7c34df633d
git_revert test: reinstate ikiwiki.setup, and make it work uninstalled
...
Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.
I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
2016-12-28 21:32:11 +00:00
a9b876e1fa
Added a comment
2016-12-26 18:03:28 -04:00
836f165939
Added a comment
2016-12-26 15:26:25 -04:00
1a73c8d528
Question about default timezone ":/etc/localtime"
2016-12-25 17:05:08 -04:00
28409cd358
Add CVE references for CVE-2016-10026
2016-12-21 13:03:36 +00:00
bec3047aff
Replied.
2016-12-20 10:26:22 +00:00
fd6b947889
Announce 3.20161219
2016-12-19 21:20:41 +00:00
c96149fa3e
Release 3.20161219
2016-12-19 20:35:01 +00:00
7e78712782
mention security contacts here too
2016-12-19 16:33:48 -04:00
952404edaa
Opt in to whatever spam this may bring.
2016-12-19 20:23:43 +01:00
0fe2ff8579
changelog
2016-12-19 18:21:07 +00:00
c1890c116d
Make pagestats output more deterministic.
...
Sort in lexical order the pages that have the same number of hits.
2016-12-19 18:21:07 +00:00
592c13cc61
Update changelog
2016-12-19 18:21:07 +00:00
cde2cc1862
Restrict CSS matches on .header to not affect <tr>
...
Pandoc generates <tr class="header"> to hold <th> elements, and
we don't want to make those be display: block.
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
2a9e9f13f6
List security contacts
...
We still don't have a security@ alias; listing personal emails is
unfortunately the next-best thing.
2016-12-19 18:21:07 +00:00
da395ac33c
Add a manual test for reverting git commits
...
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
9cada49ed6
Tell `git revert` not to follow renames
...
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
7244b712c1
Added a comment: no, not supported
2016-12-19 13:23:06 -04:00
32493312c8
rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_support_relative_size.mdwn
2016-12-19 12:46:46 -04:00
8395e43099
Not possible as stated, but could be adapted into a valid feature request
2016-12-19 12:46:22 -04:00
7d35dc88f3
2016-12-19 09:55:58 -04:00
b0b1428e62
cgitemplate: actually remove dead code
...
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 13:20:55 +00:00
bc89021523
cgitemplate: remove dead code
...
blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this
variable has not been used since commit a052771
2016-12-19 12:00:34 +00:00
706bf876ea
Report authorization bypass via RCS revert.
2016-12-17 11:11:44 +00:00
bd46db3fb9
2016-12-14 19:07:00 -04:00
85c1fa60b8
2016-12-14 19:06:05 -04:00
bd6a4567fd
2016-12-14 19:04:05 -04:00
9b0e02394b
2016-11-26 23:44:42 -04:00
2e865043d6
pagestats determinism: report bug + patch.
2016-11-20 07:00:20 +00:00
021ae7050a
svetlana.nfshost
2016-11-17 07:42:50 -04:00
3a36009158
Added custom solution
2016-11-16 18:17:48 -04:00
99e0945732
rename forum/FastCGI_problem_on_Arch.mdwn to forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
2016-11-16 18:15:14 -04:00
8e2e61836e
Update my personal site URL.
2016-11-12 22:02:58 -05:00
aeb85c9d82
update my site links.
2016-11-12 20:08:40 -04:00
7370816738
Added a comment
2016-11-10 13:09:41 -04:00
24573d396f
Added a comment
2016-11-10 13:06:23 -04:00
f7a5c57157
2016-11-10 13:03:00 -04:00
4eb8f49209
Added a comment
2016-11-06 15:36:24 -04:00
08a500cbb7
Added a comment
2016-11-03 18:13:15 -04:00
536f07d9ff
2016-11-03 08:42:03 -04:00
2f922120a1
2016-11-03 08:37:19 -04:00
705ad6d9d7
consider portier as a successor to OpenID?
2016-11-01 11:56:18 -04:00
1e6faf00b1
introduce portier here as well, while i'm here
2016-11-01 11:55:46 -04:00
596f723bb3
nextgen persona?
2016-11-01 11:49:48 -04:00
e7cd4ac40b
another look at bootstrap and packaging strategies
2016-11-01 11:45:31 -04:00
7d48b885c9
The C2 wiki appears to have moved.
2016-10-23 21:00:36 -04:00
b6e7e54e0c
2016-10-16 12:38:47 -04:00
9892c426a1
2016-10-07 07:08:35 -04:00
a9aa7c1c08
That was a (curious) mistake.
...
This reverts commit 1bfe2e2e19
2016-09-30 04:10:10 -04:00
1bfe2e2e19
removed
2016-09-30 04:09:12 -04:00
Simon McVittie
spalax
smcv
intrigeri
Amitai Schleier
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85
jeff+ikiwiki@b5854f0ab9935492e3dfefa98419b6530c92b049
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
Juego
james@2468840dc8f314e837e1fde99a5fb1b884fa993a
openmedi
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40
https://id.koumbit.net/anarcat
icydee
karsk