+ikiwiki (3.20200202.4) UNRELEASED; urgency=medium
+
+ * aggregate: When a feed has an enclosure that is an image, audio, or
+ video, include the enclosure in the generated page.
+
+ -- Joey Hess <id@joeyh.name> Sat, 25 Dec 2021 12:41:34 -0400
+
+ikiwiki (3.20200202.3) upstream; urgency=medium
+
+ [ Amitai Schleier ]
+ * highlight: Adapt to API change in highlight >= 3.51
+ * mdwn: Fix inverted footnote configuration when MultiMarkdown is
+ enabled. Thanks, Giuseppe Bilotta
+
+ [ Joey Hess ]
+ * Updated German basewiki and directives translation from
+ Sebastian Kuhnert.
+ * Updated German program translation from
+ Sebastian Kuhnert.
+
+ -- Joey Hess <id@joeyh.name> Sun, 02 Feb 2020 00:00:00 -0400
+
+ikiwiki (3.20190228) upstream; urgency=medium
+
+ * aggregate: Use LWPx::ParanoidAgent if available.
+ Previously blogspam, openid and pinger used this module if available,
+ but aggregate did not. This prevents server-side request forgery or
+ local file disclosure, and mitigates denial of service when slow
+ "tarpit" URLs are accessed.
+ (CVE-2019-9187)
+ * blogspam, openid, pinger: Use a HTTP proxy if configured, even if
+ LWPx::ParanoidAgent is installed.
+ Previously, only aggregate would obey proxy configuration. If a proxy
+ is used, the proxy (not ikiwiki) is responsible for preventing attacks
+ like CVE-2019-9187.
+ * aggregate, blogspam, openid, pinger: Do not access non-http, non-https
+ URLs.
+ Previously, these plugins would have allowed non-HTTP-based requests if
+ LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
+ file disclosure, and preventing other rarely-used URI schemes like
+ gopher mitigates request forgery attacks.
+ * aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
+ recommended.
+ These plugins can request attacker-controlled URLs in some site
+ configurations.
+ * blogspam: Document LWPx::ParanoidAgent as desirable.
+ This plugin doesn't request attacker-controlled URLs, so it's
+ non-critical here.
+ * blogspam, openid, pinger: Consistently use cookiejar if configured.
+ Previously, these plugins would only obey this configuration if
+ LWPx::ParanoidAgent was not installed, but this appears to have been
+ unintended.
+ * po: Always filter .po files.
+ The po plugin in previous ikiwiki releases made the second and
+ subsequent filter call per (page, destpage) pair into a no-op,
+ apparently in an attempt to prevent *recursive* filtering (which as
+ far as we can tell can't happen anyway), with the undesired effect
+ of interpreting the raw .po file as page content (e.g. Markdown)
+ if it was inlined into the same page twice, which is apparently
+ something that tails.org does. Simplify this by deleting the code
+ that prevented repeated filtering. Thanks, intrigeri
+ (Closes: #911356)
+
+ -- Simon McVittie <smcv@debian.org> Tue, 26 Feb 2019 21:05:49 +0000
+
+ikiwiki (3.20190207) upstream; urgency=medium
+
+ [ Amitai Schleier ]
+ * graph: Add an optional "file" parameter
+ * emailauth: When email can't be sent, show the error message
+ * osm: Don't raise errors if tags don't have attached icons
+ * cgi: Avoid C compiler warnings for waitpid() on NetBSD
+
+ [ Simon McVittie ]
+ * Hide popup template content from documentation (Closes: #898836)
+ * meta: Make [[!meta date]] show an error if dates are invalid or
+ Date::Parse can't be loaded
+ * inline: Cope with non-ASCII `rootpage` parameter.
+ Thanks, Feng Shu
+ * table: Cope with non-ASCII content in CSV format tables.
+ Thanks, Feng Shu
+ * trail: Allow unescaped punctuation in `pagenames` parameter
+ * comments: Hide "add comment" link from print stylesheet.
+ Thanks, Antoine Beaupré
+ * recentchangesdiff, relativedate, toggle:
+ Import JavaScript at the end of the page content, not the beginning,
+ so that the browser can render content as soon as possible.
+ Thanks, Antoine Beaupré
+ * debian: Allow Breezy as an alternative to bzr
+ Thanks, Jelmer Vernooij
+ * inline: Add basic test coverage for [[!inline rootpage]]
+ * table: Add basic test coverage
+ * po: Add enough test coverage to reproduce Debian #911356
+ * comments: Improve test coverage
+ * tests: Exercise Unicode more
+
+ [ Joey Hess ]
+ * aggregate: Fix aggregation of posts without a title.
+ Thanks, Alexandre Oliva
+ * poll: Added postlink and posttrail options for better multi-page polls.
+ * Fix permalink to comments.
+
+ -- Simon McVittie <smcv@debian.org> Thu, 07 Feb 2019 11:07:44 +0000
+
+ikiwiki (3.20180311) upstream; urgency=medium
+
+ [ Amitai Schleier ]
+ * Avoid unexpected full paths from find(1)
+
+ [ thm.id.fedoraproject.org ]
+ * rst test: Probe for docutils Python 3 module, not Python 2
+
+ [ Simon McVittie ]
+ * mdwn: Automatically detect which Discount flags to use, fixing
+ regressions in 3.20180228 when using Discount < 2.2
+ * Add a test asserting that no plugin is an empty file, to confirm
+ that the build fixes in 3.20180228 were successful
+
+ -- Simon McVittie <smcv@debian.org> Sun, 11 Mar 2018 15:53:34 +0000
+
+ikiwiki (3.20180228) upstream; urgency=medium
+
+ * core: Don't send relative redirect URLs when behind a reverse proxy
+ * core: Escape backticks etc. in directive error messages as HTML
+ entities so that the error message is not subsequently parsed as
+ Markdown
+ * mdwn: Enable fenced code blocks, PHP Markdown Extra-style definition
+ lists and GitHub-style extensions to HTML tag syntax when used with
+ Discount >= 2.2.0 (Closes: #888055)
+ * img: Fix auto-detection of image format (if enabled, which is
+ strongly discouraged) with ImageMagick >= 6.9.8-3
+ * rst: Use Python 3 instead of Python 2
+ * build: `set -e` before each `for` loop, so that errors are reliably
+ trapped
+ * build: Use if/then instead of `||` so that the `-e` flag works
+ * build: Ensure that pm_to_blib finishes before rewriting shebang lines
+ * t: Make the img test pass with ImageMagick >= 6.9.8-3
+ (Closes: #891647)
+ * debian: Remove unused Lintian overrides for duplicate word false positives
+ * debian: Declare compliance with Debian Policy 4.1.3
+
+ -- Simon McVittie <smcv@debian.org> Wed, 28 Feb 2018 10:38:19 +0000
+
ikiwiki (3.20180105) upstream; urgency=medium
* emailauth: Fix cookie problem when user is on https and the cgiurl