-ikiwiki (3.20100428) UNRELEASED; urgency=low
+ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium
+
+ * HTML-escape error messages, in one case avoiding potential cross-site
+ scripting (CVE-2016-4561, OVE-20160505-0012)
+ * Update img plugin to version 3.20160509 to mitigate ImageMagick
+ vulnerabilities, including remote code execution (CVE-2016-3714):
+ - Never convert SVG images to PNG; simply pass them through to the
+ browser. This prevents exploitation of any ImageMagick SVG coder
+ vulnerabilities. (joeyh)
+ - Do not resize image formats other than JPEG, PNG, GIF unless
+ specifically configured to do so. This prevents exploitation
+ of any vulnerabilities in less common coders, such as MVG.
+ (schmonz, smcv)
+ - Do not resize JPEG, PNG, GIF, PDF images if their extensions do
+ not match their "magic numbers", because wiki admins might try to
+ restrict attachments by extension, but ImageMagick can base its
+ choice of coder on the magic number. Explicitly force the
+ obvious ImageMagick coder to be used. (smcv)
+ * Minor non-security changes resulting from that update, since
+ reverting them seems higher-risk than keeping them:
+ - Add PDF support, disabled by the above changes unless specifically
+ configured (chrysn)
+ - Only render one frame or page from animated GIF or multi-page PDF
+ (chrysn)
+ - Do not distort aspect ratio when resizing small images (chrysn)
+ - Use data: URLs to embed images in page previews (chrysn)
+ - Raise an error if the image's size cannot be determined (chrysn)
+ - Handle filenames containing a colon correctly (smcv)
+ * Add t/img.t regression test also taken from version 3.20160506
+ (chrysn, joeyh, schmonz, smcv)
+ * debian/tests: add metadata to run the img test as an autopkgtest
+
+ -- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 22:38:35 +0100
+
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+ [ Joey Hess ]
+ * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+ CVE-2015-2793)
+
+ -- Simon McVittie <smcv@debian.org> Mon, 06 Apr 2015 20:34:51 +0100
+
+ikiwiki (3.20120629.1) wheezy; urgency=medium
+
+ Backport blogspam plugin from experimental, because the version in
+ wheezy is no longer usable:
+
+ [ Joey Hess ]
+ * Set Debian package maintainer to Simon McVittie as I'm retiring from
+ Debian.
+
+ [ Amitai Schlair ]
+ * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd).
+ Closes: #774441
+
+ -- Simon McVittie <smcv@debian.org> Sat, 17 Jan 2015 11:53:33 +0000
+
+ikiwiki (3.20120629) unstable; urgency=low
+
+ * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or
+ other config differences by linking to the mirror's CGI. (intrigeri)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 29 Jun 2012 10:16:08 -0400
+
+ikiwiki (3.20120516) unstable; urgency=high
+
+ * meta: Security fix; add missing sanitization of author and authorurl.
+ CVE-2012-0220 Thanks, Raúl Benencia
+
+ -- Joey Hess <joeyh@debian.org> Wed, 16 May 2012 19:51:27 -0400
+
+ikiwiki (3.20120419) unstable; urgency=low
+
+ * Remove dead link from plugins/teximg. Closes: #664885
+ * inline: When the pagenames list includes pages that do not exist, skip
+ them.
+ * meta: Export author information in html <meta> tag. Closes: #664779
+ Thanks, Martin Michlmayr
+ * notifyemail: New plugin, sends email notifications about new and
+ changed pages, and allows subscribing to comments.
+ * Added a "changes" hook. Renamed the "change" hook to "rendered", but
+ the old hook name is called for now for back-compat.
+ * meta: Support keywords header. Closes: #664780
+ Thanks, Martin Michlmayr
+ * passwordauth: Fix url in password recovery email to be absolute.
+ * httpauth: When it's the only auth method, avoid a pointless and
+ confusing signin form, and go right to the httpauthurl.
+ * rename: Allow rename to be started not from the edit page; return to
+ the renamed page in this case.
+ * remove: Support removing of pages in the transient underlay. (smcv)
+ * inline, trail: The pagenames parameter is now a list of absolute
+ pagenames, not relative wikilink type names. This is necessary to fix
+ a bug, and makes pagenames more consistent with the pagespec used
+ in the pages parameter. (smcv)
+ * link: Fix renaming wikilinks that contain embedded urls.
+ * graphviz: Handle self-links.
+ * trail: Improve CSS, also display trail links at bottom of page,
+ and a bug fix. (smcv)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 19 Apr 2012 15:32:07 -0400
+
+ikiwiki (3.20120319) unstable; urgency=low
+
+ * osm: New plugin to embed an OpenStreetMap into a wiki page.
+ Supports waypoints, tags, and can even draw paths matching
+ wikilinks between pages containing waypoints.
+ Thanks to Blars Blarson and Antoine Beaupré, as well as the worldwide
+ OpenStreetMap community for this utter awesomeness.
+ * trail: New plugin to add navigation trails through pages via Next and
+ Previous links. Trails can easily be added to existing inlines by setting
+ trail=yes in the inline.
+ Thanks to Simon McVittie for his persistance developing this feature.
+ * Fix a snail mail address. Closes: #659158
+ * openid-jquery.js: Update URL of Wordpress favicon. Closes: #660549
+ * Drop the version attribute on the generator tag in Atom feeds
+ to make builds more reproducible. Closes: #661569 (Paul Wise)
+ * shortcut: Support Wikipedia's form of url-encoding for unicode
+ characters, which involves mojibake. Closes: #661198
+ * Add a few missing jquery UI icons to attachment upload widget underlay.
+ * URI escape filename when generating the diffurl.
+ * Add build-affected hook. Used by trail.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 19 Mar 2012 14:24:43 -0400
+
+ikiwiki (3.20120202) unstable; urgency=low
+
+ * mdwn: Added nodiscount setting, which can be used to avoid using the
+ markdown discount engine, when maximum compatability is needed.
+ * Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533
+ * cvs: Ensure text files are added in non-binary mode. (Amitai Schlair)
+ * cvs: Various cleanups and testing. (Amitai Schlair)
+ * calendar: Fix strftime encoding bug.
+ * shortcuts: Fixed a broken shortcut to wikipedia (accidentially
+ made into a shortcut to wikiMedia).
+ * Various portability improvements. (Amitai Schlair)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 02 Feb 2012 21:42:40 -0400
+
+ikiwiki (3.20120115) unstable; urgency=low
+
+ * Make backlink(.) work. Thanks, Giuseppe Bilotta.
+ * mdwn: Workaround discount's eliding of <style> blocks.
+ * attachment: Fix utf-8 display bug.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 15 Jan 2012 16:19:25 -0400
+
+ikiwiki (3.20120109) unstable; urgency=low
+
+ * mdwn: Can use the discount markdown library, via the
+ Text::Markdown::Discount perl module. This is preferred if available
+ since it's the fastest currently supported markdown library, speeding up
+ ikiwiki's markdown rendering by a factor of 40.
+ (However, when multimarkdown is enabled, Text::Markdown::Multimarkdown
+ is still used.)
+ * On Debian, depend on libtext-markdown-discount.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 09 Jan 2012 11:49:14 -0400
+
+ikiwiki (3.20111229) unstable; urgency=low
+
+ * Consume all stdin when rcs_receive short-circuits,
+ to avoid git SIGPIPE race.
+ * Add path and path_natural sort orders (smcv)
+ * Test coverage can be checked with `make coverage` (smcv)
+ * tag: encode categories using numeric values. (tango)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 29 Dec 2011 12:00:53 -0400
+
+ikiwiki (3.20111107) unstable; urgency=low
+
+ * img: Bugfix to width/height tags for scaled down image when only
+ one dimension was provided. Thanks, Per Carlson.
+ * editpage: Fix FormattingHelp link on Discussion pages.
+ * The umask setting can now be set to private, group, or public,
+ avoiding the need to enter octal correctly which is particularly
+ difficult in yaml setup files. (smcv)
+ * graphviz: Support urls embedded in the graph, by having graphviz
+ generate an imagemap.
+ * graphviz: Support wikilinks embedded in the graph.
+ (Sponsored by The TOVA Company.)
+
+ -- Joey Hess <joeyh@debian.org> Wed, 30 Nov 2011 16:31:48 -0400
+
+ikiwiki (3.20111106) unstable; urgency=low
+
+ * searchquery.tmpl: Track escaping change in upstream template.
+ Thanks Olly Betts for review.
+ * svn: Support subversion 1.7, which does not have .svn in each
+ subdirectory.
+ * rst: import docutils lazily, to avoid errors during ikiwiki --setup.
+ Closes: #637604 (Thanks, smcv)
+ * Make the setup automator create YAML formatted files.
+ * Fix handling of discussion page creation links to make discussion pages
+ in the right place and with the right case. Broken by page case
+ preservation feature added in 3.20110707.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 06 Nov 2011 16:27:29 -0400
+
+ikiwiki (3.20110905) unstable; urgency=low
+
+ * mercurial: Openid nicknames are now used when committing. (Daniel Andersson)
+ * mercurial: Implement rcs_commit_staged so comments, attachments, etc
+ can be used. (Daniel Andersson)
+ * mercurial: Implement rcs_rename, rcs_remove. (Daniel Andersson)
+ * mercurial: Fix viewing of a diff containing non-utf8 changes.
+ (Daniel Andersson)
+ * mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson)
+ * mercurial: Implement rcs_diff. (Daniel Andersson)
+ * po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri)
+ * Fix typo in Danish translation of shortcuts page that caused exponential
+ regexp blowup.
+ * Fix escaping of html entities in permalinks.
+ * Fix escaping of html entities in tag names.
+ * Avoid using named capture groups in heredoc code for oldperl compatibility.
+ * Put in a workaround for #622591, by ensuring Search::Xapian gets loaded
+ before Image::Magick.
+ * Add unminified jquery js and css files to source.
+ * Update to jquery 1.6.2, and jquery-ui 1.8.14.
+ * Use lockf rather than flock when taking the cgilock, for better
+ portability.
+ * search: Fix encoding bug in calculation of maximum term size.
+ * inline: When indexing internal pages for searching, use the url of
+ the inlining page.
+ * Fix comments testsuite to not rely on Date::Parse's ability to
+ parse the date Columbus discovered America. Closes: #640350
+ * Avoid warning message when generating setup file if highlight
+ is not installed. Closes: #637606
+ * Promote RPC::XML to a Recommends, since it's used by auto-blog.setup.
+ Closes: #637603
+ * Fix web revert of a file deletion.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 05 Sep 2011 14:53:00 -0400
+
+ikiwiki (3.20110715) unstable; urgency=low
+
+ * rename: Fix logic error that broke renaming pages when the attachment
+ plugin was disabled.
+ * rename: Fix logic error that bypassed the usual pagespec checks.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 15 Jul 2011 18:36:29 -0400
+
+ikiwiki (3.20110712) unstable; urgency=low
+
+ * attachment: Bugfix to create directory when moving attachment out of
+ holding area.
+ * Display attachment manipulation links always, since attachments can be
+ uploaded via javascript.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 12 Jul 2011 00:41:26 -0400
+
+ikiwiki (3.20110711) unstable; urgency=low
+
+ * Add build dep on python-support. Closes: #633536
+ * attachment: Bugfix to move upload attachments out of holding area
+ when saving.
+ * attachment: Bugfix for trying to attach files to a subpage of the index
+ page.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 11 Jul 2011 13:03:04 -0400
+
+ikiwiki (3.20110707) unstable; urgency=low
+
+ * userlist: New plugin, lets admins see a list of users and their info.
+ * aggregate: Improve checking for too long aggregated filenames.
+ * Updated to jQuery 1.6.1.
+ * attachment: Speed up multiple file uploads by storing uploaded files
+ in a staging area until the page is saved/previewed, rather than
+ refreshing the site after each upload.
+ (Sponsored by The TOVA Company.)
+ * attachment: Files can be dragged into the edit page to upload them.
+ Multiple file batch upload support. Upload progress bars.
+ AJAX special effects. Impemented using the jQuery-File-Upload widget.
+ (If you don't have javascript don't worry, I kept that working too.)
+ (Sponsored by The TOVA Company.)
+ * Add libtext-multimarkdown-perl to Suggests. Closes: #630705
+ * headinganchors: Plugin by Paul Wise that adds ids to <hn> headings.
+ * html5 is not experimental anymore. But not the default either, quite yet.
+ * Support svg as a inlinable image type; svg images can be included on a
+ page by simply linking to them, or by using the img directive.
+ Note that sanitizing svg files is still not addressed.
+ * img: Generate png format thumbnails for svg images.
+ * Preserve mixed case in page creation links, and when creating a page
+ whose title is mixed case, allow selecting between the mixed case and
+ all lower-case names.
+ * Fix ikiwiki-update-wikilist -r to actually work.
+ * comments: collect metadata in a scan-phase preprocess hook, which
+ fixes sorting comments by date. (smcv)
+ * Run scan hooks for internal pages (preprocess hooks already run in scan
+ mode) (smcv)
+ * inline: Handle obfuscated urls, such as the mailto urls generated by
+ markdown when forcing urls absolute.
+ * Bugfix for wikilink containing an email address not showing up in
+ brokenlinks list.
+ * Bugfix for trying to attach files to a subpage of the index page.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 07 Jul 2011 20:38:31 -0400
+
+ikiwiki (3.20110608) unstable; urgency=high
+
+ * ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su.
+ (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel.
+ (CVE-2011-1408)
+ * search: Update search page when page.tmpl or searchquery.tmpl are locally
+ modified.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 03 Jun 2011 20:30:35 -0400
+
+ikiwiki (3.20110431) unstable; urgency=low
+
+ * Danish translation update. Closes: #625721
+ * Danish underlay translation update. Closes: #625765
+ (Thanks, Jonas Smedegaard)
+ * Support YAML::XS by not passing decoded unicode to Load. Closes: #625713
+ * openid, aggregate, pinger: Use Net::INET6Glue if available to
+ support making ipv6 connections. (Note that if LWPx::ParanoidAgent
+ is installed, it defeats this for openid.)
+ * Add additional directive quoting styles, to better support nested
+ directives. Both triple-single-quote and heredoc quotes can be used.
+ (Thanks, Timo Paulssen)
+ * Changed license of madduck's python plugins from GPL-2 to BSD-2-clause.
+ * po: support language codes in the form of 'es_AR', and 'arn'. (intrigeri)
+ Closes: #627844
+ * po: Make po4a warn, not error on a malformed document. (intrigeri)
+ * Support the Hiawatha web server which sets HTTPS=off rather than not
+ setting it. (There does not seem to be a standard here.)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 03 Jun 2011 14:38:23 -0400
+
+ikiwiki (3.20110430) unstable; urgency=low
+
+ * meta: Allow adding javascript to pages. Only when htmlscrubber is
+ disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154
+ * comments: Add avatar picture of comment author, using Libravatar::URL
+ when available. The avatar is looked up based on the user's openid,
+ or email address. (Thanks, Francois Marier)
+ * Recommend libgravatar-url-perl, which contains Libravatar::URL.
+ * monotone: Implement rcs_getmtime, and work around a problem with monotone
+ 0.48 that affects rcs_getctime. (Thanks, Richard Levitte)
+ * meta: Fix bug in loading of HTML::Entities that can break inline
+ archive=yes (mostly masked by other plugins that load the module).
+ * Be quiet about updating wrappers, except in verbose mode. (jmtd)
+ * meta: Add FOAF support. Closes: #623156 (Jonas Smedegaard)
+ * Promote Crypt::SSLeay to Recommends; needed for https openid auth.
+ * tag: Avoid autocreating multiple tag pages that vary only in
+ capitalization. The first capitalization seen of a tag will be used
+ for the tag page.
+ * Fix yaml build dep. Closes: #624712
+
+ -- Joey Hess <joeyh@debian.org> Sat, 30 Apr 2011 17:13:24 -0400
+
+ikiwiki (3.20110328) unstable; urgency=low
+
+ * Yaml formatted setup files are now produced by default.
+ (Perl formatted setup files can still be used.)
+ * Add timezone setting in setup file. This alows time zone to be configured
+ via the web.
+ * comment: Better fix to avoid showing comments of subpages, while
+ not breaking manual inlining of comments.
+ * meta: Security fix; don't allow alternative stylesheets to be added
+ on pages where the htmlscrubber is enabled. CVE-2011-1401
+
+ -- Joey Hess <joeyh@debian.org> Mon, 28 Mar 2011 12:23:26 -0400
+
+ikiwiki (3.20110321) unstable; urgency=low
+
+ * comment: Don't show comments of subpages on parent pages.
+ (Fixes bug introduced in version 3.20100505.)
+ * darcs: Fix multiple issues preventing rcs_diff from working.
+ * aggregate: Read cookies from ~/.ikiwiki/cookies by default.
+ Also, the cookiejar configuration setting can be used by
+ other plugins to provide a custom `cookie_jar` object for LWP::UserAgent.
+ (Thanks, schmonz)
+ * Avoid escaping / characters in filenames when building the cgiurl,
+ as this confuses eg, cvsweb.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 21 Mar 2011 14:45:05 -0400
+
+ikiwiki (3.20110225) unstable; urgency=low
+
+ * editpage: Avoid inheriting internal page types.
+ * htmltidy: Avoid breaking the sidebar when websetup is running.
+ * transient: New utility plugin that allows transient pages to
+ be stored in .ikiwiki/transient/ (smcv)
+ * aggregate: Aggregated content is stored in the transient underlay.
+ (Existing aggregated content is not moved, since it will eventually
+ expire and be removed) (smcv)
+ * autoindex, tag: Added autoindex_commit and tag_autocreate_commit that
+ can be unset to make index files and tags respectively not be committed,
+ and instead be stored in the transient underlay.
+ Closes: #544322 (smcv)
+ * autoindex: Adapted to use add_autofile. Slight behavior changes
+ in edge cases that are probably really bug fixes. (smcv)
+ * recentchanges: Use transient underlay (smcv)
+ * map: Avoid unnecessary ul's in maps with nested directories.
+ (Giuseppe Bilotta)
+ * Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced
+ in 3.20101231.
+ * inline: Fix link to nested inlined pages's feeds. (Giuseppe Bilotta)
+ * inline: Add 'id' parameter that can be used when styling individual
+ feedlinks and postforms. (Giuseppe Bilotta)
+
+ -- Joey Hess <joeyh@debian.org> Fri, 25 Feb 2011 17:31:08 -0400
+
+ikiwiki (3.20110124) unstable; urgency=low
+
+ * comments: Fix commenting, broken by security fix.
+ * blogspam: Don't check modifications from admins for spam, and also
+ allow the blogspam_pagespec to do other matches against who the user is.
+ * inline: Fix regression in feed titles. Closes: #610878
+ (Thanks, Paul Wise)
+
+ -- Joey Hess <joeyh@debian.org> Mon, 24 Jan 2011 17:07:44 -0400
+
+ikiwiki (3.20110123) unstable; urgency=low
+
+ * Adapt autoindex test suite to work with old Test::More.
+ * Fix posting by blog form, broken by last release.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 23 Jan 2011 10:12:33 -0400
+
+ikiwiki (3.20110122) unstable; urgency=medium
+
+ * inline: Pass feed titles to templates and add title and rel attributes
+ to feed links. (Giuseppe Bilotta)
+ * inline: Use class rather than id for feedlinks and blogform.
+ (Giuseppe Bilotta)
+ * comments: Fix XSS security hole due to missing validation of page name.
+ CVE-2011-0428 (Thanks, Dave B.)
+ * rename: Fix crash when renaming a page that is linked to by a page
+ in an underlay.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 22 Jan 2011 10:22:25 -0400
+
+ikiwiki (3.20110105) unstable; urgency=low
+
+ * tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta)
+ * tag: Improve display of tags with a slash in their names.
+ (Giuseppe Bilotta)
+ * Fix redirect to use a full url. Was broken (in theory) by baseurl
+ changes in last release.
+ * Fix `<base>` output by cgi to have a full url again, broken by last
+ release.
+ * Fix permalinks to recentchanges items and comments, broken by last
+ release.
+ * Export three cgi env vars needed for CGI->url to work. Fixed
+ openid breakage from last release.
+ * Removed `IkiWiki::misctemplate()` function. Any plugins using
+ it should use `IkiWiki::cgitemplate()` instead.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 05 Jan 2011 17:33:05 -0400
+
+ikiwiki (3.20101231) unstable; urgency=low
+
+ * Better support for serving the same site on multiple urls. (Such as
+ a http and a https url, or a ipv4 and an ipv6 url.)
+ (Thanks, smcv)
+ * API: urlto without a defined second parameter now generates an url
+ that starts with "/" (when possible; eg when the site's url and cgiurl
+ are on the same domain).
+ * Now when users log in via https, ikiwiki sends a secure cookie, that can
+ only be used over https. If the user switches to using http, they will
+ need to re-login. (smcv)
+ * inline: Display feed buttons for nested inlines, linking to the inlined
+ page's feed. (Giuseppe Bilotta)
+ * goldtype: New theme, based on blueview, contributed by Lars Wirzenius.
+ * po: do not override homepage title when it was overridden. (intrigeri)
+ * Set HTML::Template's parent_global_vars option to allow using parameters
+ like title_overridden that do not appear on the template. (intrigeri)
+ (See https://rt.cpan.org/Public/Bug/Display.html?id=64158)
+ * inline: Force an absolute page location when the inline postform is used.
+ * editpage, comment: Clean up title when editing or creating a page or
+ comment.
+ * teximg: Use `\[` and `\]` instead of not recommended `$$`. (Paul Menzel)
+ Closes: #596084
+ * monotone: Improve version parsing to support patch and development
+ versions of the monotone binary. (tommyd3mdi)
+ * highlight: Support highlight 3.2+svn19 (note that released version 3.2
+ is not supported). Closes: #605779 (David Bremner)
+ * Add a second parameter to the rcs_diff hook, and avoid bloating memory
+ reading in enormous commits.
+ * git: Fix bug involving attempting to web revert a commit that included
+ changes to attachments.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 31 Dec 2010 21:23:37 -0400
+
+ikiwiki (3.20101201) unstable; urgency=low
+
+ * meta: Fix calling of htmlscrubber to pass the page parameter.
+ The change of the htmlscrubber to look at page rather than destpage
+ caused htmlscrubber_skip to not work for meta directives.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 01 Dec 2010 20:28:01 -0400
+
+ikiwiki (3.20101129) unstable; urgency=low
+
+ * websetup: Fix encoding problem when restoring old setup file.
+ * more: Add pages parameter to limit where the more is displayed.
+ (thanks, dark)
+ * Fix escaping of filenames in historyurl. (Thanks, aj)
+ * inline: Improve RSS url munging to use a proper html parser,
+ and support all elements that HTML::Tagset knows about.
+ (Which doesn't include html5 just yet, but then the old version
+ didn't either.) Bonus: 4 times faster than old regexp method.
+ * Optimise glob() pagespec. (Thanks, Kathryn and smcv)
+ * highlight: Support new format of filetypes.conf used by version 3.2
+ of the highlight package.
+ * edittemplate: Fix crash if using a .tmpl file or other non-page file
+ as a template for a new page.
+ * git: Fix temp file location.
+ * rename: Fix to pass named parameters to rcs_commit.
+ * git: Avoid adding files when committing, so as not to implicitly add
+ files like recentchanges files that are not normally checked in,
+ when fixing links after rename.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 29 Nov 2010 13:59:10 -0400
+
+ikiwiki (3.20101112) unstable; urgency=HIGH
+
+ * txt: Fix display when used inside a format directive.
+ * highlight: Ensure that other, more-specific format plugins,
+ like txt are used in preference to this one in case of ties.
+ * htmltidy, sortnaturally: Add missing checkconfig hook
+ registration. Closes: #601912
+ (Thanks, Craig Lennox and Tuomas Jormola)
+ * git: Use author date, not committer date. Closes: #602012
+ (Thanks, Tuomas Jormola)
+ * Fix htmlscrubber_skip to be matched on the source page, not the page it is
+ inlined into. Should allow setting to "* and !comment(*)" to scrub
+ comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
+ * comments: Make postcomment() pagespec work when previewing a comment,
+ including during moderation. CVE-2010-1673
+ * comments: Make comment() pagespec also match comments that are being
+ posted. CVE-2010-1673
+
+ -- Joey Hess <joeyh@debian.org> Fri, 12 Nov 2010 00:36:06 -0400
+
+ikiwiki (3.20101023) unstable; urgency=low
+
+ * Fix typo that broke anonymous git push.
+ * Fix web reversion when the srcdir is in a subdir of the git repo.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 23 Oct 2010 16:36:50 -0400
+
+ikiwiki (3.20101019) unstable; urgency=low
+
+ * Fix test suite failure on other side of date line.
+ * htmltidy: Allow configuring tidy parameters in setup file.
+ (W. Trevor King)
+ * Updated French program translation. Closes: #598918
+ * git: Added new rcs_revert and rcs_preprevert hooks.
+ * recentchanges: Add revert buttons to RecentChanges page, and
+ implement web-based reversion interface.
+ * Thanks to Peter Gammie for his assistance with the web-based reversion
+ feature.
+ * actiontabs: More consistent styling of Hn tags.
+ * websetup: Fix saving of advanced mode changes.
+ * websetup: Fix defaults of checkboxes in advanced mode.
+ * monotone: Fix recentchanges page when the srcdir is not at the top
+ of the monotone workspace. Thanks, tommyd.
+ * img: If a class is specified, don't also put the img in the img
+ class.
+ * auto-blog.setup: Don't enable opendiscussion by default; require users be
+ logged in to post comments.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 19 Oct 2010 02:32:23 -0400
+
+ikiwiki (3.20100926) unstable; urgency=low
+
+ * meta: Ensure that the url specified by xrds-location is absolute.
+ * attachment: Fix attachment file size display.
+ * Propigate PATH into wrapper.
+ * htmlbalance: Fix compatibility with HTML::Tree 4.0. (smcv)
+
+ -- Joey Hess <joeyh@debian.org> Sun, 26 Sep 2010 23:02:54 -0400
+
+ikiwiki (3.20100915) unstable; urgency=low
+
+ * needsbuild hook interface changed; the hooks should now return
+ the modified array of things that need built. (Backwards compatibility
+ code keeps plugins using the old interface working.)
+ * Remove PATH overriding code in ikiwiki script that was present to make
+ perl taint checking happy, but taint checking is disabled.
+ * teximg: Use Unicode UTF-8 encoding by default. Closes: #596067
+ Thanks, Paul Menzel.
+ * po: Make the po_master_language use a langpair like "en|English",
+ so it can be configured via the web.
+ * po: Allow enabling via web setup.
+ * po: Auto-upgrade old format settings to new formats when writing
+ setup file.
+ * Pass array of names of files that have been deleted to needsbuild hook
+ as second parameter, to allow for plugins that needs access to this
+ information earlier than the delete hook.
+ * actiontabs: Improve tab padding.
+ * blueview: Fix display of links to translated pages in the page header.
+ * Set isPermaLink="no" for guids in rss feeds.
+ * blogspam: Fix crash when content contained utf-8.
+ * external: Disable RPC::XML's "smart" encoding, which sent ints
+ for strings that contained only a number, fixing a longstanding crash
+ of the rst plugin.
+ * git: When updating from remote, use git pull --prune, to avoid possible
+ errors from conflicting obsolete remote branches.
+ * cutpaste: Fix bug that occured in some cases involving inlines when
+ text was pasted on a page before being cut.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 15 Sep 2010 16:29:01 -0400
+
+ikiwiki (3.20100831) unstable; urgency=low
+
+ * filecheck: Fall back to using the file command if the freedesktop
+ magic file cannot identify a file.
+ * flattr: New plugin. (Thanks to jaywalk for the initial implementation
+ at a flattr plugin! This one is less configurable, but simpler.)
+ * smiley: warn instead of error for missing smileys (Giuseppe Bilotta)
+ * openid: Syntax tweak to the javascript code to make it work with MSIE 7
+ (and MSIE 8 in compat mode). Thanks to Iain McLaren for reporting
+ the bug and providing access to debug it.
+ * style.css: Use relative, not absolute font sizes. Thanks, Giuseppe Bilotta.
+ * htmlscrubber: Do not scrub url anchors that contain colons.
+ * Danish translation update. Closes: #594673
+ * highlight: Make location of highlight's files configurable in setup
+ file to allow for nonstandard installations.
+ * Allow "link(.)" and similar PageSpecs. Thanks, Giuseppe Bilotta.
+ * Run the preprocess hooks in scan mode *before* the scan hooks.
+ This allows the po plugin to register a scan hook that runs
+ last and rescans pages after all data from the first scan pass is
+ completed. This avoids the po plugin needing to rebuild some pages.
+ (intrigeri)
+ * po: Fix some bugs that affected l10n.ikiwiki.info's unusual
+ setup. (intrigeri)
+ * t/bazaar.t: Work around bzr 2.2.0's new requirement to configure
+ bzr whoami before committing.
+ * httpauth: Avoid redirecting the user to the cgiauthurl if
+ they already have a login session.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 31 Aug 2010 14:22:47 -0400
+
+ikiwiki (3.20100815) unstable; urgency=medium
+
+ * Fix po test suite to not assume ikiwiki's underlay is already installed.
+ Closes: #593047
+
+ -- Joey Hess <joeyh@debian.org> Sun, 15 Aug 2010 11:42:55 -0400
+
+ikiwiki (3.20100804) unstable; urgency=low
+
+ * template: Fix dependency tracking. Broken in version 3.20100427.
+ * po: The po_slave_languages setting is now a list, so the order of
+ translated languages can be controlled. (intrigeri)
+ * git: Fix gitweb historyurl examples so "diff to current" links work.
+ (Thanks jrayhawk)
+ * meta: Allow syntax closer to html meta to be used.
+ * Add new disable hook, allowing plugins to perform cleanup after they
+ have been disabled.
+ * Use Digest::SHA built into perl rather than external Digest::SHA1
+ to simplify dependencies. Closes: #591040
+ * Fixes a bug that prevented matching deleted pages when using the page()
+ PageSpec.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 04 Aug 2010 09:20:52 -0400
+
+ikiwiki (3.20100722) unstable; urgency=low
+
+ * img: Add a margin around images displayed by this directive.
+ * comments: Added commentmoderation directive for easy linking to the
+ comment moderation queue.
+ * aggregate: Write timestamp next aggregation can happen to
+ .ikiwiki/aggregatetime, to allow for more sophisticated cron jobs.
+ * Add --changesetup mode that allows easily changing options in a
+ setup file.
+ * openid: Fix handling of utf-8 nicknames.
+ * Clarified what the filter hook should be passed: Only be the raw,
+ complete text of a page. Not a snippet, or data read in from an
+ unrelated file.
+ * template: Do not pass filled in template through filter hook.
+ Avoids causing breakage in po plugin.
+ * color, comments, conditional, cutpaste, more, sidebar, toggle: Also
+ avoid unnecessary calls to filter hook.
+ * po: needstranslation() pagespec can have a percent specified.
+ * Drop Cache-Control must-revalidate (Firefox 3.5.10 does not seem to have
+ the caching problem that was added to work around). Closes: #588623
+ * Made much more robust in cases where multiple source files produce
+ conflicting files/directories in the destdir.
+ * Updated French translation from Philippe Batailler. Closes: #589423
+ * po: Fix selflink display on tranlsated pages. (intrigeri)
+ * Avoid showing 'Add a comment' link at the bottom of the comment post form.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 22 Jul 2010 16:49:05 -0400
+
+ikiwiki (3.20100704) unstable; urgency=low
+
+ * Changes to avoid display of ugly google openids, by displaying
+ a username taken from openid.
+ * API: Add new optional field nickname to rcs_recentchanges.
+ * API: rcs_commit and rcs_commit_staged are now passed named
+ parameters.
+ * openid: Store nickname based on username or email provided from
+ openid provider.
+ * git: Record the nickname from openid in the git author email.
+ * comment: Record the username from openid in the comment page.
+ * Fixed some confusion and bugginess about whether
+ rcs_getctime/rcs_getmtime were passed absolute or relative filenames.
+ (Make it relative like everything else.)
+ * hnb: Fixed broken use of mkstemp that had caused dangling temp files,
+ and prevented actually rendering hnb files.
+ * Use comment template on comments page of example blog.
+ * comment.tmpl: Fix up display when inline uses it to display a non-comment
+ page. (Such as a discussion page.)
+ * git: Added git_wrapper_background_command option. Can be used to eg,
+ make the git wrapper push to github in the background after ikiwiki
+ runs.
+ * po: Added needstranslation() pagespec. (intrigeri)
+ * po: Added support for .html source pages. (intrigeri)
+ * comment: Fix problem moderating comments of certian pages with utf-8
+ in their name.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 04 Jul 2010 16:19:43 -0400
+
+ikiwiki (3.20100623) unstable; urgency=low
+
+ * openid: Add openid_realm and openid_cgiurl configuration options,
+ useful in a few edge case setups.
+ * attachment: Show files from underlay in attachments list.
+ * img: Support hspace and vspace attributes.
+ * editpage: Rename "comments" field to avoid CSS conflict with the
+ comments div.
+ * edittemplate: Make silent mode not disable display when the template
+ page does not exist, so it can be easily created.
+ * edittemplate: Look for template pages under templates/ like everything
+ else (still looks in old location for backwards compatibility).
+ * attachment: When inserting links, insert img directives for images,
+ if that plugin is enabled.
+ * websetup: Allow enabling plugins listed in disable_plugins.
+ * editpage, comments: Fix broken links in sidebar (due to forcebaseurl).
+ (Thanks, privat)
+ * calendar: Tune archive_pagespec to only match pages, not other files.
+ * Fix issues with combining unicode srcdirs and source files.
+ (Workaround bug #586045)
+ * Make --gettime be honored after initial setup.
+ * git: Fix --gettime to properly support utf8 filenames.
+ * attachment: Support Windows paths when taking basename of client-supplied
+ file name.
+ * theme: New plugin, allows easily themeing a site via the underlay.
+ * Added actiontabs theme by Svend Sorensen.
+ * Added blueview theme by Bernd Zeimetz.
+ * mercurial: Fix buggy getctime code. Closes: #586279
+ * link: Enhanced to handle URLs and email addresses. (Bernd Zeimetz)
+
+ -- Joey Hess <joeyh@debian.org> Wed, 23 Jun 2010 14:10:26 -0400
+
+ikiwiki (3.20100610) unstable; urgency=low
+
+ * creation_day() etc use local time, not gmtime. To match calendars, which
+ use local time.
+ * img: Fill in missing height or width when scaling image.
+ * Remove example blog tag pages; allow autotag creation to create them
+ when used.
+ * Fix support for globbing in tagged() pagespecs.
+ * Fix display of sidebar when previewing page edit. (Thanks, privat)
+ * relativedate: Fix problem with localised dates not working.
+ * editpage: Avoid storing accidental state changes when previewing pages.
+ * page.tmpl: Add a div around the page content, and comments, to aide in
+ sidebar styling.
+ * style.css: Improvements to make floating sidebar fit much better on
+ pages with inlines.
+ * calendar: Shorten day names, and improve styling of month calendar.
+ * style.css: Reduced sidebar width back to 20ex from 30; the month calendar
+ will now fit in the smaller width, and 30 was feeling too large.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 10 Jun 2010 14:24:05 -0400
+
+ikiwiki (3.20100518.2) unstable; urgency=low
+
+ * Fix a typo in the last release.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 18 May 2010 14:17:01 -0400
+
+ikiwiki (3.20100518) unstable; urgency=low
+
+ * page.tmpl: Accidentially broke po plugin's otherlanguages list styling
+ when modifying for html5; now fixed.
+ * Fix a bug that prevented matching deleted comments, and so did not update
+ pages that had contained them.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 18 May 2010 13:37:39 -0400
+
+ikiwiki (3.20100515) unstable; urgency=low
+
+ * Removed misc.tmpl. Now to theme ikiwiki, you only need to customise
+ a single template, page.tmpl.
+ * If you have a locally customised page.tmpl, it needs to be updated
+ to set <base> when BASEURL or FORCEBASEURL is set.
+ * comments: Comments pending moderation are now stored in the srcdir
+ alongside accepted comments, but with a `._comment_pending` extension.
+ This allows easier byhand moderation, as the "_pending" need
+ only be stripped off and the comment be committed to version control.
+ * The `comment_pending()` pagespec can be used to match such unmoderated
+ comments, which makes it easy to add a feed of them, or a counter
+ indicating how many there are.
+ * Belatedly added a `comment()` pagespec.
+ * Gave comment and page editing forms some CSS and accessability love.
+ * Renamed postscan hook to indexhtml, to reflect its changed position,
+ and typical use.
+ * inline: Call indexhtml when inlining internal pages, so their
+ text can be indexed for searching.
+ * Delete hooks are passed deleted internal pages.
+ * openid: Incorporated a fancy openid-selector signin form.
+ (Based on http://code.google.com/p/openid-selector/)
+ * openid: Use "openid_identifier" as the form field, as required
+ by OpenID Authentication v2.0 spec.
+ * Removed the openidsignup option. Instead, my recommendation is to
+ leave passwordauth enabled and let people who don't have an openid use it.
+ The openid selector form avoids the UI annoyance of having both openid
+ and passwordauth on one form.
+ * calendar: Allow negative month to be specified. -1 is last month, etc.
+ (And also negative years.)
+ * calendar: Display year in title of month calendar.
+ * Use xhtml friendly pubdate setting.
+ * remove, rename: Add guards against XSRF attacks.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 15 May 2010 21:00:45 -0400
+
+ikiwiki (3.20100504) unstable; urgency=low
+
+ * Add parameter to displaytime to specify that it is a pubdate,
+ and in html5 mode, use time tag.
+ * Add placeholder text in search form (in html5 mode only).
+ * In html5 mode, use all the nice new semantic tags. Care was taken
+ to not change the id/class named used in the CSS, so only CSS
+ that refers to tag types needed to be changed.
+ * Add ACTIONS variable to page.tmpl, which allows plugins to add arbitrary
+ links to the action bar without modifying the template further.
+ (COMMENTSLINK and DISCUSSIONLINK could be folded into this, but
+ are kept separate for now to avoid breaking modified templates.)
+ * websetup: Only display Setup button on admins' preferences page.
+ * graphviz: Fix display of preexisting images in preview mode.
+ * Fixes a bug in skipping of illegal source files introduced in
+ 3.20100427.
+
+ -- Joey Hess <joeyh@debian.org> Tue, 04 May 2010 20:26:20 -0400
+
+ikiwiki (3.20100501) unstable; urgency=low
- * template: Fix typo.
* TMPL_INCLUDE re-enabled for templates read from the templatedir.
(But not in-wiki templates.)
* Version dependency on liburi-perl to >= 1.36; previous versions
did not support building urls from utf-8 strings. Closes: #579713
+ * Ikiwiki can be configured to generate html5 instead of the default xhtml
+ 1.0. The html5 output mode is experimental, not yet fully standards
+ compliant, and will be subject to rapid change.
* htmlscrubber: Allow html5 semantic tags: section, nav, article, aside
hgroup, header, footer, figure, figcaption, time, mark
* htmlscrubber: Also allow some other html5 tags: canvas, progress, meter,
and form. (Also the form* override attributes for input and buttons.)
* htmlscrubber: Allow additional misc html5 attributes: reversed,
spellcheck, and hidden.
+ * template: Fix typo.
- -- Joey Hess <joeyh@debian.org> Tue, 27 Apr 2010 12:10:51 -0400
+ -- Joey Hess <joeyh@debian.org> Sat, 01 May 2010 20:49:28 -0400
ikiwiki (3.20100427) unstable; urgency=low