Next | Query returned 200 messages, browsing 41 to 50 | Previous

History of commit frequency

CVS Commit History:


   2018-03-02 20:20:20 by Amitai Schleier | Files touched by this commit (3)
Log message:
Update to 3.20180228. From the changelog:

* core: Don't send relative redirect URLs when behind a reverse proxy
* core: Escape backticks etc. in directive error messages as HTML
  entities so that the error message is not subsequently parsed as
  Markdown
* mdwn: Enable fenced code blocks, PHP Markdown Extra-style definition
  lists and GitHub-style extensions to HTML tag syntax when used with
  Discount >= 2.2.0 (Closes: #[888055])
* img: Fix auto-detection of image format (if enabled, which is
  strongly discouraged) with ImageMagick >= 6.9.8-3
* rst: Use Python 3 instead of Python 2
* build: `set -e` before each `for` loop, so that errors are reliably
  trapped
* build: Use if/then instead of `||` so that the `-e` flag works
* build: Ensure that pm_to_blib finishes before rewriting shebang lines
* t: Make the img test pass with ImageMagick >= 6.9.8-3
  (Closes: #[891647])
* debian: Remove unused Lintian overrides for duplicate word false positives
* debian: Declare compliance with Debian Policy 4.1.3
   2018-01-08 15:04:18 by Amitai Schleier | Files touched by this commit (3)
Log message:
Update to 3.20180105. From the changelog:

- emailauth: Fix cookie problem when user is on https and the cgiurl
  uses http, by making the emailed login link use https.
- passwordauth: Use https for emailed password reset link when user
  is on https.
- Remove openid provider icons from login selector, since openid
  providers are increasingly not working. Verisign retired theirs, and
  aol and yahoo/flickr are not commonly used for openid. Any users who
  still clicked those icons to login will need to instead enter their
  openid url.
- Updated German basewiki and directives translation from
  Sebastian Kuhnert.
   2018-01-01 23:30:04 by Roland Illig | Files touched by this commit (537)
Log message:
Sort PLIST files.

Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:

  pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
   2017-10-02 05:27:29 by Amitai Schleier | Files touched by this commit (5)
Log message:
Update to 3.20171001. From the changelog:

[ Joey Hess ]
* htmlscrubber: Add support for the video tag's loop and muted
  attributes. Those were not in the original html5 spec, but have been
  added in the whatwg html living standard and have wide browser support.
* emailauth, passwordauth: Avoid leaving cgisess_* files in the
  system temp directory.

[ Simon McVittie ]
* core: Don't decode the result of strftime if it is already tagged as
  UTF-8, as it might be since Perl >= 5.21.1. (Closes: #869240)
* img: Strip metadata from resized images when the deterministic config
  option is set. Thanks, intrigeri
* receive: Avoid asprintf() in IkiWiki::Receive, to avoid implicit
  declaration, potential misbehaviour on 64-bit platforms, and lack
  of portability to non-GNU platforms
* t: Add a regression test for untrusted git push
* receive: Fix untrusted git push with git (>= 2.11) by passing through
  the necessary environment variables to make the quarantine area work
* debian: Declare compliance with Debian Policy 4.1.1

[ Amitai Schleier ]
* l10n: Fix the build with po4a 0.52, by ensuring that msgstr ends
  with a newline if and only if msgid does
   2017-09-20 04:57:32 by Amitai Schleier | Files touched by this commit (3)
Log message:
Add upstream patch to fix build with po4a 0.52.
   2017-06-24 15:10:44 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20170622. From the changelog:

* t/git-cgi.t: Wait 1 second before doing a revert that should work.
  This hopefully fixes a race condition in which the test failed
  around 6% of the time. (Closes: 862494)
* Guard against set-but-empty REMOTE_USER CGI variable on
  misconfigured nginx servers, and in general treat sessions with
  a set-but-empty name as if they were not signed in.
* When the CGI fails, print the error to stderr, not "Died"
* mdwn: Don't mangle <style> into <elyts> under some circumstances
* mdwn: Enable footnotes by default when using the default Discount
  implementation. A new mdwn_footnotes option can be used to disable
  footnotes in MultiMarkdown and Discount.
* mdwn: Don't enable alphabetically labelled ordered lists by
  default when using the default Discount implementation. A new
  mdwn_alpha_list option can be used to restore the old
  interpretation.
* osm: Convert savestate hook into a changes hook. savestate is not
  the right place to write wiki content, and in particular this
  breaks websetup if osm's dependencies are not installed, even
  if the osm plugin is not actually enabled. (Closes: #719913)
* toc: if the heading is of the form <h1 id="...">, use that for
  the link in the table of contents (but continue to generate
  <a name="index42"></a> in case someone was relying on it)
* color: Do not leak markup into contexts that take only the plain
  text, such as toc
* meta: Document [[!meta name="foo" content="bar"]]
   2017-01-12 01:44:15 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20170111. From the changelog:

* passwordauth: prevent authentication bypass via multiple name
  parameters (CVE-2017-0356, OVE-20170111-0001)
* passwordauth: avoid userinfo forgery via repeated email parameter
  (also in the scope of CVE-2017-0356)
* CGI, attachment, passwordauth: harden against repeated parameters
  (not believed to have been a vulnerability)
* remove: make it clearer that repeated page parameter is OK here
* t/passwordauth.t: new automated test for passwordauth
   2017-01-11 03:15:54 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20170110. From the changelog:

[ Amitai Schleier ]
* wrappers: Correctly escape quotes in git_wrapper_background_command

[ Simon McVittie ]
* git: use an explicit function parameter for the directory to work
  in. Previously, we used global state that was not restored correctly
  on catching exceptions, causing an unintended log message
  "cannot chdir to .../ikiwiki-temp-working: No such file or directory"
  with versions >= 3.20161229 when an attempt to revert a change fails
  or is disallowed
* git: don't run "git rev-list ... -- -- ..." which would select the
  wrong commits if a file named literally "--" is present in the
  repository
* check_canchange: log "bad file name whatever", not literal string
  "bad file name %s"
* t/git-cgi.t: fix a race condition that made the test fail
  intermittently
* t/git-cgi.t: be more careful to provide a syntactically valid
  author/committer name and email, hopefully fixing this test on
  ci.debian.net
* templates, comments, passwordauth: use rel=nofollow microformat
  for dynamic URLs
* templates: use rel=nofollow microformat for comment authors
* news: use Debian security tracker instead of MITRE for security
  references. Thanks, anarcat
* Set package format to 3.0 (native)
* d/copyright: re-order to put more specific stanzas later, to get the
  intended interpretation
* d/source/lintian-overrides: override obsolete-url-in-packaging for
  OpenID Selector, which does not seem to have any more current URL
  (and in any case our version is a fork)
* docwiki.setup: exclude TourBusStop from offline documentation.
  It does not make much sense there.
* d/ikiwiki.lintian-overrides: override script-not-executable warnings
* d/ikiwiki.lintian-overrides: silence false positive spelling warning
  for Moin Moin
* d/ikiwiki.doc-base: register the documentation with doc-base
* d/control: set libmagickcore-6.q16-3-extra as preferred
  build-dependency, with virtual package libmagickcore-extra as an
  alternative, to help autopkgtest to do the right thing
   2016-12-30 14:59:42 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20161229.1. From the changelog:

* git: Attribute reverts to the user doing the revert, not the wiki
  itself.
* git: Do not disable the commit hook while preparing a revert.
   2016-12-30 04:21:11 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 3.20161229. From the changelog:

* Security: force CGI::FormBuilder->field to scalar context where
  necessary, avoiding unintended function argument injection
  analogous to CVE-2014-1572. In ikiwiki this could be used to
  forge commit metadata, but thankfully nothing more serious.
  (CVE-2016-9646)
* Security: try revert operations in a temporary working tree before
  approving them. Previously, automatic rename detection could result in
  a revert writing outside the wiki srcdir or altering a file that the
  reverting user should not be able to alter, an authorization bypass.
  (CVE-2016-10026 represents the original vulnerability.)
  The incomplete fix released in 3.20161219 was not effective for git
  versions prior to 2.8.0rc0.
  (CVE-2016-9645 represents that incomplete solution.)
* Add CVE references for CVE-2016-10026
* Add automated test for using the CGI with git, including
  CVE-2016-10026
  - Build-depend on libipc-run-perl for better build-time test coverage
* Add missing ikiwiki.setup for the manual test for CVE-2016-10026
* git: don't issue a warning if the rcsinfo CGI parameter is undefined
* git: do not fail to commit changes with a recent git version
  and an anonymous committer

Next | Query returned 200 messages, browsing 41 to 50 | Previous