./www/ikiwiki, Flexible static site generator with dynamic features

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.20170111, Package name: ikiwiki-3.20170111, Maintainer: schmonz

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages
suitable for publishing on a website. Ikiwiki stores pages and
history in a revision control system such as Subversion or Git.
There are many other features, including support for blogging and
podcasting, as well as a large array of plugins.

If you're familiar with static site generators, think of ikiwiki
as a particularly flexible SSG with some dynamic features.


Required to run:
[textproc/p5-XML-Simple] [textproc/p5-XML-RSS] [textproc/p5-XML-Atom] [www/p5-CGI] [www/p5-URI] [www/p5-HTML-Tree] [www/p5-CGI-FormBuilder] [www/p5-HTML-Template] [www/p5-CGI-Session] [www/p5-HTML-Scrubber] [www/p5-HTML-Parser] [databases/p5-DB_File] [lang/perl5] [time/p5-Time-Duration] [time/p5-TimeDate] [mail/p5-Mail-Sendmail] [devel/p5-gettext] [devel/p5-File-MimeInfo] [converters/p5-JSON] [net/p5-RPC-XML] [textproc/p5-XML-Feed] [textproc/p5-YAML-LibYAML] [textproc/p5-Text-Markdown-Discount]

Required to build:
[lang/python27] [pkgtools/cwrappers]

Package options: cgi

Master sites: (Expand)

SHA1: c6df014617d3ac5e6c57eb573f02cc4cf71e9b7b
RMD160: a15bdf28eb6f1c857b8faccc2fba368892b0d597
Filesize: 2552.969 KB

Version history: (Expand)


CVS history: (Expand)


   2017-01-12 01:44:15 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20170111. From the changelog:

* passwordauth: prevent authentication bypass via multiple name
  parameters (CVE-2017-0356, OVE-20170111-0001)
* passwordauth: avoid userinfo forgery via repeated email parameter
  (also in the scope of CVE-2017-0356)
* CGI, attachment, passwordauth: harden against repeated parameters
  (not believed to have been a vulnerability)
* remove: make it clearer that repeated page parameter is OK here
* t/passwordauth.t: new automated test for passwordauth
   2017-01-11 03:15:54 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20170110. From the changelog:

[ Amitai Schleier ]
* wrappers: Correctly escape quotes in git_wrapper_background_command

[ Simon McVittie ]
* git: use an explicit function parameter for the directory to work
  in. Previously, we used global state that was not restored correctly
  on catching exceptions, causing an unintended log message
  "cannot chdir to .../ikiwiki-temp-working: No such file or directory"
  with versions >= 3.20161229 when an attempt to revert a change fails
  or is disallowed
* git: don't run "git rev-list ... -- -- ..." which would select the
  wrong commits if a file named literally "--" is present in the
  repository
* check_canchange: log "bad file name whatever", not literal string
  "bad file name %s"
* t/git-cgi.t: fix a race condition that made the test fail
  intermittently
* t/git-cgi.t: be more careful to provide a syntactically valid
  author/committer name and email, hopefully fixing this test on
  ci.debian.net
* templates, comments, passwordauth: use rel=nofollow microformat
  for dynamic URLs
* templates: use rel=nofollow microformat for comment authors
* news: use Debian security tracker instead of MITRE for security
  references. Thanks, anarcat
* Set package format to 3.0 (native)
* d/copyright: re-order to put more specific stanzas later, to get the
  intended interpretation
* d/source/lintian-overrides: override obsolete-url-in-packaging for
  OpenID Selector, which does not seem to have any more current URL
  (and in any case our version is a fork)
* docwiki.setup: exclude TourBusStop from offline documentation.
  It does not make much sense there.
* d/ikiwiki.lintian-overrides: override script-not-executable warnings
* d/ikiwiki.lintian-overrides: silence false positive spelling warning
  for Moin Moin
* d/ikiwiki.doc-base: register the documentation with doc-base
* d/control: set libmagickcore-6.q16-3-extra as preferred
  build-dependency, with virtual package libmagickcore-extra as an
  alternative, to help autopkgtest to do the right thing
   2016-12-30 14:59:42 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20161229.1. From the changelog:

* git: Attribute reverts to the user doing the revert, not the wiki
  itself.
* git: Do not disable the commit hook while preparing a revert.
   2016-12-30 04:21:11 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20161229. From the changelog:

* Security: force CGI::FormBuilder->field to scalar context where
  necessary, avoiding unintended function argument injection
  analogous to CVE-2014-1572. In ikiwiki this could be used to
  forge commit metadata, but thankfully nothing more serious.
  (CVE-2016-9646)
* Security: try revert operations in a temporary working tree before
  approving them. Previously, automatic rename detection could result in
  a revert writing outside the wiki srcdir or altering a file that the
  reverting user should not be able to alter, an authorization bypass.
  (CVE-2016-10026 represents the original vulnerability.)
  The incomplete fix released in 3.20161219 was not effective for git
  versions prior to 2.8.0rc0.
  (CVE-2016-9645 represents that incomplete solution.)
* Add CVE references for CVE-2016-10026
* Add automated test for using the CGI with git, including
  CVE-2016-10026
  - Build-depend on libipc-run-perl for better build-time test coverage
* Add missing ikiwiki.setup for the manual test for CVE-2016-10026
* git: don't issue a warning if the rcsinfo CGI parameter is undefined
* git: do not fail to commit changes with a recent git version
  and an anonymous committer
   2016-12-21 01:52:59 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20161219. From the changelog:

[ Joey Hess ]
* inline: Prevent creating a file named ".mdwn" when the
  postform is submitted with an empty title.

[ Simon McVittie ]
* Security: tell `git revert` not to follow renames. If it does, then
  renaming a file can result in a revert writing outside the wiki srcdir
  or altering a file that the reverting user should not be able to alter,
  an authorization bypass. Thanks, intrigeri
* cgitemplate: remove some dead code. Thanks, blipvert
* Restrict CSS matches against header class to not break
  Pandoc tables with header rows. Thanks, karsk
* Make pagestats output more deterministic. Thanks, intrigeri
   2016-09-14 20:04:10 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20160905. From the changelog:

* [ Joey Hess ]
  * Fix installation when prefix includes a string metacharacter.
    Thanks, Sam Hathaway.
* [ Simon McVittie ]
  * Use git log --no-renames to generate recentchanges, fixing the git
    test-case with git 2.9 (Closes: #835612)
   2016-07-28 22:23:52 by Amitai Schlair | Files touched by this commit (2) | Package updated
Log message:
Update to 3.20160728. From the changelog:

* Explicitly remove current working directory from Perl's library
  search path, mitigating CVE-2016-1238 (see #588017)
* wrappers: allocate new environment dynamically, so we won't overrun
  the array if third-party plugins add multiple environment variables.
* Standards-Version: 3.9.8 (no changes required)
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.