-ikiwiki (3.20150611) UNRELEASED; urgency=medium
+ikiwiki (3.20160506) unstable; urgency=medium
- * inline: change default sort order from age to "age title" for determinism
+ [ Simon McVittie ]
+ * img: stop ImageMagick trying to be clever if filenames contain a colon,
+ avoiding mis-processing
+ * HTML-escape error messages, in one case avoiding potential cross-site
+ scripting (OVE-20160505-0012)
+ * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
+ - img: force common Web formats to be interpreted according to extension,
+ so that "allowed_attachments: '*.jpg'" does what one might expect
+ - img: restrict to JPEG, PNG and GIF images by default, again mitigating
+ CVE-2016-3714 and similar vulnerabilities
+ - img: check that the magic number matches what we would expect from
+ the extension before giving common formats to ImageMagick
+ * d/control: use https for Homepage
+ * d/control: add Vcs-Browser
+
+ [ Joey Hess ]
+ * img: Add back support for SVG images, bypassing ImageMagick and
+ simply passing the SVG through to the browser, which is supported by all
+ commonly used browsers these days.
+ SVG scaling by img directives has subtly changed; where before
+ size=wxh would preserve aspect ratio, this cannot be done when passing
+ them through and so specifying both a width and height can change
+ the SVG's aspect ratio.
+ * loginselector: When only openid and emailauth are enabled, but
+ passwordauth is not, avoid showing a "Other" box which opens an
+ empty form.
+
+ [ Amitai Schlair ]
+ * mdwn: Process .md like .mdwn, but disallow web creation.
+
+ [ Florian Wagner ]
+ * git: Correctly handle filenames starting with a dash in add/rm/mv.
+
+ -- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 07:54:26 +0100
- -- Simon McVittie <smcv@debian.org> Thu, 11 Jun 2015 08:32:35 +0100
+ikiwiki (3.20160121) unstable; urgency=medium
+
+ [ Amitai Schlair ]
+ * meta: Fix [[!meta name=foo]] by closing the open quote.
+ * Avoid unescaped "{" in regular expressions
+ * meta test: Add tests for many behaviors of the directive.
+ * img test: Bail gracefully when ImageMagick is not present.
+
+ [ Joey Hess ]
+ * emailauth: Added emailauth_sender config.
+ * Modified page.tmpl to to set html lang= and dir= when
+ values have been specified for them, which the po plugin does.
+ * Specifically license the javascript underlay under the permissive
+ basewiki license.
+
+ [ Simon McVittie ]
+ * git: if no committer identity is known, set it to
+ "IkiWiki <ikiwiki.info>" in .git/config. This resolves commit errors
+ in versions of git that require a non-trivial committer identity.
+ * inline, trail: rename show, feedshow parameters to limit, feedlimit
+ (with backwards compatibility)
+ * pagestats: add "show" option to show meta fields. Thanks, Louis
+ * inline: force RSS <comments> to be a fully absolute URL as required
+ by the W3C validator. Please use Atom feeds if relative URLs are
+ desirable on your site.
+ * inline: add <atom:link rel="self"> to RSS feeds as recommended by
+ the W3C validator
+ * inline: do not produce links containing /./ or /../
+ * syslog: accept and encode UTF-8 messages
+ * syslog: don't fail to log if the wiki name contains %s
+ * Change dependencies from transitional package perlmagick
+ to libimage-magick-perl (Closes: #789221)
+ * debian/copyright: update for the rename of openid-selector to
+ login-selector
+ * d/control: remove leading article from Description
+ (lintian: description-synopsis-starts-with-article)
+ * d/control: Standards-Version: 3.9.6, no changes required
+ * Wrap and sort control files (wrap-and-sort -abst)
+ * Silence "used only once: possible typo" warnings for variables
+ that are part of modules' APIs
+ * Run autopkgtest tests using autodep8 and the pkg-perl team's
+ infrastructure
+ * Add enough build-dependencies to run all tests, except for
+ non-git VCSs
+ * tests: consistently use done_testing instead of no_plan
+ * t/img.t: do not spuriously skip
+ * img test: skip testing PDFs if unsupported
+ * img test: use the right filenames when testing that deletion occurs
+
+ -- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 09:53:07 +0000
+
+ikiwiki (3.20150614) unstable; urgency=medium
+
+ * inline: change default sort order from age to "age title" for
+ determinism, partially fixing deterministic build for git-annex,
+ ikiwiki-hosting etc. (Closes: #785757)
+ * img: avoid ImageMagick misinterpreting filenames containing a colon
+ * img test: set old timestamp on source file that will change, so that
+ the test will pass even if it takes less than 1 second
+
+ -- Simon McVittie <smcv@debian.org> Sun, 14 Jun 2015 18:13:23 +0100
ikiwiki (3.20150610) unstable; urgency=low