Simon McVittie [Thu, 28 Jul 2016 09:41:25 +0000 (10:41 +0100)]
Standards-Version: 3.9.8 (no changes required)
Simon McVittie [Thu, 28 Jul 2016 09:28:25 +0000 (10:28 +0100)]
Revert test commit to sandbox/discussion
sandbox/discussion is intended for discussion about the sandbox, not
test edits.
This reverts commit
ad312ac46587955480806db3e1fb62b6cf7f5e92.
Simon McVittie [Thu, 28 Jul 2016 08:50:09 +0000 (09:50 +0100)]
Exclude working directory from library path (CVE-2016-1238)
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.
Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.
In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
Joey Hess [Mon, 25 Jul 2016 14:44:29 +0000 (10:44 -0400)]
Revert strange translation of this page to French
https://me.yahoo.com/acidburn095#b6c38 [Mon, 25 Jul 2016 05:39:21 +0000 (01:39 -0400)]
https://me.yahoo.com/acidburn095#b6c38 [Mon, 25 Jul 2016 05:17:02 +0000 (01:17 -0400)]
Martian [Thu, 30 Jun 2016 10:43:36 +0000 (06:43 -0400)]
Everyone is using comments here... let's go with the crowd
Martian [Thu, 30 Jun 2016 10:42:47 +0000 (06:42 -0400)]
Added a comment: Using multiple setup files
Martian [Thu, 30 Jun 2016 10:28:40 +0000 (06:28 -0400)]
Add todo/multiple setup option on command line
Martian [Thu, 30 Jun 2016 10:22:59 +0000 (06:22 -0400)]
Add information about multiple setup options.
wkhtmltopdf project has moved off of Google Code onto a dedicated site
Joey Hess [Thu, 23 Jun 2016 20:39:36 +0000 (16:39 -0400)]
update
Martian [Wed, 22 Jun 2016 15:35:48 +0000 (11:35 -0400)]
Martian [Wed, 22 Jun 2016 13:10:23 +0000 (09:10 -0400)]
apache on fedora and suid bit
smcv [Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)]
yes, not committing the setup file to the same VCS is a security thing
Martian [Wed, 22 Jun 2016 07:42:21 +0000 (03:42 -0400)]
Why not putting setup file in git?
https://me.yahoo.com/zoredache#d4929 [Mon, 20 Jun 2016 19:38:41 +0000 (15:38 -0400)]
Added a comment
rsayers [Thu, 16 Jun 2016 17:15:26 +0000 (13:15 -0400)]
spalax [Tue, 14 Jun 2016 15:37:44 +0000 (11:37 -0400)]
Link to a work-in-progress plugin
spalax [Tue, 14 Jun 2016 15:36:33 +0000 (11:36 -0400)]
Added a comment: More thought about the `pageversion` plugin
smcv [Sat, 11 Jun 2016 12:17:14 +0000 (08:17 -0400)]
Added a comment: more info required
smcv [Sat, 11 Jun 2016 12:14:21 +0000 (08:14 -0400)]
Added a comment
spalax [Fri, 10 Jun 2016 18:58:09 +0000 (14:58 -0400)]
Added a comment: More information
https://me.yahoo.com/zoredache#d4929 [Thu, 9 Jun 2016 20:02:10 +0000 (16:02 -0400)]
https://me.yahoo.com/zoredache#d4929 [Thu, 9 Jun 2016 20:01:52 +0000 (16:01 -0400)]
new user: www.s4-ausbau.de
smcv [Thu, 9 Jun 2016 15:09:30 +0000 (11:09 -0400)]
Added a comment: I'm not so sure that copying metadata is desirable
spalax [Tue, 7 Jun 2016 20:20:12 +0000 (16:20 -0400)]
Questions about a new plugin
http://schmonz.livejournal.com/ [Tue, 7 Jun 2016 15:14:02 +0000 (11:14 -0400)]
Added a comment: cool!
openmedi [Tue, 7 Jun 2016 13:55:29 +0000 (09:55 -0400)]
Added a comment
http://schmonz.livejournal.com/ [Tue, 7 Jun 2016 12:39:43 +0000 (08:39 -0400)]
Added a comment: ok
openmedi [Tue, 7 Jun 2016 11:23:43 +0000 (07:23 -0400)]
Added a comment
openmedi [Tue, 7 Jun 2016 11:19:48 +0000 (07:19 -0400)]
Added a comment
spalax [Tue, 7 Jun 2016 06:26:23 +0000 (02:26 -0400)]
Add required packages
http://schmonz.livejournal.com/ [Mon, 6 Jun 2016 12:17:22 +0000 (08:17 -0400)]
Added a comment: what didn't work with pkgsrc?
openmedi [Mon, 6 Jun 2016 11:08:45 +0000 (07:08 -0400)]
Added a comment
spalax [Sun, 5 Jun 2016 21:08:25 +0000 (17:08 -0400)]
Update plugins/contrib/compile documentation
https://id.koumbit.net/anarcat [Fri, 3 Jun 2016 22:54:46 +0000 (18:54 -0400)]
refer to openid delegation
smcv [Fri, 3 Jun 2016 06:26:03 +0000 (02:26 -0400)]
Added a comment
Joey Hess [Fri, 3 Jun 2016 05:37:01 +0000 (01:37 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Fri, 3 Jun 2016 05:35:15 +0000 (01:35 -0400)]
add freedombox as a kind of ikiwiki hosting service
http://schmonz.livejournal.com/ [Fri, 3 Jun 2016 01:53:24 +0000 (21:53 -0400)]
Added a comment: why not keep using pkgsrc?
openmedi [Thu, 2 Jun 2016 18:18:40 +0000 (14:18 -0400)]
Added a comment
openmedi [Thu, 2 Jun 2016 17:58:07 +0000 (13:58 -0400)]
spalax [Tue, 31 May 2016 20:49:26 +0000 (16:49 -0400)]
More about security
spalax [Tue, 31 May 2016 20:39:17 +0000 (16:39 -0400)]
More thought about "bibtex2html" and "compile"
https://id.koumbit.net/anarcat [Tue, 31 May 2016 19:39:43 +0000 (15:39 -0400)]
link to discussion
https://id.koumbit.net/anarcat [Tue, 31 May 2016 19:38:34 +0000 (15:38 -0400)]
expand on the exec idea
Joey Hess [Tue, 31 May 2016 19:29:09 +0000 (15:29 -0400)]
improve warning message for multiple sources for page
smcv [Tue, 31 May 2016 18:51:28 +0000 (14:51 -0400)]
a list of arbitrary shell delegates, what could possibly go wrong?
https://id.koumbit.net/anarcat [Tue, 31 May 2016 18:00:45 +0000 (14:00 -0400)]
answer: an exec plugin?
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:48:53 +0000 (10:48 -0400)]
tagging htmlizing
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:45:43 +0000 (10:45 -0400)]
expand on the compile review and future work
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:41:46 +0000 (10:41 -0400)]
move comment at the end
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:41:15 +0000 (10:41 -0400)]
small security review and suggestions
https://id.koumbit.net/anarcat [Tue, 31 May 2016 14:11:26 +0000 (10:11 -0400)]
more home pages
spalax [Tue, 31 May 2016 06:33:42 +0000 (02:33 -0400)]
Remark on anarcat's remark
https://id.koumbit.net/anarcat [Tue, 31 May 2016 04:06:34 +0000 (00:06 -0400)]
compile could have done this as well
https://id.koumbit.net/anarcat [Tue, 31 May 2016 03:59:42 +0000 (23:59 -0400)]
oops, forgot some changes
https://id.koumbit.net/anarcat [Tue, 31 May 2016 03:56:12 +0000 (23:56 -0400)]
bibtex2html plugin
pdurbin [Mon, 30 May 2016 11:24:44 +0000 (07:24 -0400)]
Added a comment
Joey Hess [Sun, 29 May 2016 19:35:28 +0000 (15:35 -0400)]
comment
pdurbin [Sun, 29 May 2016 18:57:23 +0000 (14:57 -0400)]
start discussion on table plugin and Markdown side effects on data
shivams [Mon, 23 May 2016 08:47:22 +0000 (04:47 -0400)]
shivams [Mon, 23 May 2016 08:43:18 +0000 (04:43 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:22:18 +0000 (04:22 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:22:00 +0000 (04:22 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:15:49 +0000 (04:15 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:08:49 +0000 (04:08 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 08:02:03 +0000 (04:02 -0400)]
https://launchpad.net/~eliasson [Fri, 20 May 2016 07:55:41 +0000 (03:55 -0400)]
https://id.koumbit.net/anarcat [Thu, 19 May 2016 23:57:03 +0000 (19:57 -0400)]
fix system calls
smcv [Wed, 18 May 2016 17:56:35 +0000 (13:56 -0400)]
No, this page is not C++ source code.
This reverts commit
c35ab1e75394bd15788bd2479ad11f70c543ce78
smcv [Wed, 18 May 2016 17:55:48 +0000 (13:55 -0400)]
rename bugs/garbled_non-ascii_characters_in_body_in_web_interface.mdwn to bugs/garbled_non-ascii_characters_in_body_in_web_interface.cpp
rename index.mdwn to index.c
https://id.koumbit.net/anarcat [Tue, 17 May 2016 15:10:46 +0000 (11:10 -0400)]
smcv [Tue, 17 May 2016 15:09:03 +0000 (11:09 -0400)]
testtt [Tue, 17 May 2016 13:56:10 +0000 (09:56 -0400)]
Simon McVittie [Tue, 17 May 2016 09:10:49 +0000 (10:10 +0100)]
Revert vandalism
CRAZYBATMAN [Tue, 17 May 2016 06:26:20 +0000 (02:26 -0400)]
CRAZYBATMAN [Tue, 17 May 2016 06:25:31 +0000 (02:25 -0400)]
CRAZYBATMAN [Tue, 17 May 2016 06:24:42 +0000 (02:24 -0400)]
CRAZYBATMAN [Tue, 17 May 2016 06:24:15 +0000 (02:24 -0400)]
https://id.koumbit.net/anarcat [Tue, 17 May 2016 02:41:42 +0000 (22:41 -0400)]
and we have a bot
https://id.koumbit.net/anarcat [Tue, 17 May 2016 02:40:50 +0000 (22:40 -0400)]
little irc integration plugin
https://id.koumbit.net/anarcat [Mon, 16 May 2016 21:40:24 +0000 (17:40 -0400)]
add details on bot setup
Simon McVittie [Wed, 11 May 2016 08:18:14 +0000 (09:18 +0100)]
Wrapper: allocate new environment dynamically
Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.
I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
Simon McVittie [Mon, 9 May 2016 20:59:50 +0000 (21:59 +0100)]
Simon McVittie [Mon, 9 May 2016 20:57:34 +0000 (21:57 +0100)]
Reference CVE-2016-4561 in 3.
20160506 changelog
Simon McVittie [Mon, 9 May 2016 20:53:10 +0000 (21:53 +0100)]
img test: exercise upper-case extensions for image files
Simon McVittie [Mon, 9 May 2016 20:12:41 +0000 (21:12 +0100)]
Remove spurious changelog entry
This change was new in 3.
20141016.3, but was applied to the master
branch several releases ago, so it is not new in 3.
20160506.
smcv [Mon, 9 May 2016 12:24:35 +0000 (08:24 -0400)]
mention that the CVE-2016-4561 fix was backported
desci [Mon, 9 May 2016 01:54:17 +0000 (21:54 -0400)]
Clarifying
desci [Mon, 9 May 2016 01:53:14 +0000 (21:53 -0400)]
Adding info regarding bootstrap classes
desci [Mon, 9 May 2016 01:42:54 +0000 (21:42 -0400)]
Adding sites
Amitai Schlair [Sun, 8 May 2016 22:26:15 +0000 (18:26 -0400)]
Detect image type from .JPG just like .jpg (etc.).
Amitai Schlair [Sun, 8 May 2016 22:25:46 +0000 (18:25 -0400)]
Fix spelling of "ratio" in test.