+ikiwiki (2.53.4) stable-security; urgency=high
+
+ * teximg: Replace the insufficient blacklist with the built-in security
+ mechanisms of TeX.
+ * img: Don't generate new verison of image if it is scaled to be
+ larger in either dimension.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 28 Aug 2009 23:42:51 -0400
+
+ikiwiki (2.53.3) testing-proposed-updates; urgency=low
+
+ * Avoid crash on malformed utf-8 discovered by intrigeri.
+ * orphans: Fix unquoted page name in regexp.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 09 Oct 2008 19:12:18 -0400
+
+ikiwiki (2.53.2) testing-proposed-updates; urgency=low
+
+ * Fix bad patch backport that broke generation of rss/atom feeds. Closes: #498224
+
+ -- Joey Hess <joeyh@debian.org> Mon, 08 Sep 2008 11:40:27 -0400
+
+ikiwiki (2.53.1) testing-proposed-updates; urgency=low
+
+ * Backported all relevant bug fixes from mainline to debian testing.
+ * ikiwiki-transition: Fix command-line processing so the prefix_directives
+ transition works again.
+ * Fixes creation of pages when clicking on WikiLinks starting with "/".
+ * Change deb dependencies to list Text::Markdown before markdown, since
+ the former, while slower, has a much better html parser that avoids
+ numerous bugs.
+ * smileys: Some fixes for escaped smileys.
+ * smileys: Note that smileys need to be double-escaped for the escaping to
+ work. Markdown removes one level of escaping.
+ * Add a postscan hook.
+ * search: Use postscan hook, avoid updating index when previewing.
+ * search: Fixes for title stemming, and use better term for tags.
+ (Gabriel McManus)
+ (Rebuilding the wiki on upgrade to this version is recommended if you
+ use the search plugin.)
+ * meta: fix title() PageSpec (DOS). Closes: #497444
+ * Really fix bug with links to pages with names containing colons.
+ Previous fix mised a few cases.
+ * toggle: Fix incompatability between javascript and webkit.
+ * toggle: Fix for when html got tidied. Closes: #492529 (Enrico Zini)
+ * inline: Ignore parent dirs when sorting pages by title.
+ * external: Fix support for hooks called in an array context.
+ * edittemplate: Don't wipe out edits on preview.
+ * map: The fix for #449285 was buggy and broke display of parents in certian
+ circumstances.
+ * Work around perl $_ scoping nonsense that caused breakage when loading
+ external plugins.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 05 Sep 2008 20:55:53 -0400
+
+ikiwiki (2.53) unstable; urgency=low
+
+ * search: generate configuration files once only when rebuilding
+ (Gabriel McManus)
+ * attachment: Fix an uninitialised value warning when editing a page
+ that currently has no attachments.
+ * Fix a bug with links to pages whose names contained colons.
+ * attachment: Support old versions of CGI.pm that lack an upload method.
+ * Include ikiwiki.setup in examples in the debian package.
+ * attachment: Support perl 5.8's buggy version of CGI.pm.
+ * otl: Support utf-8 files. (Recai Oktaş)
+
+ -- Joey Hess <joeyh@debian.org> Wed, 09 Jul 2008 16:45:33 -0400
+
+ikiwiki (2.52) unstable; urgency=low
+
+ * attachment: New plugin for uploading and managing attachments.
+ This includes a fairly powerful PageSpec based admin pref for deciding
+ whether to accept a given upload, and an attachment management interface
+ on the edit page.
+ (Sponsored by The TOVA Company.)
+ * If attachments are not enabled, configure CGI.pm to disable file
+ uploads by default. (An anti-DOS measure.)
+ * toggle: Add support for toggles that are open by default.
+ * toggle: Fix to work in preview mode.
+ * toggle: Add javascript to top of page, not to end. This avoids flicker
+ since closed toggles will not be displayed as the page is loading.
+ * The editpage form now uses the raw page name, not the page title, in its
+ 'page' cgi parameter. Using the title was ambiguous and made it
+ impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
+ sometimes causing the wrong page to be edited.
+ * This change means that some edit links need to be updated.
+ Force a rebuild on upgrade to this version.
+ * Above change also allowed really fixing escaped slashes from the blogpost
+ form.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 06 Jul 2008 19:15:37 -0400
+
+ikiwiki (2.51) unstable; urgency=low
+
+ * Improve toplevel parentlink to link directly to index.html when usedirs is
+ disabled.
+ * map: Add a "show" parameter. "show=title" can be used to display page
+ titles, rather than the default page name. Based on a patch from
+ Jaldhar H. Vyas, Closes: #484510
+ * hnb: New plugin, contributed by Axel Beckert.
+ * meta: Store "description" in pagestate for use by other plugins.
+ * map: Support show=description.
+ * textile: The Text::Textile perl module has some regexps that fail if
+ input is flagged as utf-8, but contains invalid characters such as 0x92.
+ To prevent it from crashing, re-encode the content before calling it,
+ which will ensure that it's really utf-8.
+ * Version the suggests of xapian-omega to a version known to be new enough
+ to work with ikiwiki. Reportedly, version 0.9.9 is too old to work.
+ Closes: #486592
+ * creole: New plugin from Bernd Zeimetz. Closes: #486930
+ * aggregate: Add template parameter.
+ * Add support for the universal edit button <http://universaleditbutton.org/>
+ (To get this on all pages of an exiting wiki, rebuild the wiki.)
+ * txt: New plugin, contributed by Gabriel McManus.
+ * smiley: Generate links relative to the destpage. (Fixes a reversion from
+ 2.41.)
+ * toc: Revert change in 2.45 that made it run at sanitize time. That broke
+ use of toc in a sidebar.
+ * Call format hooks when generating page previews, thus fixing toc display
+ there, as well as fixing inlins to again display in page previews, since
+ it's started using format hooks. This also allows several other things,
+ like embed, that use format hooks, to work during page preview time.
+ * Format hooks should not rely on getting an entire html document, as they
+ will only get the body during page preview.
+ * toggle: Deal with preview mode when adding javascript.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 29 Jun 2008 14:09:37 -0400
+
+ikiwiki (2.50) unstable; urgency=low
+
+ * img: Support captions.
+ * img: Don't generate empty title attributes, etc.
+ * img: Allow setting defaults for class and id too.
+ * ikiwiki-mass-rebuild: Make group list comparison more robust.
+ * search: Work around xapian bug #486138 by only stemming locales
+ in a whitelist.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2008 15:17:30 -0400
+
+ikiwiki (2.49) unstable; urgency=low
+
+ * haiku: Generate valid xhtml.
+ * ikiwiki-mass-rebuild: Don't trust $! when setting $)
+ * inline: The optimisation in 2.41 broke nested inlines. Detect those
+ and avoid overoptimising.
+ * search: Converted to use xapian-omega.
+ * Filter hooks are no longer called during the scan phase. This will
+ prevent wikilinks added by filters from being scanned properly. But
+ no known filter hook does that, so let's not waste time on it.
+ * Pass a destpage parameter to the sanitize hook.
+ * The search interface now allows searching for a page by title
+ ("title:foo"), as well as for pages that contain a given link
+ ("link:bar").
+
+ -- Joey Hess <joeyh@debian.org> Sat, 07 Jun 2008 15:22:41 -0400
+
+ikiwiki (2.48) unstable; urgency=high
+
+ * Fix security hole that occurred if openid and passwordauth were both
+ enabled. passwordauth would allow logging in as a known openid, with an
+ empty password. Closes: #483770 (CVE-2008-0169)
+ * Add rel=nofollow to edit links. This may prevent some spiders from
+ pounding on the cgi following edit links.
+ * passwordauth: If Authen::Passphrase is installed, use it to store
+ password hashes, crypted with Eksblowfish.
+ * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+ hash existing plaintext passwords.
+ * Passwords will no longer be mailed, but instead a password reset link.
+ * The password_cost config setting is provided as a "more security" knob.
+ * teximg: Fix logurl.
+ * teximg: If the log isn't written, avoid ugly error messages.
+ * Updated French translation. Closes: #478530
+
+ -- Joey Hess <joeyh@debian.org> Fri, 30 May 2008 17:36:07 -0400
+
+ikiwiki (2.47) unstable; urgency=low
+
+ * mdwn: Add a multimarkdown setup file option.
+ * If PERL5LIB is set to the libdir when building ikiwiki, calculate and
+ hardcode a proper 'use lib' statement anyway. This fixes a gotcha,
+ since PERL5LIB won't work once ikiwiki is running via a wrapper or as
+ a cgi.
+ * orphans: As a special case, the toplevel index page is never considered
+ an orphaned page.
+ * inline: Display a message if the 'pages' parameter is missing, before
+ it just expanded to nothing.
+ * git: Skip over signed-off-by and similar lines in commit messages
+ when generating recentchanges.
+ * ENV can be used in the setup file to override environment variable
+ settings, such as TZ or PATH.
+ * Perls older than 5.10 need to use the old method of decoding utf-8 in CGI
+ values. Neither method will work for all versions of perl, so check
+ version number at runtime.
+ * Avoid unsightly warning message when evaling broken pagespecs.
+ * Improve error message when a pagespec fails to parse.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 25 May 2008 14:25:42 -0400
+
+ikiwiki (2.46) unstable; urgency=low
+
+ * amazon_s3: New plugin, which injects wiki pages into Amazon S3, allowing
+ ikiwiki to be used without a dedicated web server.
+ * aggregate: Add support for web-based triggering of aggregation
+ for people stuck on shared hosting without cron. (Sheesh.) Enabled
+ via the `aggregate_webtrigger` configuration optiom.
+ * Add pinger and pingee plugins, which allow setting up mirrors and branched
+ wikis that automatically ping one another to stay up to date.
+ * Optimised file statting code when scanning for modified pages;
+ cut the number of system calls in half. (Still room for improvement.)
+ * Fixes for behavior changes in perl 5.10's CGI that broke utf-8 support
+ in several interesting ways.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 12 May 2008 20:51:50 -0400
+
+ikiwiki (2.45) unstable; urgency=low
+
+ * toc: Add the table of contents at sanitize time, rather than at format
+ time. This allows the toc to be displayed when previewing an edit. It also
+ avoids headers in the page template from showing up in the toc.
+ * Add PREFIX/bin to the hardcoded PATH within ikiwiki.
+ * Deal with different paths to perl when removing -T flag.
+ * Add missing de.po. Closes: #471540
+ * img: Support a title attribute, will be passed through to html.
+ Closes: #478718
+ * anonk: Add anonok_pagespec configuration setting that can be used to
+ allow anonymous users to edit only matching pages. Closes: #478892
+ * Fix ugly display when editing a page that has vanished.
+ * srcfile now has an optional second parameter to avoid it throwing an error
+ if the source file does not exist.
+ * git: Put -- before the filename when calling git rev-list to avoid
+ warning message when the file doesn't exist.
+ * Add a Bundle::IkiWiki and Bundle::IkiWiki::Extras to the source for use
+ with CPAN to install perl modules.
+ * Add a cpan directory containing a CPAN::MyConfig that can ease use of
+ CPAN to install in a home directory on shared hosting providers.
+ * With these changes, it's pretty easy to install onto nearlyfreespeech.net
+ and probably other shared hosting providers like dreamhost. Added
+ a page documenting the process for nearlyfreespeech.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 05 May 2008 15:06:05 -0400
+
+ikiwiki (2.44) unstable; urgency=medium
+
+ * Bring back the svnrepo setup file option. This is needed for
+ recentchangediff to work with svn repos.
+ * Allow libtext-markdown-perl to satisfy dependencies, as a
+ an alternative to the markdown package.
+ * Correct a bug in pagespec matching, where a empty pagespec matched all
+ pages. This manifested as wikis with no locked pages treating them all as
+ locked. The bug was introduced in version 2.41.
+ * Medium urgency upload due to above fix.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 17 Apr 2008 14:33:54 -0400
+
+ikiwiki (2.43) unstable; urgency=low
+
+ * Fix missing import of escapeHTML in userlink. (Scott Bronson)
+ * Fix broken rcs_update for bzr. (Scott Bronson)
+ * Use bzr --quiet to avoid it outputting stuff and messing up http headers.
+ (Scott Bronson)
+ * Give the full path to the hyperestraier helpfile in estseek.conf.
+ * Recommend a recent git-core for git init. Closes: 475609
+
+ -- Joey Hess <joeyh@debian.org> Wed, 16 Apr 2008 18:35:13 -0400
+
ikiwiki (2.42) unstable; urgency=high
* aggregate: Correct a mistake in the code that dummy up a guid for feeds
* Fix CSRF attacks against the preferences and edit forms. The fix involved
embedding the session id in the forms, and not allowing the forms to be
submitted if the embedded id does not match the session id. Closes: #475445
+ (CVE-2008-0165)
-- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400