ikiwiki
ikiwiki
- Devel package for openSUSE:Factory
-
1
derived packages
- Links to openSUSE:Factory / ikiwiki
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:languages:perl/ikiwiki && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
ikiwiki.changes | 0000082765 80.8 KB | |
ikiwiki.spec | 0000005647 5.51 KB | |
ikiwiki_3.20190228.orig.tar.xz | 0002672244 2.55 MB |
Revision 2 (latest revision is 9)
Markéta Machová (mcalabkova)
accepted
request 715699
from
Markéta Machová (mcalabkova)
(revision 2)
- update to 3.20190228 * aggregate: Use LWPx::ParanoidAgent if available. Previously blogspam, openid and pinger used this module if available, but aggregate did not. This prevents server-side request forgery or local file disclosure, and mitigates denial of service when slow "tarpit" URLs are accessed. (CVE-2019-9187) * blogspam, openid, pinger: Use a HTTP proxy if configured, even if LWPx::ParanoidAgent is installed. Previously, only aggregate would obey proxy configuration. If a proxy is used, the proxy (not ikiwiki) is responsible for preventing attacks like CVE-2019-9187. * aggregate, blogspam, openid, pinger: Do not access non-http, non-https URLs. Previously, these plugins would have allowed non-HTTP-based requests if LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local file disclosure, and preventing other rarely-used URI schemes like gopher mitigates request forgery attacks. * aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly recommended. These plugins can request attacker-controlled URLs in some site configurations. * blogspam: Document LWPx::ParanoidAgent as desirable. This plugin doesn't request attacker-controlled URLs, so it's non-critical here. * blogspam, openid, pinger: Consistently use cookiejar if configured. Previously, these plugins would only obey this configuration if LWPx::ParanoidAgent was not installed, but this appears to have been unintended. * po: Always filter .po files.
Comments 0