X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/5f750e16b8c32d2fd69209f433e7d19efa53a71f..f5a1550441a9d58652d93deacc333f143a7ecfbd:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 582a8e36a..59322743a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,1055 @@ +ikiwiki (3.20160728~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports + - debian/tests/control: set INSTALLED_TESTS=1 here, + pkg-perl-autopkgtest in jessie didn't support + debian/tests/pkg-perl/smoke-env + + -- Simon McVittie <smcv@debian.org> Thu, 28 Jul 2016 10:48:11 +0100 + +ikiwiki (3.20160728) unstable; urgency=medium + + * Explicitly remove current working directory from Perl's library + search path, mitigating CVE-2016-1238 (see #588017) + * wrappers: allocate new environment dynamically, so we won't overrun + the array if third-party plugins add multiple environment variables. + * Standards-Version: 3.9.8 (no changes required) + + -- Simon McVittie <smcv@debian.org> Thu, 28 Jul 2016 10:41:56 +0100 + +ikiwiki (3.20160509~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports + - debian/tests/control: set INSTALLED_TESTS=1 here, + pkg-perl-autopkgtest in jessie didn't support + debian/tests/pkg-perl/smoke-env + + -- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 22:19:05 +0100 + +ikiwiki (3.20160509) unstable; urgency=high + + [ Amitai Schlair ] + * img: ignore the case of the extension when detecting image format, + fixing the regression that *.JPG etc. would not be displayed + since 3.20160506 + + [ Simon McVittie ] + * img: parse img_allowed_formats case-insensitively, as was done in + 3.20141016.3 + * inline: restore backwards compat for show=-1 syntax, which + worked before 3.20160121 + * Remove a spurious changelog entry from 3.20160506 (the relevant + change was already in 3.20150614) + * Add CVE-2016-4561 reference to 3.20160506 changelog + * Set high urgency to get the CVE-2016-4561 fix and CVE-2016-3714 + mitigation into testing + + -- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 21:57:09 +0100 + +ikiwiki (3.20160506~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports + * debian/tests/control: set INSTALLED_TESTS=1 here, pkg-perl-autopkgtest + in jessie didn't support debian/tests/pkg-perl/smoke-env + + -- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 08:58:18 +0100 + +ikiwiki (3.20160506) unstable; urgency=medium + + [ Simon McVittie ] + * HTML-escape error messages, in one case avoiding potential cross-site + scripting (CVE-2016-4561, OVE-20160505-0012) + * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: + - img: force common Web formats to be interpreted according to extension, + so that "allowed_attachments: '*.jpg'" does what one might expect + - img: restrict to JPEG, PNG and GIF images by default, again mitigating + CVE-2016-3714 and similar vulnerabilities + - img: check that the magic number matches what we would expect from + the extension before giving common formats to ImageMagick + * d/control: use https for Homepage + * d/control: add Vcs-Browser + + [ Joey Hess ] + * img: Add back support for SVG images, bypassing ImageMagick and + simply passing the SVG through to the browser, which is supported by all + commonly used browsers these days. + SVG scaling by img directives has subtly changed; where before + size=wxh would preserve aspect ratio, this cannot be done when passing + them through and so specifying both a width and height can change + the SVG's aspect ratio. + * loginselector: When only openid and emailauth are enabled, but + passwordauth is not, avoid showing a "Other" box which opens an + empty form. + + [ Amitai Schlair ] + * mdwn: Process .md like .mdwn, but disallow web creation. + + [ Florian Wagner ] + * git: Correctly handle filenames starting with a dash in add/rm/mv. + + -- Simon McVittie <smcv@debian.org> Fri, 06 May 2016 07:54:26 +0100 + +ikiwiki (3.20160121~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports. + + -- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 10:18:07 +0000 + +ikiwiki (3.20160121) unstable; urgency=medium + + [ Amitai Schlair ] + * meta: Fix [[!meta name=foo]] by closing the open quote. + * Avoid unescaped "{" in regular expressions + * meta test: Add tests for many behaviors of the directive. + * img test: Bail gracefully when ImageMagick is not present. + + [ Joey Hess ] + * emailauth: Added emailauth_sender config. + * Modified page.tmpl to to set html lang= and dir= when + values have been specified for them, which the po plugin does. + * Specifically license the javascript underlay under the permissive + basewiki license. + + [ Simon McVittie ] + * git: if no committer identity is known, set it to + "IkiWiki <ikiwiki.info>" in .git/config. This resolves commit errors + in versions of git that require a non-trivial committer identity. + * inline, trail: rename show, feedshow parameters to limit, feedlimit + (with backwards compatibility) + * pagestats: add "show" option to show meta fields. Thanks, Louis + * inline: force RSS <comments> to be a fully absolute URL as required + by the W3C validator. Please use Atom feeds if relative URLs are + desirable on your site. + * inline: add <atom:link rel="self"> to RSS feeds as recommended by + the W3C validator + * inline: do not produce links containing /./ or /../ + * syslog: accept and encode UTF-8 messages + * syslog: don't fail to log if the wiki name contains %s + * Change dependencies from transitional package perlmagick + to libimage-magick-perl (Closes: #789221) + * debian/copyright: update for the rename of openid-selector to + login-selector + * d/control: remove leading article from Description + (lintian: description-synopsis-starts-with-article) + * d/control: Standards-Version: 3.9.6, no changes required + * Wrap and sort control files (wrap-and-sort -abst) + * Silence "used only once: possible typo" warnings for variables + that are part of modules' APIs + * Run autopkgtest tests using autodep8 and the pkg-perl team's + infrastructure + * Add enough build-dependencies to run all tests, except for + non-git VCSs + * tests: consistently use done_testing instead of no_plan + * t/img.t: do not spuriously skip + * img test: skip testing PDFs if unsupported + * img test: use the right filenames when testing that deletion occurs + + -- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 09:53:07 +0000 + +ikiwiki (3.20150614~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports, no source changes (Closes: #807452) + + -- Simon McVittie <smcv@debian.org> Mon, 18 Jan 2016 07:03:11 +0000 + +ikiwiki (3.20150614) unstable; urgency=medium + + * inline: change default sort order from age to "age title" for + determinism, partially fixing deterministic build for git-annex, + ikiwiki-hosting etc. (Closes: #785757) + * img: avoid ImageMagick misinterpreting filenames containing a colon + * img test: set old timestamp on source file that will change, so that + the test will pass even if it takes less than 1 second + + -- Simon McVittie <smcv@debian.org> Sun, 14 Jun 2015 18:13:23 +0100 + +ikiwiki (3.20150610) unstable; urgency=low + + [ Joey Hess ] + * New emailauth plugin lets users log in, without any registration, + by simply clicking on a link in an email. + * Re-remove google from openid selector; their openid provider is + gone for good. + * Make the openid selector display "Password" instead of "Other" + when appropriate, so users are more likely to click on it when + they don't have an openid. + * Converted openid-selector into a more generic loginselector helper + plugin. + * passwordauth: Don't allow registering accounts that look like openids. + * Make cgiurl output deterministic, not hash order. Closes: #785738 + Thanks, Daniel Kahn Gillmor + + [ Simon McVittie ] + * Do not enable emailauth by default, to avoid surprises on httpauth-only + sites. Enable it by default in openid instead, since it is essentially + a replacement for OpenIDs. + * Make the attachment plugin work with CGI.pm 4.x (Closes: #786586; + workaround for #786587 in libcgi-pm-perl) + * Add a public-domain email icon from tango-icon-theme + * Populate pagectime from either mtime or inode change time, + whichever is older, again for more reproducible builds + * debian: build the docwiki with LC_ALL=C.UTF-8 and TZ=UTC + * debian/copyright: consolidate permissive licenses + * debian/copyright: turn comments on provenance into Comment + * brokenlinks: sort the pages that link to the missing page, for + better reproducibility + * Add [[!meta date]] to news items and tips, since the git checkout + and build process can leave the checkout date in the tarball + release, leading to unstable sorting + * Sort backlinks deterministically, by falling back to sorting by href + if the link text is identical + * Add a $config{deterministic} option and use it for the docwiki + * haiku: if deterministic build is requested, return a hard-coded haiku + * polygen: if deterministic build is requested, use a well-known random seed + + -- Simon McVittie <smcv@debian.org> Wed, 10 Jun 2015 21:56:36 +0100 + +ikiwiki (3.20150329) experimental; urgency=high + + [ Joey Hess ] + * Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli) + + [ Simon McVittie ] + * Really don't double-decode CGI submissions, even on Perl versions that + bundle an old enough Encode.pm for that not to be a problem: the + system might have a newer Encode.pm installed separately, like Fedora 20. + (Closes: #776181; thanks, Anders Kaseorg) + * If neither timezone nor TZ is set, set both to :/etc/localtime if + we're on a GNU system and that file exists, or GMT otherwise + * t/inline.t: accept translations of "Add a new post titled:" + (Closes: #779365) + * Consistently document command-line options as e.g. --refresh, not -refresh + + [ Amitai Schlair ] + * In VCS-committed anonymous comments, link to url. + + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483) + + -- Simon McVittie <smcv@debian.org> Sun, 29 Mar 2015 21:48:24 +0100 + +ikiwiki (3.20150107) experimental; urgency=medium + + [ Joey Hess ] + * Added ikiwiki-comment program. + * Add missing build-depends on libcgi-formbuilder-perl, needed for + t/relativity.t + * openid: Stop suppressing the email field on the Preferences page. + * Set Debian package maintainer to Simon McVittie as I'm retiring from + Debian. + + [ Simon McVittie ] + * calendar: add calendar_autocreate option, with which "ikiwiki --refresh" + can mostly supersede the ikiwiki-calendar command. + Thanks, Louis Paternault + * search: add more classes as a hook for CSS. Thanks, sajolida + * core: generate HTML5 by default, but keep avoiding new elements + like <section> that require specific browser support unless html5 is + set to 1. + * Tell mobile browsers to draw our pages in a device-sized viewport, + not an 800-1000px viewport designed to emulate a desktop/laptop browser. + * Add new responsive_layout option which can be set to 0 if your custom + CSS only works in a large viewport. + * style.css, actiontabs, blueview, goldtype, monochrome: adjust layout + below 600px ("responsive layout") so that horizontal scrolling is not + needed on smartphone browsers or other small viewports. + * core: new libdirs option alongside libdir. Thanks, Louis Paternault + + [ Amitai Schlair ] + * core: log a debug message before waiting for the lock. + Thanks, Mark Jason Dominus + * build: in po/Makefile, use the same $(MAKE) as the rest of the build. + Thanks, ttw + * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd). + Closes: #774441 + + [ Joey Hess ] + * po: If msgmerge falls over on a problem po file, print a warning + message, but don't let this problem crash ikiwiki entirely. + + -- Simon McVittie <smcv@debian.org> Wed, 07 Jan 2015 09:13:58 +0000 + +ikiwiki (3.20141016) unstable; urgency=medium + + [ Joey Hess ] + * Fix crash that can occur when only_committed_changes is set and a + file is deleted from the underlay. + + [ Simon McVittie ] + * core: avoid dangerous use of CGI->param in list context, which led + to a security flaw in Bugzilla; as far as we can tell, ikiwiki + is not vulnerable to a similar attack, but it's best to be safe + * core: new reverse_proxy option prevents ikiwiki from trying to detect + how to make self-referential URLs by using the CGI environment variables, + for instance when it's deployed behind a HTTP reverse proxy + (Closes: #745759) + * core: the default User-Agent is now "ikiwiki/$version" to work around + ModSecurity rules assuming that only malware uses libwww-perl + * core: use protocol-relative URLs (e.g. //www.example.com/wiki) so that + https stays on https and http stays on http, particularly if the + html5 option is enabled + * core: avoid mixed content when a https cgiurl links to http static pages + on the same server (the static pages are assumed to be accessible via + https too) + * core: force the correct top URL in w3mmode + * google plugin: Use search form + * docwiki: replace Paypal and Flattr buttons with text links + * comments: don't record the IP address in the wiki if the user is + logged in via passwordauth or httpauth + * templates: add ARIA roles to some page elements, if html5 is enabled. + Thanks, Patrick + * debian: build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra + so we can thumbnail SVGs in the docwiki + * debian: explicitly depend and build-depend on libcgi-pm-perl + * debian: drop unused python-support dependency + * debian: rename debian/link to debian/links so the intended symlinks appear + * debian: fix some wrong paths in the copyright file + + -- Simon McVittie <smcv@debian.org> Thu, 16 Oct 2014 23:28:26 +0100 + +ikiwiki (3.20140916) unstable; urgency=low + + * Don't double-decode CGI submissions with Encode.pm >= 2.53, + fixing "Error: Cannot decode string with wide characters". + Thanks, Antoine Beaupré + * Avoid making trails depend on everything in the wiki by giving them + a better way to sort the pages + * Don't let users post comments that won't be displayed + * Fix encoding of Unicode strings in Python plugins. + Thanks, chrysn + * Improve performance and correctness of the [[!if]] directive + * Let [[!inline rootpage=foo postform=no]] disable the posting form + * Switch default [[!man]] shortcut to manpages.debian.org. Closes: #700322 + * Add UUID and TIME variables to edittemplate. Closes: #752827 + Thanks, Jonathon Anderson + * Display pages in linkmaps as their pagetitle (no underscore escapes). + Thanks, chrysn + * Fix aspect ratio when scaling small images, and add support for + converting SVG and PDF graphics to PNG. + Thanks, chrysn + - suggest ghostscript (required for PDF-to-PNG thumbnailing) + and libmagickcore-extra (required for SVG-to-PNG thumbnailing) + - build-depend on ghostscript so the test for scalable images can be run + * In the CGI wrapper, incorporate $config{ENV} into the environment + before executing Perl code, so that PERL5LIB can point to a + non-system-wide installation of IkiWiki. + Thanks, Lafayette Chamber Singers Webmaster + * filecheck: accept MIME types not containing ';' + * autoindex: index files in underlays if the resulting pages aren't + going to be committed. Closes: #611068 + * Add [[!templatebody]] directive so template pages don't have to be + simultaneously a valid template and valid HTML + * Add myself to Uploaders and release to Debian + + -- Simon McVittie <smcv@debian.org> Fri, 12 Sep 2014 21:23:58 +0100 + +ikiwiki (3.20140831) unstable; urgency=medium + + * Make --no-gettime work in initial build. Closes: #755075 + + -- Joey Hess <joeyh@debian.org> Sun, 31 Aug 2014 14:17:24 -0700 + +ikiwiki (3.20140815) unstable; urgency=medium + + * Add google back to openid selector. Apparently this has gotten a stay + of execution until April 2015. (It may continue to work until 2017.) + * highlight: Add compatibility with highlight 3.18, while still supporting + 3.9+. Closes: #757679 + Thanks, David Bremner + * highlight: Add support for multiple language definition directories + Closes: #757680 + Thanks, David Bremner + + -- Joey Hess <joeyh@debian.org> Fri, 15 Aug 2014 12:58:08 -0400 + +ikiwiki (3.20140613) unstable; urgency=medium + + * only_committed_changes could fail in a git repository merged + with git merge -s ours. + * Remove google from openid selector, per http://xkcd.com/1361/ + + -- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2014 10:09:10 -0400 + +ikiwiki (3.20140227) unstable; urgency=medium + + * Added useragent config setting. Closes: #737121 + Thanks, Tuomas Jormola + * po: Add html_lang_code and html_lang_dir template variables + for the language code and direction of text. + Thanks, Mesar Hameed + * Allow up to 8 levels of nested directives, rather than previous 3 + in directive infinite loop guard. + * git diffurl: Do not escape / in paths to changed files, in order to + interoperate with cgit (gitweb works either way) + Thanks, intrigeri. + * git: Explicity push master branch, as will be needed by git 2.0's + change to push.default=matching by default. + Thanks, smcv + * Deal with nasty issue with gettext clobbering $@ while printing + error message containing it. + Thanks, smcv + * Cleanup of the openid login widget, including replacing of hotlinked + images from openid providers with embedded, freely licensed artwork. + Thanks, smcv + * Improve templates testing. + Thanks, smcv + * python proxy: Avoid utf-8 related crash. + Thanks, Antoine Beaupré + * Special thanks to Simon McVittie for being the patchmeister for this + release. + + -- Joey Hess <joeyh@debian.org> Thu, 27 Feb 2014 11:55:35 -0400 + +ikiwiki (3.20140125) unstable; urgency=medium + + * inline: Allow overriding the title of the feed. Closes: #735123 + Thanks, Christophe Rhodes + * osm: Escape name parameter. Closes: #731797 + + -- Joey Hess <joeyh@debian.org> Sat, 25 Jan 2014 16:40:32 -0400 + +ikiwiki (3.20140102) unstable; urgency=low + + * aggregate: Improve display of post author. + * poll: Fix behavior of poll buttons when inlined. + * Fixed unncessary tight loop hash copy in saveindex where a pointer + can be used instead. Can speed up refreshes by nearly 50% in some + circumstances. + * Optimized loadindex by caching the page name in the index. + * Added only_committed_changes config setting, which speeds up wiki + refresh by querying git to find the files that were changed, rather + than looking at the work tree. Not enabled by default as it can + break some setups where not all files get committed to git. + * comments: Write pending moderation comments to the transient underlay + to avoid conflict with only_committed_changes. + * search: Added google_search option, which makes it search google + rather than using the internal xapain database. + (googlesearch plugin is too hard to turn on when xapain databases + corrupt themselves, which happens all too frequently). + * osm: Remove invalid use of charset on embedded javascript tags. + Closes: #731197 + * style.css: Add compatibility definitions for more block-level + html5 elements. Closes: #731199 + * aggregrate: Fix several bugs in handling of empty and colliding + titles when generating filenames. + + -- Joey Hess <joeyh@debian.org> Thu, 02 Jan 2014 12:22:22 -0400 + +ikiwiki (3.20130904.1) unstable; urgency=low + + * Fix cookiejar default setting. + + -- Joey Hess <joeyh@debian.org> Wed, 04 Sep 2013 10:15:37 -0400 + +ikiwiki (3.20130904) unstable; urgency=low + + * calendar: Display the popup mouseover when there is only 1 page for a + given day, for better UI consistency. + * meta: Can now be used to add an enclosure to a page, which is a fancier + way to do podcasting than just inlining the media files directly; + this way you can write a post about the podcast episode with show notes, + author information, etc. + (schmonz) + * aggregate: Show author in addition to feedname, if different. + (schmonz) + * Consistently configure LWP::UserAgent to allow use of http_proxy + and no_proxy environment variables, as well as ~/.ikiwiki/cookies + (schmonz) + * Fix test suite to work with perl 5.18. Closes: #719969 + + -- Joey Hess <joeyh@debian.org> Wed, 04 Sep 2013 08:54:31 -0400 + +ikiwiki (3.20130711) unstable; urgency=low + + * Deal with git behavior change in 1.7.2 and newer that broke support + for commits with an empty commit message. + * Pass --no-edit when used with git 1.7.8 and newer. + + -- Joey Hess <joeyh@debian.org> Wed, 10 Jul 2013 21:49:23 -0400 + +ikiwiki (3.20130710) unstable; urgency=low + + * blogspam: Fix encoding issue in RPC::XML call. + Thanks, Changaco + * comments: The formats allowed to be used in comments can be configured + using comments_allowformats. + Thanks, Michal Sojka + * calendar: When there are multiple pages for a given day, they're + displayed in a popup on mouseover. + Thanks, Louis + * osm: Remove trailing slash from KML maps icon. + * page.tmpl: omit searchform, trails, sidebar and most metadata in CGI + (smcv) + * openid: Automatically upgrade openid_realm to https when + accessed via https. + * The ip() pagespec can now contain glob characters to match eg, a subnet + full of spammers. + * Fix crash that could occur when a needsbuild hook returned a file + that does not exist. + * Fix python proxy to not crash when fed unicode data in getstate + and setstate. + Thanks, chrysn + * Fix committing attachments when using svn. + + -- Joey Hess <joeyh@debian.org> Wed, 10 Jul 2013 17:45:40 -0400 + +ikiwiki (3.20130518) unstable; urgency=low + + * Fix test suite to not fail when XML::Twig is not installed. + Closes: #707436 + * theme: Now <TMPL_IF THEME_$NAME> can be used in all templates when + a theme is enabled. + * notifyemail: Fix bug that caused duplicate emails to be sent when + site was rebuilt. + * bzr: bzr rm no longer has a --force option, remove + + -- Joey Hess <joeyh@debian.org> Sat, 18 May 2013 16:28:21 -0400 + +ikiwiki (3.20130504) unstable; urgency=low + + * Allow dots in directive parameter names. (tango) + * Add missing plugin section, and deal with missing sections with a warning. + * Detect plugins with a broken getsetup and warn. + * map: Correct reversion introduced in version 3.20110225 that could + generate invalid html. (smcv) + * Makefile.PL: overwrite theme style.css instead of appending + (Thanks, Mikko Rapeli) + * meta: Fix anchors used to link to the page's license and copyright. + Closes: #706437 + + -- Joey Hess <joeyh@debian.org> Sat, 04 May 2013 23:47:21 -0400 + +ikiwiki (3.20130212) unstable; urgency=low + + * htmlscrubber: Allow the bitcoin URI scheme. + * htmlscrubber: Allow the URI schemes of major VCS's. + * aggregate: When run with --aggregate, if an aggregation is already + running, don't go on and --refresh. + * trail: Avoid excess dependencies between pages in the trail + and the page defining the trail. Thanks, smcv. + * opendiscussion: Don't allow editing discussion pages if discussion pages + are disabled. (smcv) + * poll: Add expandable option to allow users to easily add new choices to + a poll. + * trail: Avoid massive slowdown caused by pagetemplate hook when displaying + dynamic cgi pages, which cannot use trail anyway. + * Deal with empty diffurl in configuration. + * cvs: Various fixes. (schmonz) + * highlight: Now adds a span with class highlight-<extension> around + highlighted content, allowing for language-specific css styling. + + -- Joey Hess <joeyh@debian.org> Tue, 12 Feb 2013 21:48:02 -0400 + +ikiwiki (3.20121212) unstable; urgency=low + + * filecheck: Fix bug that prevented File::MimeInfo::Magic from ever + being used. + * openid: Display openid in Preferences page as a comment, so it can be + selected in all browsers. + + -- Joey Hess <joeyh@debian.org> Tue, 11 Dec 2012 12:12:12 -0400 + +ikiwiki (3.20121017) unstable; urgency=low + + * recentchangesdiff: fix further breakage to the template from 3.20120725 + + -- Joey Hess <joeyh@debian.org> Tue, 16 Oct 2012 20:49:27 -0400 + +ikiwiki (3.20121016) unstable; urgency=low + + * monochrome: New theme, contributed by Jon Dowland. + * rst: Ported to python 3, while still also being valid python 2. + Thanks, W. Trevor King + * Try to avoid a situation in which so many ikiwiki cgi wrapper programs + are running, all waiting on some long-running thing like a site rebuild, + that it prevents the web server from doing anything else. The current + approach only avoids this problem for GET requests; if multiple cgi's + run GETs on a site at the same time, one will display a "please wait" + page for a configurable number of seconds, which then redirects to retry. + To enable this protection, set cgi_overload_delay to the number of + seconds to wait. This is not enabled by default. + * Add back a 1em margin between archivepage divs. + * recentchangesdiff: Correct broken template that resulted in duplicate + diff icons being displayed, and bloated the recentchanges page with + inline diffs when the configuration should have not allowed them. + + -- Joey Hess <joeyh@debian.org> Tue, 16 Oct 2012 15:14:19 -0400 + +ikiwiki (3.20120725) unstable; urgency=low + + * recentchangesdiff: When diffurl is not set, provide inline diffs + in the recentchanges page, with visibility toggleable via javascript. + Thanks, Antoine Beaupré + * Split CFLAGS into words when building wrapper. Closes: #682237 + * osm: Avoid calling urlto before generated files are registered. + Thanks, Philippe Gauthier and Antoine Beaupré + * osm: Add osm_openlayers_url configuration setting. + Thanks, Genevieve + * osm: osm_layers can be used to configured the layers displayed on the map. + Thanks, Antoine Beaupré + * comments: Remove ipv6 address specific code. + + -- Joey Hess <joeyh@debian.org> Sat, 25 Aug 2012 10:58:42 -0400 + +ikiwiki (3.20120629) unstable; urgency=low + + * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or + other config differences by linking to the mirror's CGI. (intrigeri) + + -- Joey Hess <joeyh@debian.org> Fri, 29 Jun 2012 10:16:08 -0400 + +ikiwiki (3.20120516) unstable; urgency=high + + * meta: Security fix; add missing sanitization of author and authorurl. + CVE-2012-0220 Thanks, Raúl Benencia + + -- Joey Hess <joeyh@debian.org> Wed, 16 May 2012 19:51:27 -0400 + +ikiwiki (3.20120419) unstable; urgency=low + + * Remove dead link from plugins/teximg. Closes: #664885 + * inline: When the pagenames list includes pages that do not exist, skip + them. + * meta: Export author information in html <meta> tag. Closes: #664779 + Thanks, Martin Michlmayr + * notifyemail: New plugin, sends email notifications about new and + changed pages, and allows subscribing to comments. + * Added a "changes" hook. Renamed the "change" hook to "rendered", but + the old hook name is called for now for back-compat. + * meta: Support keywords header. Closes: #664780 + Thanks, Martin Michlmayr + * passwordauth: Fix url in password recovery email to be absolute. + * httpauth: When it's the only auth method, avoid a pointless and + confusing signin form, and go right to the httpauthurl. + * rename: Allow rename to be started not from the edit page; return to + the renamed page in this case. + * remove: Support removing of pages in the transient underlay. (smcv) + * inline, trail: The pagenames parameter is now a list of absolute + pagenames, not relative wikilink type names. This is necessary to fix + a bug, and makes pagenames more consistent with the pagespec used + in the pages parameter. (smcv) + * link: Fix renaming wikilinks that contain embedded urls. + * graphviz: Handle self-links. + * trail: Improve CSS, also display trail links at bottom of page, + and a bug fix. (smcv) + + -- Joey Hess <joeyh@debian.org> Thu, 19 Apr 2012 15:32:07 -0400 + +ikiwiki (3.20120319) unstable; urgency=low + + * osm: New plugin to embed an OpenStreetMap into a wiki page. + Supports waypoints, tags, and can even draw paths matching + wikilinks between pages containing waypoints. + Thanks to Blars Blarson and Antoine Beaupré, as well as the worldwide + OpenStreetMap community for this utter awesomeness. + * trail: New plugin to add navigation trails through pages via Next and + Previous links. Trails can easily be added to existing inlines by setting + trail=yes in the inline. + Thanks to Simon McVittie for his persistance developing this feature. + * Fix a snail mail address. Closes: #659158 + * openid-jquery.js: Update URL of Wordpress favicon. Closes: #660549 + * Drop the version attribute on the generator tag in Atom feeds + to make builds more reproducible. Closes: #661569 (Paul Wise) + * shortcut: Support Wikipedia's form of url-encoding for unicode + characters, which involves mojibake. Closes: #661198 + * Add a few missing jquery UI icons to attachment upload widget underlay. + * URI escape filename when generating the diffurl. + * Add build-affected hook. Used by trail. + + -- Joey Hess <joeyh@debian.org> Mon, 19 Mar 2012 14:24:43 -0400 + +ikiwiki (3.20120202) unstable; urgency=low + + * mdwn: Added nodiscount setting, which can be used to avoid using the + markdown discount engine, when maximum compatability is needed. + * Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533 + * cvs: Ensure text files are added in non-binary mode. (Amitai Schlair) + * cvs: Various cleanups and testing. (Amitai Schlair) + * calendar: Fix strftime encoding bug. + * shortcuts: Fixed a broken shortcut to wikipedia (accidentially + made into a shortcut to wikiMedia). + * Various portability improvements. (Amitai Schlair) + + -- Joey Hess <joeyh@debian.org> Thu, 02 Feb 2012 21:42:40 -0400 + +ikiwiki (3.20120115) unstable; urgency=low + + * Make backlink(.) work. Thanks, Giuseppe Bilotta. + * mdwn: Workaround discount's eliding of <style> blocks. + * attachment: Fix utf-8 display bug. + + -- Joey Hess <joeyh@debian.org> Sun, 15 Jan 2012 16:19:25 -0400 + +ikiwiki (3.20120109) unstable; urgency=low + + * mdwn: Can use the discount markdown library, via the + Text::Markdown::Discount perl module. This is preferred if available + since it's the fastest currently supported markdown library, speeding up + ikiwiki's markdown rendering by a factor of 40. + (However, when multimarkdown is enabled, Text::Markdown::Multimarkdown + is still used.) + * On Debian, depend on libtext-markdown-discount. + + -- Joey Hess <joeyh@debian.org> Mon, 09 Jan 2012 11:49:14 -0400 + +ikiwiki (3.20111229) unstable; urgency=low + + * Consume all stdin when rcs_receive short-circuits, + to avoid git SIGPIPE race. + * Add path and path_natural sort orders (smcv) + * Test coverage can be checked with `make coverage` (smcv) + * tag: encode categories using numeric values. (tango) + + -- Joey Hess <joeyh@debian.org> Thu, 29 Dec 2011 12:00:53 -0400 + +ikiwiki (3.20111107) unstable; urgency=low + + * img: Bugfix to width/height tags for scaled down image when only + one dimension was provided. Thanks, Per Carlson. + * editpage: Fix FormattingHelp link on Discussion pages. + * The umask setting can now be set to private, group, or public, + avoiding the need to enter octal correctly which is particularly + difficult in yaml setup files. (smcv) + * graphviz: Support urls embedded in the graph, by having graphviz + generate an imagemap. + * graphviz: Support wikilinks embedded in the graph. + (Sponsored by The TOVA Company.) + + -- Joey Hess <joeyh@debian.org> Wed, 30 Nov 2011 16:31:48 -0400 + +ikiwiki (3.20111106) unstable; urgency=low + + * searchquery.tmpl: Track escaping change in upstream template. + Thanks Olly Betts for review. + * svn: Support subversion 1.7, which does not have .svn in each + subdirectory. + * rst: import docutils lazily, to avoid errors during ikiwiki --setup. + Closes: #637604 (Thanks, smcv) + * Make the setup automator create YAML formatted files. + * Fix handling of discussion page creation links to make discussion pages + in the right place and with the right case. Broken by page case + preservation feature added in 3.20110707. + + -- Joey Hess <joeyh@debian.org> Sun, 06 Nov 2011 16:27:29 -0400 + +ikiwiki (3.20110905) unstable; urgency=low + + * mercurial: Openid nicknames are now used when committing. (Daniel Andersson) + * mercurial: Implement rcs_commit_staged so comments, attachments, etc + can be used. (Daniel Andersson) + * mercurial: Implement rcs_rename, rcs_remove. (Daniel Andersson) + * mercurial: Fix viewing of a diff containing non-utf8 changes. + (Daniel Andersson) + * mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson) + * mercurial: Implement rcs_diff. (Daniel Andersson) + * po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri) + * Fix typo in Danish translation of shortcuts page that caused exponential + regexp blowup. + * Fix escaping of html entities in permalinks. + * Fix escaping of html entities in tag names. + * Avoid using named capture groups in heredoc code for oldperl compatibility. + * Put in a workaround for #622591, by ensuring Search::Xapian gets loaded + before Image::Magick. + * Add unminified jquery js and css files to source. + * Update to jquery 1.6.2, and jquery-ui 1.8.14. + * Use lockf rather than flock when taking the cgilock, for better + portability. + * search: Fix encoding bug in calculation of maximum term size. + * inline: When indexing internal pages for searching, use the url of + the inlining page. + * Fix comments testsuite to not rely on Date::Parse's ability to + parse the date Columbus discovered America. Closes: #640350 + * Avoid warning message when generating setup file if highlight + is not installed. Closes: #637606 + * Promote RPC::XML to a Recommends, since it's used by auto-blog.setup. + Closes: #637603 + * Fix web revert of a file deletion. + + -- Joey Hess <joeyh@debian.org> Mon, 05 Sep 2011 14:53:00 -0400 + +ikiwiki (3.20110715) unstable; urgency=low + + * rename: Fix logic error that broke renaming pages when the attachment + plugin was disabled. + * rename: Fix logic error that bypassed the usual pagespec checks. + + -- Joey Hess <joeyh@debian.org> Fri, 15 Jul 2011 18:36:29 -0400 + +ikiwiki (3.20110712) unstable; urgency=low + + * attachment: Bugfix to create directory when moving attachment out of + holding area. + * Display attachment manipulation links always, since attachments can be + uploaded via javascript. + + -- Joey Hess <joeyh@debian.org> Tue, 12 Jul 2011 00:41:26 -0400 + +ikiwiki (3.20110711) unstable; urgency=low + + * Add build dep on python-support. Closes: #633536 + * attachment: Bugfix to move upload attachments out of holding area + when saving. + * attachment: Bugfix for trying to attach files to a subpage of the index + page. + + -- Joey Hess <joeyh@debian.org> Mon, 11 Jul 2011 13:03:04 -0400 + +ikiwiki (3.20110707) unstable; urgency=low + + * userlist: New plugin, lets admins see a list of users and their info. + * aggregate: Improve checking for too long aggregated filenames. + * Updated to jQuery 1.6.1. + * attachment: Speed up multiple file uploads by storing uploaded files + in a staging area until the page is saved/previewed, rather than + refreshing the site after each upload. + (Sponsored by The TOVA Company.) + * attachment: Files can be dragged into the edit page to upload them. + Multiple file batch upload support. Upload progress bars. + AJAX special effects. Impemented using the jQuery-File-Upload widget. + (If you don't have javascript don't worry, I kept that working too.) + (Sponsored by The TOVA Company.) + * Add libtext-multimarkdown-perl to Suggests. Closes: #630705 + * headinganchors: Plugin by Paul Wise that adds ids to <hn> headings. + * html5 is not experimental anymore. But not the default either, quite yet. + * Support svg as a inlinable image type; svg images can be included on a + page by simply linking to them, or by using the img directive. + Note that sanitizing svg files is still not addressed. + * img: Generate png format thumbnails for svg images. + * Preserve mixed case in page creation links, and when creating a page + whose title is mixed case, allow selecting between the mixed case and + all lower-case names. + * Fix ikiwiki-update-wikilist -r to actually work. + * comments: collect metadata in a scan-phase preprocess hook, which + fixes sorting comments by date. (smcv) + * Run scan hooks for internal pages (preprocess hooks already run in scan + mode) (smcv) + * inline: Handle obfuscated urls, such as the mailto urls generated by + markdown when forcing urls absolute. + * Bugfix for wikilink containing an email address not showing up in + brokenlinks list. + * Bugfix for trying to attach files to a subpage of the index page. + + -- Joey Hess <joeyh@debian.org> Thu, 07 Jul 2011 20:38:31 -0400 + +ikiwiki (3.20110608) unstable; urgency=high + + * ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su. + (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel. + (CVE-2011-1408) + * search: Update search page when page.tmpl or searchquery.tmpl are locally + modified. + + -- Joey Hess <joeyh@debian.org> Fri, 03 Jun 2011 20:30:35 -0400 + +ikiwiki (3.20110431) unstable; urgency=low + + * Danish translation update. Closes: #625721 + * Danish underlay translation update. Closes: #625765 + (Thanks, Jonas Smedegaard) + * Support YAML::XS by not passing decoded unicode to Load. Closes: #625713 + * openid, aggregate, pinger: Use Net::INET6Glue if available to + support making ipv6 connections. (Note that if LWPx::ParanoidAgent + is installed, it defeats this for openid.) + * Add additional directive quoting styles, to better support nested + directives. Both triple-single-quote and heredoc quotes can be used. + (Thanks, Timo Paulssen) + * Changed license of madduck's python plugins from GPL-2 to BSD-2-clause. + * po: support language codes in the form of 'es_AR', and 'arn'. (intrigeri) + Closes: #627844 + * po: Make po4a warn, not error on a malformed document. (intrigeri) + * Support the Hiawatha web server which sets HTTPS=off rather than not + setting it. (There does not seem to be a standard here.) + + -- Joey Hess <joeyh@debian.org> Fri, 03 Jun 2011 14:38:23 -0400 + +ikiwiki (3.20110430) unstable; urgency=low + + * meta: Allow adding javascript to pages. Only when htmlscrubber is + disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154 + * comments: Add avatar picture of comment author, using Libravatar::URL + when available. The avatar is looked up based on the user's openid, + or email address. (Thanks, Francois Marier) + * Recommend libgravatar-url-perl, which contains Libravatar::URL. + * monotone: Implement rcs_getmtime, and work around a problem with monotone + 0.48 that affects rcs_getctime. (Thanks, Richard Levitte) + * meta: Fix bug in loading of HTML::Entities that can break inline + archive=yes (mostly masked by other plugins that load the module). + * Be quiet about updating wrappers, except in verbose mode. (jmtd) + * meta: Add FOAF support. Closes: #623156 (Jonas Smedegaard) + * Promote Crypt::SSLeay to Recommends; needed for https openid auth. + * tag: Avoid autocreating multiple tag pages that vary only in + capitalization. The first capitalization seen of a tag will be used + for the tag page. + * Fix yaml build dep. Closes: #624712 + + -- Joey Hess <joeyh@debian.org> Sat, 30 Apr 2011 17:13:24 -0400 + +ikiwiki (3.20110328) unstable; urgency=low + + * Yaml formatted setup files are now produced by default. + (Perl formatted setup files can still be used.) + * Add timezone setting in setup file. This alows time zone to be configured + via the web. + * comment: Better fix to avoid showing comments of subpages, while + not breaking manual inlining of comments. + * meta: Security fix; don't allow alternative stylesheets to be added + on pages where the htmlscrubber is enabled. CVE-2011-1401 + + -- Joey Hess <joeyh@debian.org> Mon, 28 Mar 2011 12:23:26 -0400 + +ikiwiki (3.20110321) unstable; urgency=low + + * comment: Don't show comments of subpages on parent pages. + (Fixes bug introduced in version 3.20100505.) + * darcs: Fix multiple issues preventing rcs_diff from working. + * aggregate: Read cookies from ~/.ikiwiki/cookies by default. + Also, the cookiejar configuration setting can be used by + other plugins to provide a custom `cookie_jar` object for LWP::UserAgent. + (Thanks, schmonz) + * Avoid escaping / characters in filenames when building the cgiurl, + as this confuses eg, cvsweb. + + -- Joey Hess <joeyh@debian.org> Mon, 21 Mar 2011 14:45:05 -0400 + +ikiwiki (3.20110225) unstable; urgency=low + + * editpage: Avoid inheriting internal page types. + * htmltidy: Avoid breaking the sidebar when websetup is running. + * transient: New utility plugin that allows transient pages to + be stored in .ikiwiki/transient/ (smcv) + * aggregate: Aggregated content is stored in the transient underlay. + (Existing aggregated content is not moved, since it will eventually + expire and be removed) (smcv) + * autoindex, tag: Added autoindex_commit and tag_autocreate_commit that + can be unset to make index files and tags respectively not be committed, + and instead be stored in the transient underlay. + Closes: #544322 (smcv) + * autoindex: Adapted to use add_autofile. Slight behavior changes + in edge cases that are probably really bug fixes. (smcv) + * recentchanges: Use transient underlay (smcv) + * map: Avoid unnecessary ul's in maps with nested directories. + (Giuseppe Bilotta) + * Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced + in 3.20101231. + * inline: Fix link to nested inlined pages's feeds. (Giuseppe Bilotta) + * inline: Add 'id' parameter that can be used when styling individual + feedlinks and postforms. (Giuseppe Bilotta) + + -- Joey Hess <joeyh@debian.org> Fri, 25 Feb 2011 17:31:08 -0400 + +ikiwiki (3.20110124) unstable; urgency=low + + * comments: Fix commenting, broken by security fix. + * blogspam: Don't check modifications from admins for spam, and also + allow the blogspam_pagespec to do other matches against who the user is. + * inline: Fix regression in feed titles. Closes: #610878 + (Thanks, Paul Wise) + + -- Joey Hess <joeyh@debian.org> Mon, 24 Jan 2011 17:07:44 -0400 + +ikiwiki (3.20110123) unstable; urgency=low + + * Adapt autoindex test suite to work with old Test::More. + * Fix posting by blog form, broken by last release. + + -- Joey Hess <joeyh@debian.org> Sun, 23 Jan 2011 10:12:33 -0400 + +ikiwiki (3.20110122) unstable; urgency=medium + + * inline: Pass feed titles to templates and add title and rel attributes + to feed links. (Giuseppe Bilotta) + * inline: Use class rather than id for feedlinks and blogform. + (Giuseppe Bilotta) + * comments: Fix XSS security hole due to missing validation of page name. + CVE-2011-0428 (Thanks, Dave B.) + * rename: Fix crash when renaming a page that is linked to by a page + in an underlay. + + -- Joey Hess <joeyh@debian.org> Sat, 22 Jan 2011 10:22:25 -0400 + +ikiwiki (3.20110105) unstable; urgency=low + + * tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta) + * tag: Improve display of tags with a slash in their names. + (Giuseppe Bilotta) + * Fix redirect to use a full url. Was broken (in theory) by baseurl + changes in last release. + * Fix `<base>` output by cgi to have a full url again, broken by last + release. + * Fix permalinks to recentchanges items and comments, broken by last + release. + * Export three cgi env vars needed for CGI->url to work. Fixed + openid breakage from last release. + * Removed `IkiWiki::misctemplate()` function. Any plugins using + it should use `IkiWiki::cgitemplate()` instead. + + -- Joey Hess <joeyh@debian.org> Wed, 05 Jan 2011 17:33:05 -0400 + +ikiwiki (3.20101231) unstable; urgency=low + + * Better support for serving the same site on multiple urls. (Such as + a http and a https url, or a ipv4 and an ipv6 url.) + (Thanks, smcv) + * API: urlto without a defined second parameter now generates an url + that starts with "/" (when possible; eg when the site's url and cgiurl + are on the same domain). + * Now when users log in via https, ikiwiki sends a secure cookie, that can + only be used over https. If the user switches to using http, they will + need to re-login. (smcv) + * inline: Display feed buttons for nested inlines, linking to the inlined + page's feed. (Giuseppe Bilotta) + * goldtype: New theme, based on blueview, contributed by Lars Wirzenius. + * po: do not override homepage title when it was overridden. (intrigeri) + * Set HTML::Template's parent_global_vars option to allow using parameters + like title_overridden that do not appear on the template. (intrigeri) + (See https://rt.cpan.org/Public/Bug/Display.html?id=64158) + * inline: Force an absolute page location when the inline postform is used. + * editpage, comment: Clean up title when editing or creating a page or + comment. + * teximg: Use `\[` and `\]` instead of not recommended `$$`. (Paul Menzel) + Closes: #596084 + * monotone: Improve version parsing to support patch and development + versions of the monotone binary. (tommyd3mdi) + * highlight: Support highlight 3.2+svn19 (note that released version 3.2 + is not supported). Closes: #605779 (David Bremner) + * Add a second parameter to the rcs_diff hook, and avoid bloating memory + reading in enormous commits. + * git: Fix bug involving attempting to web revert a commit that included + changes to attachments. + + -- Joey Hess <joeyh@debian.org> Fri, 31 Dec 2010 21:23:37 -0400 + +ikiwiki (3.20101201) unstable; urgency=low + + * meta: Fix calling of htmlscrubber to pass the page parameter. + The change of the htmlscrubber to look at page rather than destpage + caused htmlscrubber_skip to not work for meta directives. + + -- Joey Hess <joeyh@debian.org> Wed, 01 Dec 2010 20:28:01 -0400 + +ikiwiki (3.20101129) unstable; urgency=low + + * websetup: Fix encoding problem when restoring old setup file. + * more: Add pages parameter to limit where the more is displayed. + (thanks, dark) + * Fix escaping of filenames in historyurl. (Thanks, aj) + * inline: Improve RSS url munging to use a proper html parser, + and support all elements that HTML::Tagset knows about. + (Which doesn't include html5 just yet, but then the old version + didn't either.) Bonus: 4 times faster than old regexp method. + * Optimise glob() pagespec. (Thanks, Kathryn and smcv) + * highlight: Support new format of filetypes.conf used by version 3.2 + of the highlight package. + * edittemplate: Fix crash if using a .tmpl file or other non-page file + as a template for a new page. + * git: Fix temp file location. + * rename: Fix to pass named parameters to rcs_commit. + * git: Avoid adding files when committing, so as not to implicitly add + files like recentchanges files that are not normally checked in, + when fixing links after rename. + + -- Joey Hess <joeyh@debian.org> Mon, 29 Nov 2010 13:59:10 -0400 + ikiwiki (3.20101112) unstable; urgency=HIGH * txt: Fix display when used inside a format directive.