X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/2d24281a3abcff8f122a5899c7dee4db29acb00a..a74c5efd82cf6d093dde77b2ddaa5394260c6dd9:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index bb9a43692..fbcd6fac1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,97 @@
-ikiwiki (3.20100705) UNRELEASED; urgency=low
+ikiwiki (3.20100815.9) stable-security; urgency=high
+
+  * meta: Security fix; add missing sanitization of author and authorurl.
+    CVE-2012-0220 Thanks, Raúl Benencia
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 16 May 2012 19:51:27 -0400
+
+ikiwiki (3.20100815.8) stable-security; urgency=low
+
+  * ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su.
+    (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel.
+    (CVE-2011-1408)
+  * po: Make po4a warn, not error on a malformed document. (intrigeri)
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 08 Jun 2011 17:34:56 -0400
+
+ikiwiki (3.20100815.7) stable-security; urgency=high
+
+  * meta: Security fix; don't allow alternative stylesheets to be added on
+    pages where the htmlscrubber is enabled. CVE-2011-1401
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 28 Mar 2011 12:35:13 -0400
+
+ikiwiki (3.20100815.6) testing; urgency=low
+
+  * comments: Fix commenting, broken by security fix.
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 24 Jan 2011 16:56:05 -0400
+
+ikiwiki (3.20100815.5) testing; urgency=low
+
+  * comments: Fix XSS security hole due to missing validation of page name.
+    CVE-2011-0428 (Thanks, Dave B.)
+
+ -- Joey Hess <joeyh@debian.org>  Sat, 22 Jan 2011 11:02:59 -0400
+
+ikiwiki (3.20100815.4) testing; urgency=low
+
+  * meta: Fix calling of htmlscrubber to pass the page parameter.
+    The change of the htmlscrubber to look at page rather than destpage
+    caused htmlscrubber_skip to not work for meta directives.
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 29 Nov 2010 14:44:13 -0400
+
+ikiwiki (3.20100815.2) testing; urgency=low
+
+  * Bugfix-only cherry-pick release for Debian squeeze.
+  * Fix htmlscrubber_skip to be matched on the source page, not the page it is
+    inlined into. Should allow setting to "* and !comment(*)" to scrub
+    comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
+  * comments: Make postcomment() pagespec work when previewing a comment,
+    including during moderation. CVE-2010-1673
+  * comments: Make comment() pagespec also match comments that are being
+    posted. CVE-2010-1673
+  * openid: Syntax tweak to the javascript code to make it work with MSIE 7
+    (and MSIE 8 in compat mode). Thanks to Iain McLaren for reporting
+    the bug and providing access to debug it.
+  * blogspam: Fix crash when content contained utf-8.
+  * external: Disable RPC::XML's "smart" encoding, which sent ints
+    for strings that contained only a number, fixing a longstanding crash
+    of the rst plugin.
+  * websetup: Fix saving of advanced mode changes.
+  * websetup: Fix defaults of checkboxes in advanced mode.
+  * Fix test suite failure on other side of date line.
+  * Set isPermaLink="no" for guids in rss feeds. 
+  * sortnaturally: Added missing registration of checkconfig hook.
+
+ -- Joey Hess <joeyh@debian.org>  Fri, 12 Nov 2010 11:09:39 -0400
+
+ikiwiki (3.20100815) unstable; urgency=medium
+
+  * Fix po test suite to not assume ikiwiki's underlay is already installed.
+    Closes: #593047
+
+ -- Joey Hess <joeyh@debian.org>  Sun, 15 Aug 2010 11:42:55 -0400
+
+ikiwiki (3.20100804) unstable; urgency=low
+
+  * template: Fix dependency tracking. Broken in version 3.20100427.
+  * po: The po_slave_languages setting is now a list, so the order of
+    translated languages can be controlled. (intrigeri)
+  * git: Fix gitweb historyurl examples so "diff to current" links work.
+    (Thanks jrayhawk)
+  * meta: Allow syntax closer to html meta to be used.
+  * Add new disable hook, allowing plugins to perform cleanup after they
+    have been disabled.
+  * Use Digest::SHA built into perl rather than external Digest::SHA1
+    to simplify dependencies. Closes: #591040
+  * Fixes a bug that prevented matching deleted pages when using the page()
+    PageSpec.
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 04 Aug 2010 09:20:52 -0400
+
+ikiwiki (3.20100722) unstable; urgency=low
 
   * img: Add a margin around images displayed by this directive.
   * comments: Added commentmoderation directive for easy linking to the
@@ -18,8 +111,13 @@ ikiwiki (3.20100705) UNRELEASED; urgency=low
   * po: needstranslation() pagespec can have a percent specified.
   * Drop Cache-Control must-revalidate (Firefox 3.5.10 does not seem to have
     the caching problem that was added to work around). Closes: #588623
+  * Made much more robust in cases where multiple source files produce
+    conflicting files/directories in the destdir.
+  * Updated French translation from Philippe Batailler. Closes: #589423
+  * po: Fix selflink display on tranlsated pages. (intrigeri)
+  * Avoid showing 'Add a comment' link at the bottom of the comment post form.
 
- -- Joey Hess <joeyh@debian.org>  Mon, 05 Jul 2010 13:59:42 -0400
+ -- Joey Hess <joeyh@debian.org>  Thu, 22 Jul 2010 16:49:05 -0400
 
 ikiwiki (3.20100704) unstable; urgency=low