-ikiwiki (3.20150615) UNRELEASED; urgency=medium
+ikiwiki (3.20160506) unstable; urgency=medium
+
+ [ Simon McVittie ]
+ * HTML-escape error messages, in one case avoiding potential cross-site
+ scripting (CVE-2016-4561, OVE-20160505-0012)
+ * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
+ - img: force common Web formats to be interpreted according to extension,
+ so that "allowed_attachments: '*.jpg'" does what one might expect
+ - img: restrict to JPEG, PNG and GIF images by default, again mitigating
+ CVE-2016-3714 and similar vulnerabilities
+ - img: check that the magic number matches what we would expect from
+ the extension before giving common formats to ImageMagick
+ * d/control: use https for Homepage
+ * d/control: add Vcs-Browser
+
+ [ Joey Hess ]
+ * img: Add back support for SVG images, bypassing ImageMagick and
+ simply passing the SVG through to the browser, which is supported by all
+ commonly used browsers these days.
+ SVG scaling by img directives has subtly changed; where before
+ size=wxh would preserve aspect ratio, this cannot be done when passing
+ them through and so specifying both a width and height can change
+ the SVG's aspect ratio.
+ * loginselector: When only openid and emailauth are enabled, but
+ passwordauth is not, avoid showing a "Other" box which opens an
+ empty form.
+
+ [ Amitai Schlair ]
+ * mdwn: Process .md like .mdwn, but disallow web creation.
+
+ [ Florian Wagner ]
+ * git: Correctly handle filenames starting with a dash in add/rm/mv.
+
+ -- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 07:54:26 +0100
+
+ikiwiki (3.20160121) unstable; urgency=medium
[ Amitai Schlair ]
- * meta test: Add tests for many behaviors of the directive.
- * img test: Bail gracefully when ImageMagick is not present.
* meta: Fix [[!meta name=foo]] by closing the open quote.
* Avoid unescaped "{" in regular expressions
+ * meta test: Add tests for many behaviors of the directive.
+ * img test: Bail gracefully when ImageMagick is not present.
[ Joey Hess ]
* emailauth: Added emailauth_sender config.
basewiki license.
[ Simon McVittie ]
- * Run autopkgtest tests using autodep8 and the pkg-perl team's
- infrastructure
- * t/img.t: do not spuriously skip
- * tests: consistently use done_testing instead of no_plan
- * Wrap and sort control files (wrap-and-sort -abst)
- * Add enough build-dependencies to run all tests, except for
- non-git VCSs
- * debian/copyright: update for the rename of openid-selector to
- login-selector
* git: if no committer identity is known, set it to
"IkiWiki <ikiwiki.info>" in .git/config. This resolves commit errors
in versions of git that require a non-trivial committer identity.
* inline, trail: rename show, feedshow parameters to limit, feedlimit
(with backwards compatibility)
* pagestats: add "show" option to show meta fields. Thanks, Louis
+ * inline: force RSS <comments> to be a fully absolute URL as required
+ by the W3C validator. Please use Atom feeds if relative URLs are
+ desirable on your site.
+ * inline: add <atom:link rel="self"> to RSS feeds as recommended by
+ the W3C validator
+ * inline: do not produce links containing /./ or /../
+ * syslog: accept and encode UTF-8 messages
+ * syslog: don't fail to log if the wiki name contains %s
* Change dependencies from transitional package perlmagick
to libimage-magick-perl (Closes: #789221)
+ * debian/copyright: update for the rename of openid-selector to
+ login-selector
* d/control: remove leading article from Description
(lintian: description-synopsis-starts-with-article)
* d/control: Standards-Version: 3.9.6, no changes required
+ * Wrap and sort control files (wrap-and-sort -abst)
* Silence "used only once: possible typo" warnings for variables
that are part of modules' APIs
+ * Run autopkgtest tests using autodep8 and the pkg-perl team's
+ infrastructure
+ * Add enough build-dependencies to run all tests, except for
+ non-git VCSs
+ * tests: consistently use done_testing instead of no_plan
+ * t/img.t: do not spuriously skip
+ * img test: skip testing PDFs if unsupported
+ * img test: use the right filenames when testing that deletion occurs
- -- Simon McVittie <smcv@debian.org> Mon, 15 Jun 2015 18:13:23 +0100
+ -- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 09:53:07 +0000
ikiwiki (3.20150614) unstable; urgency=medium