X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/6d3d4129f0a8a73e43170905b7aaee4fd8dbe2a5..14f265d69dd4f3743ec11b26ff0ee84309950466:/debian/NEWS?ds=sidebyside diff --git a/debian/NEWS b/debian/NEWS index 767095364..e169658ea 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,375 @@ +ikiwiki (3.20160506) unstable; urgency=medium + + To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities, + the [[!img]] directive is now restricted to these common web formats by + default: + + * JPEG (.jpg, .jpeg) + * PNG (.png) + * GIF (.gif) + * SVG (.svg) + + (In particular, by default resizing PDF files is no longer allowed.) + + Additionally, resized SVG files are displayed in the browser as SVG + instead of being converted to PNG. + + If all users who can attach images are fully trusted, this restriction + can be removed with the new img_allowed_formats setup option. + See + or for + more details. + + -- Simon McVittie Fri, 06 May 2016 07:49:56 +0100 + +ikiwiki (3.20150610) unstable; urgency=low + + The new "emailauth" plugin allows users to authenticate using an email + address, without otherwise creating an account. + + The openid plugin now enables emailauth by default. Please include + emailauth in the disable_plugins setting if this is not desired. + Conversely, if emailauth is required on a wiki that does not enable + openid, you can list it in the enable_plugins setting. + + -- Simon McVittie Wed, 10 Jun 2015 21:56:56 +0100 + +ikiwiki (3.20150107) experimental; urgency=medium + + By default, this version of IkiWiki tells mobile browsers that its + layout is suitable for small screens. The default layout and the + actiontabs, blueview, goldtype and monochrome themes have been adjusted. + + If you have custom CSS that does not work in a small window (a typical + phone is 320 to 400 CSS pixels wide), please set the new responsive_layout + config option to 0. + + -- Simon McVittie Mon, 05 Jan 2015 23:48:42 +0000 + +ikiwiki (3.20110122) unstable; urgency=low + + If you have custom CSS that uses "#feedlinks" or "#blogform", you will + need to change it to instead use ".feedlinks" and ".blogform" + + -- Joey Hess Fri, 14 Jan 2011 14:34:54 -0400 + +ikiwiki (3.20100515) unstable; urgency=low + + There are two significant changes to the page.tmpl template in this version. + If you have a locally modified version of that template, you will need to + update it at least to contain the following in the HTML : + + + + + + + + Also, the footer should be wrapped in ... + + There is a new "comment()" pagespec, that can be used to match a + comment on a page. It is recommended it be used instead of the old + method of using a pagespec such as "internal(comment_*)" to match + things that looked like comments. The old pagespec will now also match + comments that are held for moderation; likely not what you want. + + There have also been some changes to the style.css in this version, + particularly to support the new openid selector. If you have a modified + version, of style.css, updating it (or moving it to local.css) is + recommended. + + -- Joey Hess Wed, 05 May 2010 21:47:08 -0400 + +ikiwiki (3.20100427) unstable; urgency=low + + This version of ikiwiki has a lot of changes that you need to know about. + + Now you can include customised versions of templates in the source + of your wiki. (For example, templates/page.tmpl.) When these templates + are changed, ikiwiki will automatically rebuild pages that use them. + + Allowing untrusted users to upload attachments with the ".tmpl" + extension is not recommended, as that allows anyone to change + a wiki's templates. + + The --getctime switch is renamed to --gettime, and it also gets the + file modification time. And it's a lot faster (when using git). But + the really important change is, you don't have to remember to use this + switch. Now ikiwiki will do it when it needs to. + + At last, the "tagged()" pagespec only matches tags, not regular wikilinks. + If your wiki accidentially relied on the old, buggy behavior, you might + need to change its pagespecs to use "link()". + + Many of your wishes have been answered: Now tag pages can automatically be + created when new tags are used. This feature is enabled by default if you + have configured a tagbase. It can be turned on or off using the + tag_autocreate setting. + + These changes may also affect some users: + + * The title_natural sort method (as used by the inline directive, etc) + has been moved to the new sortnaturally plugin, which is not enabled + by default since it requires the Sort::Naturally perl module. + + * The add_templates option has been removed from the underlay plugin. + If you used this option, you can instead use templates/ subdirectories + inside underlay directories added by the add_underlays option. + + Due to the above and other changes, all wikis need to be rebuilt on + upgrade to this version. If you listed your wiki in /etc/ikiwiki/wikilist + this will be done automatically when the Debian package is upgraded. Or + use ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Tue, 27 Apr 2010 00:00:00 -0400 + +ikiwiki (3.20091017) unstable; urgency=low + + To take advantage of significant performance improvements, all + wikis need to be rebuilt on upgrade to this version. If you + listed your wiki in /etc/ikiwiki/wikilist this will be done + automatically when the Debian package is upgraded. Or use + ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Mon, 05 Oct 2009 16:48:59 -0400 + +ikiwiki (3.1415926) unstable; urgency=low + + In order to fix a performance bug, all wikis need to be rebuilt on + upgrade to this version. If you listed your wiki in + /etc/ikiwiki/wikilist this will be done automatically when the + Debian package is upgraded. Or use ikiwiki-mass-rebuild to force + a rebuild. + + -- Joey Hess Tue, 25 Aug 2009 17:24:43 -0400 + +ikiwiki (3.13) unstable; urgency=low + + The `ikiwiki-transition deduplinks` command introduced in the + last release was buggy. If you followed the NEWS file instructions + and ran it, you should run `ikiwiki --setup` to rebuild your wiki + to fix the problem. + + -- Joey Hess Fri, 22 May 2009 13:04:02 -0400 + +ikiwiki (3.12) unstable; urgency=low + + You may want to run `ikiwiki-transition deduplinks your.setup` + after upgrading to this version of ikiwiki. This command will + optimise your wiki's saved state, removing duplicate information + that can slow ikiwiki down. + + -- Joey Hess Wed, 06 May 2009 00:25:06 -0400 + +ikiwiki (3.01) unstable; urgency=low + + If your wiki uses git, and you have a `diffurl` configured in + its setup file, you should be aware that gitweb has stopped + supporting the url form commonly used for the `diffurl`. + + You can change your setup to use the newer gitweb url form: + + http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]] + + The changes from the old form are the addition of the `hpb` parameter, + and the change to the value used for the `hb` parameter. + + -- Joey Hess Mon, 05 Jan 2009 18:18:05 -0500 + +ikiwiki (3.00) unstable; urgency=low + + The 3.0 release of ikiwiki changes several defaults and finishes + some transitions. You will need to modify your wikis to work with + ikiwiki 3.0. A document explaining the process is available + in + + -- Joey Hess Tue, 23 Dec 2008 16:14:18 -0500 + +ikiwiki (2.62) unstable; urgency=low + + TexImg standard preamble changed + + The teximg plugin now has a configurable LaTeX preamble. + As part of this change the `mchem` LaTeX package has been removed from + the default LaTeX preamble as it wasn't included in many TeX installations. + + The previous behaviour can be restored by adding the following to your + ikiwiki setup: + + teximg_prefix => '\documentclass{scrartcl} + \usepackage[version=3]{mhchem} + \usepackage{amsmath} + \usepackage{amsfonts} + \usepackage{amssymb} + \pagestyle{empty} + \begin{document}', + + In addition, the rendering mechanism has been changed to use `dvipng` by + default, if available. + + -- Joey Hess Sun, 24 Aug 2008 15:00:40 -0400 + +ikiwiki (2.60) unstable; urgency=low + + Admin preferences are moving from the web interface to the setup file. + There are three new options in the setup file: `locked_pages`, `banned_users`, + and `allowed_attachments`. The admin prefs page can still be used, but + that's deprecated, and the prefs will be hidden if a value is not already + set. If a value is set in the web interface, you're encouraged to move that + setting to your setup file now, since version 3.0 will remove the deprecated + admin prefs web interface. + + Also, the layout of the setup file has changed in a significant way in this + release. Old setup files will continue to work, but new features, like the + new websetup interface, require a new format setup file. You can convert + old setup files into the new format by running + `ikiwiki-transition setupformat ikiwiki.setup` + + -- Joey Hess Fri, 01 Aug 2008 17:02:14 -0400 + +ikiwiki (2.52) unstable; urgency=low + + All wikis need to be rebuilt on upgrade to this version. If you listed your + wiki in /etc/ikiwiki/wikilist this will be done automatically when the + Debian package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Sun, 06 Jul 2008 15:10:05 -0400 + +ikiwiki (2.49) unstable; urgency=low + + The search plugin no longer uses hyperestraier. Instead, to use it you + will now need to install xapian-omega, and the Search::Xapian, + HTML::Scrubber, and Digest::SHA1 perl modules. Ie, + `apt-get install xapian-omega libsearch-xapian-perl libhtml-scrubber-perl libdigest-sha1-perl` + + Also, wikis that use the search plugin will need to be rebuilt, + since the search form has changed. This will not be done automatically, + but can be done by running `ikiwiki-mass-upgrade` as root, or + running `ikiwiki --setup` on individual setup files. + + -- Joey Hess Wed, 04 Jun 2008 00:29:28 -0400 + +ikiwiki (2.48) unstable; urgency=high + + If you allowed password based logins to your wiki, those passwords were + stored in cleartext in the userdb. To guard against exposing users' + passwords, I recommend you install the Authen::Passphrase perl module, and + then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all + existing cleartext passwords with strong (blowfish) hashes. + + -- Joey Hess Thu, 29 May 2008 14:39:34 -0400 + +ikiwiki (2.46) unstable; urgency=low + + There were some significant template changes in ikiwiki 2.42 (and 1.33.5). + If you have locally modified versions of the templates, they need to be + updated. Most notably, the editpage.tmpl has a new FIELD-SID added to it, + without which web editing will fail. + + -- Joey Hess Tue, 06 May 2008 14:30:14 -0400 + +ikiwiki (2.40) unstable; urgency=low + + ikiwiki now has an new syntax for preprocessor directives, using the + prefix '!': + + [[!directive ...]] + + This new syntax no longer relies on spaces to distinguish between + wikilinks and preprocessor directives. Thus, wikilinks can use spaces + in their link text, and preprocessor directives without arguments (such + as "toc") need not use a trailing space. + + To enable the new syntax, set prefix_directives to true in your ikiwiki + config. For backward compatibility with existing wikis, + prefix_directives currently defaults to false. In ikiwiki 3.0, + prefix_directives will default to true, and wikis which have not yet + converted to the new syntax will need to set prefix_directives to false + in their setup files. + + To convert your wiki to the new syntax, ikiwiki provides a new script + ikiwiki-transition. + + Even with prefix_directives disabled, ikiwiki now allows an optional '!' + prefix on preprocessor directives (but still requires a space). Thus, a + directive which uses a '!' prefix and contains a space will work with + ikiwiki 2.40 and newer, regardless of the value of prefix_directives. + This allows the underlay to work with all ikiwikis. + + -- Josh Triplett Sat, 26 Jan 2008 16:26:47 -0800 + +ikiwiki (2.30) unstable; urgency=low + + Ever feel that ikiwiki's handling of RecentChanges wasn't truely in the + spirit of a wiki compiler? Well, that's changed. The RecentChanges page is + now a static page, not a CGI. Users can subscribe to its rss/atom feeds. + Custom RecentChanges pages can be easily set up that display only changes + to a subset of pages, or only changes by a subset of users. + + All wikis need to be rebuilt on upgrade to this version. If you listed your + wiki in /etc/ikiwiki/wikilist this will be done automatically when the + Debian package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild. + + With this excellent new RecentChanges support, the mail notification system + is its age (and known to be variously buggy and underimplemented for + various VCSes), and so ikiwiki's support for sending commit mails is REMOVED + from this version. If you were subscribed to commit mails, you should be + able to accomplish the same thing by subscribing to a RecentChanges feed. + + The "notify" field in setup files is no longer used, and + silently ignored. You may want to remove it from your setup file. + + -- Joey Hess Tue, 29 Jan 2008 17:18:31 -0500 + +ikiwiki (2.20) unstable; urgency=low + + The template plugin has begin to htmlize the variables passed to templates. + This is normally what you want, but to get the old behavior and get at the + raw value, you can use `` in a template. + + -- Joey Hess Sat, 08 Dec 2007 16:04:43 -0500 + +ikiwiki (2.16) unstable; urgency=low + + Many of the pages in ikiwiki's basewiki have been moved and renamed in this + release, to avoid the basewiki including pages with names like "blog". + Redirection pages have been left behind for these moved pages temporarily, + and will be removed later. + + If you use the calendar plugin, ikiwiki is now smarter and your nightly + cron job to update the wiki doesn't need to rebuild everything. Just pass + --refresh to ikiwiki in the cron job and it will update only pages that + contain out of date calendars. + + -- Joey Hess Sat, 08 Dec 2007 16:04:43 -0500 + +ikiwiki (2.14) unstable; urgency=low + + This version of ikiwiki is more picky about symlinks in the path leading + to the srcdir, and will refuse to use a srcdir specified by such a path. + This was necessary to avoid some potential exploits, but could potentially + break (semi-)working wikis. If your wiki has a srcdir path containing a + symlink, you should change it to use a path that does not. + + -- Joey Hess Mon, 26 Nov 2007 14:57:57 -0500 + +ikiwiki (2.9) unstable; urgency=low + + Since ikiwiki 2.0 was released, some limitiations have been added to what + ikiwiki considers a WikiLink. In short, if there are any spaces in between + the brackets, ikiwiki no longer considers it to be a WikiLink. If your wiki + contains things meant to be WikiLinks that contain spaces, you will need to + fix them, by replacing the spaces with underscores. + + WikiLink have always been documented to not contain spaces, but bugs in + ikiwiki made it treat some text with spaces as WikiLinks. Most of these + bugs were fixed in version 2.2, and a final bug was fixed in this 2.9 + release. These fixes are necessary to avoid ambiguity between + WikiLinks and PreProcessorDirectives. Apologies for any inconvenience + these bugs (and their fixes) may have caused. + + -- Joey Hess Sat, 29 Sep 2007 14:37:18 -0400 + ikiwiki (2.6) unstable; urgency=low In this version the rst plugin allows raw html to be embedded in rst files.