]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/log
git.ikiwiki.info.git
8 years agoAdded a comment
openmedi [Tue, 7 Jun 2016 11:19:48 +0000 (07:19 -0400)]
Added a comment

8 years agoAdd required packages
spalax [Tue, 7 Jun 2016 06:26:23 +0000 (02:26 -0400)]
Add required packages

8 years agoAdded a comment: what didn't work with pkgsrc?
http://schmonz.livejournal.com/ [Mon, 6 Jun 2016 12:17:22 +0000 (08:17 -0400)]
Added a comment: what didn't work with pkgsrc?

8 years agoAdded a comment
openmedi [Mon, 6 Jun 2016 11:08:45 +0000 (07:08 -0400)]
Added a comment

8 years agoUpdate plugins/contrib/compile documentation
spalax [Sun, 5 Jun 2016 21:08:25 +0000 (17:08 -0400)]
Update plugins/contrib/compile documentation

8 years ago(no commit message)
aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f [Sun, 5 Jun 2016 19:44:42 +0000 (15:44 -0400)]

8 years agorefer to openid delegation
https://id.koumbit.net/anarcat [Fri, 3 Jun 2016 22:54:46 +0000 (18:54 -0400)]
refer to openid delegation

8 years agoAdded a comment
smcv [Fri, 3 Jun 2016 06:26:03 +0000 (02:26 -0400)]
Added a comment

8 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Fri, 3 Jun 2016 05:37:01 +0000 (01:37 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

8 years agoadd freedombox as a kind of ikiwiki hosting service
Joey Hess [Fri, 3 Jun 2016 05:35:15 +0000 (01:35 -0400)]
add freedombox as a kind of ikiwiki hosting service

8 years agoAdded a comment: why not keep using pkgsrc?
http://schmonz.livejournal.com/ [Fri, 3 Jun 2016 01:53:24 +0000 (21:53 -0400)]
Added a comment: why not keep using pkgsrc?

8 years agoAdded a comment
openmedi [Thu, 2 Jun 2016 18:18:40 +0000 (14:18 -0400)]
Added a comment

8 years ago(no commit message)
openmedi [Thu, 2 Jun 2016 17:58:07 +0000 (13:58 -0400)]

8 years agoMore about security
spalax [Tue, 31 May 2016 20:49:26 +0000 (16:49 -0400)]
More about security

8 years agoMore thought about "bibtex2html" and "compile"
spalax [Tue, 31 May 2016 20:39:17 +0000 (16:39 -0400)]
More thought about "bibtex2html" and "compile"

8 years agolink to discussion
https://id.koumbit.net/anarcat [Tue, 31 May 2016 19:39:43 +0000 (15:39 -0400)]
link to discussion

8 years agoexpand on the exec idea
https://id.koumbit.net/anarcat [Tue, 31 May 2016 19:38:34 +0000 (15:38 -0400)]
expand on the exec idea

8 years agoimprove warning message for multiple sources for page
Joey Hess [Tue, 31 May 2016 19:29:09 +0000 (15:29 -0400)]
improve warning message for multiple sources for page

8 years agoa list of arbitrary shell delegates, what could possibly go wrong?
smcv [Tue, 31 May 2016 18:51:28 +0000 (14:51 -0400)]
a list of arbitrary shell delegates, what could possibly go wrong?

8 years agoanswer: an exec plugin?
https://id.koumbit.net/anarcat [Tue, 31 May 2016 18:00:45 +0000 (14:00 -0400)]
answer: an exec plugin?

8 years agotagging htmlizing
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:48:53 +0000 (10:48 -0400)]
tagging htmlizing

8 years agoexpand on the compile review and future work
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:45:43 +0000 (10:45 -0400)]
expand on the compile review and future work

8 years agomove comment at the end
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:41:46 +0000 (10:41 -0400)]
move comment at the end

8 years agosmall security review and suggestions
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:41:15 +0000 (10:41 -0400)]
small security review and suggestions

8 years agomore home pages
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:11:26 +0000 (10:11 -0400)]
more home pages

8 years agoRemark on anarcat's remark
spalax [Tue, 31 May 2016 06:33:42 +0000 (02:33 -0400)]
Remark on anarcat's remark

8 years agocompile could have done this as well
https://id.koumbit.net/anarcat [Tue, 31 May 2016 04:06:34 +0000 (00:06 -0400)]
compile could have done this as well

8 years agooops, forgot some changes
https://id.koumbit.net/anarcat [Tue, 31 May 2016 03:59:42 +0000 (23:59 -0400)]
oops, forgot some changes

8 years agobibtex2html plugin
https://id.koumbit.net/anarcat [Tue, 31 May 2016 03:56:12 +0000 (23:56 -0400)]
bibtex2html plugin

8 years agoAdded a comment
pdurbin [Mon, 30 May 2016 11:24:44 +0000 (07:24 -0400)]
Added a comment

8 years agocomment
Joey Hess [Sun, 29 May 2016 19:35:28 +0000 (15:35 -0400)]
comment

8 years agostart discussion on table plugin and Markdown side effects on data
pdurbin [Sun, 29 May 2016 18:57:23 +0000 (14:57 -0400)]
start discussion on table plugin and Markdown side effects on data

8 years ago(no commit message)
shivams [Mon, 23 May 2016 08:47:22 +0000 (04:47 -0400)]

8 years ago(no commit message)
shivams [Mon, 23 May 2016 08:43:18 +0000 (04:43 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:22:18 +0000 (04:22 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:22:00 +0000 (04:22 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:15:49 +0000 (04:15 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:08:49 +0000 (04:08 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:02:03 +0000 (04:02 -0400)]

8 years ago(no commit message)
https://launchpad.net/~eliasson [Fri, 20 May 2016 07:55:41 +0000 (03:55 -0400)]

8 years agofix system calls
https://id.koumbit.net/anarcat [Thu, 19 May 2016 23:57:03 +0000 (19:57 -0400)]
fix system calls

8 years agoNo, this page is not C++ source code.
smcv [Wed, 18 May 2016 17:56:35 +0000 (13:56 -0400)]
No, this page is not C++ source code.

This reverts commit c35ab1e75394bd15788bd2479ad11f70c543ce78

8 years agoThis reverts commit cfc5d5d9ed1a5c76212fecd592639aaa3de9b784
smcv [Wed, 18 May 2016 17:55:48 +0000 (13:55 -0400)]
This reverts commit cfc5d5d9ed1a5c76212fecd592639aaa3de9b784

8 years agorename bugs/garbled_non-ascii_characters_in_body_in_web_interface.mdwn to bugs/garble...
lazrak.zakaria.iga@c4885e46c85c8f3bc18a0b025856a958fc2cd924 [Wed, 18 May 2016 17:55:05 +0000 (13:55 -0400)]
rename bugs/garbled_non-ascii_characters_in_body_in_web_interface.mdwn to bugs/garbled_non-ascii_characters_in_body_in_web_interface.cpp

8 years agorename index.mdwn to index.c
lazrak.zakaria.iga@c4885e46c85c8f3bc18a0b025856a958fc2cd924 [Wed, 18 May 2016 17:48:07 +0000 (13:48 -0400)]
rename index.mdwn to index.c

8 years ago(no commit message)
https://id.koumbit.net/anarcat [Tue, 17 May 2016 15:10:46 +0000 (11:10 -0400)]

8 years agorevert test edit
smcv [Tue, 17 May 2016 15:09:03 +0000 (11:09 -0400)]
revert test edit

This reverts commit 4a8bf62f44738fcc6c49d24295d9668bb247a88f

8 years ago(no commit message)
testtt [Tue, 17 May 2016 13:56:10 +0000 (09:56 -0400)]

8 years agoRevert vandalism
Simon McVittie [Tue, 17 May 2016 09:10:49 +0000 (10:10 +0100)]
Revert vandalism

8 years agoThis reverts commit 855a7b5c6cabdd095253da8a3ff89f769d657b27
CRAZYBATMAN [Tue, 17 May 2016 06:26:20 +0000 (02:26 -0400)]
This reverts commit 855a7b5c6cabdd095253da8a3ff89f769d657b27

8 years agoThis reverts commit 2d1615c340407cd21ba478449ea1444bb46432ca
CRAZYBATMAN [Tue, 17 May 2016 06:25:31 +0000 (02:25 -0400)]
This reverts commit 2d1615c340407cd21ba478449ea1444bb46432ca

8 years agoThis reverts commit 01eeb89d59cc3d88712f6559acdaa51328756729
CRAZYBATMAN [Tue, 17 May 2016 06:24:42 +0000 (02:24 -0400)]
This reverts commit 01eeb89d59cc3d88712f6559acdaa51328756729

8 years agoThis reverts commit bda4eba674ee46289cccaf8e89ee9edde1dcba1e
CRAZYBATMAN [Tue, 17 May 2016 06:24:15 +0000 (02:24 -0400)]
This reverts commit bda4eba674ee46289cccaf8e89ee9edde1dcba1e

8 years agoand we have a bot
https://id.koumbit.net/anarcat [Tue, 17 May 2016 02:41:42 +0000 (22:41 -0400)]
and we have a bot

8 years agolittle irc integration plugin
https://id.koumbit.net/anarcat [Tue, 17 May 2016 02:40:50 +0000 (22:40 -0400)]
little irc integration plugin

8 years agoadd details on bot setup
https://id.koumbit.net/anarcat [Mon, 16 May 2016 21:40:24 +0000 (17:40 -0400)]
add details on bot setup

8 years agoWrapper: allocate new environment dynamically
Simon McVittie [Wed, 11 May 2016 08:18:14 +0000 (09:18 +0100)]
Wrapper: allocate new environment dynamically

Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.

I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.

8 years ago3.20160509 3.20160509 debian/3.20160509
Simon McVittie [Mon, 9 May 2016 20:59:50 +0000 (21:59 +0100)]
3.20160509

8 years agoReference CVE-2016-4561 in 3.20160506 changelog
Simon McVittie [Mon, 9 May 2016 20:57:34 +0000 (21:57 +0100)]
Reference CVE-2016-4561 in 3.20160506 changelog

8 years agoimg test: exercise upper-case extensions for image files
Simon McVittie [Mon, 9 May 2016 20:53:10 +0000 (21:53 +0100)]
img test: exercise upper-case extensions for image files

8 years agoRemove spurious changelog entry
Simon McVittie [Mon, 9 May 2016 20:12:41 +0000 (21:12 +0100)]
Remove spurious changelog entry

This change was new in 3.20141016.3, but was applied to the master
branch several releases ago, so it is not new in 3.20160506.

8 years agomention that the CVE-2016-4561 fix was backported
smcv [Mon, 9 May 2016 12:24:35 +0000 (08:24 -0400)]
mention that the CVE-2016-4561 fix was backported

8 years agoClarifying
desci [Mon, 9 May 2016 01:54:17 +0000 (21:54 -0400)]
Clarifying

8 years agoAdding info regarding bootstrap classes
desci [Mon, 9 May 2016 01:53:14 +0000 (21:53 -0400)]
Adding info regarding bootstrap classes

8 years agoAdding sites
desci [Mon, 9 May 2016 01:42:54 +0000 (21:42 -0400)]
Adding sites

8 years agoDetect image type from .JPG just like .jpg (etc.).
Amitai Schlair [Sun, 8 May 2016 22:26:15 +0000 (18:26 -0400)]
Detect image type from .JPG just like .jpg (etc.).

8 years agoFix spelling of "ratio" in test.
Amitai Schlair [Sun, 8 May 2016 22:25:46 +0000 (18:25 -0400)]
Fix spelling of "ratio" in test.

8 years agothanks!
https://id.koumbit.net/anarcat [Sun, 8 May 2016 21:10:50 +0000 (17:10 -0400)]
thanks!

8 years agotag added
smcv [Sun, 8 May 2016 20:44:56 +0000 (16:44 -0400)]
tag added

8 years agothanks!
https://id.koumbit.net/anarcat [Sun, 8 May 2016 20:40:13 +0000 (16:40 -0400)]
thanks!

8 years agosorry, one day I'll review this, but this is not that day
smcv [Sun, 8 May 2016 20:37:34 +0000 (16:37 -0400)]
sorry, one day I'll review this, but this is not that day

8 years agostill using this in production, would welcome feedback
https://id.koumbit.net/anarcat [Sun, 8 May 2016 18:59:12 +0000 (14:59 -0400)]
still using this in production, would welcome feedback

8 years agodropping this.
https://id.koumbit.net/anarcat [Sun, 8 May 2016 18:57:28 +0000 (14:57 -0400)]
dropping this.

8 years ago(no commit message)
https://id.koumbit.net/anarcat [Sun, 8 May 2016 18:56:26 +0000 (14:56 -0400)]

8 years agoimg: make img_allowed_formats case-insensitive
Simon McVittie [Fri, 6 May 2016 06:32:17 +0000 (07:32 +0100)]
img: make img_allowed_formats case-insensitive

8 years agoinline: expand show=N backwards compatibility to negative N
Simon McVittie [Fri, 6 May 2016 21:51:02 +0000 (22:51 +0100)]
inline: expand show=N backwards compatibility to negative N

[[plugins/contrib]] uses show=-1 to show the post-creation widget
without actually inlining anything.

8 years agoAdd CVE reference
Simon McVittie [Fri, 6 May 2016 20:35:14 +0000 (21:35 +0100)]
Add CVE reference

8 years agorespond
smcv [Fri, 6 May 2016 19:29:51 +0000 (15:29 -0400)]
respond

8 years agouse intended filename
Simon McVittie [Fri, 6 May 2016 19:16:58 +0000 (20:16 +0100)]
use intended filename

8 years agoescape directive properly; add paragraph breaks
smcv [Fri, 6 May 2016 19:14:09 +0000 (15:14 -0400)]
escape directive properly; add paragraph breaks

8 years agorename todo/Correctly_handle_filenames_starting_with_a_dash_in_add__47__rm__47__mv...
smcv [Fri, 6 May 2016 19:12:49 +0000 (15:12 -0400)]
rename todo/Correctly_handle_filenames_starting_with_a_dash_in_add__47__rm__47__mv.mdwn to bugs/Correctly_handle_filenames_starting_with_a_dash_in_add/rm/mv.mdwn

8 years agoalready fixed
smcv [Fri, 6 May 2016 19:12:29 +0000 (15:12 -0400)]
already fixed

8 years agoAnnounce 3.20160506
Simon McVittie [Fri, 6 May 2016 19:10:19 +0000 (20:10 +0100)]
Announce 3.20160506

8 years agoMerge remote-tracking branch 'origin/master'
Simon McVittie [Fri, 6 May 2016 19:05:45 +0000 (20:05 +0100)]
Merge remote-tracking branch 'origin/master'

8 years ago(no commit message)
florian@883672f3f4dbd3c6bb430afc661484a58a3a1296 [Fri, 6 May 2016 12:10:01 +0000 (08:10 -0400)]

8 years ago3.20160506 3.20160506 debian/3.20160506
Simon McVittie [Fri, 6 May 2016 06:54:47 +0000 (07:54 +0100)]
3.20160506

8 years agoExclude users/* from the HTML documentation
Simon McVittie [Fri, 6 May 2016 06:53:53 +0000 (07:53 +0100)]
Exclude users/* from the HTML documentation

8 years agoDo not recommend mimetype(image/*)
Simon McVittie [Fri, 6 May 2016 06:46:58 +0000 (07:46 +0100)]
Do not recommend mimetype(image/*)

Not all image file types are safe for general use: in particular,
image/svg+xml is known to be vulnerable to CVE-2016-3714 under some
ImageMagick configurations.

8 years agoDocument the security fixes in this release
Simon McVittie [Fri, 6 May 2016 06:49:45 +0000 (07:49 +0100)]
Document the security fixes in this release

8 years agoupdate test suite for svg passthrough by img directive
Joey Hess [Fri, 6 May 2016 00:44:11 +0000 (20:44 -0400)]
update test suite for svg passthrough by img directive

Remove build dependency libmagickcore-6.q16-2-extra which was only there
for this test.

8 years agoimg: Add back support for SVG images, bypassing ImageMagick and simply passing the...
Simon McVittie [Fri, 6 May 2016 05:57:12 +0000 (06:57 +0100)]
img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser

SVG scaling by img directives has subtly changed; where before size=wxh
would preserve aspect ratio, this cannot be done when passing them through
and so specifying both a width and height can change the SVG's aspect
ratio.

(This patch looks significantly more complex than it was, because a large
block of code had to be indented.)

[smcv: drop trailing whitespace, fix some spelling]

8 years agochangelog for smcv's security fixes
Joey Hess [Fri, 6 May 2016 00:18:38 +0000 (20:18 -0400)]
changelog for smcv's security fixes

[smcv: omit a change that was already in 3.20160514]

8 years agoimg: check magic number before giving common formats to ImageMagick
Simon McVittie [Thu, 5 May 2016 22:17:45 +0000 (23:17 +0100)]
img: check magic number before giving common formats to ImageMagick

This mitigates CVE-2016-3714 and similar vulnerabilities by
avoiding passing obviously-wrong input to ImageMagick decoders.

8 years agoimg: restrict to JPEG, PNG and GIF images by default
Simon McVittie [Wed, 4 May 2016 07:54:19 +0000 (08:54 +0100)]
img: restrict to JPEG, PNG and GIF images by default

This mitigates CVE-2016-3714. Wiki administrators who know that they
have prevented arbitrary code execution via other formats can re-enable
the other formats if desired.

8 years agoimg: force common Web formats to be interpreted according to extension
Simon McVittie [Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)]
img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.

8 years agoHTML-escape error messages (OVE-20160505-0012)
Simon McVittie [Wed, 4 May 2016 07:46:02 +0000 (08:46 +0100)]
HTML-escape error messages (OVE-20160505-0012)

The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-20160505-0012)

The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.

8 years agoall good
https://id.koumbit.net/anarcat [Wed, 4 May 2016 22:53:24 +0000 (18:53 -0400)]
all good

8 years ago(no commit message)
smcv [Wed, 4 May 2016 22:35:33 +0000 (18:35 -0400)]

8 years agoresponse: confirmation it's a bug in MMD and Discount doesn't have footnotes, and...
https://id.koumbit.net/anarcat [Wed, 4 May 2016 13:45:25 +0000 (09:45 -0400)]
response: confirmation it's a bug in MMD and Discount doesn't have footnotes, and request for workaround

8 years agodiscount (as used on this wiki) can do footnotes, but they aren't enabled by ikiwiki
smcv [Wed, 4 May 2016 09:48:01 +0000 (05:48 -0400)]
discount (as used on this wiki) can do footnotes, but they aren't enabled by ikiwiki