]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/log
git.ikiwiki.info.git
8 years agodebian/tests: add metadata to run the img test as an autopkgtest
Simon McVittie [Sun, 8 May 2016 15:30:51 +0000 (16:30 +0100)]
debian/tests: add metadata to run the img test as an autopkgtest

8 years agoAdd t/img.t regression test also taken from version 3.20160506
Simon McVittie [Sun, 8 May 2016 14:41:35 +0000 (15:41 +0100)]
Add t/img.t regression test also taken from version 3.20160506

(chrysn, joeyh, schmonz, smcv)

8 years agoUpdate img plugin to version 3.20160506
Simon McVittie [Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)]
Update img plugin to version 3.20160506

* Update img plugin to version 3.20160506 to mitigate ImageMagick
  vulnerabilities, including remote code execution (CVE-2016-3714):
  - Never convert SVG images to PNG; simply pass them through to the
    browser. This prevents exploitation of any ImageMagick SVG coder
    vulnerabilities. (joeyh)
  - Do not resize image formats other than JPEG, PNG, GIF unless
    specifically configured to do so. This prevents exploitation
    of any vulnerabilities in less common coders, such as MVG. (smcv)
  - Do not resize JPEG, PNG, GIF, PDF images if their extensions do
    not match their "magic numbers", because wiki admins might try to
    restrict attachments by extension, but ImageMagick can base its
    choice of coder on the magic number. Explicitly force the
    obvious ImageMagick coder to be used. (smcv)
* Minor non-security changes resulting from that update, since
  reverting them seems higher-risk than keeping them:
  - Add PDF support, disabled by the above changes unless specifically
    configured (chrysn)
  - Only render one frame or page from animated GIF or multi-page PDF
    (chrysn)
  - Do not distort aspect ratio when resizing small images (chrysn)
  - Use data: URLs to embed images in page previews (chrysn)
  - Raise an error if the image's size cannot be determined (chrysn)
  - Handle filenames containing a colon correctly (smcv)

8 years agoHTML-escape error messages (CVE-2016-4561)
Simon McVittie [Wed, 4 May 2016 07:46:02 +0000 (08:46 +0100)]
HTML-escape error messages (CVE-2016-4561)

The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-20160505-0012, CVE-2016-4561)

The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.

9 years ago3.20120629.2 debian/3.20120629.2
Simon McVittie [Mon, 6 Apr 2015 19:37:07 +0000 (20:37 +0100)]
3.20120629.2

9 years agoFix XSS in openid selector. Thanks, Raghav Bisht.
Joey Hess [Fri, 27 Mar 2015 16:17:39 +0000 (12:17 -0400)]
Fix XSS in openid selector. Thanks, Raghav Bisht.

Conflicts:
debian/changelog
doc/bugs/XSS_Alert...__33____33____33__.html

9 years agocorrect double-negative debian/3.20120629.1
Simon McVittie [Sat, 17 Jan 2015 11:53:49 +0000 (11:53 +0000)]
correct double-negative

9 years agowheezy release candidate
Simon McVittie [Wed, 14 Jan 2015 22:11:05 +0000 (22:11 +0000)]
wheezy release candidate

9 years agoclose debian bug I opened about blogspam
Joey Hess [Fri, 2 Jan 2015 20:45:26 +0000 (16:45 -0400)]
close debian bug I opened about blogspam

Conflicts:
debian/changelog

9 years agoblogspam uses JSON instead of RPC::XML now.
Amitai Schlair [Sat, 3 Jan 2015 15:02:20 +0000 (10:02 -0500)]
blogspam uses JSON instead of RPC::XML now.

9 years agoUpdate blogspam to the 2.0 API.
Amitai Schlair [Fri, 2 Jan 2015 18:55:10 +0000 (13:55 -0500)]
Update blogspam to the 2.0 API.

[backport to Debian wheezy, open-coding a simple version of useragent() -smcv]

Conflicts:
IkiWiki/Plugin/blogspam.pm
debian/changelog

9 years agoSet Debian package maintainer to Simon McVittie as I'm retiring from Debian.
Joey Hess [Sat, 8 Nov 2014 04:08:33 +0000 (00:08 -0400)]
Set Debian package maintainer to Simon McVittie as I'm retiring from Debian.

Conflicts:
debian/changelog
debian/control

9 years agoreleasing version 3.20120629
Joey Hess [Fri, 29 Jun 2012 17:43:09 +0000 (13:43 -0400)]
releasing version 3.20120629

12 years agocleanup
Joey Hess [Sun, 17 Jun 2012 19:12:53 +0000 (15:12 -0400)]
cleanup

12 years ago(no commit message)
ikitest [Sun, 17 Jun 2012 19:05:09 +0000 (15:05 -0400)]

12 years agoadd signature
http://openid.ppke.hu/cstamas [Sun, 17 Jun 2012 00:16:22 +0000 (20:16 -0400)]
add signature

12 years agoadd
http://openid.ppke.hu/cstamas [Sun, 17 Jun 2012 00:14:19 +0000 (20:14 -0400)]
add

12 years agoQuestion re: google search missing results
https://www.google.com/accounts/o8/id?id=AItOawklmUsSBGwBewaPrKdC4wsPBpaGc9AMk0o [Wed, 13 Jun 2012 22:29:27 +0000 (18:29 -0400)]
Question re: google search missing results

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawntmWJxXcgqXZjqnVF139OyljMGLjKCK8M [Wed, 13 Jun 2012 19:40:46 +0000 (15:40 -0400)]

12 years agobug on trail plugin
Joey Hess [Mon, 11 Jun 2012 04:47:15 +0000 (00:47 -0400)]
bug on trail plugin

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawnNqLKszWk9EoD4CDCqNXJRIklKFBCN1Ao [Fri, 8 Jun 2012 07:21:14 +0000 (03:21 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawnNqLKszWk9EoD4CDCqNXJRIklKFBCN1Ao [Fri, 8 Jun 2012 07:01:30 +0000 (03:01 -0400)]

12 years agoAdded a comment: Popup listing multiple entries per day
spalax [Fri, 8 Jun 2012 00:56:07 +0000 (20:56 -0400)]
Added a comment: Popup listing multiple entries per day

12 years agoContrib plugin created_in_future
spalax [Fri, 8 Jun 2012 00:00:58 +0000 (20:00 -0400)]
Contrib plugin created_in_future

12 years agoContrib plugin monthcalendar
spalax [Thu, 7 Jun 2012 23:47:45 +0000 (19:47 -0400)]
Contrib plugin monthcalendar

12 years agoContrib plugin jscalendar : a javascript calendar
spalax [Thu, 7 Jun 2012 23:38:12 +0000 (19:38 -0400)]
Contrib plugin jscalendar : a javascript calendar

12 years ago(no commit message)
spalax [Thu, 7 Jun 2012 23:31:07 +0000 (19:31 -0400)]

12 years agorename contrib/jscalendar.mdwn to plugins/contrib/jscalendar.mdwn
spalax [Thu, 7 Jun 2012 23:27:38 +0000 (19:27 -0400)]
rename contrib/jscalendar.mdwn to plugins/contrib/jscalendar.mdwn

12 years agorename todo/Javascript_calendar.mdwn to contrib/jscalendar.mdwn
spalax [Thu, 7 Jun 2012 23:26:57 +0000 (19:26 -0400)]
rename todo/Javascript_calendar.mdwn to contrib/jscalendar.mdwn

12 years ago(no commit message)
mathdesc [Thu, 7 Jun 2012 11:11:29 +0000 (07:11 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Wed, 6 Jun 2012 20:41:13 +0000 (16:41 -0400)]

12 years agowill put in in the forum, sry
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Wed, 6 Jun 2012 20:40:19 +0000 (16:40 -0400)]
will put in in the forum, sry

This reverts commit f2b421b26b9ceb68b19a11140936537353da51de

12 years agocomment removal question
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Wed, 6 Jun 2012 20:38:57 +0000 (16:38 -0400)]
comment removal question

12 years ago(no commit message)
mathdesc [Wed, 6 Jun 2012 09:51:28 +0000 (05:51 -0400)]

12 years ago(no commit message)
mathdesc [Wed, 6 Jun 2012 09:25:35 +0000 (05:25 -0400)]

12 years agocreated page: Can not advance past first page of results using search plugin
pdurbin [Tue, 5 Jun 2012 15:24:26 +0000 (11:24 -0400)]
created page: Can not advance past first page of results using search plugin

12 years agocreated user page
pdurbin [Tue, 5 Jun 2012 15:02:20 +0000 (11:02 -0400)]
created user page

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Sun, 3 Jun 2012 23:44:12 +0000 (19:44 -0400)]

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Sun, 3 Jun 2012 17:17:03 +0000 (13:17 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agomirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or other config differ...
Joey Hess [Sun, 3 Jun 2012 17:16:31 +0000 (13:16 -0400)]
mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or other config differences by linking to the mirror's CGI. (intrigeri)

12 years agoMerge remote-tracking branch 'intrigeri/mirrorlist'
Joey Hess [Sun, 3 Jun 2012 17:15:19 +0000 (13:15 -0400)]
Merge remote-tracking branch 'intrigeri/mirrorlist'

12 years agoAdded a comment
http://joeyh.name/ [Sun, 3 Jun 2012 17:11:12 +0000 (13:11 -0400)]
Added a comment

12 years agosadly still lost
Joey Hess [Sun, 3 Jun 2012 17:06:45 +0000 (13:06 -0400)]
sadly still lost

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Sat, 2 Jun 2012 01:32:51 +0000 (21:32 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawkxjEWFrqK-cq0Ms5LmExRB4VDjOcddAJs [Thu, 31 May 2012 12:09:24 +0000 (08:09 -0400)]

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Tue, 29 May 2012 17:43:37 +0000 (13:43 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agoPing'ing Joey.
intrigeri [Mon, 28 May 2012 09:38:28 +0000 (11:38 +0200)]
Ping'ing Joey.

12 years agoAdded a comment: kind of solved, but another problem comes up
Franek [Sat, 26 May 2012 19:31:19 +0000 (15:31 -0400)]
Added a comment: kind of solved, but another problem comes up

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 24 May 2012 20:33:15 +0000 (16:33 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agoremoved
damien [Thu, 24 May 2012 11:44:02 +0000 (07:44 -0400)]
removed

12 years agoAdded a comment: ceci est un test
damien [Thu, 24 May 2012 11:43:16 +0000 (07:43 -0400)]
Added a comment: ceci est un test

12 years agoupdate for rename of todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:34 +0000 (08:31 -0400)]
update for rename of todo/Olea.mdwn to users/Olea.mdwn

12 years agoupdate for rename of todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:33 +0000 (08:31 -0400)]
update for rename of todo/Olea.mdwn to users/Olea.mdwn

12 years agorename todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:32 +0000 (08:31 -0400)]
rename todo/Olea.mdwn to users/Olea.mdwn

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlNyZ9I6wi7Rp8I4Yw3ODxGUyBCfZtWWvA [Wed, 23 May 2012 01:39:33 +0000 (21:39 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlNyZ9I6wi7Rp8I4Yw3ODxGUyBCfZtWWvA [Wed, 23 May 2012 01:38:24 +0000 (21:38 -0400)]

12 years agoAdded a comment
http://ismael.olea.org/ [Tue, 22 May 2012 23:31:09 +0000 (19:31 -0400)]
Added a comment

12 years agoAdded a comment
http://ismael.olea.org/ [Tue, 22 May 2012 21:24:37 +0000 (17:24 -0400)]
Added a comment

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Tue, 22 May 2012 19:21:17 +0000 (15:21 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agoAdded a comment
http://smcv.pseudorandom.co.uk/ [Tue, 22 May 2012 13:46:20 +0000 (09:46 -0400)]
Added a comment

12 years ago(no commit message)
http://ismael.olea.org/ [Tue, 22 May 2012 10:32:26 +0000 (06:32 -0400)]

12 years ago(no commit message)
http://ismael.olea.org/ [Tue, 22 May 2012 10:30:49 +0000 (06:30 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm3_mddLiiYv2YJURv9O1xaRG__XbfuGps [Mon, 21 May 2012 18:31:34 +0000 (14:31 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm3_mddLiiYv2YJURv9O1xaRG__XbfuGps [Mon, 21 May 2012 18:30:49 +0000 (14:30 -0400)]

12 years agoI think this is the same WMD, but not sure.
http://ismael.olea.org/ [Sun, 20 May 2012 11:28:07 +0000 (07:28 -0400)]
I think this is the same WMD, but not sure.

12 years agoAdded a comment: Further enquiries
Franek [Sun, 20 May 2012 10:46:07 +0000 (06:46 -0400)]
Added a comment: Further enquiries

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Sun, 20 May 2012 00:35:21 +0000 (20:35 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agoAdded a comment: [[!meta author="...
Franek [Sat, 19 May 2012 14:51:42 +0000 (10:51 -0400)]
Added a comment: [[!meta author="...

12 years ago(no commit message)
Franek [Sat, 19 May 2012 14:44:48 +0000 (10:44 -0400)]

12 years agoI think this is the same WMD, but not sure.
http://ismael.olea.org/ [Fri, 18 May 2012 18:36:08 +0000 (14:36 -0400)]
I think this is the same WMD, but not sure.

12 years ago(no commit message)
http://ismael.olea.org/ [Fri, 18 May 2012 16:34:22 +0000 (12:34 -0400)]

12 years ago(no commit message)
http://ismael.olea.org/ [Fri, 18 May 2012 16:32:42 +0000 (12:32 -0400)]

12 years ago(no commit message)
http://ismael.olea.org/ [Fri, 18 May 2012 16:30:58 +0000 (12:30 -0400)]

12 years agofixed formatting
https://www.google.com/accounts/o8/id?id=AItOawkGqggPSXhrd5jFMGuLiseqZwac9ql7erk [Fri, 18 May 2012 01:58:54 +0000 (21:58 -0400)]
fixed formatting

12 years agoadded workaround.
https://www.google.com/accounts/o8/id?id=AItOawkGqggPSXhrd5jFMGuLiseqZwac9ql7erk [Fri, 18 May 2012 01:57:18 +0000 (21:57 -0400)]
added workaround.

12 years agoAdded request.
https://www.google.com/accounts/o8/id?id=AItOawkGqggPSXhrd5jFMGuLiseqZwac9ql7erk [Fri, 18 May 2012 01:43:55 +0000 (21:43 -0400)]
Added request.

12 years agosome details about past security hole
Joey Hess [Thu, 17 May 2012 17:20:55 +0000 (13:20 -0400)]
some details about past security hole

12 years agotypo
Joey Hess [Thu, 17 May 2012 03:49:23 +0000 (23:49 -0400)]
typo

12 years agoensure HTML::Entities is always loaded
Joey Hess [Thu, 17 May 2012 02:13:23 +0000 (22:13 -0400)]
ensure HTML::Entities is always loaded

(Worked ok in my tests w/o this, but not sure I tested every case,
and this is correct.)

12 years agocve
Joey Hess [Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)]
cve

12 years agoadd news item for ikiwiki 3.20120516
Joey Hess [Thu, 17 May 2012 00:14:03 +0000 (20:14 -0400)]
add news item for ikiwiki 3.20120516

12 years agoreleasing version 3.20120516 3.20120516
Joey Hess [Thu, 17 May 2012 00:13:21 +0000 (20:13 -0400)]
releasing version 3.20120516

12 years agometa: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl...
Joey Hess [Wed, 16 May 2012 23:54:41 +0000 (19:54 -0400)]
meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl Benencia

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Mon, 14 May 2012 18:14:39 +0000 (14:14 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years ago(no commit message)
https://id.koumbit.net/anarcat [Sat, 12 May 2012 15:04:08 +0000 (11:04 -0400)]

12 years agofix url
https://id.koumbit.net/anarcat [Sat, 12 May 2012 15:00:47 +0000 (11:00 -0400)]
fix url

12 years agomaybe [[|that page]]?
http://christian.amsuess.com/chrysn [Fri, 11 May 2012 17:50:36 +0000 (13:50 -0400)]
maybe [[|that page]]?

12 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Fri, 11 May 2012 04:19:06 +0000 (00:19 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

12 years agoGet started on my user page, fix name spelling, link branches to username
Giuseppe Bilotta [Thu, 10 May 2012 16:42:21 +0000 (18:42 +0200)]
Get started on my user page, fix name spelling, link branches to username

12 years agoIntroduce my linkbase branch
Giuseppe Bilotta [Thu, 10 May 2012 16:11:30 +0000 (18:11 +0200)]
Introduce my linkbase branch

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawl1TskT_aFgakZLObAU1yKH4FykJ9LE6yE [Thu, 10 May 2012 12:52:40 +0000 (08:52 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawl1TskT_aFgakZLObAU1yKH4FykJ9LE6yE [Thu, 10 May 2012 12:51:53 +0000 (08:51 -0400)]

12 years agopo/Makefile: missing one semicolon still
Giuseppe Bilotta [Wed, 9 May 2012 05:56:46 +0000 (07:56 +0200)]
po/Makefile: missing one semicolon still

12 years ago(no commit message)
simonraven [Tue, 8 May 2012 23:13:32 +0000 (19:13 -0400)]

12 years agocreated, asked a question
http://tonybaldwin.dreamwidth.org/ [Tue, 8 May 2012 13:59:56 +0000 (09:59 -0400)]
created, asked a question

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Mon, 7 May 2012 21:53:01 +0000 (17:53 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Mon, 7 May 2012 21:52:38 +0000 (17:52 -0400)]

12 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawm8f16WoUa4has2WwebT3u2D_l71VuetOc [Mon, 7 May 2012 21:48:55 +0000 (17:48 -0400)]

12 years ago(no commit message)
Adam [Mon, 7 May 2012 21:40:31 +0000 (17:40 -0400)]

12 years agoFix po Makefile
Giuseppe Bilotta [Sat, 5 May 2012 09:40:25 +0000 (11:40 +0200)]
Fix po Makefile

In the complex 'if' chain when merging ikiwiki.pot with .po files, make
sure line-endings, shell-muting and semi-colons don't cause the shell to
bomb out with syntax errors and commands not found.