X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/84993495f348a180e8e40261f2f9a6da1eb3da9c..e0406eadd387f2a1dc56c8034504bc5d127dae28:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 20eca0155..2692de13a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,69 @@ -ikiwiki (3.20140917) UNRELEASED; urgency=medium +ikiwiki (3.20141016.2) UNRELEASED; urgency=high - * Build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. + + -- Simon McVittie Sun, 29 Mar 2015 22:28:15 +0100 + +ikiwiki (3.20141016.1) unstable; urgency=medium + + * Backport selected commits for Debian 8: + + [ Joey Hess ] + * Add missing build-depends on libcgi-formbuilder-perl, needed for + t/relativity.t if libipc-run-perl is also installed + (buildds are unaffected by this) + * Set Debian package maintainer to Simon McVittie as I'm retiring from + Debian. + + [ Amitai Schlair ] + * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd). + Closes: #774441 + + [ Simon McVittie ] + * Work around imagemagick Debian bug #771047 by using a non-blank SVG + for the regression test, to avoid FTBFS in current unstable + if inkscape is installed (buildds are unaffected by this) + + -- Simon McVittie Wed, 07 Jan 2015 11:08:35 +0000 + +ikiwiki (3.20141016) unstable; urgency=medium + + [ Joey Hess ] + * Fix crash that can occur when only_committed_changes is set and a + file is deleted from the underlay. + + [ Simon McVittie ] + * core: avoid dangerous use of CGI->param in list context, which led + to a security flaw in Bugzilla; as far as we can tell, ikiwiki + is not vulnerable to a similar attack, but it's best to be safe + * core: new reverse_proxy option prevents ikiwiki from trying to detect + how to make self-referential URLs by using the CGI environment variables, + for instance when it's deployed behind a HTTP reverse proxy + (Closes: #745759) + * core: the default User-Agent is now "ikiwiki/$version" to work around + ModSecurity rules assuming that only malware uses libwww-perl + * core: use protocol-relative URLs (e.g. //www.example.com/wiki) so that + https stays on https and http stays on http, particularly if the + html5 option is enabled + * core: avoid mixed content when a https cgiurl links to http static pages + on the same server (the static pages are assumed to be accessible via + https too) + * core: force the correct top URL in w3mmode + * google plugin: Use search form + * docwiki: replace Paypal and Flattr buttons with text links + * comments: don't record the IP address in the wiki if the user is + logged in via passwordauth or httpauth + * templates: add ARIA roles to some page elements, if html5 is enabled. + Thanks, Patrick + * debian: build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra so we can thumbnail SVGs in the docwiki + * debian: explicitly depend and build-depend on libcgi-pm-perl + * debian: drop unused python-support dependency + * debian: rename debian/link to debian/links so the intended symlinks appear + * debian: fix some wrong paths in the copyright file - -- Simon McVittie Tue, 16 Sep 2014 11:21:16 +0100 + -- Simon McVittie Thu, 16 Oct 2014 23:28:26 +0100 ikiwiki (3.20140916) unstable; urgency=low