-ikiwiki (2.19) UNRELEASED; urgency=low
+ikiwiki (2.40) UNRELEASED; urgency=low
+
+ [ Josh Triplett ]
+ * Add new preprocessor directive syntax¸ using a '!' prefix. Add a
+ prefix_directives option to the setup file to turn this syntax on;
+ currently defaults to false, for backward compatibility. Support
+ optional '!' prefix even with prefix_directives off, and use that in
+ the underlay to support either setting of prefix_directives. Add NEWS
+ entry with migration information.
+
+ [ Joey Hess ]
+ * Danish translation update from Jonas Smedegaard. Closes: #465152
+ * Generate XML RPC messages with the encoding set to utf-8 instead
+ of XML::RPC's default of us-ascii. Allows interoperation with
+ python's xmlrpc library, which threw invalid encoding exceptions and
+ caused the rst plugin to hang.
+ * Add the linkify and scan hooks. These hooks can be used to implement
+ custom, first-class types of wikilinks.
+ * Move standard wikilink implementation to a new link plugin, which
+ will of course be enabled by default.
+ * camelcase: Convert to use new linkify and scan hooks rather than the old
+ hack.
+ * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
+ * Depend on HTML::Scrubber, since the scrubber is enabled by default and
+ dies if its can't be loaded.
+ * The search plugin needs to override <base> to point to the directory
+ containing ikiwiki.cgi, but this should not change the urls to the style
+ sheets etc. Add a new forcebareurl parameter to misctemplate to allow
+ it to do that.
+ * Preview limits the page dropdown to what's selected previously
+ (as preserving the full list across preview would be tricky). Userdirs
+ were still being offered as an option there, remove them.
+ * Fix a bug where user A created a page concurrently with user B, and
+ when B previewed it would redirect B to A's new page, losing B's work.
+ Instead, don't redirect and let conflict handling resolve it.
+ * monotone: Add code to default mergerc file to run
+ _MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
+ * tla: Remove call to escapeHTML when constructing recentchanges message;
+ the html is escaped at a different level. Closes: #466495
+ * bzr, mercurial: Remove unused import of escapeHTML.
+ * Fix another preview will_render bug. This one involved inline,
+ which forced a scan of the page to make available metadata that
+ appeared after the inline directive. Problem is that scan made it forget
+ about any other files rendered due to the page. The scan also turns out
+ to be unnecessary now, since meta persistently stores state and it's
+ always available. So it was just removed.
+ * Disable taint checking for all builds as people keep complaining about it,
+ and since all versions of perl seem to be hopelessly broken.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+
+ikiwiki (2.31.3) unstable; urgency=high
+
+ [ Josh Triplett ]
+ * Do not allow the about: URI scheme; some browsers interpret about:
+ URIs like a limited version of data: URIs. In particular, some
+ versions of Internet Explorer interpret arbitrary HTML content in
+ about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
+
+ [ Joey Hess ]
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
+
+ [ Josh Triplett ]
+ * Match literal '.' in URI schemas containing '.', rather than matching any
+ character.
+ * Do not allow the steam: URI scheme.
+ * Allow the snews: URI scheme.
+ * Allow the smb: URI scheme.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
+
+ikiwiki (2.31.2) unstable; urgency=high
+
+ * The security fix in the last release had buggy handling of data:image,
+ now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
+
+ikiwiki (2.31.1) unstable; urgency=low
+
+ * htmlscrubber security fix: Block javascript in uris.
+ * Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
+
+ikiwiki (2.31) unstable; urgency=low
+
+ [ Joey Hess ]
+ * Revert preservation of input file modification times in output files,
+ since this leads to too many problems with web caching, especially with
+ inlined pages. Properly solving this would involve tracking every page
+ that contributes to a page's content and using the youngest of them all,
+ as well as special cases for things like the version plugin, and it's just
+ too complex to do.
+ * aggregate: Forking a child broke the one state that mattered: Forcing
+ the aggregating page to be rebuilt. Fix this.
+ * cgi hooks are now run before ikiwiki state is loaded.
+ * This allows locking the wiki before loading state, which avoids some
+ tricky locking code when saving a web edit.
+ * poll: This plugin turns out to have edited pages w/o doing any locking.
+ Oops. Convert it from a cgi to a sessioncgi hook, which will work
+ much better.
+ * recentchanges: Improve handling of links on the very static changes pages
+ by thunking to the CGI, which can redirect to the page, or allow it to be
+ created if it doesn't exist.
+ * recentchanges: Exipre all *._change pages, even if the directory
+ they're in has changed.
+ * aggregate: Lots of changes; aggregation can now run without locking the
+ wiki, and there is a separate aggregatelock to prevent multiple concurrent
+ aggregation runs.
+ * monotone changes by Brian May:
+ - On commits, replace "mtn sync" bidirectional with "mtn push" single
+ direction. No need to pull changes when doing a commit. mtn sync
+ is still called in rcs_update.
+ - Support for viewing differences via patches using viewmtn.
+ * inline: When previewing, still call will_render on rss/atom files,
+ just avoid actually writing the files. This is necessary because ikiwiki
+ saves state after a preview (in case it actually *did* write files),
+ and if will_render isn't called its security checks will get upset
+ when the page is saved. Thanks to Edward Betts for his help tracking this
+ tricky bug down.
+ * inline: Add new `allowrss` and `allowatom` config options. These can be
+ used if you want a wiki that doesn't default to generating rss or atom
+ feeds, but that does allow them to be turned on for specific blogs.
+ * Don't die if running with --getctime and rcs_getctime throws an error.
+ There are several cases (recentchanges files, aggregated files)
+ where some source files are not in revision control.
+ * Page templates can now use CTIME to show when the page was created.
+
+ [ Josh Triplett ]
+ * README.Debian: Mention user wikilists.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 09 Feb 2008 23:09:45 -0500
+
+ikiwiki (2.30) unstable; urgency=low
+
+ [ Joey Hess ]
+ * Old versions of git-init don't support --git-dir or GIT_DIR with
+ --bare. Change ikiwiki-makerepo to use a method that should work with
+ those older versions too.
+ * aggregate: Don't let feeds set creation times for pages in the future.
+ * Add full parser for git diff-tree output (Brian Downing)
+ * aggregate: Fork a child process to handle the aggregation. This simplifies
+ the code, since that process can change internal state as needed, and
+ it will automatically be cleaned up for the parent process, which proceeds
+ to render the changes.
+
+ [ Josh Triplett ]
+ * Add trailing comma to commented-out umask in sample ikiwiki.setup, so
+ that uncommenting it does not break the setup file.
+
+ [ Joey Hess ]
+ * inline: The template can check for FIRST and LAST, which will be
+ set for the first and last inlined page. Useful for templates that build
+ tables and the like.
+ * prettydate,ddate: Don't ignore time formats passed to displaytime
+ function.
+ * Pages with extensions starting with "_" are internal-use, and will
+ not be rendered or web-edited, or matched by normal pagespecs.
+ * Add "internal()" pagespec that matches internal-use pages.
+ * RecentChanges is now a static html page, that's updated whenever a commit
+ is made to the wiki. It's built as a blog using inline, so it can have
+ an rss feed that users can subscribe to.
+ * Removed support for sending commit notification mails. Along with it went
+ the svnrepo and notify settings, though both will be ignored if left in
+ setup files. Also gone with it is the "user()" pagespec.
+ * Add refresh hook.
+ * meta: Add pagespec functions to match against title, author, authorurl,
+ license, and copyright. This can be used to create custom RecentChanges.
+ * meta: To support the pagespec functions, metadata about pages has to be
+ retained as pagestate.
+ * Fix encoding bug when pagestate values contained spaces.
+ * Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for
+ his independent work on bzr support.
+ * Copyright file updates.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 02 Feb 2008 17:41:57 -0500
+
+ikiwiki (2.20) unstable; urgency=low
+
+ * inline: Add copyright/license info on a per-post basis to atom
+ feeds if available. (rss doesn't allow such info on a per-post basis)
+ * Also include overall copyright/license and author info in atom feeds if
+ available.
+ * meta: Allow copyright/license metadata to contain arbitrary markup.
+ * Call preprocessor hooks in void context during the scan pass. This allows
+ the hook to determine if it's just scanning, and avoid expensive
+ operations.
+ * img: Detect scan mode and avoid generating and writing the image file
+ during it, for a 2x speedup.
+ * meta: Run in scan mode again (more intelligently) and re-add support for
+ meta link.
+ * Fix support for the case where metadata appears after an inline directive
+ that needs to use it. This was broken in version 2.16.
+ * template: Remove bogus htmlize pass added in 2.16.
+ * template: Htmlize template variables, but also provide a raw version
+ via `<TMPL_VAR raw_variable>`.
+ * When htmlizing text, if the input is a single line with no newline,
+ and the htmlizer (such as markdown and textile) generates a html
+ paragraph, remove it. This allows removing several hacks from other
+ plugins that htmlize fragements of pages.
+ * In preferences, allow the subscriptions and email fields to be cleared.
+ * teximg: Fix to support the same formula on multiple pages.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 10 Jan 2008 14:52:57 -0500
+
+ikiwiki (2.19) unstable; urgency=low
* Only try postsignin if no other action matched. Fixes a bug where the
user goes back from the signin screen and does something else.
* Add a prereq on Data::Dumper 2.11 or better, needed to dump q// objects.
* htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'
and 'p/'.
+ * aggregate: Include copyright statements from rss feed as meta copyright
+ directives.
+ * aggregate: Yet another state saving fix (sigh).
+ * aggregate: Add hack to support feeds with invalidly escaped html entities.
- -- Joey Hess <joeyh@debian.org> Mon, 07 Jan 2008 15:35:16 -0500
+ -- Joey Hess <joeyh@debian.org> Tue, 08 Jan 2008 20:43:18 -0500
ikiwiki (2.18) unstable; urgency=low
sipb-www / ikiwiki.git / blobdiff