| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Fix-created-directories-and-files-default-rights.patch | Fix created directories and files default rights | Romain Beauxis <toots@rastageeks.org> | not-needed | 2013-05-24 | ||
| 0002-No-next-upstream-version-display-in-private-area.patch | No next upstream version display in private area No need to link to the next upstream version. |
=?utf-8?q?David_Pr=C3=A9vot?= <taffif@debian.org> | not-needed | 2013-11-12 | ||
| 0003-Fix-displayed-version-in-the-private-interface.patch | Fix displayed version in the private interface Make it obvious its a Debian (patched) version. |
=?utf-8?q?David_Pr=C3=A9vot?= <taffif@debian.org> | not-needed | 2013-05-24 | ||
| 0004-Use-getid3-class-from-the-php-getid3-package.patch | Use getid3 class from the php-getid3 package | =?utf-8?q?David_Pr=C3=A9vot?= <taffit@debian.org> | no | 2014-11-03 | ||
| 0005-security-limiter-la-profondeur-de-recursion-de-prote.patch | security: limiter la profondeur de recursion de `protege_champ` (cherry picked from commit b362e987b41fac344150f97cc563bf4d8c8181fa) |
Cerdic <cedric@yterium.com> | no | upstream, https://git.spip.net/spip/spip/commit/9b73dbd66e50baf312ba1c7df21efebba4ae08f1 | 2023-03-07 | |
| 0006-security-Ameliorer-c76770a-en-vitant-un-unserialize-.patch | =?utf-8?q?security=3A_Ameliorer_c76770a_en_=C3=A9vitant_un_=60unse?= =?utf-8?q?rialize=60_dans_l=27=C3=A9cran_de_s=C3=A9curit=C3=A9?= (cherry picked from commit 9b1c3cf455b624163546f1521148897a5c96d5d6) |
Cerdic <cedric@yterium.com> | no | upstream, https://git.spip.net/spip/spip/commit/9f55790164f7869d2e315a49b3fdc4af0c5b8fdd | 2023-03-07 | |
| 0007-security-Effectivement-bloquer-les-fichiers-cach-s-d.patch | =?utf-8?q?security=3A_Effectivement_bloquer_les_fichiers_cach?= =?utf-8?q?=C3=A9s_dans_le_htaccess?= Lhistoire est quelque peu ubuesque, et remonte il y a 16 ans via 26a1f4906d23 qui a dplac des rgles trop bas. a ne bloquait plus les .svn depuis, cause du fait que plus haut, si cest un fichier, on excute la rgle `[S=100]` qui saute les prochaines `RewriteRule`. - #5109 a sembl corriger en utilisant `RedirectMatch`, qui nest pas affect par le Skip (sans se rendre compte du problme initial) - #5432 a remis une `RewriteRule`, et du coup, de nouveau paf. Ce nest pas toujours trs visible car les serveurs eux-mmes bloquent dj souvent ces rpertoires cachs. Donc, on remonte bien plus haut les rgles de blocage des fichiers cachs et on leur fait un titre ddi. (cherry picked from commit d50cb7bbc7a71ff23a77dfe02215c16991437336) |
Matthieu Marcillaud <marcimat@rezo.net> | no | upstream, https://git.spip.net/spip/spip/commit/36ec7947e96e44af095c3cf87f25cf27a963fe40 | 2023-06-07 | |
| 0008-build-Up-cran-de-s-cu-en-1.5.3.patch | =?utf-8?q?build=3A_Up_=C3=A9cran_de_s=C3=A9cu_en_1=2E5=2E3?= | Matthieu Marcillaud <marcimat@rezo.net> | no | upstream, https://git.spip.net/spip/spip/commit/536192d895c051b0859374710fbdd5bf15205e3f | 2023-06-07 | |
| 0009-security-Utiliser-une-fonction-d-di-e-pour-nettoyer-.patch | =?utf-8?q?security=3A_Utiliser_une_fonction_d=C3=A9di=C3=A9e_pour_?= =?utf-8?q?nettoyer_les_donn=C3=A9es_d=E2=80=99auteur_lors_de_la_pr=C3=A9pa?= =?utf-8?q?ration_d=E2=80=99une_session?= - Ajout dune fonction `auth_desensibiliser_session()` pour desensibiliser une ligne auteur, - qu'on utilise lors de la preparation d'une session - et dans informer_login (cherry picked from commit 2e4d6273cee8ec63ce7f565a73262a8aae70b7bb) |
Cerdic <cedric@yterium.com> | no | upstream, https://git.spip.net/spip/spip/commit/f1d2351c90a6127cab354be1647662ec5e941676 | 2023-07-03 | |
| 0010-security-Utiliser-auth_desensibiliser_session-aussi-.patch | =?utf-8?q?security=3A_Utiliser_=60auth=5Fdesensibiliser=5Fsession?= =?utf-8?q?=28=29=60_aussi_=C3=A0_la_cr=C3=A9ation_du_fichier_de_session?= (cherry picked from commit 5a73e07745bb6753557f0dc2b5404aa49f3ab900) |
Matthieu Marcillaud <marcimat@rezo.net> | no | upstream, https://git.spip.net/spip/spip/commit/f2fb631f0034728fd275ffa619fd6ddb7b841bdf | 2023-07-03 | |
| 0011-fix-Inclusion-manquante-dans-5663.patch | fix: Inclusion manquante dans !5663 (cherry picked from commit 13793c345bdc8ea362f71656c3b38103d6aaba2c) |
Matthieu Marcillaud <marcimat@rezo.net> | no | upstream, https://git.spip.net/spip/spip/commit/144f520ead7ca38a4644e35af4cac2278de6d3e9 | 2023-07-03 | |
| 0012-fix-les-mod-les-ins-r-s-dans-un-texte-h-ritent-autom.patch | =?utf-8?q?fix=3A_les_mod=C3=A8les_ins=C3=A9r=C3=A9s_dans_un_texte_?= =?utf-8?q?h=C3=A9ritent_automatiquement_du_contexte=2C_a_l=27insu_des_reda?= =?utf-8?q?cteurs=2E_Securiser_ce_qui_proviendrait_de_variables_envoy=C3=A9?= =?utf-8?q?es_par_l=27utilisateur?= (cherry picked from commit d993a9797d839218a3fee84f80be60409b2c05f1) |
Cerdic <cedric@yterium.com> | no | upstream, https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb | 2023-11-09 | |
| 0013-fix-viter-de-possibles-XSS-avec-le-nom-des-fichiers-.patch | =?utf-8?q?fix=3A_=C3=89viter_de_possibles_XSS_avec_le_nom_des_fich?= =?utf-8?q?iers_upload=C3=A9s_=28en_js=29?= (cherry picked from commit df7543f1dc9d04f068dd12c901b89a98db535961) |
Matthieu Marcillaud <marcimat@rezo.net> | no | upstream, https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc | 2024-01-07 | |
| 0014-fix-Ajout-d-un-point-virgule-manquant.patch | fix: Ajout d'un point-virgule manquant (cherry picked from commit ac51139245cea6e6dd44dba47b30122b69ff1f1c) |
Glop <glopglop@riseup.net> | no | upstream, https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2 | 2024-01-11 |