SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ikiwiki-3.20170111-1.1.noarch.rpm :

* Sat May 06 2017 mardnhAATTgmx.de- update to 3.20170111
* passwordauth: prevent authentication bypass via multiple name parameters (CVE-2017-0356, OVE-20170111-0001)
* passwordauth: avoid userinfo forgery via repeated email parameter (also in the scope of CVE-2017-0356)
* CGI, attachment, passwordauth: harden against repeated parameters (not believed to have been a vulnerability)
* remove: make it clearer that repeated page parameter is OK here
* t/passwordauth.t: new automated test for passwordauth- update to 3.20170110
* wrappers: Correctly escape quotes in git_wrapper_background_command
* git: use an explicit function parameter for the directory to work in. Previously, we used global state that was not restored correctly on catching exceptions, causing an unintended log message \"cannot chdir to .../ikiwiki-temp-working: No such file or directory\" with versions >= 3.20161229 when an attempt to revert a change fails or is disallowed
* git: don\'t run \"git rev-list ... -- -- ...\" which would select the wrong commits if a file named literally \"--\" is present in the repository
* check_canchange: log \"bad file name whatever\", not literal string \"bad file name %s\"
* t/git-cgi.t: fix a race condition that made the test fail intermittently
* t/git-cgi.t: be more careful to provide a syntactically valid author/committer name and email, hopefully fixing this test on ci.debian.net
* templates, comments, passwordauth: use rel=nofollow microformat for dynamic URLs
* templates: use rel=nofollow microformat for comment authors
* news: use Debian security tracker instead of MITRE for security references. Thanks, anarcat
* Set package format to 3.0 (native)
* d/copyright: re-order to put more specific stanzas later, to get the intended interpretation
* d/source/lintian-overrides: override obsolete-url-in-packaging for OpenID Selector, which does not seem to have any more current URL (and in any case our version is a fork)
* docwiki.setup: exclude TourBusStop from offline documentation. It does not make much sense there.
* d/ikiwiki.lintian-overrides: override script-not-executable warnings
* d/ikiwiki.lintian-overrides: silence false positive spelling warning for Moin Moin
* d/ikiwiki.doc-base: register the documentation with doc-base
* d/control: set libmagickcore-6.q16-3-extra as preferred build-dependency, with virtual package libmagickcore-extra as an alternative, to help autopkgtest to do the right thing- update to 3.20161229.1
* git: Attribute reverts to the user doing the revert, not the wiki itself.
* git: Do not disable the commit hook while preparing a revert.- update to 3.20161229
* Security: force CGI::FormBuilder->field to scalar context where necessary, avoiding unintended function argument injection analogous to CVE-2014-1572. In ikiwiki this could be used to forge commit metadata, but thankfully nothing more serious. (CVE-2016-9646)
* Security: try revert operations in a temporary working tree before approving them. Previously, automatic rename detection could result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. (CVE-2016-10026 represents the original vulnerability.) The incomplete fix released in 3.20161219 was not effective for git versions prior to 2.8.0rc0. (CVE-2016-9645 represents that incomplete solution.)
* Add CVE references for CVE-2016-10026
* Add automated test for using the CGI with git, including CVE-2016-10026 - Build-depend on libipc-run-perl for better build-time test coverage
* Add missing ikiwiki.setup for the manual test for CVE-2016-10026
* git: don\'t issue a warning if the rcsinfo CGI parameter is undefined
* git: do not fail to commit changes with a recent git version and an anonymous committer- update to 3.20161219
* inline: Prevent creating a file named \".mdwn\" when the postform is submitted with an empty title.
* Security: tell `git revert` not to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
* cgitemplate: remove some dead code. Thanks, blipvert
* Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk
* Make pagestats output more deterministic. Thanks, intrigeri- update to 3.20160905
* Fix installation when prefix includes a string metacharacter. Thanks, Sam Hathaway.
* Use git log --no-renames to generate recentchanges, fixing the git test-case with git 2.9 (Closes: #835612)
* Thu Aug 18 2016 mardnhAATTgmx.de- removed patch (fixed upstream)
* ikiwiki-skip-img-test.diff- update to 3.20160728
* Explicitly remove current working directory from Perl\'s library search path, mitigating CVE-2016-1238 (see #588017)
* wrappers: allocate new environment dynamically, so we won\'t overrun the array if third-party plugins add multiple environment variables.
* Standards-Version: 3.9.8 (no changes required)- update to 3.20160509
* img: ignore the case of the extension when detecting image format, fixing the regression that
*.JPG etc. would not be displayed since 3.20160506
* img: parse img_allowed_formats case-insensitively, as was done in 3.20141016.3
* inline: restore backwards compat for show=-1 syntax, which worked before 3.20160121
* Remove a spurious changelog entry from 3.20160506 (the relevant change was already in 3.20150614)
* Add CVE-2016-4561 reference to 3.20160506 changelog
* Set high urgency to get the CVE-2016-4561 fix and CVE-2016-3714 mitigation into testing- update to 3.20160506
* HTML-escape error messages, in one case avoiding potential cross-site scripting (CVE-2016-4561, OVE-20160505-0012)
* Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that \"allowed_attachments: \'
*.jpg\'\" does what one might expect - img: restrict to JPEG, PNG and GIF images by default, again mitigating CVE-2016-3714 and similar vulnerabilities - img: check that the magic number matches what we would expect from the extension before giving common formats to ImageMagick
* img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser, which is supported by all commonly used browsers these days. SVG scaling by img directives has subtly changed; where before size=wxh would preserve aspect ratio, this cannot be done when passing them through and so specifying both a width and height can change the SVG\'s aspect ratio.
* loginselector: When only openid and emailauth are enabled, but passwordauth is not, avoid showing a \"Other\" box which opens an empty form.
* mdwn: Process .md like .mdwn, but disallow web creation.
* git: Correctly handle filenames starting with a dash in add/rm/mv.- update to 3.20160121
* meta: Fix [[!meta name=foo]] by closing the open quote.
* Avoid unescaped \"{\" in regular expressions
* meta test: Add tests for many behaviors of the directive.
* img test: Bail gracefully when ImageMagick is not present.
* emailauth: Added emailauth_sender config.
* Modified page.tmpl to to set html lang= and dir= when values have been specified for them, which the po plugin does.
* Specifically license the javascript underlay under the permissive basewiki license.
* git: if no committer identity is known, set it to \"IkiWiki \" in .git/config. This resolves commit errors in versions of git that require a non-trivial committer identity.
* inline, trail: rename show, feedshow parameters to limit, feedlimit (with backwards compatibility)
* pagestats: add \"show\" option to show meta fields. Thanks, Louis
* inline: force RSS to be a fully absolute URL as required by the W3C validator. Please use Atom feeds if relative URLs are desirable on your site.
* inline: add to RSS feeds as recommended by the W3C validator
* inline: do not produce links containing /./ or /../
* syslog: accept and encode UTF-8 messages
* syslog: don\'t fail to log if the wiki name contains %s
* Change dependencies from transitional package perlmagick to libimage-magick-perl (Closes: #789221)
* debian/copyright: update for the rename of openid-selector to login-selector
* d/control: remove leading article from Description (lintian: description-synopsis-starts-with-article)
* d/control: Standards-Version: 3.9.6, no changes required
* Wrap and sort control files (wrap-and-sort -abst)
* Silence \"used only once: possible typo\" warnings for variables that are part of modules\' APIs
* Run autopkgtest tests using autodep8 and the pkg-perl team\'s infrastructure
* Add enough build-dependencies to run all tests, except for non-git VCSs
* tests: consistently use done_testing instead of no_plan
* t/img.t: do not spuriously skip
* img test: skip testing PDFs if unsupported
* img test: use the right filenames when testing that deletion occurs- update to 3.20150614
* inline: change default sort order from age to \"age title\" for determinism, partially fixing deterministic build for git-annex, ikiwiki-hosting etc. (Closes: #785757)
* img: avoid ImageMagick misinterpreting filenames containing a colon
* img test: set old timestamp on source file that will change, so that the test will pass even if it takes less than 1 second
* Mon Jan 04 2016 mardnhAATTgmx.de- update to 3.20150610
* The new \"emailauth\" plugin allows users to authenticate using an email address, without otherwise creating an account.
* The openid plugin now enables emailauth by default. Please include emailauth in the disable_plugins setting if this is not desired. Conversely, if emailauth is required on a wiki that does not enable openid, you can list it in the enable_plugins setting.
* Thu Apr 30 2015 mardnhAATTgmx.de- skip syslog test for systems <= 13.2
* Thu Apr 30 2015 mardnhAATTgmx.de- ran spec-cleaner and specfile cleanup- added patch for skipping the imagemagick test: ikiwiki-img-test.diff- update to 3.20150329
* Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli)
* Really don\'t double-decode CGI submissions, even on Perl versions that bundle an old enough Encode.pm for that not to be a problem: the system might have a newer Encode.pm installed separately, like Fedora 20. (Closes: #776181; thanks, Anders Kaseorg)
* If neither timezone nor TZ is set, set both to :/etc/localtime if we\'re on a GNU system and that file exists, or GMT otherwise
* t/inline.t: accept translations of \"Add a new post titled:\" (Closes: #779365)
* Consistently document command-line options as e.g. --refresh, not -refresh
* In VCS-committed anonymous comments, link to url.
* Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483)- update to 3.20150107
* Added ikiwiki-comment program.
* Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t
* openid: Stop suppressing the email field on the Preferences page.
* Set Debian package maintainer to Simon McVittie as I\'m retiring from Debian.
* calendar: add calendar_autocreate option, with which \"ikiwiki --refresh\" can mostly supersede the ikiwiki-calendar command. Thanks, Louis Paternault
* search: add more classes as a hook for CSS. Thanks, sajolida
* core: generate HTML5 by default, but keep avoiding new elements like
that require specific browser support unless html5 is set to 1.
* Tell mobile browsers to draw our pages in a device-sized viewport, not an 800-1000px viewport designed to emulate a desktop/laptop browser.
* Add new responsive_layout option which can be set to 0 if your custom CSS only works in a large viewport.
* style.css, actiontabs, blueview, goldtype, monochrome: adjust layout below 600px (\"responsive layout\") so that horizontal scrolling is not needed on smartphone browsers or other small viewports.
* core: new libdirs option alongside libdir. Thanks, Louis Paternault
* core: log a debug message before waiting for the lock. Thanks, Mark Jason Dominus
* build: in po/Makefile, use the same $(MAKE) as the rest of the build. Thanks, ttw
* blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL\'d). Closes: #774441
* po: If msgmerge falls over on a problem po file, print a warning message, but don\'t let this problem crash ikiwiki entirely.- update to 3.20141016
* Fix crash that can occur when only_committed_changes is set and a file is deleted from the underlay.
* core: avoid dangerous use of CGI->param in list context, which led to a security flaw in Bugzilla; as far as we can tell, ikiwiki is not vulnerable to a similar attack, but it\'s best to be safe
* core: new reverse_proxy option prevents ikiwiki from trying to detect how to make self-referential URLs by using the CGI environment variables, for instance when it\'s deployed behind a HTTP reverse proxy (Closes: #745759)
* core: the default User-Agent is now \"ikiwiki/$version\" to work around ModSecurity rules assuming that only malware uses libwww-perl
* core: use protocol-relative URLs (e.g. //www.example.com/wiki) so that https stays on https and http stays on http, particularly if the html5 option is enabled
* core: avoid mixed content when a https cgiurl links to http static pages on the same server (the static pages are assumed to be accessible via https too)
* core: force the correct top URL in w3mmode
* google plugin: Use search form
* docwiki: replace Paypal and Flattr buttons with text links
* comments: don\'t record the IP address in the wiki if the user is logged in via passwordauth or httpauth
* templates: add ARIA roles to some page elements, if html5 is enabled. Thanks, Patrick
* debian: build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra so we can thumbnail SVGs in the docwiki
* debian: explicitly depend and build-depend on libcgi-pm-perl
* debian: drop unused python-support dependency
* debian: rename debian/link to debian/links so the intended symlinks appear
* debian: fix some wrong paths in the copyright file- update to 3.20140916
* Don\'t double-decode CGI submissions with Encode.pm >= 2.53, fixing \"Error: Cannot decode string with wide characters\". Thanks, Antoine Beaupré
* Avoid making trails depend on everything in the wiki by giving them a better way to sort the pages
* Don\'t let users post comments that won\'t be displayed
* Fix encoding of Unicode strings in Python plugins. Thanks, chrysn
* Improve performance and correctness of the [[!if]] directive
* Let [[!inline rootpage=foo postform=no]] disable the posting form
* Switch default [[!man]] shortcut to manpages.debian.org. Closes: #700322
* Add UUID and TIME variables to edittemplate. Closes: #752827 Thanks, Jonathon Anderson
* Display pages in linkmaps as their pagetitle (no underscore escapes). Thanks, chrysn
* Fix aspect ratio when scaling small images, and add support for converting SVG and PDF graphics to PNG. Thanks, chrysn - suggest ghostscript (required for PDF-to-PNG thumbnailing) and libmagickcore-extra (required for SVG-to-PNG thumbnailing) - build-depend on ghostscript so the test for scalable images can be run
* In the CGI wrapper, incorporate $config{ENV} into the environment before executing Perl code, so that PERL5LIB can point to a non-system-wide installation of IkiWiki. Thanks, Lafayette Chamber Singers Webmaster
* filecheck: accept MIME types not containing \';\'
* autoindex: index files in underlays if the resulting pages aren\'t going to be committed. Closes: #611068
* Add [[!templatebody]] directive so template pages don\'t have to be simultaneously a valid template and valid HTML
* Add myself to Uploaders and release to Debian- update to 3.20140831
* Make --no-gettime work in initial build. Closes: #755075- update to 3.20140815
* Add google back to openid selector. Apparently this has gotten a stay of execution until April 2015. (It may continue to work until 2017.)
* highlight: Add compatibility with highlight 3.18, while still supporting 3.9+. Closes: #757679 Thanks, David Bremner
* highlight: Add support for multiple language definition directories Closes: #757680 Thanks, David Bremner- update to 3.20140613
* only_committed_changes could fail in a git repository merged with git merge -s ours.
* Remove google from openid selector, per http://xkcd.com/1361/- update to 3.20140227
* Added useragent config setting. Closes: #737121 Thanks, Tuomas Jormola
* po: Add html_lang_code and html_lang_dir template variables for the language code and direction of text. Thanks, Mesar Hameed
* Allow up to 8 levels of nested directives, rather than previous 3 in directive infinite loop guard.
* git diffurl: Do not escape / in paths to changed files, in order to interoperate with cgit (gitweb works either way) Thanks, intrigeri.
* git: Explicity push master branch, as will be needed by git 2.0\'s change to push.default=matching by default. Thanks, smcv
* Deal with nasty issue with gettext clobbering $AATT while printing error message containing it. Thanks, smcv
* Cleanup of the openid login widget, including replacing of hotlinked images from openid providers with embedded, freely licensed artwork. Thanks, smcv
* Improve templates testing. Thanks, smcv
* python proxy: Avoid utf-8 related crash. Thanks, Antoine Beaupré
* Special thanks to Simon McVittie for being the patchmeister for this release.- update to 3.20140125
* inline: Allow overriding the title of the feed. Closes: #735123 Thanks, Christophe Rhodes
* osm: Escape name parameter. Closes: #731797- update to 3.20140102
* aggregate: Improve display of post author.
* poll: Fix behavior of poll buttons when inlined.
* Fixed unncessary tight loop hash copy in saveindex where a pointer can be used instead. Can speed up refreshes by nearly 50% in some circumstances.
* Optimized loadindex by caching the page name in the index.
* Added only_committed_changes config setting, which speeds up wiki refresh by querying git to find the files that were changed, rather than looking at the work tree. Not enabled by default as it can break some setups where not all files get committed to git.
* comments: Write pending moderation comments to the transient underlay to avoid conflict with only_committed_changes.
* search: Added google_search option, which makes it search google rather than using the internal xapain database. (googlesearch plugin is too hard to turn on when xapain databases corrupt themselves, which happens all too frequently).
* osm: Remove invalid use of charset on embedded javascript tags. Closes: #731197
* style.css: Add compatibility definitions for more block-level html5 elements. Closes: #731199
* aggregrate: Fix several bugs in handling of empty and colliding titles when generating filenames.- update to 3.20130904.1
* Fix cookiejar default setting.- update to 3.20130904
* calendar: Display the popup mouseover when there is only 1 page for a given day, for better UI consistency.
* meta: Can now be used to add an enclosure to a page, which is a fancier way to do podcasting than just inlining the media files directly; this way you can write a post about the podcast episode with show notes, author information, etc. (schmonz)
* aggregate: Show author in addition to feedname, if different. (schmonz)
* Consistently configure LWP::UserAgent to allow use of http_proxy and no_proxy environment variables, as well as ~/.ikiwiki/cookies (schmonz)
* Fix test suite to work with perl 5.18. Closes: #719969- update to 3.20130711
* Deal with git behavior change in 1.7.2 and newer that broke support for commits with an empty commit message.
* Pass --no-edit when used with git 1.7.8 and newer.- update to 3.20130710
* blogspam: Fix encoding issue in RPC::XML call. Thanks, Changaco
* comments: The formats allowed to be used in comments can be configured using comments_allowformats. Thanks, Michal Sojka
* calendar: When there are multiple pages for a given day, they\'re displayed in a popup on mouseover. Thanks, Louis
* osm: Remove trailing slash from KML maps icon.
* page.tmpl: omit searchform, trails, sidebar and most metadata in CGI (smcv)
* openid: Automatically upgrade openid_realm to https when accessed via https.
* The ip() pagespec can now contain glob characters to match eg, a subnet full of spammers.
* Fix crash that could occur when a needsbuild hook returned a file that does not exist.
* Fix python proxy to not crash when fed unicode data in getstate and setstate. Thanks, chrysn
* Fix committing attachments when using svn.
* Fri Jun 07 2013 llipavskyAATTsuse.com- update to 3.20130518
* Fix test suite to not fail when XML::Twig is not installed. Closes: #707436
* theme: Now can be used in all templates when a theme is enabled.
* notifyemail: Fix bug that caused duplicate emails to be sent when site was rebuilt.
* bzr: bzr rm no longer has a --force option, remove
* Allow dots in directive parameter names. (tango)
* Add missing plugin section, and deal with missing sections with a warning.
* Detect plugins with a broken getsetup and warn.
* map: Correct reversion introduced in version 3.20110225 that could generate invalid html. (smcv)
* Makefile.PL: overwrite theme style.css instead of appending (Thanks, Mikko Rapeli)
* meta: Fix anchors used to link to the page\'s license and copyright. Closes: #706437
* htmlscrubber: Allow the bitcoin URI scheme.
* htmlscrubber: Allow the URI schemes of major VCS\'s.
* aggregate: When run with --aggregate, if an aggregation is already running, don\'t go on and --refresh.
* trail: Avoid excess dependencies between pages in the trail and the page defining the trail. Thanks, smcv.
* opendiscussion: Don\'t allow editing discussion pages if discussion pages are disabled. (smcv)
* poll: Add expandable option to allow users to easily add new choices to a poll.
* trail: Avoid massive slowdown caused by pagetemplate hook when displaying dynamic cgi pages, which cannot use trail anyway.
* Deal with empty diffurl in configuration.
* cvs: Various fixes. (schmonz)
* highlight: Now adds a span with class highlight- around highlighted content, allowing for language-specific css styling.
* Mon Dec 17 2012 lnusselAATTsuse.de- 3.20121212
* lots of bugfixes and new features
* fixes CVE-2012-0220 and CVE-2011-1408
* support Text::Markdown::Discount for speedup
* requires YAML::XS instead of YAML
* Wed Jun 08 2011 lnusselAATTsuse.de- 3.20110431
* Danish translation update. Closes: #625721
* Danish underlay translation update. Closes: #625765 (Thanks, Jonas Smedegaard)
* Support YAML::XS by not passing decoded unicode to Load. Closes: #625713
* openid, aggregate, pinger: Use Net::INET6Glue if available to support making ipv6 connections. (Note that if LWPx::ParanoidAgent is installed, it defeats this for openid.)
* Add additional directive quoting styles, to better support nested directives. Both triple-single-quote and heredoc quotes can be used. (Thanks, Timo Paulssen)
* Changed license of madduck\'s python plugins from GPL-2 to BSD-2-clause.
* po: support language codes in the form of \'es_AR\', and \'arn\'. (intrigeri) Closes: #627844
* po: Make po4a warn, not error on a malformed document. (intrigeri)
* Support the Hiawatha web server which sets HTTPS=off rather than not setting it. (There does not seem to be a standard here.)
* Wed May 11 2011 lnusselAATTsuse.de- new version 3.20110430 (http://ikiwiki.info/news/)
* don\'t allow alternative stylesheets to be added on pages where the htmlscrubber is enabled (CVE-2011-1401)- now requires perl-YAML
* Mon Feb 28 2011 lnusselAATTsuse.de- new version 3.20110225 - editpage: Avoid inheriting internal page types. - htmltidy: Avoid breaking the sidebar when websetup is running. - transient: New utility plugin that allows transient pages to be stored in .ikiwiki/transient/ (smcv) - aggregate: Aggregated content is stored in the transient underlay. (Existing aggregated content is not moved, since it will eventually expire and be removed) (smcv) - autoindex, tag: Added autoindex_commit and tag_autocreate_commit that can be unset to make index files and tags respectively not be committed, and instead be stored in the transient underlay. (smcv) - autoindex: Adapted to use add_autofile. Slight behavior changes in edge cases that are probably really bug fixes. (smcv) - recentchanges: Use transient underlay (smcv) - map: Avoid unnecessary ul\'s in maps with nested directories. (Giuseppe Bilotta) - Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced in 3.20101231. - inline: Fix link to nested inlined pages\'s feeds. (Giuseppe Bilotta) - inline: Add \'id\' parameter that can be used when styling individual feedlinks and postforms. (Giuseppe Bilotta)
* Wed Feb 16 2011 lnusselAATTsuse.de- suggest perl(Net::OpenID::Consumer) and perl(LWPx::ParanoidAgent)
* Tue Jan 25 2011 lnusselAATTsuse.de- new version 3.20110124 - fix regression in previous version
* Mon Jan 24 2011 lnusselAATTsuse.de- new version 3.20110123 - fix XSS issue (CVE-2011-0428)
* Tue Aug 10 2010 lnusselAATTsuse.de- new version 3.20100804 - template: Fix dependency tracking. Broken in version 3.20100427. - po: The po_slave_languages setting is now a list, so the order of translated languages can be controlled. (intrigeri) - git: Fix gitweb historyurl examples so \"diff to current\" links work. (Thanks jrayhawk) - meta: Allow syntax closer to html meta to be used. - Add new disable hook, allowing plugins to perform cleanup after they have been disabled. - Use Digest::SHA built into perl rather than external Digest::SHA1 to simplify dependencies. Closes: #591040 - Fixes a bug that prevented matching deleted pages when using the page() PageSpec.
* Thu Jun 17 2010 lnusselAATTsuse.de- Recommends: perl(PerlMagick) -> perl(Image::Magick)
* Mon May 17 2010 lnusselAATTsuse.de- new version 3.20100515 Note that you need to update page.tmpl! See NEWS - Removed misc.tmpl. Now to theme ikiwiki, you only need to customise a single template, page.tmpl. - If you have a locally customised page.tmpl, it needs to be updated to set when BASEURL or FORCEBASEURL is set. - comments: Comments pending moderation are now stored in the srcdir alongside accepted comments, but with a ._comment_pending extension. This allows easier byhand moderation, as the \"_pending\" need only be stripped off and the comment be committed to version control. - The comment_pending() pagespec can be used to match such unmoderated comments, which makes it easy to add a feed of them, or a counter indicating how many there are. - Belatedly added a comment() pagespec. - Gave comment and page editing forms some CSS and accessability love. - Renamed postscan hook to indexhtml, to reflect its changed position, and typical use. - inline: Call indexhtml when inlining internal pages, so their text can be indexed for searching. - Delete hooks are passed deleted internal pages. - openid: Incorporated a fancy openid-selector signin form. (Based on http://code.google.com/p/openid-selector/) - openid: Use \"openid_identifier\" as the form field, as required by OpenID Authentication v2.0 spec. - Removed the openidsignup option. Instead, my recommendation is to leave passwordauth enabled and let people who don\'t have an openid use it. The openid selector form avoids the UI annoyance of having both openid and passwordauth on one form. - calendar: Allow negative month to be specified. -1 is last month, etc. (And also negative years.) - calendar: Display year in title of month calendar. - Use xhtml friendly pubdate setting. - remove, rename: Add guards against XSRF attacks.
* Wed May 05 2010 lnusselAATTsuse.de- version 3.20100504
* Add parameter to displaytime to specify that it is a pubdate, and in html5 mode, use time tag.
* Add placeholder text in search form (in html5 mode only).
* In html5 mode, use all the nice new semantic tags. Care was taken to not change the id/class named used in the CSS, so only CSS that refers to tag types needed to be changed.
* Add ACTIONS variable to page.tmpl, which allows plugins to add arbitrary links to the action bar without modifying the template further. (COMMENTSLINK and DISCUSSIONLINK could be folded into this, but are kept separate for now to avoid breaking modified templates.)
* websetup: Only display Setup button on admins\' preferences page.
* graphviz: Fix display of preexisting images in preview mode.
* Fixes a bug in skipping of illegal source files introduced in 3.20100427.
* Mon May 03 2010 lnusselAATTsuse.de- version 3.20100501
* TMPL_INCLUDE re-enabled for templates read from the templatedir. (But not in-wiki templates.)
* Version dependency on liburi-perl to >= 1.36; previous versions did not support building urls from utf-8 strings. Closes: #579713
* Ikiwiki can be configured to generate html5 instead of the default xhtml 1.0. The html5 output mode is experimental, not yet fully standards compliant, and will be subject to rapid change.
* htmlscrubber: Allow html5 semantic tags: section, nav, article, aside hgroup, header, footer, figure, figcaption, time, mark
* htmlscrubber: Also allow some other html5 tags: canvas, progress, meter, ruby, rt, rp, details, summary, datalist.
* htmlscrubber: Round out html5 video support with the preload attribute and the source tag.
* htmlscrubber: Allow the html5 form attributes: placeholder, autofocus, min, max, step, required, autocomplete, novalidate, pattern, list, and form. (Also the form
* override attributes for input and buttons.)
* htmlscrubber: Allow additional misc html5 attributes: reversed, spellcheck, and hidden.
* template: Fix typo.- version 3.20100427 [ Joey Hess ]
* tag: Automatic creation of tag pages can now be enabled using the tag_autocreate setting. (David Riebenbauer)
* Customised templates can now be included in the source of wikis (and also in underlays), and dependencies on them are tracked.
* TMPL_INCLUDE is no longer supported in any template.
* underlay: Removed the add_templates option.
* Add template_depends function to plugin API.
* bzr: Fix bzr log parsing to work with bzr 2.0. (liw)
* comments: Fix missing entity encoding in title.
* txt: Add a special case for robots.txt. [ Simon McVittie ]
* Add support for link types, and make the the tagged() pagespec only match tags, not regular links (a bugfix).
* Rebuild wikis on upgrade to this version to get tag link types recorded correctly.
* Revamp sorting system; allow new sort methods to be added by plugins, and add a \"sortspec\" syntax that can combine, reverse, etc sort methods.
* meta: Add `meta(author)`, `meta(title)` etc sortspecs to allow sorting by metadata.
* meta: Add optional sortas parameter to author and title meta directives. This can be used to get names sorted by last name without displaying them last name first.
* sortnaturally: New plugin; the title_natural sort method has moved here.
* meta: store fields consistently unescaped, and escape on use. (A wiki rebuild is also needed due to this change.) [ Joey Hess ]
* Update dependency for git-core to git transition.
* po: Check that translated underlay directories exist before using them for master language.
* po: Configuring the same language as master and slave confuses processing; so filter out such a misconfiguration.
* calendar: Add archive_pagespec, which is used by ikiwiki-calendar to specify which pages to include on the calendar archive pages. (The pagespec can still also be specified on the ikiwiki-calendar command line.)
* pagestats: Class parameter can be used to override default class for custom styling.
* pagestats: Use style=list to get a list of tags, scaled by use like in a tag cloud. This is useful to put in a sidebar.
* Rework example blog front page.
* CSS and templates for sidebar changed to use a class, not an id.
* sidebar: Now a sidebar directive can be used to override the sidebar shown on a page.
* Enable calendar and sidebar in auto-blog.setup.
* sidebar: Add global_sidebars setting.
* conditional: Fix bug that forced \"all\" mode off by default.
* calendarmonth.tmpl: The month calendar is now put in a sidebar.
* calendar: Improved display of arrows.
* Rename --getctime to --gettime. (The old name still works for backwards compatibility.)
* --gettime now also looks up last modification time.
* Automatically run --gettime the first time ikiwiki is run on a given srcdir. (Use --no-gettime to disable.)
* Add rcs_getmtime to plugin API; currently only implemented for git and svn.
* Optimise --gettime for git, so it\'s appropriately screamingly fast. (This could be done for most other backends too.)
* However, --gettime for git no longer follows renames. That would be slow, and whether a renamed wiki page is the same page is really an iffy thing.
* Use above to fix up timestamps on docwiki, as well as ensure that timestamps on basewiki files shipped in the deb are sane.
* autoindex: Switch to using %wikistate instead of abusing $pagestate{index}.
* bzr: Support rcs_getmtime, and fix rcs_getctime implementation (Jelmer Vernooij)
* Quite a lot of new optimisations, and one major fix to a recent performance regression.
* Moved javascript files under the ikiwiki/ directory, to avoid cluttering the top of the web root. This is another things that requires a wiki rebuild on upgrade to this version.
* Fix removal of rendered files in rebuild mode.
* Add page() PageSpec, which is like glob() but matches only pages, not other files.- version 3.20100403
* websetup: Add websetup_unsafe to allow marking other settings as unsafe.
* Improve openid url munging; do not display anchors and cgi parameters, as used by yahoo and google urls.
* Add complete German basewiki and directives translation done by Sebastian Kuhnert.
* Add a include setting, which can be used to make ikiwiki process wiki source files, such as .htaccess, that would normally be skipped for security or other reasons. Closes: #447267 (Thanks to Aaron Wilson for the original patch.)
* Add support for setup files written in YAML.
* Add --set-yaml switch for setting more complex config file options.
* filecheck: Fix bugs that prevented the pagespecs from matching when not called by attachment plugin.
* Fix incorrect influence info returned by a failing link() pagespec, that could lead to bad dependency handling in certian situations.
* Add preprocessed \'use lib\' line to ikiwiki-transition and ikiwiki-calendar if necessary for unusual install.
* auto-blog.setup: Set tagbase by default, since most bloggers will want it.
* Allow wrappers to be built using tcc. (Workaround #452876)
* openid: Use Openid Simple Registration or OpenID Attribute Exchange to get the user\'s email address and username. (Neither is yet used, but they are available in the session object now.)
* page.tmpl: Add Cache-Control must-revalidate to ensure that users (especially of Firefox) see fresh page content.
* htmlscrubber: Allow colons in urls after \'?\'
* template: Search for templates in the templatedir, if they are not found as pages in the wiki.
* Wed Mar 17 2010 lnusselAATTsuse.de- new version 3.20100312: - Fix utf8 issues in calls to md5_hex. - moderatedcomments: Added moderate_pagespec that can be used to control which users or comment locations are moderated. This can be used, just for example, to moderate \"user(http://myopenid.com/
*)\" if you\'re getting a lot of spammers from one particular openid provider (who should perhaps answer your emails about them), while not moderating other users. - moderatedcomments: The moderate_users setting is deprecated. Instead, set moderate_pagespec to \"!admin()\" or \"user(
*)\". - Fix missing span on recentchanges page template. - search: Avoid \'$\' in the wikiname appearing unescaped on omega\'s query template, where it might crash omega. - htmlscrubber: Security fix: In data:image/
* uris, only allow a few whitelisted image types. No svg.
* Fri Feb 26 2010 lnusselAATTsuse.de- add perl-CGI-Session as Recommends
* Mon Feb 22 2010 lnusselAATTsuse.de- some fixes inspired by Fedora: - make package noarch - use Requires: perl(XXX) instead of perl-XXX - remove shebang from /etc/ikiwiki/
* - package html docu
* Sun Feb 21 2010 lnusselAATTsuse.de- new version 3.20100212 - template: Preprocess parameters before htmlizing. - img: Fix a bug that could taint AATTlinks with undef values. - setup automator: Configure Term::Readline to use bold for prompt, rather than default underline. Closes: #517656 - Allow jumping directly into account registration process by going to ikiwiki.cgi?do=register - Improve display of openid in preferences page. - Add link to userpage (or creation link) to top of preferences page. - opendiscussion: This plugin will also now allow posting comments to otherwise locked-down sites. - auto-blog.setup: Lock all pages, so only admin can post to the blog by default, and enable opendiscussion so others can comment. - Fix color and format plugins to appear in the websetup interface. - amazon_s3: Fix to support the EU S3 datacenter, which is more picky about attempts to create already existing buckets. - httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. - httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. - Allow globs to be used in user() pagespecs. - Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file.
* Mon Jan 25 2010 lnusselAATTsuse.de- new version 3.20100122 - inline: Avoid showing edit links if page editing is disabled. (Sjoerd) - signinedit: Auto-disable the plugin when all authentication methods are disabled. - comments: Fix permalinks for comments using new conflict-free filenames. - img: Support alignment of images with captions. (Giuseppe Bilotta) - websetup: Fix utf-8 problems. - websetup: Fix bug in array change detection. - linkmap: Simplify and improve browser compatibility by using an img, not object tag. - git: The new git-notes feature in git 1.6.6 changes git log output in a way that broke ikiwiki\'s parser if notes are added to commits. - po: Avoid crash when a page is empty.
* Thu Oct 29 2009 lnusselAATTsuse.de- new version 3.20091023
* inline: Fix raw mode. Closes: debian#552114
* edittemplate: Allow template page name to be specified using anything legal for a wikilink (including eg, leading slashes).
* edittemplate: Work around bug debian#551499 in CGI::FormBuilder.
* Fix a bug introduced in the last version that caused ikiwiki to skip all files if a sourcedir of \"./\" was specified.
* Support CFLAGS when building wrapper.
* meta: Gather permalink info on scan pass so it is available to inline when using a template that does not include page content.
* Added support framework for multiple types of dependencies, including dependncies that are only affected by page precence or link changes.
* Rebuild wikis on upgrade to this version to get improved dependency info.
* pagecount, calendar, postsparkline, progress: Use a presence dependency, which makes these directives much less expensive to use, since page edits will no longer trigger an unnecessary update.
* map: Use a presence dependency unless show= is specified. This makes maps efficient enough that they can be used on sidebars!
* inline: Use a presence dependency in quick mode.
* brokenlinks: Use a link dependency. This makes it much more efficient, only updating when really necessary.
* orphans, pagestats: Use a combination of presence and link dependencies. This makes them more efficient. It also fixes a longstanding bug, where if only a small set of pages were considered by orphans/pagestats, changes to links on other pages failed to cause an update.
* linkmap: Use a combination of presence and link dependencies. This makes the map be regenerated much less frequently in many cases, so larger maps are more practical to use now.
* Plugins providing PageSpec `match_
*` functions should pass additional influence information when creating result objects. This allows correctly handling many more complicated dependencies.
* API change: `pagespec_match_list` has completly changed its interface. The old interface will be removed soon, and a warning will be printed if any plugins try to use it.
* Transitive dependencies are now correctly supported.
* ikiwiki-calendar: New command automates creation of archive pages using the calendar plugin.
* calendar: Fix midnight rebuild trigger of calendars with explicit month/year.
* calendar: Fix bug in next/previous year/month links, which sometimes linked to an archive page from the wrong year, or were missing.
* git: --getctime will now follow renames back to the original creation of a file.
* calendar: Fix CSS for year calendar to match the plugin documentation.
* Added minimal default CSS for calendar plugin, just highlighting the current day.
* inline: Optimize generation of archives, etc by not getting inlined page content if the template does not use it.
* Thu Oct 15 2009 lnusselAATTsuse.de- new version 3.20091009
* parentlinks: Add has_parentlinks template parameter to allow styling the toplevel index differently etc.
* img: Correct bug in image size calculation code.
* img: Fix dependency code for full size images.
* toggle, relativedate: Support templates that add attributes to the body tag.
* Support RPC::XML 0.69\'s incompatible object instantiation method.
* mirrorlist: Display nothing if list is empty.
* Fix a bug that could lead to duplicate links being recorded for tags.
* Optimize away most expensive file prune calls, when refreshing, by only checking new file
* Tue Sep 29 2009 lnusselAATTsuse.de- remove cvs plugin, File/chdir.pm not available- backport img size fix
* Mon Sep 28 2009 lnusselAATTsuse.de- new version 3.14159265
* Add complete French basewiki and underlays translation from the Debian French l10n team, including Philippe Batailler, Alexandre Dupas, and Steve Petruzzello.
* Expand banned_users; it can now include PageSpecs, which allows banning by IP address.
* underlay: Also allow configuring additional directories to search for template files in.
* Fix parsing web commits from ipv6 addresses.
* Add genwrapper hook, that can be used to add code into the C wrapper.
* cvs: Yeah, ikiwiki even supports CVS now. Plugin contributed by Amitai Schlair.
* Updated Czech translation from Miroslav Kure.
* rsync: New plugin that allows pushing the destdir to a remote host via rsync or similar. Thanks, Amitai Schlair.
* auto.setup, auto-blog.setup: Fix sanitization of entered wikiname.
* Tue Sep 01 2009 lnusselAATTsuse.de- new version 3.1415926
* fixes security bug CVE-2009-2944
* Note: rebuild needed to fix performance problems!
* Wed May 27 2009 lnusselAATTsuse.de- new version 3.13
* Mon Apr 06 2009 lnusselAATTsuse.de- new version 3.09
  
ICM