Next | Query returned 200 messages, browsing 51 to 60 | Previous

History of commit frequency

CVS Commit History:


   2016-12-21 01:52:59 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20161219. From the changelog:

[ Joey Hess ]
* inline: Prevent creating a file named ".mdwn" when the
  postform is submitted with an empty title.

[ Simon McVittie ]
* Security: tell `git revert` not to follow renames. If it does, then
  renaming a file can result in a revert writing outside the wiki srcdir
  or altering a file that the reverting user should not be able to alter,
  an authorization bypass. Thanks, intrigeri
* cgitemplate: remove some dead code. Thanks, blipvert
* Restrict CSS matches against header class to not break
  Pandoc tables with header rows. Thanks, karsk
* Make pagestats output more deterministic. Thanks, intrigeri
   2016-09-14 20:04:10 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20160905. From the changelog:

* [ Joey Hess ]
  * Fix installation when prefix includes a string metacharacter.
    Thanks, Sam Hathaway.
* [ Simon McVittie ]
  * Use git log --no-renames to generate recentchanges, fixing the git
    test-case with git 2.9 (Closes: #835612)
   2016-07-28 22:23:52 by Amitai Schlair | Files touched by this commit (2)
Log message:
Update to 3.20160728. From the changelog:

* Explicitly remove current working directory from Perl's library
  search path, mitigating CVE-2016-1238 (see #588017)
* wrappers: allocate new environment dynamically, so we won't overrun
  the array if third-party plugins add multiple environment variables.
* Standards-Version: 3.9.8 (no changes required)
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068)
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-10 08:12:18 by Amitai Schlair | Files touched by this commit (2)
Log message:
Update to 3.20160509. From the changelog:

  [ Amitai Schlair ]
  * img: ignore the case of the extension when detecting image format,
    fixing the regression that *.JPG etc. would not be displayed
    since 3.20160506

  [ Simon McVittie ]
  * img: parse img_allowed_formats case-insensitively, as was done in
    3.20141016.3
  * inline: restore backwards compat for show=-1 syntax, which
    worked before 3.20160121
  * Remove a spurious changelog entry from 3.20160506 (the relevant
    change was already in 3.20150614)
  * Add CVE-2016-4561 reference to 3.20160506 changelog
  * Set high urgency to get the CVE-2016-4561 fix and CVE-2016-3714
    mitigation into testing

 -- Simon McVittie <smcv@debian.org>  Mon, 09 May 2016 21:57:09 +0100
   2016-05-07 07:58:54 by Amitai Schlair | Files touched by this commit (3)
Log message:
Update to 3.20160506. From the changelog:

  [ Simon McVittie ]
  * img: stop ImageMagick trying to be clever if filenames contain a colon,
    avoiding mis-processing
  * HTML-escape error messages, in one case avoiding potential cross-site
    scripting (OVE-20160505-0012)
  * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
    - img: force common Web formats to be interpreted according to extension,
      so that "allowed_attachments: '*.jpg'" does what one might expect
    - img: restrict to JPEG, PNG and GIF images by default, again mitigating
      CVE-2016-3714 and similar vulnerabilities
    - img: check that the magic number matches what we would expect from
      the extension before giving common formats to ImageMagick
  * d/control: use https for Homepage
  * d/control: add Vcs-Browser

  [ Joey Hess ]
  * img: Add back support for SVG images, bypassing ImageMagick and
    simply passing the SVG through to the browser, which is supported by all
    commonly used browsers these days.
    SVG scaling by img directives has subtly changed; where before
    size=wxh would preserve aspect ratio, this cannot be done when passing
    them through and so specifying both a width and height can change
    the SVG's aspect ratio.
  * loginselector: When only openid and emailauth are enabled, but
    passwordauth is not, avoid showing a "Other" box which opens an
    empty form.

  [ Amitai Schlair ]
  * mdwn: Process .md like .mdwn, but disallow web creation.

  [ Florian Wagner ]
  * git: Correctly handle filenames starting with a dash in add/rm/mv.

 -- Simon McVittie <smcv@debian.org>  Fri, 06 May 2016 07:54:26 +0100
   2016-03-06 20:30:06 by Amitai Schlair | Files touched by this commit (3)
Log message:
Apply upstream patch to make the CVS tests pass again. While here,
uncomment a maintainer make target to find where REPLACE_PERL might be
needed, and remove one that's no longer needed. (No change to the
installed package, so no PKGREVISION bump.)
   2016-01-21 19:36:38 by Amitai Schlair | Files touched by this commit (7) | Package removed
Log message:
Update to 3.20160121. From the changelog:

[ Amitai Schlair ]
* meta: Fix [[!meta name=foo]] by closing the open quote.
* Avoid unescaped "{" in regular expressions
* meta test: Add tests for many behaviors of the directive.
* img test: Bail gracefully when ImageMagick is not present.

[ Joey Hess ]
* emailauth: Added emailauth_sender config.
* Modified page.tmpl to to set html lang= and dir= when
  values have been specified for them, which the po plugin does.
* Specifically license the javascript underlay under the permissive
  basewiki license.

[ Simon McVittie ]
* git: if no committer identity is known, set it to
  "IkiWiki <ikiwiki.info>" in .git/config. This resolves commit \ 
errors
  in versions of git that require a non-trivial committer identity.
* inline, trail: rename show, feedshow parameters to limit, feedlimit
  (with backwards compatibility)
* pagestats: add "show" option to show meta fields. Thanks, Louis
* inline: force RSS <comments> to be a fully absolute URL as required
  by the W3C validator. Please use Atom feeds if relative URLs are
  desirable on your site.
* inline: add <atom:link rel="self"> to RSS feeds as recommended by
  the W3C validator
* inline: do not produce links containing /./ or /../
* syslog: accept and encode UTF-8 messages
* syslog: don't fail to log if the wiki name contains %s
* Change dependencies from transitional package perlmagick
  to libimage-magick-perl (Closes: #789221)
* debian/copyright: update for the rename of openid-selector to
  login-selector
* d/control: remove leading article from Description
  (lintian: description-synopsis-starts-with-article)
* d/control: Standards-Version: 3.9.6, no changes required
* Wrap and sort control files (wrap-and-sort -abst)
* Silence "used only once: possible typo" warnings for variables
  that are part of modules' APIs
* Run autopkgtest tests using autodep8 and the pkg-perl team's
  infrastructure
* Add enough build-dependencies to run all tests, except for
  non-git VCSs
* tests: consistently use done_testing instead of no_plan
* t/img.t: do not spuriously skip
* img test: skip testing PDFs if unsupported
* img test: use the right filenames when testing that deletion occurs

-- Simon McVittie <smcv@debian.org>  Thu, 21 Jan 2016 09:53:07 +0000
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-30 05:07:03 by Amitai Schlair | Files touched by this commit (3)
Log message:
Apply upstream patch to fix [[!meta name=foo]] by closing the open quote.
Bump PKGREVISION.

Next | Query returned 200 messages, browsing 51 to 60 | Previous