ikiwiki/debian
Simon McVittie c1120bbbe8 Force CGI::FormBuilder->field to scalar context where necessary
CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0. Force it into scalar context where it is used
in an argument list.

This prevents two (relatively minor) commit metadata forgery
vulnerabilities:

* In the comments plugin, an attacker who was able to post a comment
  could give it a user-specified author and author-URL even if the wiki
  configuration did not allow for that, by crafting multiple values
  to other fields.
* In the editpage plugin, an attacker who was able to edit a page
  could potentially forge commit authorship by crafting multiple values
  for the rcsinfo field.

The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.

OVE-20161226-0001
2016-12-28 21:32:12 +00:00
..
tests/pkg-perl Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure 2015-11-30 18:26:22 +00:00
upstream
.gitignore
NEWS 3.20160506 2016-05-06 07:54:47 +01:00
README.Debian
changelog Force CGI::FormBuilder->field to scalar context where necessary 2016-12-28 21:32:12 +00:00
compat
control Standards-Version: 3.9.8 (no changes required) 2016-07-28 10:41:25 +01:00
copyright Update my surname to its new legal spelling. 2016-09-14 14:28:01 -04:00
docs
links Wrap and sort control files (wrap-and-sort -abst) 2015-11-30 18:26:23 +00:00
postinst
preinst
rules

README.Debian

It's a good idea, and in some cases a requirement, to rebuild your wikis
when upgrading to a new version of ikiwiki. If you have a lot of different
wikis on a system, this can be a pain to do by hand, and it's a good idea
to automate it anyway.

This Debian package of ikiwiki supports rebuilding wikis on upgrade. It
will run ikiwiki-mass-rebuild if necessary when upgraded. The file
/etc/ikiwiki/wikilist lists the setup files of wikis to rebuild, as well
as the user who owns the wiki. Edit this file and add any wikis you
set up.

You can also allow users to maintain their own list of wikis to rebuild,
by listing their usernames in /etc/ikiwiki/wikilist without corresponding
setup files.  ikiwiki will then read their lists of wikis from
.ikiwiki/wikilist in their home directories.


The examples directory contains the source to some example wiki setups.