X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/289b30a47d548326aad9c1dc5252fc0269494c87..f3fd7696cf81bc479d4458d48da1bfcb4eccd68e:/debian/changelog?ds=sidebyside diff --git a/debian/changelog b/debian/changelog index 63e13896e..cb0ee6856 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,231 @@ -ikiwiki (3.20101024) UNRELEASED; urgency=low +ikiwiki (3.20110609) UNRELEASED; urgency=low + + * userlist: New plugin, lets admins see a list of users and their info. + * aggregate: Improve checking for too long aggregated filenames. + * Updated to jQuery 1.6.1. + + -- Joey Hess Thu, 09 Jun 2011 10:06:44 -0400 + +ikiwiki (3.20110608) unstable; urgency=high + + * ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su. + (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel. + (CVE-2011-1408) + * search: Update search page when page.tmpl or searchquery.tmpl are locally + modified. + + -- Joey Hess Fri, 03 Jun 2011 20:30:35 -0400 + +ikiwiki (3.20110431) unstable; urgency=low + + * Danish translation update. Closes: #625721 + * Danish underlay translation update. Closes: #625765 + (Thanks, Jonas Smedegaard) + * Support YAML::XS by not passing decoded unicode to Load. Closes: #625713 + * openid, aggregate, pinger: Use Net::INET6Glue if available to + support making ipv6 connections. (Note that if LWPx::ParanoidAgent + is installed, it defeats this for openid.) + * Add additional directive quoting styles, to better support nested + directives. Both triple-single-quote and heredoc quotes can be used. + (Thanks, Timo Paulssen) + * Changed license of madduck's python plugins from GPL-2 to BSD-2-clause. + * po: support language codes in the form of 'es_AR', and 'arn'. (intrigeri) + Closes: #627844 + * po: Make po4a warn, not error on a malformed document. (intrigeri) + * Support the Hiawatha web server which sets HTTPS=off rather than not + setting it. (There does not seem to be a standard here.) + + -- Joey Hess Fri, 03 Jun 2011 14:38:23 -0400 + +ikiwiki (3.20110430) unstable; urgency=low + + * meta: Allow adding javascript to pages. Only when htmlscrubber is + disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154 + * comments: Add avatar picture of comment author, using Libravatar::URL + when available. The avatar is looked up based on the user's openid, + or email address. (Thanks, Francois Marier) + * Recommend libgravatar-url-perl, which contains Libravatar::URL. + * monotone: Implement rcs_getmtime, and work around a problem with monotone + 0.48 that affects rcs_getctime. (Thanks, Richard Levitte) + * meta: Fix bug in loading of HTML::Entities that can break inline + archive=yes (mostly masked by other plugins that load the module). + * Be quiet about updating wrappers, except in verbose mode. (jmtd) + * meta: Add FOAF support. Closes: #623156 (Jonas Smedegaard) + * Promote Crypt::SSLeay to Recommends; needed for https openid auth. + * tag: Avoid autocreating multiple tag pages that vary only in + capitalization. The first capitalization seen of a tag will be used + for the tag page. + * Fix yaml build dep. Closes: #624712 + + -- Joey Hess Sat, 30 Apr 2011 17:13:24 -0400 + +ikiwiki (3.20110328) unstable; urgency=low + + * Yaml formatted setup files are now produced by default. + (Perl formatted setup files can still be used.) + * Add timezone setting in setup file. This alows time zone to be configured + via the web. + * comment: Better fix to avoid showing comments of subpages, while + not breaking manual inlining of comments. + * meta: Security fix; don't allow alternative stylesheets to be added + on pages where the htmlscrubber is enabled. CVE-2011-1401 + + -- Joey Hess Mon, 28 Mar 2011 12:23:26 -0400 + +ikiwiki (3.20110321) unstable; urgency=low + + * comment: Don't show comments of subpages on parent pages. + (Fixes bug introduced in version 3.20100505.) + * darcs: Fix multiple issues preventing rcs_diff from working. + * aggregate: Read cookies from ~/.ikiwiki/cookies by default. + Also, the cookiejar configuration setting can be used by + other plugins to provide a custom `cookie_jar` object for LWP::UserAgent. + (Thanks, schmonz) + * Avoid escaping / characters in filenames when building the cgiurl, + as this confuses eg, cvsweb. + + -- Joey Hess Mon, 21 Mar 2011 14:45:05 -0400 + +ikiwiki (3.20110225) unstable; urgency=low + + * editpage: Avoid inheriting internal page types. + * htmltidy: Avoid breaking the sidebar when websetup is running. + * transient: New utility plugin that allows transient pages to + be stored in .ikiwiki/transient/ (smcv) + * aggregate: Aggregated content is stored in the transient underlay. + (Existing aggregated content is not moved, since it will eventually + expire and be removed) (smcv) + * autoindex, tag: Added autoindex_commit and tag_autocreate_commit that + can be unset to make index files and tags respectively not be committed, + and instead be stored in the transient underlay. + Closes: #544322 (smcv) + * autoindex: Adapted to use add_autofile. Slight behavior changes + in edge cases that are probably really bug fixes. (smcv) + * recentchanges: Use transient underlay (smcv) + * map: Avoid unnecessary ul's in maps with nested directories. + (Giuseppe Bilotta) + * Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced + in 3.20101231. + * inline: Fix link to nested inlined pages's feeds. (Giuseppe Bilotta) + * inline: Add 'id' parameter that can be used when styling individual + feedlinks and postforms. (Giuseppe Bilotta) + + -- Joey Hess Fri, 25 Feb 2011 17:31:08 -0400 + +ikiwiki (3.20110124) unstable; urgency=low + + * comments: Fix commenting, broken by security fix. + * blogspam: Don't check modifications from admins for spam, and also + allow the blogspam_pagespec to do other matches against who the user is. + * inline: Fix regression in feed titles. Closes: #610878 + (Thanks, Paul Wise) + + -- Joey Hess Mon, 24 Jan 2011 17:07:44 -0400 + +ikiwiki (3.20110123) unstable; urgency=low + + * Adapt autoindex test suite to work with old Test::More. + * Fix posting by blog form, broken by last release. + + -- Joey Hess Sun, 23 Jan 2011 10:12:33 -0400 + +ikiwiki (3.20110122) unstable; urgency=medium + + * inline: Pass feed titles to templates and add title and rel attributes + to feed links. (Giuseppe Bilotta) + * inline: Use class rather than id for feedlinks and blogform. + (Giuseppe Bilotta) + * comments: Fix XSS security hole due to missing validation of page name. + CVE-2011-0428 (Thanks, Dave B.) + * rename: Fix crash when renaming a page that is linked to by a page + in an underlay. + + -- Joey Hess Sat, 22 Jan 2011 10:22:25 -0400 + +ikiwiki (3.20110105) unstable; urgency=low + + * tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta) + * tag: Improve display of tags with a slash in their names. + (Giuseppe Bilotta) + * Fix redirect to use a full url. Was broken (in theory) by baseurl + changes in last release. + * Fix `` output by cgi to have a full url again, broken by last + release. + * Fix permalinks to recentchanges items and comments, broken by last + release. + * Export three cgi env vars needed for CGI->url to work. Fixed + openid breakage from last release. + * Removed `IkiWiki::misctemplate()` function. Any plugins using + it should use `IkiWiki::cgitemplate()` instead. + + -- Joey Hess Wed, 05 Jan 2011 17:33:05 -0400 + +ikiwiki (3.20101231) unstable; urgency=low + + * Better support for serving the same site on multiple urls. (Such as + a http and a https url, or a ipv4 and an ipv6 url.) + (Thanks, smcv) + * API: urlto without a defined second parameter now generates an url + that starts with "/" (when possible; eg when the site's url and cgiurl + are on the same domain). + * Now when users log in via https, ikiwiki sends a secure cookie, that can + only be used over https. If the user switches to using http, they will + need to re-login. (smcv) + * inline: Display feed buttons for nested inlines, linking to the inlined + page's feed. (Giuseppe Bilotta) + * goldtype: New theme, based on blueview, contributed by Lars Wirzenius. + * po: do not override homepage title when it was overridden. (intrigeri) + * Set HTML::Template's parent_global_vars option to allow using parameters + like title_overridden that do not appear on the template. (intrigeri) + (See https://rt.cpan.org/Public/Bug/Display.html?id=64158) + * inline: Force an absolute page location when the inline postform is used. + * editpage, comment: Clean up title when editing or creating a page or + comment. + * teximg: Use `\[` and `\]` instead of not recommended `$$`. (Paul Menzel) + Closes: #596084 + * monotone: Improve version parsing to support patch and development + versions of the monotone binary. (tommyd3mdi) + * highlight: Support highlight 3.2+svn19 (note that released version 3.2 + is not supported). Closes: #605779 (David Bremner) + * Add a second parameter to the rcs_diff hook, and avoid bloating memory + reading in enormous commits. + * git: Fix bug involving attempting to web revert a commit that included + changes to attachments. + + -- Joey Hess Fri, 31 Dec 2010 21:23:37 -0400 + +ikiwiki (3.20101201) unstable; urgency=low + + * meta: Fix calling of htmlscrubber to pass the page parameter. + The change of the htmlscrubber to look at page rather than destpage + caused htmlscrubber_skip to not work for meta directives. + + -- Joey Hess Wed, 01 Dec 2010 20:28:01 -0400 + +ikiwiki (3.20101129) unstable; urgency=low + + * websetup: Fix encoding problem when restoring old setup file. + * more: Add pages parameter to limit where the more is displayed. + (thanks, dark) + * Fix escaping of filenames in historyurl. (Thanks, aj) + * inline: Improve RSS url munging to use a proper html parser, + and support all elements that HTML::Tagset knows about. + (Which doesn't include html5 just yet, but then the old version + didn't either.) Bonus: 4 times faster than old regexp method. + * Optimise glob() pagespec. (Thanks, Kathryn and smcv) + * highlight: Support new format of filetypes.conf used by version 3.2 + of the highlight package. + * edittemplate: Fix crash if using a .tmpl file or other non-page file + as a template for a new page. + * git: Fix temp file location. + * rename: Fix to pass named parameters to rcs_commit. + * git: Avoid adding files when committing, so as not to implicitly add + files like recentchanges files that are not normally checked in, + when fixing links after rename. + + -- Joey Hess Mon, 29 Nov 2010 13:59:10 -0400 + +ikiwiki (3.20101112) unstable; urgency=HIGH * txt: Fix display when used inside a format directive. * highlight: Ensure that other, more-specific format plugins, @@ -10,9 +237,13 @@ ikiwiki (3.20101024) UNRELEASED; urgency=low (Thanks, Tuomas Jormola) * Fix htmlscrubber_skip to be matched on the source page, not the page it is inlined into. Should allow setting to "* and !comment(*)" to scrub - comments, but leave your blog posts unscrubbed, etc. + comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673 + * comments: Make postcomment() pagespec work when previewing a comment, + including during moderation. CVE-2010-1673 + * comments: Make comment() pagespec also match comments that are being + posted. CVE-2010-1673 - -- Joey Hess Mon, 25 Oct 2010 22:30:29 -0400 + -- Joey Hess Fri, 12 Nov 2010 00:36:06 -0400 ikiwiki (3.20101023) unstable; urgency=low