a67f4d3944
git: don't issue a warning if rcsinfo is undefined
...
The intention here seems to be that $prev may be undefined, and the
only way that can legitimately happen is for $params{token} to be
undefined too.
2016-12-28 21:32:12 +00:00
7c34df633d
git_revert test: reinstate ikiwiki.setup, and make it work uninstalled
...
Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.
I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
2016-12-28 21:32:11 +00:00
28409cd358
Add CVE references for CVE-2016-10026
2016-12-21 13:03:36 +00:00
c96149fa3e
Release 3.20161219
2016-12-19 20:35:01 +00:00
0fe2ff8579
changelog
2016-12-19 18:21:07 +00:00
592c13cc61
Update changelog
2016-12-19 18:21:07 +00:00
68e2320696
inline: Prevent creating a file named ".mdwn" when the postform is submitted with an empty title.
2016-09-21 13:51:42 -04:00
85c10d149b
Update my surname to its new legal spelling.
2016-09-14 14:28:01 -04:00
6750fb6f8b
3.20160905
2016-09-05 21:26:32 +01:00
3f78c41770
changelog for previous commit
...
Closes https://github.com/joeyh/ikiwiki/pull/19
2016-08-03 15:00:04 -04:00
6264e91bac
3.20160728
2016-07-28 10:42:35 +01:00
1ffb9d4931
Standards-Version: 3.9.8 (no changes required)
2016-07-28 10:41:25 +01:00
5f6f9a1bea
Wrapper: allocate new environment dynamically
...
Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.
I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
2016-05-11 09:18:14 +01:00
062dbf1373
3.20160509
2016-05-09 21:59:50 +01:00
ab97cd56f3
Reference CVE-2016-4561 in 3.20160506 changelog
2016-05-09 21:57:34 +01:00
2020bd88a5
Remove spurious changelog entry
...
This change was new in 3.20141016.3, but was applied to the master
branch several releases ago, so it is not new in 3.20160506.
2016-05-09 21:46:04 +01:00
9fe33a4c94
3.20160506
2016-05-06 07:54:47 +01:00
dea96e5113
Document the security fixes in this release
2016-05-06 07:49:45 +01:00
21b9b9e306
update test suite for svg passthrough by img directive
...
Remove build dependency libmagickcore-6.q16-2-extra which was only there
for this test.
2016-05-06 06:58:56 +01:00
984ba82f1b
img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser
...
SVG scaling by img directives has subtly changed; where before size=wxh
would preserve aspect ratio, this cannot be done when passing them through
and so specifying both a width and height can change the SVG's aspect
ratio.
(This patch looks significantly more complex than it was, because a large
block of code had to be indented.)
[smcv: drop trailing whitespace, fix some spelling]
2016-05-06 06:57:12 +01:00
7ff6221ac9
changelog for smcv's security fixes
...
[smcv: omit a change that was already in 3.20160514]
2016-05-06 06:53:41 +01:00
6253567127
Changelog: process .md files iff created directly.
2016-03-08 14:34:02 -05:00
8d28f70b37
loginselector: When only openid and emailauth are enabled, but passwordauth is not, avoid showing a "Other" box which opens an empty form.
2016-03-02 16:35:16 -04:00
a3ee60f2f8
d/control: add Vcs-Browser
2016-01-22 00:55:03 +00:00
7db255ff60
d/control: use https for Homepage
2016-01-22 00:55:03 +00:00
53b10a64f0
3.20160121
2016-01-21 09:53:28 +00:00
0cc21b69e4
document recent inline and syslog fixes
2016-01-21 09:36:16 +00:00
179807e742
changelog: sort user-visible changes before packaging and test fixes
2016-01-21 09:31:07 +00:00
b0627aef10
img test: use the right filenames when testing that deletion occurs
...
Also use a less misleading name for the sample SVG: it is no longer empty.
Since commit 105f285a
2016-01-19 11:24:18 +00:00
5dceeb28d8
img test: skip testing PDFs if unsupported
2016-01-19 11:24:18 +00:00
317d19842c
Silence "used only once: possible typo" warnings for variables that are part of modules' APIs
2016-01-19 11:24:18 +00:00
e33b4678c7
d/control: Standards-Version: 3.9.6, no changes required
2016-01-19 11:24:18 +00:00
509a5a48d7
d/control: remove leading article from Description (lintian: description-synopsis-starts-with-article)
2016-01-19 11:24:18 +00:00
64d9729601
Change dependencies from transitional package perlmagick to libimage-magick-perl ( Closes : #789221 )
2016-01-19 11:24:18 +00:00
245109fa39
changelog: mention pagestats enhancement
2016-01-19 11:24:18 +00:00
fc02c7fb69
Add license info to javascript underlay
2016-01-19 11:24:18 +00:00
3cbc16abd6
underlays/javascript/* use ikiwiki's permissive license
...
I'm the sole author and copyright holder of these files.
2015-12-01 12:11:50 -04:00
b199349ffd
Merge remote-tracking branch 'smcv/ready/limit'
2015-11-30 20:55:34 +00:00
ed1e1ebe70
git: if no committer identity is known, set it to "IkiWiki <ikiwiki.info>" in .git/config
...
This resolves commit errors in versions of git that require a non-trivial
committer identity.
2015-11-30 19:34:04 +00:00
719612a976
debian/copyright: update for the rename of openid-selector to login-selector
2015-11-30 18:52:19 +00:00
a71ade73ff
Add enough build-dependencies to run all tests, except for non-git VCSs
2015-11-30 18:26:23 +00:00
1124a7c459
Wrap and sort control files (wrap-and-sort -abst)
2015-11-30 18:26:23 +00:00
d90002b8d7
tests: consistently use done_testing instead of no_plan
2015-11-30 18:26:23 +00:00
6b322448ca
t/img.t: do not spuriously skip
2015-11-30 18:26:23 +00:00
cdfb4ab1a3
Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure
2015-11-30 18:26:22 +00:00
78a47d44c7
Add more changelog entries
2015-11-29 17:37:40 +00:00
70c87f56a2
Modified page.tmpl to to set html lang= and dir= when values have been specified for them, which the po plugin does.
...
Note that I modified the patch slightly, to avoid blank lines before the
<html>, on the off chance bad html parsers care.
2015-10-26 15:45:40 -04:00
32923e732b
emailauth: Added emailauth_sender config.
2015-10-02 11:49:47 -04:00
ee13598aa8
Changelog my recent commits, prompted by joeyh.
2015-08-27 13:00:01 -04:00
8ab2005ec9
3.20150614
2015-06-14 18:15:35 +01:00
841a86a4f3
img test: set old timestamp on source file that will change
...
This is so that the test will pass even if it takes less than 1 second.
2015-06-14 18:13:17 +01:00
7a2117bf8c
img: stop ImageMagick trying to be clever if filenames contain a colon
...
$im->Read() takes a filename-like argument with several sets of special
syntax. Most of the possible metacharacters are escaped by the
default `wiki_file_chars` (and in any case not particularly disruptive),
but the colon ":" is not.
It seems the way to force ImageMagick to treat colons within the
filename as literal is to prepend a colon, so do that.
2015-06-13 20:00:08 +01:00
f2365c3e66
inline: change default sort order from age to "age title" for determinism
2015-06-13 19:58:37 +01:00
412f9ea2bb
3.20150610
2015-06-10 21:59:11 +01:00
014b9eb1b7
polygen: if deterministic build is requested, use a well-known random seed
2015-06-09 22:30:44 +01:00
361076e55d
haiku: if deterministic build is requested, return a hard-coded haiku
2015-06-09 22:30:43 +01:00
15939a2528
Add deterministic option and use it for the docwiki
...
It doesn't do anything yet.
2015-06-09 22:30:43 +01:00
6add4fd4fc
Sort backlinks deterministically, by falling back to sorting by href if the link text is identical
2015-06-09 22:30:43 +01:00
d18b77c107
Add [[!meta date]] to news items and tips
...
The git checkout and build process can leave the checkout
date in the tarball release, leading to unstable sorting.
I tried to use `git restore-mtime`, but that doesn't work for
ikiwiki, because dgit interferes with it.
2015-06-09 22:29:38 +01:00
8e007666d4
brokenlinks: sort the pages that link to the missing page, for better reproducibility
2015-06-09 22:28:31 +01:00
7a96363c6d
debian/copyright: turn comments on provenance into Comment
2015-06-09 22:28:30 +01:00
bde823191e
debian/copyright: consolidate permissive licenses
2015-06-09 22:28:28 +01:00
de38423a59
debian: build the docwiki with LC_ALL=C.UTF-8 and TZ=UTC for a more reproducible build
2015-06-09 22:25:26 +01:00
2fe003dac4
Populate pagectime from mtime or inode change time, whichever is older
...
When building ikiwiki from a tarball, the mtime (conceptually, the
last modification date of the file) is preserved by tar, but the inode
change time (creation/metadata-change date of *this copy* of the file)
is not. This seems to lead to unstable sort ordering and
unreproducible builds.
The page can't possibly have been modified before it was created, so
we can assume that the modification date is an upper bound for the
creation date.
2015-06-09 22:22:54 +01:00
b6388d6fbd
changelog
2015-06-09 22:22:10 +01:00
2cf7b1fc64
Replace email authentication icon with one that is more instantly recognizable
2015-06-09 00:44:31 +01:00
7a52c87a8c
Make the attachment plugin work with CGI.pm 4.x ( Closes : #786586 ; workaround for #786587 in libcgi-pm-perl)
2015-06-07 14:51:13 +01:00
2afb0dd663
Do not directly enable emailauth by default, only indirectly via openid
...
This avoids nasty surprises on upgrade if a site is using httpauth,
or passwordauth with an account_creation_password, and relying on
only a select group of users being able to edit the site. We can revisit
this for ikiwiki 4.
2015-05-27 08:52:01 +01:00
fecfa53988
changelog
2015-05-19 15:35:25 -04:00
85a529db3d
passwordauth: Don't allow registering accounts that look like openids.
...
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
2015-05-14 10:57:56 -04:00
bf8b7fe2d1
changelog
2015-05-13 23:38:46 -04:00
5b459737a5
Converted openid-selector into a more generic loginselector helper plugin.
2015-05-13 18:50:29 -04:00
f8add0adb3
rename openid selector files to login-selector
2015-05-13 17:58:59 -04:00
ec72b4c95b
When openid and passwordauth are the only enabled auth plugins, make the openid selector display "Password" instead of "Other", so users are more likely to click on it when they don't have an openid.
2015-05-13 12:18:22 -04:00
aefb780eee
Re-remove google from openid selector; their openid provider is gone for good.
2015-04-28 12:24:32 -04:00
d8a550e7de
release 3.20150329
2015-03-29 22:11:38 +01:00
18dfba868f
Fix XSS in openid selector. Thanks, Raghav Bisht.
2015-03-27 12:17:39 -04:00
6ff7d4bba6
remove announcedir target
...
only I use this, and I moved it to my mrconfig
2015-03-14 15:56:52 -04:00
9497fc1b6c
t/inline.t: accept translations of "Add a new post titled:" ( Closes : #779365 )
2015-03-01 17:15:13 +00:00
a1fda0b516
Standardize on --long-option instead of -long-option
...
[[forum/refresh_and_setup]] indicates some confusion between --setup
and -setup. Both work, but it's clearer if we stick to one in
documentation and code.
A 2012 commit to [[plugins/theme]] claims that "-setup" is required
and "--setup" won't work, but I cannot find any evidence in ikiwiki's
source code that this has ever been the case.
2015-03-01 16:15:01 +00:00
943ec015da
If neither timezone nor TZ is set, set both to :/etc/localtime if we're on a GNU system and that file exists, or GMT otherwise
2015-03-01 15:01:05 +00:00
bd3eb42b02
changelog
2015-03-01 12:46:49 +00:00
b0861d8162
heh, MOM wants you
2015-01-25 00:03:43 -04:00
fe0eaf1870
Fix NULL ptr deref on ENOMOM in wrapper. (Thanks, igli)
...
Probably not exploitable, but who knows..
2015-01-25 00:00:40 -04:00
c34b86f12e
release
2015-01-07 09:14:47 +00:00
0048442831
close debian bug I opened about blogspam
2015-01-02 16:45:26 -04:00
0451dc4133
Update blogspam to the 2.0 API.
2015-01-02 13:55:10 -05:00
f88e109bec
po: If msgmerge falls over on a problem po file, print a warning message, but don't let this problem crash ikiwiki entirely.
2014-12-30 15:51:50 -04:00
c668c2c7e2
Changelog the $(MAKE) patch.
2014-12-27 17:32:20 -05:00
5c30886dbf
changelog, close bug
2014-12-09 22:19:15 +00:00
44e320c1d5
changelog and NEWS entry for responsive layout
2014-12-01 21:29:46 +00:00
c01f53d74e
core: generate HTML5 by default, but keep avoiding new elements like <section> that require specific browser support unless html5 is set to 1.
2014-11-26 12:00:31 +00:00
6c51b764bc
Merge branch 'ready/html5'
2014-11-26 11:58:05 +00:00
dc0744a423
search: add more classes as a hook for CSS. Thanks, sajolida
2014-11-26 11:57:58 +00:00
1ff99b19ca
calendar: add calendar_autocreate option, with which "ikiwiki --refresh" can mostly supersede the ikiwiki-calendar command. Thanks, Louis Paternault
2014-11-26 09:28:18 +00:00
33ca02581b
Set Debian package maintainer to Simon McVittie as I'm retiring from Debian.
2014-11-08 00:08:33 -04:00
ea8c7a7e02
openid: Stop suppressing the email field on the Preferences page.
...
This is needed for notifyemail, and not all openid providers report an
email address, or necessarily the one the user wants to get email.
2014-11-06 15:00:09 -04:00
d858ce3e93
Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t
2014-10-20 12:28:54 -04:00
82a4fb49ae
add ikiwiki-comment program
2014-10-20 12:08:07 -04:00
7a2446f798
Disambiguate myself a bit (like that's needed).
2014-10-16 21:51:18 -04:00
Simon McVittie
Joey Hess
Amitai Schlair
Joey Hess