ikiwiki (3.20141016.2) unstable; urgency=high [ Joey Hess ] * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483) -- Simon McVittie Sun, 29 Mar 2015 22:28:15 +0100 ikiwiki (3.20141016.1) unstable; urgency=medium * Backport selected commits for Debian 8: [ Joey Hess ] * Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t if libipc-run-perl is also installed (buildds are unaffected by this) * Set Debian package maintainer to Simon McVittie as I'm retiring from Debian. [ Amitai Schlair ] * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd). Closes: #774441 [ Simon McVittie ] * Work around imagemagick Debian bug #771047 by using a non-blank SVG for the regression test, to avoid FTBFS in current unstable if inkscape is installed (buildds are unaffected by this) -- Simon McVittie Wed, 07 Jan 2015 11:08:35 +0000 ikiwiki (3.20141016) unstable; urgency=medium [ Joey Hess ] * Fix crash that can occur when only_committed_changes is set and a file is deleted from the underlay. [ Simon McVittie ] * core: avoid dangerous use of CGI->param in list context, which led to a security flaw in Bugzilla; as far as we can tell, ikiwiki is not vulnerable to a similar attack, but it's best to be safe * core: new reverse_proxy option prevents ikiwiki from trying to detect how to make self-referential URLs by using the CGI environment variables, for instance when it's deployed behind a HTTP reverse proxy (Closes: #745759) * core: the default User-Agent is now "ikiwiki/$version" to work around ModSecurity rules assuming that only malware uses libwww-perl * core: use protocol-relative URLs (e.g. //www.example.com/wiki) so that https stays on https and http stays on http, particularly if the html5 option is enabled * core: avoid mixed content when a https cgiurl links to http static pages on the same server (the static pages are assumed to be accessible via https too) * core: force the correct top URL in w3mmode * google plugin: Use search form * docwiki: replace Paypal and Flattr buttons with text links * comments: don't record the IP address in the wiki if the user is logged in via passwordauth or httpauth * templates: add ARIA roles to some page elements, if html5 is enabled. Thanks, Patrick * debian: build-depend on libmagickcore-6.q16-2-extra | libmagickcore-extra so we can thumbnail SVGs in the docwiki * debian: explicitly depend and build-depend on libcgi-pm-perl * debian: drop unused python-support dependency * debian: rename debian/link to debian/links so the intended symlinks appear * debian: fix some wrong paths in the copyright file -- Simon McVittie Thu, 16 Oct 2014 23:28:26 +0100 ikiwiki (3.20140916) unstable; urgency=low * Don't double-decode CGI submissions with Encode.pm >= 2.53, fixing "Error: Cannot decode string with wide characters". Thanks, Antoine Beaupré * Avoid making trails depend on everything in the wiki by giving them a better way to sort the pages * Don't let users post comments that won't be displayed * Fix encoding of Unicode strings in Python plugins. Thanks, chrysn * Improve performance and correctness of the [[!if]] directive * Let [[!inline rootpage=foo postform=no]] disable the posting form * Switch default [[!man]] shortcut to manpages.debian.org. Closes: #700322 * Add UUID and TIME variables to edittemplate. Closes: #752827 Thanks, Jonathon Anderson * Display pages in linkmaps as their pagetitle (no underscore escapes). Thanks, chrysn * Fix aspect ratio when scaling small images, and add support for converting SVG and PDF graphics to PNG. Thanks, chrysn - suggest ghostscript (required for PDF-to-PNG thumbnailing) and libmagickcore-extra (required for SVG-to-PNG thumbnailing) - build-depend on ghostscript so the test for scalable images can be run * In the CGI wrapper, incorporate $config{ENV} into the environment before executing Perl code, so that PERL5LIB can point to a non-system-wide installation of IkiWiki. Thanks, Lafayette Chamber Singers Webmaster * filecheck: accept MIME types not containing ';' * autoindex: index files in underlays if the resulting pages aren't going to be committed. Closes: #611068 * Add [[!templatebody]] directive so template pages don't have to be simultaneously a valid template and valid HTML * Add myself to Uploaders and release to Debian -- Simon McVittie Fri, 12 Sep 2014 21:23:58 +0100 ikiwiki (3.20140831) unstable; urgency=medium * Make --no-gettime work in initial build. Closes: #755075 -- Joey Hess Sun, 31 Aug 2014 14:17:24 -0700 ikiwiki (3.20140815) unstable; urgency=medium * Add google back to openid selector. Apparently this has gotten a stay of execution until April 2015. (It may continue to work until 2017.) * highlight: Add compatibility with highlight 3.18, while still supporting 3.9+. Closes: #757679 Thanks, David Bremner * highlight: Add support for multiple language definition directories Closes: #757680 Thanks, David Bremner -- Joey Hess Fri, 15 Aug 2014 12:58:08 -0400 ikiwiki (3.20140613) unstable; urgency=medium * only_committed_changes could fail in a git repository merged with git merge -s ours. * Remove google from openid selector, per http://xkcd.com/1361/ -- Joey Hess Fri, 13 Jun 2014 10:09:10 -0400 ikiwiki (3.20140227) unstable; urgency=medium * Added useragent config setting. Closes: #737121 Thanks, Tuomas Jormola * po: Add html_lang_code and html_lang_dir template variables for the language code and direction of text. Thanks, Mesar Hameed * Allow up to 8 levels of nested directives, rather than previous 3 in directive infinite loop guard. * git diffurl: Do not escape / in paths to changed files, in order to interoperate with cgit (gitweb works either way) Thanks, intrigeri. * git: Explicity push master branch, as will be needed by git 2.0's change to push.default=matching by default. Thanks, smcv * Deal with nasty issue with gettext clobbering $@ while printing error message containing it. Thanks, smcv * Cleanup of the openid login widget, including replacing of hotlinked images from openid providers with embedded, freely licensed artwork. Thanks, smcv * Improve templates testing. Thanks, smcv * python proxy: Avoid utf-8 related crash. Thanks, Antoine Beaupré * Special thanks to Simon McVittie for being the patchmeister for this release. -- Joey Hess Thu, 27 Feb 2014 11:55:35 -0400 ikiwiki (3.20140125) unstable; urgency=medium * inline: Allow overriding the title of the feed. Closes: #735123 Thanks, Christophe Rhodes * osm: Escape name parameter. Closes: #731797 -- Joey Hess Sat, 25 Jan 2014 16:40:32 -0400 ikiwiki (3.20140102) unstable; urgency=low * aggregate: Improve display of post author. * poll: Fix behavior of poll buttons when inlined. * Fixed unncessary tight loop hash copy in saveindex where a pointer can be used instead. Can speed up refreshes by nearly 50% in some circumstances. * Optimized loadindex by caching the page name in the index. * Added only_committed_changes config setting, which speeds up wiki refresh by querying git to find the files that were changed, rather than looking at the work tree. Not enabled by default as it can break some setups where not all files get committed to git. * comments: Write pending moderation comments to the transient underlay to avoid conflict with only_committed_changes. * search: Added google_search option, which makes it search google rather than using the internal xapain database. (googlesearch plugin is too hard to turn on when xapain databases corrupt themselves, which happens all too frequently). * osm: Remove invalid use of charset on embedded javascript tags. Closes: #731197 * style.css: Add compatibility definitions for more block-level html5 elements. Closes: #731199 * aggregrate: Fix several bugs in handling of empty and colliding titles when generating filenames. -- Joey Hess Thu, 02 Jan 2014 12:22:22 -0400 ikiwiki (3.20130904.1) unstable; urgency=low * Fix cookiejar default setting. -- Joey Hess Wed, 04 Sep 2013 10:15:37 -0400 ikiwiki (3.20130904) unstable; urgency=low * calendar: Display the popup mouseover when there is only 1 page for a given day, for better UI consistency. * meta: Can now be used to add an enclosure to a page, which is a fancier way to do podcasting than just inlining the media files directly; this way you can write a post about the podcast episode with show notes, author information, etc. (schmonz) * aggregate: Show author in addition to feedname, if different. (schmonz) * Consistently configure LWP::UserAgent to allow use of http_proxy and no_proxy environment variables, as well as ~/.ikiwiki/cookies (schmonz) * Fix test suite to work with perl 5.18. Closes: #719969 -- Joey Hess Wed, 04 Sep 2013 08:54:31 -0400 ikiwiki (3.20130711) unstable; urgency=low * Deal with git behavior change in 1.7.2 and newer that broke support for commits with an empty commit message. * Pass --no-edit when used with git 1.7.8 and newer. -- Joey Hess Wed, 10 Jul 2013 21:49:23 -0400 ikiwiki (3.20130710) unstable; urgency=low * blogspam: Fix encoding issue in RPC::XML call. Thanks, Changaco * comments: The formats allowed to be used in comments can be configured using comments_allowformats. Thanks, Michal Sojka * calendar: When there are multiple pages for a given day, they're displayed in a popup on mouseover. Thanks, Louis * osm: Remove trailing slash from KML maps icon. * page.tmpl: omit searchform, trails, sidebar and most metadata in CGI (smcv) * openid: Automatically upgrade openid_realm to https when accessed via https. * The ip() pagespec can now contain glob characters to match eg, a subnet full of spammers. * Fix crash that could occur when a needsbuild hook returned a file that does not exist. * Fix python proxy to not crash when fed unicode data in getstate and setstate. Thanks, chrysn * Fix committing attachments when using svn. -- Joey Hess Wed, 10 Jul 2013 17:45:40 -0400 ikiwiki (3.20130518) unstable; urgency=low * Fix test suite to not fail when XML::Twig is not installed. Closes: #707436 * theme: Now can be used in all templates when a theme is enabled. * notifyemail: Fix bug that caused duplicate emails to be sent when site was rebuilt. * bzr: bzr rm no longer has a --force option, remove -- Joey Hess Sat, 18 May 2013 16:28:21 -0400 ikiwiki (3.20130504) unstable; urgency=low * Allow dots in directive parameter names. (tango) * Add missing plugin section, and deal with missing sections with a warning. * Detect plugins with a broken getsetup and warn. * map: Correct reversion introduced in version 3.20110225 that could generate invalid html. (smcv) * Makefile.PL: overwrite theme style.css instead of appending (Thanks, Mikko Rapeli) * meta: Fix anchors used to link to the page's license and copyright. Closes: #706437 -- Joey Hess Sat, 04 May 2013 23:47:21 -0400 ikiwiki (3.20130212) unstable; urgency=low * htmlscrubber: Allow the bitcoin URI scheme. * htmlscrubber: Allow the URI schemes of major VCS's. * aggregate: When run with --aggregate, if an aggregation is already running, don't go on and --refresh. * trail: Avoid excess dependencies between pages in the trail and the page defining the trail. Thanks, smcv. * opendiscussion: Don't allow editing discussion pages if discussion pages are disabled. (smcv) * poll: Add expandable option to allow users to easily add new choices to a poll. * trail: Avoid massive slowdown caused by pagetemplate hook when displaying dynamic cgi pages, which cannot use trail anyway. * Deal with empty diffurl in configuration. * cvs: Various fixes. (schmonz) * highlight: Now adds a span with class highlight- around highlighted content, allowing for language-specific css styling. -- Joey Hess Tue, 12 Feb 2013 21:48:02 -0400 ikiwiki (3.20121212) unstable; urgency=low * filecheck: Fix bug that prevented File::MimeInfo::Magic from ever being used. * openid: Display openid in Preferences page as a comment, so it can be selected in all browsers. -- Joey Hess Tue, 11 Dec 2012 12:12:12 -0400 ikiwiki (3.20121017) unstable; urgency=low * recentchangesdiff: fix further breakage to the template from 3.20120725 -- Joey Hess Tue, 16 Oct 2012 20:49:27 -0400 ikiwiki (3.20121016) unstable; urgency=low * monochrome: New theme, contributed by Jon Dowland. * rst: Ported to python 3, while still also being valid python 2. Thanks, W. Trevor King * Try to avoid a situation in which so many ikiwiki cgi wrapper programs are running, all waiting on some long-running thing like a site rebuild, that it prevents the web server from doing anything else. The current approach only avoids this problem for GET requests; if multiple cgi's run GETs on a site at the same time, one will display a "please wait" page for a configurable number of seconds, which then redirects to retry. To enable this protection, set cgi_overload_delay to the number of seconds to wait. This is not enabled by default. * Add back a 1em margin between archivepage divs. * recentchangesdiff: Correct broken template that resulted in duplicate diff icons being displayed, and bloated the recentchanges page with inline diffs when the configuration should have not allowed them. -- Joey Hess Tue, 16 Oct 2012 15:14:19 -0400 ikiwiki (3.20120725) unstable; urgency=low * recentchangesdiff: When diffurl is not set, provide inline diffs in the recentchanges page, with visibility toggleable via javascript. Thanks, Antoine Beaupré * Split CFLAGS into words when building wrapper. Closes: #682237 * osm: Avoid calling urlto before generated files are registered. Thanks, Philippe Gauthier and Antoine Beaupré * osm: Add osm_openlayers_url configuration setting. Thanks, Genevieve * osm: osm_layers can be used to configured the layers displayed on the map. Thanks, Antoine Beaupré * comments: Remove ipv6 address specific code. -- Joey Hess Sat, 25 Aug 2012 10:58:42 -0400 ikiwiki (3.20120629) unstable; urgency=low * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or other config differences by linking to the mirror's CGI. (intrigeri) -- Joey Hess Fri, 29 Jun 2012 10:16:08 -0400 ikiwiki (3.20120516) unstable; urgency=high * meta: Security fix; add missing sanitization of author and authorurl. CVE-2012-0220 Thanks, Raúl Benencia -- Joey Hess Wed, 16 May 2012 19:51:27 -0400 ikiwiki (3.20120419) unstable; urgency=low * Remove dead link from plugins/teximg. Closes: #664885 * inline: When the pagenames list includes pages that do not exist, skip them. * meta: Export author information in html tag. Closes: #664779 Thanks, Martin Michlmayr * notifyemail: New plugin, sends email notifications about new and changed pages, and allows subscribing to comments. * Added a "changes" hook. Renamed the "change" hook to "rendered", but the old hook name is called for now for back-compat. * meta: Support keywords header. Closes: #664780 Thanks, Martin Michlmayr * passwordauth: Fix url in password recovery email to be absolute. * httpauth: When it's the only auth method, avoid a pointless and confusing signin form, and go right to the httpauthurl. * rename: Allow rename to be started not from the edit page; return to the renamed page in this case. * remove: Support removing of pages in the transient underlay. (smcv) * inline, trail: The pagenames parameter is now a list of absolute pagenames, not relative wikilink type names. This is necessary to fix a bug, and makes pagenames more consistent with the pagespec used in the pages parameter. (smcv) * link: Fix renaming wikilinks that contain embedded urls. * graphviz: Handle self-links. * trail: Improve CSS, also display trail links at bottom of page, and a bug fix. (smcv) -- Joey Hess Thu, 19 Apr 2012 15:32:07 -0400 ikiwiki (3.20120319) unstable; urgency=low * osm: New plugin to embed an OpenStreetMap into a wiki page. Supports waypoints, tags, and can even draw paths matching wikilinks between pages containing waypoints. Thanks to Blars Blarson and Antoine Beaupré, as well as the worldwide OpenStreetMap community for this utter awesomeness. * trail: New plugin to add navigation trails through pages via Next and Previous links. Trails can easily be added to existing inlines by setting trail=yes in the inline. Thanks to Simon McVittie for his persistance developing this feature. * Fix a snail mail address. Closes: #659158 * openid-jquery.js: Update URL of Wordpress favicon. Closes: #660549 * Drop the version attribute on the generator tag in Atom feeds to make builds more reproducible. Closes: #661569 (Paul Wise) * shortcut: Support Wikipedia's form of url-encoding for unicode characters, which involves mojibake. Closes: #661198 * Add a few missing jquery UI icons to attachment upload widget underlay. * URI escape filename when generating the diffurl. * Add build-affected hook. Used by trail. -- Joey Hess Mon, 19 Mar 2012 14:24:43 -0400 ikiwiki (3.20120202) unstable; urgency=low * mdwn: Added nodiscount setting, which can be used to avoid using the markdown discount engine, when maximum compatability is needed. * Switch to YAML::XS to work around insanity in YAML::Mo. Closes: #657533 * cvs: Ensure text files are added in non-binary mode. (Amitai Schlair) * cvs: Various cleanups and testing. (Amitai Schlair) * calendar: Fix strftime encoding bug. * shortcuts: Fixed a broken shortcut to wikipedia (accidentially made into a shortcut to wikiMedia). * Various portability improvements. (Amitai Schlair) -- Joey Hess Thu, 02 Feb 2012 21:42:40 -0400 ikiwiki (3.20120115) unstable; urgency=low * Make backlink(.) work. Thanks, Giuseppe Bilotta. * mdwn: Workaround discount's eliding of