From: Simon McVittie Date: Sat, 24 Dec 2016 12:27:21 +0000 (+0000) Subject: git_revert test: reinstate ikiwiki.setup, and make it work uninstalled X-Git-Tag: debian/3.20161229~14 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/7c34df633d6dd0d16538b1911694351b604104ef?ds=inline git_revert test: reinstate ikiwiki.setup, and make it work uninstalled Previously it was relying on running with an installed ikiwiki and being able to copy in recentchanges.mdwn and wikiicons/ from the underlay in /usr. The underlay in ./underlays/basewiki can't be used (yet) because ikiwiki doesn't allow following symlinks, even from underlays. I'd like to make ikiwiki follow symlinks whose destinations can be verified to be safe (for example making it willing to expose /usr/share/javascript to the web, but not /etc/passwd), at least from underlays, but this is security-sensitive so I'm not going to rush into it. --- diff --git a/.gitignore b/.gitignore index 5ddda1bdd..d27140896 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -ikiwiki.setup +/ikiwiki.setup /Makefile Makefile.old blib/* diff --git a/debian/changelog b/debian/changelog index 031403830..4a84b28a6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium * Add CVE references for CVE-2016-10026 + * Add missing ikiwiki.setup for the manual test for CVE-2016-10026 -- Simon McVittie Wed, 21 Dec 2016 13:03:07 +0000 diff --git a/t/manual/git_revert/Makefile b/t/manual/git_revert/Makefile index 9e2220d11..34db8c48a 100644 --- a/t/manual/git_revert/Makefile +++ b/t/manual/git_revert/Makefile @@ -9,15 +9,17 @@ all: mkdir -p git/doc/writable cd git && git init cp index.mdwn git/doc/index.mdwn + cp -a $(CURDIR)/../../../doc/wikiicons git/doc/ + cp -a $(CURDIR)/../../../doc/recentchanges.mdwn git/doc/ echo "This is the first test page" > git/doc/writable/one.mdwn echo "This is the second test page" > git/doc/writable/two.mdwn - cd git && git add doc && git commit -m 'Initial commit' + cd git && git add . && git commit -m 'Initial commit' $(ikiwiki) --setup ikiwiki.setup echo "This is the first test page, it was first" > git/doc/writable/one.mdwn - cd git && git add doc && git commit -m 'First web commit' + cd git && git add . && git commit -m 'First web commit' $(ikiwiki) --setup ikiwiki.setup echo "This is the second test page, it came second" > git/doc/writable/two.mdwn - cd git && git add doc && git commit -m 'Second web commit' + cd git && git add . && git commit -m 'Second web commit' $(ikiwiki) --setup ikiwiki.setup cd git && git mv doc/writable/one.mdwn doc/one.mdwn cd git && git mv doc/writable/two.mdwn two.mdwn diff --git a/t/manual/git_revert/ikiwiki.setup b/t/manual/git_revert/ikiwiki.setup new file mode 100644 index 000000000..875a2afcc --- /dev/null +++ b/t/manual/git_revert/ikiwiki.setup @@ -0,0 +1,31 @@ +#!/usr/bin/perl + +use Cwd qw(getcwd abs_path); +my $pwd; +my $src; + +BEGIN { + $pwd = getcwd; + $src = abs_path("$pwd/../../.."); +} + +use IkiWiki::Setup::Standard { + wikiname => "ikiwiki_manual_test_git_revert", + srcdir => "$pwd/git/doc", + destdir => "$pwd/html", + templatedir => "$src/templates", + underlaydirbase => "$src/underlays", + underlaydir => "$src/underlays/basewiki", + verbose => 1, + syslog => 0, + usedirs => 0, + w3mmode => 1, + url => "file://$pwd/html", + cgiurl => 'file:///$LIB/ikiwiki-w3m.cgi/ikiwiki_manual_test_git_revert.cgi', + add_plugins => [qw{recentchanges anonok lockedit}], + locked_pages => '!writable/*', + anonok_pagespec => 'writable/*', + disable_plugins => [qw{passwordauth emailauth openid}], + rcs => 'git', + gitorigin_branch => '', +}