File: changelog

package info (click to toggle)
ikiwiki-hosting 0.20220717-2
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 1,228 kB
sloc: perl: 5,497; sh: 186; ansic: 169; makefile: 59
file content (455 lines) | stat: -rw-r--r-- 19,123 bytes
ikiwiki-hosting (0.20220717-2) unstable; urgency=medium

  * d/control: Depend on bind9-dnsutils instead of transitional dnsutils
    (Closes: #1094946)
  * d/salsa-ci.yml: Use recommended recipe

 -- Simon McVittie <smcv@debian.org>  Tue, 11 Feb 2025 10:45:19 +0000

ikiwiki-hosting (0.20220717-1) unstable; urgency=medium

  [ Debian Janitor ]
  * d/upstream/metadata: Add
  * Remove version constraints unnecessary since Debian 10

  [ Philip Hands ]
  * Drop unnecessary dependency on lsb-base
  * d/p/accept-ec-keys-as-valid-in-addition-to-r.patch:
    Accept ECDSA keys as valid in addition to RSA keys.
    Certbot 2.x generates these by default.

  [ Simon McVittie ]
  * New upstream release
  * d/p/ikisite-backup-Create-the-bundle-as-the-site-s-user.patch:
    Drop patch that was applied upstream
  * d/upstream/metadata: Fill in more fields
  * d/p/ikisite-Explicitly-set-0755-permissions-on-website-user-s.patch:
    Add patch to fix autopkgtest failure with recent util-linux/shadow.
    Home directories are now created with 0700 permissions by default,
    breaking ikiwiki-hosting's assumption that the www-data and ikiwiki-anon
    users will be able to read the home directories of the users that own
    hosted websites.
  * d/ikiwiki-hosting-web.init, d/ikiwiki-hosting-web.service:
    Allow reading other users' repositories.
    Each website's git repository is owned by its own uid, and the
    git-daemon running as ikiwiki-anon needs to be able to read them all.
    (Closes: #1076751)
  * d/gbp.conf: Use debian/latest branch for packaging

 -- Simon McVittie <smcv@debian.org>  Sun, 18 Aug 2024 10:44:28 +0100

ikiwiki-hosting (0.20220716-2) unstable; urgency=medium

  * d/p/ikisite-backup-Create-the-bundle-as-the-site-s-user.patch:
    Add patch fixing `ikisite backup` with bookworm's git version
    (Closes: #1033692)
    - d/tests/create-delete: Add a regression test for `ikisite backup`,
      among other subcommands
  * d/p/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch:
    Mark patch as forwarded
  * d/control: Add missing dependency on rsync, detected by this version's
    additional test coverage

 -- Simon McVittie <smcv@debian.org>  Thu, 30 Mar 2023 10:56:12 +0100

ikiwiki-hosting (0.20220716-1) unstable; urgency=medium

  * New upstream release
  * d/p/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch:
    Drop patch, applied (slightly differently) upstream
  * d/tests/pkg-perl/smoke-files: The makesite test needs an extra file copied
  * Standards-Version: 4.6.2 (no changes required)

 -- Simon McVittie <smcv@debian.org>  Sun, 29 Jan 2023 20:00:40 +0000

ikiwiki-hosting (0.20220715-1) unstable; urgency=medium

  * New upstream release
  * Drop patches, included upstream
  * d/p/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch:
    Add patch to fix build-time tests
  * Use Testsuite: autopkgtest-pkg-perl.
    Recent versions of autodep8 will append our debian/tests/control to the
    one they generate, so we no longer need to replicate what autodep8 would
    have produced.
  * Add some Lintian overrides
  * Use recommended debhelper compat level 13
    - Add misc:Pre-Depends to all packages
    - Stop overriding dh_missing, the default is now --fail-missing
  * d/ikiwiki-hosting-web.service,
    d/p/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch:
    Use a native systemd unit for the git daemon.
    This avoids dispatching through a shell script during system boot.
  * d/tests/create-delete: Assert that the gitweb service is available

 -- Simon McVittie <smcv@debian.org>  Mon, 01 Aug 2022 10:16:10 +0100

ikiwiki-hosting (0.20180719-3) unstable; urgency=medium

  * d/control: Depend on gcc | clang | tcc, not on generic c-compiler.
    ikiwiki-hosting-web requires an implementation of the /usr/bin/cc
    alternative, and it would seem reasonable to assume that c-compiler
    should imply /usr/bin/cc, but bcc and pcc currently provide c-compiler
    while not implementing the /usr/bin/cc alternative.
    Workaround for #1014706 and #1014707. (Closes: #1004436)

 -- Simon McVittie <smcv@debian.org>  Sun, 10 Jul 2022 18:10:46 +0100

ikiwiki-hosting (0.20180719-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/changelog: Remove trailing whitespaces

  [ Simon McVittie ]
  * d/salsa-ci.yml: Request standard CI on salsa.debian.org
  * d/control: Depend on python3-docutils instead of python-docutils.
    This catches up with the corresponding change to ikiwiki's Suggests
    in version 3.20180105-1 (Closes: #945656)
  * d/control: Explicitly depend on python3, matching ikiwiki's Suggests
  * d/control: Declare compliance with Debian Policy 4.4.1
  * d/patches, d/ikiwiki-hosting-web.postinst:
    Add patches from upstream to avoid calling apache2ctl directly.
    This keeps Apache under systemd control when systemd is in use.

  [ Yaroslav Halchenko ]
  * Fix typo in init script: damon -> daemon

 -- Simon McVittie <smcv@debian.org>  Thu, 28 Nov 2019 20:31:18 +0000

ikiwiki-hosting (0.20180719-1) unstable; urgency=medium

  * Pass dpkg-buildflags CFLAGS to make
  * Override dh_missing correctly
  * New upstream release
  * d/control: Declare compliance with Debian Policy 4.1.5

 -- Simon McVittie <smcv@debian.org>  Sat, 21 Jul 2018 11:58:37 +0100

ikiwiki-hosting (0.20180610-1) unstable; urgency=medium

  * New upstream release
  * Package as a non-native package
    - d/watch: Look for new releases in upstream git
    - d/source/format: set to 3.0 (quilt)
    - d/copyright: Set Source to https://ikiwiki-hosting.branchable.com/
    - d/gbp.conf: Configure for a non-native package
    - d/control: Move packaging from upstream git to salsa.debian.org
  * d/control: Don't use autopkgtest-pkg-perl. Since 0.20160811 the
    autogenerated test list is not used.
  * d/control: Depend on real package apache2-suexec-pristine in preference
    to virtual apache2-suexec
  * d/control: ikiwiki-hosting-web: Add missing dependency on lsb-base
  * d/control: Declare compliance with Debian Policy 4.1.4
  * d/rules: Use dh_missing --fail-missing to prevent files being
    installed by `make install` but omitted from packages
  * d/compat: Use debhelper 11

 -- Simon McVittie <smcv@debian.org>  Sun, 10 Jun 2018 20:32:18 +0100

ikiwiki-hosting (0.20170622) unstable; urgency=medium

  [ Joey Hess ]
  * remove, letsnotencrypt: Remove Lets Encrypt renewal file, to avoid
    the cron job trying to renew deleted sites.
  * Fix deletion of sites that use https over the web interface.
  * HTTP Strict Transport Security (HSTS) is enabled for all
    sites that have redirect_to_https set in their configuration.
    Thanks, Antoine Beaupré.
  * Improve ikisite backup to lock the wiki for a much shorter period of time.
  * Remove .ikiwiki/sessions.db from the ikisite backup, as the file can be
    rather large, and losing it only means users have to log back in sooner
    than would otherwise be the case.
  * ikisite-wrapper: Allow ikisite enable to be run via the wrapper.
    The CGI uses this to update the site config of an already enabled site
    when enabling eg redirect_to_https or adding a DNS alias.

  [ Simon McVittie ]
  * debian/copyright: Use preferred https URL for Format
  * debian/control: Declare compliance with Debian Policy 4.0.0
  * debian: Update to debhelper compat level 10

 -- Simon McVittie <smcv@debian.org>  Thu, 22 Jun 2017 10:08:31 +0100

ikiwiki-hosting (0.20161219) unstable; urgency=medium

  [ Joey Hess ]
  * Initial support for Lets Encrypt.
  * The use_letsencrypt setting can be set for a site by running
    ikisite letsencrypt domain, and it will attempt to get the certificate
    for it using certbot.
  * ikisite domains: Update certificate using certbot when set of domains
    changes.
  * Added ikisite maintaincerts to request/renew Lets Encrypt certs as needed,
    and added it to the daily cron job.
  * The files /etc/ikiwiki-hosting/config/$username/domain.{crt,key,chain}
    are used, when they exist, in preference to the files
    /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}. This allows
    a site with multiple domains to have different certificates
    for them. The Lets Encrypt support uses this.

 -- Simon McVittie <smcv@debian.org>  Mon, 19 Dec 2016 20:34:25 +0000

ikiwiki-hosting (0.20160811) unstable; urgency=medium

  * Explicitly remove current working directory from Perl's library
    search path, mitigating CVE-2016-1238 (see #588017)
  * Add a simple autopkgtest for creating and deleting a site
  * Standards-Version: 3.9.8 (no changes required)
  * debian/rules: enable compiler hardening

 -- Simon McVittie <smcv@debian.org>  Thu, 11 Aug 2016 10:47:22 +0100

ikiwiki-hosting (0.20160123) unstable; urgency=medium

  * Fix the escaping of { in HostingAutomator by also escaping the },
    fixing a regression that broke `ikisite create`

 -- Simon McVittie <smcv@debian.org>  Sat, 23 Jan 2016 18:36:45 +0000

ikiwiki-hosting (0.20160121) unstable; urgency=medium

  [ Joey Hess ]
  * Fix looping redirection when redirect_to_https is set.
    Thanks, Antoine Beaupré.
  * controlpanel: Display unfocused site buttons with low opacity, but still
    display them. This is an accessability fix; the old hiding method broken
    caret browsing and screenreaders.

  [ Simon McVittie ]
  * d/control: use https for Homepage
  * d/control: use pkg-perl autopkgtest setup
  * Fix "unescaped left brace in regex is deprecated" with Perl 5.22
  * Normalize packaging through `wrap-and-sort -abst`
  * Depend on libimage-magick-perl in preference to transitional
    perlmagick package, similar to #789221 in ikiwiki

 -- Simon McVittie <smcv@debian.org>  Thu, 21 Jan 2016 22:46:57 +0000

ikiwiki-hosting (0.20150614) unstable; urgency=medium

  [ Joey Hess ]
  * Debian maintainer changed to Simon McVittie.
  * Added support for emailauth.
  * Add libcgi-pm-perl to depends.
  * When creating a new site using makesite plugin, the adminemail
    is not set to the user's email address, since that would make
    emailauth messages come from that email address, which
    might not work due to eg, SPF.
  * Add libcoy-perl to depends, for ikiwiki's haiku plugin.

  [ Simon McVittie ]
  * Ask recent ikiwiki to run in deterministic mode
  * Set Vcs-Browser
  * debian/source/format: set to 3.0 (native)
  * Standards-Version: 3.9.6 (no changes)

 -- Simon McVittie <smcv@debian.org>  Sun, 14 Jun 2015 21:03:02 +0100

ikiwiki-hosting (0.20140613) unstable; urgency=medium

  * Deal with savelog not supporting a count < 2.

 -- Joey Hess <joeyh@debian.org>  Fri, 13 Jun 2014 12:03:31 -0400

ikiwiki-hosting (0.20140419) unstable; urgency=medium

  * When branching a site, do not copy over the database
    files including the session database and the list of email
    subscriptions.
  * Fix bug causing it to sometimes wrong username prefix if only one
    domain is configured. (smcv)
  * Fix failures when run in a directory others cannot read (such as a
    protected /root). (anarcat, smcv)
  * Several changes to SSL handling (smcv)
    - Add per-site SSL and source configuration files,
      apache-ssl.conf.tmpl and apache-source.conf.tmpl in addition
      to the already used apache.conf.tmpl.
    - ikiwikihosting ikiwiki plugin now has a redirect_to_https
      setting, so users can choose whether their site should force users
      to access it via https.
    - Previously, when ssl was enabled, alias urls always redirected
      to the http site. Now, this is only done when
      redirect_to_https is set.
  * Deal with apache 2.4 upgrade, including making sites-available files
    with the .conf extension. Remains compatible with apache 2.2.
    (smcv) Closes: #744789
  * Improved method of disabling mod_userdir. (smcv)

 -- Joey Hess <joeyh@debian.org>  Sat, 19 Apr 2014 15:20:07 -0400

ikiwiki-hosting (0.20140227) unstable; urgency=medium

  * Fix length @array perl bug.

 -- Joey Hess <joeyh@debian.org>  Thu, 27 Feb 2014 12:01:43 -0400

ikiwiki-hosting (0.20131025) unstable; urgency=high

  * Exclude the site from showing up as a referrer in the analog report.
  * Fix XSS in site creation interface. Thanks, Gopal Bisht.
    CVE-2013-6047

 -- Joey Hess <joeyh@debian.org>  Fri, 25 Oct 2013 18:17:44 -0400

ikiwiki-hosting (0.20130926) unstable; urgency=low

  * ikisite now contains its own /etc/ikiwiki/wikilist update subcommands,
    avoiding the need for ikiwiki-update-wikilist to be made suid in
    order to keep ikiwiki-mass-rebuild working.
  * https can be enabled for a site by dropping a SSL key and
    certificate into /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}
    and running ikisite enable.
  * Also, a wildcard SSL certificate can be configured to be used by
    sites that do not have their own DNS.

 -- Joey Hess <joeyh@debian.org>  Mon, 26 Aug 2013 01:18:52 -0400

ikiwiki-hosting (0.20130504) unstable; urgency=low

  * One word of the comment at the end of ssh keys is now preserved.
  * ikisite logs: New command that can tail or dump the apache access.log.
    Designed to be run remotely.
  * iki-git-shell: Allow the remote user to specify a command of "logview"
    or "logdump", to tail or dump the access.log.
  * Site admins can now view analog reports, if allow_analog_reports is
    set in ikiwiki-hosting.conf.
  * ikisite-calendar is not run for sites that do no have archivebase
    configured, allowing use of the calendar plugin without archive page
    generation when desired.

 -- Joey Hess <joeyh@debian.org>  Sat, 04 May 2013 23:51:34 -0400

ikiwiki-hosting (0.20120527) unstable; urgency=low

  * Add cron.d job to run ikiwiki aggregation every 5 minutes
    for sites that need it. I thought I had merged this from
    Branchable's tweaks earlier.
  * Add welcome banner support after making a new site,
    enabled by uncommenting the welcome_redir setting.

 -- Joey Hess <joeyh@debian.org>  Sun, 27 May 2012 17:23:40 -0400

ikiwiki-hosting (0.20120526) unstable; urgency=low

  * makesite.tmpl: Typo fix.
  * Conflict with the parallel package, which diverts away the
    moreutils parallel and would break the RSS/Atom aggregation cron job.

 -- Joey Hess <joeyh@debian.org>  Sat, 26 May 2012 15:14:17 -0400

ikiwiki-hosting (0.20120425) unstable; urgency=low

  * Add the ability to hardcode the site's IP address in ikiwiki-hosting.conf,
    rather than looking at interfaces. Thanks, Antoine Beaupré.
  * Enable gitweb blame feature.
  * Add libgravatar-url-perl to depends.
  * Move removal code for /etc/ikiwiki-hosting/keys/dns/ from
    ikiwiki-hosting-web to ikiwiki-hosting-common, which creates it.
    Closes: #670432

 -- Joey Hess <joeyh@debian.org>  Wed, 25 Apr 2012 12:22:12 -0400

ikiwiki-hosting (0.20120131) unstable; urgency=low

  * Fix quoting issue in use of which to determine if package is installed.
    Closes: #658063

 -- Joey Hess <joeyh@debian.org>  Tue, 31 Jan 2012 15:53:19 -0400

ikiwiki-hosting (0.20120125) unstable; urgency=low

  * Add the adduser_basedir configuration file setting, which can be used
    to create sites someplace other than /home. Thanks, Philip Hands.
  * Don't use savelog -C, it spews an ls error message.
  * ikisite checksetup: Bugfix, when plugins are added or removed and there
    are no other changes, the site was not updated.
  * Use invoke-rc.d. Closes: #657336

 -- Joey Hess <joeyh@debian.org>  Wed, 25 Jan 2012 15:00:37 -0400

ikiwiki-hosting (0.20111005) unstable; urgency=low

  * ikisite-wrapper: Allow getsetup subcommand to access the branchable
    and adminuser values, which are needed when branching.

 -- Joey Hess <joeyh@debian.org>  Wed, 05 Oct 2011 13:32:12 -0400

ikiwiki-hosting (0.20110926) unstable; urgency=low

  * Further hardening: Use setsid when running code as a site user.
  * Add libtext-multimarkdown-perl to depends, needed for multimarkdown
    support (see #630705).
  * Fix disablesshkey.

 -- Joey Hess <joeyh@debian.org>  Mon, 26 Sep 2011 14:01:06 -0400

ikiwiki-hosting (0.20110608) unstable; urgency=low

  * Set timezone to GMT in auto setup files, to avoid random system timezimes
    from leaking out to existing sites when changesetup or upgrade is run.
  * gitpush: Push non-master branches too.
  * Configure git-daemon to know about external domain names of sites.
  * missingsite: Stop providing an index.cgi, just use apache.conf.tmpl
    for the missingsite to DirectoryIndex index.html ikiwiki.cgi
  * More portable environment clearing.
  * ikisite analog: Output to stdout, not stderr.
  * ikisite logview: Tails logs.

 -- Joey Hess <joeyh@debian.org>  Wed, 08 Jun 2011 10:29:25 -0400

ikiwiki-hosting (0.20110515) unstable; urgency=low

  * Improve security robustness, blocking escalation from site users to
    httpd user, by moving apache log directory out of users home directory
    to /var/log/ikiwiki-hosting/, and using suexec with cgi programs moved
    to /var/www.
    Thanks, Simon McVittie
  * Lock down permissions of ikiwiki.setup, .git, .gitconfig, .gitignore,
    public_html/, source/, apache/.
  * Lock down source.git, unless branchability is enabled.
  * The apache.conf.tmpl files are no longer read from the user's home
    directory, but instead from /etc/ikiwiki-hosting/config/$username/.
  * Note that previously created sites will continue using
    the old locations and permissions. Using "ikisite upgrade"
    to upgrade them is highly recommended.
  * Added support for anonymous git push.
    It will only work if the home directory of a site is on a
    filesystem that supports POSIX ACLs, otherwise git-daemon
    won't be able to write to the source.git directory.
  * Anonymous git push enabled by default for new wikis,
    not for blogs or existing sites.
  * Support ipv6-only operation.
  * Add gitpush plugin, which can be used to push changes to a site on
    to other git repositories.
  * Remove dns key directory on purge. Closes: #625817
  * Don't run cron jobs once removed. Closes: #625815

 -- Joey Hess <joeyh@debian.org>  Sun, 15 May 2011 16:23:42 -0400

ikiwiki-hosting (0.20110424) unstable; urgency=low

  * Remove unused dependency on libdigest-sha1-perl. Closes: #623957

 -- Joey Hess <joeyh@debian.org>  Sun, 24 Apr 2011 16:02:16 -0400

ikiwiki-hosting (0.20110420) unstable; urgency=low

  * ikisite sudo: Use SHELL if set; /bin/sh as dash is a horrible interactive
    shell.
  * better handling of www special case when making a site
  * ikiwiki-hosting-web-backup: Fix removal of morgued sites from primary
    backup.
  * ikisite checklock renamed to checksite, and can check that a requested
    nonce has been created, to notice if site creation crashed part way
    through.
  * Include copy of entire AGPL in debian/copyright due to absurd policy
    requirements that it not be in a separate file, despite all common
    licenses being shipped in separate files in Debian.

 -- Joey Hess <joeyh@debian.org>  Wed, 20 Apr 2011 15:52:38 -0400

ikiwiki-hosting (0.20110401) unstable; urgency=low

  * Initial release to Debian.

 -- Joey Hess <joeyh@debian.org>  Fri, 01 Apr 2011 20:41:11 -0400