SECURITY: vulnerability in PDF export

[John MacFarlane]

Augustin Laville has alerted me to a serious security
vulnerability affecting gitit instances that enable
pdf-export. (This is disabled by default, so this only
affects you if your config file has pdf-export: yes.)

The problem is that raw LaTeX include statements
on markdown wiki pages can be passed through to the
LaTeX intermediary that is used to produce the PDF,
causing the LaTeX program to read an arbitrary file
on the file system and leak its details to the exported
PDF. (e.g., \include{/etc/passwd})

For now, I urge anyone who is using pdf-export to
disable it until a fix is ready. I have found a way
to block this vulnerability and plan to put out a new release
soon.

[John MacFarlane]

gitit 0.14.0.0 has now been released.

It includes a security fix which prevents latex from
including files above the current tree. If you are
using pdf export, please upgrade immediately.

It also builds with the latest pandoc.

Support for older ghc versions (< 8.6) has been dropped.
And ghc 9 is not yet supported, due to an issue in a
dependent library.

> --
> You received this message because you are subscribed to the Google Groups "gitit-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gitit-discus...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gitit-discuss/m2lf57fa6g.fsf%40MacBook-Pro-2.hsd1.ca.comcast.net.

[John MacFarlane]

I've realized that there is still a vulnerability,
though now the leakage is limited to files in the
directory from which one runs gitit. If this contains
config files or user databases, these can be leaked.

Recommendation: disable pdf-export until a better
fix is available.

[John MacFarlane]

I have now identified a further vulnerability of the
same nature, but not limited to pdf-export.

Recommendation: please take gitit wikis offline until
we can fix this.

[John MacFarlane]

I have now released 0.15.0.0. Everyone with a public
facing gitit instance should upgrade immediately.

This release removes the "Export" feature, which provided
several vectors for viewing contents of files on the file
system. Given my limited time for gitit development,
I have opted to remove the feature entirely, which should
remove these vulnerabilities.