X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/96817b00326b983299ce701532643f763259af89..d17e1d8c9d124cbf92f356871124ff76ff88621a:/debian/changelog?ds=inline diff --git a/debian/changelog b/debian/changelog index 6e769131a..e2463fb02 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,372 @@ -ikiwiki (2.16) UNRELEASED; urgency=low +ikiwiki (2.43) UNRELEASED; urgency=low + + * Fix missing import of escapeHTML in userlink. (Scott Bronson) + * Fix broken rcs_update for bzr. (Scott Bronson) + * Use bzr --quiet to avoid it outputting stuff and messing up http headers. + (Scott Bronson) + * Give the full path to the hyperestraier helpfile in estseek.conf. + * Recommend a recent git-core for git init. Closes: 475609 + + -- Joey Hess Thu, 10 Apr 2008 17:36:53 -0400 + +ikiwiki (2.42) unstable; urgency=high + + * aggregate: Correct a mistake in the code that dummy up a guid for feeds + lacking one. + * inline: Correct handling of urls relative to baseurl in feeds. + * Fix CSRF attacks against the preferences and edit forms. The fix involved + embedding the session id in the forms, and not allowing the forms to be + submitted if the embedded id does not match the session id. Closes: #475445 + + -- Joey Hess Thu, 03 Apr 2008 02:35:39 -0400 + +ikiwiki (2.41) unstable; urgency=low + + [ Adeodato Simó ] + * Preprocessor directives generated by the shortcut plugin accept a `desc` + parameter that overrides the anchor text provided at shortcut definition + time. (Closes: #458126) + + [ martin f. krafft ] + * The meta plugin now allows for the robots tag to be specified without the + risk of it being scrubbed. + * Let meta.openid set X-XRDS-Location header + * Make makerepo set the Git merge remote. + branch.master.remote previously used to default to origin, which has + recently been changed; it now needs to be set explicitly, which this + patch does. Closes: #470517 + * meta: Also generate openid2 headers. + * Handle SimpleXMLRPCDispatcher arg count change in python 2.5 + * Provide XML-RPC proxy abstraction for Python plugins. + + [ Joey Hess ] + * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds. + * rcs_diff is a new function that rcs modules should implement. + * Implemented rcs_diff for git, svn, and tla (tla version untested). + Mercurial and monotone still todo. + * Support Text::Markdown::markdown, which is the spelling used by + version 1.0.16 of Text::Markdown. + * Updated Spanish translation from Victor Moral. + * Fix example exclude regexp. Closes: #469691 + * Remove locking code in git rcs_commit. I'm not sure if this was ever + correct, and it's certianly not correct now, since the wiki is locked + before rcs_commit is ever called, and should not be unlocked by + rcs_commit either. + * monotone: Require version 0.38 or greater, and stop using the mtnmergerc + option. (Brian May) + * Use forcebaseurl to make page previews be displayed with the html base + set to the destination page. This avoids need for hacks to munge the urls + in preview mode, which fixes several bugs. + * Several destpage fixes in plugins. + * Use absolute url for feedurl when filling out the feed templates. + Closes: #470530 + * Fix expiry of old recentchanges changeset pages. + * French translation update. Closes: #471010 + * external: Fix support of XML::RPC::fault. + * htmltidy: Pass --markup yes, in case tidy's config file disabled it. + * external: Add getargv and setargv methods to allow access to ikiwiki's + @ARGV. + * Correct bug in encoding of %pagestate keys, fixes edittemplate. + * Detect invalid pagespecs and do not merge them in add_depends, + as that can result in a broken merged pagespec that matches nothing. + * Record new pages in %pagesources temporarily when previewing so that + things that need to know the page source or type can query it from there. + Fixes previewing of tables when creating a new page. + * German translation update. Closes: #471540 + * Time::Duration is no longer used, remove from docs and recommends. + * Store userinfo in network byte order for easy portability. + (Old files will be automatically converted.) + * Close meta tag for redir properly. + * smiley: Detect smileys inside pre and code tags, and do not expand. + * inline: Crazy optimisation to work around slow markdown. + * Precompile pagespecs, about 10% overall speedup. + * Changed to a binary index file, written using Storable, for speed. + * external: Work around XML RPC's lack of support for null by passing + a special sentinal value. + * inline: Allow the "feedshow" parameter to take values greater than the + value for "show". + * Added a hardlink option in the setup file, useful if the source and + dest are on the same filesystem and the wiki includes large media files, + which would normally be copied, wasting time and space. + + -- Joey Hess Sat, 29 Mar 2008 21:07:22 -0400 + +ikiwiki (2.40) unstable; urgency=low + + [ Josh Triplett ] + * Add new preprocessor directive syntax¸ using a '!' prefix. Add a + prefix_directives option to the setup file to turn this syntax on; + currently defaults to false, for backward compatibility. Support + optional '!' prefix even with prefix_directives off, and use that in + the underlay to support either setting of prefix_directives. Add NEWS + entry with migration information. + + [ Joey Hess ] + * Danish translation update from Jonas Smedegaard. Closes: #465152 + * Generate XML RPC messages with the encoding set to utf-8 instead + of XML::RPC's default of us-ascii. Allows interoperation with + python's xmlrpc library, which threw invalid encoding exceptions and + caused the rst plugin to hang. + * Add the linkify and scan hooks. These hooks can be used to implement + custom, first-class types of wikilinks. + * Move standard wikilink implementation to a new link plugin, which + will of course be enabled by default. + * camelcase: Convert to use new linkify and scan hooks rather than the old + hack. + * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this. + * Depend on HTML::Scrubber, since the scrubber is enabled by default and + dies if its can't be loaded. + * The search plugin needs to override to point to the directory + containing ikiwiki.cgi, but this should not change the urls to the style + sheets etc. Add a new forcebareurl parameter to misctemplate to allow + it to do that. + * Preview limits the page dropdown to what's selected previously + (as preserving the full list across preview would be tricky). Userdirs + were still being offered as an option there, remove them. + * Fix a bug where user A created a page concurrently with user B, and + when B previewed it would redirect B to A's new page, losing B's work. + Instead, don't redirect and let conflict handling resolve it. + * monotone: Add code to default mergerc file to run + _MTN/ikiwiki-netsync-hook when a commit is merged in from the net. + * tla: Remove call to escapeHTML when constructing recentchanges message; + the html is escaped at a different level. Closes: #466495 + * bzr, mercurial: Remove unused import of escapeHTML. + * Fix another preview will_render bug. This one involved inline, + which forced a scan of the page to make available metadata that + appeared after the inline directive. Problem is that scan made it forget + about any other files rendered due to the page. The scan also turns out + to be unnecessary now, since meta persistently stores state and it's + always available. So it was just removed. + * Disable taint checking for all builds as people keep complaining about it, + and since all versions of perl seem to be hopelessly broken. + * Fix links generated by preprocessor directives when previewing. + * inline: When forcing urls absolute for rss feeds, skip mailto and other + such urls. + * ikiwiki-makerepo: Don't fail if the third argument ends in a slash. + * Allow colons in URLs after the first slash. (Adeodato Simó) + + -- Joey Hess Fri, 29 Feb 2008 23:05:39 -0500 + +ikiwiki (2.31.3) unstable; urgency=high + + [ Josh Triplett ] + * Do not allow the about: URI scheme; some browsers interpret about: + URIs like a limited version of data: URIs. In particular, some + versions of Internet Explorer interpret arbitrary HTML content in + about: URIs. + * Also filter the attributes cite, longdesc, and usemap, which can contain + URIs. + + [ Joey Hess ] + * meta: Check that the urls provided for authorurl, permalink, and openid + are safe and can't contain javascript. + + [ Josh Triplett ] + * Match literal '.' in URI schemas containing '.', rather than matching any + character. + * Do not allow the steam: URI scheme. + * Allow the snews: URI scheme. + * Allow the smb: URI scheme. + + -- Josh Triplett Sun, 10 Feb 2008 14:48:48 -0800 + +ikiwiki (2.31.2) unstable; urgency=high + + * The security fix in the last release had buggy handling of data:image, + now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809) + + -- Joey Hess Sun, 10 Feb 2008 15:31:17 -0500 + +ikiwiki (2.31.1) unstable; urgency=low + + * htmlscrubber security fix: Block javascript in uris. + * Add htmlscrubber test suite. + * Thanks to Josh Triplett for pointing out the holes and for his help + in implementing and checking fixes. + + -- Joey Hess Sun, 10 Feb 2008 13:22:59 -0500 + +ikiwiki (2.31) unstable; urgency=low + + [ Joey Hess ] + * Revert preservation of input file modification times in output files, + since this leads to too many problems with web caching, especially with + inlined pages. Properly solving this would involve tracking every page + that contributes to a page's content and using the youngest of them all, + as well as special cases for things like the version plugin, and it's just + too complex to do. + * aggregate: Forking a child broke the one state that mattered: Forcing + the aggregating page to be rebuilt. Fix this. + * cgi hooks are now run before ikiwiki state is loaded. + * This allows locking the wiki before loading state, which avoids some + tricky locking code when saving a web edit. + * poll: This plugin turns out to have edited pages w/o doing any locking. + Oops. Convert it from a cgi to a sessioncgi hook, which will work + much better. + * recentchanges: Improve handling of links on the very static changes pages + by thunking to the CGI, which can redirect to the page, or allow it to be + created if it doesn't exist. + * recentchanges: Exipre all *._change pages, even if the directory + they're in has changed. + * aggregate: Lots of changes; aggregation can now run without locking the + wiki, and there is a separate aggregatelock to prevent multiple concurrent + aggregation runs. + * monotone changes by Brian May: + - On commits, replace "mtn sync" bidirectional with "mtn push" single + direction. No need to pull changes when doing a commit. mtn sync + is still called in rcs_update. + - Support for viewing differences via patches using viewmtn. + * inline: When previewing, still call will_render on rss/atom files, + just avoid actually writing the files. This is necessary because ikiwiki + saves state after a preview (in case it actually *did* write files), + and if will_render isn't called its security checks will get upset + when the page is saved. Thanks to Edward Betts for his help tracking this + tricky bug down. + * inline: Add new `allowrss` and `allowatom` config options. These can be + used if you want a wiki that doesn't default to generating rss or atom + feeds, but that does allow them to be turned on for specific blogs. + * Don't die if running with --getctime and rcs_getctime throws an error. + There are several cases (recentchanges files, aggregated files) + where some source files are not in revision control. + * Page templates can now use CTIME to show when the page was created. + + [ Josh Triplett ] + * README.Debian: Mention user wikilists. + + -- Joey Hess Sat, 09 Feb 2008 23:09:45 -0500 + +ikiwiki (2.30) unstable; urgency=low + + [ Joey Hess ] + * Old versions of git-init don't support --git-dir or GIT_DIR with + --bare. Change ikiwiki-makerepo to use a method that should work with + those older versions too. + * aggregate: Don't let feeds set creation times for pages in the future. + * Add full parser for git diff-tree output (Brian Downing) + * aggregate: Fork a child process to handle the aggregation. This simplifies + the code, since that process can change internal state as needed, and + it will automatically be cleaned up for the parent process, which proceeds + to render the changes. + + [ Josh Triplett ] + * Add trailing comma to commented-out umask in sample ikiwiki.setup, so + that uncommenting it does not break the setup file. + + [ Joey Hess ] + * inline: The template can check for FIRST and LAST, which will be + set for the first and last inlined page. Useful for templates that build + tables and the like. + * prettydate,ddate: Don't ignore time formats passed to displaytime + function. + * Pages with extensions starting with "_" are internal-use, and will + not be rendered or web-edited, or matched by normal pagespecs. + * Add "internal()" pagespec that matches internal-use pages. + * RecentChanges is now a static html page, that's updated whenever a commit + is made to the wiki. It's built as a blog using inline, so it can have + an rss feed that users can subscribe to. + * Removed support for sending commit notification mails. Along with it went + the svnrepo and notify settings, though both will be ignored if left in + setup files. Also gone with it is the "user()" pagespec. + * Add refresh hook. + * meta: Add pagespec functions to match against title, author, authorurl, + license, and copyright. This can be used to create custom RecentChanges. + * meta: To support the pagespec functions, metadata about pages has to be + retained as pagestate. + * Fix encoding bug when pagestate values contained spaces. + * Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for + his independent work on bzr support. + * Copyright file updates. + + -- Joey Hess Sat, 02 Feb 2008 17:41:57 -0500 + +ikiwiki (2.20) unstable; urgency=low + + * inline: Add copyright/license info on a per-post basis to atom + feeds if available. (rss doesn't allow such info on a per-post basis) + * Also include overall copyright/license and author info in atom feeds if + available. + * meta: Allow copyright/license metadata to contain arbitrary markup. + * Call preprocessor hooks in void context during the scan pass. This allows + the hook to determine if it's just scanning, and avoid expensive + operations. + * img: Detect scan mode and avoid generating and writing the image file + during it, for a 2x speedup. + * meta: Run in scan mode again (more intelligently) and re-add support for + meta link. + * Fix support for the case where metadata appears after an inline directive + that needs to use it. This was broken in version 2.16. + * template: Remove bogus htmlize pass added in 2.16. + * template: Htmlize template variables, but also provide a raw version + via ``. + * When htmlizing text, if the input is a single line with no newline, + and the htmlizer (such as markdown and textile) generates a html + paragraph, remove it. This allows removing several hacks from other + plugins that htmlize fragements of pages. + * In preferences, allow the subscriptions and email fields to be cleared. + * teximg: Fix to support the same formula on multiple pages. + + -- Joey Hess Thu, 10 Jan 2008 14:52:57 -0500 + +ikiwiki (2.19) unstable; urgency=low + + * Only try postsignin if no other action matched. Fixes a bug where the + user goes back from the signin screen and does something else. + * Improve behavior when trying to sign in with no cookies. + * Improved the canedit hook interface, allowing a callback function to be + returned (and not run in some cases) rather than the plugins directly + forcing a user to log in. + * opendiscussion: allow editing of the toplevel discussion page, + and, indirectly, allow creating new discussion pages. + * Add a prereq on Data::Dumper 2.11 or better, needed to dump q// objects. + * htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/' + and 'p/'. + * aggregate: Include copyright statements from rss feed as meta copyright + directives. + * aggregate: Yet another state saving fix (sigh). + * aggregate: Add hack to support feeds with invalidly escaped html entities. + + -- Joey Hess Tue, 08 Jan 2008 20:43:18 -0500 + +ikiwiki (2.18) unstable; urgency=low + + * Split error messages for failures to drop real uid and gid. + * Retry dropping uid and gid, possibly this will help with the "Resource + temporarily unavailable" failures I've experienced under xen. + * Stop testing Encode::is_utf8 in decode_form_utf8: That doesn't work. + * decode_form_utf8 only fixed the utf-8 encoding for fields that were + registered at the time it was called, which was before the + formbuilder_setup hook. Fields added by the hook didn't get decoded. + But it can't be put after the hook either, since plugins using the hook + need to be able to use form values. To fix this dilemma, it's been changed + to a decode_cgi_utf8, which is called on the cgi query object, before the + form is set up, and decodes *all* cgi parameters. + * aggregate: Only save state if it was already loaded. This didn't used to + matter, but after recent changes, state is not always loaded, and saving + would kill it. + * table: Fix dependency tracking for external data files. Closes: #458387 + + -- Joey Hess Sat, 05 Jan 2008 02:15:18 -0500 + +ikiwiki (2.17) unstable; urgency=low + + * Improved parentlinks special case for index pages. + * redir: Support for specifying anchors. + * img: Avoid nesting images when linking to another image. Closes: #457780 + * img: Allow the link parameter to point to an exterior url. + * conditional: Improve regexp testing for simple uses of pagespecs + that match only the page using the directive, adding 'included()' + and supporting negated pagespecs and added whitespace. + * map: Fix handling of common prefix to handle the case where it's + in a subdirectory. Patch by Larry Clapp. + * aggregate: Fix stupid mistake introduced when converting it to use + the needsbuild hook. This resulted in feeds not being removed when pages + were updated, and feeds sometimes being forgotten about. + * aggregate: Avoid uninitialised value warning when removing a feed that + has an expired guid. + + -- Joey Hess Sun, 30 Dec 2007 14:57:44 -0500 + +ikiwiki (2.16) unstable; urgency=low * Major basewiki reorganisation. Most pages moved into ikiwiki/ subdirectory to avoid polluting the main namespace, and some were further renamed. @@ -38,7 +406,7 @@ ikiwiki (2.16) UNRELEASED; urgency=low * Don't increment feed numbers when an inline has no feeds. (Nis Martensen) * Allow editing a page and deleting all content, while still disallowing creating a new page that's entirely empty. - * meta: Drop support for "meta link", since supporting this for internal + * meta: Drop support for "meta link", since supporting this for internal links required meta to be run during scan, which complicated its data storage, since it had to clear data stored during the scan pass to avoid duplicating it during the normal preprocessing pass. @@ -52,8 +420,18 @@ ikiwiki (2.16) UNRELEASED; urgency=low stored data before preprocessing, this hack was ugly, and broken (cf: liw's disappearing openids). * aggregate: Convert filter hook to a needsbuild hook. - - -- Joey Hess Mon, 03 Dec 2007 14:47:36 -0500 + * map: Don't inline images. + * brokenlinks: Don't list the same link multiple times. (%links might + contain multiple copies of the same link) + * git: Correct display of multiline commit messages in recentchanges. + * Re-organise dependencies and recommends now that recommends are installed + by default. + * Don't refuse to render files with ".." in their name. (Anchor the regexp.) + * Work around perl taint checking bug #411786, where perl sometimes randomly + sets the taint flag on untainted variables, by disabling taint checking + in the deb. This sucks. + + -- Joey Hess Tue, 18 Dec 2007 16:37:22 -0500 ikiwiki (2.15) unstable; urgency=low