X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/54e25f034cf953ed803c2a807bd4c259b32630cb..a241942f17b8ffbc0d4f3251aad00708271b8344:/debian/NEWS?ds=sidebyside
diff --git a/debian/NEWS b/debian/NEWS
index 81e7645eb..c8a35093e 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,4 +1,350 @@
-ikiwiki (2.5) unstable; urgency=low
+ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium
+
+ To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities,
+ the [[!img]] directive is now restricted to these common web formats by
+ default:
+
+ * JPEG (.jpg, .jpeg)
+ * PNG (.png)
+ * GIF (.gif)
+ * SVG (.svg)
+
+ (In particular, by default resizing PDF files is no longer allowed.)
+
+ Additionally, resized SVG files are displayed in the browser as SVG
+ instead of being converted to PNG.
+
+ If all users who can attach images are fully trusted, this restriction
+ can be removed with the new img_allowed_formats setup option.
+ See for more details.
+
+ -- Simon McVittie Mon, 09 May 2016 22:38:35 +0100
+
+ikiwiki (3.20110122) unstable; urgency=low
+
+ If you have custom CSS that uses "#feedlinks" or "#blogform", you will
+ need to change it to instead use ".feedlinks" and ".blogform"
+
+ -- Joey Hess Fri, 14 Jan 2011 14:34:54 -0400
+
+ikiwiki (3.20100515) unstable; urgency=low
+
+ There are two significant changes to the page.tmpl template in this version.
+ If you have a locally modified version of that template, you will need to
+ update it at least to contain the following in the HTML :
+
+
+
+
+
+
+
+ Also, the footer should be wrapped in ...
+
+ There is a new "comment()" pagespec, that can be used to match a
+ comment on a page. It is recommended it be used instead of the old
+ method of using a pagespec such as "internal(comment_*)" to match
+ things that looked like comments. The old pagespec will now also match
+ comments that are held for moderation; likely not what you want.
+
+ There have also been some changes to the style.css in this version,
+ particularly to support the new openid selector. If you have a modified
+ version, of style.css, updating it (or moving it to local.css) is
+ recommended.
+
+ -- Joey Hess Wed, 05 May 2010 21:47:08 -0400
+
+ikiwiki (3.20100427) unstable; urgency=low
+
+ This version of ikiwiki has a lot of changes that you need to know about.
+
+ Now you can include customised versions of templates in the source
+ of your wiki. (For example, templates/page.tmpl.) When these templates
+ are changed, ikiwiki will automatically rebuild pages that use them.
+
+ Allowing untrusted users to upload attachments with the ".tmpl"
+ extension is not recommended, as that allows anyone to change
+ a wiki's templates.
+
+ The --getctime switch is renamed to --gettime, and it also gets the
+ file modification time. And it's a lot faster (when using git). But
+ the really important change is, you don't have to remember to use this
+ switch. Now ikiwiki will do it when it needs to.
+
+ At last, the "tagged()" pagespec only matches tags, not regular wikilinks.
+ If your wiki accidentially relied on the old, buggy behavior, you might
+ need to change its pagespecs to use "link()".
+
+ Many of your wishes have been answered: Now tag pages can automatically be
+ created when new tags are used. This feature is enabled by default if you
+ have configured a tagbase. It can be turned on or off using the
+ tag_autocreate setting.
+
+ These changes may also affect some users:
+
+ * The title_natural sort method (as used by the inline directive, etc)
+ has been moved to the new sortnaturally plugin, which is not enabled
+ by default since it requires the Sort::Naturally perl module.
+
+ * The add_templates option has been removed from the underlay plugin.
+ If you used this option, you can instead use templates/ subdirectories
+ inside underlay directories added by the add_underlays option.
+
+ Due to the above and other changes, all wikis need to be rebuilt on
+ upgrade to this version. If you listed your wiki in /etc/ikiwiki/wikilist
+ this will be done automatically when the Debian package is upgraded. Or
+ use ikiwiki-mass-rebuild to force a rebuild.
+
+ -- Joey Hess Tue, 27 Apr 2010 00:00:00 -0400
+
+ikiwiki (3.20091017) unstable; urgency=low
+
+ To take advantage of significant performance improvements, all
+ wikis need to be rebuilt on upgrade to this version. If you
+ listed your wiki in /etc/ikiwiki/wikilist this will be done
+ automatically when the Debian package is upgraded. Or use
+ ikiwiki-mass-rebuild to force a rebuild.
+
+ -- Joey Hess Mon, 05 Oct 2009 16:48:59 -0400
+
+ikiwiki (3.1415926) unstable; urgency=low
+
+ In order to fix a performance bug, all wikis need to be rebuilt on
+ upgrade to this version. If you listed your wiki in
+ /etc/ikiwiki/wikilist this will be done automatically when the
+ Debian package is upgraded. Or use ikiwiki-mass-rebuild to force
+ a rebuild.
+
+ -- Joey Hess Tue, 25 Aug 2009 17:24:43 -0400
+
+ikiwiki (3.13) unstable; urgency=low
+
+ The `ikiwiki-transition deduplinks` command introduced in the
+ last release was buggy. If you followed the NEWS file instructions
+ and ran it, you should run `ikiwiki -setup` to rebuild your wiki
+ to fix the problem.
+
+ -- Joey Hess Fri, 22 May 2009 13:04:02 -0400
+
+ikiwiki (3.12) unstable; urgency=low
+
+ You may want to run `ikiwiki-transition deduplinks your.setup`
+ after upgrading to this version of ikiwiki. This command will
+ optimise your wiki's saved state, removing duplicate information
+ that can slow ikiwiki down.
+
+ -- Joey Hess Wed, 06 May 2009 00:25:06 -0400
+
+ikiwiki (3.01) unstable; urgency=low
+
+ If your wiki uses git, and you have a `diffurl` configured in
+ its setup file, you should be aware that gitweb has stopped
+ supporting the url form commonly used for the `diffurl`.
+
+ You can change your setup to use the newer gitweb url form:
+
+ http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]
+
+ The changes from the old form are the addition of the `hpb` parameter,
+ and the change to the value used for the `hb` parameter.
+
+ -- Joey Hess Mon, 05 Jan 2009 18:18:05 -0500
+
+ikiwiki (3.00) unstable; urgency=low
+
+ The 3.0 release of ikiwiki changes several defaults and finishes
+ some transitions. You will need to modify your wikis to work with
+ ikiwiki 3.0. A document explaining the process is available
+ in
+
+ -- Joey Hess Tue, 23 Dec 2008 16:14:18 -0500
+
+ikiwiki (2.62) unstable; urgency=low
+
+ TexImg standard preamble changed
+
+ The teximg plugin now has a configurable LaTeX preamble.
+ As part of this change the `mchem` LaTeX package has been removed from
+ the default LaTeX preamble as it wasn't included in many TeX installations.
+
+ The previous behaviour can be restored by adding the following to your
+ ikiwiki setup:
+
+ teximg_prefix => '\documentclass{scrartcl}
+ \usepackage[version=3]{mhchem}
+ \usepackage{amsmath}
+ \usepackage{amsfonts}
+ \usepackage{amssymb}
+ \pagestyle{empty}
+ \begin{document}',
+
+ In addition, the rendering mechanism has been changed to use `dvipng` by
+ default, if available.
+
+ -- Joey Hess Sun, 24 Aug 2008 15:00:40 -0400
+
+ikiwiki (2.60) unstable; urgency=low
+
+ Admin preferences are moving from the web interface to the setup file.
+ There are three new options in the setup file: `locked_pages`, `banned_users`,
+ and `allowed_attachments`. The admin prefs page can still be used, but
+ that's deprecated, and the prefs will be hidden if a value is not already
+ set. If a value is set in the web interface, you're encouraged to move that
+ setting to your setup file now, since version 3.0 will remove the deprecated
+ admin prefs web interface.
+
+ Also, the layout of the setup file has changed in a significant way in this
+ release. Old setup files will continue to work, but new features, like the
+ new websetup interface, require a new format setup file. You can convert
+ old setup files into the new format by running
+ `ikiwiki-transition setupformat ikiwiki.setup`
+
+ -- Joey Hess Fri, 01 Aug 2008 17:02:14 -0400
+
+ikiwiki (2.52) unstable; urgency=low
+
+ All wikis need to be rebuilt on upgrade to this version. If you listed your
+ wiki in /etc/ikiwiki/wikilist this will be done automatically when the
+ Debian package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
+
+ -- Joey Hess Sun, 06 Jul 2008 15:10:05 -0400
+
+ikiwiki (2.49) unstable; urgency=low
+
+ The search plugin no longer uses hyperestraier. Instead, to use it you
+ will now need to install xapian-omega, and the Search::Xapian,
+ HTML::Scrubber, and Digest::SHA1 perl modules. Ie,
+ `apt-get install xapian-omega libsearch-xapian-perl libhtml-scrubber-perl libdigest-sha1-perl`
+
+ Also, wikis that use the search plugin will need to be rebuilt,
+ since the search form has changed. This will not be done automatically,
+ but can be done by running `ikiwiki-mass-upgrade` as root, or
+ running `ikiwiki -setup` on individual setup files.
+
+ -- Joey Hess Wed, 04 Jun 2008 00:29:28 -0400
+
+ikiwiki (2.48) unstable; urgency=high
+
+ If you allowed password based logins to your wiki, those passwords were
+ stored in cleartext in the userdb. To guard against exposing users'
+ passwords, I recommend you install the Authen::Passphrase perl module, and
+ then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all
+ existing cleartext passwords with strong (blowfish) hashes.
+
+ -- Joey Hess Thu, 29 May 2008 14:39:34 -0400
+
+ikiwiki (2.46) unstable; urgency=low
+
+ There were some significant template changes in ikiwiki 2.42 (and 1.33.5).
+ If you have locally modified versions of the templates, they need to be
+ updated. Most notably, the editpage.tmpl has a new FIELD-SID added to it,
+ without which web editing will fail.
+
+ -- Joey Hess Tue, 06 May 2008 14:30:14 -0400
+
+ikiwiki (2.40) unstable; urgency=low
+
+ ikiwiki now has an new syntax for preprocessor directives, using the
+ prefix '!':
+
+ [[!directive ...]]
+
+ This new syntax no longer relies on spaces to distinguish between
+ wikilinks and preprocessor directives. Thus, wikilinks can use spaces
+ in their link text, and preprocessor directives without arguments (such
+ as "toc") need not use a trailing space.
+
+ To enable the new syntax, set prefix_directives to true in your ikiwiki
+ config. For backward compatibility with existing wikis,
+ prefix_directives currently defaults to false. In ikiwiki 3.0,
+ prefix_directives will default to true, and wikis which have not yet
+ converted to the new syntax will need to set prefix_directives to false
+ in their setup files.
+
+ To convert your wiki to the new syntax, ikiwiki provides a new script
+ ikiwiki-transition.
+
+ Even with prefix_directives disabled, ikiwiki now allows an optional '!'
+ prefix on preprocessor directives (but still requires a space). Thus, a
+ directive which uses a '!' prefix and contains a space will work with
+ ikiwiki 2.40 and newer, regardless of the value of prefix_directives.
+ This allows the underlay to work with all ikiwikis.
+
+ -- Josh Triplett Sat, 26 Jan 2008 16:26:47 -0800
+
+ikiwiki (2.30) unstable; urgency=low
+
+ Ever feel that ikiwiki's handling of RecentChanges wasn't truely in the
+ spirit of a wiki compiler? Well, that's changed. The RecentChanges page is
+ now a static page, not a CGI. Users can subscribe to its rss/atom feeds.
+ Custom RecentChanges pages can be easily set up that display only changes
+ to a subset of pages, or only changes by a subset of users.
+
+ All wikis need to be rebuilt on upgrade to this version. If you listed your
+ wiki in /etc/ikiwiki/wikilist this will be done automatically when the
+ Debian package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
+
+ With this excellent new RecentChanges support, the mail notification system
+ is its age (and known to be variously buggy and underimplemented for
+ various VCSes), and so ikiwiki's support for sending commit mails is REMOVED
+ from this version. If you were subscribed to commit mails, you should be
+ able to accomplish the same thing by subscribing to a RecentChanges feed.
+
+ The "notify" field in setup files is no longer used, and
+ silently ignored. You may want to remove it from your setup file.
+
+ -- Joey Hess Tue, 29 Jan 2008 17:18:31 -0500
+
+ikiwiki (2.20) unstable; urgency=low
+
+ The template plugin has begin to htmlize the variables passed to templates.
+ This is normally what you want, but to get the old behavior and get at the
+ raw value, you can use `` in a template.
+
+ -- Joey Hess Sat, 08 Dec 2007 16:04:43 -0500
+
+ikiwiki (2.16) unstable; urgency=low
+
+ Many of the pages in ikiwiki's basewiki have been moved and renamed in this
+ release, to avoid the basewiki including pages with names like "blog".
+ Redirection pages have been left behind for these moved pages temporarily,
+ and will be removed later.
+
+ If you use the calendar plugin, ikiwiki is now smarter and your nightly
+ cron job to update the wiki doesn't need to rebuild everything. Just pass
+ --refresh to ikiwiki in the cron job and it will update only pages that
+ contain out of date calendars.
+
+ -- Joey Hess Sat, 08 Dec 2007 16:04:43 -0500
+
+ikiwiki (2.14) unstable; urgency=low
+
+ This version of ikiwiki is more picky about symlinks in the path leading
+ to the srcdir, and will refuse to use a srcdir specified by such a path.
+ This was necessary to avoid some potential exploits, but could potentially
+ break (semi-)working wikis. If your wiki has a srcdir path containing a
+ symlink, you should change it to use a path that does not.
+
+ -- Joey Hess Mon, 26 Nov 2007 14:57:57 -0500
+
+ikiwiki (2.9) unstable; urgency=low
+
+ Since ikiwiki 2.0 was released, some limitiations have been added to what
+ ikiwiki considers a WikiLink. In short, if there are any spaces in between
+ the brackets, ikiwiki no longer considers it to be a WikiLink. If your wiki
+ contains things meant to be WikiLinks that contain spaces, you will need to
+ fix them, by replacing the spaces with underscores.
+
+ WikiLink have always been documented to not contain spaces, but bugs in
+ ikiwiki made it treat some text with spaces as WikiLinks. Most of these
+ bugs were fixed in version 2.2, and a final bug was fixed in this 2.9
+ release. These fixes are necessary to avoid ambiguity between
+ WikiLinks and PreProcessorDirectives. Apologies for any inconvenience
+ these bugs (and their fixes) may have caused.
+
+ -- Joey Hess Sat, 29 Sep 2007 14:37:18 -0400
+
+ikiwiki (2.6) unstable; urgency=low
In this version the rst plugin allows raw html to be embedded in rst files.
As long as the htmlscrubber is enabled, this should be safe. If you are