Commit Graph

15310 Commits (d092b0b77701a4c5cd9c8464b774a6a1da1f02cd)

Author SHA1 Message Date
Simon McVittie 04e322fd6b Clarify which versions of ikiwiki fixed CVE-2016-9645, -9646 2016-12-29 20:08:49 +00:00
Simon McVittie 287bb19883 3.20161229 2016-12-29 17:37:51 +00:00
Simon McVittie cf0166347c Add CVE references for CVE-2016-9646, CVE-2016-9645
Thanks to the Debian security team for allocating these.
2016-12-29 17:36:11 +00:00
Simon McVittie 078d4208ca Prune git remotes that are unreachable or unresponsive 2016-12-29 17:30:56 +00:00
Simon McVittie a8a7462382 Try revert operations (on a branch) before approving them
Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().

It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.

OVE-20161226-0002
2016-12-28 21:32:12 +00:00
Simon McVittie c1120bbbe8 Force CGI::FormBuilder->field to scalar context where necessary
CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0. Force it into scalar context where it is used
in an argument list.

This prevents two (relatively minor) commit metadata forgery
vulnerabilities:

* In the comments plugin, an attacker who was able to post a comment
  could give it a user-specified author and author-URL even if the wiki
  configuration did not allow for that, by crafting multiple values
  to other fields.
* In the editpage plugin, an attacker who was able to edit a page
  could potentially forge commit authorship by crafting multiple values
  for the rcsinfo field.

The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.

OVE-20161226-0001
2016-12-28 21:32:12 +00:00
spalax a9b876e1fa Added a comment 2016-12-26 18:03:28 -04:00
smcv 836f165939 Added a comment 2016-12-26 15:26:25 -04:00
spalax 1a73c8d528 Question about default timezone ":/etc/localtime" 2016-12-25 17:05:08 -04:00
Simon McVittie 28409cd358 Add CVE references for CVE-2016-10026 2016-12-21 13:03:36 +00:00
intrigeri bec3047aff Replied. 2016-12-20 10:26:22 +00:00
Simon McVittie fd6b947889 Announce 3.20161219 2016-12-19 21:20:41 +00:00
smcv 7e78712782 mention security contacts here too 2016-12-19 16:33:48 -04:00
Amitai Schleier 952404edaa Opt in to whatever spam this may bring. 2016-12-19 20:23:43 +01:00
Simon McVittie cde2cc1862 Restrict CSS matches on .header to not affect <tr>
Pandoc generates <tr class="header"> to hold <th> elements, and
we don't want to make those be display: block.

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
Simon McVittie 2a9e9f13f6 List security contacts
We still don't have a security@ alias; listing personal emails is
unfortunately the next-best thing.
2016-12-19 18:21:07 +00:00
Simon McVittie 9cada49ed6 Tell `git revert` not to follow renames
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
smcv 7244b712c1 Added a comment: no, not supported 2016-12-19 13:23:06 -04:00
smcv 32493312c8 rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_support_relative_size.mdwn 2016-12-19 12:46:46 -04:00
smcv 8395e43099 Not possible as stated, but could be adapted into a valid feature request 2016-12-19 12:46:22 -04:00
smcv 7d35dc88f3 2016-12-19 09:55:58 -04:00
Simon McVittie bc89021523 cgitemplate: remove dead code
blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this
variable has not been used since commit a052771
"Now that we're always using HTML5, <base href> can be relative".

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 12:00:34 +00:00
intrigeri 706bf876ea Report authorization bypass via RCS revert. 2016-12-17 11:11:44 +00:00
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 bd46db3fb9 2016-12-14 19:07:00 -04:00
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 85c1fa60b8 2016-12-14 19:06:05 -04:00
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 bd6a4567fd 2016-12-14 19:04:05 -04:00
jeff+ikiwiki@b5854f0ab9935492e3dfefa98419b6530c92b049 9b0e02394b 2016-11-26 23:44:42 -04:00
intrigeri 2e865043d6 pagestats determinism: report bug + patch. 2016-11-20 07:00:20 +00:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9 021ae7050a svetlana.nfshost 2016-11-17 07:42:50 -04:00
Juego 3a36009158 Added custom solution 2016-11-16 18:17:48 -04:00
Juego 99e0945732 rename forum/FastCGI_problem_on_Arch.mdwn to forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn 2016-11-16 18:15:14 -04:00
Amitai Schleier 8e2e61836e Update my personal site URL. 2016-11-12 22:02:58 -05:00
james@2468840dc8f314e837e1fde99a5fb1b884fa993a aeb85c9d82 update my site links. 2016-11-12 20:08:40 -04:00
openmedi 7370816738 Added a comment 2016-11-10 13:09:41 -04:00
openmedi 24573d396f Added a comment 2016-11-10 13:06:23 -04:00
openmedi f7a5c57157 2016-11-10 13:03:00 -04:00
openmedi 4eb8f49209 Added a comment 2016-11-06 15:36:24 -04:00
openmedi 08a500cbb7 Added a comment 2016-11-03 18:13:15 -04:00
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 536f07d9ff 2016-11-03 08:42:03 -04:00
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 2f922120a1 2016-11-03 08:37:19 -04:00
https://id.koumbit.net/anarcat 705ad6d9d7 consider portier as a successor to OpenID? 2016-11-01 11:56:18 -04:00
https://id.koumbit.net/anarcat 1e6faf00b1 introduce portier here as well, while i'm here 2016-11-01 11:55:46 -04:00
https://id.koumbit.net/anarcat 596f723bb3 nextgen persona? 2016-11-01 11:49:48 -04:00
https://id.koumbit.net/anarcat e7cd4ac40b another look at bootstrap and packaging strategies 2016-11-01 11:45:31 -04:00
Amitai Schleier 7d48b885c9 The C2 wiki appears to have moved. 2016-10-23 21:00:36 -04:00
openmedi b6e7e54e0c 2016-10-16 12:38:47 -04:00
icydee 9892c426a1 2016-10-07 07:08:35 -04:00
karsk a9aa7c1c08 That was a (curious) mistake.
This reverts commit 1bfe2e2e19
2016-09-30 04:10:10 -04:00
karsk 1bfe2e2e19 removed 2016-09-30 04:09:12 -04:00
spalax 9833f0b7bd Added a comment: Translating "Last edited" 2016-09-27 15:08:30 -04:00