+ [ Joey Hess ]
+ * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
+ * rcs_diff is a new function that rcs modules should implement.
+ * Implemented rcs_diff for git, svn, and tla (tla version untested).
+ Mercurial and monotone still todo.
+ * Support Text::Markdown::markdown, which is the spelling used by
+ version 1.0.16 of Text::Markdown.
+ * Updated Spanish translation from Victor Moral.
+ * Fix example exclude regexp. Closes: #469691
+ * Remove locking code in git rcs_commit. I'm not sure if this was ever
+ correct, and it's certianly not correct now, since the wiki is locked
+ before rcs_commit is ever called, and should not be unlocked by
+ rcs_commit either.
+ * monotone: Require version 0.38 or greater, and stop using the mtnmergerc
+ option. (Brian May)
+ * Use forcebaseurl to make page previews be displayed with the html base
+ set to the destination page. This avoids need for hacks to munge the urls
+ in preview mode, which fixes several bugs.
+ * Several destpage fixes in plugins.
+ * Use absolute url for feedurl when filling out the feed templates.
+ Closes: #470530
+ * Fix expiry of old recentchanges changeset pages.
+ * French translation update. Closes: #471010
+ * external: Fix support of XML::RPC::fault.
+ * htmltidy: Pass --markup yes, in case tidy's config file disabled it.
+ * external: Add getargv and setargv methods to allow access to ikiwiki's
+ @ARGV.
+ * Correct bug in encoding of %pagestate keys, fixes edittemplate.
+ * Detect invalid pagespecs and do not merge them in add_depends,
+ as that can result in a broken merged pagespec that matches nothing.
+ * Record new pages in %pagesources temporarily when previewing so that
+ things that need to know the page source or type can query it from there.
+ Fixes previewing of tables when creating a new page.
+ * German translation update. Closes: #471540
+ * Time::Duration is no longer used, remove from docs and recommends.
+ * Store userinfo in network byte order for easy portability.
+ (Old files will be automatically converted.)
+ * Close meta tag for redir properly.
+ * smiley: Detect smileys inside pre and code tags, and do not expand.
+ * inline: Crazy optimisation to work around slow markdown.
+ * Precompile pagespecs, about 10% overall speedup.
+ * Changed to a binary index file, written using Storable, for speed.
+ * external: Work around XML RPC's lack of support for null by passing
+ a special sentinal value.
+ * inline: Allow the "feedshow" parameter to take values greater than the
+ value for "show".
+ * Added a hardlink option in the setup file, useful if the source and
+ dest are on the same filesystem and the wiki includes large media files,
+ which would normally be copied, wasting time and space.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 29 Mar 2008 21:07:22 -0400
+
+ikiwiki (2.40) unstable; urgency=low
+
+ [ Josh Triplett ]
+ * Add new preprocessor directive syntax¸ using a '!' prefix. Add a
+ prefix_directives option to the setup file to turn this syntax on;
+ currently defaults to false, for backward compatibility. Support
+ optional '!' prefix even with prefix_directives off, and use that in
+ the underlay to support either setting of prefix_directives. Add NEWS
+ entry with migration information.
+
+ [ Joey Hess ]
+ * Danish translation update from Jonas Smedegaard. Closes: #465152
+ * Generate XML RPC messages with the encoding set to utf-8 instead
+ of XML::RPC's default of us-ascii. Allows interoperation with
+ python's xmlrpc library, which threw invalid encoding exceptions and
+ caused the rst plugin to hang.
+ * Add the linkify and scan hooks. These hooks can be used to implement
+ custom, first-class types of wikilinks.
+ * Move standard wikilink implementation to a new link plugin, which
+ will of course be enabled by default.
+ * camelcase: Convert to use new linkify and scan hooks rather than the old
+ hack.
+ * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
+ * Depend on HTML::Scrubber, since the scrubber is enabled by default and
+ dies if its can't be loaded.
+ * The search plugin needs to override <base> to point to the directory
+ containing ikiwiki.cgi, but this should not change the urls to the style
+ sheets etc. Add a new forcebareurl parameter to misctemplate to allow
+ it to do that.
+ * Preview limits the page dropdown to what's selected previously
+ (as preserving the full list across preview would be tricky). Userdirs
+ were still being offered as an option there, remove them.
+ * Fix a bug where user A created a page concurrently with user B, and
+ when B previewed it would redirect B to A's new page, losing B's work.
+ Instead, don't redirect and let conflict handling resolve it.
+ * monotone: Add code to default mergerc file to run
+ _MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
+ * tla: Remove call to escapeHTML when constructing recentchanges message;
+ the html is escaped at a different level. Closes: #466495
+ * bzr, mercurial: Remove unused import of escapeHTML.
+ * Fix another preview will_render bug. This one involved inline,
+ which forced a scan of the page to make available metadata that
+ appeared after the inline directive. Problem is that scan made it forget
+ about any other files rendered due to the page. The scan also turns out
+ to be unnecessary now, since meta persistently stores state and it's
+ always available. So it was just removed.
+ * Disable taint checking for all builds as people keep complaining about it,
+ and since all versions of perl seem to be hopelessly broken.
+ * Fix links generated by preprocessor directives when previewing.
+ * inline: When forcing urls absolute for rss feeds, skip mailto and other
+ such urls.
+ * ikiwiki-makerepo: Don't fail if the third argument ends in a slash.
+ * Allow colons in URLs after the first slash. (Adeodato Simó)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 29 Feb 2008 23:05:39 -0500
+
+ikiwiki (2.31.3) unstable; urgency=high
+
+ [ Josh Triplett ]
+ * Do not allow the about: URI scheme; some browsers interpret about:
+ URIs like a limited version of data: URIs. In particular, some
+ versions of Internet Explorer interpret arbitrary HTML content in
+ about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
+
+ [ Joey Hess ]
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
+
+ [ Josh Triplett ]
+ * Match literal '.' in URI schemas containing '.', rather than matching any
+ character.
+ * Do not allow the steam: URI scheme.
+ * Allow the snews: URI scheme.
+ * Allow the smb: URI scheme.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
+
+ikiwiki (2.31.2) unstable; urgency=high
+
+ * The security fix in the last release had buggy handling of data:image,
+ now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
+
+ikiwiki (2.31.1) unstable; urgency=low
+
+ * htmlscrubber security fix: Block javascript in uris.
+ * Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
+
+ikiwiki (2.31) unstable; urgency=low
+
+ [ Joey Hess ]
+ * Revert preservation of input file modification times in output files,
+ since this leads to too many problems with web caching, especially with
+ inlined pages. Properly solving this would involve tracking every page
+ that contributes to a page's content and using the youngest of them all,
+ as well as special cases for things like the version plugin, and it's just
+ too complex to do.
+ * aggregate: Forking a child broke the one state that mattered: Forcing
+ the aggregating page to be rebuilt. Fix this.
+ * cgi hooks are now run before ikiwiki state is loaded.
+ * This allows locking the wiki before loading state, which avoids some
+ tricky locking code when saving a web edit.
+ * poll: This plugin turns out to have edited pages w/o doing any locking.
+ Oops. Convert it from a cgi to a sessioncgi hook, which will work
+ much better.
+ * recentchanges: Improve handling of links on the very static changes pages
+ by thunking to the CGI, which can redirect to the page, or allow it to be
+ created if it doesn't exist.
+ * recentchanges: Exipre all *._change pages, even if the directory
+ they're in has changed.
+ * aggregate: Lots of changes; aggregation can now run without locking the
+ wiki, and there is a separate aggregatelock to prevent multiple concurrent
+ aggregation runs.
+ * monotone changes by Brian May:
+ - On commits, replace "mtn sync" bidirectional with "mtn push" single
+ direction. No need to pull changes when doing a commit. mtn sync
+ is still called in rcs_update.
+ - Support for viewing differences via patches using viewmtn.
+ * inline: When previewing, still call will_render on rss/atom files,
+ just avoid actually writing the files. This is necessary because ikiwiki
+ saves state after a preview (in case it actually *did* write files),
+ and if will_render isn't called its security checks will get upset
+ when the page is saved. Thanks to Edward Betts for his help tracking this
+ tricky bug down.
+ * inline: Add new `allowrss` and `allowatom` config options. These can be
+ used if you want a wiki that doesn't default to generating rss or atom
+ feeds, but that does allow them to be turned on for specific blogs.
+ * Don't die if running with --getctime and rcs_getctime throws an error.
+ There are several cases (recentchanges files, aggregated files)
+ where some source files are not in revision control.
+ * Page templates can now use CTIME to show when the page was created.
+
+ [ Josh Triplett ]
+ * README.Debian: Mention user wikilists.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 09 Feb 2008 23:09:45 -0500
+
+ikiwiki (2.30) unstable; urgency=low
+
+ [ Joey Hess ]
+ * Old versions of git-init don't support --git-dir or GIT_DIR with
+ --bare. Change ikiwiki-makerepo to use a method that should work with
+ those older versions too.
+ * aggregate: Don't let feeds set creation times for pages in the future.
+ * Add full parser for git diff-tree output (Brian Downing)
+ * aggregate: Fork a child process to handle the aggregation. This simplifies
+ the code, since that process can change internal state as needed, and
+ it will automatically be cleaned up for the parent process, which proceeds
+ to render the changes.
+
+ [ Josh Triplett ]
+ * Add trailing comma to commented-out umask in sample ikiwiki.setup, so
+ that uncommenting it does not break the setup file.
+
+ [ Joey Hess ]
+ * inline: The template can check for FIRST and LAST, which will be
+ set for the first and last inlined page. Useful for templates that build
+ tables and the like.
+ * prettydate,ddate: Don't ignore time formats passed to displaytime
+ function.
+ * Pages with extensions starting with "_" are internal-use, and will
+ not be rendered or web-edited, or matched by normal pagespecs.
+ * Add "internal()" pagespec that matches internal-use pages.
+ * RecentChanges is now a static html page, that's updated whenever a commit
+ is made to the wiki. It's built as a blog using inline, so it can have
+ an rss feed that users can subscribe to.
+ * Removed support for sending commit notification mails. Along with it went
+ the svnrepo and notify settings, though both will be ignored if left in
+ setup files. Also gone with it is the "user()" pagespec.
+ * Add refresh hook.
+ * meta: Add pagespec functions to match against title, author, authorurl,
+ license, and copyright. This can be used to create custom RecentChanges.
+ * meta: To support the pagespec functions, metadata about pages has to be
+ retained as pagestate.
+ * Fix encoding bug when pagestate values contained spaces.
+ * Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for
+ his independent work on bzr support.
+ * Copyright file updates.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 02 Feb 2008 17:41:57 -0500
+
+ikiwiki (2.20) unstable; urgency=low
+
+ * inline: Add copyright/license info on a per-post basis to atom
+ feeds if available. (rss doesn't allow such info on a per-post basis)
+ * Also include overall copyright/license and author info in atom feeds if
+ available.
+ * meta: Allow copyright/license metadata to contain arbitrary markup.
+ * Call preprocessor hooks in void context during the scan pass. This allows
+ the hook to determine if it's just scanning, and avoid expensive
+ operations.
+ * img: Detect scan mode and avoid generating and writing the image file
+ during it, for a 2x speedup.
+ * meta: Run in scan mode again (more intelligently) and re-add support for
+ meta link.
+ * Fix support for the case where metadata appears after an inline directive
+ that needs to use it. This was broken in version 2.16.
+ * template: Remove bogus htmlize pass added in 2.16.
+ * template: Htmlize template variables, but also provide a raw version
+ via `<TMPL_VAR raw_variable>`.
+ * When htmlizing text, if the input is a single line with no newline,
+ and the htmlizer (such as markdown and textile) generates a html
+ paragraph, remove it. This allows removing several hacks from other
+ plugins that htmlize fragements of pages.
+ * In preferences, allow the subscriptions and email fields to be cleared.
+ * teximg: Fix to support the same formula on multiple pages.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 10 Jan 2008 14:52:57 -0500
+
+ikiwiki (2.19) unstable; urgency=low
+
+ * Only try postsignin if no other action matched. Fixes a bug where the
+ user goes back from the signin screen and does something else.
+ * Improve behavior when trying to sign in with no cookies.
+ * Improved the canedit hook interface, allowing a callback function to be
+ returned (and not run in some cases) rather than the plugins directly
+ forcing a user to log in.
+ * opendiscussion: allow editing of the toplevel discussion page,
+ and, indirectly, allow creating new discussion pages.
+ * Add a prereq on Data::Dumper 2.11 or better, needed to dump q// objects.
+ * htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'
+ and 'p/'.
+ * aggregate: Include copyright statements from rss feed as meta copyright
+ directives.
+ * aggregate: Yet another state saving fix (sigh).
+ * aggregate: Add hack to support feeds with invalidly escaped html entities.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 08 Jan 2008 20:43:18 -0500
+
+ikiwiki (2.18) unstable; urgency=low
+
+ * Split error messages for failures to drop real uid and gid.
+ * Retry dropping uid and gid, possibly this will help with the "Resource
+ temporarily unavailable" failures I've experienced under xen.
+ * Stop testing Encode::is_utf8 in decode_form_utf8: That doesn't work.
+ * decode_form_utf8 only fixed the utf-8 encoding for fields that were
+ registered at the time it was called, which was before the
+ formbuilder_setup hook. Fields added by the hook didn't get decoded.
+ But it can't be put after the hook either, since plugins using the hook
+ need to be able to use form values. To fix this dilemma, it's been changed
+ to a decode_cgi_utf8, which is called on the cgi query object, before the
+ form is set up, and decodes *all* cgi parameters.
+ * aggregate: Only save state if it was already loaded. This didn't used to
+ matter, but after recent changes, state is not always loaded, and saving
+ would kill it.
+ * table: Fix dependency tracking for external data files. Closes: #458387
+
+ -- Joey Hess <joeyh@debian.org> Sat, 05 Jan 2008 02:15:18 -0500
+
+ikiwiki (2.17) unstable; urgency=low
+
+ * Improved parentlinks special case for index pages.
+ * redir: Support for specifying anchors.
+ * img: Avoid nesting images when linking to another image. Closes: #457780
+ * img: Allow the link parameter to point to an exterior url.
+ * conditional: Improve regexp testing for simple uses of pagespecs
+ that match only the page using the directive, adding 'included()'
+ and supporting negated pagespecs and added whitespace.
+ * map: Fix handling of common prefix to handle the case where it's
+ in a subdirectory. Patch by Larry Clapp.
+ * aggregate: Fix stupid mistake introduced when converting it to use
+ the needsbuild hook. This resulted in feeds not being removed when pages
+ were updated, and feeds sometimes being forgotten about.
+ * aggregate: Avoid uninitialised value warning when removing a feed that
+ has an expired guid.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 30 Dec 2007 14:57:44 -0500
+
+ikiwiki (2.16) unstable; urgency=low
+
+ * Major basewiki reorganisation. Most pages moved into ikiwiki/ subdirectory
+ to avoid polluting the main namespace, and some were further renamed.
+ * meta: Add redir support, based on a patch by Thomas Schwinge.
+ * Redirs added for moved basewiki pages. These will be removed in a future
+ release.
+ * Remove .otl file from sandbox to avoid build ugliness. Closes: #454181
+ * Finally implemented a simple per-page data storage mechanism for plugins,
+ via the %pagestate hash.
+ * Use pagestate in meta to detect potential redir loops.
+ * Added a version plugin that saves state about what's using it, to force
+ pages to rebuild when ikiwiki's version changes.
+ * The calendar plugin stores state about when it needs to be updated,
+ and forces rebuilds of the pages that contain calendars. So
+ running ikiwiki --refresh at midnight is now enough, no need for a full
+ wiki rebuild each midnight.
+ * calendar: Work around block html parsing bug in markdown 1.0.1 by
+ enclosing the calendar in an extra div.
+ * Fix file pruning code to work if ikiwiki is run with "." as the srcdir.
+ * Add an edittemplate plugin, allowing registering template pages, that
+ provide default content for new pages created using the web frontend.
+ * Change formbuilder hook to not be responsible for displaying a form,
+ so that more than one plugin can use this hook.
+ I believe this is a safe change, since only passwordauth uses this hook.
+ (If some other plugin already used it, it would have broken passwordauth!)
+ * Ensure that web edited pages always end in a newline.
+ * Avoid unnecessary stat calls to get mtime when rendering pages, use
+ cached value.
+ * Preserve input file modification times in output files.
+ * Allow dashes in preprocessor directive commands, and shortcuts.
+ * Htmlize parameters passed to the template preprocessor directive before
+ inserting them into the html template. This ensures that markdown
+ acts on them, even if the value is expanded inside a block-level html
+ element in the html template. Closes: #454058
+ * Use a div in the note template rather than a span.
+ * shortcut: Expand %S to the raw input text, not url-encoded.
+ * Don't increment feed numbers when an inline has no feeds. (Nis Martensen)
+ * Allow editing a page and deleting all content, while still disallowing
+ creating a new page that's entirely empty.
+ * meta: Drop support for "meta link", since supporting this for internal
+ links required meta to be run during scan, which complicated its data
+ storage, since it had to clear data stored during the scan pass to avoid
+ duplicating it during the normal preprocessing pass.
+ * If you used "meta link", you should switch to either "meta openid" (for
+ openid delegations), or tags (for internal, invisible links). I assume
+ that nobody really used "meta link" for external, non-openid links, since
+ the htmlscrubber ate those. (Tell me differently and I'll consider bringing
+ back that support.)
+ * meta: Improved data storage.
+ * meta: Drop the hackish filter hook that was used to clear
+ stored data before preprocessing, this hack was ugly, and broken (cf:
+ liw's disappearing openids).
+ * aggregate: Convert filter hook to a needsbuild hook.
+ * map: Don't inline images.
+ * brokenlinks: Don't list the same link multiple times. (%links might
+ contain multiple copies of the same link)
+ * git: Correct display of multiline commit messages in recentchanges.
+ * Re-organise dependencies and recommends now that recommends are installed
+ by default.
+ * Don't refuse to render files with ".." in their name. (Anchor the regexp.)
+ * Work around perl taint checking bug #411786, where perl sometimes randomly
+ sets the taint flag on untainted variables, by disabling taint checking
+ in the deb. This sucks.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 18 Dec 2007 16:37:22 -0500
+
+ikiwiki (2.15) unstable; urgency=low
+
+ * Add a new ikiwiki-makerepo program, that automates setting up a repo
+ and importing existing content for svn, git, and mercurial. This makes
+ the setup process much simpler.
+ * Reorganised git documentation.
+ * Actually install the ikiwiki-update-wikilist program.
+ * Improve workaround for perl bug #376329. Rather than double-encoding,
+ which has been reported to cause encoding problems (though I haven't
+ reproduced them), just catch a failure of markdown, and retry.
+ (The crazy perl bug magically disappears on the retry.)
+ Closes: #449379
+ * Add umask configuration option. Closes: #443329
+
+ -- Joey Hess <joeyh@debian.org> Sat, 01 Dec 2007 11:44:01 -0500
+
+ikiwiki (2.14) unstable; urgency=high
+
+ * Let CC be used to control what compiler is used to build wrappers.
+ * Use 'cc' instead of gcc as the default compiler.
+ * Security fix: Ensure that there are no symlinks anywhere in the path
+ to the top of the srcdir. In certian unusual configurations, an attacker
+ who could commit to one of the parent directories of the srcdir could
+ use a symlink attack to cause ikiwiki to publish files elsewhere in the
+ filesystem. More details at <http://ikiwiki.info/security/#index29h2>
+
+ -- Joey Hess <joeyh@debian.org> Mon, 26 Nov 2007 15:26:06 -0500
+
+ikiwiki (2.13) unstable; urgency=low
+
+ The ikiwiki zombie army release.
+
+ * Add liblwpx-paranoidagent-perl to recommends of Debian package,
+ this is needed to do OpenID really securely.
+ * ikiwiki.setup is licensed same as the basewiki, not GPLed.
+ * inline: Add timeformat parameter to control how the ctime of
+ inlined pages is displayed. Closes: #451019
+ * Add wrappergroup config option, which can be used to cause wrappers
+ to be created owned by some group other than the default. Useful
+ then there's a shared repository with access controlled by a group,
+ to let ikiwiki run setgid to that group.
+ * ikiwiki-mass-rebuild: Run build with the user in all their groups.
+ * Correct markdown in example index page in setup. Closes: #451469
+ * Better error message when a setup file has a syntax error.
+ Closes: #451666
+ * Fix mercurial historyurl in example setup file.
+ * More compact output for the brokenlinks plugin.
+ * Allow trailing slashes after page names in wikilinks.
+ * Don't consider links to anchors on the same page to be self links.
+ Patch by Daniel Burrows. Closes: #451729
+ * When usedirs is disabled, link direct to index.html files, not to
+ directories, to improve browsing of file:// urls.
+ Patch by Daniel Burrows. Closes: #451728
+ * Allow html5 video and audio tags and their attributes in the htmlscrubber.
+ * toc: Handle html elements embedded inside a header, rather than
+ stopping collecting the header text at the first element.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 24 Nov 2007 16:06:22 -0500
+
+ikiwiki (2.12) unstable; urgency=low
+
+ [ Joey Hess ]
+ * Fix some issues with toggles in preview mode.
+ * Fix an aggregate plugin expiry bug. Over time, it's possible for the same
+ page name to be expired and reused for several distinct guids. When this
+ happened, the expiry code counted each past guid that had used that page
+ name as a currently existing page, and thus expired too many pages.
+ * Avoid a race in the git rcs_commit function, by not assuming HEAD will
+ stay the same for the duration of the function.
+ * Avoid using commands like git-diff and instead use "git diff".
+ In some configurations, only the main git command is in the path.
+ * Improve the RecentChanges display for git merges, by passing -c instead
+ of -m to git-log, and by skipping display of commits that change no
+ pages.
+ * Don't truncate git commit messages to the first line in RecentChanges,
+ show the full message.
+ * map: Recent changes caused unnecessary ul's to be inserted for items
+ that were all at the same level, fix. Closes: #449285
+
+ [ Josh Triplett ]
+ * Fix table plugin to not generate an unbalanced tbody tag with header=no
+ * Add xmlns attribute on html element in templates; pages can now
+ validate.