Changelog for
ikiwiki-3.20200202.3-150500.10.1.noarch.rpm :
* Mon Sep 28 2020 callumjfarmer13AATTgmail.com- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Thu Jul 30 2020 mcalabkovaAATTsuse.com- update to 3.20200202.3
* highlight: Adapt to API change in highlight >= 3.51
* mdwn: Fix inverted footnote configuration when MultiMarkdown is enabled. Thanks, Giuseppe Bilotta
* translation improvements- Switch to python3-docutils since we do not have Python 2 anymore
* Wed Apr 08 2020 mceplAATTsuse.com- Remove BR of bzr ... we don\'t support it anymore, and there isn\'t any need for it: the testsuite just skips the test, if bzr is not available.
* Tue Jul 16 2019 mcalabkovaAATTsuse.com- update to 3.20190228
* aggregate: Use LWPx::ParanoidAgent if available. Previously blogspam, openid and pinger used this module if available, but aggregate did not. This prevents server-side request forgery or local file disclosure, and mitigates denial of service when slow \"tarpit\" URLs are accessed. (CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if LWPx::ParanoidAgent is installed. Previously, only aggregate would obey proxy configuration. If a proxy is used, the proxy (not ikiwiki) is responsible for preventing attacks like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https URLs. Previously, these plugins would have allowed non-HTTP-based requests if LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local file disclosure, and preventing other rarely-used URI schemes like gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly recommended. These plugins can request attacker-controlled URLs in some site configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable. This plugin doesn\'t request attacker-controlled URLs, so it\'s non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured. Previously, these plugins would only obey this configuration if LWPx::ParanoidAgent was not installed, but this appears to have been unintended.
* po: Always filter .po files. The po plugin in previous ikiwiki releases made the second and subsequent filter call per (page, destpage) pair into a no-op, apparently in an attempt to prevent
*recursive
* filtering (which as far as we can tell can\'t happen anyway), with the undesired effect of interpreting the raw .po file as page content (e.g. Markdown) if it was inlined into the same page twice, which is apparently something that tails.org does. Simplify this by deleting the code that prevented repeated filtering. Thanks, intrigeri (Closes: #911356)- update to 3.20190207
* graph: Add an optional \"file\" parameter
* emailauth: When email can\'t be sent, show the error message
* osm: Don\'t raise errors if tags don\'t have attached icons
* cgi: Avoid C compiler warnings for waitpid() on NetBSD
* Hide popup template content from documentation (Closes: #898836)
* meta: Make [[!meta date]] show an error if dates are invalid or Date::Parse can\'t be loaded
* inline: Cope with non-ASCII `rootpage` parameter. Thanks, Feng Shu
* table: Cope with non-ASCII content in CSV format tables. Thanks, Feng Shu
* trail: Allow unescaped punctuation in `pagenames` parameter
* comments: Hide \"add comment\" link from print stylesheet. Thanks, Antoine Beaupré
* recentchangesdiff, relativedate, toggle: Import JavaScript at the end of the page content, not the beginning, so that the browser can render content as soon as possible. Thanks, Antoine Beaupré
* debian: Allow Breezy as an alternative to bzr Thanks, Jelmer Vernooij
* inline: Add basic test coverage for [[!inline rootpage]]
* table: Add basic test coverage
* po: Add enough test coverage to reproduce Debian #911356
* comments: Improve test coverage
* tests: Exercise Unicode more
* aggregate: Fix aggregation of posts without a title. Thanks, Alexandre Oliva
* poll: Added postlink and posttrail options for better multi-page polls.
* Fix permalink to comments.
* Fri Apr 06 2018 kstreitovaAATTsuse.com- run spec-cleaner- update licence to GPL-2.0+ AND BSD-2-Clause as ikiwiki is licensed under GPL-2.0+ and the Python code in plugins directory is licensed under BSD-2-clause- update description- add w3m subpackage that holds w3mmode- remove shebang for ikiwiki/plugins/rst- update BuildRequires and Requires- get cvs plugin back because File/chdir.pm is now available- don\'t remove syslog.t test
* Thu Apr 05 2018 kstreitovaAATTsuse.com- update to 3.20180311
* Avoid unexpected full paths from find(1)
* rst test: Probe for docutils Python 3 module, not Python 2
* mdwn: Automatically detect which Discount flags to use, fixing regressions in 3.20180228 when using Discount < 2.2
* Add a test asserting that no plugin is an empty file, to confirm that the build fixes in 3.20180228 were successful- update to 3.20180228
* core: Don\'t send relative redirect URLs when behind a reverse proxy
* core: Escape backticks etc. in directive error messages as HTML entities so that the error message is not subsequently parsed as Markdown
* mdwn: Enable fenced code blocks, PHP Markdown Extra-style definition lists and GitHub-style extensions to HTML tag syntax when used with Discount >= 2.2.0 (Closes: #888055)
* img: Fix auto-detection of image format (if enabled, which is strongly discouraged) with ImageMagick >= 6.9.8-3
* rst: Use Python 3 instead of Python 2
* build: `set -e` before each `for` loop, so that errors are reliably trapped
* build: Use if/then instead of `||` so that the `-e` flag works
* build: Ensure that pm_to_blib finishes before rewriting shebang lines
* t: Make the img test pass with ImageMagick >= 6.9.8-3 (Closes: #891647)
* debian: Remove unused Lintian overrides for duplicate word false positives
* debian: Declare compliance with Debian Policy 4.1.3- update to 3.20180105
* emailauth: Fix cookie problem when user is on https and the cgiurl uses http, by making the emailed login link use https.
* passwordauth: Use https for emailed password reset link when user is on https.
* Remove openid provider icons from login selector, since openid providers are increasingly not working. Verisign retired theirs, and aol and yahoo/flickr are not commonly used for openid. Any users who still clicked those icons to login will need to instead enter their openid url.
* Updated German basewiki and directives translation from Sebastian Kuhnert.- update to 3.20171001
* htmlscrubber: Add support for the video tag\'s loop and muted attributes. Those were not in the original html5 spec, but have been added in the whatwg html living standard and have wide browser support.
* emailauth, passwordauth: Avoid leaving cgisess_
* files in the system temp directory.
* core: Don\'t decode the result of strftime if it is already tagged as UTF-8, as it might be since Perl >= 5.21.1. (Closes: #869240)
* img: Strip metadata from resized images when the deterministic config option is set. Thanks, intrigeri
* receive: Avoid asprintf() in IkiWiki::Receive, to avoid implicit declaration, potential misbehaviour on 64-bit platforms, and lack of portability to non-GNU platforms
* t: Add a regression test for untrusted git push
* receive: Fix untrusted git push with git (>= 2.11) by passing through the necessary environment variables to make the quarantine area work
* debian: Declare compliance with Debian Policy 4.1.1
* l10n: Fix the build with po4a 0.52, by ensuring that msgstr ends with a newline if and only if msgid does- update to 3.20170622
* t/git-cgi.t: Wait 1 second before doing a revert that should work. This hopefully fixes a race condition in which the test failed around 6% of the time. (Closes: 862494)
* Guard against set-but-empty REMOTE_USER CGI variable on misconfigured nginx servers, and in general treat sessions with a set-but-empty name as if they were not signed in.
* When the CGI fails, print the error to stderr, not \"Died\"
* mdwn: Don\'t mangle