Commit Graph

2220 Commits (3169e85c7fdd6a7dbc141f966bf0eae66285f218)

Author SHA1 Message Date
Simon McVittie 5f6f9a1bea Wrapper: allocate new environment dynamically
Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.

I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
2016-05-11 09:18:14 +01:00
Simon McVittie 062dbf1373 3.20160509 2016-05-09 21:59:50 +01:00
Simon McVittie ab97cd56f3 Reference CVE-2016-4561 in 3.20160506 changelog 2016-05-09 21:57:34 +01:00
Simon McVittie 2020bd88a5 Remove spurious changelog entry
This change was new in 3.20141016.3, but was applied to the master
branch several releases ago, so it is not new in 3.20160506.
2016-05-09 21:46:04 +01:00
Simon McVittie 9fe33a4c94 3.20160506 2016-05-06 07:54:47 +01:00
Simon McVittie 984ba82f1b img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser
SVG scaling by img directives has subtly changed; where before size=wxh
would preserve aspect ratio, this cannot be done when passing them through
and so specifying both a width and height can change the SVG's aspect
ratio.

(This patch looks significantly more complex than it was, because a large
block of code had to be indented.)

[smcv: drop trailing whitespace, fix some spelling]
2016-05-06 06:57:12 +01:00
Joey Hess 7ff6221ac9 changelog for smcv's security fixes
[smcv: omit a change that was already in 3.20160514]
2016-05-06 06:53:41 +01:00
Amitai Schlair 6253567127 Changelog: process .md files iff created directly. 2016-03-08 14:34:02 -05:00
Joey Hess 8d28f70b37
loginselector: When only openid and emailauth are enabled, but passwordauth is not, avoid showing a "Other" box which opens an empty form. 2016-03-02 16:35:16 -04:00
Simon McVittie a3ee60f2f8 d/control: add Vcs-Browser 2016-01-22 00:55:03 +00:00
Simon McVittie 7db255ff60 d/control: use https for Homepage 2016-01-22 00:55:03 +00:00
Simon McVittie 53b10a64f0 3.20160121 2016-01-21 09:53:28 +00:00
Simon McVittie 0cc21b69e4 document recent inline and syslog fixes 2016-01-21 09:36:16 +00:00
Simon McVittie 179807e742 changelog: sort user-visible changes before packaging and test fixes 2016-01-21 09:31:07 +00:00
Simon McVittie b0627aef10 img test: use the right filenames when testing that deletion occurs
Also use a less misleading name for the sample SVG: it is no longer empty.
Since commit 105f285a it has contained a blue square.
2016-01-19 11:24:18 +00:00
Simon McVittie 5dceeb28d8 img test: skip testing PDFs if unsupported 2016-01-19 11:24:18 +00:00
Simon McVittie 317d19842c Silence "used only once: possible typo" warnings for variables that are part of modules' APIs 2016-01-19 11:24:18 +00:00
Simon McVittie e33b4678c7 d/control: Standards-Version: 3.9.6, no changes required 2016-01-19 11:24:18 +00:00
Simon McVittie 509a5a48d7 d/control: remove leading article from Description (lintian: description-synopsis-starts-with-article) 2016-01-19 11:24:18 +00:00
Simon McVittie 64d9729601 Change dependencies from transitional package perlmagick to libimage-magick-perl (Closes: #789221) 2016-01-19 11:24:18 +00:00
Simon McVittie 245109fa39 changelog: mention pagestats enhancement 2016-01-19 11:24:18 +00:00
Simon McVittie fc02c7fb69 Add license info to javascript underlay 2016-01-19 11:24:18 +00:00
Simon McVittie b199349ffd Merge remote-tracking branch 'smcv/ready/limit' 2015-11-30 20:55:34 +00:00
Simon McVittie ed1e1ebe70 git: if no committer identity is known, set it to "IkiWiki <ikiwiki.info>" in .git/config
This resolves commit errors in versions of git that require a non-trivial
committer identity.
2015-11-30 19:34:04 +00:00
Simon McVittie 719612a976 debian/copyright: update for the rename of openid-selector to login-selector 2015-11-30 18:52:19 +00:00
Simon McVittie a71ade73ff Add enough build-dependencies to run all tests, except for non-git VCSs 2015-11-30 18:26:23 +00:00
Simon McVittie 1124a7c459 Wrap and sort control files (wrap-and-sort -abst) 2015-11-30 18:26:23 +00:00
Simon McVittie d90002b8d7 tests: consistently use done_testing instead of no_plan 2015-11-30 18:26:23 +00:00
Simon McVittie 6b322448ca t/img.t: do not spuriously skip 2015-11-30 18:26:23 +00:00
Simon McVittie cdfb4ab1a3 Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
Simon McVittie 78a47d44c7 Add more changelog entries 2015-11-29 17:37:40 +00:00
Joey Hess 70c87f56a2
Modified page.tmpl to to set html lang= and dir= when values have been specified for them, which the po plugin does.
Note that I modified the patch slightly, to avoid blank lines before the
<html>, on the off chance bad html parsers care.
2015-10-26 15:45:40 -04:00
Joey Hess 32923e732b emailauth: Added emailauth_sender config. 2015-10-02 11:49:47 -04:00
Amitai Schlair ee13598aa8 Changelog my recent commits, prompted by joeyh. 2015-08-27 13:00:01 -04:00
Simon McVittie 8ab2005ec9 3.20150614 2015-06-14 18:15:35 +01:00
Simon McVittie 841a86a4f3 img test: set old timestamp on source file that will change
This is so that the test will pass even if it takes less than 1 second.
2015-06-14 18:13:17 +01:00
Simon McVittie 7a2117bf8c img: stop ImageMagick trying to be clever if filenames contain a colon
$im->Read() takes a filename-like argument with several sets of special
syntax. Most of the possible metacharacters are escaped by the
default `wiki_file_chars` (and in any case not particularly disruptive),
but the colon ":" is not.

It seems the way to force ImageMagick to treat colons within the
filename as literal is to prepend a colon, so do that.
2015-06-13 20:00:08 +01:00
Simon McVittie f2365c3e66 inline: change default sort order from age to "age title" for determinism 2015-06-13 19:58:37 +01:00
Simon McVittie 412f9ea2bb 3.20150610 2015-06-10 21:59:11 +01:00
Simon McVittie 014b9eb1b7 polygen: if deterministic build is requested, use a well-known random seed 2015-06-09 22:30:44 +01:00
Simon McVittie 361076e55d haiku: if deterministic build is requested, return a hard-coded haiku 2015-06-09 22:30:43 +01:00
Simon McVittie 15939a2528 Add deterministic option and use it for the docwiki
It doesn't do anything yet.
2015-06-09 22:30:43 +01:00
Simon McVittie 6add4fd4fc Sort backlinks deterministically, by falling back to sorting by href if the link text is identical 2015-06-09 22:30:43 +01:00
Simon McVittie d18b77c107 Add [[!meta date]] to news items and tips
The git checkout and build process can leave the checkout
date in the tarball release, leading to unstable sorting.
I tried to use `git restore-mtime`, but that doesn't work for
ikiwiki, because dgit interferes with it.
2015-06-09 22:29:38 +01:00
Simon McVittie 8e007666d4 brokenlinks: sort the pages that link to the missing page, for better reproducibility 2015-06-09 22:28:31 +01:00
Simon McVittie 7a96363c6d debian/copyright: turn comments on provenance into Comment 2015-06-09 22:28:30 +01:00
Simon McVittie bde823191e debian/copyright: consolidate permissive licenses 2015-06-09 22:28:28 +01:00
Simon McVittie de38423a59 debian: build the docwiki with LC_ALL=C.UTF-8 and TZ=UTC for a more reproducible build 2015-06-09 22:25:26 +01:00
Simon McVittie 2fe003dac4 Populate pagectime from mtime or inode change time, whichever is older
When building ikiwiki from a tarball, the mtime (conceptually, the
last modification date of the file) is preserved by tar, but the inode
change time (creation/metadata-change date of *this copy* of the file)
is not. This seems to lead to unstable sort ordering and
unreproducible builds.

The page can't possibly have been modified before it was created, so
we can assume that the modification date is an upper bound for the
creation date.
2015-06-09 22:22:54 +01:00
Simon McVittie b6388d6fbd changelog 2015-06-09 22:22:10 +01:00
Simon McVittie 7a52c87a8c Make the attachment plugin work with CGI.pm 4.x (Closes: #786586; workaround for #786587 in libcgi-pm-perl) 2015-06-07 14:51:13 +01:00
Simon McVittie 2afb0dd663 Do not directly enable emailauth by default, only indirectly via openid
This avoids nasty surprises on upgrade if a site is using httpauth,
or passwordauth with an account_creation_password, and relying on
only a select group of users being able to edit the site. We can revisit
this for ikiwiki 4.
2015-05-27 08:52:01 +01:00
Joey Hess fecfa53988 changelog 2015-05-19 15:35:25 -04:00
Joey Hess 85a529db3d passwordauth: Don't allow registering accounts that look like openids.
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
2015-05-14 10:57:56 -04:00
Joey Hess bf8b7fe2d1 changelog 2015-05-13 23:38:46 -04:00
Joey Hess 5b459737a5 Converted openid-selector into a more generic loginselector helper plugin. 2015-05-13 18:50:29 -04:00
Joey Hess ec72b4c95b When openid and passwordauth are the only enabled auth plugins, make the openid selector display "Password" instead of "Other", so users are more likely to click on it when they don't have an openid. 2015-05-13 12:18:22 -04:00
Joey Hess aefb780eee Re-remove google from openid selector; their openid provider is gone for good. 2015-04-28 12:24:32 -04:00
Simon McVittie d8a550e7de release 3.20150329 2015-03-29 22:11:38 +01:00
Joey Hess 18dfba868f Fix XSS in openid selector. Thanks, Raghav Bisht. 2015-03-27 12:17:39 -04:00
Simon McVittie 9497fc1b6c t/inline.t: accept translations of "Add a new post titled:" (Closes: #779365) 2015-03-01 17:15:13 +00:00
Simon McVittie 943ec015da If neither timezone nor TZ is set, set both to :/etc/localtime if we're on a GNU system and that file exists, or GMT otherwise 2015-03-01 15:01:05 +00:00
Simon McVittie bd3eb42b02 changelog 2015-03-01 12:46:49 +00:00
Joey Hess b0861d8162 heh, MOM wants you 2015-01-25 00:03:43 -04:00
Joey Hess fe0eaf1870 Fix NULL ptr deref on ENOMOM in wrapper. (Thanks, igli)
Probably not exploitable, but who knows..
2015-01-25 00:00:40 -04:00
Simon McVittie c34b86f12e release 2015-01-07 09:14:47 +00:00
Joey Hess 0048442831 close debian bug I opened about blogspam 2015-01-02 16:45:26 -04:00
Amitai Schlair 0451dc4133 Update blogspam to the 2.0 API. 2015-01-02 13:55:10 -05:00
Joey Hess f88e109bec po: If msgmerge falls over on a problem po file, print a warning message, but don't let this problem crash ikiwiki entirely. 2014-12-30 15:51:50 -04:00
Amitai Schlair c668c2c7e2 Changelog the $(MAKE) patch. 2014-12-27 17:32:20 -05:00
Simon McVittie 5c30886dbf changelog, close bug 2014-12-09 22:19:15 +00:00
Simon McVittie 44e320c1d5 changelog and NEWS entry for responsive layout 2014-12-01 21:29:46 +00:00
Simon McVittie c01f53d74e core: generate HTML5 by default, but keep avoiding new elements like <section> that require specific browser support unless html5 is set to 1. 2014-11-26 12:00:31 +00:00
Simon McVittie dc0744a423 search: add more classes as a hook for CSS. Thanks, sajolida 2014-11-26 11:57:58 +00:00
Simon McVittie 1ff99b19ca calendar: add calendar_autocreate option, with which "ikiwiki --refresh" can mostly supersede the ikiwiki-calendar command. Thanks, Louis Paternault 2014-11-26 09:28:18 +00:00
Joey Hess 33ca02581b Set Debian package maintainer to Simon McVittie as I'm retiring from Debian. 2014-11-08 00:08:33 -04:00
Joey Hess ea8c7a7e02 openid: Stop suppressing the email field on the Preferences page.
This is needed for notifyemail, and not all openid providers report an
email address, or necessarily the one the user wants to get email.
2014-11-06 15:00:09 -04:00
Joey Hess d858ce3e93 Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t 2014-10-20 12:28:54 -04:00
Joey Hess 82a4fb49ae add ikiwiki-comment program 2014-10-20 12:08:07 -04:00
Simon McVittie a89dbd9892 release 2014-10-16 23:28:35 +01:00
Simon McVittie 44e05edaf4 debian: fix some wrong paths in the copyright file 2014-10-16 23:28:23 +01:00
Simon McVittie 0e783e915b debian: rename debian/link to debian/links so the intended symlinks appear 2014-10-16 23:04:11 +01:00
Simon McVittie 37296bcb5a close a bug 2014-10-16 23:03:48 +01:00
Simon McVittie 0c73a825d1 Drop unused python-support dependency 2014-10-16 22:48:09 +01:00
Simon McVittie 3429e81596 changelog so far 2014-10-16 22:44:29 +01:00
Joey Hess 6294894f31 Fix crash that can occur when only_committed_changes is set and a file is deleted from the underlay.
srcfile_stat got called on a file from the underlay that no longer existed.

I am not 100% sure of the circumstances of that; I was able to reproduce
the bug but neglected to snapshot the tree, and then accidentially
got it to stop crashing. I know that a transient tag page got deleted using
the web interface to trigger the crash.

It seems that process_changed_files must have returned the file, despite it
being deleted. And since the file was not checked into git, it seems it
must have not been included in @IkiWiki::underlayfiles, which would have
caused process_changed_files to not return it.

I do not know why a transient tag page would not be in
@IkiWiki::underlayfiles. There is a bug here that I don't understand.

This is just a workaround -- run srcfile_stat such that it won't crash,
and if it is unable to stat a file, find_changed knows it's not changed,
so it's ok to skip it.

Also made find_new_files run srcfile_stat such that it won't crash, just
because I was there.
2014-09-26 18:55:09 -04:00
Simon McVittie 84993495f3 Build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra so we can thumbnail SVGs in the docwiki 2014-09-16 11:22:05 +01:00
Simon McVittie 9d08f18a13 Add myself to Uploaders and release to Debian 2014-09-16 10:03:24 +01:00
Simon McVittie 30c23b5e72 Add package dependencies for scalable img support
- suggest ghostscript (required for PDF-to-PNG thumbnailing)
  and libmagickcore-extra (required for SVG-to-PNG thumbnailing)
- build-depend on ghostscript so the test for scalable images can be run
2014-09-16 10:00:40 +01:00
Simon McVittie 5ff68d5171 changelog, close bugs 2014-09-15 22:12:45 +01:00
Simon McVittie 7660979f74 changelog, close bug 2014-09-15 21:49:48 +01:00
Simon McVittie 3d1de970f1 changelog, close bug 2014-09-15 21:11:17 +01:00
Simon McVittie 303f183d45 write changelog, close bug 2014-09-15 09:53:52 +01:00
Simon McVittie fdfd5ffac7 more bug-closing 2014-09-12 22:02:54 +01:00
Simon McVittie 70a4857624 more changelog and bug-closing 2014-09-12 21:50:20 +01:00
Simon McVittie a5536103e7 changelog/close bugs 2014-09-12 21:32:13 +01:00
Joey Hess 230749ad15 prep release 2014-08-31 14:17:49 -07:00
Joey Hess 40d6ccbadb Make --no-gettime work in initial build. Closes: #755075 2014-08-28 19:08:09 -07:00
Joey Hess 174efbfa9c typo 2014-08-15 13:05:59 -04:00
Joey Hess 9ade0db518 prep release 2014-08-15 12:58:36 -04:00