X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/031ec6a47cc81eb1b6f8be708381b30c29785882..376944cb026945ab597db01eb1e3aea4fa320007:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 3ebc0b044..34f15320b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,191 @@ -ikiwiki (2.16) UNRELEASED; urgency=low +ikiwiki (2.31.1) unstable; urgency=low + + * htmlscrubber security fix: Block javascript in uris. + * Add htmlscrubber test suite. + + -- Joey Hess Sun, 10 Feb 2008 13:22:59 -0500 + +ikiwiki (2.31) unstable; urgency=low + + [ Joey Hess ] + * Revert preservation of input file modification times in output files, + since this leads to too many problems with web caching, especially with + inlined pages. Properly solving this would involve tracking every page + that contributes to a page's content and using the youngest of them all, + as well as special cases for things like the version plugin, and it's just + too complex to do. + * aggregate: Forking a child broke the one state that mattered: Forcing + the aggregating page to be rebuilt. Fix this. + * cgi hooks are now run before ikiwiki state is loaded. + * This allows locking the wiki before loading state, which avoids some + tricky locking code when saving a web edit. + * poll: This plugin turns out to have edited pages w/o doing any locking. + Oops. Convert it from a cgi to a sessioncgi hook, which will work + much better. + * recentchanges: Improve handling of links on the very static changes pages + by thunking to the CGI, which can redirect to the page, or allow it to be + created if it doesn't exist. + * recentchanges: Exipre all *._change pages, even if the directory + they're in has changed. + * aggregate: Lots of changes; aggregation can now run without locking the + wiki, and there is a separate aggregatelock to prevent multiple concurrent + aggregation runs. + * monotone changes by Brian May: + - On commits, replace "mtn sync" bidirectional with "mtn push" single + direction. No need to pull changes when doing a commit. mtn sync + is still called in rcs_update. + - Support for viewing differences via patches using viewmtn. + * inline: When previewing, still call will_render on rss/atom files, + just avoid actually writing the files. This is necessary because ikiwiki + saves state after a preview (in case it actually *did* write files), + and if will_render isn't called its security checks will get upset + when the page is saved. Thanks to Edward Betts for his help tracking this + tricky bug down. + * inline: Add new `allowrss` and `allowatom` config options. These can be + used if you want a wiki that doesn't default to generating rss or atom + feeds, but that does allow them to be turned on for specific blogs. + * Don't die if running with --getctime and rcs_getctime throws an error. + There are several cases (recentchanges files, aggregated files) + where some source files are not in revision control. + * Page templates can now use CTIME to show when the page was created. + + [ Josh Triplett ] + * README.Debian: Mention user wikilists. + + -- Joey Hess Sat, 09 Feb 2008 23:09:45 -0500 + +ikiwiki (2.30) unstable; urgency=low + + [ Joey Hess ] + * Old versions of git-init don't support --git-dir or GIT_DIR with + --bare. Change ikiwiki-makerepo to use a method that should work with + those older versions too. + * aggregate: Don't let feeds set creation times for pages in the future. + * Add full parser for git diff-tree output (Brian Downing) + * aggregate: Fork a child process to handle the aggregation. This simplifies + the code, since that process can change internal state as needed, and + it will automatically be cleaned up for the parent process, which proceeds + to render the changes. + + [ Josh Triplett ] + * Add trailing comma to commented-out umask in sample ikiwiki.setup, so + that uncommenting it does not break the setup file. + + [ Joey Hess ] + * inline: The template can check for FIRST and LAST, which will be + set for the first and last inlined page. Useful for templates that build + tables and the like. + * prettydate,ddate: Don't ignore time formats passed to displaytime + function. + * Pages with extensions starting with "_" are internal-use, and will + not be rendered or web-edited, or matched by normal pagespecs. + * Add "internal()" pagespec that matches internal-use pages. + * RecentChanges is now a static html page, that's updated whenever a commit + is made to the wiki. It's built as a blog using inline, so it can have + an rss feed that users can subscribe to. + * Removed support for sending commit notification mails. Along with it went + the svnrepo and notify settings, though both will be ignored if left in + setup files. Also gone with it is the "user()" pagespec. + * Add refresh hook. + * meta: Add pagespec functions to match against title, author, authorurl, + license, and copyright. This can be used to create custom RecentChanges. + * meta: To support the pagespec functions, metadata about pages has to be + retained as pagestate. + * Fix encoding bug when pagestate values contained spaces. + * Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for + his independent work on bzr support. + * Copyright file updates. + + -- Joey Hess Sat, 02 Feb 2008 17:41:57 -0500 + +ikiwiki (2.20) unstable; urgency=low + + * inline: Add copyright/license info on a per-post basis to atom + feeds if available. (rss doesn't allow such info on a per-post basis) + * Also include overall copyright/license and author info in atom feeds if + available. + * meta: Allow copyright/license metadata to contain arbitrary markup. + * Call preprocessor hooks in void context during the scan pass. This allows + the hook to determine if it's just scanning, and avoid expensive + operations. + * img: Detect scan mode and avoid generating and writing the image file + during it, for a 2x speedup. + * meta: Run in scan mode again (more intelligently) and re-add support for + meta link. + * Fix support for the case where metadata appears after an inline directive + that needs to use it. This was broken in version 2.16. + * template: Remove bogus htmlize pass added in 2.16. + * template: Htmlize template variables, but also provide a raw version + via ``. + * When htmlizing text, if the input is a single line with no newline, + and the htmlizer (such as markdown and textile) generates a html + paragraph, remove it. This allows removing several hacks from other + plugins that htmlize fragements of pages. + * In preferences, allow the subscriptions and email fields to be cleared. + * teximg: Fix to support the same formula on multiple pages. + + -- Joey Hess Thu, 10 Jan 2008 14:52:57 -0500 + +ikiwiki (2.19) unstable; urgency=low + + * Only try postsignin if no other action matched. Fixes a bug where the + user goes back from the signin screen and does something else. + * Improve behavior when trying to sign in with no cookies. + * Improved the canedit hook interface, allowing a callback function to be + returned (and not run in some cases) rather than the plugins directly + forcing a user to log in. + * opendiscussion: allow editing of the toplevel discussion page, + and, indirectly, allow creating new discussion pages. + * Add a prereq on Data::Dumper 2.11 or better, needed to dump q// objects. + * htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/' + and 'p/'. + * aggregate: Include copyright statements from rss feed as meta copyright + directives. + * aggregate: Yet another state saving fix (sigh). + * aggregate: Add hack to support feeds with invalidly escaped html entities. + + -- Joey Hess Tue, 08 Jan 2008 20:43:18 -0500 + +ikiwiki (2.18) unstable; urgency=low + + * Split error messages for failures to drop real uid and gid. + * Retry dropping uid and gid, possibly this will help with the "Resource + temporarily unavailable" failures I've experienced under xen. + * Stop testing Encode::is_utf8 in decode_form_utf8: That doesn't work. + * decode_form_utf8 only fixed the utf-8 encoding for fields that were + registered at the time it was called, which was before the + formbuilder_setup hook. Fields added by the hook didn't get decoded. + But it can't be put after the hook either, since plugins using the hook + need to be able to use form values. To fix this dilemma, it's been changed + to a decode_cgi_utf8, which is called on the cgi query object, before the + form is set up, and decodes *all* cgi parameters. + * aggregate: Only save state if it was already loaded. This didn't used to + matter, but after recent changes, state is not always loaded, and saving + would kill it. + * table: Fix dependency tracking for external data files. Closes: #458387 + + -- Joey Hess Sat, 05 Jan 2008 02:15:18 -0500 + +ikiwiki (2.17) unstable; urgency=low + + * Improved parentlinks special case for index pages. + * redir: Support for specifying anchors. + * img: Avoid nesting images when linking to another image. Closes: #457780 + * img: Allow the link parameter to point to an exterior url. + * conditional: Improve regexp testing for simple uses of pagespecs + that match only the page using the directive, adding 'included()' + and supporting negated pagespecs and added whitespace. + * map: Fix handling of common prefix to handle the case where it's + in a subdirectory. Patch by Larry Clapp. + * aggregate: Fix stupid mistake introduced when converting it to use + the needsbuild hook. This resulted in feeds not being removed when pages + were updated, and feeds sometimes being forgotten about. + * aggregate: Avoid uninitialised value warning when removing a feed that + has an expired guid. + + -- Joey Hess Sun, 30 Dec 2007 14:57:44 -0500 + +ikiwiki (2.16) unstable; urgency=low * Major basewiki reorganisation. Most pages moved into ikiwiki/ subdirectory to avoid polluting the main namespace, and some were further renamed. @@ -18,8 +205,52 @@ ikiwiki (2.16) UNRELEASED; urgency=low * calendar: Work around block html parsing bug in markdown 1.0.1 by enclosing the calendar in an extra div. * Fix file pruning code to work if ikiwiki is run with "." as the srcdir. - - -- Joey Hess Mon, 03 Dec 2007 14:47:36 -0500 + * Add an edittemplate plugin, allowing registering template pages, that + provide default content for new pages created using the web frontend. + * Change formbuilder hook to not be responsible for displaying a form, + so that more than one plugin can use this hook. + I believe this is a safe change, since only passwordauth uses this hook. + (If some other plugin already used it, it would have broken passwordauth!) + * Ensure that web edited pages always end in a newline. + * Avoid unnecessary stat calls to get mtime when rendering pages, use + cached value. + * Preserve input file modification times in output files. + * Allow dashes in preprocessor directive commands, and shortcuts. + * Htmlize parameters passed to the template preprocessor directive before + inserting them into the html template. This ensures that markdown + acts on them, even if the value is expanded inside a block-level html + element in the html template. Closes: #454058 + * Use a div in the note template rather than a span. + * shortcut: Expand %S to the raw input text, not url-encoded. + * Don't increment feed numbers when an inline has no feeds. (Nis Martensen) + * Allow editing a page and deleting all content, while still disallowing + creating a new page that's entirely empty. + * meta: Drop support for "meta link", since supporting this for internal + links required meta to be run during scan, which complicated its data + storage, since it had to clear data stored during the scan pass to avoid + duplicating it during the normal preprocessing pass. + * If you used "meta link", you should switch to either "meta openid" (for + openid delegations), or tags (for internal, invisible links). I assume + that nobody really used "meta link" for external, non-openid links, since + the htmlscrubber ate those. (Tell me differently and I'll consider bringing + back that support.) + * meta: Improved data storage. + * meta: Drop the hackish filter hook that was used to clear + stored data before preprocessing, this hack was ugly, and broken (cf: + liw's disappearing openids). + * aggregate: Convert filter hook to a needsbuild hook. + * map: Don't inline images. + * brokenlinks: Don't list the same link multiple times. (%links might + contain multiple copies of the same link) + * git: Correct display of multiline commit messages in recentchanges. + * Re-organise dependencies and recommends now that recommends are installed + by default. + * Don't refuse to render files with ".." in their name. (Anchor the regexp.) + * Work around perl taint checking bug #411786, where perl sometimes randomly + sets the taint flag on untainted variables, by disabling taint checking + in the deb. This sucks. + + -- Joey Hess Tue, 18 Dec 2007 16:37:22 -0500 ikiwiki (2.15) unstable; urgency=low