2016-12-21 01:52:59 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 3.20161219. From the changelog:
[ Joey Hess ]
* inline: Prevent creating a file named ".mdwn" when the
postform is submitted with an empty title.
[ Simon McVittie ]
* Security: tell `git revert` not to follow renames. If it does, then
renaming a file can result in a revert writing outside the wiki srcdir
or altering a file that the reverting user should not be able to alter,
an authorization bypass. Thanks, intrigeri
* cgitemplate: remove some dead code. Thanks, blipvert
* Restrict CSS matches against header class to not break
Pandoc tables with header rows. Thanks, karsk
* Make pagestats output more deterministic. Thanks, intrigeri
|
2016-09-14 20:04:10 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 3.20160905. From the changelog:
* [ Joey Hess ]
* Fix installation when prefix includes a string metacharacter.
Thanks, Sam Hathaway.
* [ Simon McVittie ]
* Use git log --no-renames to generate recentchanges, fixing the git
test-case with git 2.9 (Closes: #835612)
|
2016-07-28 22:23:52 by Amitai Schlair | Files touched by this commit (2) |
Log message:
Update to 3.20160728. From the changelog:
* Explicitly remove current working directory from Perl's library
search path, mitigating CVE-2016-1238 (see #588017)
* wrappers: allocate new environment dynamically, so we won't overrun
the array if third-party plugins add multiple environment variables.
* Standards-Version: 3.9.8 (no changes required)
|
2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
|
2016-05-10 08:12:18 by Amitai Schlair | Files touched by this commit (2) |
Log message:
Update to 3.20160509. From the changelog:
[ Amitai Schlair ]
* img: ignore the case of the extension when detecting image format,
fixing the regression that *.JPG etc. would not be displayed
since 3.20160506
[ Simon McVittie ]
* img: parse img_allowed_formats case-insensitively, as was done in
3.20141016.3
* inline: restore backwards compat for show=-1 syntax, which
worked before 3.20160121
* Remove a spurious changelog entry from 3.20160506 (the relevant
change was already in 3.20150614)
* Add CVE-2016-4561 reference to 3.20160506 changelog
* Set high urgency to get the CVE-2016-4561 fix and CVE-2016-3714
mitigation into testing
-- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 21:57:09 +0100
|
2016-05-07 07:58:54 by Amitai Schlair | Files touched by this commit (3) |
Log message:
Update to 3.20160506. From the changelog:
[ Simon McVittie ]
* img: stop ImageMagick trying to be clever if filenames contain a colon,
avoiding mis-processing
* HTML-escape error messages, in one case avoiding potential cross-site
scripting (OVE-20160505-0012)
* Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
- img: force common Web formats to be interpreted according to extension,
so that "allowed_attachments: '*.jpg'" does what one might expect
- img: restrict to JPEG, PNG and GIF images by default, again mitigating
CVE-2016-3714 and similar vulnerabilities
- img: check that the magic number matches what we would expect from
the extension before giving common formats to ImageMagick
* d/control: use https for Homepage
* d/control: add Vcs-Browser
[ Joey Hess ]
* img: Add back support for SVG images, bypassing ImageMagick and
simply passing the SVG through to the browser, which is supported by all
commonly used browsers these days.
SVG scaling by img directives has subtly changed; where before
size=wxh would preserve aspect ratio, this cannot be done when passing
them through and so specifying both a width and height can change
the SVG's aspect ratio.
* loginselector: When only openid and emailauth are enabled, but
passwordauth is not, avoid showing a "Other" box which opens an
empty form.
[ Amitai Schlair ]
* mdwn: Process .md like .mdwn, but disallow web creation.
[ Florian Wagner ]
* git: Correctly handle filenames starting with a dash in add/rm/mv.
-- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 07:54:26 +0100
|
2016-03-06 20:30:06 by Amitai Schlair | Files touched by this commit (3) |
Log message:
Apply upstream patch to make the CVS tests pass again. While here,
uncomment a maintainer make target to find where REPLACE_PERL might be
needed, and remove one that's no longer needed. (No change to the
installed package, so no PKGREVISION bump.)
|
2016-01-21 19:36:38 by Amitai Schlair | Files touched by this commit (7) | |
Log message:
Update to 3.20160121. From the changelog:
[ Amitai Schlair ]
* meta: Fix [[!meta name=foo]] by closing the open quote.
* Avoid unescaped "{" in regular expressions
* meta test: Add tests for many behaviors of the directive.
* img test: Bail gracefully when ImageMagick is not present.
[ Joey Hess ]
* emailauth: Added emailauth_sender config.
* Modified page.tmpl to to set html lang= and dir= when
values have been specified for them, which the po plugin does.
* Specifically license the javascript underlay under the permissive
basewiki license.
[ Simon McVittie ]
* git: if no committer identity is known, set it to
"IkiWiki <ikiwiki.info>" in .git/config. This resolves commit \
errors
in versions of git that require a non-trivial committer identity.
* inline, trail: rename show, feedshow parameters to limit, feedlimit
(with backwards compatibility)
* pagestats: add "show" option to show meta fields. Thanks, Louis
* inline: force RSS <comments> to be a fully absolute URL as required
by the W3C validator. Please use Atom feeds if relative URLs are
desirable on your site.
* inline: add <atom:link rel="self"> to RSS feeds as recommended by
the W3C validator
* inline: do not produce links containing /./ or /../
* syslog: accept and encode UTF-8 messages
* syslog: don't fail to log if the wiki name contains %s
* Change dependencies from transitional package perlmagick
to libimage-magick-perl (Closes: #789221)
* debian/copyright: update for the rename of openid-selector to
login-selector
* d/control: remove leading article from Description
(lintian: description-synopsis-starts-with-article)
* d/control: Standards-Version: 3.9.6, no changes required
* Wrap and sort control files (wrap-and-sort -abst)
* Silence "used only once: possible typo" warnings for variables
that are part of modules' APIs
* Run autopkgtest tests using autodep8 and the pkg-perl team's
infrastructure
* Add enough build-dependencies to run all tests, except for
non-git VCSs
* tests: consistently use done_testing instead of no_plan
* t/img.t: do not spuriously skip
* img test: skip testing PDFs if unsupported
* img test: use the right filenames when testing that deletion occurs
-- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 09:53:07 +0000
|
2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758) |
Log message:
Add SHA512 digests for distfiles for www category
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-08-30 05:07:03 by Amitai Schlair | Files touched by this commit (3) |
Log message:
Apply upstream patch to fix [[!meta name=foo]] by closing the open quote.
Bump PKGREVISION.
|