smcv [Sun, 14 May 2017 12:01:09 +0000 (08:01 -0400)]
Added a comment
smcv [Sun, 14 May 2017 11:53:24 +0000 (07:53 -0400)]
smcv [Sun, 14 May 2017 11:51:56 +0000 (07:51 -0400)]
recommend discount over multimarkdown
smcv [Sun, 14 May 2017 11:47:42 +0000 (07:47 -0400)]
multimarkdown: it's a trap!
smcv [Sun, 14 May 2017 11:37:14 +0000 (07:37 -0400)]
Added a comment: Use an underlay instead
smcv [Sun, 14 May 2017 11:28:50 +0000 (07:28 -0400)]
removed
smcv [Sun, 14 May 2017 11:27:54 +0000 (07:27 -0400)]
Added a comment: You can do almost this with an underlay
smcv [Sun, 14 May 2017 11:00:48 +0000 (07:00 -0400)]
Added a comment
smcv [Sun, 14 May 2017 10:49:54 +0000 (06:49 -0400)]
Added a comment: you can't use and/or/! inside the page() parameter, move them outside
smcv [Sun, 14 May 2017 10:41:21 +0000 (06:41 -0400)]
fix syntax
Joe Rayhawk [Sat, 13 May 2017 16:23:56 +0000 (09:23 -0700)]
Piny: mothballing
STrRedWolf [Thu, 11 May 2017 00:52:32 +0000 (20:52 -0400)]
qazwsx [Tue, 9 May 2017 17:45:51 +0000 (13:45 -0400)]
DataComputist [Mon, 8 May 2017 21:16:18 +0000 (17:16 -0400)]
Added a comment
DataComputist [Mon, 8 May 2017 18:04:22 +0000 (14:04 -0400)]
desci [Mon, 1 May 2017 19:18:15 +0000 (15:18 -0400)]
Updating links
desci [Mon, 1 May 2017 19:14:33 +0000 (15:14 -0400)]
Updating links
openmedi [Tue, 18 Apr 2017 13:13:42 +0000 (09:13 -0400)]
Added a comment
openmedi [Tue, 18 Apr 2017 12:19:44 +0000 (08:19 -0400)]
STrRedWolf [Sun, 16 Apr 2017 21:38:24 +0000 (17:38 -0400)]
Initial commit.
STrRedWolf [Sun, 16 Apr 2017 20:53:43 +0000 (16:53 -0400)]
STrRedWolf [Sun, 16 Apr 2017 20:53:21 +0000 (16:53 -0400)]
First time theme help needed.
anarcat [Thu, 13 Apr 2017 13:27:10 +0000 (09:27 -0400)]
add list of pending patches
anarcat [Thu, 13 Apr 2017 13:23:21 +0000 (09:23 -0400)]
mark this as a real plugin: forgot the plugin template!
anarcat [Thu, 13 Apr 2017 13:22:28 +0000 (09:22 -0400)]
mark this as ready for merging
anarcat [Thu, 13 Apr 2017 13:21:09 +0000 (09:21 -0400)]
clarify that "patch" on contrib plugins means the author wants to merge
anarcat [Thu, 13 Apr 2017 13:19:23 +0000 (09:19 -0400)]
this is a patch - i'd like this in core, or at least a discussion on how to merge it with the main plugin
anarcat [Wed, 12 Apr 2017 20:15:23 +0000 (16:15 -0400)]
add a patch to make this happen
anarcat [Wed, 12 Apr 2017 20:14:30 +0000 (16:14 -0400)]
rename plugins/contrib/i18nheadinganchor.mdwn to plugins/contrib/i18nheadinganchors.mdwn
anarcat [Wed, 12 Apr 2017 20:14:13 +0000 (16:14 -0400)]
add i18nheadinganchors plugin
anarcat [Wed, 12 Apr 2017 20:13:47 +0000 (16:13 -0400)]
move my repo to gitlab
anarcat [Wed, 12 Apr 2017 19:40:09 +0000 (15:40 -0400)]
respond to an old question
Joey Hess [Tue, 4 Apr 2017 16:51:40 +0000 (12:51 -0400)]
todo
desci [Wed, 29 Mar 2017 19:37:02 +0000 (15:37 -0400)]
Fixing format
desci [Wed, 29 Mar 2017 19:36:28 +0000 (15:36 -0400)]
As requested
desci [Wed, 29 Mar 2017 19:35:54 +0000 (15:35 -0400)]
Answering questions and updating links
tuxillo [Mon, 20 Mar 2017 00:33:38 +0000 (20:33 -0400)]
tuxillo [Mon, 20 Mar 2017 00:32:47 +0000 (20:32 -0400)]
MyUserPage
Added a comment: PS
Ikiwiki error with Asciidoc
Joey Hess [Tue, 7 Mar 2017 15:53:39 +0000 (11:53 -0400)]
cleanup
test test blah blah
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2 [Fri, 3 Mar 2017 14:52:14 +0000 (10:52 -0400)]
speed up commenting by optionally providing a comment form in static pages
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2 [Fri, 3 Mar 2017 14:48:03 +0000 (10:48 -0400)]
Added a comment
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2 [Fri, 3 Mar 2017 14:29:13 +0000 (10:29 -0400)]
Added a comment
Joey Hess [Wed, 1 Mar 2017 17:34:42 +0000 (13:34 -0400)]
my github mirror of ikiwiki has been deleted due to their horrible anti-free-software TOS
Added a comment
+aka use page/index.mdwn source files
smcv [Tue, 21 Feb 2017 18:21:19 +0000 (14:21 -0400)]
Added a comment
smcv [Tue, 21 Feb 2017 18:17:35 +0000 (14:17 -0400)]
Added a comment
Added a comment
Added a comment
Added a comment
openmedi [Mon, 20 Feb 2017 15:43:13 +0000 (11:43 -0400)]
Added a comment
Added a comment
removed
Added a comment
Louis [Sat, 18 Feb 2017 21:56:06 +0000 (22:56 +0100)]
Merge branch 'master' of git://ikiwiki.branchable.com
Louis [Sat, 18 Feb 2017 20:11:47 +0000 (21:11 +0100)]
Update my (spalax) information
Louis [Sat, 18 Feb 2017 20:05:48 +0000 (21:05 +0100)]
Apology about the poor choice for the name of the sidebar2 plugin
Louis [Sat, 18 Feb 2017 19:59:54 +0000 (20:59 +0100)]
New plugin: verboserpc
Louis [Sat, 18 Feb 2017 19:56:04 +0000 (20:56 +0100)]
New plugin: pageversion
Louis [Sat, 18 Feb 2017 19:43:52 +0000 (20:43 +0100)]
New plugin: redirect
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 [Fri, 10 Feb 2017 08:33:42 +0000 (04:33 -0400)]
Added a comment
Added a comment
smcv [Thu, 9 Feb 2017 12:13:03 +0000 (08:13 -0400)]
Added a comment
svetlana [Wed, 8 Feb 2017 00:36:02 +0000 (20:36 -0400)]
+update broken uris
svetlana [Tue, 7 Feb 2017 23:15:02 +0000 (19:15 -0400)]
svetlana [Tue, 7 Feb 2017 23:11:17 +0000 (19:11 -0400)]
Confuses a map
svetlana [Mon, 6 Feb 2017 05:39:02 +0000 (01:39 -0400)]
svetlana [Mon, 6 Feb 2017 02:37:01 +0000 (22:37 -0400)]
removed
smcv [Fri, 3 Feb 2017 20:48:48 +0000 (16:48 -0400)]
change `pwd` to $HOME so assumptions are met even if you cd elsewhere
me@4eb1b66f86170ba2ff0690b93ad01f46bfc8eac4 [Fri, 3 Feb 2017 16:54:47 +0000 (12:54 -0400)]
No longer using ikiwiki
smcv [Thu, 26 Jan 2017 11:38:48 +0000 (07:38 -0400)]
svetlana [Tue, 24 Jan 2017 04:59:27 +0000 (00:59 -0400)]
Does not show up in the setup
svetlana [Wed, 18 Jan 2017 23:27:48 +0000 (19:27 -0400)]
* [[guppy|http://guppy.branchable.com]] an internationalized modular Python IRC bot
smcv [Wed, 18 Jan 2017 21:46:14 +0000 (17:46 -0400)]
Added a comment
smcv [Wed, 18 Jan 2017 21:45:30 +0000 (17:45 -0400)]
Added a comment: Do that through your web server, not ikiwiki
openmedi [Tue, 17 Jan 2017 12:44:20 +0000 (08:44 -0400)]
Simon McVittie [Thu, 12 Jan 2017 00:31:10 +0000 (00:31 +0000)]
Note another Debian 8 backport
Simon McVittie [Wed, 11 Jan 2017 19:02:10 +0000 (19:02 +0000)]
Fix typo
Simon McVittie [Wed, 11 Jan 2017 18:18:38 +0000 (18:18 +0000)]
Simon McVittie [Wed, 11 Jan 2017 18:16:42 +0000 (18:16 +0000)]
Document the security fix soon to be released in 3.
20170111
Simon McVittie [Wed, 11 Jan 2017 13:24:00 +0000 (13:24 +0000)]
remove: make it clearer that repeated page parameter is OK here
ikiwiki's web interface does not currently have UI for removing
multiple pages simultaneously, but the remove plugin is robust
against doing so. Use a clearer idiom to make that obvious.
Simon McVittie [Wed, 11 Jan 2017 13:22:03 +0000 (13:22 +0000)]
CGI, attachment, passwordauth: harden against repeated parameters
These instances of code similar to OVE-
20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
(cherry picked from commit
69230a2220f673c66b5ab875bfc759b32a241c0d)
Simon McVittie [Wed, 11 Jan 2017 13:19:13 +0000 (13:19 +0000)]
passwordauth: avoid userinfo forgery via repeated email parameter
OVE-
20170111-0001
(cherry picked from commit
bffb71d6a7d28f6dd5f0be241f214e79eea7bb91)
Simon McVittie [Wed, 11 Jan 2017 13:16:37 +0000 (13:16 +0000)]
t/passwordauth.t: new automated test for passwordauth
In particular this includes an exploit for OVE-
20170111-0001.
(cherry picked from commit
fbe207212b1f4a395dc297fb274ef07afd7d68f3)
Simon McVittie [Wed, 11 Jan 2017 13:12:50 +0000 (13:12 +0000)]
passwordauth: prevent authentication bypass via multiple name parameters
Calling CGI::FormBuilder::field with a name argument in list context
returns zero or more user-specified values of the named field, even
if that field was not declared as supporting multiple values.
Passing the result of field as a function parameter counts as list
context. This is the same bad behaviour that is now discouraged
for CGI::param.
In this case we pass the multiple values to CGI::Session::param.
That accessor has six possible calling conventions, of which four are
documented. If an attacker passes (2*n + 1) values for the 'name'
field, for example name=a&name=b&name=c, we end up in one of the
undocumented calling conventions for param:
# equivalent to: (name => 'a', b => 'c')
$session->param('name', 'a', 'b', 'c')
and the 'b' session parameter is unexpectedly set to an
attacker-specified value.
In particular, if an attacker "bob" specifies
name=bob&name=name&name=alice, then authentication is carried out
for "bob" but the CGI::Session ends up containing {name => 'alice'},
an authentication bypass vulnerability.
This vulnerability is tracked as OVE-
20170111-0001.
(cherry picked from commit
e909eb93f4530a175d622360a8433e833ecf0254)
Simon McVittie [Tue, 10 Jan 2017 13:22:13 +0000 (13:22 +0000)]
Simon McVittie [Tue, 10 Jan 2017 13:21:46 +0000 (13:21 +0000)]
Sset libmagickcore-6.q16-3-extra as preferred build-dependency
The virtual package libmagickcore-extra is now merely an alternative,
to help autopkgtest to do the right thing.
Simon McVittie [Tue, 10 Jan 2017 11:39:56 +0000 (11:39 +0000)]
d/ikiwiki.doc-base: register the documentation with doc-base
Simon McVittie [Tue, 10 Jan 2017 11:36:23 +0000 (11:36 +0000)]
d/ikiwiki.lintian-overrides: silence false positive spelling warning for Moin Moin
Simon McVittie [Tue, 10 Jan 2017 11:35:57 +0000 (11:35 +0000)]
d/ikiwiki.lintian-overrides: override script-not-executable warnings
Simon McVittie [Tue, 10 Jan 2017 11:30:52 +0000 (11:30 +0000)]
docwiki.setup: exclude TourBusStop from offline documentation
It does not make much sense there.
Simon McVittie [Tue, 10 Jan 2017 11:27:48 +0000 (11:27 +0000)]
lintian: Override obsolete-url-in-packaging for OpenID Selector
It does not seem to have any more current URL, and in any case our
version is a fork.