forked from arpitjain11/ikiwiki
/
changelog
2534 lines (2202 loc) · 124 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ikiwiki (2.53.6) oldstable-security; urgency=low
* meta: Security fix; don't allow alternative stylesheets to be added on
pages where the htmlscrubber is enabled. CVE-2011-1401
-- Joey Hess <joeyh@debian.org> Mon, 28 Mar 2011 12:35:13 -0400
ikiwiki (2.53.5) stable-security; urgency=high
* htmlscrubber: Security fix: In data:image/* uris, only allow a few
whitelisted image types. No svg.
-- Joey Hess <joeyh@debian.org> Fri, 12 Mar 2010 15:19:29 -0500
ikiwiki (2.53.4) stable-security; urgency=high
* teximg: Replace the insufficient blacklist with the built-in security
mechanisms of TeX. (CVE-2009-2944)
* img: Don't generate new verison of image if it is scaled to be
larger in either dimension.
-- Joey Hess <joeyh@debian.org> Fri, 28 Aug 2009 23:42:51 -0400
ikiwiki (2.53.3) testing-proposed-updates; urgency=low
* Avoid crash on malformed utf-8 discovered by intrigeri.
* orphans: Fix unquoted page name in regexp.
-- Joey Hess <joeyh@debian.org> Thu, 09 Oct 2008 19:12:18 -0400
ikiwiki (2.53.2) testing-proposed-updates; urgency=low
* Fix bad patch backport that broke generation of rss/atom feeds. Closes: #498224
-- Joey Hess <joeyh@debian.org> Mon, 08 Sep 2008 11:40:27 -0400
ikiwiki (2.53.1) testing-proposed-updates; urgency=low
* Backported all relevant bug fixes from mainline to debian testing.
* ikiwiki-transition: Fix command-line processing so the prefix_directives
transition works again.
* Fixes creation of pages when clicking on WikiLinks starting with "/".
* Change deb dependencies to list Text::Markdown before markdown, since
the former, while slower, has a much better html parser that avoids
numerous bugs.
* smileys: Some fixes for escaped smileys.
* smileys: Note that smileys need to be double-escaped for the escaping to
work. Markdown removes one level of escaping.
* Add a postscan hook.
* search: Use postscan hook, avoid updating index when previewing.
* search: Fixes for title stemming, and use better term for tags.
(Gabriel McManus)
(Rebuilding the wiki on upgrade to this version is recommended if you
use the search plugin.)
* meta: fix title() PageSpec (DOS). Closes: #497444
* Really fix bug with links to pages with names containing colons.
Previous fix mised a few cases.
* toggle: Fix incompatability between javascript and webkit.
* toggle: Fix for when html got tidied. Closes: #492529 (Enrico Zini)
* inline: Ignore parent dirs when sorting pages by title.
* external: Fix support for hooks called in an array context.
* edittemplate: Don't wipe out edits on preview.
* map: The fix for #449285 was buggy and broke display of parents in certian
circumstances.
* Work around perl $_ scoping nonsense that caused breakage when loading
external plugins.
-- Joey Hess <joeyh@debian.org> Fri, 05 Sep 2008 20:55:53 -0400
ikiwiki (2.53) unstable; urgency=low
* search: generate configuration files once only when rebuilding
(Gabriel McManus)
* attachment: Fix an uninitialised value warning when editing a page
that currently has no attachments.
* Fix a bug with links to pages whose names contained colons.
* attachment: Support old versions of CGI.pm that lack an upload method.
* Include ikiwiki.setup in examples in the debian package.
* attachment: Support perl 5.8's buggy version of CGI.pm.
* otl: Support utf-8 files. (Recai Oktaş)
-- Joey Hess <joeyh@debian.org> Wed, 09 Jul 2008 16:45:33 -0400
ikiwiki (2.52) unstable; urgency=low
* attachment: New plugin for uploading and managing attachments.
This includes a fairly powerful PageSpec based admin pref for deciding
whether to accept a given upload, and an attachment management interface
on the edit page.
(Sponsored by The TOVA Company.)
* If attachments are not enabled, configure CGI.pm to disable file
uploads by default. (An anti-DOS measure.)
* toggle: Add support for toggles that are open by default.
* toggle: Fix to work in preview mode.
* toggle: Add javascript to top of page, not to end. This avoids flicker
since closed toggles will not be displayed as the page is loading.
* The editpage form now uses the raw page name, not the page title, in its
'page' cgi parameter. Using the title was ambiguous and made it
impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
sometimes causing the wrong page to be edited.
* This change means that some edit links need to be updated.
Force a rebuild on upgrade to this version.
* Above change also allowed really fixing escaped slashes from the blogpost
form.
-- Joey Hess <joeyh@debian.org> Sun, 06 Jul 2008 19:15:37 -0400
ikiwiki (2.51) unstable; urgency=low
* Improve toplevel parentlink to link directly to index.html when usedirs is
disabled.
* map: Add a "show" parameter. "show=title" can be used to display page
titles, rather than the default page name. Based on a patch from
Jaldhar H. Vyas, Closes: #484510
* hnb: New plugin, contributed by Axel Beckert.
* meta: Store "description" in pagestate for use by other plugins.
* map: Support show=description.
* textile: The Text::Textile perl module has some regexps that fail if
input is flagged as utf-8, but contains invalid characters such as 0x92.
To prevent it from crashing, re-encode the content before calling it,
which will ensure that it's really utf-8.
* Version the suggests of xapian-omega to a version known to be new enough
to work with ikiwiki. Reportedly, version 0.9.9 is too old to work.
Closes: #486592
* creole: New plugin from Bernd Zeimetz. Closes: #486930
* aggregate: Add template parameter.
* Add support for the universal edit button <http://universaleditbutton.org/>
(To get this on all pages of an exiting wiki, rebuild the wiki.)
* txt: New plugin, contributed by Gabriel McManus.
* smiley: Generate links relative to the destpage. (Fixes a reversion from
2.41.)
* toc: Revert change in 2.45 that made it run at sanitize time. That broke
use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
there, as well as fixing inlins to again display in page previews, since
it's started using format hooks. This also allows several other things,
like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
-- Joey Hess <joeyh@debian.org> Sun, 29 Jun 2008 14:09:37 -0400
ikiwiki (2.50) unstable; urgency=low
* img: Support captions.
* img: Don't generate empty title attributes, etc.
* img: Allow setting defaults for class and id too.
* ikiwiki-mass-rebuild: Make group list comparison more robust.
* search: Work around xapian bug #486138 by only stemming locales
in a whitelist.
-- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2008 15:17:30 -0400
ikiwiki (2.49) unstable; urgency=low
* haiku: Generate valid xhtml.
* ikiwiki-mass-rebuild: Don't trust $! when setting $)
* inline: The optimisation in 2.41 broke nested inlines. Detect those
and avoid overoptimising.
* search: Converted to use xapian-omega.
* Filter hooks are no longer called during the scan phase. This will
prevent wikilinks added by filters from being scanned properly. But
no known filter hook does that, so let's not waste time on it.
* Pass a destpage parameter to the sanitize hook.
* The search interface now allows searching for a page by title
("title:foo"), as well as for pages that contain a given link
("link:bar").
-- Joey Hess <joeyh@debian.org> Sat, 07 Jun 2008 15:22:41 -0400
ikiwiki (2.48) unstable; urgency=high
* Fix security hole that occurred if openid and passwordauth were both
enabled. passwordauth would allow logging in as a known openid, with an
empty password. Closes: #483770 (CVE-2008-0169)
* Add rel=nofollow to edit links. This may prevent some spiders from
pounding on the cgi following edit links.
* passwordauth: If Authen::Passphrase is installed, use it to store
password hashes, crypted with Eksblowfish.
* `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
hash existing plaintext passwords.
* Passwords will no longer be mailed, but instead a password reset link.
* The password_cost config setting is provided as a "more security" knob.
* teximg: Fix logurl.
* teximg: If the log isn't written, avoid ugly error messages.
* Updated French translation. Closes: #478530
-- Joey Hess <joeyh@debian.org> Fri, 30 May 2008 17:36:07 -0400
ikiwiki (2.47) unstable; urgency=low
* mdwn: Add a multimarkdown setup file option.
* If PERL5LIB is set to the libdir when building ikiwiki, calculate and
hardcode a proper 'use lib' statement anyway. This fixes a gotcha,
since PERL5LIB won't work once ikiwiki is running via a wrapper or as
a cgi.
* orphans: As a special case, the toplevel index page is never considered
an orphaned page.
* inline: Display a message if the 'pages' parameter is missing, before
it just expanded to nothing.
* git: Skip over signed-off-by and similar lines in commit messages
when generating recentchanges.
* ENV can be used in the setup file to override environment variable
settings, such as TZ or PATH.
* Perls older than 5.10 need to use the old method of decoding utf-8 in CGI
values. Neither method will work for all versions of perl, so check
version number at runtime.
* Avoid unsightly warning message when evaling broken pagespecs.
* Improve error message when a pagespec fails to parse.
-- Joey Hess <joeyh@debian.org> Sun, 25 May 2008 14:25:42 -0400
ikiwiki (2.46) unstable; urgency=low
* amazon_s3: New plugin, which injects wiki pages into Amazon S3, allowing
ikiwiki to be used without a dedicated web server.
* aggregate: Add support for web-based triggering of aggregation
for people stuck on shared hosting without cron. (Sheesh.) Enabled
via the `aggregate_webtrigger` configuration optiom.
* Add pinger and pingee plugins, which allow setting up mirrors and branched
wikis that automatically ping one another to stay up to date.
* Optimised file statting code when scanning for modified pages;
cut the number of system calls in half. (Still room for improvement.)
* Fixes for behavior changes in perl 5.10's CGI that broke utf-8 support
in several interesting ways.
-- Joey Hess <joeyh@debian.org> Mon, 12 May 2008 20:51:50 -0400
ikiwiki (2.45) unstable; urgency=low
* toc: Add the table of contents at sanitize time, rather than at format
time. This allows the toc to be displayed when previewing an edit. It also
avoids headers in the page template from showing up in the toc.
* Add PREFIX/bin to the hardcoded PATH within ikiwiki.
* Deal with different paths to perl when removing -T flag.
* Add missing de.po. Closes: #471540
* img: Support a title attribute, will be passed through to html.
Closes: #478718
* anonk: Add anonok_pagespec configuration setting that can be used to
allow anonymous users to edit only matching pages. Closes: #478892
* Fix ugly display when editing a page that has vanished.
* srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
* git: Put -- before the filename when calling git rev-list to avoid
warning message when the file doesn't exist.
* Add a Bundle::IkiWiki and Bundle::IkiWiki::Extras to the source for use
with CPAN to install perl modules.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
and probably other shared hosting providers like dreamhost. Added
a page documenting the process for nearlyfreespeech.
-- Joey Hess <joeyh@debian.org> Mon, 05 May 2008 15:06:05 -0400
ikiwiki (2.44) unstable; urgency=medium
* Bring back the svnrepo setup file option. This is needed for
recentchangediff to work with svn repos.
* Allow libtext-markdown-perl to satisfy dependencies, as a
an alternative to the markdown package.
* Correct a bug in pagespec matching, where a empty pagespec matched all
pages. This manifested as wikis with no locked pages treating them all as
locked. The bug was introduced in version 2.41.
* Medium urgency upload due to above fix.
-- Joey Hess <joeyh@debian.org> Thu, 17 Apr 2008 14:33:54 -0400
ikiwiki (2.43) unstable; urgency=low
* Fix missing import of escapeHTML in userlink. (Scott Bronson)
* Fix broken rcs_update for bzr. (Scott Bronson)
* Use bzr --quiet to avoid it outputting stuff and messing up http headers.
(Scott Bronson)
* Give the full path to the hyperestraier helpfile in estseek.conf.
* Recommend a recent git-core for git init. Closes: 475609
-- Joey Hess <joeyh@debian.org> Wed, 16 Apr 2008 18:35:13 -0400
ikiwiki (2.42) unstable; urgency=high
* aggregate: Correct a mistake in the code that dummy up a guid for feeds
lacking one.
* inline: Correct handling of urls relative to baseurl in feeds.
* Fix CSRF attacks against the preferences and edit forms. The fix involved
embedding the session id in the forms, and not allowing the forms to be
submitted if the embedded id does not match the session id. Closes: #475445
(CVE-2008-0165)
-- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400
ikiwiki (2.41) unstable; urgency=low
[ Adeodato Simó ]
* Preprocessor directives generated by the shortcut plugin accept a `desc`
parameter that overrides the anchor text provided at shortcut definition
time. (Closes: #458126)
[ martin f. krafft ]
* The meta plugin now allows for the robots tag to be specified without the
risk of it being scrubbed.
* Let meta.openid set X-XRDS-Location header
* Make makerepo set the Git merge remote.
branch.master.remote previously used to default to origin, which has
recently been changed; it now needs to be set explicitly, which this
patch does. Closes: #470517
* meta: Also generate openid2 headers.
* Handle SimpleXMLRPCDispatcher arg count change in python 2.5
* Provide XML-RPC proxy abstraction for Python plugins.
[ Joey Hess ]
* Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
Mercurial and monotone still todo.
* Support Text::Markdown::markdown, which is the spelling used by
version 1.0.16 of Text::Markdown.
* Updated Spanish translation from Victor Moral.
* Fix example exclude regexp. Closes: #469691
* Remove locking code in git rcs_commit. I'm not sure if this was ever
correct, and it's certianly not correct now, since the wiki is locked
before rcs_commit is ever called, and should not be unlocked by
rcs_commit either.
* monotone: Require version 0.38 or greater, and stop using the mtnmergerc
option. (Brian May)
* Use forcebaseurl to make page previews be displayed with the html base
set to the destination page. This avoids need for hacks to munge the urls
in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
* Use absolute url for feedurl when filling out the feed templates.
Closes: #470530
* Fix expiry of old recentchanges changeset pages.
* French translation update. Closes: #471010
* external: Fix support of XML::RPC::fault.
* htmltidy: Pass --markup yes, in case tidy's config file disabled it.
* external: Add getargv and setargv methods to allow access to ikiwiki's
@ARGV.
* Correct bug in encoding of %pagestate keys, fixes edittemplate.
* Detect invalid pagespecs and do not merge them in add_depends,
as that can result in a broken merged pagespec that matches nothing.
* Record new pages in %pagesources temporarily when previewing so that
things that need to know the page source or type can query it from there.
Fixes previewing of tables when creating a new page.
* German translation update. Closes: #471540
* Time::Duration is no longer used, remove from docs and recommends.
* Store userinfo in network byte order for easy portability.
(Old files will be automatically converted.)
* Close meta tag for redir properly.
* smiley: Detect smileys inside pre and code tags, and do not expand.
* inline: Crazy optimisation to work around slow markdown.
* Precompile pagespecs, about 10% overall speedup.
* Changed to a binary index file, written using Storable, for speed.
* external: Work around XML RPC's lack of support for null by passing
a special sentinal value.
* inline: Allow the "feedshow" parameter to take values greater than the
value for "show".
* Added a hardlink option in the setup file, useful if the source and
dest are on the same filesystem and the wiki includes large media files,
which would normally be copied, wasting time and space.
-- Joey Hess <joeyh@debian.org> Sat, 29 Mar 2008 21:07:22 -0400
ikiwiki (2.40) unstable; urgency=low
[ Josh Triplett ]
* Add new preprocessor directive syntax¸ using a '!' prefix. Add a
prefix_directives option to the setup file to turn this syntax on;
currently defaults to false, for backward compatibility. Support
optional '!' prefix even with prefix_directives off, and use that in
the underlay to support either setting of prefix_directives. Add NEWS
entry with migration information.
[ Joey Hess ]
* Danish translation update from Jonas Smedegaard. Closes: #465152
* Generate XML RPC messages with the encoding set to utf-8 instead
of XML::RPC's default of us-ascii. Allows interoperation with
python's xmlrpc library, which threw invalid encoding exceptions and
caused the rst plugin to hang.
* Add the linkify and scan hooks. These hooks can be used to implement
custom, first-class types of wikilinks.
* Move standard wikilink implementation to a new link plugin, which
will of course be enabled by default.
* camelcase: Convert to use new linkify and scan hooks rather than the old
hack.
* Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this.
* Depend on HTML::Scrubber, since the scrubber is enabled by default and
dies if its can't be loaded.
* The search plugin needs to override <base> to point to the directory
containing ikiwiki.cgi, but this should not change the urls to the style
sheets etc. Add a new forcebareurl parameter to misctemplate to allow
it to do that.
* Preview limits the page dropdown to what's selected previously
(as preserving the full list across preview would be tricky). Userdirs
were still being offered as an option there, remove them.
* Fix a bug where user A created a page concurrently with user B, and
when B previewed it would redirect B to A's new page, losing B's work.
Instead, don't redirect and let conflict handling resolve it.
* monotone: Add code to default mergerc file to run
_MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
* tla: Remove call to escapeHTML when constructing recentchanges message;
the html is escaped at a different level. Closes: #466495
* bzr, mercurial: Remove unused import of escapeHTML.
* Fix another preview will_render bug. This one involved inline,
which forced a scan of the page to make available metadata that
appeared after the inline directive. Problem is that scan made it forget
about any other files rendered due to the page. The scan also turns out
to be unnecessary now, since meta persistently stores state and it's
always available. So it was just removed.
* Disable taint checking for all builds as people keep complaining about it,
and since all versions of perl seem to be hopelessly broken.
* Fix links generated by preprocessor directives when previewing.
* inline: When forcing urls absolute for rss feeds, skip mailto and other
such urls.
* ikiwiki-makerepo: Don't fail if the third argument ends in a slash.
* Allow colons in URLs after the first slash. (Adeodato Simó)
-- Joey Hess <joeyh@debian.org> Fri, 29 Feb 2008 23:05:39 -0500
ikiwiki (2.31.3) unstable; urgency=high
[ Josh Triplett ]
* Do not allow the about: URI scheme; some browsers interpret about:
URIs like a limited version of data: URIs. In particular, some
versions of Internet Explorer interpret arbitrary HTML content in
about: URIs.
* Also filter the attributes cite, longdesc, and usemap, which can contain
URIs.
[ Joey Hess ]
* meta: Check that the urls provided for authorurl, permalink, and openid
are safe and can't contain javascript.
[ Josh Triplett ]
* Match literal '.' in URI schemas containing '.', rather than matching any
character.
* Do not allow the steam: URI scheme.
* Allow the snews: URI scheme.
* Allow the smb: URI scheme.
-- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 14:48:48 -0800
ikiwiki (2.31.2) unstable; urgency=high
* The security fix in the last release had buggy handling of data:image,
now fixed. Closes: #465110 (CVE-2008-0808, CVE-2008-0809)
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
ikiwiki (2.31.1) unstable; urgency=low
* htmlscrubber security fix: Block javascript in uris.
* Add htmlscrubber test suite.
* Thanks to Josh Triplett for pointing out the holes and for his help
in implementing and checking fixes.
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
ikiwiki (2.31) unstable; urgency=low
[ Joey Hess ]
* Revert preservation of input file modification times in output files,
since this leads to too many problems with web caching, especially with
inlined pages. Properly solving this would involve tracking every page
that contributes to a page's content and using the youngest of them all,
as well as special cases for things like the version plugin, and it's just
too complex to do.
* aggregate: Forking a child broke the one state that mattered: Forcing
the aggregating page to be rebuilt. Fix this.
* cgi hooks are now run before ikiwiki state is loaded.
* This allows locking the wiki before loading state, which avoids some
tricky locking code when saving a web edit.
* poll: This plugin turns out to have edited pages w/o doing any locking.
Oops. Convert it from a cgi to a sessioncgi hook, which will work
much better.
* recentchanges: Improve handling of links on the very static changes pages
by thunking to the CGI, which can redirect to the page, or allow it to be
created if it doesn't exist.
* recentchanges: Exipre all *._change pages, even if the directory
they're in has changed.
* aggregate: Lots of changes; aggregation can now run without locking the
wiki, and there is a separate aggregatelock to prevent multiple concurrent
aggregation runs.
* monotone changes by Brian May:
- On commits, replace "mtn sync" bidirectional with "mtn push" single
direction. No need to pull changes when doing a commit. mtn sync
is still called in rcs_update.
- Support for viewing differences via patches using viewmtn.
* inline: When previewing, still call will_render on rss/atom files,
just avoid actually writing the files. This is necessary because ikiwiki
saves state after a preview (in case it actually *did* write files),
and if will_render isn't called its security checks will get upset
when the page is saved. Thanks to Edward Betts for his help tracking this
tricky bug down.
* inline: Add new `allowrss` and `allowatom` config options. These can be
used if you want a wiki that doesn't default to generating rss or atom
feeds, but that does allow them to be turned on for specific blogs.
* Don't die if running with --getctime and rcs_getctime throws an error.
There are several cases (recentchanges files, aggregated files)
where some source files are not in revision control.
* Page templates can now use CTIME to show when the page was created.
[ Josh Triplett ]
* README.Debian: Mention user wikilists.
-- Joey Hess <joeyh@debian.org> Sat, 09 Feb 2008 23:09:45 -0500
ikiwiki (2.30) unstable; urgency=low
[ Joey Hess ]
* Old versions of git-init don't support --git-dir or GIT_DIR with
--bare. Change ikiwiki-makerepo to use a method that should work with
those older versions too.
* aggregate: Don't let feeds set creation times for pages in the future.
* Add full parser for git diff-tree output (Brian Downing)
* aggregate: Fork a child process to handle the aggregation. This simplifies
the code, since that process can change internal state as needed, and
it will automatically be cleaned up for the parent process, which proceeds
to render the changes.
[ Josh Triplett ]
* Add trailing comma to commented-out umask in sample ikiwiki.setup, so
that uncommenting it does not break the setup file.
[ Joey Hess ]
* inline: The template can check for FIRST and LAST, which will be
set for the first and last inlined page. Useful for templates that build
tables and the like.
* prettydate,ddate: Don't ignore time formats passed to displaytime
function.
* Pages with extensions starting with "_" are internal-use, and will
not be rendered or web-edited, or matched by normal pagespecs.
* Add "internal()" pagespec that matches internal-use pages.
* RecentChanges is now a static html page, that's updated whenever a commit
is made to the wiki. It's built as a blog using inline, so it can have
an rss feed that users can subscribe to.
* Removed support for sending commit notification mails. Along with it went
the svnrepo and notify settings, though both will be ignored if left in
setup files. Also gone with it is the "user()" pagespec.
* Add refresh hook.
* meta: Add pagespec functions to match against title, author, authorurl,
license, and copyright. This can be used to create custom RecentChanges.
* meta: To support the pagespec functions, metadata about pages has to be
retained as pagestate.
* Fix encoding bug when pagestate values contained spaces.
* Add support for bzr, written by Jelmer Vernooij. Thanks also to bma for
his independent work on bzr support.
* Copyright file updates.
-- Joey Hess <joeyh@debian.org> Sat, 02 Feb 2008 17:41:57 -0500
ikiwiki (2.20) unstable; urgency=low
* inline: Add copyright/license info on a per-post basis to atom
feeds if available. (rss doesn't allow such info on a per-post basis)
* Also include overall copyright/license and author info in atom feeds if
available.
* meta: Allow copyright/license metadata to contain arbitrary markup.
* Call preprocessor hooks in void context during the scan pass. This allows
the hook to determine if it's just scanning, and avoid expensive
operations.
* img: Detect scan mode and avoid generating and writing the image file
during it, for a 2x speedup.
* meta: Run in scan mode again (more intelligently) and re-add support for
meta link.
* Fix support for the case where metadata appears after an inline directive
that needs to use it. This was broken in version 2.16.
* template: Remove bogus htmlize pass added in 2.16.
* template: Htmlize template variables, but also provide a raw version
via `<TMPL_VAR raw_variable>`.
* When htmlizing text, if the input is a single line with no newline,
and the htmlizer (such as markdown and textile) generates a html
paragraph, remove it. This allows removing several hacks from other
plugins that htmlize fragements of pages.
* In preferences, allow the subscriptions and email fields to be cleared.
* teximg: Fix to support the same formula on multiple pages.
-- Joey Hess <joeyh@debian.org> Thu, 10 Jan 2008 14:52:57 -0500
ikiwiki (2.19) unstable; urgency=low
* Only try postsignin if no other action matched. Fixes a bug where the
user goes back from the signin screen and does something else.
* Improve behavior when trying to sign in with no cookies.
* Improved the canedit hook interface, allowing a callback function to be
returned (and not run in some cases) rather than the plugins directly
forcing a user to log in.
* opendiscussion: allow editing of the toplevel discussion page,
and, indirectly, allow creating new discussion pages.
* Add a prereq on Data::Dumper 2.11 or better, needed to dump q// objects.
* htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'
and 'p/'.
* aggregate: Include copyright statements from rss feed as meta copyright
directives.
* aggregate: Yet another state saving fix (sigh).
* aggregate: Add hack to support feeds with invalidly escaped html entities.
-- Joey Hess <joeyh@debian.org> Tue, 08 Jan 2008 20:43:18 -0500
ikiwiki (2.18) unstable; urgency=low
* Split error messages for failures to drop real uid and gid.
* Retry dropping uid and gid, possibly this will help with the "Resource
temporarily unavailable" failures I've experienced under xen.
* Stop testing Encode::is_utf8 in decode_form_utf8: That doesn't work.
* decode_form_utf8 only fixed the utf-8 encoding for fields that were
registered at the time it was called, which was before the
formbuilder_setup hook. Fields added by the hook didn't get decoded.
But it can't be put after the hook either, since plugins using the hook
need to be able to use form values. To fix this dilemma, it's been changed
to a decode_cgi_utf8, which is called on the cgi query object, before the
form is set up, and decodes *all* cgi parameters.
* aggregate: Only save state if it was already loaded. This didn't used to
matter, but after recent changes, state is not always loaded, and saving
would kill it.
* table: Fix dependency tracking for external data files. Closes: #458387
-- Joey Hess <joeyh@debian.org> Sat, 05 Jan 2008 02:15:18 -0500
ikiwiki (2.17) unstable; urgency=low
* Improved parentlinks special case for index pages.
* redir: Support for specifying anchors.
* img: Avoid nesting images when linking to another image. Closes: #457780
* img: Allow the link parameter to point to an exterior url.
* conditional: Improve regexp testing for simple uses of pagespecs
that match only the page using the directive, adding 'included()'
and supporting negated pagespecs and added whitespace.
* map: Fix handling of common prefix to handle the case where it's
in a subdirectory. Patch by Larry Clapp.
* aggregate: Fix stupid mistake introduced when converting it to use
the needsbuild hook. This resulted in feeds not being removed when pages
were updated, and feeds sometimes being forgotten about.
* aggregate: Avoid uninitialised value warning when removing a feed that
has an expired guid.
-- Joey Hess <joeyh@debian.org> Sun, 30 Dec 2007 14:57:44 -0500
ikiwiki (2.16) unstable; urgency=low
* Major basewiki reorganisation. Most pages moved into ikiwiki/ subdirectory
to avoid polluting the main namespace, and some were further renamed.
* meta: Add redir support, based on a patch by Thomas Schwinge.
* Redirs added for moved basewiki pages. These will be removed in a future
release.
* Remove .otl file from sandbox to avoid build ugliness. Closes: #454181
* Finally implemented a simple per-page data storage mechanism for plugins,
via the %pagestate hash.
* Use pagestate in meta to detect potential redir loops.
* Added a version plugin that saves state about what's using it, to force
pages to rebuild when ikiwiki's version changes.
* The calendar plugin stores state about when it needs to be updated,
and forces rebuilds of the pages that contain calendars. So
running ikiwiki --refresh at midnight is now enough, no need for a full
wiki rebuild each midnight.
* calendar: Work around block html parsing bug in markdown 1.0.1 by
enclosing the calendar in an extra div.
* Fix file pruning code to work if ikiwiki is run with "." as the srcdir.
* Add an edittemplate plugin, allowing registering template pages, that
provide default content for new pages created using the web frontend.
* Change formbuilder hook to not be responsible for displaying a form,
so that more than one plugin can use this hook.
I believe this is a safe change, since only passwordauth uses this hook.
(If some other plugin already used it, it would have broken passwordauth!)
* Ensure that web edited pages always end in a newline.
* Avoid unnecessary stat calls to get mtime when rendering pages, use
cached value.
* Preserve input file modification times in output files.
* Allow dashes in preprocessor directive commands, and shortcuts.
* Htmlize parameters passed to the template preprocessor directive before
inserting them into the html template. This ensures that markdown
acts on them, even if the value is expanded inside a block-level html
element in the html template. Closes: #454058
* Use a div in the note template rather than a span.
* shortcut: Expand %S to the raw input text, not url-encoded.
* Don't increment feed numbers when an inline has no feeds. (Nis Martensen)
* Allow editing a page and deleting all content, while still disallowing
creating a new page that's entirely empty.
* meta: Drop support for "meta link", since supporting this for internal
links required meta to be run during scan, which complicated its data
storage, since it had to clear data stored during the scan pass to avoid
duplicating it during the normal preprocessing pass.
* If you used "meta link", you should switch to either "meta openid" (for
openid delegations), or tags (for internal, invisible links). I assume
that nobody really used "meta link" for external, non-openid links, since
the htmlscrubber ate those. (Tell me differently and I'll consider bringing
back that support.)
* meta: Improved data storage.
* meta: Drop the hackish filter hook that was used to clear
stored data before preprocessing, this hack was ugly, and broken (cf:
liw's disappearing openids).
* aggregate: Convert filter hook to a needsbuild hook.
* map: Don't inline images.
* brokenlinks: Don't list the same link multiple times. (%links might
contain multiple copies of the same link)
* git: Correct display of multiline commit messages in recentchanges.
* Re-organise dependencies and recommends now that recommends are installed
by default.
* Don't refuse to render files with ".." in their name. (Anchor the regexp.)
* Work around perl taint checking bug #411786, where perl sometimes randomly
sets the taint flag on untainted variables, by disabling taint checking
in the deb. This sucks.
-- Joey Hess <joeyh@debian.org> Tue, 18 Dec 2007 16:37:22 -0500
ikiwiki (2.15) unstable; urgency=low
* Add a new ikiwiki-makerepo program, that automates setting up a repo
and importing existing content for svn, git, and mercurial. This makes
the setup process much simpler.
* Reorganised git documentation.
* Actually install the ikiwiki-update-wikilist program.
* Improve workaround for perl bug #376329. Rather than double-encoding,
which has been reported to cause encoding problems (though I haven't
reproduced them), just catch a failure of markdown, and retry.
(The crazy perl bug magically disappears on the retry.)
Closes: #449379
* Add umask configuration option. Closes: #443329
-- Joey Hess <joeyh@debian.org> Sat, 01 Dec 2007 11:44:01 -0500
ikiwiki (2.14) unstable; urgency=high
* Let CC be used to control what compiler is used to build wrappers.
* Use 'cc' instead of gcc as the default compiler.
* Security fix: Ensure that there are no symlinks anywhere in the path
to the top of the srcdir. In certian unusual configurations, an attacker
who could commit to one of the parent directories of the srcdir could
use a symlink attack to cause ikiwiki to publish files elsewhere in the
filesystem. More details at <http://ikiwiki.info/security/#index29h2>
-- Joey Hess <joeyh@debian.org> Mon, 26 Nov 2007 15:26:06 -0500
ikiwiki (2.13) unstable; urgency=low
The ikiwiki zombie army release.
* Add liblwpx-paranoidagent-perl to recommends of Debian package,
this is needed to do OpenID really securely.
* ikiwiki.setup is licensed same as the basewiki, not GPLed.
* inline: Add timeformat parameter to control how the ctime of
inlined pages is displayed. Closes: #451019
* Add wrappergroup config option, which can be used to cause wrappers
to be created owned by some group other than the default. Useful
then there's a shared repository with access controlled by a group,
to let ikiwiki run setgid to that group.
* ikiwiki-mass-rebuild: Run build with the user in all their groups.
* Correct markdown in example index page in setup. Closes: #451469
* Better error message when a setup file has a syntax error.
Closes: #451666
* Fix mercurial historyurl in example setup file.
* More compact output for the brokenlinks plugin.
* Allow trailing slashes after page names in wikilinks.
* Don't consider links to anchors on the same page to be self links.
Patch by Daniel Burrows. Closes: #451729
* When usedirs is disabled, link direct to index.html files, not to
directories, to improve browsing of file:// urls.
Patch by Daniel Burrows. Closes: #451728
* Allow html5 video and audio tags and their attributes in the htmlscrubber.
* toc: Handle html elements embedded inside a header, rather than
stopping collecting the header text at the first element.
-- Joey Hess <joeyh@debian.org> Sat, 24 Nov 2007 16:06:22 -0500
ikiwiki (2.12) unstable; urgency=low
[ Joey Hess ]
* Fix some issues with toggles in preview mode.
* Fix an aggregate plugin expiry bug. Over time, it's possible for the same
page name to be expired and reused for several distinct guids. When this
happened, the expiry code counted each past guid that had used that page
name as a currently existing page, and thus expired too many pages.
* Avoid a race in the git rcs_commit function, by not assuming HEAD will
stay the same for the duration of the function.
* Avoid using commands like git-diff and instead use "git diff".
In some configurations, only the main git command is in the path.
* Improve the RecentChanges display for git merges, by passing -c instead
of -m to git-log, and by skipping display of commits that change no
pages.
* Don't truncate git commit messages to the first line in RecentChanges,
show the full message.
* map: Recent changes caused unnecessary ul's to be inserted for items
that were all at the same level, fix. Closes: #449285
[ Josh Triplett ]
* Fix table plugin to not generate an unbalanced tbody tag with header=no
* Add xmlns attribute on html element in templates; pages can now
validate.
[ Joey Hess ]
* In the example setup file, use mode 6755 for the git post-update hook.
It needs to be setgid if the master repo is a shared repository, so
that pushes into the working copy repository happen as the same group,
avoiding permissions problems.
* The first git commit legitimately has no parents. Avoid recentchanges
spewing uninitialised value warnings and debug messages about it.
Dummying up a parent of 0000000 allows gitweb to work too.
-- Joey Hess <joeyh@debian.org> Mon, 12 Nov 2007 14:35:09 -0500
ikiwiki (2.11) unstable; urgency=low
* Correct a pair of logic errors that triggered if svnpath was empty.
* If gitorigin_branch is set to the empty string, don't push or pull.
Useful for laptop clones of remote wikis.
* Add a calendar plugin, contributed by Manoj Srivastava.
* Reformat calendar plugin to ikiwiki conventions.
* The calendar plugin made *every* page depend on every other page,
which seemed a wee tiny little bit overkill. Fixed the dependency
calculations (I hope.)
* Removed manual ctime statting code, and just have the calendar plugin use
%pagectime.
* Ikiwiki has moved into a git repository.
* postsparkline: Avoid a confusing error message if no pages match
and instead show an empty graph.
* Add handling of feeds for nested inlines, as well as support for a
single page containing two different feeds.
* Also fixed some places in inline that failed to use destpage correctly.
* ikiwiki-mass-rebuild: Patch from HenrikBrixAndersen to fix order
of permissions dropping code to work on FreeBSD.
* ikiwiki-mass-rebuild: Don't clear PATH from the environment.
* Run git-commit -q (though it doesn't do much good due to its stderr
abuse).
-- Joey Hess <joeyh@debian.org> Fri, 26 Oct 2007 03:29:09 -0400
ikiwiki (2.10) unstable; urgency=low
* Tidy ctime debug output for git.
* French translation update. Closes: #445923
* Fix --get-ctime with git, needed to remove srcdir from filename.
* In the cgi edit path, reload the index file before rendering. A bug
showed up where a web edit that added a page caused a near-concurrent
web edit to fail in will_render. While it would be hard to reproduce this,
my analysis is that the failing cgi started first, loaded the index file
(prior to locking) then the other cgi created the new page and rendered
it, and then the failing cgi choked on the new file when _it_ tried to
render it. Ensuring that the index file is loaded after taking the lock
will avoid this bug.
* Fix strange stderr-hiding code in the git module, allow error messages
to be passed on to stderr. Also fixes a potential bug, since git error
meesages were treated as if they came from git stdout.
* Add a "createlink" class attribute to the span for wikilinks pointing
to not-yet-existing pages. I don't have a useful style defined for that
though.
* Rewritten rst plugin by madduck is a python program that communicates with
ikiwiki via XML RPC. This should be much faster than the old plugin that
had to fork python for every rst page render. Note that if you use
the rst plugin, you now need to have the RPC::XML perl module installed.
* Danish translation from Jonas Smedegaard. Closes: #446952
* Support git authors of the form "joey <joey>", which is common when
importing from a svn repo.
-- Joey Hess <joeyh@debian.org> Sat, 20 Oct 2007 19:42:46 -0400
ikiwiki (2.9) unstable; urgency=low
* Fix copyright and licence styling.
* tag: Add taglink preprocessor directive, supporting visible tag links.
Closes: #443344
* map: Fully specify paths to links to avoid issues when the bestlink
didn't point to the correct page.
* map: Render pages on the way to subpages whose parent pages
are not included in the map. Include special styling for such pages.
* map: Remove common prefixes and don't over-indent.
* Add class option to htmllink().
* img: Allow link=somepage to cause the image to link to a given page.
Slight overriding of link, as link=no is still used to disable the linking
entirely. Unless you have a page named "no"..
* Save index after previewing page edit, since even previewing can create
files in some situations, and this is appropriate in some cases, such as
the teximg plugin's error log file.
Such files will be automatically cleaned up at an appopriate later time.
* Don't allow whitespace in link text in a wikilink. This was still
allowed by the regexp in one case though not documented to work, and
was ambiguous with preprocessor directives.
* camelcase: Tighten regexp to avoid false positives. WikiWords are only
linkified now if they are preceeded by whitespace.
-- Joey Hess <joeyh@debian.org> Sun, 30 Sep 2007 15:07:24 -0400
ikiwiki (2.8) unstable; urgency=low
* Redid the debian/copyright file, using the proposed new copyright file
format. Included many details not previously listed in the old file.
* inline: add feedonly option, set feedonly=yes to get only the feed button
but not inline the pages.
* meta: Support license and copyright information. The information will
be shown in the page footer. HTML will also be inserted that should
support the rel=license microformat as well as the HTML spec's
rel=copyright.
* table plugin: Actually specify the delimiter when parsing CSV.
* table plugin: The previous version broke WikiLinks inside quoted values.
Fix this by linkifying CSV data after parsing it, while DSV data is still
linkified before parsing.
-- Joey Hess <joeyh@debian.org> Sun, 16 Sep 2007 20:02:25 -0400
ikiwiki (2.7) unstable; urgency=low
[ Joey Hess ]
* Add an editcontent hook.
* Support for looking in multiple directories for underlay files.
* Plugins can add new directories to the search path with the add_underlay
function.
* Split out smiley underlay files into a separate underlay, so if the plugin
isn't used, the wiki isn't bloated with all those files.
* Allow -cgi -wrapper to be passed on the command line to generate a
wrapper.
* Fix some taint issues with generating wrappers using the command line.
* Don't allow newlines in link text in a wikilink.
* Tables containing links with a link text were misparsed, because the "|"
in the wikilink looked like a table field separator. Avoid this ambiguity
by linkifying the data before parsing it as a table.
* Turn on allow_loose_quotes in the table plugin's Text::CSV object,
so that links from wikilinks don't confuse the parser.
* mercurial: Pass --style default to hg log to ensure right format is used.
* mercurial: Fix rcs_getctime (thanks, bma)
[ Josh Triplett ]
* Use git-log rather than the shell, git-rev-list, and git-diff-tree.
Patch by Jamey Sharp <jamey@minilop.net>.
* Renames from git-diff-tree aren't handled, so don't ask for them.
Patch by Jamey Sharp
* Handle operating in sub-trees of a git repository.
When looking for git commits that affect the wiki, only include changes
that affect the ikiwiki source directory. If that is not the top-level
directory in this git repository, strip off the prefix as given by
`git-rev-parse --show-prefix` from all names reported by git-log.
Patch by Jamey Sharp
[ Joey Hess ]
* Correct generation of RFC 3339 format times for atom/rss feeds. Always use
gmtime for these since a time zone is not specified.
* Updated Spanish translation from Victor Moral.
* table: Text::CSV doesn't return decoded unicode (XS module); decode its
return values.
* Change git test suite to reflect change in log for initial repo creation
commit.
* Add the ikiwiki-update-wikilist command.
* Exclude external plugin from syntax check since it uses a module that is
not in the build depends. Closes: #441171
-- Joey Hess <joeyh@debian.org> Sat, 08 Sep 2007 21:54:11 -0400
ikiwiki (2.6.1) unstable; urgency=low
* Ye olde brown paper bag.
* Fix minor bug when blogging by cgi, introduced in last version.
* Fix a bug in unlockwiki intorduced last version that made it crash ikiwiki
if it wasn't locked when called. This is known to break post-commit
emails.
-- Joey Hess <joeyh@debian.org> Sun, 26 Aug 2007 13:38:23 -0400
ikiwiki (2.6) unstable; urgency=low
* Various minor bug fixes for silly mistakes in the code, thanks to the
various reviewers.
* Fix problems with previewing in the graphviz plugin. Thanks,
HenrikBrixAndersen.
* Allow raw html in the rst plugin.
* Add --set-option command line switch.
* pagetemplate: don't display template name
* Add rel=tag attribute to tag links, supporting that microformat, as well
as allowing them to be styled specially. Thanks, NicolasLimare.
* Add sessioncgi hook.
* Move blog form code out of CGI.pm and into the inline plugin.
* Updated Spanish translation from Victor Moral.
* Updated French translation from Cyril Brulebois. Closes: #437181
* The toc directive doesn't work well or make sense inside an inlined page.
Disable it when the page with the toc is nested inside another page.
* Apply a patch from NicolasLimare adding modification date tags to rss and
atom feeds, and also changing the publication time for a feed to the
newest modiciation time (was newest creation time).
* The patch also adds dcterms:creator to rss items that have a known author.
* Support pagespec "functions" with no parameters, like included() in the
conditional plugin.
* Add time=mtime option to postsparkline.
* Fix --libdir to work at the command line.
* Plugins can now be written as standalone external programs, which can
be written in any language that can do XML RPC.
* Change yet again how unhandled and escaped preprocessor directives are
re-output onto the page. Hopefully I finally got it right..
* Fix bug in deletion/move during edit code introduced in 1.44. Need to take
the underlaydir into account.
* Fix bug when editing file from underlaydir, need to rcs_add it even though
a page creation isn't occuring.
* Various minor fixes and stylistic improvements suggested by Perl::Critic.
* Applied Jeremie Koenig's pluggable editpage buttons patch:
- add a title to the editpage form;
- pass a reference to the list of buttons to the formbuilder_setup
hooks, so we can add ours;
- relax asumption about the possible submit values (use "Save Page"
explicitly);
- de-hardcode the submit buttons from the editpage template
(This was needed for compatability with a bug in CGI::FormBuilder
3.0401, but ikiwiki already needs a newer version.)
* Pass buttons to all other formbuilder_setup hooks too.
* Add color parameter to postsparkline. Closes: #438900