Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 90A5E7A212 for ; Sat, 7 May 2016 05:58:55 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 3942485ED7; Sat, 7 May 2016 05:58:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id BC3B185ED1 for ; Sat, 7 May 2016 05:58:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 8UClAHyfvPHO for ; Sat, 7 May 2016 05:58:54 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 1A1B285ECE for ; Sat, 7 May 2016 05:58:54 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 15A76FBBA; Sat, 7 May 2016 05:58:54 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sat, 7 May 2016 05:58:54 +0000 From: "Amitai Schlair" Subject: CVS commit: pkgsrc/www/ikiwiki To: pkgsrc-changes@NetBSD.org Reply-To: schmonz@netbsd.org X-Mailer: log_accum Message-Id: <20160507055854.15A76FBBA@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: schmonz Date: Sat May 7 05:58:54 UTC 2016 Modified Files: pkgsrc/www/ikiwiki: Makefile distinfo Removed Files: pkgsrc/www/ikiwiki/patches: patch-t_cvs.t Log Message: Update to 3.20160506. From the changelog: [ Simon McVittie ] * img: stop ImageMagick trying to be clever if filenames contain a colon, avoiding mis-processing * HTML-escape error messages, in one case avoiding potential cross-site scripting (OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed_attachments: '*.jpg'" does what one might expect - img: restrict to JPEG, PNG and GIF images by default, again mitigating CVE-2016-3714 and similar vulnerabilities - img: check that the magic number matches what we would expect from the extension before giving common formats to ImageMagick * d/control: use https for Homepage * d/control: add Vcs-Browser [ Joey Hess ] * img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser, which is supported by all commonly used browsers these days. SVG scaling by img directives has subtly changed; where before size=wxh would preserve aspect ratio, this cannot be done when passing them through and so specifying both a width and height can change the SVG's aspect ratio. * loginselector: When only openid and emailauth are enabled, but passwordauth is not, avoid showing a "Other" box which opens an empty form. [ Amitai Schlair ] * mdwn: Process .md like .mdwn, but disallow web creation. [ Florian Wagner ] * git: Correctly handle filenames starting with a dash in add/rm/mv. -- Simon McVittie Fri, 06 May 2016 07:54:26 +0100 To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 pkgsrc/www/ikiwiki/Makefile cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/ikiwiki/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/www/ikiwiki/patches/patch-t_cvs.t Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.