Simon McVittie
4729ff0812
Exclude working directory from library path (CVE-2016-1238)
...
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.
Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.
In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
2016-07-28 09:50:21 +01:00
Joey Hess
a6c453606e
Revert strange translation of this page to French
2016-07-25 10:44:29 -04:00
https://me.yahoo.com/acidburn095#b6c38
14909f1d51
2016-07-25 01:39:21 -04:00
https://me.yahoo.com/acidburn095#b6c38
9427f79f97
2016-07-25 01:17:02 -04:00
Martian
1c7b7949dd
Everyone is using comments here... let's go with the crowd
2016-06-30 06:43:36 -04:00
Martian
3642e56aad
Added a comment: Using multiple setup files
2016-06-30 06:42:47 -04:00
Martian
0fa4c7296a
Add todo/multiple setup option on command line
2016-06-30 06:28:40 -04:00
Martian
09deb9408a
Add information about multiple setup options.
2016-06-30 06:22:59 -04:00
sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41
1e992c2c98
2016-06-26 14:57:52 -04:00
sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41
7f4507c4d0
wkhtmltopdf project has moved off of Google Code onto a dedicated site
2016-06-26 14:18:52 -04:00
Joey Hess
955b5cea5a
update
2016-06-23 16:39:36 -04:00
Martian
4f89d1f3cb
2016-06-22 11:35:48 -04:00
Martian
75438e12e5
apache on fedora and suid bit
2016-06-22 09:10:23 -04:00
smcv
ec371adab1
yes, not committing the setup file to the same VCS is a security thing
2016-06-22 04:05:32 -04:00
Martian
d4c7df992e
Why not putting setup file in git?
2016-06-22 03:42:21 -04:00
https://me.yahoo.com/zoredache#d4929
58bede17b5
Added a comment
2016-06-20 15:38:41 -04:00
rsayers
9e485bf184
2016-06-16 13:15:26 -04:00
spalax
81c57fe69f
Link to a work-in-progress plugin
2016-06-14 11:37:44 -04:00
spalax
c9160ae83c
Added a comment: More thought about the `pageversion` plugin
2016-06-14 11:36:33 -04:00
smcv
183c2f2590
Added a comment: more info required
2016-06-11 08:17:14 -04:00
smcv
3e18500c38
Added a comment
2016-06-11 08:14:21 -04:00
spalax
0cc9af205d
Added a comment: More information
2016-06-10 14:58:09 -04:00
https://me.yahoo.com/zoredache#d4929
46eb10fcf6
2016-06-09 16:02:10 -04:00
https://me.yahoo.com/zoredache#d4929
142d8b7a79
2016-06-09 16:01:52 -04:00
aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f
f8870b5af7
new user: www.s4-ausbau.de
2016-06-09 16:00:12 -04:00
smcv
bfc5f06451
Added a comment: I'm not so sure that copying metadata is desirable
2016-06-09 11:09:30 -04:00
spalax
eb5c293167
Questions about a new plugin
2016-06-07 16:20:12 -04:00
http://schmonz.livejournal.com/
7615617680
Added a comment: cool!
2016-06-07 11:14:02 -04:00
openmedi
3c7c04e6a7
Added a comment
2016-06-07 09:55:29 -04:00
http://schmonz.livejournal.com/
3ebba4b951
Added a comment: ok
2016-06-07 08:39:43 -04:00
openmedi
169abcd043
Added a comment
2016-06-07 07:23:43 -04:00
openmedi
053284fcc7
Added a comment
2016-06-07 07:19:48 -04:00
spalax
9da882c776
Add required packages
2016-06-07 02:26:23 -04:00
http://schmonz.livejournal.com/
1167651861
Added a comment: what didn't work with pkgsrc?
2016-06-06 08:17:22 -04:00
openmedi
7396d8c612
Added a comment
2016-06-06 07:08:45 -04:00
spalax
5e6f933874
Update plugins/contrib/compile documentation
2016-06-05 17:08:25 -04:00
aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f
7ff8222802
2016-06-05 15:44:42 -04:00
https://id.koumbit.net/anarcat
720c83eff8
refer to openid delegation
2016-06-03 18:54:46 -04:00
smcv
59526a5aa0
Added a comment
2016-06-03 02:26:03 -04:00
Joey Hess
04f17b382f
Merge branch 'master' of ssh://git.ikiwiki.info
2016-06-03 01:37:01 -04:00
Joey Hess
d9d61a5360
add freedombox as a kind of ikiwiki hosting service
2016-06-03 01:35:15 -04:00
http://schmonz.livejournal.com/
43785417d0
Added a comment: why not keep using pkgsrc?
2016-06-02 21:53:24 -04:00
openmedi
747fd23df4
Added a comment
2016-06-02 14:18:40 -04:00
openmedi
ab78d65638
2016-06-02 13:58:07 -04:00
spalax
a3f48a1106
More about security
2016-05-31 16:49:26 -04:00
spalax
182a2ad992
More thought about "bibtex2html" and "compile"
2016-05-31 16:39:17 -04:00
https://id.koumbit.net/anarcat
ef292879d4
link to discussion
2016-05-31 15:39:43 -04:00
https://id.koumbit.net/anarcat
e1349b74e4
expand on the exec idea
2016-05-31 15:38:34 -04:00
Joey Hess
d9bfe760d1
improve warning message for multiple sources for page
2016-05-31 15:29:09 -04:00
smcv
d60c829475
a list of arbitrary shell delegates, what could possibly go wrong?
2016-05-31 14:51:28 -04:00