ikiwiki-hosting (0.20161219) unstable; urgency=medium

  [ Joey Hess ]
  * Initial support for Lets Encrypt.
  * The use_letsencrypt setting can be set for a site by running
    ikisite letsencrypt domain, and it will attempt to get the certificate
    for it using certbot.
  * ikisite domains: Update certificate using certbot when set of domains
    changes.
  * Added ikisite maintaincerts to request/renew Lets Encrypt certs as needed,
    and added it to the daily cron job.
  * The files /etc/ikiwiki-hosting/config/$username/domain.{crt,key,chain}
    are used, when they exist, in preference to the files
    /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}. This allows
    a site with multiple domains to have different certificates
    for them. The Lets Encrypt support uses this.

 -- Simon McVittie <smcv@debian.org>  Mon, 19 Dec 2016 20:34:25 +0000

ikiwiki-hosting (0.20160811) unstable; urgency=medium

  * Explicitly remove current working directory from Perl's library
    search path, mitigating CVE-2016-1238 (see #588017)
  * Add a simple autopkgtest for creating and deleting a site
  * Standards-Version: 3.9.8 (no changes required)
  * debian/rules: enable compiler hardening

 -- Simon McVittie <smcv@debian.org>  Thu, 11 Aug 2016 10:47:22 +0100

ikiwiki-hosting (0.20160123) unstable; urgency=medium

  * Fix the escaping of { in HostingAutomator by also escaping the },
    fixing a regression that broke `ikisite create`

 -- Simon McVittie <smcv@debian.org>  Sat, 23 Jan 2016 18:36:45 +0000

ikiwiki-hosting (0.20160121) unstable; urgency=medium

  [ Joey Hess ]
  * Fix looping redirection when redirect_to_https is set.
    Thanks, Antoine Beaupré.
  * controlpanel: Display unfocused site buttons with low opacity, but still
    display them. This is an accessability fix; the old hiding method broken
    caret browsing and screenreaders.

  [ Simon McVittie ]
  * d/control: use https for Homepage
  * d/control: use pkg-perl autopkgtest setup
  * Fix "unescaped left brace in regex is deprecated" with Perl 5.22
  * Normalize packaging through `wrap-and-sort -abst`
  * Depend on libimage-magick-perl in preference to transitional
    perlmagick package, similar to #789221 in ikiwiki

 -- Simon McVittie <smcv@debian.org>  Thu, 21 Jan 2016 22:46:57 +0000

ikiwiki-hosting (0.20150614) unstable; urgency=medium

  [ Joey Hess ]
  * Debian maintainer changed to Simon McVittie.
  * Added support for emailauth.
  * Add libcgi-pm-perl to depends.
  * When creating a new site using makesite plugin, the adminemail
    is not set to the user's email address, since that would make
    emailauth messages come from that email address, which
    might not work due to eg, SPF.
  * Add libcoy-perl to depends, for ikiwiki's haiku plugin.

  [ Simon McVittie ]
  * Ask recent ikiwiki to run in deterministic mode
  * Set Vcs-Browser
  * debian/source/format: set to 3.0 (native)
  * Standards-Version: 3.9.6 (no changes)

 -- Simon McVittie <smcv@debian.org>  Sun, 14 Jun 2015 21:03:02 +0100

ikiwiki-hosting (0.20140613) unstable; urgency=medium

  * Deal with savelog not supporting a count < 2.

 -- Joey Hess <joeyh@debian.org>  Fri, 13 Jun 2014 12:03:31 -0400

ikiwiki-hosting (0.20140419) unstable; urgency=medium

  * When branching a site, do not copy over the database 
    files including the session database and the list of email
    subscriptions.
  * Fix bug causing it to sometimes wrong username prefix if only one
    domain is configured. (smcv)
  * Fix failures when run in a directory others cannot read (such as a
    protected /root). (anarcat, smcv)
  * Several changes to SSL handling (smcv)
    - Add per-site SSL and source configuration files,
      apache-ssl.conf.tmpl and apache-source.conf.tmpl in addition
      to the already used apache.conf.tmpl.
    - ikiwikihosting ikiwiki plugin now has a redirect_to_https
      setting, so users can choose whether their site should force users
      to access it via https.
    - Previously, when ssl was enabled, alias urls always redirected
      to the http site. Now, this is only done when 
      redirect_to_https is set.
  * Deal with apache 2.4 upgrade, including making sites-available files
    with the .conf extension. Remains compatible with apache 2.2.
    (smcv) Closes: #744789
  * Improved method of disabling mod_userdir. (smcv)

 -- Joey Hess <joeyh@debian.org>  Sat, 19 Apr 2014 15:20:07 -0400

ikiwiki-hosting (0.20140227) unstable; urgency=medium

  * Fix length @array perl bug.

 -- Joey Hess <joeyh@debian.org>  Thu, 27 Feb 2014 12:01:43 -0400

ikiwiki-hosting (0.20131025) unstable; urgency=high

  * Exclude the site from showing up as a referrer in the analog report.
  * Fix XSS in site creation interface. Thanks, Gopal Bisht.
    CVE-2013-6047

 -- Joey Hess <joeyh@debian.org>  Fri, 25 Oct 2013 18:17:44 -0400

ikiwiki-hosting (0.20130926) unstable; urgency=low

  * ikisite now contains its own /etc/ikiwiki/wikilist update subcommands,
    avoiding the need for ikiwiki-update-wikilist to be made suid in
    order to keep ikiwiki-mass-rebuild working.
  * https can be enabled for a site by dropping a SSL key and 
    certificate into /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}
    and running ikisite enable.
  * Also, a wildcard SSL certificate can be configured to be used by
    sites that do not have their own DNS.

 -- Joey Hess <joeyh@debian.org>  Mon, 26 Aug 2013 01:18:52 -0400

ikiwiki-hosting (0.20130504) unstable; urgency=low

  * One word of the comment at the end of ssh keys is now preserved.
  * ikisite logs: New command that can tail or dump the apache access.log.
    Designed to be run remotely.
  * iki-git-shell: Allow the remote user to specify a command of "logview"
    or "logdump", to tail or dump the access.log.
  * Site admins can now view analog reports, if allow_analog_reports is
    set in ikiwiki-hosting.conf.
  * ikisite-calendar is not run for sites that do no have archivebase
    configured, allowing use of the calendar plugin without archive page
    generation when desired.

 -- Joey Hess <joeyh@debian.org>  Sat, 04 May 2013 23:51:34 -0400

ikiwiki-hosting (0.20120527) unstable; urgency=low

  * Add cron.d job to run ikiwiki aggregation every 5 minutes 
    for sites that need it. I thought I had merged this from
    Branchable's tweaks earlier.
  * Add welcome banner support after making a new site,
    enabled by uncommenting the welcome_redir setting.

 -- Joey Hess <joeyh@debian.org>  Sun, 27 May 2012 17:23:40 -0400

ikiwiki-hosting (0.20120526) unstable; urgency=low

  * makesite.tmpl: Typo fix. 
  * Conflict with the parallel package, which diverts away the
    moreutils parallel and would break the RSS/Atom aggregation cron job.

 -- Joey Hess <joeyh@debian.org>  Sat, 26 May 2012 15:14:17 -0400

ikiwiki-hosting (0.20120425) unstable; urgency=low

  * Add the ability to hardcode the site's IP address in ikiwiki-hosting.conf,
    rather than looking at interfaces. Thanks, Antoine Beaupré.
  * Enable gitweb blame feature.
  * Add libgravatar-url-perl to depends.
  * Move removal code for /etc/ikiwiki-hosting/keys/dns/ from
    ikiwiki-hosting-web to ikiwiki-hosting-common, which creates it.
    Closes: #670432

 -- Joey Hess <joeyh@debian.org>  Wed, 25 Apr 2012 12:22:12 -0400

ikiwiki-hosting (0.20120131) unstable; urgency=low

  * Fix quoting issue in use of which to determine if package is installed.
    Closes: #658063

 -- Joey Hess <joeyh@debian.org>  Tue, 31 Jan 2012 15:53:19 -0400

ikiwiki-hosting (0.20120125) unstable; urgency=low

  * Add the adduser_basedir configuration file setting, which can be used
    to create sites someplace other than /home. Thanks, Philip Hands.
  * Don't use savelog -C, it spews an ls error message.
  * ikisite checksetup: Bugfix, when plugins are added or removed and there
    are no other changes, the site was not updated.
  * Use invoke-rc.d. Closes: #657336

 -- Joey Hess <joeyh@debian.org>  Wed, 25 Jan 2012 15:00:37 -0400

ikiwiki-hosting (0.20111005) unstable; urgency=low

  * ikisite-wrapper: Allow getsetup subcommand to access the branchable
    and adminuser values, which are needed when branching.

 -- Joey Hess <joeyh@debian.org>  Wed, 05 Oct 2011 13:32:12 -0400

ikiwiki-hosting (0.20110926) unstable; urgency=low

  * Further hardening: Use setsid when running code as a site user.
  * Add libtext-multimarkdown-perl to depends, needed for multimarkdown
    support (see #630705).
  * Fix disablesshkey.

 -- Joey Hess <joeyh@debian.org>  Mon, 26 Sep 2011 14:01:06 -0400

ikiwiki-hosting (0.20110608) unstable; urgency=low

  * Set timezone to GMT in auto setup files, to avoid random system timezimes
    from leaking out to existing sites when changesetup or upgrade is run.
  * gitpush: Push non-master branches too.
  * Configure git-daemon to know about external domain names of sites.
  * missingsite: Stop providing an index.cgi, just use apache.conf.tmpl
    for the missingsite to DirectoryIndex index.html ikiwiki.cgi
  * More portable environment clearing.
  * ikisite analog: Output to stdout, not stderr.
  * ikisite logview: Tails logs.

 -- Joey Hess <joeyh@debian.org>  Wed, 08 Jun 2011 10:29:25 -0400

ikiwiki-hosting (0.20110515) unstable; urgency=low

  * Improve security robustness, blocking escalation from site users to
    httpd user, by moving apache log directory out of users home directory
    to /var/log/ikiwiki-hosting/, and using suexec with cgi programs moved
    to /var/www.
    Thanks, Simon McVittie
  * Lock down permissions of ikiwiki.setup, .git, .gitconfig, .gitignore,
    public_html/, source/, apache/.
  * Lock down source.git, unless branchability is enabled.
  * The apache.conf.tmpl files are no longer read from the user's home
    directory, but instead from /etc/ikiwiki-hosting/config/$username/.
  * Note that previously created sites will continue using
    the old locations and permissions. Using "ikisite upgrade"
    to upgrade them is highly recommended.
  * Added support for anonymous git push.
    It will only work if the home directory of a site is on a
    filesystem that supports POSIX ACLs, otherwise git-daemon
    won't be able to write to the source.git directory.
  * Anonymous git push enabled by default for new wikis,
    not for blogs or existing sites.
  * Support ipv6-only operation.
  * Add gitpush plugin, which can be used to push changes to a site on
    to other git repositories.
  * Remove dns key directory on purge. Closes: #625817
  * Don't run cron jobs once removed. Closes: #625815

 -- Joey Hess <joeyh@debian.org>  Sun, 15 May 2011 16:23:42 -0400

ikiwiki-hosting (0.20110424) unstable; urgency=low

  * Remove unused dependency on libdigest-sha1-perl. Closes: #623957

 -- Joey Hess <joeyh@debian.org>  Sun, 24 Apr 2011 16:02:16 -0400

ikiwiki-hosting (0.20110420) unstable; urgency=low

  * ikisite sudo: Use SHELL if set; /bin/sh as dash is a horrible interactive
    shell.
  * better handling of www special case when making a site
  * ikiwiki-hosting-web-backup: Fix removal of morgued sites from primary 
    backup.
  * ikisite checklock renamed to checksite, and can check that a requested
    nonce has been created, to notice if site creation crashed part way
    through.
  * Include copy of entire AGPL in debian/copyright due to absurd policy
    requirements that it not be in a separate file, despite all common
    licenses being shipped in separate files in Debian.

 -- Joey Hess <joeyh@debian.org>  Wed, 20 Apr 2011 15:52:38 -0400

ikiwiki-hosting (0.20110401) unstable; urgency=low

  * Initial release to Debian.

 -- Joey Hess <joeyh@debian.org>  Fri, 01 Apr 2011 20:41:11 -0400
