+ the wiki srcdir or altering a file that the reverting user should not
+ be able to alter, an authorization bypass.
+ (CVE-2016-10026 represents the original vulnerability.)
+ The incomplete fix released in 3.20161219 was not effective for git
+ versions prior to 2.8.0rc0.
+ (CVE-2016-9645 represents that incomplete solution. Debian stable
+ was never vulnerable to this one.)
+ - Fix the warnings "cannot chdir to .../ikiwiki-temp-working: No such
+ file or directory" seen in the initial fixes for those security issues
+ - If no committer identity is known, set it to
+ "IkiWiki <ikiwiki.info>" in .git/config. This resolves commit errors
+ in versions of git that require a non-trivial committer identity.
+ - Use git log --no-renames to generate recentchanges, fixing the git
+ test-case with git 2.9 (Closes: #835612)
+ - Don't issue a warning if the rcsinfo CGI parameter is undefined
+ - Do not fail to commit changes with a recent git version
+ and an anonymous committer
+ - Do not fail on filenames starting with a dash
+ (patch from Florian Wagner)
+ - Don't add a redundant "--" and run "git rev-list ... -- -- ..."
+ * Backport t/git-cgi.t from 3.20170110 to have automated test coverage
+ for using the CGI with git, including tests for CVE-2016-10026
+ - Build-depend on libipc-run-perl for better build-time test coverage
+ * Backport tests' installed-test (autopkgtest) support from 3.20160121,
+ adjusted for compatibility with the older pkg-perl-autopkgtest in jessie
+ - d/control: add enough build-dependencies to run all tests, except for
+ non-git VCSs
+ * Split CFLAGS into words when building wrapper, fixing build-time test
+ failure. Closes: #682237 (patch from Joey Hess, backported from
+ 3.20120630)
+ * In the CGI wrapper, incorporate $config{ENV} into the environment
+ before executing Perl code, so that PERL5LIB can point to a
+ non-system-wide installation of IkiWiki. Some build-time tests rely
+ on this, in particular t/git-cgi.t.
+ (patch from Lafayette Chamber Singers Webmaster, backported from
+ 3.20140916)
+
+ [ Emilio Pozuelo Monfort ]
+ * Upload to wheezy-security.
+
+ -- Emilio Pozuelo Monfort <pochu@debian.org> Tue, 31 Jan 2017 19:00:50 +0100
+
+ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium
+
+ * HTML-escape error messages, in one case avoiding potential cross-site
+ scripting (CVE-2016-4561, OVE-20160505-0012)
+ * Update img plugin to version 3.20160509 to mitigate ImageMagick
+ vulnerabilities, including remote code execution (CVE-2016-3714):
+ - Never convert SVG images to PNG; simply pass them through to the
+ browser. This prevents exploitation of any ImageMagick SVG coder
+ vulnerabilities. (joeyh)
+ - Do not resize image formats other than JPEG, PNG, GIF unless
+ specifically configured to do so. This prevents exploitation
+ of any vulnerabilities in less common coders, such as MVG.
+ (schmonz, smcv)
+ - Do not resize JPEG, PNG, GIF, PDF images if their extensions do
+ not match their "magic numbers", because wiki admins might try to
+ restrict attachments by extension, but ImageMagick can base its
+ choice of coder on the magic number. Explicitly force the
+ obvious ImageMagick coder to be used. (smcv)
+ * Minor non-security changes resulting from that update, since
+ reverting them seems higher-risk than keeping them:
+ - Add PDF support, disabled by the above changes unless specifically
+ configured (chrysn)
+ - Only render one frame or page from animated GIF or multi-page PDF
+ (chrysn)
+ - Do not distort aspect ratio when resizing small images (chrysn)
+ - Use data: URLs to embed images in page previews (chrysn)
+ - Raise an error if the image's size cannot be determined (chrysn)
+ - Handle filenames containing a colon correctly (smcv)
+ * Add t/img.t regression test also taken from version 3.20160506
+ (chrysn, joeyh, schmonz, smcv)
+ * debian/tests: add metadata to run the img test as an autopkgtest
+
+ -- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 22:38:35 +0100
+
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+ [ Joey Hess ]
+ * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+ CVE-2015-2793)
+
+ -- Simon McVittie <smcv@debian.org> Mon, 06 Apr 2015 20:34:51 +0100
+
+ikiwiki (3.20120629.1) wheezy; urgency=medium
+
+ Backport blogspam plugin from experimental, because the version in
+ wheezy is no longer usable:
+
+ [ Joey Hess ]
+ * Set Debian package maintainer to Simon McVittie as I'm retiring from
+ Debian.
+
+ [ Amitai Schlair ]
+ * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd).
+ Closes: #774441
+
+ -- Simon McVittie <smcv@debian.org> Sat, 17 Jan 2015 11:53:33 +0000
+
+ikiwiki (3.20120629) unstable; urgency=low
+
+ * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or
+ other config differences by linking to the mirror's CGI. (intrigeri)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 29 Jun 2012 10:16:08 -0400
+
+ikiwiki (3.20120516) unstable; urgency=high
+
+ * meta: Security fix; add missing sanitization of author and authorurl.
+ CVE-2012-0220 Thanks, Raúl Benencia
+
+ -- Joey Hess <joeyh@debian.org> Wed, 16 May 2012 19:51:27 -0400
+
+ikiwiki (3.20120419) unstable; urgency=low
* Remove dead link from plugins/teximg. Closes: #664885
* inline: When the pagenames list includes pages that do not exist, skip
* meta: Export author information in html <meta> tag. Closes: #664779
Thanks, Martin Michlmayr
* notifyemail: New plugin, sends email notifications about new and
- changed pages.
+ changed pages, and allows subscribing to comments.
* Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
* meta: Support keywords header. Closes: #664780
confusing signin form, and go right to the httpauthurl.
* rename: Allow rename to be started not from the edit page; return to
the renamed page in this case.
-
- -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2012 14:33:14 -0400
-
-ikiwiki (3.20120203) unstable; urgency=low
+ * remove: Support removing of pages in the transient underlay. (smcv)
+ * inline, trail: The pagenames parameter is now a list of absolute
+ pagenames, not relative wikilink type names. This is necessary to fix
+ a bug, and makes pagenames more consistent with the pagespec used
+ in the pages parameter. (smcv)
+ * link: Fix renaming wikilinks that contain embedded urls.
+ * graphviz: Handle self-links.
+ * trail: Improve CSS, also display trail links at bottom of page,
+ and a bug fix. (smcv)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 19 Apr 2012 15:32:07 -0400
+
+ikiwiki (3.20120319) unstable; urgency=low
* osm: New plugin to embed an OpenStreetMap into a wiki page.
Supports waypoints, tags, and can even draw paths matching