-ikiwiki (2.40) UNRELEASED; urgency=low
+ikiwiki (2.53.4) stable-security; urgency=high
+
+ * teximg: Replace the insufficient blacklist with the built-in security
+ mechanisms of TeX.
+ * img: Don't generate new verison of image if it is scaled to be
+ larger in either dimension.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 28 Aug 2009 23:42:51 -0400
+
+ikiwiki (2.53.3) testing-proposed-updates; urgency=low
+
+ * Avoid crash on malformed utf-8 discovered by intrigeri.
+ * orphans: Fix unquoted page name in regexp.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 09 Oct 2008 19:12:18 -0400
+
+ikiwiki (2.53.2) testing-proposed-updates; urgency=low
+
+ * Fix bad patch backport that broke generation of rss/atom feeds. Closes: #498224
+
+ -- Joey Hess <joeyh@debian.org> Mon, 08 Sep 2008 11:40:27 -0400
+
+ikiwiki (2.53.1) testing-proposed-updates; urgency=low
+
+ * Backported all relevant bug fixes from mainline to debian testing.
+ * ikiwiki-transition: Fix command-line processing so the prefix_directives
+ transition works again.
+ * Fixes creation of pages when clicking on WikiLinks starting with "/".
+ * Change deb dependencies to list Text::Markdown before markdown, since
+ the former, while slower, has a much better html parser that avoids
+ numerous bugs.
+ * smileys: Some fixes for escaped smileys.
+ * smileys: Note that smileys need to be double-escaped for the escaping to
+ work. Markdown removes one level of escaping.
+ * Add a postscan hook.
+ * search: Use postscan hook, avoid updating index when previewing.
+ * search: Fixes for title stemming, and use better term for tags.
+ (Gabriel McManus)
+ (Rebuilding the wiki on upgrade to this version is recommended if you
+ use the search plugin.)
+ * meta: fix title() PageSpec (DOS). Closes: #497444
+ * Really fix bug with links to pages with names containing colons.
+ Previous fix mised a few cases.
+ * toggle: Fix incompatability between javascript and webkit.
+ * toggle: Fix for when html got tidied. Closes: #492529 (Enrico Zini)
+ * inline: Ignore parent dirs when sorting pages by title.
+ * external: Fix support for hooks called in an array context.
+ * edittemplate: Don't wipe out edits on preview.
+ * map: The fix for #449285 was buggy and broke display of parents in certian
+ circumstances.
+ * Work around perl $_ scoping nonsense that caused breakage when loading
+ external plugins.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 05 Sep 2008 20:55:53 -0400
+
+ikiwiki (2.53) unstable; urgency=low
+
+ * search: generate configuration files once only when rebuilding
+ (Gabriel McManus)
+ * attachment: Fix an uninitialised value warning when editing a page
+ that currently has no attachments.
+ * Fix a bug with links to pages whose names contained colons.
+ * attachment: Support old versions of CGI.pm that lack an upload method.
+ * Include ikiwiki.setup in examples in the debian package.
+ * attachment: Support perl 5.8's buggy version of CGI.pm.
+ * otl: Support utf-8 files. (Recai Oktaş)
+
+ -- Joey Hess <joeyh@debian.org> Wed, 09 Jul 2008 16:45:33 -0400
+
+ikiwiki (2.52) unstable; urgency=low
+
+ * attachment: New plugin for uploading and managing attachments.
+ This includes a fairly powerful PageSpec based admin pref for deciding
+ whether to accept a given upload, and an attachment management interface
+ on the edit page.
+ (Sponsored by The TOVA Company.)
+ * If attachments are not enabled, configure CGI.pm to disable file
+ uploads by default. (An anti-DOS measure.)
+ * toggle: Add support for toggles that are open by default.
+ * toggle: Fix to work in preview mode.
+ * toggle: Add javascript to top of page, not to end. This avoids flicker
+ since closed toggles will not be displayed as the page is loading.
+ * The editpage form now uses the raw page name, not the page title, in its
+ 'page' cgi parameter. Using the title was ambiguous and made it
+ impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
+ sometimes causing the wrong page to be edited.
+ * This change means that some edit links need to be updated.
+ Force a rebuild on upgrade to this version.
+ * Above change also allowed really fixing escaped slashes from the blogpost
+ form.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 06 Jul 2008 19:15:37 -0400
+
+ikiwiki (2.51) unstable; urgency=low
+
+ * Improve toplevel parentlink to link directly to index.html when usedirs is
+ disabled.
+ * map: Add a "show" parameter. "show=title" can be used to display page
+ titles, rather than the default page name. Based on a patch from
+ Jaldhar H. Vyas, Closes: #484510
+ * hnb: New plugin, contributed by Axel Beckert.
+ * meta: Store "description" in pagestate for use by other plugins.
+ * map: Support show=description.
+ * textile: The Text::Textile perl module has some regexps that fail if
+ input is flagged as utf-8, but contains invalid characters such as 0x92.
+ To prevent it from crashing, re-encode the content before calling it,
+ which will ensure that it's really utf-8.
+ * Version the suggests of xapian-omega to a version known to be new enough
+ to work with ikiwiki. Reportedly, version 0.9.9 is too old to work.
+ Closes: #486592
+ * creole: New plugin from Bernd Zeimetz. Closes: #486930
+ * aggregate: Add template parameter.
+ * Add support for the universal edit button <http://universaleditbutton.org/>
+ (To get this on all pages of an exiting wiki, rebuild the wiki.)
+ * txt: New plugin, contributed by Gabriel McManus.
+ * smiley: Generate links relative to the destpage. (Fixes a reversion from
+ 2.41.)
+ * toc: Revert change in 2.45 that made it run at sanitize time. That broke
+ use of toc in a sidebar.
+ * Call format hooks when generating page previews, thus fixing toc display
+ there, as well as fixing inlins to again display in page previews, since
+ it's started using format hooks. This also allows several other things,
+ like embed, that use format hooks, to work during page preview time.
+ * Format hooks should not rely on getting an entire html document, as they
+ will only get the body during page preview.
+ * toggle: Deal with preview mode when adding javascript.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 29 Jun 2008 14:09:37 -0400
+
+ikiwiki (2.50) unstable; urgency=low
+
+ * img: Support captions.
+ * img: Don't generate empty title attributes, etc.
+ * img: Allow setting defaults for class and id too.
+ * ikiwiki-mass-rebuild: Make group list comparison more robust.
+ * search: Work around xapian bug #486138 by only stemming locales
+ in a whitelist.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2008 15:17:30 -0400
+
+ikiwiki (2.49) unstable; urgency=low
+
+ * haiku: Generate valid xhtml.
+ * ikiwiki-mass-rebuild: Don't trust $! when setting $)
+ * inline: The optimisation in 2.41 broke nested inlines. Detect those
+ and avoid overoptimising.
+ * search: Converted to use xapian-omega.
+ * Filter hooks are no longer called during the scan phase. This will
+ prevent wikilinks added by filters from being scanned properly. But
+ no known filter hook does that, so let's not waste time on it.
+ * Pass a destpage parameter to the sanitize hook.
+ * The search interface now allows searching for a page by title
+ ("title:foo"), as well as for pages that contain a given link
+ ("link:bar").
+
+ -- Joey Hess <joeyh@debian.org> Sat, 07 Jun 2008 15:22:41 -0400
+
+ikiwiki (2.48) unstable; urgency=high
+
+ * Fix security hole that occurred if openid and passwordauth were both
+ enabled. passwordauth would allow logging in as a known openid, with an
+ empty password. Closes: #483770 (CVE-2008-0169)
+ * Add rel=nofollow to edit links. This may prevent some spiders from
+ pounding on the cgi following edit links.
+ * passwordauth: If Authen::Passphrase is installed, use it to store
+ password hashes, crypted with Eksblowfish.
+ * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+ hash existing plaintext passwords.
+ * Passwords will no longer be mailed, but instead a password reset link.
+ * The password_cost config setting is provided as a "more security" knob.
+ * teximg: Fix logurl.
+ * teximg: If the log isn't written, avoid ugly error messages.
+ * Updated French translation. Closes: #478530
+
+ -- Joey Hess <joeyh@debian.org> Fri, 30 May 2008 17:36:07 -0400
+
+ikiwiki (2.47) unstable; urgency=low
+
+ * mdwn: Add a multimarkdown setup file option.
+ * If PERL5LIB is set to the libdir when building ikiwiki, calculate and
+ hardcode a proper 'use lib' statement anyway. This fixes a gotcha,
+ since PERL5LIB won't work once ikiwiki is running via a wrapper or as
+ a cgi.
+ * orphans: As a special case, the toplevel index page is never considered
+ an orphaned page.
+ * inline: Display a message if the 'pages' parameter is missing, before
+ it just expanded to nothing.
+ * git: Skip over signed-off-by and similar lines in commit messages
+ when generating recentchanges.
+ * ENV can be used in the setup file to override environment variable
+ settings, such as TZ or PATH.
+ * Perls older than 5.10 need to use the old method of decoding utf-8 in CGI
+ values. Neither method will work for all versions of perl, so check
+ version number at runtime.
+ * Avoid unsightly warning message when evaling broken pagespecs.
+ * Improve error message when a pagespec fails to parse.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 25 May 2008 14:25:42 -0400
+
+ikiwiki (2.46) unstable; urgency=low
+
+ * amazon_s3: New plugin, which injects wiki pages into Amazon S3, allowing
+ ikiwiki to be used without a dedicated web server.
+ * aggregate: Add support for web-based triggering of aggregation
+ for people stuck on shared hosting without cron. (Sheesh.) Enabled
+ via the `aggregate_webtrigger` configuration optiom.
+ * Add pinger and pingee plugins, which allow setting up mirrors and branched
+ wikis that automatically ping one another to stay up to date.
+ * Optimised file statting code when scanning for modified pages;
+ cut the number of system calls in half. (Still room for improvement.)
+ * Fixes for behavior changes in perl 5.10's CGI that broke utf-8 support
+ in several interesting ways.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 12 May 2008 20:51:50 -0400
+
+ikiwiki (2.45) unstable; urgency=low
+
+ * toc: Add the table of contents at sanitize time, rather than at format
+ time. This allows the toc to be displayed when previewing an edit. It also
+ avoids headers in the page template from showing up in the toc.
+ * Add PREFIX/bin to the hardcoded PATH within ikiwiki.
+ * Deal with different paths to perl when removing -T flag.
+ * Add missing de.po. Closes: #471540
+ * img: Support a title attribute, will be passed through to html.
+ Closes: #478718
+ * anonk: Add anonok_pagespec configuration setting that can be used to
+ allow anonymous users to edit only matching pages. Closes: #478892
+ * Fix ugly display when editing a page that has vanished.
+ * srcfile now has an optional second parameter to avoid it throwing an error
+ if the source file does not exist.
+ * git: Put -- before the filename when calling git rev-list to avoid
+ warning message when the file doesn't exist.
+ * Add a Bundle::IkiWiki and Bundle::IkiWiki::Extras to the source for use
+ with CPAN to install perl modules.
+ * Add a cpan directory containing a CPAN::MyConfig that can ease use of
+ CPAN to install in a home directory on shared hosting providers.
+ * With these changes, it's pretty easy to install onto nearlyfreespeech.net
+ and probably other shared hosting providers like dreamhost. Added
+ a page documenting the process for nearlyfreespeech.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 05 May 2008 15:06:05 -0400
+
+ikiwiki (2.44) unstable; urgency=medium
+
+ * Bring back the svnrepo setup file option. This is needed for
+ recentchangediff to work with svn repos.
+ * Allow libtext-markdown-perl to satisfy dependencies, as a
+ an alternative to the markdown package.
+ * Correct a bug in pagespec matching, where a empty pagespec matched all
+ pages. This manifested as wikis with no locked pages treating them all as
+ locked. The bug was introduced in version 2.41.
+ * Medium urgency upload due to above fix.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 17 Apr 2008 14:33:54 -0400
+
+ikiwiki (2.43) unstable; urgency=low
+
+ * Fix missing import of escapeHTML in userlink. (Scott Bronson)
+ * Fix broken rcs_update for bzr. (Scott Bronson)
+ * Use bzr --quiet to avoid it outputting stuff and messing up http headers.
+ (Scott Bronson)
+ * Give the full path to the hyperestraier helpfile in estseek.conf.
+ * Recommend a recent git-core for git init. Closes: 475609
+
+ -- Joey Hess <joeyh@debian.org> Wed, 16 Apr 2008 18:35:13 -0400
+
+ikiwiki (2.42) unstable; urgency=high
+
+ * aggregate: Correct a mistake in the code that dummy up a guid for feeds
+ lacking one.
+ * inline: Correct handling of urls relative to baseurl in feeds.
+ * Fix CSRF attacks against the preferences and edit forms. The fix involved
+ embedding the session id in the forms, and not allowing the forms to be
+ submitted if the embedded id does not match the session id. Closes: #475445
+ (CVE-2008-0165)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400
+
+ikiwiki (2.41) unstable; urgency=low
+
+ [ Adeodato Simó ]
+ * Preprocessor directives generated by the shortcut plugin accept a `desc`
+ parameter that overrides the anchor text provided at shortcut definition
+ time. (Closes: #458126)
+
+ [ martin f. krafft ]
+ * The meta plugin now allows for the robots tag to be specified without the
+ risk of it being scrubbed.
+ * Let meta.openid set X-XRDS-Location header
+ * Make makerepo set the Git merge remote.
+ branch.master.remote previously used to default to origin, which has
+ recently been changed; it now needs to be set explicitly, which this
+ patch does. Closes: #470517
+ * meta: Also generate openid2 headers.
+ * Handle SimpleXMLRPCDispatcher arg count change in python 2.5
+ * Provide XML-RPC proxy abstraction for Python plugins.
+
+ [ Joey Hess ]
+ * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
+ * rcs_diff is a new function that rcs modules should implement.
+ * Implemented rcs_diff for git, svn, and tla (tla version untested).
+ Mercurial and monotone still todo.
+ * Support Text::Markdown::markdown, which is the spelling used by
+ version 1.0.16 of Text::Markdown.
+ * Updated Spanish translation from Victor Moral.
+ * Fix example exclude regexp. Closes: #469691
+ * Remove locking code in git rcs_commit. I'm not sure if this was ever
+ correct, and it's certianly not correct now, since the wiki is locked
+ before rcs_commit is ever called, and should not be unlocked by
+ rcs_commit either.
+ * monotone: Require version 0.38 or greater, and stop using the mtnmergerc
+ option. (Brian May)
+ * Use forcebaseurl to make page previews be displayed with the html base
+ set to the destination page. This avoids need for hacks to munge the urls
+ in preview mode, which fixes several bugs.
+ * Several destpage fixes in plugins.
+ * Use absolute url for feedurl when filling out the feed templates.
+ Closes: #470530
+ * Fix expiry of old recentchanges changeset pages.
+ * French translation update. Closes: #471010
+ * external: Fix support of XML::RPC::fault.
+ * htmltidy: Pass --markup yes, in case tidy's config file disabled it.
+ * external: Add getargv and setargv methods to allow access to ikiwiki's
+ @ARGV.
+ * Correct bug in encoding of %pagestate keys, fixes edittemplate.
+ * Detect invalid pagespecs and do not merge them in add_depends,
+ as that can result in a broken merged pagespec that matches nothing.
+ * Record new pages in %pagesources temporarily when previewing so that
+ things that need to know the page source or type can query it from there.
+ Fixes previewing of tables when creating a new page.
+ * German translation update. Closes: #471540
+ * Time::Duration is no longer used, remove from docs and recommends.
+ * Store userinfo in network byte order for easy portability.
+ (Old files will be automatically converted.)
+ * Close meta tag for redir properly.
+ * smiley: Detect smileys inside pre and code tags, and do not expand.
+ * inline: Crazy optimisation to work around slow markdown.
+ * Precompile pagespecs, about 10% overall speedup.
+ * Changed to a binary index file, written using Storable, for speed.
+ * external: Work around XML RPC's lack of support for null by passing
+ a special sentinal value.
+ * inline: Allow the "feedshow" parameter to take values greater than the
+ value for "show".
+ * Added a hardlink option in the setup file, useful if the source and
+ dest are on the same filesystem and the wiki includes large media files,
+ which would normally be copied, wasting time and space.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 29 Mar 2008 21:07:22 -0400
+
+ikiwiki (2.40) unstable; urgency=low
+ [ Josh Triplett ]
* Add new preprocessor directive syntax¸ using a '!' prefix. Add a
prefix_directives option to the setup file to turn this syntax on;
currently defaults to false, for backward compatibility. Support
the underlay to support either setting of prefix_directives. Add NEWS
entry with migration information.
- -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+ [ Joey Hess ]
+ * Danish translation update from Jonas Smedegaard. Closes: #465152
+ * Generate XML RPC messages with the encoding set to utf-8 instead
+ of XML::RPC's default of us-ascii. Allows interoperation with
+ python's xmlrpc library, which threw invalid encoding exceptions and
+ caused the rst plugin to hang.
+ * Add the linkify and scan hooks. These hooks can be used to implement
+ custom, first-class types of wikilinks.
+ * Move standard wikilink implementation to a new link plugin, which
+ will of course be enabled by default.
+ * camelcase: Convert to use new linkify and scan hooks rather than the old
+ hack.
+ * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
+ * Depend on HTML::Scrubber, since the scrubber is enabled by default and
+ dies if its can't be loaded.
+ * The search plugin needs to override <base> to point to the directory
+ containing ikiwiki.cgi, but this should not change the urls to the style
+ sheets etc. Add a new forcebareurl parameter to misctemplate to allow
+ it to do that.
+ * Preview limits the page dropdown to what's selected previously
+ (as preserving the full list across preview would be tricky). Userdirs
+ were still being offered as an option there, remove them.
+ * Fix a bug where user A created a page concurrently with user B, and
+ when B previewed it would redirect B to A's new page, losing B's work.
+ Instead, don't redirect and let conflict handling resolve it.
+ * monotone: Add code to default mergerc file to run
+ _MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
+ * tla: Remove call to escapeHTML when constructing recentchanges message;
+ the html is escaped at a different level. Closes: #466495
+ * bzr, mercurial: Remove unused import of escapeHTML.
+ * Fix another preview will_render bug. This one involved inline,
+ which forced a scan of the page to make available metadata that
+ appeared after the inline directive. Problem is that scan made it forget
+ about any other files rendered due to the page. The scan also turns out
+ to be unnecessary now, since meta persistently stores state and it's
+ always available. So it was just removed.
+ * Disable taint checking for all builds as people keep complaining about it,
+ and since all versions of perl seem to be hopelessly broken.
+ * Fix links generated by preprocessor directives when previewing.
+ * inline: When forcing urls absolute for rss feeds, skip mailto and other
+ such urls.
+ * ikiwiki-makerepo: Don't fail if the third argument ends in a slash.
+ * Allow colons in URLs after the first slash. (Adeodato Simó)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 29 Feb 2008 23:05:39 -0500
ikiwiki (2.31.3) unstable; urgency=high
character.
* Do not allow the steam: URI scheme.
* Allow the snews: URI scheme.
+ * Allow the smb: URI scheme.
-- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
ikiwiki (2.31.2) unstable; urgency=high
* The security fix in the last release had buggy handling of data:image,
- now fixed.
+ now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
* htmlscrubber security fix: Block javascript in uris.
* Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500