-ikiwiki (2.40) UNRELEASED; urgency=low
+ikiwiki (2.40) unstable; urgency=low
[ Josh Triplett ]
* Add new preprocessor directive syntax¸ using a '!' prefix. Add a
the underlay to support either setting of prefix_directives. Add NEWS
entry with migration information.
- -- Josh Triplett <josh@freedesktop.org> Sat, 09 Feb 2008 23:01:19 -0800
+ [ Joey Hess ]
+ * Danish translation update from Jonas Smedegaard. Closes: #465152
+ * Generate XML RPC messages with the encoding set to utf-8 instead
+ of XML::RPC's default of us-ascii. Allows interoperation with
+ python's xmlrpc library, which threw invalid encoding exceptions and
+ caused the rst plugin to hang.
+ * Add the linkify and scan hooks. These hooks can be used to implement
+ custom, first-class types of wikilinks.
+ * Move standard wikilink implementation to a new link plugin, which
+ will of course be enabled by default.
+ * camelcase: Convert to use new linkify and scan hooks rather than the old
+ hack.
+ * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
+ * Depend on HTML::Scrubber, since the scrubber is enabled by default and
+ dies if its can't be loaded.
+ * The search plugin needs to override <base> to point to the directory
+ containing ikiwiki.cgi, but this should not change the urls to the style
+ sheets etc. Add a new forcebareurl parameter to misctemplate to allow
+ it to do that.
+ * Preview limits the page dropdown to what's selected previously
+ (as preserving the full list across preview would be tricky). Userdirs
+ were still being offered as an option there, remove them.
+ * Fix a bug where user A created a page concurrently with user B, and
+ when B previewed it would redirect B to A's new page, losing B's work.
+ Instead, don't redirect and let conflict handling resolve it.
+ * monotone: Add code to default mergerc file to run
+ _MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
+ * tla: Remove call to escapeHTML when constructing recentchanges message;
+ the html is escaped at a different level. Closes: #466495
+ * bzr, mercurial: Remove unused import of escapeHTML.
+ * Fix another preview will_render bug. This one involved inline,
+ which forced a scan of the page to make available metadata that
+ appeared after the inline directive. Problem is that scan made it forget
+ about any other files rendered due to the page. The scan also turns out
+ to be unnecessary now, since meta persistently stores state and it's
+ always available. So it was just removed.
+ * Disable taint checking for all builds as people keep complaining about it,
+ and since all versions of perl seem to be hopelessly broken.
+ * Fix links generated by preprocessor directives when previewing.
+ * inline: When forcing urls absolute for rss feeds, skip mailto and other
+ such urls.
+ * ikiwiki-makerepo: Don't fail if the third argument ends in a slash.
+ * Allow colons in URLs after the first slash. (Adeodato Simó)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 29 Feb 2008 23:05:39 -0500
+
+ikiwiki (2.31.3) unstable; urgency=high
+
+ [ Josh Triplett ]
+ * Do not allow the about: URI scheme; some browsers interpret about:
+ URIs like a limited version of data: URIs. In particular, some
+ versions of Internet Explorer interpret arbitrary HTML content in
+ about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
+
+ [ Joey Hess ]
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
+
+ [ Josh Triplett ]
+ * Match literal '.' in URI schemas containing '.', rather than matching any
+ character.
+ * Do not allow the steam: URI scheme.
+ * Allow the snews: URI scheme.
+ * Allow the smb: URI scheme.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
+
+ikiwiki (2.31.2) unstable; urgency=high
+
+ * The security fix in the last release had buggy handling of data:image,
+ now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
+
+ikiwiki (2.31.1) unstable; urgency=low
+
+ * htmlscrubber security fix: Block javascript in uris.
+ * Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
ikiwiki (2.31) unstable; urgency=low