Package: dokuwiki / 0.0.20140505.a+dfsg-4

Metadata

Package Version Patches format
dokuwiki 0.0.20140505.a+dfsg-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
use_packaged_simplepie.diff | (download)

inc/load.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use packaged version of simplepie instead of an embedded one
use_packaged_php geshi_SA32559.diff | (download)

inc/load.php | 2 1 + 1 - 0 !
inc/parserutils.php | 6 3 + 3 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 use packaged version of geshi instead of an embedded one
Bug-Debian: http://bugs.debian.org/513869
use_packaged_php seclib.diff | (download)

inc/load.php | 7 3 + 4 - 0 !
1 file changed, 3 insertions(+), 4 deletions(-)

 use the packaged version of php-seclib instead of the embedded one
debianize.diff | (download)

conf/dokuwiki.php | 6 3 + 3 - 0 !
install.php | 8 8 + 0 - 0 !
lib/tpl/dokuwiki/tpl_footer.php | 2 2 + 0 - 0 !
3 files changed, 13 insertions(+), 3 deletions(-)

 add a custom look and configure properly for debian use
 * Debian look: add Debian to the default wiki title, and add a Debian info
   button.
 * Configuration: change the data directory and disable update check which is
   not relevant.
 * Installation script: add the custom configuration file checksum.
soften_email_validator.diff | (download)

inc/EmailAddressValidator.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 soften the email validator function
    The EmailValidator class originally requires at least two domain
    name levels. This is crap, because:
    1. email address <@tld> or even <@.> would be perfectly valid;
    2. email address <@locally_defined_hostname>, specially <@localhost>, would
    be valid too.
    .
    This patch removes this constraint, by changing the value of a single
    variable since the necessary code has been implemented upstream and only
    requires to be activated.
use_packaged_jquery.diff | (download)

lib/exe/js.php | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 use packaged version of jquery instead of an embedded one
cve 2015 2172_check_permissions_in_rpc.patch | (download)

lib/plugins/acl/remote.php | 31 29 + 2 - 0 !
1 file changed, 29 insertions(+), 2 deletions(-)

 fix cve-2015-2172 by checking permissions in acl plugin's rpc api
 This fixes a security hole in the ACL plugins remote API component. The
 plugin failed to check for superuser permissions before executing ACL
 addition or deletion. This means everybody with permissions to call the
 XMLRPC API also had permissions to set up their own ACL rules and thus
 circumventing any existing rules.