X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/f282512da75d19e38933f3083afa3c2a9dad463c..838c1b5aec17ad90a894f21c12bb58adb5225276:/debian/changelog diff --git a/debian/changelog b/debian/changelog index e1b8506ab..b0036db8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,22 @@ -ikiwiki (3.20141016.3) UNRELEASED; urgency=medium +ikiwiki (3.20141016.4) UNRELEASED; urgency=medium + [ Amitai Schlair ] + * img: ignore the case of the extension when detecting image format, + fixing the regression that *.JPG etc. would not be displayed + since 3.20141016.3 + + [ Simon McVittie ] + * Add CVE-2016-4561 reference to 3.20141016.3 changelog + + -- Simon McVittie Mon, 09 May 2016 22:35:16 +0100 + +ikiwiki (3.20141016.3) jessie-security; urgency=high + + [ Simon McVittie ] * img: stop ImageMagick trying to be clever if filenames contain a colon, avoiding mis-processing * HTML-escape error messages, in one case avoiding potential cross-site - scripting (OVE-20160505-0012) + scripting (CVE-2016-4561, OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed_attachments: '*.jpg'" does what one might expect @@ -12,7 +25,16 @@ ikiwiki (3.20141016.3) UNRELEASED; urgency=medium - img: check that the magic number matches what we would expect from the extension before giving common formats to ImageMagick - -- Simon McVittie Thu, 05 May 2016 23:33:26 +0100 + [ Joey Hess ] + * img: Add back support for SVG images, bypassing ImageMagick and + simply passing the SVG through to the browser, which is supported by all + commonly used browsers these days. + SVG scaling by img directives has subtly changed; where before + size=wxh would preserve aspect ratio, this cannot be done when passing + them through and so specifying both a width and height can change + the SVG's aspect ratio. + + -- Simon McVittie Fri, 06 May 2016 07:55:49 +0100 ikiwiki (3.20141016.2) unstable; urgency=high