-ikiwiki (2.31) UNRELEASED; urgency=low
+ikiwiki (2.40) UNRELEASED; urgency=low
+ [ Josh Triplett ]
+ * Add new preprocessor directive syntax¸ using a '!' prefix. Add a
+ prefix_directives option to the setup file to turn this syntax on;
+ currently defaults to false, for backward compatibility. Support
+ optional '!' prefix even with prefix_directives off, and use that in
+ the underlay to support either setting of prefix_directives. Add NEWS
+ entry with migration information.
+
+ [ Joey Hess ]
+ * Danish translation update from Jonas Smedegaard. Closes: #465152
+ * Generate XML RPC messages with the encoding set to utf-8 instead
+ of XML::RPC's default of us-ascii. Allows interoperation with
+ python's xmlrpc library, which threw invalid encoding exceptions and
+ caused the rst plugin to hang.
+ * Add the linkify and scan hooks. These hooks can be used to implement
+ custom, first-class types of wikilinks.
+ * Move standard wikilink implementation to a new link plugin, which
+ will of course be enabled by default.
+ * camelcase: Convert to use new linkify and scan hooks rather than the old
+ hack.
+ * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
+ * Depend on HTML::Scrubber, since the scrubber is enabled by default and
+ dies if its can't be loaded.
+ * The search plugin needs to override <base> to point to the directory
+ containing ikiwiki.cgi, but this should not change the urls to the style
+ sheets etc. Add a new forcebareurl parameter to misctemplate to allow
+ it to do that.
+ * Preview limits the page dropdown to what's selected previously
+ (as preserving the full list across preview would be tricky). Userdirs
+ were still being offered as an option there, remove them.
+ * Fix a bug where user A created a page concurrently with user B, and
+ when B previewed it would redirect B to A's new page, losing B's work.
+ Instead, don't redirect and let conflict handling resolve it.
+ * monotone: Add code to default mergerc file to run
+ _MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
+ * tla: Remove call to escapeHTML when constructing recentchanges message;
+ the html is escaped at a different level. Closes: #466495
+ * bzr, mercurial: Remove unused import of escapeHTML.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+
+ikiwiki (2.31.3) unstable; urgency=high
+
+ [ Josh Triplett ]
+ * Do not allow the about: URI scheme; some browsers interpret about:
+ URIs like a limited version of data: URIs. In particular, some
+ versions of Internet Explorer interpret arbitrary HTML content in
+ about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
+
+ [ Joey Hess ]
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
+
+ [ Josh Triplett ]
+ * Match literal '.' in URI schemas containing '.', rather than matching any
+ character.
+ * Do not allow the steam: URI scheme.
+ * Allow the snews: URI scheme.
+ * Allow the smb: URI scheme.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
+
+ikiwiki (2.31.2) unstable; urgency=high
+
+ * The security fix in the last release had buggy handling of data:image,
+ now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
+
+ikiwiki (2.31.1) unstable; urgency=low
+
+ * htmlscrubber security fix: Block javascript in uris.
+ * Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
+
+ikiwiki (2.31) unstable; urgency=low
+
+ [ Joey Hess ]
* Revert preservation of input file modification times in output files,
since this leads to too many problems with web caching, especially with
inlined pages. Properly solving this would involve tracking every page
that contributes to a page's content and using the youngest of them all,
as well as special cases for things like the version plugin, and it's just
too complex to do.
+ * aggregate: Forking a child broke the one state that mattered: Forcing
+ the aggregating page to be rebuilt. Fix this.
* cgi hooks are now run before ikiwiki state is loaded.
* This allows locking the wiki before loading state, which avoids some
tricky locking code when saving a web edit.
* poll: This plugin turns out to have edited pages w/o doing any locking.
Oops. Convert it from a cgi to a sessioncgi hook, which will work
much better.
- * aggregate: Revert use of forking to not save state, that was not the right
- approach.
+ * recentchanges: Improve handling of links on the very static changes pages
+ by thunking to the CGI, which can redirect to the page, or allow it to be
+ created if it doesn't exist.
+ * recentchanges: Exipre all *._change pages, even if the directory
+ they're in has changed.
+ * aggregate: Lots of changes; aggregation can now run without locking the
+ wiki, and there is a separate aggregatelock to prevent multiple concurrent
+ aggregation runs.
+ * monotone changes by Brian May:
+ - On commits, replace "mtn sync" bidirectional with "mtn push" single
+ direction. No need to pull changes when doing a commit. mtn sync
+ is still called in rcs_update.
+ - Support for viewing differences via patches using viewmtn.
+ * inline: When previewing, still call will_render on rss/atom files,
+ just avoid actually writing the files. This is necessary because ikiwiki
+ saves state after a preview (in case it actually *did* write files),
+ and if will_render isn't called its security checks will get upset
+ when the page is saved. Thanks to Edward Betts for his help tracking this
+ tricky bug down.
+ * inline: Add new `allowrss` and `allowatom` config options. These can be
+ used if you want a wiki that doesn't default to generating rss or atom
+ feeds, but that does allow them to be turned on for specific blogs.
+ * Don't die if running with --getctime and rcs_getctime throws an error.
+ There are several cases (recentchanges files, aggregated files)
+ where some source files are not in revision control.
+ * Page templates can now use CTIME to show when the page was created.
+
+ [ Josh Triplett ]
+ * README.Debian: Mention user wikilists.
- -- Joey Hess <joeyh@debian.org> Sat, 02 Feb 2008 23:36:31 -0500
+ -- Joey Hess <joeyh@debian.org> Sat, 09 Feb 2008 23:09:45 -0500
ikiwiki (2.30) unstable; urgency=low
sipb-www / ikiwiki.git / blobdiff