X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/d7fdd04b5a113b6dded40cb79b670b16570c11b3..fab1333b6704f5ccd502a5a108c4899aeaf5f675:/debian/changelog?ds=sidebyside diff --git a/debian/changelog b/debian/changelog index 47273ea94..5e833d090 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,355 @@ -ikiwiki (2.21) UNRELEASED; urgency=low +ikiwiki (2.49) UNRELEASED; urgency=low + + * haiku: Generate valid xhtml. + * ikiwiki-mass-rebuild: Don't trust $! when setting $) + * inline: The optimisation in 2.41 broke nested inlines. Detect those + and avoid overoptimising. + * search: Converted to use xapian-omega. + * Filter hooks are no longer called during the scan phase. This will + prevent wikilinks added by filters from being scanned properly. But + no known filter hook does that, and calling filters unncessarily during + scan slowed down complex filters such as the one used to update the xapian + index. + + -- Joey Hess Fri, 30 May 2008 19:08:54 -0400 + +ikiwiki (2.48) unstable; urgency=high + + * Fix security hole that occurred if openid and passwordauth were both + enabled. passwordauth would allow logging in as a known openid, with an + empty password. Closes: #483770 (CVE-2008-0169) + * Add rel=nofollow to edit links. This may prevent some spiders from + pounding on the cgi following edit links. + * passwordauth: If Authen::Passphrase is installed, use it to store + password hashes, crypted with Eksblowfish. + * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to + hash existing plaintext passwords. + * Passwords will no longer be mailed, but instead a password reset link. + * The password_cost config setting is provided as a "more security" knob. + * teximg: Fix logurl. + * teximg: If the log isn't written, avoid ugly error messages. + * Updated French translation. Closes: #478530 + + -- Joey Hess Fri, 30 May 2008 17:36:07 -0400 + +ikiwiki (2.47) unstable; urgency=low + + * mdwn: Add a multimarkdown setup file option. + * If PERL5LIB is set to the libdir when building ikiwiki, calculate and + hardcode a proper 'use lib' statement anyway. This fixes a gotcha, + since PERL5LIB won't work once ikiwiki is running via a wrapper or as + a cgi. + * orphans: As a special case, the toplevel index page is never considered + an orphaned page. + * inline: Display a message if the 'pages' parameter is missing, before + it just expanded to nothing. + * git: Skip over signed-off-by and similar lines in commit messages + when generating recentchanges. + * ENV can be used in the setup file to override environment variable + settings, such as TZ or PATH. + * Perls older than 5.10 need to use the old method of decoding utf-8 in CGI + values. Neither method will work for all versions of perl, so check + version number at runtime. + * Avoid unsightly warning message when evaling broken pagespecs. + * Improve error message when a pagespec fails to parse. + + -- Joey Hess Sun, 25 May 2008 14:25:42 -0400 + +ikiwiki (2.46) unstable; urgency=low + + * amazon_s3: New plugin, which injects wiki pages into Amazon S3, allowing + ikiwiki to be used without a dedicated web server. + * aggregate: Add support for web-based triggering of aggregation + for people stuck on shared hosting without cron. (Sheesh.) Enabled + via the `aggregate_webtrigger` configuration optiom. + * Add pinger and pingee plugins, which allow setting up mirrors and branched + wikis that automatically ping one another to stay up to date. + * Optimised file statting code when scanning for modified pages; + cut the number of system calls in half. (Still room for improvement.) + * Fixes for behavior changes in perl 5.10's CGI that broke utf-8 support + in several interesting ways. + + -- Joey Hess Mon, 12 May 2008 20:51:50 -0400 + +ikiwiki (2.45) unstable; urgency=low + + * toc: Add the table of contents at sanitize time, rather than at format + time. This allows the toc to be displayed when previewing an edit. It also + avoids headers in the page template from showing up in the toc. + * Add PREFIX/bin to the hardcoded PATH within ikiwiki. + * Deal with different paths to perl when removing -T flag. + * Add missing de.po. Closes: #471540 + * img: Support a title attribute, will be passed through to html. + Closes: #478718 + * anonk: Add anonok_pagespec configuration setting that can be used to + allow anonymous users to edit only matching pages. Closes: #478892 + * Fix ugly display when editing a page that has vanished. + * srcfile now has an optional second parameter to avoid it throwing an error + if the source file does not exist. + * git: Put -- before the filename when calling git rev-list to avoid + warning message when the file doesn't exist. + * Add a Bundle::IkiWiki and Bundle::IkiWiki::Extras to the source for use + with CPAN to install perl modules. + * Add a cpan directory containing a CPAN::MyConfig that can ease use of + CPAN to install in a home directory on shared hosting providers. + * With these changes, it's pretty easy to install onto nearlyfreespeech.net + and probably other shared hosting providers like dreamhost. Added + a page documenting the process for nearlyfreespeech. + + -- Joey Hess Mon, 05 May 2008 15:06:05 -0400 + +ikiwiki (2.44) unstable; urgency=medium + + * Bring back the svnrepo setup file option. This is needed for + recentchangediff to work with svn repos. + * Allow libtext-markdown-perl to satisfy dependencies, as a + an alternative to the markdown package. + * Correct a bug in pagespec matching, where a empty pagespec matched all + pages. This manifested as wikis with no locked pages treating them all as + locked. The bug was introduced in version 2.41. + * Medium urgency upload due to above fix. + + -- Joey Hess Thu, 17 Apr 2008 14:33:54 -0400 + +ikiwiki (2.43) unstable; urgency=low + + * Fix missing import of escapeHTML in userlink. (Scott Bronson) + * Fix broken rcs_update for bzr. (Scott Bronson) + * Use bzr --quiet to avoid it outputting stuff and messing up http headers. + (Scott Bronson) + * Give the full path to the hyperestraier helpfile in estseek.conf. + * Recommend a recent git-core for git init. Closes: 475609 + + -- Joey Hess Wed, 16 Apr 2008 18:35:13 -0400 + +ikiwiki (2.42) unstable; urgency=high + + * aggregate: Correct a mistake in the code that dummy up a guid for feeds + lacking one. + * inline: Correct handling of urls relative to baseurl in feeds. + * Fix CSRF attacks against the preferences and edit forms. The fix involved + embedding the session id in the forms, and not allowing the forms to be + submitted if the embedded id does not match the session id. Closes: #475445 + (CVE-2008-0165) + + -- Joey Hess Thu, 03 Apr 2008 02:35:39 -0400 + +ikiwiki (2.41) unstable; urgency=low + + [ Adeodato Simó ] + * Preprocessor directives generated by the shortcut plugin accept a `desc` + parameter that overrides the anchor text provided at shortcut definition + time. (Closes: #458126) + + [ martin f. krafft ] + * The meta plugin now allows for the robots tag to be specified without the + risk of it being scrubbed. + * Let meta.openid set X-XRDS-Location header + * Make makerepo set the Git merge remote. + branch.master.remote previously used to default to origin, which has + recently been changed; it now needs to be set explicitly, which this + patch does. Closes: #470517 + * meta: Also generate openid2 headers. + * Handle SimpleXMLRPCDispatcher arg count change in python 2.5 + * Provide XML-RPC proxy abstraction for Python plugins. + + [ Joey Hess ] + * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds. + * rcs_diff is a new function that rcs modules should implement. + * Implemented rcs_diff for git, svn, and tla (tla version untested). + Mercurial and monotone still todo. + * Support Text::Markdown::markdown, which is the spelling used by + version 1.0.16 of Text::Markdown. + * Updated Spanish translation from Victor Moral. + * Fix example exclude regexp. Closes: #469691 + * Remove locking code in git rcs_commit. I'm not sure if this was ever + correct, and it's certianly not correct now, since the wiki is locked + before rcs_commit is ever called, and should not be unlocked by + rcs_commit either. + * monotone: Require version 0.38 or greater, and stop using the mtnmergerc + option. (Brian May) + * Use forcebaseurl to make page previews be displayed with the html base + set to the destination page. This avoids need for hacks to munge the urls + in preview mode, which fixes several bugs. + * Several destpage fixes in plugins. + * Use absolute url for feedurl when filling out the feed templates. + Closes: #470530 + * Fix expiry of old recentchanges changeset pages. + * French translation update. Closes: #471010 + * external: Fix support of XML::RPC::fault. + * htmltidy: Pass --markup yes, in case tidy's config file disabled it. + * external: Add getargv and setargv methods to allow access to ikiwiki's + @ARGV. + * Correct bug in encoding of %pagestate keys, fixes edittemplate. + * Detect invalid pagespecs and do not merge them in add_depends, + as that can result in a broken merged pagespec that matches nothing. + * Record new pages in %pagesources temporarily when previewing so that + things that need to know the page source or type can query it from there. + Fixes previewing of tables when creating a new page. + * German translation update. Closes: #471540 + * Time::Duration is no longer used, remove from docs and recommends. + * Store userinfo in network byte order for easy portability. + (Old files will be automatically converted.) + * Close meta tag for redir properly. + * smiley: Detect smileys inside pre and code tags, and do not expand. + * inline: Crazy optimisation to work around slow markdown. + * Precompile pagespecs, about 10% overall speedup. + * Changed to a binary index file, written using Storable, for speed. + * external: Work around XML RPC's lack of support for null by passing + a special sentinal value. + * inline: Allow the "feedshow" parameter to take values greater than the + value for "show". + * Added a hardlink option in the setup file, useful if the source and + dest are on the same filesystem and the wiki includes large media files, + which would normally be copied, wasting time and space. + + -- Joey Hess Sat, 29 Mar 2008 21:07:22 -0400 + +ikiwiki (2.40) unstable; urgency=low + + [ Josh Triplett ] + * Add new preprocessor directive syntax¸ using a '!' prefix. Add a + prefix_directives option to the setup file to turn this syntax on; + currently defaults to false, for backward compatibility. Support + optional '!' prefix even with prefix_directives off, and use that in + the underlay to support either setting of prefix_directives. Add NEWS + entry with migration information. + + [ Joey Hess ] + * Danish translation update from Jonas Smedegaard. Closes: #465152 + * Generate XML RPC messages with the encoding set to utf-8 instead + of XML::RPC's default of us-ascii. Allows interoperation with + python's xmlrpc library, which threw invalid encoding exceptions and + caused the rst plugin to hang. + * Add the linkify and scan hooks. These hooks can be used to implement + custom, first-class types of wikilinks. + * Move standard wikilink implementation to a new link plugin, which + will of course be enabled by default. + * camelcase: Convert to use new linkify and scan hooks rather than the old + hack. + * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this. + * Depend on HTML::Scrubber, since the scrubber is enabled by default and + dies if its can't be loaded. + * The search plugin needs to override to point to the directory + containing ikiwiki.cgi, but this should not change the urls to the style + sheets etc. Add a new forcebareurl parameter to misctemplate to allow + it to do that. + * Preview limits the page dropdown to what's selected previously + (as preserving the full list across preview would be tricky). Userdirs + were still being offered as an option there, remove them. + * Fix a bug where user A created a page concurrently with user B, and + when B previewed it would redirect B to A's new page, losing B's work. + Instead, don't redirect and let conflict handling resolve it. + * monotone: Add code to default mergerc file to run + _MTN/ikiwiki-netsync-hook when a commit is merged in from the net. + * tla: Remove call to escapeHTML when constructing recentchanges message; + the html is escaped at a different level. Closes: #466495 + * bzr, mercurial: Remove unused import of escapeHTML. + * Fix another preview will_render bug. This one involved inline, + which forced a scan of the page to make available metadata that + appeared after the inline directive. Problem is that scan made it forget + about any other files rendered due to the page. The scan also turns out + to be unnecessary now, since meta persistently stores state and it's + always available. So it was just removed. + * Disable taint checking for all builds as people keep complaining about it, + and since all versions of perl seem to be hopelessly broken. + * Fix links generated by preprocessor directives when previewing. + * inline: When forcing urls absolute for rss feeds, skip mailto and other + such urls. + * ikiwiki-makerepo: Don't fail if the third argument ends in a slash. + * Allow colons in URLs after the first slash. (Adeodato Simó) + + -- Joey Hess Fri, 29 Feb 2008 23:05:39 -0500 + +ikiwiki (2.31.3) unstable; urgency=high + + [ Josh Triplett ] + * Do not allow the about: URI scheme; some browsers interpret about: + URIs like a limited version of data: URIs. In particular, some + versions of Internet Explorer interpret arbitrary HTML content in + about: URIs. + * Also filter the attributes cite, longdesc, and usemap, which can contain + URIs. + + [ Joey Hess ] + * meta: Check that the urls provided for authorurl, permalink, and openid + are safe and can't contain javascript. + + [ Josh Triplett ] + * Match literal '.' in URI schemas containing '.', rather than matching any + character. + * Do not allow the steam: URI scheme. + * Allow the snews: URI scheme. + * Allow the smb: URI scheme. + + -- Josh Triplett Sun, 10 Feb 2008 14:48:48 -0800 + +ikiwiki (2.31.2) unstable; urgency=high + + * The security fix in the last release had buggy handling of data:image, + now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809) + + -- Joey Hess Sun, 10 Feb 2008 15:31:17 -0500 + +ikiwiki (2.31.1) unstable; urgency=low + + * htmlscrubber security fix: Block javascript in uris. + * Add htmlscrubber test suite. + * Thanks to Josh Triplett for pointing out the holes and for his help + in implementing and checking fixes. + + -- Joey Hess Sun, 10 Feb 2008 13:22:59 -0500 + +ikiwiki (2.31) unstable; urgency=low + + [ Joey Hess ] + * Revert preservation of input file modification times in output files, + since this leads to too many problems with web caching, especially with + inlined pages. Properly solving this would involve tracking every page + that contributes to a page's content and using the youngest of them all, + as well as special cases for things like the version plugin, and it's just + too complex to do. + * aggregate: Forking a child broke the one state that mattered: Forcing + the aggregating page to be rebuilt. Fix this. + * cgi hooks are now run before ikiwiki state is loaded. + * This allows locking the wiki before loading state, which avoids some + tricky locking code when saving a web edit. + * poll: This plugin turns out to have edited pages w/o doing any locking. + Oops. Convert it from a cgi to a sessioncgi hook, which will work + much better. + * recentchanges: Improve handling of links on the very static changes pages + by thunking to the CGI, which can redirect to the page, or allow it to be + created if it doesn't exist. + * recentchanges: Exipre all *._change pages, even if the directory + they're in has changed. + * aggregate: Lots of changes; aggregation can now run without locking the + wiki, and there is a separate aggregatelock to prevent multiple concurrent + aggregation runs. + * monotone changes by Brian May: + - On commits, replace "mtn sync" bidirectional with "mtn push" single + direction. No need to pull changes when doing a commit. mtn sync + is still called in rcs_update. + - Support for viewing differences via patches using viewmtn. + * inline: When previewing, still call will_render on rss/atom files, + just avoid actually writing the files. This is necessary because ikiwiki + saves state after a preview (in case it actually *did* write files), + and if will_render isn't called its security checks will get upset + when the page is saved. Thanks to Edward Betts for his help tracking this + tricky bug down. + * inline: Add new `allowrss` and `allowatom` config options. These can be + used if you want a wiki that doesn't default to generating rss or atom + feeds, but that does allow them to be turned on for specific blogs. + * Don't die if running with --getctime and rcs_getctime throws an error. + There are several cases (recentchanges files, aggregated files) + where some source files are not in revision control. + * Page templates can now use CTIME to show when the page was created. + + [ Josh Triplett ] + * README.Debian: Mention user wikilists. + + -- Joey Hess Sat, 09 Feb 2008 23:09:45 -0500 + +ikiwiki (2.30) unstable; urgency=low [ Joey Hess ] * Old versions of git-init don't support --git-dir or GIT_DIR with @@ -22,12 +373,25 @@ ikiwiki (2.21) UNRELEASED; urgency=low * prettydate,ddate: Don't ignore time formats passed to displaytime function. * Pages with extensions starting with "_" are internal-use, and will - not be rendered or web-edited. + not be rendered or web-edited, or matched by normal pagespecs. + * Add "internal()" pagespec that matches internal-use pages. + * RecentChanges is now a static html page, that's updated whenever a commit + is made to the wiki. It's built as a blog using inline, so it can have + an rss feed that users can subscribe to. * Removed support for sending commit notification mails. Along with it went the svnrepo and notify settings, though both will be ignored if left in - setup files. - - -- Joey Hess Fri, 11 Jan 2008 15:09:37 -0500 + setup files. Also gone with it is the "user()" pagespec. + * Add refresh hook. + * meta: Add pagespec functions to match against title, author, authorurl, + license, and copyright. This can be used to create custom RecentChanges. + * meta: To support the pagespec functions, metadata about pages has to be + retained as pagestate. + * Fix encoding bug when pagestate values contained spaces. + * Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for + his independent work on bzr support. + * Copyright file updates. + + -- Joey Hess Sat, 02 Feb 2008 17:41:57 -0500 ikiwiki (2.20) unstable; urgency=low