From 2ea8fbe2d9691d48b007bd0404dd77ae4bd3c9c7 Mon Sep 17 00:00:00 2001 From: joey Date: Sat, 5 Aug 2006 21:15:50 +0000 Subject: [PATCH] misc changes --- IkiWiki/Plugin/aggregate.pm | 2 +- basewiki/style.css | 1 + debian/changelog | 3 ++- doc/ikiwikiusers.mdwn | 1 + doc/security.mdwn | 17 +++++++++-------- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/IkiWiki/Plugin/aggregate.pm b/IkiWiki/Plugin/aggregate.pm index 41c25fe26..633618f76 100644 --- a/IkiWiki/Plugin/aggregate.pm +++ b/IkiWiki/Plugin/aggregate.pm @@ -98,7 +98,7 @@ sub preprocess (@) { #{{{ return "{url}."\">".$feed->{name}.": ". "".$feed->{message}." (".$feed->{numposts}. - " stored posts; ".$feed->{newposts}." new)
"; + " stored posts; ".$feed->{newposts}." new)"; } # }}} sub delete (@) { #{{{ diff --git a/basewiki/style.css b/basewiki/style.css index 3f8547e95..3eb565da2 100644 --- a/basewiki/style.css +++ b/basewiki/style.css @@ -3,6 +3,7 @@ font-size: 22px; font-weight: bold; line-height: 1em; + display: block; } .author { diff --git a/debian/changelog b/debian/changelog index 2f0258868..eaa9b816f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,8 +6,9 @@ ikiwiki (1.17) UNRELEASED; urgency=low * Turn on HTML::Template loop_context_vars; not actually used in stock templates but can be useful for things like making comma-delimited lists of tags or what have you. + * Remove
from end of aggregate preprocessor directive output. - -- Joey Hess Fri, 4 Aug 2006 23:04:12 -0400 + -- Joey Hess Sat, 5 Aug 2006 17:15:12 -0400 ikiwiki (1.16) unstable; urgency=low diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn index cf3498d44..8d52059a9 100644 --- a/doc/ikiwikiusers.mdwn +++ b/doc/ikiwikiusers.mdwn @@ -16,6 +16,7 @@ Sites that are using ikiwiki include: * Kelly Clowers' [personal website](http://www.clowersnet.net/) * Anna's [nature features](http://kitenet.net/~anna/nature-feature/) * [Planet Debian upstream](http://updo.kitenet.net/) +* Roland Mas's [blog](http://roland.entierement.nu/categories/geek-en.html) Please feel free to add your own ikiwiki site! diff --git a/doc/security.mdwn b/doc/security.mdwn index b3b5b6f3e..65ebfd7b2 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -18,14 +18,6 @@ Anyone with direct commit access can forge "web commit from foo" and make it appear on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user. -## XML::Parser - -XML::Parser is used by the aggregation plugin, and has some security holes -that are still open in Debian unstable as of this writing. #378411 does not -seem to affect our use, since the data is not encoded as utf-8 at that -point. #378412 could affect us, although it doesn't seem very exploitable. -It has a simple fix, which should be NMUed or something.. - ## other stuff to look at I need to audit the git backend a bit, and have been meaning to @@ -246,3 +238,12 @@ have come just before yours, by forging svn log output. This was guarded against by using svn log --xml. ikiwiki escapes any html in svn commit logs to prevent other mischief. + +## XML::Parser + +XML::Parser is used by the aggregation plugin, and has some security holes. +#[378411](http://bugs.debian.org/378411) does not +seem to affect our use, since the data is not encoded as utf-8 at that +point. #[378412](http://bugs.debian.org/378412) could affect us, although it +doesn't seem very exploitable. It has a simple fix, and has been fixed in +Debian unstable. -- 2.32.0.93.g670b81a890