1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368
|
ikiwiki-hosting (0.20180720) UNRELEASED; urgency=medium
* Avoid directly running init scripts, instead use the service command.
* Avoid running apache2ctl graceful which may restart apache, instead use
the service command.
-- Joey Hess <id@joeyh.name> Wed, 17 Apr 2019 11:03:52 -0400
ikiwiki-hosting (0.20180719) upstream; urgency=medium
[ Joey Hess ]
* ikisite: Deleting per-domain letsencrypt cert when a wildcard cert
exists was too dangerous and buggy, including sometimes deleting the
letsencrypt wildcard cert. Removed that behavior; any per-domain cert
will be used in preference to the wildcard cert.
* Further fix to IkiWiki::Hosting for syslog name change.
(Fixes ikidns)
* ikidns: Fix typo in letsencrypt command.
[ Simon McVittie ]
* debian: Pass dpkg-buildflags CFLAGS to make
* debian: Override dh_missing to detect any files that are installed by
dh_auto_install but not packaged
-- Joey Hess <id@joeyh.name> Thu, 19 Jul 2018 10:03:48 -0400
ikiwiki-hosting (0.20180610) upstream; urgency=medium
[ Joey Hess ]
* Renamed IkiWiki::Hosting::syslog to IkiWiki::Hosting::logger to avoid
conflict with Sys::Syslog::syslog.
* Prevent ikisite letsencrypt from unncessarily reloading apache when
there is no configuration change. ikisite maintaincerts runs it once
per site, and the resulting many reloads of apache close together
tended to cause apache to fall over, due to bug #873115.
* ikiwiki-hosting.conf: Removed wildcard_ssl_cert, wildcard_ssl_key,
wildcard_ssl_chain, and in its place added wildcard_ssl_cert_dir.
* ikidns: Added letsencrypt command, which generates wildcard certificates
for the domains listed in ikiwiki-hosting.conf, using DNS verification.
This needs the python3-certbot-dns-rfc2136 package to be installed,
and ikidns to have already been used to configure the dns server.
* ikisite letsencrypt: Avoid getting a per-domain cert when a usable
wildcard cert exists.
* ikisite letsencrypt: When a per-domain cert was already obtained,
and a wildcard cert now exists, the per-domain cert will be deleted,
and the wildcard cert used.
[ Simon McVittie ]
* build: Use `set -e` to trap failure in shell loops
* build: Add a `dist` target to the Makefile
* Move d/changelog to ./CHANGELOG
* Separate upstream releases from Debian packaging
* debian/control: Don't use autopkgtest-pkg-perl. Since 0.20160811 the
autogenerated test list is not used.
* ikiwiki-hosting-web: Depend on real package apache2-suexec-pristine
in preference to virtual apache2-suexec
* ikiwiki-hosting-web: Add missing dependency on lsb-base
* debian/control: Declare compliance with Debian Policy 4.1.4
-- Simon McVittie <smcv@debian.org> Sun, 10 Jun 2018 18:47:55 +0100
ikiwiki-hosting (0.20170622) unstable; urgency=medium
[ Joey Hess ]
* remove, letsnotencrypt: Remove Lets Encrypt renewal file, to avoid
the cron job trying to renew deleted sites.
* Fix deletion of sites that use https over the web interface.
* HTTP Strict Transport Security (HSTS) is enabled for all
sites that have redirect_to_https set in their configuration.
Thanks, Antoine Beaupré.
* Improve ikisite backup to lock the wiki for a much shorter period of time.
* Remove .ikiwiki/sessions.db from the ikisite backup, as the file can be
rather large, and losing it only means users have to log back in sooner
than would otherwise be the case.
* ikisite-wrapper: Allow ikisite enable to be run via the wrapper.
The CGI uses this to update the site config of an already enabled site
when enabling eg redirect_to_https or adding a DNS alias.
[ Simon McVittie ]
* debian/copyright: Use preferred https URL for Format
* debian/control: Declare compliance with Debian Policy 4.0.0
* debian: Update to debhelper compat level 10
-- Simon McVittie <smcv@debian.org> Thu, 22 Jun 2017 10:08:31 +0100
ikiwiki-hosting (0.20161219) unstable; urgency=medium
[ Joey Hess ]
* Initial support for Lets Encrypt.
* The use_letsencrypt setting can be set for a site by running
ikisite letsencrypt domain, and it will attempt to get the certificate
for it using certbot.
* ikisite domains: Update certificate using certbot when set of domains
changes.
* Added ikisite maintaincerts to request/renew Lets Encrypt certs as needed,
and added it to the daily cron job.
* The files /etc/ikiwiki-hosting/config/$username/domain.{crt,key,chain}
are used, when they exist, in preference to the files
/etc/ikiwiki-hosting/config/$username/ssl.{key,crt}. This allows
a site with multiple domains to have different certificates
for them. The Lets Encrypt support uses this.
-- Simon McVittie <smcv@debian.org> Mon, 19 Dec 2016 20:34:25 +0000
ikiwiki-hosting (0.20160811) unstable; urgency=medium
* Explicitly remove current working directory from Perl's library
search path, mitigating CVE-2016-1238 (see #588017)
* Add a simple autopkgtest for creating and deleting a site
* Standards-Version: 3.9.8 (no changes required)
* debian/rules: enable compiler hardening
-- Simon McVittie <smcv@debian.org> Thu, 11 Aug 2016 10:47:22 +0100
ikiwiki-hosting (0.20160123) unstable; urgency=medium
* Fix the escaping of { in HostingAutomator by also escaping the },
fixing a regression that broke `ikisite create`
-- Simon McVittie <smcv@debian.org> Sat, 23 Jan 2016 18:36:45 +0000
ikiwiki-hosting (0.20160121) unstable; urgency=medium
[ Joey Hess ]
* Fix looping redirection when redirect_to_https is set.
Thanks, Antoine Beaupré.
* controlpanel: Display unfocused site buttons with low opacity, but still
display them. This is an accessability fix; the old hiding method broken
caret browsing and screenreaders.
[ Simon McVittie ]
* d/control: use https for Homepage
* d/control: use pkg-perl autopkgtest setup
* Fix "unescaped left brace in regex is deprecated" with Perl 5.22
* Normalize packaging through `wrap-and-sort -abst`
* Depend on libimage-magick-perl in preference to transitional
perlmagick package, similar to #789221 in ikiwiki
-- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 22:46:57 +0000
ikiwiki-hosting (0.20150614) unstable; urgency=medium
[ Joey Hess ]
* Debian maintainer changed to Simon McVittie.
* Added support for emailauth.
* Add libcgi-pm-perl to depends.
* When creating a new site using makesite plugin, the adminemail
is not set to the user's email address, since that would make
emailauth messages come from that email address, which
might not work due to eg, SPF.
* Add libcoy-perl to depends, for ikiwiki's haiku plugin.
[ Simon McVittie ]
* Ask recent ikiwiki to run in deterministic mode
* Set Vcs-Browser
* debian/source/format: set to 3.0 (native)
* Standards-Version: 3.9.6 (no changes)
-- Simon McVittie <smcv@debian.org> Sun, 14 Jun 2015 21:03:02 +0100
ikiwiki-hosting (0.20140613) unstable; urgency=medium
* Deal with savelog not supporting a count < 2.
-- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2014 12:03:31 -0400
ikiwiki-hosting (0.20140419) unstable; urgency=medium
* When branching a site, do not copy over the database
files including the session database and the list of email
subscriptions.
* Fix bug causing it to sometimes wrong username prefix if only one
domain is configured. (smcv)
* Fix failures when run in a directory others cannot read (such as a
protected /root). (anarcat, smcv)
* Several changes to SSL handling (smcv)
- Add per-site SSL and source configuration files,
apache-ssl.conf.tmpl and apache-source.conf.tmpl in addition
to the already used apache.conf.tmpl.
- ikiwikihosting ikiwiki plugin now has a redirect_to_https
setting, so users can choose whether their site should force users
to access it via https.
- Previously, when ssl was enabled, alias urls always redirected
to the http site. Now, this is only done when
redirect_to_https is set.
* Deal with apache 2.4 upgrade, including making sites-available files
with the .conf extension. Remains compatible with apache 2.2.
(smcv) Closes: #744789
* Improved method of disabling mod_userdir. (smcv)
-- Joey Hess <joeyh@debian.org> Sat, 19 Apr 2014 15:20:07 -0400
ikiwiki-hosting (0.20140227) unstable; urgency=medium
* Fix length @array perl bug.
-- Joey Hess <joeyh@debian.org> Thu, 27 Feb 2014 12:01:43 -0400
ikiwiki-hosting (0.20131025) unstable; urgency=high
* Exclude the site from showing up as a referrer in the analog report.
* Fix XSS in site creation interface. Thanks, Gopal Bisht.
CVE-2013-6047
-- Joey Hess <joeyh@debian.org> Fri, 25 Oct 2013 18:17:44 -0400
ikiwiki-hosting (0.20130926) unstable; urgency=low
* ikisite now contains its own /etc/ikiwiki/wikilist update subcommands,
avoiding the need for ikiwiki-update-wikilist to be made suid in
order to keep ikiwiki-mass-rebuild working.
* https can be enabled for a site by dropping a SSL key and
certificate into /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}
and running ikisite enable.
* Also, a wildcard SSL certificate can be configured to be used by
sites that do not have their own DNS.
-- Joey Hess <joeyh@debian.org> Mon, 26 Aug 2013 01:18:52 -0400
ikiwiki-hosting (0.20130504) unstable; urgency=low
* One word of the comment at the end of ssh keys is now preserved.
* ikisite logs: New command that can tail or dump the apache access.log.
Designed to be run remotely.
* iki-git-shell: Allow the remote user to specify a command of "logview"
or "logdump", to tail or dump the access.log.
* Site admins can now view analog reports, if allow_analog_reports is
set in ikiwiki-hosting.conf.
* ikisite-calendar is not run for sites that do no have archivebase
configured, allowing use of the calendar plugin without archive page
generation when desired.
-- Joey Hess <joeyh@debian.org> Sat, 04 May 2013 23:51:34 -0400
ikiwiki-hosting (0.20120527) unstable; urgency=low
* Add cron.d job to run ikiwiki aggregation every 5 minutes
for sites that need it. I thought I had merged this from
Branchable's tweaks earlier.
* Add welcome banner support after making a new site,
enabled by uncommenting the welcome_redir setting.
-- Joey Hess <joeyh@debian.org> Sun, 27 May 2012 17:23:40 -0400
ikiwiki-hosting (0.20120526) unstable; urgency=low
* makesite.tmpl: Typo fix.
* Conflict with the parallel package, which diverts away the
moreutils parallel and would break the RSS/Atom aggregation cron job.
-- Joey Hess <joeyh@debian.org> Sat, 26 May 2012 15:14:17 -0400
ikiwiki-hosting (0.20120425) unstable; urgency=low
* Add the ability to hardcode the site's IP address in ikiwiki-hosting.conf,
rather than looking at interfaces. Thanks, Antoine Beaupré.
* Enable gitweb blame feature.
* Add libgravatar-url-perl to depends.
* Move removal code for /etc/ikiwiki-hosting/keys/dns/ from
ikiwiki-hosting-web to ikiwiki-hosting-common, which creates it.
Closes: #670432
-- Joey Hess <joeyh@debian.org> Wed, 25 Apr 2012 12:22:12 -0400
ikiwiki-hosting (0.20120131) unstable; urgency=low
* Fix quoting issue in use of which to determine if package is installed.
Closes: #658063
-- Joey Hess <joeyh@debian.org> Tue, 31 Jan 2012 15:53:19 -0400
ikiwiki-hosting (0.20120125) unstable; urgency=low
* Add the adduser_basedir configuration file setting, which can be used
to create sites someplace other than /home. Thanks, Philip Hands.
* Don't use savelog -C, it spews an ls error message.
* ikisite checksetup: Bugfix, when plugins are added or removed and there
are no other changes, the site was not updated.
* Use invoke-rc.d. Closes: #657336
-- Joey Hess <joeyh@debian.org> Wed, 25 Jan 2012 15:00:37 -0400
ikiwiki-hosting (0.20111005) unstable; urgency=low
* ikisite-wrapper: Allow getsetup subcommand to access the branchable
and adminuser values, which are needed when branching.
-- Joey Hess <joeyh@debian.org> Wed, 05 Oct 2011 13:32:12 -0400
ikiwiki-hosting (0.20110926) unstable; urgency=low
* Further hardening: Use setsid when running code as a site user.
* Add libtext-multimarkdown-perl to depends, needed for multimarkdown
support (see #630705).
* Fix disablesshkey.
-- Joey Hess <joeyh@debian.org> Mon, 26 Sep 2011 14:01:06 -0400
ikiwiki-hosting (0.20110608) unstable; urgency=low
* Set timezone to GMT in auto setup files, to avoid random system timezimes
from leaking out to existing sites when changesetup or upgrade is run.
* gitpush: Push non-master branches too.
* Configure git-daemon to know about external domain names of sites.
* missingsite: Stop providing an index.cgi, just use apache.conf.tmpl
for the missingsite to DirectoryIndex index.html ikiwiki.cgi
* More portable environment clearing.
* ikisite analog: Output to stdout, not stderr.
* ikisite logview: Tails logs.
-- Joey Hess <joeyh@debian.org> Wed, 08 Jun 2011 10:29:25 -0400
ikiwiki-hosting (0.20110515) unstable; urgency=low
* Improve security robustness, blocking escalation from site users to
httpd user, by moving apache log directory out of users home directory
to /var/log/ikiwiki-hosting/, and using suexec with cgi programs moved
to /var/www.
Thanks, Simon McVittie
* Lock down permissions of ikiwiki.setup, .git, .gitconfig, .gitignore,
public_html/, source/, apache/.
* Lock down source.git, unless branchability is enabled.
* The apache.conf.tmpl files are no longer read from the user's home
directory, but instead from /etc/ikiwiki-hosting/config/$username/.
* Note that previously created sites will continue using
the old locations and permissions. Using "ikisite upgrade"
to upgrade them is highly recommended.
* Added support for anonymous git push.
It will only work if the home directory of a site is on a
filesystem that supports POSIX ACLs, otherwise git-daemon
won't be able to write to the source.git directory.
* Anonymous git push enabled by default for new wikis,
not for blogs or existing sites.
* Support ipv6-only operation.
* Add gitpush plugin, which can be used to push changes to a site on
to other git repositories.
* Remove dns key directory on purge. Closes: #625817
* Don't run cron jobs once removed. Closes: #625815
-- Joey Hess <joeyh@debian.org> Sun, 15 May 2011 16:23:42 -0400
ikiwiki-hosting (0.20110424) unstable; urgency=low
* Remove unused dependency on libdigest-sha1-perl. Closes: #623957
-- Joey Hess <joeyh@debian.org> Sun, 24 Apr 2011 16:02:16 -0400
ikiwiki-hosting (0.20110420) unstable; urgency=low
* ikisite sudo: Use SHELL if set; /bin/sh as dash is a horrible interactive
shell.
* better handling of www special case when making a site
* ikiwiki-hosting-web-backup: Fix removal of morgued sites from primary
backup.
* ikisite checklock renamed to checksite, and can check that a requested
nonce has been created, to notice if site creation crashed part way
through.
* Include copy of entire AGPL in debian/copyright due to absurd policy
requirements that it not be in a separate file, despite all common
licenses being shipped in separate files in Debian.
-- Joey Hess <joeyh@debian.org> Wed, 20 Apr 2011 15:52:38 -0400
ikiwiki-hosting (0.20110401) unstable; urgency=low
* Initial release to Debian.
-- Joey Hess <joeyh@debian.org> Fri, 01 Apr 2011 20:41:11 -0400
|