X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/122f6df3259e8ca1dd96554d08cebce4b5c55acc..2b1857135def154369e4ee33a565861272643b43:/debian/NEWS diff --git a/debian/NEWS b/debian/NEWS index 908cfdb15..e169658ea 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,4 +1,274 @@ -ikiwiki (2.31) unstable; urgency=low +ikiwiki (3.20160506) unstable; urgency=medium + + To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities, + the [[!img]] directive is now restricted to these common web formats by + default: + + * JPEG (.jpg, .jpeg) + * PNG (.png) + * GIF (.gif) + * SVG (.svg) + + (In particular, by default resizing PDF files is no longer allowed.) + + Additionally, resized SVG files are displayed in the browser as SVG + instead of being converted to PNG. + + If all users who can attach images are fully trusted, this restriction + can be removed with the new img_allowed_formats setup option. + See + or for + more details. + + -- Simon McVittie Fri, 06 May 2016 07:49:56 +0100 + +ikiwiki (3.20150610) unstable; urgency=low + + The new "emailauth" plugin allows users to authenticate using an email + address, without otherwise creating an account. + + The openid plugin now enables emailauth by default. Please include + emailauth in the disable_plugins setting if this is not desired. + Conversely, if emailauth is required on a wiki that does not enable + openid, you can list it in the enable_plugins setting. + + -- Simon McVittie Wed, 10 Jun 2015 21:56:56 +0100 + +ikiwiki (3.20150107) experimental; urgency=medium + + By default, this version of IkiWiki tells mobile browsers that its + layout is suitable for small screens. The default layout and the + actiontabs, blueview, goldtype and monochrome themes have been adjusted. + + If you have custom CSS that does not work in a small window (a typical + phone is 320 to 400 CSS pixels wide), please set the new responsive_layout + config option to 0. + + -- Simon McVittie Mon, 05 Jan 2015 23:48:42 +0000 + +ikiwiki (3.20110122) unstable; urgency=low + + If you have custom CSS that uses "#feedlinks" or "#blogform", you will + need to change it to instead use ".feedlinks" and ".blogform" + + -- Joey Hess Fri, 14 Jan 2011 14:34:54 -0400 + +ikiwiki (3.20100515) unstable; urgency=low + + There are two significant changes to the page.tmpl template in this version. + If you have a locally modified version of that template, you will need to + update it at least to contain the following in the HTML : + + + + + + + + Also, the footer should be wrapped in ... + + There is a new "comment()" pagespec, that can be used to match a + comment on a page. It is recommended it be used instead of the old + method of using a pagespec such as "internal(comment_*)" to match + things that looked like comments. The old pagespec will now also match + comments that are held for moderation; likely not what you want. + + There have also been some changes to the style.css in this version, + particularly to support the new openid selector. If you have a modified + version, of style.css, updating it (or moving it to local.css) is + recommended. + + -- Joey Hess Wed, 05 May 2010 21:47:08 -0400 + +ikiwiki (3.20100427) unstable; urgency=low + + This version of ikiwiki has a lot of changes that you need to know about. + + Now you can include customised versions of templates in the source + of your wiki. (For example, templates/page.tmpl.) When these templates + are changed, ikiwiki will automatically rebuild pages that use them. + + Allowing untrusted users to upload attachments with the ".tmpl" + extension is not recommended, as that allows anyone to change + a wiki's templates. + + The --getctime switch is renamed to --gettime, and it also gets the + file modification time. And it's a lot faster (when using git). But + the really important change is, you don't have to remember to use this + switch. Now ikiwiki will do it when it needs to. + + At last, the "tagged()" pagespec only matches tags, not regular wikilinks. + If your wiki accidentially relied on the old, buggy behavior, you might + need to change its pagespecs to use "link()". + + Many of your wishes have been answered: Now tag pages can automatically be + created when new tags are used. This feature is enabled by default if you + have configured a tagbase. It can be turned on or off using the + tag_autocreate setting. + + These changes may also affect some users: + + * The title_natural sort method (as used by the inline directive, etc) + has been moved to the new sortnaturally plugin, which is not enabled + by default since it requires the Sort::Naturally perl module. + + * The add_templates option has been removed from the underlay plugin. + If you used this option, you can instead use templates/ subdirectories + inside underlay directories added by the add_underlays option. + + Due to the above and other changes, all wikis need to be rebuilt on + upgrade to this version. If you listed your wiki in /etc/ikiwiki/wikilist + this will be done automatically when the Debian package is upgraded. Or + use ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Tue, 27 Apr 2010 00:00:00 -0400 + +ikiwiki (3.20091017) unstable; urgency=low + + To take advantage of significant performance improvements, all + wikis need to be rebuilt on upgrade to this version. If you + listed your wiki in /etc/ikiwiki/wikilist this will be done + automatically when the Debian package is upgraded. Or use + ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Mon, 05 Oct 2009 16:48:59 -0400 + +ikiwiki (3.1415926) unstable; urgency=low + + In order to fix a performance bug, all wikis need to be rebuilt on + upgrade to this version. If you listed your wiki in + /etc/ikiwiki/wikilist this will be done automatically when the + Debian package is upgraded. Or use ikiwiki-mass-rebuild to force + a rebuild. + + -- Joey Hess Tue, 25 Aug 2009 17:24:43 -0400 + +ikiwiki (3.13) unstable; urgency=low + + The `ikiwiki-transition deduplinks` command introduced in the + last release was buggy. If you followed the NEWS file instructions + and ran it, you should run `ikiwiki --setup` to rebuild your wiki + to fix the problem. + + -- Joey Hess Fri, 22 May 2009 13:04:02 -0400 + +ikiwiki (3.12) unstable; urgency=low + + You may want to run `ikiwiki-transition deduplinks your.setup` + after upgrading to this version of ikiwiki. This command will + optimise your wiki's saved state, removing duplicate information + that can slow ikiwiki down. + + -- Joey Hess Wed, 06 May 2009 00:25:06 -0400 + +ikiwiki (3.01) unstable; urgency=low + + If your wiki uses git, and you have a `diffurl` configured in + its setup file, you should be aware that gitweb has stopped + supporting the url form commonly used for the `diffurl`. + + You can change your setup to use the newer gitweb url form: + + http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]] + + The changes from the old form are the addition of the `hpb` parameter, + and the change to the value used for the `hb` parameter. + + -- Joey Hess Mon, 05 Jan 2009 18:18:05 -0500 + +ikiwiki (3.00) unstable; urgency=low + + The 3.0 release of ikiwiki changes several defaults and finishes + some transitions. You will need to modify your wikis to work with + ikiwiki 3.0. A document explaining the process is available + in + + -- Joey Hess Tue, 23 Dec 2008 16:14:18 -0500 + +ikiwiki (2.62) unstable; urgency=low + + TexImg standard preamble changed + + The teximg plugin now has a configurable LaTeX preamble. + As part of this change the `mchem` LaTeX package has been removed from + the default LaTeX preamble as it wasn't included in many TeX installations. + + The previous behaviour can be restored by adding the following to your + ikiwiki setup: + + teximg_prefix => '\documentclass{scrartcl} + \usepackage[version=3]{mhchem} + \usepackage{amsmath} + \usepackage{amsfonts} + \usepackage{amssymb} + \pagestyle{empty} + \begin{document}', + + In addition, the rendering mechanism has been changed to use `dvipng` by + default, if available. + + -- Joey Hess Sun, 24 Aug 2008 15:00:40 -0400 + +ikiwiki (2.60) unstable; urgency=low + + Admin preferences are moving from the web interface to the setup file. + There are three new options in the setup file: `locked_pages`, `banned_users`, + and `allowed_attachments`. The admin prefs page can still be used, but + that's deprecated, and the prefs will be hidden if a value is not already + set. If a value is set in the web interface, you're encouraged to move that + setting to your setup file now, since version 3.0 will remove the deprecated + admin prefs web interface. + + Also, the layout of the setup file has changed in a significant way in this + release. Old setup files will continue to work, but new features, like the + new websetup interface, require a new format setup file. You can convert + old setup files into the new format by running + `ikiwiki-transition setupformat ikiwiki.setup` + + -- Joey Hess Fri, 01 Aug 2008 17:02:14 -0400 + +ikiwiki (2.52) unstable; urgency=low + + All wikis need to be rebuilt on upgrade to this version. If you listed your + wiki in /etc/ikiwiki/wikilist this will be done automatically when the + Debian package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Sun, 06 Jul 2008 15:10:05 -0400 + +ikiwiki (2.49) unstable; urgency=low + + The search plugin no longer uses hyperestraier. Instead, to use it you + will now need to install xapian-omega, and the Search::Xapian, + HTML::Scrubber, and Digest::SHA1 perl modules. Ie, + `apt-get install xapian-omega libsearch-xapian-perl libhtml-scrubber-perl libdigest-sha1-perl` + + Also, wikis that use the search plugin will need to be rebuilt, + since the search form has changed. This will not be done automatically, + but can be done by running `ikiwiki-mass-upgrade` as root, or + running `ikiwiki --setup` on individual setup files. + + -- Joey Hess Wed, 04 Jun 2008 00:29:28 -0400 + +ikiwiki (2.48) unstable; urgency=high + + If you allowed password based logins to your wiki, those passwords were + stored in cleartext in the userdb. To guard against exposing users' + passwords, I recommend you install the Authen::Passphrase perl module, and + then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all + existing cleartext passwords with strong (blowfish) hashes. + + -- Joey Hess Thu, 29 May 2008 14:39:34 -0400 + +ikiwiki (2.46) unstable; urgency=low + + There were some significant template changes in ikiwiki 2.42 (and 1.33.5). + If you have locally modified versions of the templates, they need to be + updated. Most notably, the editpage.tmpl has a new FIELD-SID added to it, + without which web editing will fail. + + -- Joey Hess Tue, 06 May 2008 14:30:14 -0400 + +ikiwiki (2.40) unstable; urgency=low ikiwiki now has an new syntax for preprocessor directives, using the prefix '!': @@ -18,15 +288,12 @@ ikiwiki (2.31) unstable; urgency=low in their setup files. To convert your wiki to the new syntax, ikiwiki provides a new script - ikiwiki-transition. It will convert preprocessor directives in - all files given on the command line. To convert an entire wiki: - - find wikidir/ -type f -name '*.mdwn' -print0 | xargs -0 ikiwiki-transition prefix_directives + ikiwiki-transition. Even with prefix_directives disabled, ikiwiki now allows an optional '!' prefix on preprocessor directives (but still requires a space). Thus, a directive which uses a '!' prefix and contains a space will work with - ikiwiki 2.21 and newer, regardless of the value of prefix_directives. + ikiwiki 2.40 and newer, regardless of the value of prefix_directives. This allows the underlay to work with all ikiwikis. -- Josh Triplett Sat, 26 Jan 2008 16:26:47 -0800 @@ -49,8 +316,8 @@ ikiwiki (2.30) unstable; urgency=low from this version. If you were subscribed to commit mails, you should be able to accomplish the same thing by subscribing to a RecentChanges feed. - The "svnrepo" and "notify" fields in setup files are no longer used, and - silently ignored. You may want to remove them from your setup file. + The "notify" field in setup files is no longer used, and + silently ignored. You may want to remove it from your setup file. -- Joey Hess Tue, 29 Jan 2008 17:18:31 -0500 @@ -80,7 +347,7 @@ ikiwiki (2.14) unstable; urgency=low This version of ikiwiki is more picky about symlinks in the path leading to the srcdir, and will refuse to use a srcdir specified by such a path. - This was necessary to avoid some potential exploits, but could potentially + This was necessary to avoid some potential exploits, but could potentially break (semi-)working wikis. If your wiki has a srcdir path containing a symlink, you should change it to use a path that does not.