X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/05e180096c6ef808ab16cce4922595eeca9b9b25..4401e5b9edcc99766ec0b0bdfd3125b3ddc94e6a:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 46fcf37dd..e70221f40 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,169 @@ +ikiwiki (2.41) UNRELEASED; urgency=low + + [ Adeodato Simó ] + * Preprocessor directives generated by the shortcut plugin accept a `desc` + parameter that overrides the anchor text provided at shortcut definition + time. (Closes: #458126) + + [ martin f. krafft ] + * The meta plugin now allows for the robots tag to be specified without the + risk of it being scrubbed. + + [ Joey Hess ] + * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds. + * rcs_diff is a new function that rcs modules should implement. + * Implemented rcs_diff for git, svn, and tla (tla version untested). + Mercurial and monotone still todo. + * Support Text::Markdown::markdown, which is the spelling used by + version 1.0.16 of Text::Markdown. + * Updated Spanish translation from Victor Moral. + + -- martin f. krafft Sun, 02 Mar 2008 17:46:38 +0100 + +ikiwiki (2.40) unstable; urgency=low + + [ Josh Triplett ] + * Add new preprocessor directive syntax¸ using a '!' prefix. Add a + prefix_directives option to the setup file to turn this syntax on; + currently defaults to false, for backward compatibility. Support + optional '!' prefix even with prefix_directives off, and use that in + the underlay to support either setting of prefix_directives. Add NEWS + entry with migration information. + + [ Joey Hess ] + * Danish translation update from Jonas Smedegaard. Closes: #465152 + * Generate XML RPC messages with the encoding set to utf-8 instead + of XML::RPC's default of us-ascii. Allows interoperation with + python's xmlrpc library, which threw invalid encoding exceptions and + caused the rst plugin to hang. + * Add the linkify and scan hooks. These hooks can be used to implement + custom, first-class types of wikilinks. + * Move standard wikilink implementation to a new link plugin, which + will of course be enabled by default. + * camelcase: Convert to use new linkify and scan hooks rather than the old + hack. + * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this. + * Depend on HTML::Scrubber, since the scrubber is enabled by default and + dies if its can't be loaded. + * The search plugin needs to override to point to the directory + containing ikiwiki.cgi, but this should not change the urls to the style + sheets etc. Add a new forcebareurl parameter to misctemplate to allow + it to do that. + * Preview limits the page dropdown to what's selected previously + (as preserving the full list across preview would be tricky). Userdirs + were still being offered as an option there, remove them. + * Fix a bug where user A created a page concurrently with user B, and + when B previewed it would redirect B to A's new page, losing B's work. + Instead, don't redirect and let conflict handling resolve it. + * monotone: Add code to default mergerc file to run + _MTN/ikiwiki-netsync-hook when a commit is merged in from the net. + * tla: Remove call to escapeHTML when constructing recentchanges message; + the html is escaped at a different level. Closes: #466495 + * bzr, mercurial: Remove unused import of escapeHTML. + * Fix another preview will_render bug. This one involved inline, + which forced a scan of the page to make available metadata that + appeared after the inline directive. Problem is that scan made it forget + about any other files rendered due to the page. The scan also turns out + to be unnecessary now, since meta persistently stores state and it's + always available. So it was just removed. + * Disable taint checking for all builds as people keep complaining about it, + and since all versions of perl seem to be hopelessly broken. + * Fix links generated by preprocessor directives when previewing. + * inline: When forcing urls absolute for rss feeds, skip mailto and other + such urls. + * ikiwiki-makerepo: Don't fail if the third argument ends in a slash. + * Allow colons in URLs after the first slash. (Adeodato Simó) + + -- Joey Hess Fri, 29 Feb 2008 23:05:39 -0500 + +ikiwiki (2.31.3) unstable; urgency=high + + [ Josh Triplett ] + * Do not allow the about: URI scheme; some browsers interpret about: + URIs like a limited version of data: URIs. In particular, some + versions of Internet Explorer interpret arbitrary HTML content in + about: URIs. + * Also filter the attributes cite, longdesc, and usemap, which can contain + URIs. + + [ Joey Hess ] + * meta: Check that the urls provided for authorurl, permalink, and openid + are safe and can't contain javascript. + + [ Josh Triplett ] + * Match literal '.' in URI schemas containing '.', rather than matching any + character. + * Do not allow the steam: URI scheme. + * Allow the snews: URI scheme. + * Allow the smb: URI scheme. + + -- Josh Triplett Sun, 10 Feb 2008 14:48:48 -0800 + +ikiwiki (2.31.2) unstable; urgency=high + + * The security fix in the last release had buggy handling of data:image, + now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809) + + -- Joey Hess Sun, 10 Feb 2008 15:31:17 -0500 + +ikiwiki (2.31.1) unstable; urgency=low + + * htmlscrubber security fix: Block javascript in uris. + * Add htmlscrubber test suite. + * Thanks to Josh Triplett for pointing out the holes and for his help + in implementing and checking fixes. + + -- Joey Hess Sun, 10 Feb 2008 13:22:59 -0500 + +ikiwiki (2.31) unstable; urgency=low + + [ Joey Hess ] + * Revert preservation of input file modification times in output files, + since this leads to too many problems with web caching, especially with + inlined pages. Properly solving this would involve tracking every page + that contributes to a page's content and using the youngest of them all, + as well as special cases for things like the version plugin, and it's just + too complex to do. + * aggregate: Forking a child broke the one state that mattered: Forcing + the aggregating page to be rebuilt. Fix this. + * cgi hooks are now run before ikiwiki state is loaded. + * This allows locking the wiki before loading state, which avoids some + tricky locking code when saving a web edit. + * poll: This plugin turns out to have edited pages w/o doing any locking. + Oops. Convert it from a cgi to a sessioncgi hook, which will work + much better. + * recentchanges: Improve handling of links on the very static changes pages + by thunking to the CGI, which can redirect to the page, or allow it to be + created if it doesn't exist. + * recentchanges: Exipre all *._change pages, even if the directory + they're in has changed. + * aggregate: Lots of changes; aggregation can now run without locking the + wiki, and there is a separate aggregatelock to prevent multiple concurrent + aggregation runs. + * monotone changes by Brian May: + - On commits, replace "mtn sync" bidirectional with "mtn push" single + direction. No need to pull changes when doing a commit. mtn sync + is still called in rcs_update. + - Support for viewing differences via patches using viewmtn. + * inline: When previewing, still call will_render on rss/atom files, + just avoid actually writing the files. This is necessary because ikiwiki + saves state after a preview (in case it actually *did* write files), + and if will_render isn't called its security checks will get upset + when the page is saved. Thanks to Edward Betts for his help tracking this + tricky bug down. + * inline: Add new `allowrss` and `allowatom` config options. These can be + used if you want a wiki that doesn't default to generating rss or atom + feeds, but that does allow them to be turned on for specific blogs. + * Don't die if running with --getctime and rcs_getctime throws an error. + There are several cases (recentchanges files, aggregated files) + where some source files are not in revision control. + * Page templates can now use CTIME to show when the page was created. + + [ Josh Triplett ] + * README.Debian: Mention user wikilists. + + -- Joey Hess Sat, 09 Feb 2008 23:09:45 -0500 + ikiwiki (2.30) unstable; urgency=low [ Joey Hess ]