Recent changes to this wiki:

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_9_28efdafb7393e9ba03c61fb73ecad6be._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_9_28efdafb7393e9ba03c61fb73ecad6be._comment
new file mode 100644
index 0000000..f0fd9e6
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_9_28efdafb7393e9ba03c61fb73ecad6be._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 9"
+ date="2017-02-21T22:02:44Z"
+ content="""
+From the above I think we maybe could 
+
+- write a .po plugin feature that if indexpages is enabled then it logs a warning and disables itself, and
+- write an ikiwiki feature that when indexpages is toggled then ikiwiki renames the source files accordingly...
+"""]]

+aka use page/index.mdwn source files
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index b7c1582..0a764b6 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -36,7 +36,7 @@ rendered as `bla/page/index.fr.html`, else as `bla/page.fr.html`
 (In)Compatibility
 =================
 
-This plugin does not support the `indexpages` mode. If you don't know
+This plugin does not support the `indexpages` mode (a.k.a. "use page/index.mdwn source files"). If you don't know
 what it is, you probably don't care.
 
 

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_8_b7cbce4cfea17c2bbd28f6f450deff9a._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_8_b7cbce4cfea17c2bbd28f6f450deff9a._comment
new file mode 100644
index 0000000..2faacf1
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_8_b7cbce4cfea17c2bbd28f6f450deff9a._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 8"
+ date="2017-02-21T18:21:19Z"
+ content="""
+> Is .po plugin able to work if the user chooses to use foo/index.mdwn ?
+
+Discussion on [[plugins/po/discussion]] in 2009, before the (then third party)
+po plugin was merged, says it is known not to work in that configuration.
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_7_9bac21d9ae3467ae2abb7aa2cfd9ec20._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_7_9bac21d9ae3467ae2abb7aa2cfd9ec20._comment
new file mode 100644
index 0000000..6e7ab94
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_7_9bac21d9ae3467ae2abb7aa2cfd9ec20._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 7"
+ date="2017-02-21T18:17:34Z"
+ content="""
+> Is .po plugin able to work if the user chooses to use foo/index.mdwn ?
+
+Your guess is as good as mine. That configuration is really unusual (I'm not quite
+sure why we even have it as an option), and the po plugin is also unusual (not
+many people go to the effort of translating their wikis), so it seems likely that
+you're the first person to try the two together.
+
+> Is ikiwiki able to move files back and forth when the user toggles the
+> 'use foo/index.mwdn' setting?
+
+Not that I know of. If it could, it would likely require you to run
+`ikiwiki-transition`, but that tool doesn't seem to have any modes that
+seem relevant.
+
+> In the case the user toggles this setting, does the .po plugin adapt to the
+> new value (both ways) and move its files around too?
+
+Almost certainly no.
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_6_33024f2e1cc6b7972bcb0527c1dae400._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_6_33024f2e1cc6b7972bcb0527c1dae400._comment
new file mode 100644
index 0000000..dbc292c
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_6_33024f2e1cc6b7972bcb0527c1dae400._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 6"
+ date="2017-02-21T03:56:18Z"
+ content="""
+I misread \"nobacklinks\" as \"no backlinks\". Turns out setting it to 0 after applying that patch fixes the problem. This whole discussion is now resolved in short term.
+
+In long term, there are a few remaining questions.
+
+- Is .po plugin able to work if the user chooses to use foo/index.mdwn ?
+- Is ikiwiki able to move files back and forth when the user toggles the 'use foo/index.mwdn' setting?
+- In the case the user toggles this setting, does the .po plugin adapt to the new value (both ways) and move its files around too?
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_5_2cbb00d925663f8fe3017a00596613d6._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_5_2cbb00d925663f8fe3017a00596613d6._comment
new file mode 100644
index 0000000..15820df
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_5_2cbb00d925663f8fe3017a00596613d6._comment
@@ -0,0 +1,40 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 5"
+ date="2017-02-21T03:47:34Z"
+ content="""
+Turns out always listing backlinks (if they exist) is intended behaviour. I followed \"[[todo/allow disabling backlinks]]\" todo page by editing ~/git.ikiwiki.info/IkiWiki/Render.pm 
+
+    diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
+    index e8ed627..6142846 100644
+    --- a/IkiWiki/Render.pm
+    +++ b/IkiWiki/Render.pm
+    @@ -1,4 +1,4 @@
+    -#!/usr/bin/perl
+    +#!/usr/local/bin/perl
+    
+     package IkiWiki;
+    
+    @@ -111,7 +111,8 @@ sub genpage ($$) {
+            }
+            templateactions($template, $page);
+    
+    -       my @backlinks=sort { $a->{page} cmp $b->{page} || $a->{url} cmp $b->{url} } backlinks($page);
+    +       my @backlinks=sort { $a->{page} cmp $b->{page} || $a->{url} cmp $b->{url} } backlinks($page)
+    +           unless defined $config{nobacklinks} && $config{nobacklinks} == 0;
+            my ($backlinks, $more_backlinks);
+            if (@backlinks <= $config{numbacklinks} || ! $config{numbacklinks}) {
+                    $backlinks=\@backlinks;
+    
+
+
+Here is line in config:
+
+    nobacklinks: 1
+
+
+
+and then \"perl Makefile.PL ;$MAKE;$MAKE install\" . But then running 'ikiwiki --rebuild --setup ~/wiki/ikiwiki.setup' makes no difference. Why ...
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_4_01ae20cdc4f105bd182049f5138a8dd2._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_4_01ae20cdc4f105bd182049f5138a8dd2._comment
new file mode 100644
index 0000000..d43c11e
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_4_01ae20cdc4f105bd182049f5138a8dd2._comment
@@ -0,0 +1,42 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 4"
+ date="2017-02-20T23:42:13Z"
+ content="""
+Fixed the .po marking pages as translatable -- 
+
+1. un-ticked \"use page/index.mdwn source files\"
+
+2. ran this script, committed, and pushed:
+
+```
+    
+    # Bash -- from http://mywiki.wooledge.org/BashFAQ/030
+    # Also requires GNU or BSD find(1)
+    # Recursively change all *.foo files to *.bar
+    
+    find . -type f -name 'index.mdwn' -print0 | while IFS= read -r -d '' f; do
+        mv -- \"$f\" \"${f%/index.mdwn}.mdwn\"
+    done
+ 
+    find . -type f -name 'index.ru.po' -print0 | while IFS= read -r -d '' f; do
+        mv -- \"$f\" \"${f%/index.ru.po}.ru.po\"
+    done
+    
+    find . -type f -name 'index.pot' -print0 | while IFS= read -r -d '' f; do
+        mv -- \"$f\" \"${f%/index.pot}.pot\"
+    done
+    
+    
+    mv ..mdwn index.mdwn
+    mv ..pot index.pot
+    mv ..ru.po index.ru.po
+```
+
+
+
+
+The problem with backlinks still stays so far.
+"""]]

Added a comment
diff --git a/doc/forum/Password_protect_whole_wiki/comment_3_39554aa379a9653dd1ccb8970d98f021._comment b/doc/forum/Password_protect_whole_wiki/comment_3_39554aa379a9653dd1ccb8970d98f021._comment
new file mode 100644
index 0000000..47422df
--- /dev/null
+++ b/doc/forum/Password_protect_whole_wiki/comment_3_39554aa379a9653dd1ccb8970d98f021._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="openmedi"
+ avatar="http://cdn.libravatar.org/avatar/563ffaff3b492c579bd8f094472e4506"
+ subject="comment 3"
+ date="2017-02-20T15:43:13Z"
+ content="""
+Thanks! I actually found an easy to follow guide that includes https via let encrypt [here](https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-16-04).
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_3_5de086a73f26966be07925d48b3aa523._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_3_5de086a73f26966be07925d48b3aa523._comment
new file mode 100644
index 0000000..1c5bb67
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_3_5de086a73f26966be07925d48b3aa523._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 3"
+ date="2017-02-19T21:59:25Z"
+ content="""
+I removed /home/public (the wiki build destination) and rebuilt it, re-enabled po plugin with \"* or */* or */*/* or */*/*/*\" in its pagespec settings, but it still only picks up root level pages. Subpages are not marked as translatable. This is a problem.
+
+The backlinks issue seems to not have resolved itself, either.
+
+Remarkably, removing sandbox.pot and sandbox.ru.po from ~/wiki made the sandbox page not translatable. It seems that the po plugin is looking for foo/bar.mdwn and foo/bar.pot and foo/bar.po.ru rather than foo/bar/index.mdwn, foo/bar/index.ru.po, foo/bar/index.pot and so on?
+
+I tried to disable \"use page/index.mdwn source files\" and rebuild the wiki, but now I have \"foo/bar/index/\" URIs and `[[foo/bar]]` is an unknown link marked with a question mark, so I'm going to fix it all up in the source files by hand and see if it helps...
+
+"""]]

removed
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment
deleted file mode 100644
index 012b97a..0000000
--- a/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment
+++ /dev/null
@@ -1,11 +0,0 @@
-[[!comment format=mdwn
- username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
- nickname="svetlana"
- avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
- subject="comment 3"
- date="2017-02-19T21:48:21Z"
- content="""
-I removed /home/public (the wiki build destination) and rebuilt it, re-enabled po plugin with \"`* or */* or */*/* or */*/*/*`\" in its pagespec settings, but it still only picks up root level pages. Subpages are not marked as translatable. This is a problem.
-
-The backlinks issue seems to have resolved itself after doing this.
-"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment
new file mode 100644
index 0000000..012b97a
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_3_8aa03c750f434f2a6dfbd34a22e23397._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 3"
+ date="2017-02-19T21:48:21Z"
+ content="""
+I removed /home/public (the wiki build destination) and rebuilt it, re-enabled po plugin with \"`* or */* or */*/* or */*/*/*`\" in its pagespec settings, but it still only picks up root level pages. Subpages are not marked as translatable. This is a problem.
+
+The backlinks issue seems to have resolved itself after doing this.
+"""]]

Update my (spalax) information
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index 49e3442..9f453f7 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -211,7 +211,7 @@ Personal sites and blogs
 * Kalle Söderman: [Seen Architecture](http://img.kalleswork.net), [Stockholm Project](http://stockholm.kalleswork.net) - Mainly -image galleries using the album and osm plugins with a customized html5 theme.
 * James Richardson's [wiki](https://jamestechnotes.com), [blog](https://jamesrichardson.name), and online [resume](https://resume.jamesrichardson.name).
 * [Amitai Schleier's site](https://schmonz.com/)
-* My ([[spalax]]) [professional website](http://paternault.fr)
+* [[spalax]]'s [professional website](http://paternault.fr)
 * [Aloodo Blog](http://blog.aloodo.org/)
 * Ninguém tem blog! - Restricted ikiwiki hosting
   * [Dissertos radicais](http://dissertosradicais.tem.blog.br)
diff --git a/doc/users/spalax.mdwn b/doc/users/spalax.mdwn
index a9a030c..2010fde 100644
--- a/doc/users/spalax.mdwn
+++ b/doc/users/spalax.mdwn
@@ -12,8 +12,8 @@ I wrote and maintain a few plugins, which are available here: [[https://atelier.
 
 I have a few things in mind. Their status is something between *I will implement it someday* to *maybe someone could need this* or *I will need it if I implement this killer website I have in mind*.
 
-* [[plugins/contrib/htaccessmanager]]: Create a cgi page to manage a htaccess file.
-
+* [[plugins/contrib/usermanager]]: Create a cgi page to manage users (add/remove users, give/remove administrative priviledge to users, change password, etc.
+* [[plugins/contrib/htaccess]]: Have an [[htacess|//httpd.apache.org/docs/current/howto/htaccess.html]] file to be automatically updated each time an user is added/deleted, or its password is changed).
 
 # Contact
 

Apology about the poor choice for the name of the sidebar2 plugin
diff --git a/doc/plugins/contrib/sidebar2/discussion.mdwn b/doc/plugins/contrib/sidebar2/discussion.mdwn
new file mode 100644
index 0000000..c3989e7
--- /dev/null
+++ b/doc/plugins/contrib/sidebar2/discussion.mdwn
@@ -0,0 +1,5 @@
+More than four years after having written and published this plugin, I kind of regret its name. It should have been called `manybars`, `multibars` or anything like that, but by calling it `sidebar2`, I hijacked the [[plugins/sidebar]] name, preventing the original author to update its own plugin.
+
+Anyway, it is too late to change the name back. I hope I did not offend anyone by doing so… Sorry about this.
+
+-- [[Louis|spalax]]

New plugin: verboserpc
diff --git a/doc/plugins/contrib/verboserpc.mdwn b/doc/plugins/contrib/verboserpc.mdwn
new file mode 100644
index 0000000..09446fe
--- /dev/null
+++ b/doc/plugins/contrib/verboserpc.mdwn
@@ -0,0 +1,83 @@
+[[!meta author="spalax"]]
+[[!template id=plugin name=verboserpc author="[[Louis|spalax]]"]]
+
+Debugging [external plugins](//ikiwiki.info/plugins/write/external/) is a pain, as soon as RPC is involved… This kind-of plugin tries to make it a little bit less painful.
+
+It acts as a proxy between Ikiwiki and the plugin (which, for the record, is an executable program communicating with Ikiwiki using [XML RPC](http://www.xmlrpc.com/) on standard input/output), and logs everithing on standard error.
+
+[[!toc]]
+
+# Example
+
+A sample output of a wiki compilation is shown below.
+
+    $ ikiwiki --setup wiki.setup --refresh --verbose
+    -> <?xml version="1.0" encoding="utf-8"?><methodCall><methodName>import</methodName><params></params></methodCall>
+    <- <?xml version='1.0'?>
+    <- <methodCall>
+    <- <methodName>hook</methodName>
+    <- <params>
+    <- <param>
+    <- <value><string>call</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>getsetup</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>type</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>getsetup</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>id</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>foo</string></value>
+    <- </param>
+    <- <param>
+    <- <value><string>last</string></value>
+    <- </param>
+    <- <param>
+    <- <value><boolean>0</boolean></value>
+    <- </param>
+    <- </params>
+    <- </methodCall>
+    -> <?xml version="1.0" encoding="utf-8"?><methodResponse><params><param><value><string>1</string></value></param></params></methodResponse>
+    <- <?xml version='1.0'?>
+    <- <methodResponse>
+    <- <params>
+    <- <param>
+    <- <value><struct>
+    <- <member>
+    <- <name>null</name>
+    <- <value><string></string></value>
+    <- </member>
+    <- </struct></value>
+    <- </param>
+    <- </params>
+    <- </methodResponse>
+    rebuilding wiki..
+    scanning index.mdwn
+    building index.mdwn
+    done
+
+# Enabling the plugin
+
+Let us say you want to debug a plugin `foo`, located somewhere in your [`libdir`](https://ikiwiki.info/plugins/install/).
+
+1. Do not not enable plugin `foo` in the ikiwiki setup file.
+2. Create a symbolic link named `foo.verboserpc` in one of your `libdir`, linking to the `verboserpc` plugin.
+3. In your setup file, enable plugin `foo.verboserpc`.
+
+That's it. When called, the `verboserpc` plugin will be called as `foo.verboserpc`, and will run program `foo`, while transmitting (to Ikiwiki and `foo`) and logging (to standard error) any input/output.
+
+# Does it work?
+
+Well… External plugins are still a pain to debug, even with this tool. If your plugin is written using python, and you are using the [`proxy`](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=plugins/proxy.py;h=b61eb466c8d47ef839fc24e5d0ba54be3a9b23fa;hb=HEAD), it might be useless, since this proxy already have an option to log RPC calls (by giving `debug_fn=sys.stderr.write` as an option to the constructor of [`IkiWikiProcedureProxy`](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=plugins/proxy.py;h=b61eb466c8d47ef839fc24e5d0ba54be3a9b23fa;hb=HEAD#l217)).
+
+I am not sure that this plugin is the solution to the problem of debugging external plugins. I am still publishing it here, hoping that someone might improve it into something useful…
+
+# Download and install
+
+Code and documentation can be found here : [[https://atelier.gresille.org/projects/gresille-ikiwiki/wiki/VerboseRPC]].

New plugin: pageversion
diff --git a/doc/forum/Questions_about_a_new_plugin/comment_5_1ea0be887d7490e0a9b4dc1c2fe886bd._comment b/doc/forum/Questions_about_a_new_plugin/comment_5_1ea0be887d7490e0a9b4dc1c2fe886bd._comment
new file mode 100644
index 0000000..afd0aa4
--- /dev/null
+++ b/doc/forum/Questions_about_a_new_plugin/comment_5_1ea0be887d7490e0a9b4dc1c2fe886bd._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="spalax"
+ subject="""Done!"""
+ date="2017-02-18T19:53:15Z"
+ content="""
+At last, I wrote this plugin. It was not on the top of my priority list, but I eventually did it.
+
+It is called [[plugins/contrib/pageversion]].
+
+Thank you very much for your advice: it is far better than what I had in mind before discussing it with you! :)
+"""]]
diff --git a/doc/plugins/contrib/pageversion.mdwn b/doc/plugins/contrib/pageversion.mdwn
new file mode 100644
index 0000000..9793801
--- /dev/null
+++ b/doc/plugins/contrib/pageversion.mdwn
@@ -0,0 +1,89 @@
+[[!meta author="spalax"]]
+[[!template id=plugin name=pageversion author="[[Louis|spalax]]"]]
+
+This plugin makes it possible to manage different versions of the same page, allowing to:
+
+- make older/newer versions available;
+- highlight the latest version.
+
+[[!toc]]
+
+# Rationale
+
+On my personal website/blog, I publish articles which I sometimes update. Sometimes, I add a few lines of text with a ``Updated on DATE.`` message; other times, I rewrite the whole article. In this latter case, I want:
+
+- the main version of the article to be the latest one;
+- oldest versions still to be available;
+- the main list of my articles to list only the latest version of each article.
+
+# Example
+
+For instance, on my personal website, article [one](//paternault.fr/pedago/sismologie/20150110/) has been updated to [two](//paternault.fr/pedago/sismologie/20150819/).
+
+- They both contain the directive `\[[!versionof parent]]`, marking them as a version of the [main article](//paternault.fr/pedago/sismologie) (which happens to be their parent page).
+- On the [old article](//paternault.fr/pedago/sismologie/20150819/), links to the other articles (only one here) are available.
+- On the [page listing my articles](//paternault.fr/pedago), only the latest article appears.
+- The [main page](//paternault.fr/pedago/sismologie) lists all versions of this article, and redirects to the latest one.
+
+# List of directives and pagespecs
+
+Pages are marked as versions as other pages using tags (subtags of `_pageversion/*`). Directive ``\[[!versionof]]`` simply add the appropriate tag to the current page (thus, one can ignore this directive, but it makes things easier).
+
+Pages can be marked as versions of another page (e.g. ``foo/version1`` and ``foo/version2`` are versions of page ``foo``), or versions of an arbitrary abstract page (called *label* later). There is no conflict between them (that is, pages marked as a version of page ``foo`` and as a version of label ``foo`` are not a version of the same page).
+
+## Directive `versionof`
+
+Marks current page as a version of another page. Its main forms are:
+
+- `\[[!versionof name=foo]]` Mark current page as a version of page ``foo`` (page ``foo`` is searched using the same [[linking rules|ikiwiki/SubPage/LinkingRules]] as a [[ikiwiki/WikiLink]]).
+- `\[[!versionof label=bar]]` Mark current page as a version of some abstract object labelled ``bar``.
+
+It may be convenient to refer to some particular page. Thus, those alternative forms are also available:
+
+- `\[[!versionof name]]` Mark current page as a version of itself.
+- `\[[!versionof parent]]` Mark current page as a version of its parent page.
+
+## Template `otherversions`
+
+To add a list to the other versions of a page (both older and newer), a template is provided. It is called with:
+
+    \[[!template id=otherversions version=VERSION template=INLINETEMPLATE]]
+
+Where:
+
+- *(Required)* Pages that are a version of `VERSION` are listed (for instance ``\[[!template id=otherversions version=name=foo]]``).
+- *(Optional)* Template `INLINETEMPLATE` is used (instead of the default `otherversionpage` template) in the [[ikiwiki/directive/inline]] directive listing the other pages.
+
+## Pagespec `versionof`
+
+A pagespec can match pages marked as a version of something using the pagespec `versionof`. It accepts the same arguments as the arguments as the ``versionof`` directive, that is:
+
+- `versionof(name=foo)`: Match pages which are a version of page ``foo``.
+- `versionof(name)`: Match pages which are a version of the current page.
+- `versionof(parent)`: Match pages which are a version of the parent page.
+- `versionof(label=bar)`: Match pages which are a version of some abstract object labelled ``bar``.
+
+Moreover, it takes one additional argument:
+
+- `versionof(any)`: Match pages which are a version of anything.
+
+## Pagespec `latestversion`
+
+An additional pagespec `latestversion` is provided. It accepts the same arguments as the `versionof` pagespec (that is:
+`latestversion(name=foo)`,
+`latestversion(name)`,
+`latestversion(parent)`,
+`latestversion(label=bar)`,
+`latestversion(any)`) but only the most recent page is matched.
+
+## Pagespec `latest_tagged`
+
+As a side effect, this plugin also provides the `latest_tagged(TAG)` pagespec. It matches one single page: the most recent page tagged with the given tag.
+
+## Directive `redirect`
+
+Directive ``\[[!redirect]]`` (from the [[redirect]] plugin) can be used together with this package. For instance, a page containing the directive ``\[[!redirect pages="versionof(page)"]]`` will redirect to the most recent page marked as a version of the current page.
+
+# Download and Install
+
+Code and documentation can be found here : [[https://atelier.gresille.org/projects/gresille-ikiwiki/wiki/PageVersion]].
diff --git a/doc/users/spalax.mdwn b/doc/users/spalax.mdwn
index d9e9c5f..a9a030c 100644
--- a/doc/users/spalax.mdwn
+++ b/doc/users/spalax.mdwn
@@ -13,7 +13,6 @@ I wrote and maintain a few plugins, which are available here: [[https://atelier.
 I have a few things in mind. Their status is something between *I will implement it someday* to *maybe someone could need this* or *I will need it if I implement this killer website I have in mind*.
 
 * [[plugins/contrib/htaccessmanager]]: Create a cgi page to manage a htaccess file.
-* [[forum/Questions_about_a_new_plugin]]
 
 
 # Contact

New plugin: redirect
diff --git a/doc/plugins/contrib/redirect.mdwn b/doc/plugins/contrib/redirect.mdwn
new file mode 100644
index 0000000..4bf315a
--- /dev/null
+++ b/doc/plugins/contrib/redirect.mdwn
@@ -0,0 +1,35 @@
+[[!meta author="spalax"]]
+[[!template id=plugin name=redirect author="[[Louis|spalax]]"]]
+
+This plugin provides a [[ikiwiki/directive/redirect]] [[ikiwiki/directive]].
+
+Using this, you can cause a page to redirect to another page (something similar to the ``redir`` option of the [[meta|http://ikiwiki.info/ikiwiki/directive/meta]] plugin.
+
+[[!toc]]
+
+# Directive
+
+It accepts options ``pages``, ``skip``, ``sort``, ``reverse``, which have the same meaning as they have in the [[inline|http://ikiwiki.info/ikiwiki/directive/inline/]] directive. It builds a list of pages using those arguments, and redirect the page to the first page of this list.
+
+It also renders a text *If you are not redirected automatically, follow \[[this link]].* This text can be customized by changing the template `redirect.tmpl`, which accepts a single variable ``TARGETPAGE``.
+
+# Example
+
+To have a page ``latest.html`` redirect to your latest blog post, have the following line into ``latest.mdwn``:
+
+    \[[!redirect pages="blog/* and !blog/*"]]
+
+# Setup
+
+This directive accepts no setup options.
+
+# Differences with the ``meta`` plugin
+
+* This directive is better than the ``redir`` option of the [[meta|http://ikiwiki.info/ikiwiki/directive/meta/]] plugin because it can redirect to (the first page of) a pagespec, meaning things like *"redirect to my latest blog post"*.
+* The ``redir`` option of the [[meta|http://ikiwiki.info/ikiwiki/directive/meta]] plugin is better than this directive because:
+  * it can redirect to an anchor ``\[[!meta redir="foo#bar"]]``;
+  * it can redirect to an external page ``\[[!meta redir="http://example.com"]]``.
+
+# Download and install
+
+Code and documentation can be found here : [[https://atelier.gresille.org/projects/gresille-ikiwiki/wiki/Redirect]].

diff --git a/doc/tips/laptop_wiki_with_git/discussion.mdwn b/doc/tips/laptop_wiki_with_git/discussion.mdwn
index b44285d..fd5409e 100644
--- a/doc/tips/laptop_wiki_with_git/discussion.mdwn
+++ b/doc/tips/laptop_wiki_with_git/discussion.mdwn
@@ -1,3 +1,8 @@
+I have tried `gitorigin_branch:` and it does not seem to work. I have to use `gitorigin_branch: ''` to literally set it to empty string to make it work.
+[[newton108]]
+
+----
+
 I have followed this idea along, and it seems to work pretty well. 
 Now I have a question as a git newbie. Can I have the post-commit hook on the server use something like rsync to update the files on a third machine hosting the web server?  The web server does not have git (cretins!). Of course I could just run a cron job.
 
@@ -11,6 +16,8 @@ Or, was this last remark about rebuilding after pulling meant to apply to rebuil
 > Of course you don't need a web server on the laptop. It is useful for
 > previewing pages before publishing them though. --[[Joey]]
 
+----
+
 I have followed this idea too, however after pushing to the server running gitk in the scrdir shows that the remotes/origin/master branch is newer than the master. Is this normal? Have I reset the master branch to remotes/origin/master then every time when someone pushed something (and run ikiwiki -setup afterwards?)
 [[Micheal]]
 

Added a comment
diff --git a/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_1_919425ab81ff72f1d8f1586519f19e69._comment b/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_1_919425ab81ff72f1d8f1586519f19e69._comment
new file mode 100644
index 0000000..a25d4dd
--- /dev/null
+++ b/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_1_919425ab81ff72f1d8f1586519f19e69._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40"
+ nickname="vegardv"
+ avatar="http://cdn.libravatar.org/avatar/b35da1da5c23c19063f73defc0431ab0"
+ subject="comment 1"
+ date="2017-02-10T08:33:41Z"
+ content="""
+I have discovered the same. I have a template which contains <TMPL_VAR basename>. This used to insert the basename of the current page, but at some point this expansion stopped working.
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_2_204710a432cec8b291827e54962b55a5._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_2_204710a432cec8b291827e54962b55a5._comment
new file mode 100644
index 0000000..3fce6a9
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_2_204710a432cec8b291827e54962b55a5._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9"
+ nickname="svetlana"
+ avatar="http://cdn.libravatar.org/avatar/5821f2dec97d186ce3b455b806d33035"
+ subject="comment 2"
+ date="2017-02-09T21:48:05Z"
+ content="""
+Yes, I expected <http://svetlana.nfshost.com/irc/freenode/index.en.html> to be translatable into Russian and not have backlinks.
+
+$ ikiwiki --rebuild --verbose --setup ~/wiki/ikiwiki.setup
+
+<http://svetlana.nfshost.com/rebuild.txt>
+"""]]

Added a comment
diff --git a/doc/forum/Inconsistency_in_pages_behaviour/comment_1_bf6aaa61970215a76b2a14ac268f942b._comment b/doc/forum/Inconsistency_in_pages_behaviour/comment_1_bf6aaa61970215a76b2a14ac268f942b._comment
new file mode 100644
index 0000000..d0e2997
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour/comment_1_bf6aaa61970215a76b2a14ac268f942b._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 1"
+ date="2017-02-09T12:13:02Z"
+ content="""
+Did you expect http://svetlana.nfshost.com/irc/freenode/index.en.html to be translatable into Russian and not have backlinks, for instance?
+
+This looks like you have changed configuration/templates and not (successfully!) done a full rebuild since then - but you said \"I think rebuilding the wiki is not affecting this problem\" so presumably you have *tried* to rebuild the wiki, it just didn't work (or didn't completely work). What exact command did you use, and what was its output?
+"""]]

diff --git a/doc/forum/Inconsistency_in_pages_behaviour.mdwn b/doc/forum/Inconsistency_in_pages_behaviour.mdwn
new file mode 100644
index 0000000..cfba777
--- /dev/null
+++ b/doc/forum/Inconsistency_in_pages_behaviour.mdwn
@@ -0,0 +1 @@
+At <http://svetlana.nfshost.com/index.en.html> some pages are not marked as translatable though I used '*' as po plugin pagespec. Also I edited page.tmpl and commented out the backlinks section, but it still shows on some pages. These two defects are probably related. Please advise how to troubleshoot. I think rebuilding the wiki is not affecting this problem. --[[users/svetlana]] 22:21:46 AEDT February 9, 2017

+update broken uris
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index 034da64..49e3442 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -109,7 +109,7 @@ Projects & Organizations
 * [[voice in time|http://voice-in-time.com]] a voice recording studio located in Hamburg, Germany (rather complex build using ikiwiki only, providing CGI access for the customer)
 * [[nb instrument|http://nb-instrument.com]] a workshop for beautifully handcrafted musical instruments, located in Hamburg, Germany (also one of our rather complex builds using ikiwiki only, providing CGI access for the customer)
 * [[coido architects|http://coido.de]] architectural company, located in Hamburg, Germany and Rotterdam, Netherlands (also rather complex build adding masonry and gallery scripts and some pjaxing to the picture, providing CGI access for the customer)
-* [[guppy|http://guppy.branchable.com]] an internationalized modular Python IRC bot
+* [[guppy|http://guppy.branchable.com/index.en.html]] an internationalized modular Python IRC bot
 
 Personal sites and blogs
 ========================
@@ -222,4 +222,4 @@ Personal sites and blogs
 * [Sean Whitton's personal website](http://spwhitton.name/)
 * [Matto's personal website](https://box.matto.nl)
 * [Rob Sayers' personal website](http://www.robsayers.com)
-* [Svetlana Tkachenko's personal website](http://svetlana.nfshost.com) - personal site, no blog
+* [Svetlana Tkachenko's personal website](http://svetlana.nfshost.com/index.en.html) - personal site, no blog

diff --git a/doc/users/svetlana.mdwn b/doc/users/svetlana.mdwn
new file mode 100644
index 0000000..6fca6dc
--- /dev/null
+++ b/doc/users/svetlana.mdwn
@@ -0,0 +1,7 @@
+I speak English and Russian. I use ikiwiki at [my personal site](http://svetlana.nfshost.com).
+
+I also help a few software projects localize their documentation -- [vy](http://vy.branchable.com) and [guppy](http://guppy.branchable.com).
+
+I enjoy ikiwiki.
+
+I am testing the po and osm plugins.

Confuses a map
diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index ffd511a..9f99880 100644
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -749,3 +749,13 @@ Hello, I am not sure whether it's the right way to add a comment here, but I dow
 > an interactive Perl session) and see whether there are useful error messages. --[[smcv]]
 
 > > I had to set ikiwiki's INSTALL_BASE to ~/perl5, and install local::lib, to get the wiki to see Locale::Po4a::Po. What was helpful is `ikiwiki --setup wiki/ikiwiki.setup --wrappers` as it outputs the useful error message straight away if it can't find something in @INC. It is finally working now. --[[users/svetlana]]
+
+# Confuses a map
+
+The `\[[!map  pages="*"]]` directive works in confused ways when po plugin is enabled. It lists items like this:
+
+- [foo](foo/index.en.html)
+  - [index.ru](foo/index.ru)
+  - [index.ja](foo/index.ja)
+
+I'm not sure what to do with it, I would like to be able to list pages only in one language. --[[users/svetlana]] 10:10AM February 8, 2017

diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index 35d755e..ffd511a 100644
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -747,3 +747,5 @@ Hello, I am not sure whether it's the right way to add a comment here, but I dow
 > It should be in a section headed "format plugin: po". If that doesn't appear, try
 > `perl -MIkiWiki::Plugin::po -e ''` (or equivalently, `use IkiWiki::Plugin::po;` in
 > an interactive Perl session) and see whether there are useful error messages. --[[smcv]]
+
+> > I had to set ikiwiki's INSTALL_BASE to ~/perl5, and install local::lib, to get the wiki to see Locale::Po4a::Po. What was helpful is `ikiwiki --setup wiki/ikiwiki.setup --wrappers` as it outputs the useful error message straight away if it can't find something in @INC. It is finally working now. --[[users/svetlana]]

removed
diff --git a/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn b/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn
deleted file mode 100644
index 5fb748e..0000000
--- a/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn
+++ /dev/null
@@ -1,47 +0,0 @@
-I am trying to follow <https://ikiwiki.info/tips/nearlyfreespeech/>. It installs IkiWiki into ~/lib/perl5. 
-
-
-I have this in ~/.profile:
-
-    [svetlana /home/private]$ cat ~/.profile
-    PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/home/private//bin
-    #eval `perl -I ~/perl5/lib/perl5 -Mlocal::lib`
-    echo $PERL5LIB
-    eval `perl -I ~/lib/perl5:~/perl5/lib/perl5 -Mlocal::lib`
-    echo $PERL5LIB
-    export MANPATH=$HOME/perl5/man:$MANPATH
-    #export PERL5LIB=$HOME/ikiwiki:$HOME/ikiwiki/cpan:$HOME/lib/perl5:$HOME/perl5/lib/perl5
-    [svetlana /home/private]$
-
-The wiki works. How it sets the environment so that things 'see' it in ~/lib/perl5, I have no idea.
-
-I installed cpanm. Turns out it installs itself to ~/perl5/lib/perl5.
-
-I installed local::lib. Turns out it sets PERL5LIB to ~/perl5/lib/perl5.
-
-I didn't see po4a in cpan and was too lazy to add it there, though it's probably two clicks away.
-
-I downloaded po4a from debian package page as a tarball and build it. Turns out it installs itself into ~/perl5/lib/perl5.
-
-I added 'po' to the list of plugins in wiki config, and refreshed it.
-
-
-Webserver says 
-
-AH01215: Failed to load plugin IkiWiki::Plugin::po: Can't locate Locale/Po4a/Chooser.pm in @INC (you may need to install the Locale::Po4a::Chooser module) (@INC contains: /home/private//lib/perl5/amd64-freebsd-thread-multi /home/private//lib/perl5 /usr/local/lib/perl5/site_perl/mach/5.22 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.22/mach /usr/local/lib/perl5/5.22) at /home/private//lib/perl5/IkiWiki/Plugin/po.pm line 19.: /fs6d/svetlana/public/ikiwiki.cgi
-
-Everything gives error 500.
-
-Removing 'po' from 'add_plugins' section and refreshing the wiki gets rid of the problem. But I would really like po plugin to work.
-
-I tried building po4a again. Now it complains about missing dependencies, SGMLS and Unicode::GCString. cpanm doesn't find SGMLS, and there is some error installing Unicode::GCString from cpanm. At this point, I don't care what that error is.
-
-I just know I'm doing something wrong and need someone to tell me what.
-
-In the first place I'd prefer everything went to the location local::lib likes.
-
-There is no reason to keep everything in ~/perl5/lib/perl5, while keeping IkiWiki in ~/lib/perl5.
-
-I'd like to fix that first.
-
-Please advise. Thank you very much.

diff --git a/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn b/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn
new file mode 100644
index 0000000..5fb748e
--- /dev/null
+++ b/doc/forum/installing_ikiwiki__44___local::lib__44___and_po4a_on_nearlyfreespeech.mdwn
@@ -0,0 +1,47 @@
+I am trying to follow <https://ikiwiki.info/tips/nearlyfreespeech/>. It installs IkiWiki into ~/lib/perl5. 
+
+
+I have this in ~/.profile:
+
+    [svetlana /home/private]$ cat ~/.profile
+    PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/home/private//bin
+    #eval `perl -I ~/perl5/lib/perl5 -Mlocal::lib`
+    echo $PERL5LIB
+    eval `perl -I ~/lib/perl5:~/perl5/lib/perl5 -Mlocal::lib`
+    echo $PERL5LIB
+    export MANPATH=$HOME/perl5/man:$MANPATH
+    #export PERL5LIB=$HOME/ikiwiki:$HOME/ikiwiki/cpan:$HOME/lib/perl5:$HOME/perl5/lib/perl5
+    [svetlana /home/private]$
+
+The wiki works. How it sets the environment so that things 'see' it in ~/lib/perl5, I have no idea.
+
+I installed cpanm. Turns out it installs itself to ~/perl5/lib/perl5.
+
+I installed local::lib. Turns out it sets PERL5LIB to ~/perl5/lib/perl5.
+
+I didn't see po4a in cpan and was too lazy to add it there, though it's probably two clicks away.
+
+I downloaded po4a from debian package page as a tarball and build it. Turns out it installs itself into ~/perl5/lib/perl5.
+
+I added 'po' to the list of plugins in wiki config, and refreshed it.
+
+
+Webserver says 
+
+AH01215: Failed to load plugin IkiWiki::Plugin::po: Can't locate Locale/Po4a/Chooser.pm in @INC (you may need to install the Locale::Po4a::Chooser module) (@INC contains: /home/private//lib/perl5/amd64-freebsd-thread-multi /home/private//lib/perl5 /usr/local/lib/perl5/site_perl/mach/5.22 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.22/mach /usr/local/lib/perl5/5.22) at /home/private//lib/perl5/IkiWiki/Plugin/po.pm line 19.: /fs6d/svetlana/public/ikiwiki.cgi
+
+Everything gives error 500.
+
+Removing 'po' from 'add_plugins' section and refreshing the wiki gets rid of the problem. But I would really like po plugin to work.
+
+I tried building po4a again. Now it complains about missing dependencies, SGMLS and Unicode::GCString. cpanm doesn't find SGMLS, and there is some error installing Unicode::GCString from cpanm. At this point, I don't care what that error is.
+
+I just know I'm doing something wrong and need someone to tell me what.
+
+In the first place I'd prefer everything went to the location local::lib likes.
+
+There is no reason to keep everything in ~/perl5/lib/perl5, while keeping IkiWiki in ~/lib/perl5.
+
+I'd like to fix that first.
+
+Please advise. Thank you very much.

change `pwd` to $HOME so assumptions are met even if you cd elsewhere
diff --git a/doc/tips/nearlyfreespeech.mdwn b/doc/tips/nearlyfreespeech.mdwn
index f9da223..2a78b66 100644
--- a/doc/tips/nearlyfreespeech.mdwn
+++ b/doc/tips/nearlyfreespeech.mdwn
@@ -52,9 +52,9 @@ because the system has most modules installed already.
 So, you might want to skip this step and come back to it later if ikiwiki
 doesn't work.
 
-	PERL5LIB=`pwd`/ikiwiki:`pwd`/ikiwiki/cpan:`pwd`/lib/perl5 PERL_MM_USE_DEFAULT=1 perl -MCPAN -e 'CPAN::Shell->install("Bundle::IkiWiki")'
+	PERL5LIB=$HOME/ikiwiki:$HOME/ikiwiki/cpan:$HOME/lib/perl5 PERL_MM_USE_DEFAULT=1 perl -MCPAN -e 'CPAN::Shell->install("Bundle::IkiWiki")'
 	
-	PERL5LIB=`pwd`/ikiwiki:`pwd`/ikiwiki/cpan:`pwd`/lib/perl5 PERL_MM_USE_DEFAULT=1 perl -MCPAN -e 'CPAN::Shell->force(install => "Bundle::IkiWiki::Extras")'
+	PERL5LIB=$HOME/ikiwiki:$HOME/ikiwiki/cpan:$HOME/lib/perl5 PERL_MM_USE_DEFAULT=1 perl -MCPAN -e 'CPAN::Shell->force(install => "Bundle::IkiWiki::Extras")'
 
 This will take a while. As long as the first command succeeds, ikiwiki will be
 usable. The second command adds extra modules that some plugins use, so it's

No longer using ikiwiki
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index 86a6972..034da64 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -123,7 +123,6 @@ Personal sites and blogs
 * [Roland Mas's blog](http://roland.entierement.nu/categories/geek-en.html)
 * [Sergio Talens-Oliag's personal wiki](http://mixinet.net/~sto/) and [blog](http://mixinet.net/~sto/blog)
 * [Christian Aichinger's homepage](http://greek0.net/)
-* Ben A'Lee's [homepage](http://benjaminalee.co.uk/).
 * [Adam  Shand's homepage](http://adam.shand.net/iki/)
 * [Hess family wiki](http://kitenet.net/~family/)
 * [Zack](http://upsilon.cc/~zack)'s homepage, including [his weblog](http://upsilon.cc/~zack/blog/)

diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index 59795d7..35d755e 100644
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -743,3 +743,7 @@ Besides: When using the map instead of the inline directive, regarding l10n all
 # Does not show up in the setup
 
 Hello, I am not sure whether it's the right way to add a comment here, but I downloaded po4a from Debian repository and built it. Typing 'use Locale::Po4a::Po;' into a 'perl' session doesn't interrupt it -- I believe it is installed already. Yet in websetup there is no 'use po?' section. I am at a loss what to do. I am using nearlyfreespeech for hosting. --[[users/svetlana]]
+
+> It should be in a section headed "format plugin: po". If that doesn't appear, try
+> `perl -MIkiWiki::Plugin::po -e ''` (or equivalently, `use IkiWiki::Plugin::po;` in
+> an interactive Perl session) and see whether there are useful error messages. --[[smcv]]

Does not show up in the setup
diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index b282581..59795d7 100644
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -739,3 +739,7 @@ Could this be related to the templates used by inline not being localized?
 Any hints wether I am currently running into some dead end with ikiwiki regarding template l10n here would be greatly appreciated.
 
 Besides: When using the map instead of the inline directive, regarding l10n all is working like it should, pitty is that for the kind of deployment I am heading for I will also need pages to be included with a custom template. --[[Boris]]
+
+# Does not show up in the setup
+
+Hello, I am not sure whether it's the right way to add a comment here, but I downloaded po4a from Debian repository and built it. Typing 'use Locale::Po4a::Po;' into a 'perl' session doesn't interrupt it -- I believe it is installed already. Yet in websetup there is no 'use po?' section. I am at a loss what to do. I am using nearlyfreespeech for hosting. --[[users/svetlana]]

* [[guppy|http://guppy.branchable.com]] an internationalized modular Python IRC bot
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index b221cdc..86a6972 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -109,6 +109,7 @@ Projects & Organizations
 * [[voice in time|http://voice-in-time.com]] a voice recording studio located in Hamburg, Germany (rather complex build using ikiwiki only, providing CGI access for the customer)
 * [[nb instrument|http://nb-instrument.com]] a workshop for beautifully handcrafted musical instruments, located in Hamburg, Germany (also one of our rather complex builds using ikiwiki only, providing CGI access for the customer)
 * [[coido architects|http://coido.de]] architectural company, located in Hamburg, Germany and Rotterdam, Netherlands (also rather complex build adding masonry and gallery scripts and some pjaxing to the picture, providing CGI access for the customer)
+* [[guppy|http://guppy.branchable.com]] an internationalized modular Python IRC bot
 
 Personal sites and blogs
 ========================

Added a comment
diff --git a/doc/forum/Password_protect_whole_wiki/comment_2_6413b431654afaf76d278946b13f2270._comment b/doc/forum/Password_protect_whole_wiki/comment_2_6413b431654afaf76d278946b13f2270._comment
new file mode 100644
index 0000000..85b00c3
--- /dev/null
+++ b/doc/forum/Password_protect_whole_wiki/comment_2_6413b431654afaf76d278946b13f2270._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 2"
+ date="2017-01-18T21:46:14Z"
+ content="""
+Sorry, wrong Apache page. [The right one](https://httpd.apache.org/docs/2.4/howto/auth.html)
+"""]]

Added a comment: Do that through your web server, not ikiwiki
diff --git a/doc/forum/Password_protect_whole_wiki/comment_1_5d363401f953ee7a45c50f3275eb9151._comment b/doc/forum/Password_protect_whole_wiki/comment_1_5d363401f953ee7a45c50f3275eb9151._comment
new file mode 100644
index 0000000..a4ec4fa
--- /dev/null
+++ b/doc/forum/Password_protect_whole_wiki/comment_1_5d363401f953ee7a45c50f3275eb9151._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="Do that through your web server, not ikiwiki"
+ date="2017-01-18T21:45:30Z"
+ content="""
+ikiwiki is a wiki compiler (or a static site generator if you prefer): when it
+builds your wiki, the result is static HTML. When a visitor views a page,
+no ikiwiki code is running.
+
+If you want viewing to be restricted, you need to configure your web server
+(Apache or lighttpd or nginx or similar) to restrict it. For example, if
+your web server is Apache,
+[this page on Apache access control](https://httpd.apache.org/docs/2.4/howto/access.html)
+might help.
+"""]]

diff --git a/doc/forum/Password_protect_whole_wiki.mdwn b/doc/forum/Password_protect_whole_wiki.mdwn
new file mode 100644
index 0000000..43befd7
--- /dev/null
+++ b/doc/forum/Password_protect_whole_wiki.mdwn
@@ -0,0 +1 @@
+Is it somehow possible to password protect the whole wiki from _viewing_? And if so, how? I could only find that you can prevent editing, but not if you could prevent viewing the wiki itself.

Note another Debian 8 backport
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 299109a..e7770dd 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -564,8 +564,8 @@ which are both used in most ikiwiki installations.
 This bug was reported on 2016-12-17. A partially fixed version
 3.20161219 was released on 2016-12-19, but the solution used in that
 version was not effective with git versions older than 2.8.0.
-A more complete fix was released on 2016-12-29 in version 3.20161229.
-A backport to Debian 8 'jessie' is in progress.
+A more complete fix was released on 2016-12-29 in version 3.20161229,
+with fixes backported to Debian 8 in version 3.20141016.4.
 
 ([[!debcve CVE-2016-10026]] represents the original vulnerability.
 [[!debcve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability

Fix typo
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5c54031..299109a 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -598,7 +598,7 @@ in version 3.20141016.4.
 
 ## <span id="cve-2017-0356">Authentication bypass via repeated parameters</span>
 
-The ikiwiki maintainers discovered further flaws similar 2016-9646
+The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646
 in the passwordauth plugin's use of CGI::FormBuilder, with a more
 serious impact:
 

Release 3.20170111
diff --git a/debian/changelog b/debian/changelog
index 36a9701..14045a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-ikiwiki (3.20170111) UNRELEASED; urgency=medium
+ikiwiki (3.20170111) unstable; urgency=high
 
   * passwordauth: prevent authentication bypass via multiple name
     parameters (CVE-2017-0356, OVE-20170111-0001)
@@ -9,7 +9,7 @@ ikiwiki (3.20170111) UNRELEASED; urgency=medium
   * remove: make it clearer that repeated page parameter is OK here
   * t/passwordauth.t: new automated test for passwordauth
 
- -- Simon McVittie <smcv@debian.org>  Wed, 11 Jan 2017 18:12:05 +0000
+ -- Simon McVittie <smcv@debian.org>  Wed, 11 Jan 2017 18:16:53 +0000
 
 ikiwiki (3.20170110) unstable; urgency=medium
 
diff --git a/doc/news/version_3.20160905.mdwn b/doc/news/version_3.20160905.mdwn
deleted file mode 100644
index 9bd925b..0000000
--- a/doc/news/version_3.20160905.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-ikiwiki 3.20160905 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Joey Hess ]
-   * Fix installation when prefix includes a string metacharacter.
-     Thanks, Sam Hathaway.
- * [ Simon McVittie ]
-   * Use git log --no-renames to generate recentchanges, fixing the git
-     test-case with git 2.9 (Closes: #[835612](http://bugs.debian.org/835612))"""]]
\ No newline at end of file
diff --git a/doc/news/version_3.20170111.mdwn b/doc/news/version_3.20170111.mdwn
new file mode 100644
index 0000000..03b2ac2
--- /dev/null
+++ b/doc/news/version_3.20170111.mdwn
@@ -0,0 +1,10 @@
+ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * passwordauth: prevent authentication bypass via multiple name
+     parameters (CVE-2017-0356, OVE-20170111-0001)
+   * passwordauth: avoid userinfo forgery via repeated email parameter
+     (also in the scope of CVE-2017-0356)
+   * CGI, attachment, passwordauth: harden against repeated parameters
+     (not believed to have been a vulnerability)
+   * remove: make it clearer that repeated page parameter is OK here
+   * t/passwordauth.t: new automated test for passwordauth"""]]
\ No newline at end of file
diff --git a/ikiwiki.spec b/ikiwiki.spec
index ec08495..d9d0331 100644
--- a/ikiwiki.spec
+++ b/ikiwiki.spec
@@ -1,5 +1,5 @@
 Name:           ikiwiki
-Version: 3.20161229.1
+Version: 3.20170111
 Release:        1%{?dist}
 Summary:        A wiki compiler
 
diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot
index f515d7f..d7f16b6 100644
--- a/po/ikiwiki.pot
+++ b/po/ikiwiki.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-12-29 20:46+0000\n"
+"POT-Creation-Date: 2017-01-11 18:18+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,7 +28,7 @@ msgstr ""
 msgid "login failed, perhaps you need to turn on cookies?"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:239 ../IkiWiki/CGI.pm:394
+#: ../IkiWiki/CGI.pm:239 ../IkiWiki/CGI.pm:395
 msgid "Your login session has expired."
 msgstr ""
 
@@ -44,15 +44,15 @@ msgstr ""
 msgid "Admin"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:302
+#: ../IkiWiki/CGI.pm:303
 msgid "Preferences saved."
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:357
+#: ../IkiWiki/CGI.pm:358
 msgid "You are banned."
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:491 ../IkiWiki.pm:1653
+#: ../IkiWiki/CGI.pm:491 ../IkiWiki/CGI.pm:492 ../IkiWiki.pm:1653
 msgid "Error"
 msgstr ""
 
@@ -167,19 +167,19 @@ msgstr ""
 msgid "prohibited by allowed_attachments"
 msgstr ""
 
-#: ../IkiWiki/Plugin/attachment.pm:234
+#: ../IkiWiki/Plugin/attachment.pm:235
 msgid "bad attachment filename"
 msgstr ""
 
-#: ../IkiWiki/Plugin/attachment.pm:307
+#: ../IkiWiki/Plugin/attachment.pm:308
 msgid "attachment upload"
 msgstr ""
 
-#: ../IkiWiki/Plugin/attachment.pm:358
+#: ../IkiWiki/Plugin/attachment.pm:359
 msgid "this attachment is not yet saved"
 msgstr ""
 
-#: ../IkiWiki/Plugin/attachment.pm:376
+#: ../IkiWiki/Plugin/attachment.pm:377
 msgid "just uploaded"
 msgstr ""
 
@@ -376,7 +376,7 @@ msgstr ""
 msgid "Invalid email address."
 msgstr ""
 
-#: ../IkiWiki/Plugin/emailauth.pm:98 ../IkiWiki/Plugin/passwordauth.pm:377
+#: ../IkiWiki/Plugin/emailauth.pm:98 ../IkiWiki/Plugin/passwordauth.pm:380
 msgid "Failed to send mail"
 msgstr ""
 
@@ -418,25 +418,25 @@ msgstr ""
 msgid "%s is an attachment, not a page."
 msgstr ""
 
-#: ../IkiWiki/Plugin/git.pm:929 ../IkiWiki/Plugin/git.pm:992 ../IkiWiki.pm:1873
+#: ../IkiWiki/Plugin/git.pm:933 ../IkiWiki/Plugin/git.pm:997 ../IkiWiki.pm:1873
 #, perl-format
 msgid "you are not allowed to change %s"
 msgstr ""
 
-#: ../IkiWiki/Plugin/git.pm:951
+#: ../IkiWiki/Plugin/git.pm:955
 #, perl-format
 msgid "you cannot act on a file with mode %s"
 msgstr ""
 
-#: ../IkiWiki/Plugin/git.pm:955
+#: ../IkiWiki/Plugin/git.pm:959
 msgid "you are not allowed to change file modes"
 msgstr ""
 
-#: ../IkiWiki/Plugin/git.pm:1029
+#: ../IkiWiki/Plugin/git.pm:1033
 msgid "you are not allowed to revert a merge"
 msgstr ""
 
-#: ../IkiWiki/Plugin/git.pm:1083 ../IkiWiki/Plugin/git.pm:1103
+#: ../IkiWiki/Plugin/git.pm:1085 ../IkiWiki/Plugin/git.pm:1104
 #, perl-format
 msgid "Failed to revert commit %s"
 msgstr ""
@@ -652,7 +652,7 @@ msgstr ""
 msgid "bad or missing template"
 msgstr ""
 
-#: ../IkiWiki/Plugin/passwordauth.pm:145 ../IkiWiki/Plugin/passwordauth.pm:343
+#: ../IkiWiki/Plugin/passwordauth.pm:145 ../IkiWiki/Plugin/passwordauth.pm:347
 msgid "Error creating account."
 msgstr ""
 
@@ -664,31 +664,31 @@ msgstr ""
 msgid "Create your user page"
 msgstr ""
 
-#: ../IkiWiki/Plugin/passwordauth.pm:340
+#: ../IkiWiki/Plugin/passwordauth.pm:344
 msgid "Account creation successful. Now you can Login."
 msgstr ""
 
-#: ../IkiWiki/Plugin/passwordauth.pm:350
+#: ../IkiWiki/Plugin/passwordauth.pm:353
 msgid "No email address, so cannot email password reset instructions."
 msgstr ""
 
-#: ../IkiWiki/Plugin/passwordauth.pm:379
+#: ../IkiWiki/Plugin/passwordauth.pm:382
 msgid "You have been mailed password reset instructions."
 msgstr ""
 
-#: ../IkiWiki/Plugin/passwordauth.pm:414
+#: ../IkiWiki/Plugin/passwordauth.pm:418
 msgid "incorrect password reset url"
 msgstr ""
 

(Diff truncated)
Document the security fix soon to be released in 3.20170111
diff --git a/debian/changelog b/debian/changelog
index 2183ef1..36a9701 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+ikiwiki (3.20170111) UNRELEASED; urgency=medium
+
+  * passwordauth: prevent authentication bypass via multiple name
+    parameters (CVE-2017-0356, OVE-20170111-0001)
+  * passwordauth: avoid userinfo forgery via repeated email parameter
+    (also in the scope of CVE-2017-0356)
+  * CGI, attachment, passwordauth: harden against repeated parameters
+    (not believed to have been a vulnerability)
+  * remove: make it clearer that repeated page parameter is OK here
+  * t/passwordauth.t: new automated test for passwordauth
+
+ -- Simon McVittie <smcv@debian.org>  Wed, 11 Jan 2017 18:12:05 +0000
+
 ikiwiki (3.20170110) unstable; urgency=medium
 
   [ Amitai Schleier ]
diff --git a/doc/security.mdwn b/doc/security.mdwn
index a538a49..5c54031 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -591,7 +591,23 @@ of them relatively minor:
   could potentially forge commit authorship (attribute their edit to
   someone else) by crafting multiple values for the rcsinfo field
 
-This was fixed in ikiwiki 3.20161229. A backport to Debian 8
-'jessie' is in progress.
+This was fixed in ikiwiki 3.20161229, with fixes backported to Debian 8
+in version 3.20141016.4.
 
 ([[!debcve CVE-2016-9646]]/OVE-20161226-0001)
+
+## <span id="cve-2017-0356">Authentication bypass via repeated parameters</span>
+
+The ikiwiki maintainers discovered further flaws similar 2016-9646
+in the passwordauth plugin's use of CGI::FormBuilder, with a more
+serious impact:
+
+* An attacker who can log in to a site with a password can log in
+  as a different and potentially more privileged user.
+* An attacker who can create a new account can set arbitrary fields
+  in the user database for that account.
+
+This was fixed in ikiwiki 3.20170111, with fixes backported to Debian 8
+in version 3.20141016.4.
+
+([[!debcve CVE-2017-0356]]/OVE-20170111-0001)

3.20170110
diff --git a/debian/changelog b/debian/changelog
index 8205b95..2183ef1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-ikiwiki (3.20170109) UNRELEASED; urgency=medium
+ikiwiki (3.20170110) unstable; urgency=medium
 
   [ Amitai Schleier ]
   * wrappers: Correctly escape quotes in git_wrapper_background_command
@@ -41,7 +41,7 @@ ikiwiki (3.20170109) UNRELEASED; urgency=medium
     build-dependency, with virtual package libmagickcore-extra as an
     alternative, to help autopkgtest to do the right thing
 
- -- Simon McVittie <smcv@debian.org>  Mon, 09 Jan 2017 14:33:19 +0000
+ -- Simon McVittie <smcv@debian.org>  Tue, 10 Jan 2017 13:22:01 +0000
 
 ikiwiki (3.20161229.1) unstable; urgency=medium
 
diff --git a/doc/news/version_3.20160728.mdwn b/doc/news/version_3.20160728.mdwn
deleted file mode 100644
index 88baddc..0000000
--- a/doc/news/version_3.20160728.mdwn
+++ /dev/null
@@ -1,9 +0,0 @@
-ikiwiki 3.20160728 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Explicitly remove current working directory from Perl's library
-     search path, mitigating [[!debcve CVE-2016-1238]] (see [[!debbug 588017]])
-   * wrappers: allocate new environment dynamically, so we won't overrun
-     the array if third-party plugins add multiple environment variables.
-   * Standards-Version: 3.9.8 (no changes required)
-
---[[smcv]]"""]]
diff --git a/doc/news/version_3.20170110.mdwn b/doc/news/version_3.20170110.mdwn
new file mode 100644
index 0000000..b28cee0
--- /dev/null
+++ b/doc/news/version_3.20170110.mdwn
@@ -0,0 +1,41 @@
+ikiwiki 3.20170110 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Amitai Schleier ]
+   * wrappers: Correctly escape quotes in git\_wrapper\_background\_command
+ * [ Simon McVittie ]
+   * git: use an explicit function parameter for the directory to work
+     in. Previously, we used global state that was not restored correctly
+     on catching exceptions, causing an unintended log message
+     "cannot chdir to .../ikiwiki-temp-working: No such file or directory"
+     with versions &gt;= 3.20161229 when an attempt to revert a change fails
+     or is disallowed
+   * git: don't run "git rev-list ... -- -- ..." which would select the
+     wrong commits if a file named literally "--" is present in the
+     repository
+   * check\_canchange: log "bad file name whatever", not literal string
+     "bad file name %s"
+   * t/git-cgi.t: fix a race condition that made the test fail
+     intermittently
+   * t/git-cgi.t: be more careful to provide a syntactically valid
+     author/committer name and email, hopefully fixing this test on
+     ci.debian.net
+   * templates, comments, passwordauth: use rel=nofollow microformat
+     for dynamic URLs
+   * templates: use rel=nofollow microformat for comment authors
+   * news: use Debian security tracker instead of MITRE for security
+     references. Thanks, anarcat
+   * Set package format to 3.0 (native)
+   * d/copyright: re-order to put more specific stanzas later, to get the
+     intended interpretation
+   * d/source/lintian-overrides: override obsolete-url-in-packaging for
+     OpenID Selector, which does not seem to have any more current URL
+     (and in any case our version is a fork)
+   * docwiki.setup: exclude TourBusStop from offline documentation.
+     It does not make much sense there.
+   * d/ikiwiki.lintian-overrides: override script-not-executable warnings
+   * d/ikiwiki.lintian-overrides: silence false positive spelling warning
+     for Moin Moin
+   * d/ikiwiki.doc-base: register the documentation with doc-base
+   * d/control: set libmagickcore-6.q16-3-extra as preferred
+     build-dependency, with virtual package libmagickcore-extra as an
+     alternative, to help autopkgtest to do the right thing"""]]
\ No newline at end of file

news: Use Debian security tracker instead of MITRE for CVE references
The Debian security tracker gets timely updates, whereas the official
CVE pages hosted by MITRE tend to show up as "RESERVED" for several
weeks or months after assignment.
diff --git a/doc/news/version_3.20160728.mdwn b/doc/news/version_3.20160728.mdwn
index 6836a9b..88baddc 100644
--- a/doc/news/version_3.20160728.mdwn
+++ b/doc/news/version_3.20160728.mdwn
@@ -1,7 +1,7 @@
 ikiwiki 3.20160728 released with [[!toggle text="these changes"]]
 [[!toggleable text="""
    * Explicitly remove current working directory from Perl's library
-     search path, mitigating [[!cve CVE-2016-1238]] (see [[!debbug 588017]])
+     search path, mitigating [[!debcve CVE-2016-1238]] (see [[!debbug 588017]])
    * wrappers: allocate new environment dynamically, so we won't overrun
      the array if third-party plugins add multiple environment variables.
    * Standards-Version: 3.9.8 (no changes required)
diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn
index b039009..e4f32db 100644
--- a/doc/news/version_3.20161219.mdwn
+++ b/doc/news/version_3.20161219.mdwn
@@ -7,7 +7,7 @@ ikiwiki 3.20161219 released with [[!toggle text="these changes"]]
    * Security: tell `git revert` not to follow renames. If it does, then
      renaming a file can result in a revert writing outside the wiki srcdir
      or altering a file that the reverting user should not be able to alter,
-     an authorization bypass. Thanks, intrigeri. ([[!cve CVE-2016-10026]])
+     an authorization bypass. Thanks, intrigeri. ([[!debcve CVE-2016-10026]])
    * cgitemplate: remove some dead code. Thanks, blipvert
    * Restrict CSS matches against header class to not break
      Pandoc tables with header rows. Thanks, karsk
diff --git a/doc/news/version_3.20161229.mdwn b/doc/news/version_3.20161229.mdwn
index 7d96ced..365cb69 100644
--- a/doc/news/version_3.20161229.mdwn
+++ b/doc/news/version_3.20161229.mdwn
@@ -2,17 +2,17 @@ ikiwiki 3.20161229 released with [[!toggle text="these changes"]]
 [[!toggleable text="""
    * Security: force CGI::FormBuilder-&gt;field to scalar context where
      necessary, avoiding unintended function argument injection
-     analogous to [[!cve CVE-2014-1572]]. In ikiwiki this could be used to
+     analogous to [[!debcve CVE-2014-1572]]. In ikiwiki this could be used to
      forge commit metadata, but thankfully nothing more serious.
-     ([[!cve CVE-2016-9646]])
+     ([[!debcve CVE-2016-9646]])
    * Security: try revert operations in a temporary working tree before
      approving them. Previously, automatic rename detection could result in
      a revert writing outside the wiki srcdir or altering a file that the
      reverting user should not be able to alter, an authorization bypass.
-     ([[!cve CVE-2016-10026]] represents the original vulnerability.)
+     ([[!debcve CVE-2016-10026]] represents the original vulnerability.)
      The incomplete fix released in 3.20161219 was not effective for git
      versions prior to 2.8.0rc0.
-     ([[!cve CVE-2016-9645]] represents that incomplete solution.)
+     ([[!debcve CVE-2016-9645]] represents that incomplete solution.)
    * Add CVE references for CVE-2016-10026
    * Add automated test for using the CGI with git, including
      CVE-2016-10026
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 56b6481..a538a49 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -368,9 +368,9 @@ allow the security hole to be exploited.
 
 The htmlscrubber did not block javascript in uris. This was fixed by adding
 a whitelist of valid uri types, which does not include javascript. 
-([[!cve CVE-2008-0809]]) Some urls specifyable by the meta plugin could also
+([[!debcve CVE-2008-0809]]) Some urls specifyable by the meta plugin could also
 theoretically have been used to inject javascript; this was also blocked
-([[!cve CVE-2008-0808]]).
+([[!debcve CVE-2008-0808]]).
 
 This hole was discovered on 10 February 2008 and fixed the same day
 with the release of ikiwiki 2.31.1. (And a few subsequent versions..)
@@ -383,7 +383,7 @@ parties.
 Cross Site Request Forging could be used to constuct a link that would
 change a logged-in user's password or other preferences if they clicked on
 the link. It could also be used to construct a link that would cause a wiki
-page to be modified by a logged-in user. ([[!cve CVE-2008-0165]])
+page to be modified by a logged-in user. ([[!debcve CVE-2008-0165]])
 
 These holes were discovered on 10 April 2008 and fixed the same day with
 the release of ikiwiki 2.42. A fix was also backported to Debian etch, as
@@ -410,7 +410,7 @@ passwords in cleartext over the net to log in, either.
 This hole allowed ikiwiki to accept logins using empty passwords, to openid
 accounts that didn't use a password. It was introduced in version 1.34, and
 fixed in version 2.48. The [bug](http://bugs.debian.org/483770) was
-discovered on 30 May 2008 and fixed the same day. ([[!cve CVE-2008-0169]])
+discovered on 30 May 2008 and fixed the same day. ([[!debcve CVE-2008-0169]])
 
 I recommend upgrading to 2.48 immediatly if your wiki allows both password
 and openid logins.
@@ -433,7 +433,7 @@ bypassed and used to read arbitrary files. This was fixed by
 enabling TeX configuration options that disallow unsafe TeX commands.
 The fix was released on 30 Aug 2009 in version 3.1415926, and was
 backported to stable in version 2.53.4. If you use the teximg plugin,
-I recommend upgrading. ([[!cve CVE-2009-2944]])
+I recommend upgrading. ([[!debcve CVE-2009-2944]])
 
 ## javascript insertion via svg uris
 
@@ -458,7 +458,7 @@ Additionally, it was discovered that comments' html was never scrubbed during
 preview or moderation of comments with such a configuration.
 
 These problems were discovered on 12 November 2010 and fixed the same
-hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]])
+hour with the release of ikiwiki 3.20101112. ([[!debcve CVE-2010-1673]])
 
 ## javascript insertion via insufficient checking in comments
 
@@ -468,7 +468,7 @@ used for an XSS attack.
 This hole was discovered on 22 Jan 2011 and fixed the same day with
 the release of ikiwiki 3.20110122. A fix was backported to Debian squeeze,
 as version 3.20100815.5. An upgrade is recommended for sites
-with the comments plugin enabled. ([[!cve CVE-2011-0428]])
+with the comments plugin enabled. ([[!debcve CVE-2011-0428]])
 
 ## possible javascript insertion via insufficient htmlscrubbing of alternate stylesheets
 
@@ -480,13 +480,13 @@ This hole was discovered on 28 Mar 2011 and fixed the same hour with
 the release of ikiwiki 3.20110328. A fix was backported to Debian squeeze,
 as version 3.20100815.6. An upgrade is recommended for sites that have
 untrusted committers, or have the attachments plugin enabled.
-([[!cve CVE-2011-1401]])
+([[!debcve CVE-2011-1401]])
 
 ## tty hijacking via ikiwiki-mass-rebuild
 
 Ludwig Nussel discovered a way for users to hijack root's tty when
 ikiwiki-mass-rebuild was run. Additionally, there was some potential
-for information disclosure via symlinks. ([[!cve CVE-2011-1408]])
+for information disclosure via symlinks. ([[!debcve CVE-2011-1408]])
 
 This hole was discovered on 8 June 2011 and fixed the same day with
 the release of ikiwiki 3.20110608. Note that the fix is dependant on
@@ -498,7 +498,7 @@ installed suid (not the default), and whose admins run `ikiwiki-mass-rebuild`.
 ## javascript insertion via meta tags
 
 Raúl Benencia discovered an additional XSS exposure in the meta plugin.
-([[!cve CVE-2012-0220]])
+([[!debcve CVE-2012-0220]])
 
 This hole was discovered on 16 May 2012 and fixed the same day with
 the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
@@ -506,7 +506,7 @@ as version 3.20100815.9. An upgrade is recommended for all sites.
 
 ## XSS via openid selector
 
-Raghav Bisht discovered this XSS in the openid selector. ([[!cve CVE-2015-2793]])
+Raghav Bisht discovered this XSS in the openid selector. ([[!debcve CVE-2015-2793]])
 
 The hole was reported on March 24th, a fix was developed on March 27th,
 and the fixed version 3.20150329 was released on the 29th. A fix was backported
@@ -524,12 +524,12 @@ was discovered on 4 May by the ikiwiki developers, and the fixed version
 in progress.
 
 An upgrade is recommended for sites using
-the CGI. ([[!cve CVE-2016-4561]], OVE-20160505-0012)
+the CGI. ([[!debcve CVE-2016-4561]], OVE-20160505-0012)
 
 ## ImageMagick CVE-2016–3714 ("ImageTragick")
 
 ikiwiki 3.20160506 and 3.20141016.3 attempt to mitigate
-[[!cve CVE-2016-3714]], and any
+[[!debcve CVE-2016-3714]], and any
 future ImageMagick vulnerabilities that resemble it, by restricting the
 image formats that the [[ikiwiki/directive/img]] directive is willing to
 resize. An upgrade is recommended for sites where an untrusted user is
@@ -539,7 +539,7 @@ writing no such version is available.
 
 ## Perl CVE-2016-1238 (current working directory in search path)
 
-ikiwiki 3.20160728 attempts to mitigate [[!cve CVE-2016-1238]] by
+ikiwiki 3.20160728 attempts to mitigate [[!debcve CVE-2016-1238]] by
 removing `'.'` from the Perl library search path. An attacker with write
 access to ikiwiki's current working directory could potentially use this
 vulnerability to execute arbitrary Perl code. An upgrade is recommended
@@ -567,8 +567,8 @@ version was not effective with git versions older than 2.8.0.
 A more complete fix was released on 2016-12-29 in version 3.20161229.
 A backport to Debian 8 'jessie' is in progress.
 
-([[!cve CVE-2016-10026]] represents the original vulnerability.
-[[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
+([[!debcve CVE-2016-10026]] represents the original vulnerability.
+[[!debcve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
 in 3.20161219 caused by the incomplete fix.)
 
 ## <span id="cve-2016-9646">Commit metadata forgery via CGI::FormBuilder context-dependent APIs</span>
@@ -594,4 +594,4 @@ of them relatively minor:
 This was fixed in ikiwiki 3.20161229. A backport to Debian 8
 'jessie' is in progress.
 
-([[!cve CVE-2016-9646]]/OVE-20161226-0001)
+([[!debcve CVE-2016-9646]]/OVE-20161226-0001)

shortcuts: Use security-tracker.debian.org for [[!debcve]]
security.debian.org currently rejects HTTPS connections.
diff --git a/doc/shortcuts.mdwn b/doc/shortcuts.mdwn
index 00379d8..7d1f491 100644
--- a/doc/shortcuts.mdwn
+++ b/doc/shortcuts.mdwn
@@ -28,7 +28,7 @@ This page controls what shortcut links the wiki supports.
 * [[!shortcut name=debss url="http://snapshot.debian.org/package/%s/"]]
   * Usage: `\[[!debss package]]` or `\[[!debss package/version]]`.  See <http://snapshot.debian.org/> for details.
 * [[!shortcut name=debwiki url="https://wiki.debian.org/%S"]]
-* [[!shortcut name=debcve url="https://security.debian.org/%S"]]
+* [[!shortcut name=debcve url="https://security-tracker.debian.org/tracker/%S"]]
   * also supports Debian bug numbers, packages and whatever the [security tracker](https://security-tracker.debian.org/tracker/) supports.
 * [[!shortcut name=fdobug url="https://bugs.freedesktop.org/show_bug.cgi?id=%s" desc="freedesktop.org bug #%s"]]
 * [[!shortcut name=fdolist url="http://lists.freedesktop.org/mailman/listinfo/%s" desc="%s@lists.freedesktop.org"]]

add debian security tracker
diff --git a/doc/shortcuts.mdwn b/doc/shortcuts.mdwn
index ea905d8..00379d8 100644
--- a/doc/shortcuts.mdwn
+++ b/doc/shortcuts.mdwn
@@ -28,6 +28,8 @@ This page controls what shortcut links the wiki supports.
 * [[!shortcut name=debss url="http://snapshot.debian.org/package/%s/"]]
   * Usage: `\[[!debss package]]` or `\[[!debss package/version]]`.  See <http://snapshot.debian.org/> for details.
 * [[!shortcut name=debwiki url="https://wiki.debian.org/%S"]]
+* [[!shortcut name=debcve url="https://security.debian.org/%S"]]
+  * also supports Debian bug numbers, packages and whatever the [security tracker](https://security-tracker.debian.org/tracker/) supports.
 * [[!shortcut name=fdobug url="https://bugs.freedesktop.org/show_bug.cgi?id=%s" desc="freedesktop.org bug #%s"]]
 * [[!shortcut name=fdolist url="http://lists.freedesktop.org/mailman/listinfo/%s" desc="%s@lists.freedesktop.org"]]
 * [[!shortcut name=gnomebug url="https://bugzilla.gnome.org/show_bug.cgi?id=%s" desc="GNOME bug #%s"]]

3.20161229.1
diff --git a/debian/changelog b/debian/changelog
index 7eb10ca..99081bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-ikiwiki (3.20161229.1) UNRELEASED; urgency=medium
+ikiwiki (3.20161229.1) unstable; urgency=medium
 
   * git: Attribute reverts to the user doing the revert, not the wiki
     itself.
   * git: Do not disable the commit hook while preparing a revert.
 
- -- Simon McVittie <smcv@debian.org>  Thu, 29 Dec 2016 20:35:51 +0000
+ -- Simon McVittie <smcv@debian.org>  Thu, 29 Dec 2016 20:46:24 +0000
 
 ikiwiki (3.20161229) unstable; urgency=medium
 
diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn
deleted file mode 100644
index 6800a30..0000000
--- a/doc/news/version_3.20160506.mdwn
+++ /dev/null
@@ -1,49 +0,0 @@
-News for ikiwiki 3.20160506:
-
-   To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities,
-   the `\[[!img]]` directive is now restricted to these common web formats by
-   default:
-
-   * JPEG (`.jpg`, `.jpeg`)
-   * PNG (`.png`)
-   * GIF (`.gif`)
-   * SVG (`.svg`)
-
-   (In particular, by default resizing PDF files is no longer allowed.)
-
-   Additionally, resized SVG files are displayed in the browser as SVG
-   instead of being converted to PNG.
-
-   If all users who can attach images are fully trusted, this restriction
-   can be removed with the new img\_allowed\_formats setup option.
-   See [[ikiwiki/directive/img]] for more details.
-
-ikiwiki 3.20160506 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ [[Simon McVittie|smcv]] ]
-   * HTML-escape error messages, in one case avoiding potential cross-site
-     scripting ([[!cve CVE-2016-4561]], OVE-20160505-0012)
-   * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
-     - img: force common Web formats to be interpreted according to extension,
-       so that "allowed\_attachments: '*.jpg'" does what one might expect
-     - img: restrict to JPEG, PNG and GIF images by default, again mitigating
-       CVE-2016-3714 and similar vulnerabilities
-     - img: check that the magic number matches what we would expect from
-       the extension before giving common formats to ImageMagick
-   * d/control: use https for Homepage
-   * d/control: add Vcs-Browser
- * [ [[Joey Hess|joey]] ]
-   * img: Add back support for SVG images, bypassing ImageMagick and
-     simply passing the SVG through to the browser, which is supported by all
-     commonly used browsers these days.
-     SVG scaling by img directives has subtly changed; where before
-     size=wxh would preserve aspect ratio, this cannot be done when passing
-     them through and so specifying both a width and height can change
-     the SVG's aspect ratio.
-   * loginselector: When only openid and emailauth are enabled, but
-     passwordauth is not, avoid showing a "Other" box which opens an
-     empty form.
- * [ [[Amitai Schlair|schmonz]] ]
-   * mdwn: Process .md like .mdwn, but disallow web creation.
- * [ Florian Wagner ]
-   * git: Correctly handle filenames starting with a dash in add/rm/mv."""]]
diff --git a/doc/news/version_3.20161229.1.mdwn b/doc/news/version_3.20161229.1.mdwn
new file mode 100644
index 0000000..a09a3b2
--- /dev/null
+++ b/doc/news/version_3.20161229.1.mdwn
@@ -0,0 +1,5 @@
+ikiwiki 3.20161229.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * git: Attribute reverts to the user doing the revert, not the wiki
+     itself.
+   * git: Do not disable the commit hook while preparing a revert."""]]
\ No newline at end of file
diff --git a/ikiwiki.spec b/ikiwiki.spec
index 39ddd5c..ec08495 100644
--- a/ikiwiki.spec
+++ b/ikiwiki.spec
@@ -1,5 +1,5 @@
 Name:           ikiwiki
-Version: 3.20160728
+Version: 3.20161229.1
 Release:        1%{?dist}
 Summary:        A wiki compiler
 
diff --git a/po/bg.po b/po/bg.po
index c45130a..ec6416e 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: ikiwiki-bg\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-06-14 18:58+0000\n"
+"POT-Creation-Date: 2016-12-29 20:37+0000\n"
 "PO-Revision-Date: 2007-01-12 01:19+0200\n"
 "Last-Translator: Damyan Ivanov <dam@modsodtsys.com>\n"
 "Language-Team: Bulgarian <dict@fsa-bg.org>\n"
@@ -17,42 +17,42 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "X-Generator: KBabel 1.11.4\n"
 
-#: ../IkiWiki/CGI.pm:222
+#: ../IkiWiki/CGI.pm:217
 msgid ""
 "probable misconfiguration: sslcookie is set, but you are attempting to login "
 "via http, not https"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:225
+#: ../IkiWiki/CGI.pm:220
 msgid "login failed, perhaps you need to turn on cookies?"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:244 ../IkiWiki/CGI.pm:399
+#: ../IkiWiki/CGI.pm:239 ../IkiWiki/CGI.pm:394
 msgid "Your login session has expired."
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:265
+#: ../IkiWiki/CGI.pm:260
 msgid "Login"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:266
+#: ../IkiWiki/CGI.pm:261
 #, fuzzy
 msgid "Preferences"
 msgstr "Предпочитанията са запазени."
 
-#: ../IkiWiki/CGI.pm:267
+#: ../IkiWiki/CGI.pm:262
 msgid "Admin"
 msgstr ""
 
-#: ../IkiWiki/CGI.pm:307
+#: ../IkiWiki/CGI.pm:302
 msgid "Preferences saved."
 msgstr "Предпочитанията са запазени."
 
-#: ../IkiWiki/CGI.pm:362
+#: ../IkiWiki/CGI.pm:357
 msgid "You are banned."
 msgstr "Достъпът ви е забранен."
 
-#: ../IkiWiki/CGI.pm:495 ../IkiWiki/CGI.pm:496 ../IkiWiki.pm:1653
+#: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:491 ../IkiWiki.pm:1653
 msgid "Error"
 msgstr "Грешка"
 
@@ -139,7 +139,7 @@ msgstr "грешка при обработване на шаблона"
 msgid "deleting bucket.."
 msgstr ""
 
-#: ../IkiWiki/Plugin/amazon_s3.pm:38 ../ikiwiki.in:225
+#: ../IkiWiki/Plugin/amazon_s3.pm:38 ../ikiwiki.in:226
 msgid "done"
 msgstr "готово"
 
@@ -278,37 +278,37 @@ msgstr ""
 msgid "comments on page '%s' are closed"
 msgstr ""
 
-#: ../IkiWiki/Plugin/comments.pm:584
+#: ../IkiWiki/Plugin/comments.pm:585
 msgid "comment stored for moderation"
 msgstr ""
 
-#: ../IkiWiki/Plugin/comments.pm:586
+#: ../IkiWiki/Plugin/comments.pm:587
 msgid "Your comment will be posted after moderator review"
 msgstr ""
 
-#: ../IkiWiki/Plugin/comments.pm:599
+#: ../IkiWiki/Plugin/comments.pm:600
 msgid "Added a comment"
 msgstr ""
 
-#: ../IkiWiki/Plugin/comments.pm:603
+#: ../IkiWiki/Plugin/comments.pm:604
 #, perl-format
 msgid "Added a comment: %s"
 msgstr ""
 
-#: ../IkiWiki/Plugin/comments.pm:677 ../IkiWiki/Plugin/userlist.pm:55
+#: ../IkiWiki/Plugin/comments.pm:678 ../IkiWiki/Plugin/userlist.pm:55
 #: ../IkiWiki/Plugin/websetup.pm:272
 msgid "you are not logged in as an admin"
 msgstr ""
 

(Diff truncated)
add anchors for use in advisory to oss-security
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 823f5ef..56b6481 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -547,7 +547,7 @@ for sites where an untrusted user is able to attach files with arbitrary
 names and/or run a setuid ikiwiki wrapper with a working directory of
 their choice.
 
-## Editing restriction bypass for git revert
+## <span id="cve-2016-9645">Editing restriction bypass for git revert</span>
 
 intrigeri discovered that a web or git user could revert a change to a
 page they are not allowed to edit, if the change being reverted was made
@@ -571,7 +571,7 @@ A backport to Debian 8 'jessie' is in progress.
 [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
 in 3.20161219 caused by the incomplete fix.)
 
-## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
+## <span id="cve-2016-9646">Commit metadata forgery via CGI::FormBuilder context-dependent APIs</span>
 
 When CGI::FormBuilder->field("foo") is called in list context (and
 in particular in the arguments to a subroutine that takes named

Clarify which versions of ikiwiki fixed CVE-2016-9645, -9646
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 317a534..823f5ef 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -564,6 +564,8 @@ which are both used in most ikiwiki installations.
 This bug was reported on 2016-12-17. A partially fixed version
 3.20161219 was released on 2016-12-19, but the solution used in that
 version was not effective with git versions older than 2.8.0.
+A more complete fix was released on 2016-12-29 in version 3.20161229.
+A backport to Debian 8 'jessie' is in progress.
 
 ([[!cve CVE-2016-10026]] represents the original vulnerability.
 [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
@@ -589,4 +591,7 @@ of them relatively minor:
   could potentially forge commit authorship (attribute their edit to
   someone else) by crafting multiple values for the rcsinfo field
 
+This was fixed in ikiwiki 3.20161229. A backport to Debian 8
+'jessie' is in progress.
+
 ([[!cve CVE-2016-9646]]/OVE-20161226-0001)

3.20161229
diff --git a/debian/changelog b/debian/changelog
index bc04809..cd7e158 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-ikiwiki (3.20161220) UNRELEASED; urgency=medium
+ikiwiki (3.20161229) unstable; urgency=medium
 
   * Security: force CGI::FormBuilder->field to scalar context where
     necessary, avoiding unintended function argument injection
@@ -22,7 +22,7 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium
   * git: do not fail to commit changes with a recent git version
     and an anonymous committer
 
- -- Simon McVittie <smcv@debian.org>  Wed, 21 Dec 2016 13:03:07 +0000
+ -- Simon McVittie <smcv@debian.org>  Thu, 29 Dec 2016 17:36:15 +0000
 
 ikiwiki (3.20161219) unstable; urgency=medium
 
diff --git a/doc/news/version_3.20160121.mdwn b/doc/news/version_3.20160121.mdwn
deleted file mode 100644
index 2e727a6..0000000
--- a/doc/news/version_3.20160121.mdwn
+++ /dev/null
@@ -1,46 +0,0 @@
-ikiwiki 3.20160121 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ [[Amitai Schlair|schmonz]] ]
-   * [[plugins/meta]]: Fix `\[[!meta name=foo]]` by closing the open quote.
-   * Avoid unescaped `{` in regular expressions
-   * meta test: Add tests for many behaviors of the directive.
-   * img test: Bail gracefully when [[!cpan ImageMagick]] is not present.
- * [ [[Joey Hess|joey]] ]
-   * [[plugins/emailauth]]: Added `emailauth_sender` config.
-   * Modified `page.tmpl` to to set html `lang=` and `dir=` when
-     values have been specified for them, which the [[plugins/po|po plugin]] does.
-   * Specifically license the javascript underlay under the permissive
-     basewiki license.
- * [ [[Simon McVittie|smcv]] ]
-   * [[plugins/git]]: if no committer identity is known, set it to
-     `IkiWiki <ikiwiki.info>` in `.git/config`. This resolves commit errors
-     in versions of git that require a non-trivial committer identity.
-   * [[plugins/inline]], [[plugins/trail]]: rename `show`, `feedshow` parameters to `limit`, `feedlimit`
-     (with backwards compatibility)
-   * [[plugins/pagestats]]: add `show` option to show [[plugins/meta]] fields. Thanks, [[Louis|spalax]]
-   * [[plugins/inline]]: force RSS `<comments>` to be a fully absolute URL as required
-     by the W3C validator. Please use Atom feeds if relative URLs are
-     desirable on your site.
-   * [[plugins/inline]]: add `<atom:link rel="self">` to RSS feeds as recommended by
-     the W3C validator
-   * [[plugins/inline]]: do not produce links containing `/./` or `/../`
-   * syslog: accept and encode UTF-8 messages
-   * syslog: don't fail to log if the wiki name contains `%s`
-   * Change dependencies from transitional package [[!debpkg perlmagick]]
-     to [[!debpkg libimage-magick-perl]] (Closes: #[789221](http://bugs.debian.org/789221))
-   * debian/copyright: update for the rename of `openid-selector` to
-     `login-selector`
-   * d/control: remove leading article from Description
-     (lintian: description-synopsis-starts-with-article)
-   * d/control: Standards-Version: 3.9.6, no changes required
-   * Wrap and sort control files (`wrap-and-sort -abst`)
-   * Silence "used only once: possible typo" warnings for variables
-     that are part of modules' APIs
-   * Run [[!debpkg autopkgtest]] tests using [[!debpkg autodep8]] and the pkg-perl team's
-     infrastructure
-   * Add enough build-dependencies to run all tests, except for
-     non-git VCSs
-   * tests: consistently use `done_testing` instead of `no_plan`
-   * `t/img.t`: do not spuriously skip
-   * img test: skip testing PDFs if unsupported
-   * img test: use the right filenames when testing that deletion occurs"""]]
diff --git a/doc/news/version_3.20161229.mdwn b/doc/news/version_3.20161229.mdwn
new file mode 100644
index 0000000..7d96ced
--- /dev/null
+++ b/doc/news/version_3.20161229.mdwn
@@ -0,0 +1,23 @@
+ikiwiki 3.20161229 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Security: force CGI::FormBuilder-&gt;field to scalar context where
+     necessary, avoiding unintended function argument injection
+     analogous to [[!cve CVE-2014-1572]]. In ikiwiki this could be used to
+     forge commit metadata, but thankfully nothing more serious.
+     ([[!cve CVE-2016-9646]])
+   * Security: try revert operations in a temporary working tree before
+     approving them. Previously, automatic rename detection could result in
+     a revert writing outside the wiki srcdir or altering a file that the
+     reverting user should not be able to alter, an authorization bypass.
+     ([[!cve CVE-2016-10026]] represents the original vulnerability.)
+     The incomplete fix released in 3.20161219 was not effective for git
+     versions prior to 2.8.0rc0.
+     ([[!cve CVE-2016-9645]] represents that incomplete solution.)
+   * Add CVE references for CVE-2016-10026
+   * Add automated test for using the CGI with git, including
+     CVE-2016-10026
+     - Build-depend on libipc-run-perl for better build-time test coverage
+   * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
+   * git: don't issue a warning if the rcsinfo CGI parameter is undefined
+   * git: do not fail to commit changes with a recent git version
+     and an anonymous committer"""]]

Add CVE references for CVE-2016-9646, CVE-2016-9645
Thanks to the Debian security team for allocating these.
diff --git a/debian/changelog b/debian/changelog
index c7d1938..bc04809 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,14 +4,15 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium
     necessary, avoiding unintended function argument injection
     analogous to CVE-2014-1572. In ikiwiki this could be used to
     forge commit metadata, but thankfully nothing more serious.
-    (OVE-20161226-0001)
-  * Security: try revert operations before approving them. Previously,
-    automatic rename detection could result in a revert writing outside
-    the wiki srcdir or altering a file that the reverting user should not be
-    able to alter, an authorization bypass. The incomplete fix released in
-    3.20161219 was not effective for git versions prior to 2.8.0rc0.
-    (CVE-2016-10026 represents the original vulnerability)
-    (OVE-20161226-0002 represents the incomplete fix released in 3.20161219)
+    (CVE-2016-9646)
+  * Security: try revert operations in a temporary working tree before
+    approving them. Previously, automatic rename detection could result in
+    a revert writing outside the wiki srcdir or altering a file that the
+    reverting user should not be able to alter, an authorization bypass.
+    (CVE-2016-10026 represents the original vulnerability.)
+    The incomplete fix released in 3.20161219 was not effective for git
+    versions prior to 2.8.0rc0.
+    (CVE-2016-9645 represents that incomplete solution.)
   * Add CVE references for CVE-2016-10026
   * Add automated test for using the CGI with git, including
     CVE-2016-10026
diff --git a/doc/security.mdwn b/doc/security.mdwn
index c08d658..317a534 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -566,7 +566,8 @@ This bug was reported on 2016-12-17. A partially fixed version
 version was not effective with git versions older than 2.8.0.
 
 ([[!cve CVE-2016-10026]] represents the original vulnerability.
-OVE-20161226-0002 represents the incomplete fix in 3.20161219.)
+[[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
+in 3.20161219 caused by the incomplete fix.)
 
 ## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
 
@@ -588,4 +589,4 @@ of them relatively minor:
   could potentially forge commit authorship (attribute their edit to
   someone else) by crafting multiple values for the rcsinfo field
 
-(OVE-20161226-0001)
+([[!cve CVE-2016-9646]]/OVE-20161226-0001)

Prune git remotes that are unreachable or unresponsive
diff --git a/doc/git.mdwn b/doc/git.mdwn
index 4808e57..bcf454e 100644
--- a/doc/git.mdwn
+++ b/doc/git.mdwn
@@ -45,13 +45,13 @@ think about merging them. This is recommended. :-)
 * [[chrysn]] `git://prometheus.amsuess.com/ikiwiki`
 * [[simonraven]] (unavailable) `git://github.com/kjikaqawej/ikiwiki-simon.git`
 * [[schmonz]] `git://github.com/schmonz/ikiwiki.git`
-* [[will]] `http://www.cse.unsw.edu.au/~willu/ikiwiki.git`
+* [[will]] (unavailable) `http://www.cse.unsw.edu.au/~willu/ikiwiki.git`
 * [[kaizer]] `git://github.com/engla/ikiwiki.git`
 * [[bbb]] (unavailable) `http://git.boulgour.com/bbb/ikiwiki.git`
 * [[KathrynAndersen]] `git://github.com/rubykat/ikiplugins.git`
 * [[ktf]] `git://github.com/ktf/ikiwiki.git`
 * [[tove]] `git://github.com/tove/ikiwiki.git`
-* [[GiuseppeBilotta]] `git://git.oblomov.eu/ikiwiki`
+* [[GiuseppeBilotta]] (unavailable) `git://git.oblomov.eu/ikiwiki`
 * [[roktas]] (unavailable) `git://github.com/roktas/ikiwiki.git`
 * [[davrieb|David_Riebenbauer]] (unavailable) `git://git.liegesta.at/git/ikiwiki`
   ([browse](http://git.liegesta.at/?p=ikiwiki.git;a=summary))
@@ -77,7 +77,7 @@ think about merging them. This is recommended. :-)
 * anderbubble `git://civilfritz.net/ikiwiki.git`
 * frioux `git://github.com/frioux/ikiwiki`
 * llipavsky `git://github.com/llipavsky/ikiwiki`
-* [[cbaines]] `git://git.cbaines.net/ikiwiki`
+* [[cbaines]] (unavailable) `git://git.cbaines.net/ikiwiki`
 * [[mhameed]] `git://github.com/mhameed/ikiwiki.git`
 * [[spalax]] `git://github.com/paternal/ikiwiki.git` ([[browse|https://github.com/paternal/ikiwiki]])
 * [[jcflack]] `git://github.com/jcflack/ikiwiki.git`

Added a comment
diff --git a/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_2_bb67e838ee1a762cef2f66389f973aa7._comment b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_2_bb67e838ee1a762cef2f66389f973aa7._comment
new file mode 100644
index 0000000..627c6fb
--- /dev/null
+++ b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_2_bb67e838ee1a762cef2f66389f973aa7._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="spalax"
+ avatar="http://cdn.libravatar.org/avatar/3f1353e4135221fc25bfecd1b812bcc8"
+ subject="comment 2"
+ date="2016-12-26T22:03:27Z"
+ content="""
+> [...] can't your plugin just use local time unconditionally, via time_zone => 'local' [...]?
+
+Perfect! Thanks.
+
+-- [[Louis|spalax]]
+"""]]

Added a comment
diff --git a/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_1_76d7e1f18828ce2767ba4f98a1901c29._comment b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_1_76d7e1f18828ce2767ba4f98a1901c29._comment
new file mode 100644
index 0000000..c3c14e2
--- /dev/null
+++ b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__/comment_1_76d7e1f18828ce2767ba4f98a1901c29._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 1"
+ date="2016-12-26T19:26:25Z"
+ content="""
+`:/etc/localtime` is a glibc'ism, added to solve
+[[bugs/without_timezone,_excessive_statting_causes_slowness]]. It means
+\"read the contents or symlink destination of `/etc/localtime` and use that as
+the active time zone\".
+
+I would not recommend parsing that string, although you could.
+
+ikiwiki sets the `TZ` environment variable to either `$config{timezone}`
+or that default value during startup; so can't your plugin just use
+local time unconditionally, via `time_zone => 'local'`, without ever
+caring about which specific time zone that means?
+
+(For example, the standard `IkiWiki::formattime` uses `localtime($time)` which
+is basically a non-OO version of
+`DateTime->from_epoch(epoch => $time, time_zone => 'local')`.)
+"""]]

Question about default timezone ":/etc/localtime"
diff --git a/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__.mdwn b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__.mdwn
new file mode 100644
index 0000000..cf7f2b5
--- /dev/null
+++ b/doc/forum/How_to_parse___34__:__47__etc__47__localtime__34___timezone__63__.mdwn
@@ -0,0 +1,13 @@
+Hello,
+I am writing a plugin that uses the timezone. Ikiwiki.pm [defines the default timezone](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=IkiWiki.pm;h=fa71f479107a2388fde2fe00a67bfa2daa4fb3a9;hb=HEAD#l638) to ``:/etc/localtime``. The problem is that I do not know how to parse this.
+
+In my code, I have lines like ``$now = DateTime->now(time_zone => $config{timezone});`` or ``$thistime = DateTime->from_epoch(epoch=>$thistime, time_zone=>$config{timezone});``. They work well when timezone is something like ``Europe/Paris``, but with the default ``:/etc/localtime``, I get the error message ``The timezone ':/etc/localtime' is an invalid name.``
+
+Is there a way to automatically recognize both ``Europe/Paris`` and ``:/etc/localtime``? Or should I add something like the following in my code?
+
+    if ($config{timezone} eq ":/etc/localtime") {
+        $config{timezone} = DateTime::TimeZone->new(name=>'local')->name();
+    }
+
+Regards,  
+[[Louis|spalax]]

Force CGI::FormBuilder->field to scalar context where necessary
CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0. Force it into scalar context where it is used
in an argument list.
This prevents two (relatively minor) commit metadata forgery
vulnerabilities:
* In the comments plugin, an attacker who was able to post a comment
could give it a user-specified author and author-URL even if the wiki
configuration did not allow for that, by crafting multiple values
to other fields.
* In the editpage plugin, an attacker who was able to edit a page
could potentially forge commit authorship by crafting multiple values
for the rcsinfo field.
The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.
OVE-20161226-0001
diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index e8135a8..428b363 100644
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -165,7 +165,7 @@ sub formbuilder (@) {
 	
 	# Generate the attachment list only after having added any new
 	# attachments.
-	$form->tmpl_param("attachment_list" => [attachment_list($form->field('page'))]);
+	$form->tmpl_param("attachment_list" => [attachment_list(scalar $form->field('page'))]);
 }
 
 sub attachment_holding_location {
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index b47f965..0858f69 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -557,11 +557,12 @@ sub editcomment ($$) {
 		}
 		
 		$postcomment=1;
-		my $ok=IkiWiki::check_content(content => $form->field('editcontent'),
-			subject => $form->field('subject'),
+		my $ok=IkiWiki::check_content(
+			content => scalar $form->field('editcontent'),
+			subject => scalar $form->field('subject'),
 			$config{comments_allowauthor} ? (
-				author => $form->field('author'),
-				url => $form->field('url'),
+				author => scalar $form->field('author'),
+				url => scalar $form->field('url'),
 			) : (),
 			page => $location,
 			cgi => $cgi,
@@ -601,7 +602,7 @@ sub editcomment ($$) {
 				length $form->field('subject')) {
 				$message = sprintf(
 					gettext("Added a comment: %s"),
-					$form->field('subject'));
+					scalar $form->field('subject'));
 			}
 
 			IkiWiki::rcs_add($file);
diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index 6ca4b58..99a1429 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -431,7 +431,7 @@ sub cgi_editpage ($$) {
 			$conflict=rcs_commit(
 				file => $file,
 				message => $message,
-				token => $form->field("rcsinfo"),
+				token => scalar $form->field("rcsinfo"),
 				session => $session,
 			);
 			enable_commit_hook();
diff --git a/IkiWiki/Plugin/notifyemail.pm b/IkiWiki/Plugin/notifyemail.pm
index b50a22a..079bb10 100644
--- a/IkiWiki/Plugin/notifyemail.pm
+++ b/IkiWiki/Plugin/notifyemail.pm
@@ -34,7 +34,7 @@ sub formbuilder (@) {
 	}
 	elsif ($form->submitted eq "Save Preferences" && $form->validate &&
 	       defined $form->field("subscriptions")) {
-		setsubscriptions($username, $form->field('subscriptions'));
+		setsubscriptions($username, scalar $form->field('subscriptions'));
 	}
 }
 
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 3bdd9de..c966087 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -231,7 +231,7 @@ sub formbuilder_setup (@) {
 				$form->field(
 					name => "password",
 					validate => sub {
-						checkpassword($form->field("name"), shift);
+						checkpassword(scalar $form->field("name"), shift);
 					},
 				);
 			}
@@ -395,7 +395,7 @@ sub formbuilder (@) {
 		if ($form->submitted eq "Save Preferences" && $form->validate) {
 			my $user_name=$form->field('name');
 			if (defined $form->field("password") && length $form->field("password")) {
-				setpassword($user_name, $form->field('password'));
+				setpassword($user_name, scalar $form->field('password'));
 			}
 		}
 	}
diff --git a/IkiWiki/Plugin/po.pm b/IkiWiki/Plugin/po.pm
index 6b55ee3..418e8e5 100644
--- a/IkiWiki/Plugin/po.pm
+++ b/IkiWiki/Plugin/po.pm
@@ -548,7 +548,7 @@ sub formbuilder_setup (@) {
 		# their buttons, which is why this hook must be run last.
 		# The canrename/canremove hooks already ensure this is forbidden
 		# at the backend level, so this is only UI sugar.
-		if (istranslation($form->field("page"))) {
+		if (istranslation(scalar $form->field("page"))) {
 			map {
 				for (my $i = 0; $i < @{$params{buttons}}; $i++) {
 					if (@{$params{buttons}}[$i] eq $_) {
diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm
index 4a86d5a..56dfbd5 100644
--- a/IkiWiki/Plugin/rename.pm
+++ b/IkiWiki/Plugin/rename.pm
@@ -259,7 +259,7 @@ sub formbuilder (@) {
 		my $session=$params{session};
 
 		if ($form->submitted eq "Rename" && $form->field("do") eq "edit") {
-			rename_start($q, $session, 0, $form->field("page"));
+			rename_start($q, $session, 0, scalar $form->field("page"));
 		}
 		elsif ($form->submitted eq "Rename Attachment") {
 			my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select");
@@ -312,7 +312,7 @@ sub sessioncgi ($$) {
 			# performed in check_canrename later.
 			my $srcfile=IkiWiki::possibly_foolish_untaint($pagesources{$src})
 				if exists $pagesources{$src};
-			my $dest=IkiWiki::possibly_foolish_untaint(titlepage($form->field("new_name")));
+			my $dest=IkiWiki::possibly_foolish_untaint(titlepage(scalar $form->field("new_name")));
 			my $destfile=$dest;
 			if (! $q->param("attachment")) {
 				my $type=$q->param('type');
diff --git a/debian/changelog b/debian/changelog
index 86d06bd..ccf830b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,10 @@
 ikiwiki (3.20161220) UNRELEASED; urgency=medium
 
+  * Security: force CGI::FormBuilder->field to scalar context where
+    necessary, avoiding unintended function argument injection
+    analogous to CVE-2014-1572. In ikiwiki this could be used to
+    forge commit metadata, but thankfully nothing more serious.
+    (OVE-20161226-0001)
   * Add CVE references for CVE-2016-10026
   * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
   * git: don't issue a warning if the rcsinfo CGI parameter is undefined
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 4f825de..9818e0c 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -563,3 +563,25 @@ which are both used in most ikiwiki installations.
 
 This bug was reported on 2016-12-17. The fixed version 3.20161219
 was released on 2016-12-19. ([[!cve CVE-2016-10026]])
+
+## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
+
+When CGI::FormBuilder->field("foo") is called in list context (and
+in particular in the arguments to a subroutine that takes named
+arguments), it can return zero or more values for foo from the CGI
+request, rather than the expected single value. This breaks the usual
+Perl parsing convention for named arguments, similar to CVE-2014-1572
+in Bugzilla (which was caused by a similar API design issue in CGI.pm).
+
+In ikiwiki, this appears to have been exploitable in two places, both
+of them relatively minor:
+
+* in the comments plugin, an attacker who was able to post a comment
+  could give it a user-specified author and author-URL even if the wiki
+  configuration did not allow for that, by crafting multiple values
+  for other fields
+* in the editpage plugin, an attacker who was able to edit a page
+  could potentially forge commit authorship (attribute their edit to
+  someone else) by crafting multiple values for the rcsinfo field
+
+(OVE-20161226-0001)

Add CVE references for CVE-2016-10026
diff --git a/debian/changelog b/debian/changelog
index 7490db7..0314038 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ikiwiki (3.20161220) UNRELEASED; urgency=medium
+
+  * Add CVE references for CVE-2016-10026
+
+ -- Simon McVittie <smcv@debian.org>  Wed, 21 Dec 2016 13:03:07 +0000
+
 ikiwiki (3.20161219) unstable; urgency=medium
 
   [ Joey Hess ]
@@ -8,7 +14,7 @@ ikiwiki (3.20161219) unstable; urgency=medium
   * Security: tell `git revert` not to follow renames. If it does, then
     renaming a file can result in a revert writing outside the wiki srcdir
     or altering a file that the reverting user should not be able to alter,
-    an authorization bypass. Thanks, intrigeri
+    an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
   * cgitemplate: remove some dead code. Thanks, blipvert
   * Restrict CSS matches against header class to not break
     Pandoc tables with header rows. Thanks, karsk
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
index f21dece..e7f3c69 100644
--- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
+++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
@@ -24,6 +24,9 @@ when reverting.
 > I tried to do something more clever (doing the revert, and checking
 > whether it made changes that aren't allowed) but couldn't get it to
 > work in a reasonable time, so I'm going with the simpler fix.
-> [[Fix committed|done]], a release will follow later today. --[[smcv]]
+> [[Fix committed|done]], a release will follow later today.
+>
+> [[!cve CVE-2016-10026]] has been assigned to this vulnerability.
+> --[[smcv]]
 
 >> You rock, thanks a lot! --[[intrigeri]]
diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn
index 3b64cb8..b039009 100644
--- a/doc/news/version_3.20161219.mdwn
+++ b/doc/news/version_3.20161219.mdwn
@@ -7,8 +7,8 @@ ikiwiki 3.20161219 released with [[!toggle text="these changes"]]
    * Security: tell `git revert` not to follow renames. If it does, then
      renaming a file can result in a revert writing outside the wiki srcdir
      or altering a file that the reverting user should not be able to alter,
-     an authorization bypass. Thanks, intrigeri
+     an authorization bypass. Thanks, intrigeri. ([[!cve CVE-2016-10026]])
    * cgitemplate: remove some dead code. Thanks, blipvert
    * Restrict CSS matches against header class to not break
      Pandoc tables with header rows. Thanks, karsk
-   * Make pagestats output more deterministic. Thanks, intrigeri"""]]
\ No newline at end of file
+   * Make pagestats output more deterministic. Thanks, intrigeri"""]]
diff --git a/doc/security.mdwn b/doc/security.mdwn
index a5db9b4..4f825de 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -562,4 +562,4 @@ This affects sites with the `git` VCS and the `recentchanges` plugin,
 which are both used in most ikiwiki installations.
 
 This bug was reported on 2016-12-17. The fixed version 3.20161219
-was released on 2016-12-19.
+was released on 2016-12-19. ([[!cve CVE-2016-10026]])

Replied.
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
index f8e3b59..f21dece 100644
--- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
+++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
@@ -17,9 +17,13 @@ when reverting.
 > maintainers, so that they are not visible to the general public
 > until we have had a chance to fix the bug. --[[smcv]]
 
+>> Sorry about that, I should clearly know better :/ --[[intrigeri]]
+
 > Fixed by using
 > `git revert --strategy=recursive --strategy-option=no-renames`.
 > I tried to do something more clever (doing the revert, and checking
 > whether it made changes that aren't allowed) but couldn't get it to
 > work in a reasonable time, so I'm going with the simpler fix.
 > [[Fix committed|done]], a release will follow later today. --[[smcv]]
+
+>> You rock, thanks a lot! --[[intrigeri]]

Announce 3.20161219
diff --git a/doc/news/version_3.20150614.mdwn b/doc/news/version_3.20150614.mdwn
deleted file mode 100644
index 1b08f5a..0000000
--- a/doc/news/version_3.20150614.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-ikiwiki 3.20150614 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * inline: change default sort order from age to "age title" for
-     determinism, partially fixing deterministic build for git-annex,
-     ikiwiki-hosting etc. (Closes: #[785757](http://bugs.debian.org/785757))
-   * img: avoid ImageMagick misinterpreting filenames containing a colon
-   * img test: set old timestamp on source file that will change, so that
-     the test will pass even if it takes less than 1 second"""]]
\ No newline at end of file
diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn
new file mode 100644
index 0000000..3b64cb8
--- /dev/null
+++ b/doc/news/version_3.20161219.mdwn
@@ -0,0 +1,14 @@
+ikiwiki 3.20161219 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+   * inline: Prevent creating a file named ".mdwn" when the
+     postform is submitted with an empty title.
+ * [ Simon McVittie ]
+   * Security: tell `git revert` not to follow renames. If it does, then
+     renaming a file can result in a revert writing outside the wiki srcdir
+     or altering a file that the reverting user should not be able to alter,
+     an authorization bypass. Thanks, intrigeri
+   * cgitemplate: remove some dead code. Thanks, blipvert
+   * Restrict CSS matches against header class to not break
+     Pandoc tables with header rows. Thanks, karsk
+   * Make pagestats output more deterministic. Thanks, intrigeri"""]]
\ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9dee6d9..a5db9b4 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -546,3 +546,20 @@ vulnerability to execute arbitrary Perl code. An upgrade is recommended
 for sites where an untrusted user is able to attach files with arbitrary
 names and/or run a setuid ikiwiki wrapper with a working directory of
 their choice.
+
+## Editing restriction bypass for git revert
+
+intrigeri discovered that a web or git user could revert a change to a
+page they are not allowed to edit, if the change being reverted was made
+before the page was moved from a location where that user had permission
+to edit it. For example, if a file is moved from `drafts/policy.mdwn`
+(editable by less-trusted users) to `policy.mdwn` (only editable
+by more-trusted users), a less-trusted user could revert a change
+that was made to `drafts/policy.mdwn` prior to that move, and it would
+result in `policy.mdwn` being altered.
+
+This affects sites with the `git` VCS and the `recentchanges` plugin,
+which are both used in most ikiwiki installations.
+
+This bug was reported on 2016-12-17. The fixed version 3.20161219
+was released on 2016-12-19.

mention security contacts here too
diff --git a/doc/contact.mdwn b/doc/contact.mdwn
index dab0925..afcc677 100644
--- a/doc/contact.mdwn
+++ b/doc/contact.mdwn
@@ -8,3 +8,10 @@ and IRC, and respond in a timely fashion.
 
 You could also drop by the IRC channel `#ikiwiki` on
 [OFTC](http://www.oftc.net/) (`irc.oftc.net`).
+
+However, if you find a new security vulnerability, please email the maintainers
+privately instead of raising it in a public medium, so that we can
+arrange for coordinated disclosure when a fix is available. The maintainers
+are [[Joey Hess|joey]] (<joey@kitenet.net>),
+[[Simon McVittie|smcv]] (<smcv@debian.org>)
+and [[Amitai Schleier|schmonz]] (<schmonz-web-ikiwiki@schmonz.com>).

Opt in to whatever spam this may bring.
diff --git a/doc/security.mdwn b/doc/security.mdwn
index e4851ec..9dee6d9 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -9,7 +9,7 @@ privately instead of listing it in a public bug tracker, so that we can
 arrange for coordinated disclosure when a fix is available. The maintainers
 are [[Joey Hess|joey]] (<joey@kitenet.net>),
 [[Simon McVittie|smcv]] (<smcv@debian.org>)
-and [[Amitai Schleier|schmonz]] (`schmonz-web-ikiwiki schmonz com`).
+and [[Amitai Schleier|schmonz]] (<schmonz-web-ikiwiki@schmonz.com>).
 
 [[!toc levels=2]]
 

Added a comment: no, not supported
diff --git a/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_2_eff15d45a5065574c9f1e48b2a1deff6._comment b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_2_eff15d45a5065574c9f1e48b2a1deff6._comment
new file mode 100644
index 0000000..52e4ec3
--- /dev/null
+++ b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_2_eff15d45a5065574c9f1e48b2a1deff6._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="no, not supported"
+ date="2016-12-19T17:23:06Z"
+ content="""
+> What I wanted to know is: Is there a way to run ikiwiki in chunks of 10 minutes
+> steps or something like that?
+
+No, this is not supported. I don't think ikiwiki is suitable for use with your wiki
+on that hosting provider.
+
+If you don't need the CGI, you could \"compile\" the wiki offline (on your laptop)
+and upload the resulting `$destdir` to the hosting provider - effectively
+treating the hosting provider as simple static storage.
+"""]]

Restrict CSS matches on .header to not affect <tr>
Pandoc generates <tr class="header"> to hold <th> elements, and
we don't want to make those be display: block.
diff --git a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
index a667bfa..aa4eec9 100644
--- a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
+++ b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
@@ -44,3 +44,19 @@ Alternatively, add the following code.
 		}
 
 I've added that last code snippet to my `custom.css` file. I admit `.header tr:not(.header)` is not especially elegant, but then again, I have almost no knowledge of CSS. There might be better solutions. (I don't even know why `display: block;` breaks the tables or why changing it to `display: table-header;` doesn't fix it but `display: table-row;` does :D )
+
+> This is essentially a conflict between ikiwiki's expectations for the
+> definitions of CSS classes, and pandoc's expectations. The ikiwiki
+> templates use `class="header"` to mean essentially the same thing
+> as a HTML5 `<header>`, while Pandoc assumes a different meaning.
+>
+> I think `div.header, header.header {` is probably a cleaner fix,
+> and I have [[done]] that.
+>
+> FYI, `display: block` breaks the tables because it makes the `<tr>` not
+> be treated as a table row by the browser's layout engine.
+> `table-header` is not a valid
+> [value for the CSS `display` attribute](https://developer.mozilla.org/en-US/docs/Web/CSS/display)
+> so that won't work.
+>
+> --[[smcv]]
diff --git a/doc/style.css b/doc/style.css
index f0846c0..8c16e7a 100644
--- a/doc/style.css
+++ b/doc/style.css
@@ -10,7 +10,7 @@ footer,header,hgroup,menu,nav,section {
 	display: block;
 }
 
-.header {
+div.header, header.header {
 	margin: 0;
 	font-size: 140%;
 	font-weight: bold;
diff --git a/themes/actiontabs/style.css b/themes/actiontabs/style.css
index 67720e2..16e3d98 100644
--- a/themes/actiontabs/style.css
+++ b/themes/actiontabs/style.css
@@ -51,7 +51,7 @@ body {
 	font-size: 120%;
 }
 
-.header {
+div.header, header.header {
 	font-weight: normal;
 }
 
diff --git a/themes/monochrome/style.css b/themes/monochrome/style.css
index e85f8ab..aa2ee94 100644
--- a/themes/monochrome/style.css
+++ b/themes/monochrome/style.css
@@ -19,7 +19,7 @@ body {
 	font-family: 'Lato', sans-serif;
 }
 
-.header {
+div.header, header.header {
 	margin-bottom: 0.5em;
 }
 .pageheader .actions ul {

rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_support_relative_size.mdwn
diff --git a/doc/bugs/img_tag_should_support_relative_size.mdwn b/doc/bugs/img_tag_should_support_relative_size.mdwn
deleted file mode 100644
index b6966e0..0000000
--- a/doc/bugs/img_tag_should_support_relative_size.mdwn
+++ /dev/null
@@ -1,29 +0,0 @@
-The size parameter should accept relative values, like "100%". When including large images, I would like it to be scaled relative to the available space.
-
-> 100% of what?
->
-> The purpose of `[[!img]]` is to scale large images, for example photos, down
-> to a more web-suitable size. When ikiwiki rebuilds the website, it cannot
-> know how large visitors' web browser windows are going to be, so it cannot
-> scale the image relative to the size of a visitor's web browser window.
->
-> The closest thing it could do would be to not scale the image at all
-> (potentially a very large download if it's a high-resolution photo),
-> and use CSS or `<img sizes=...>` to ask the visitor's web browser to scale
-> the image relative to something the web browser knows, such as the viewport
-> size.
->
-> With HTML5 `<img sizes="..." srcset="...">`, it would be possible to extend
-> `[[!img]]` to produce more than one resized image and let the visitor's
-> browser choose which one to download, but I'm not sure what a good syntax
-> for that would look like...
->
-> "The available space" is not something we can use, because current HTML
-> standards do not offer that. In HTML5 it is possible to base sizes on the
-> viewport (window) size, but the available space (excluding sidebars etc.)
-> is not something the browser can know in advance, because it needs to know
-> how large images are before it carries out layout calculations, and it
-> needs to carry out layout calculations before it can know the available
-> space.
->
-> --[[smcv]]
diff --git a/doc/todo/img_tag_should_support_relative_size.mdwn b/doc/todo/img_tag_should_support_relative_size.mdwn
new file mode 100644
index 0000000..b6966e0
--- /dev/null
+++ b/doc/todo/img_tag_should_support_relative_size.mdwn
@@ -0,0 +1,29 @@
+The size parameter should accept relative values, like "100%". When including large images, I would like it to be scaled relative to the available space.
+
+> 100% of what?
+>
+> The purpose of `[[!img]]` is to scale large images, for example photos, down
+> to a more web-suitable size. When ikiwiki rebuilds the website, it cannot
+> know how large visitors' web browser windows are going to be, so it cannot
+> scale the image relative to the size of a visitor's web browser window.
+>
+> The closest thing it could do would be to not scale the image at all
+> (potentially a very large download if it's a high-resolution photo),
+> and use CSS or `<img sizes=...>` to ask the visitor's web browser to scale
+> the image relative to something the web browser knows, such as the viewport
+> size.
+>
+> With HTML5 `<img sizes="..." srcset="...">`, it would be possible to extend
+> `[[!img]]` to produce more than one resized image and let the visitor's
+> browser choose which one to download, but I'm not sure what a good syntax
+> for that would look like...
+>
+> "The available space" is not something we can use, because current HTML
+> standards do not offer that. In HTML5 it is possible to base sizes on the
+> viewport (window) size, but the available space (excluding sidebars etc.)
+> is not something the browser can know in advance, because it needs to know
+> how large images are before it carries out layout calculations, and it
+> needs to carry out layout calculations before it can know the available
+> space.
+>
+> --[[smcv]]

Not possible as stated, but could be adapted into a valid feature request
diff --git a/doc/bugs/img_tag_should_support_relative_size.mdwn b/doc/bugs/img_tag_should_support_relative_size.mdwn
index a625487..b6966e0 100644
--- a/doc/bugs/img_tag_should_support_relative_size.mdwn
+++ b/doc/bugs/img_tag_should_support_relative_size.mdwn
@@ -1 +1,29 @@
 The size parameter should accept relative values, like "100%". When including large images, I would like it to be scaled relative to the available space.
+
+> 100% of what?
+>
+> The purpose of `[[!img]]` is to scale large images, for example photos, down
+> to a more web-suitable size. When ikiwiki rebuilds the website, it cannot
+> know how large visitors' web browser windows are going to be, so it cannot
+> scale the image relative to the size of a visitor's web browser window.
+>
+> The closest thing it could do would be to not scale the image at all
+> (potentially a very large download if it's a high-resolution photo),
+> and use CSS or `<img sizes=...>` to ask the visitor's web browser to scale
+> the image relative to something the web browser knows, such as the viewport
+> size.
+>
+> With HTML5 `<img sizes="..." srcset="...">`, it would be possible to extend
+> `[[!img]]` to produce more than one resized image and let the visitor's
+> browser choose which one to download, but I'm not sure what a good syntax
+> for that would look like...
+>
+> "The available space" is not something we can use, because current HTML
+> standards do not offer that. In HTML5 it is possible to base sizes on the
+> viewport (window) size, but the available space (excluding sidebars etc.)
+> is not something the browser can know in advance, because it needs to know
+> how large images are before it carries out layout calculations, and it
+> needs to carry out layout calculations before it can know the available
+> space.
+>
+> --[[smcv]]

List security contacts
We still don't have a security@ alias; listing personal emails is
unfortunately the next-best thing.
diff --git a/doc/bugs.mdwn b/doc/bugs.mdwn
index f16a4f8..86df604 100644
--- a/doc/bugs.mdwn
+++ b/doc/bugs.mdwn
@@ -3,6 +3,10 @@ elsewhere. Link items to [[bugs/done]] when done.
 
 Also see the [Debian bugs](http://bugs.debian.org/ikiwiki).
 
+If you are reporting a security vulnerability, please email the maintainers
+privately, instead of making it public by listing it here. See [[security]]
+for contact details.
+
 There are [[!pagecount pages="bugs/* and !bugs/done and !bugs/discussion and 
 !link(patch) and !link(bugs/done) and !bugs/*/*"
 feedpages="created_after(bugs/no_commit_mails_for_new_pages)"]] "open" bugs:
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 6d68fac..e4851ec 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -1,11 +1,16 @@
-Let's do an ikiwiki security analysis.
-
 If you are using ikiwiki to render pages that only you can edit, do not
 generate any wrappers, and do not use the cgi, then there are no more
 security issues with this program than with cat(1). If, however, you let
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 
+If you find a new security vulnerability, please email the maintainers
+privately instead of listing it in a public bug tracker, so that we can
+arrange for coordinated disclosure when a fix is available. The maintainers
+are [[Joey Hess|joey]] (<joey@kitenet.net>),
+[[Simon McVittie|smcv]] (<smcv@debian.org>)
+and [[Amitai Schleier|schmonz]] (`schmonz-web-ikiwiki schmonz com`).
+
 [[!toc levels=2]]
 
 ----

diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
index 8ac62e5..09a2379 100644
--- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
+++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
@@ -12,3 +12,7 @@ will automatically detect that the file affected by the to-be-reverted
 commit has moved, and modify the file in its new location
 when reverting.
 
+> Working on it. In future please report non-public security
+> vulnerabilities (such as authorization bypass) by private email to the
+> maintainers, so that they are not visible to the general public
+> until we have had a chance to fix the bug. --[[smcv]]

Tell `git revert` not to follow renames
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().
diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm
index 249338d..7511f09 100644
--- a/IkiWiki/Plugin/git.pm
+++ b/IkiWiki/Plugin/git.pm
@@ -973,7 +973,9 @@ sub rcs_revert ($) {
 
 	ensure_committer();
 
-	if (run_or_non('git', 'revert', '--no-commit', $sha1)) {
+	if (run_or_non('git', 'revert', '--strategy=recursive',
+			'--strategy-option=no-renames',
+			'--no-commit', $sha1)) {
 		return undef;
 	}
 	else {
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
index 09a2379..f8e3b59 100644
--- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
+++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
@@ -16,3 +16,10 @@ when reverting.
 > vulnerabilities (such as authorization bypass) by private email to the
 > maintainers, so that they are not visible to the general public
 > until we have had a chance to fix the bug. --[[smcv]]
+
+> Fixed by using
+> `git revert --strategy=recursive --strategy-option=no-renames`.
+> I tried to do something more clever (doing the revert, and checking
+> whether it made changes that aren't allowed) but couldn't get it to
+> work in a reasonable time, so I'm going with the simpler fix.
+> [[Fix committed|done]], a release will follow later today. --[[smcv]]

Try revert operations (on a branch) before approving them
Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().
It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.
OVE-20161226-0002
diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm
index 64a47c8..56d6493 100644
--- a/IkiWiki/Plugin/git.pm
+++ b/IkiWiki/Plugin/git.pm
@@ -425,6 +425,16 @@ sub parse_diff_tree ($) {
 	}
 	shift @{ $dt_ref } if $dt_ref->[0] =~ /^$/;
 
+	$ci{details} = [parse_changed_files($dt_ref)];
+
+	return \%ci;
+}
+
+sub parse_changed_files {
+	my $dt_ref = shift;
+
+	my @files;
+
 	# Modified files.
 	while (my $line = shift @{ $dt_ref }) {
 		if ($line =~ m{^
@@ -442,7 +452,7 @@ sub parse_diff_tree ($) {
 			my $status = shift(@tmp);
 
 			if (length $file) {
-				push @{ $ci{'details'} }, {
+				push @files, {
 					'file'      => decode_git_file($file),
 					'sha1_from' => $sha1_from[0],
 					'sha1_to'   => $sha1_to,
@@ -456,7 +466,7 @@ sub parse_diff_tree ($) {
 		last;
 	}
 
-	return \%ci;
+	return @files;
 }
 
 sub git_commit_info ($;$) {
@@ -955,10 +965,14 @@ sub rcs_preprevert ($) {
 	my $rev=shift;
 	my ($sha1) = $rev =~ /^($sha1_pattern)$/; # untaint
 
+	my @undo;      # undo stack for cleanup in case of an error
+
+	ensure_committer();
+
 	# Examine changes from root of git repo, not from any subdir,
 	# in order to see all changes.
 	my ($subdir, $rootdir) = git_find_root();
-	in_git_dir($rootdir, sub {
+	return in_git_dir($rootdir, sub {
 		my @commits=git_commit_info($sha1, 1);
 	
 		if (! @commits) {
@@ -971,7 +985,68 @@ sub rcs_preprevert ($) {
 			error gettext("you are not allowed to revert a merge");
 		}
 
+		# Due to the presence of rename-detection, we cannot actually
+		# see what will happen in a revert without trying it.
+		# But we can guess, which is enough to rule out most changes
+		# that we won't allow reverting.
 		git_parse_changes(1, @commits);
+
+		my $failure;
+		my @ret;
+		# If it looks OK, do it for real, on a branch.
+		eval {
+			IkiWiki::disable_commit_hook();
+			push @undo, sub {
+				IkiWiki::enable_commit_hook();
+			};
+			my $branch = "ikiwiki_revert_${sha1}"; # supposed to be unique
+
+			push @undo, sub {
+				run_or_cry('git', 'branch', '-D', $branch) if $failure;
+			};
+			if (run_or_non('git', 'rev-parse', '--quiet', '--verify', $branch)) {
+				run_or_non('git', 'branch', '-D', $branch);
+			}
+			run_or_die('git', 'branch', $branch, $config{gitmaster_branch});
+
+			push @undo, sub {
+				if (!run_or_cry('git', 'checkout', '--quiet', $config{gitmaster_branch})) {
+					run_or_cry('git', 'checkout','-f', '--quiet', $config{gitmaster_branch});
+				}
+			};
+			run_or_die('git', 'checkout', '--quiet', $branch);
+
+			run_or_die('git', 'revert', '--no-commit', $sha1);
+			run_or_non('git', 'commit', '-m', "revert $sha1", '-a');
+
+			# Re-switch to master.
+			run_or_die('git', 'checkout', '--quiet', $config{gitmaster_branch});
+
+			my @raw_lines;
+			@raw_lines = run_or_die('git', 'diff', '--pretty=raw',
+				'--raw', '--abbrev=40', '--always', '--no-renames',
+				"ikiwiki_revert_${sha1}..");
+
+			my $ci = {
+				details => [parse_changed_files(\@raw_lines)],
+			};
+
+			@ret = git_parse_changes(0, $ci);
+		};
+		$failure = $@;
+
+		# Process undo stack (in reverse order).  By policy cleanup
+		# actions should normally print a warning on failure.
+		while (my $handle = pop @undo) {
+			$handle->();
+		}
+
+		if ($failure) {
+			my $message = sprintf(gettext("Failed to revert commit %s"), $sha1);
+			error("$message\n$failure\n");
+		}
+
+		return @ret;
 	});
 }
 
@@ -982,11 +1057,11 @@ sub rcs_revert ($) {
 
 	ensure_committer();
 
-	if (run_or_non('git', 'revert', '--no-commit', $sha1)) {
+	if (run_or_non('git', 'merge', '--ff-only', "ikiwiki_revert_$sha1")) {
 		return undef;
 	}
 	else {
-		run_or_die('git', 'reset', '--hard');
+		run_or_non('git', 'branch', '-D', "ikiwiki_revert_$sha1");
 		return sprintf(gettext("Failed to revert commit %s"), $sha1);
 	}
 }
diff --git a/debian/changelog b/debian/changelog
index ccf830b..b057ec7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,13 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium
     analogous to CVE-2014-1572. In ikiwiki this could be used to
     forge commit metadata, but thankfully nothing more serious.
     (OVE-20161226-0001)
+  * Security: try revert operations before approving them. Previously,
+    automatic rename detection could result in a revert writing outside
+    the wiki srcdir or altering a file that the reverting user should not be
+    able to alter, an authorization bypass. The incomplete fix released in
+    3.20161219 was not effective for git versions prior to 2.8.0rc0.
+    (CVE-2016-10026 represents the original vulnerability)
+    (OVE-20161226-0002 represents the incomplete fix released in 3.20161219)
   * Add CVE references for CVE-2016-10026
   * Add missing ikiwiki.setup for the manual test for CVE-2016-10026
   * git: don't issue a warning if the rcsinfo CGI parameter is undefined
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9818e0c..c08d658 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -561,8 +561,12 @@ result in `policy.mdwn` being altered.
 This affects sites with the `git` VCS and the `recentchanges` plugin,
 which are both used in most ikiwiki installations.
 
-This bug was reported on 2016-12-17. The fixed version 3.20161219
-was released on 2016-12-19. ([[!cve CVE-2016-10026]])
+This bug was reported on 2016-12-17. A partially fixed version
+3.20161219 was released on 2016-12-19, but the solution used in that
+version was not effective with git versions older than 2.8.0.
+
+([[!cve CVE-2016-10026]] represents the original vulnerability.
+OVE-20161226-0002 represents the incomplete fix in 3.20161219.)
 
 ## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
 

cgitemplate: remove dead code
blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this
variable has not been used since commit a052771
"Now that we're always using HTML5, <base href> can be relative".
diff --git a/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
index e062c45..156f077 100644
--- a/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
+++ b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
@@ -7,3 +7,22 @@ In commits by Simon McVittie on Oct 5, 2014, the following was added to `cgitemp
 
 I am trying to determine what was intended by this change.  The variable `$topurl` is not used again in this function, so this is essentially dead code.
 --[[blipvert]]
+
+> If you look at `git log -p IkiWiki/CGI.pm` you'll see that *at the time*, `$topurl`
+> was used further down the function. Later in the branch, [commit 33f6026
+"In html5 mode, generate a host- or protocol-relative <base> for the
+CGI"](http://source.ikiwiki.branchable.com/?p=source.git;a=commit;h=33f60260b233d0310ce6dd4304304a516595b906)
+> made this conditional on `! $config{html5}`.
+>
+> Somewhat later,
+> [commit 490a1ec
+"Always produce HTML5 doctype and new attributes, but not new
+elements"](http://source.ikiwiki.branchable.com/?p=source.git;a=commit;h=490a1eca7bed841848765b495a73fbc56e4808f4)
+> repurposed `$config{html5}` from "use HTML5" to "use new HTML5 elements" -
+> which meant that [commit a052771
+"Now that we're always using HTML5, <base href> can be
+relative"](http://source.ikiwiki.branchable.com/?p=source.git;a=commit;h=a05277128732beb351aa696c49d337086414ffb6)
+> could remove the only code that used `$topurl`.
+>
+> You are correct to say that computing `$topurl` is now dead code, and I
+> have removed it. [[done]] --[[smcv]]

Report authorization bypass via RCS revert.
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
new file mode 100644
index 0000000..8ac62e5
--- /dev/null
+++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
@@ -0,0 +1,14 @@
+1. We have a `$srcdir/writable/page.mdwn` source file in Git.
+2. ikiwiki is configured to allow edits via the CGI in `writable/*`,
+   but nowhere else.
+2. Modify `$srcdir/writable/page.mdwn`, commit ⇒ commit `$id`.
+3. `git mv $srcdir/writable/page.mdwn $srcdir/read-only/page.mdwn`
+
+⇒ The web interface allows reverting commit `$id` (presumably because
+it changes files only in `$srcdir/writable`). This operation
+effectively modifies `$srcdir/read-only/page.mdwn`, which feels wrong.
+My guess is that `check_canchange` does not take into account that Git
+will automatically detect that the file affected by the to-be-reverted
+commit has moved, and modify the file in its new location
+when reverting.
+

diff --git a/doc/users/blipvert.mdwn b/doc/users/blipvert.mdwn
index 7c4a24b..93b5bf0 100644
--- a/doc/users/blipvert.mdwn
+++ b/doc/users/blipvert.mdwn
@@ -1 +1 @@
-<http://github.com/blipvert>
+<https://github.com/blipvert>

diff --git a/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
index b5e1ea3..e062c45 100644
--- a/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
+++ b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
@@ -6,3 +6,4 @@ In commits by Simon McVittie on Oct 5, 2014, the following was added to `cgitemp
     b0a35c81 (Simon McVittie   2014-10-05  64) 	}
 
 I am trying to determine what was intended by this change.  The variable `$topurl` is not used again in this function, so this is essentially dead code.
+--[[blipvert]]

diff --git a/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
new file mode 100644
index 0000000..b5e1ea3
--- /dev/null
+++ b/doc/bugs/use_of___36__topurl_in_cgitemplate.mdwn
@@ -0,0 +1,8 @@
+In commits by Simon McVittie on Oct 5, 2014, the following was added to `cgitemplate()`:
+
+    b0a35c81 (Simon McVittie   2014-10-05  61) 	my $topurl = $config{url};
+    3b8da667 (Simon McVittie   2014-10-05  62) 	if (defined $cgi && ! $config{w3mmode} && ! $config{reverse_proxy}) {
+    b0a35c81 (Simon McVittie   2014-10-05  63) 		$topurl = $cgi->url;
+    b0a35c81 (Simon McVittie   2014-10-05  64) 	}
+
+I am trying to determine what was intended by this change.  The variable `$topurl` is not used again in this function, so this is essentially dead code.

diff --git a/doc/users/Jeff_Melton.mdwn b/doc/users/Jeff_Melton.mdwn
new file mode 100644
index 0000000..998478a
--- /dev/null
+++ b/doc/users/Jeff_Melton.mdwn
@@ -0,0 +1 @@
+I'm using two Ikiwiki config files for a private journal and [public blog](https://inert.io), serving them with [Hiawatha](http://hiawatha-webserver.org/)

pagestats determinism: report bug + patch.
diff --git a/doc/bugs/pagestats_output_is_not_deterministic.mdwn b/doc/bugs/pagestats_output_is_not_deterministic.mdwn
new file mode 100644
index 0000000..63d52e1
--- /dev/null
+++ b/doc/bugs/pagestats_output_is_not_deterministic.mdwn
@@ -0,0 +1,11 @@
+Hi! While working on Reproducible Builds for Tails, we noticed that
+the pagestats plugin's output is not deterministic: pages that have
+the same number of hits (counts) are sorted in hash order.
+
+The `pagestats-determinism` branch in the
+<https://git-tails.immerda.ch/ikiwiki.git> Git repository has a fix
+for this problem.
+
+--[[intrigeri]]
+
+[[!tag patch]]

svetlana.nfshost
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index b8f22a3..b221cdc 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -222,3 +222,4 @@ Personal sites and blogs
 * [Sean Whitton's personal website](http://spwhitton.name/)
 * [Matto's personal website](https://box.matto.nl)
 * [Rob Sayers' personal website](http://www.robsayers.com)
+* [Svetlana Tkachenko's personal website](http://svetlana.nfshost.com) - personal site, no blog

Added custom solution
diff --git a/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn b/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
index 2911b74..c89b1d2 100644
--- a/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
+++ b/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
@@ -10,4 +10,8 @@ Nowadays, the ikiwiki.cgi sits in the subfolder that is the same as the wiki nam
 But somehow, even if I play around with the fastcgi parameters, I either get a 403, or the server is trying to send me the ikiwiki.cgi file to download, but does not run it.
 
 I've changed the permissions on the socket, I even tried to run the server as root, nothing changes. Still same errors. If anyone can help, I'd appreciate.
+
+-- Update 
+**Pseudo solution** : Solved my problem by switching from Nginx to Apache. Somewhow handling .cgi scripts with Apache is less trouble some.
+
   

rename forum/FastCGI_problem_on_Arch.mdwn to forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
diff --git a/doc/forum/FastCGI_problem_on_Arch.mdwn b/doc/forum/FastCGI_problem_on_Arch.mdwn
deleted file mode 100644
index 2911b74..0000000
--- a/doc/forum/FastCGI_problem_on_Arch.mdwn
+++ /dev/null
@@ -1,13 +0,0 @@
-Hello. 
-
-Sorry to disturb here, but I'm struggling running ikiwiki under Arch on a RaspberryPi.  
-I have a default user: alarm that both runs the nginx server and which created the ikiwiki site.  
-Everything sits in the home folder.  
-
-I've followed the instructions [here](http://ikiwiki.info/tips/dot_cgi/#index3h2) regarding the configuration of FastCGI, but there is a slight mistake in it I think.
-Nowadays, the ikiwiki.cgi sits in the subfolder that is the same as the wiki name under public_html/ and not directly under public_html/. But it does not really matter. I corrected that in my script.
- 
-But somehow, even if I play around with the fastcgi parameters, I either get a 403, or the server is trying to send me the ikiwiki.cgi file to download, but does not run it.
-
-I've changed the permissions on the socket, I even tried to run the server as root, nothing changes. Still same errors. If anyone can help, I'd appreciate.
-  
diff --git a/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn b/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
new file mode 100644
index 0000000..2911b74
--- /dev/null
+++ b/doc/forum/__91__Solved__93__FastCGI_problem_on_Arch.mdwn
@@ -0,0 +1,13 @@
+Hello. 
+
+Sorry to disturb here, but I'm struggling running ikiwiki under Arch on a RaspberryPi.  
+I have a default user: alarm that both runs the nginx server and which created the ikiwiki site.  
+Everything sits in the home folder.  
+
+I've followed the instructions [here](http://ikiwiki.info/tips/dot_cgi/#index3h2) regarding the configuration of FastCGI, but there is a slight mistake in it I think.
+Nowadays, the ikiwiki.cgi sits in the subfolder that is the same as the wiki name under public_html/ and not directly under public_html/. But it does not really matter. I corrected that in my script.
+ 
+But somehow, even if I play around with the fastcgi parameters, I either get a 403, or the server is trying to send me the ikiwiki.cgi file to download, but does not run it.
+
+I've changed the permissions on the socket, I even tried to run the server as root, nothing changes. Still same errors. If anyone can help, I'd appreciate.
+  

Update my personal site URL.
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index ffb6f44..b8f22a3 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -210,7 +210,7 @@ Personal sites and blogs
 * [Stig Sandbeck Mathisen](http://fnord.no/) - Personal site and blog, with a bootstrap theme, and varnish frontend.
 * Kalle Söderman: [Seen Architecture](http://img.kalleswork.net), [Stockholm Project](http://stockholm.kalleswork.net) - Mainly -image galleries using the album and osm plugins with a customized html5 theme.
 * James Richardson's [wiki](https://jamestechnotes.com), [blog](https://jamesrichardson.name), and online [resume](https://resume.jamesrichardson.name).
-* [Amitai Schleier's site](http://www.schmonz.com/)
+* [Amitai Schleier's site](https://schmonz.com/)
 * My ([[spalax]]) [professional website](http://paternault.fr)
 * [Aloodo Blog](http://blog.aloodo.org/)
 * Ninguém tem blog! - Restricted ikiwiki hosting
diff --git a/doc/users/schmonz.mdwn b/doc/users/schmonz.mdwn
index feb31e6..e4eb28c 100644
--- a/doc/users/schmonz.mdwn
+++ b/doc/users/schmonz.mdwn
@@ -1,4 +1,4 @@
-[Amitai Schleier](http://www.schmonz.com/) has contributed code to ikiwiki...
+[Amitai Schleier](https://schmonz.com/) has contributed code to ikiwiki...
 
 [[!map
 pages="!*/Discussion and ((link(users/schmonz) and plugins/* and !plugins/openid/*) or rcs/cvs or todo/fancypodcast)"
@@ -8,7 +8,7 @@ pages="!*/Discussion and ((link(users/schmonz) and plugins/* and !plugins/openid
 
 ## Public
 
-* [My personal web site](http://www.schmonz.com/)
+* [My personal web site](https://schmonz.com/)
 * [A very small podcast](https://agilein3minut.es/)
 * [A major open-source project's wiki](http://wiki.netbsd.org) (with
   the [[rcs/cvs]] plugin)

update my site links.
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index 0c05095..ffb6f44 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -209,7 +209,7 @@ Personal sites and blogs
 * [KheOps's blog](https://w.ceops.eu/words/)
 * [Stig Sandbeck Mathisen](http://fnord.no/) - Personal site and blog, with a bootstrap theme, and varnish frontend.
 * Kalle Söderman: [Seen Architecture](http://img.kalleswork.net), [Stockholm Project](http://stockholm.kalleswork.net) - Mainly -image galleries using the album and osm plugins with a customized html5 theme.
-* [James Technotes](http://jamestechnotes.com), my [wiki](http://jamestechnotes.com) and [blog](http://jamestechnotes.com/blog).
+* James Richardson's [wiki](https://jamestechnotes.com), [blog](https://jamesrichardson.name), and online [resume](https://resume.jamesrichardson.name).
 * [Amitai Schleier's site](http://www.schmonz.com/)
 * My ([[spalax]]) [professional website](http://paternault.fr)
 * [Aloodo Blog](http://blog.aloodo.org/)

Added a comment
diff --git a/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_3_19f431b9573b62291ec9167c1ce238bc._comment b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_3_19f431b9573b62291ec9167c1ce238bc._comment
new file mode 100644
index 0000000..56a9f07
--- /dev/null
+++ b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_3_19f431b9573b62291ec9167c1ce238bc._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="openmedi"
+ subject="comment 3"
+ date="2016-11-10T17:09:41Z"
+ content="""
+[See also my problem with doing a complete rebuild with a time limit…](http://ikiwiki.info/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/)
+"""]]

Added a comment
diff --git a/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_1_cd94289532b06ec1d5c182f38e26dbd8._comment b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_1_cd94289532b06ec1d5c182f38e26dbd8._comment
new file mode 100644
index 0000000..cb336dc
--- /dev/null
+++ b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__/comment_1_cd94289532b06ec1d5c182f38e26dbd8._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="openmedi"
+ subject="comment 1"
+ date="2016-11-10T17:06:23Z"
+ content="""
+[This is connected to my \"laptop wiki with git - but the other way around\" question.](http://ikiwiki.info/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/)
+"""]]

diff --git a/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__.mdwn b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__.mdwn
new file mode 100644
index 0000000..6cca512
--- /dev/null
+++ b/doc/forum/large_wiki:_is_running_ikiwiki_in_steps_possible__63__.mdwn
@@ -0,0 +1 @@
+Because of the complexity and size of my wiki, I am unable to let ikiwiki run it's course on my shared hosting provider of choice. The maximum time allowed for a rebuild as is dictated by the maximum amount of cpu time I can assign myself to is 10 minutes. What I wanted to know is: Is there a way to run ikiwiki in chunks of 10 minutes steps or something like that?

Added a comment
diff --git a/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_2_399b67e199a0a343bc3ac8ca2e3977ab._comment b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_2_399b67e199a0a343bc3ac8ca2e3977ab._comment
new file mode 100644
index 0000000..bc61d3e
--- /dev/null
+++ b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_2_399b67e199a0a343bc3ac8ca2e3977ab._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="openmedi"
+ subject="comment 2"
+ date="2016-11-06T19:36:24Z"
+ content="""
+Another update on this, because it's related to running ikiwiki on nearly free speech: ikiwiki, xapian (and omega; for search), pandoc and pandoc-cteproc and I believe all perl modules one would need to run all of this are installed system wide on the white beta realm. So getting an ikiwiki up and running is nowadays a piece of cake and consists of calling `ikiwiki --setup /usr/local/etc/ikiwiki/auto.setup`, filling in the correct infos and afterwards customizing the created `.setup` file further. That's already it. Plugins can be installed to `~/.ikiwiki/IkiWiki/Plugin`. By setting a `templatedir` in the `.setup`you can have a templatedir in your user's dir.
+"""]]

Added a comment
diff --git a/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_1_56e6a6a6865b1da17d527e176c9eccfa._comment b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_1_56e6a6a6865b1da17d527e176c9eccfa._comment
new file mode 100644
index 0000000..5274acd
--- /dev/null
+++ b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__/comment_1_56e6a6a6865b1da17d527e176c9eccfa._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="openmedi"
+ subject="comment 1"
+ date="2016-11-03T22:13:14Z"
+ content="""
+I was able to make some progress with this by taking a somewhat different approach. First of all I understand now a little better, that the above setup could be made to work, but it is easier to setup a wiki on my server by hand and then setting up the server repository as a remote of my local repository. After merging/combining the two repos (e.g.: pulling from the server with `--allow-unrelated-histories` and then pushing the local repo to the server) I had a state in which I could let ikiwiki run on my server clone of the local wiki.
+
+There's still work to do. I run into problems with exceeding the cpu time limit when trying to do a full rebuild which, because of the complexity of the wiki takes a while. Is there a way to do cumulative rebuilds or something like that?
+
+I also will have to see how well plugins will work on nearly free speech.
+"""]]

diff --git a/doc/bugs/img_tag_should_support_relative_size.mdwn b/doc/bugs/img_tag_should_support_relative_size.mdwn
index 23fef37..a625487 100644
--- a/doc/bugs/img_tag_should_support_relative_size.mdwn
+++ b/doc/bugs/img_tag_should_support_relative_size.mdwn
@@ -1,3 +1 @@
-I would like to include a image with a relative size, rather than absolute pixels. Like this:
-
- [[!img MyImage.png alt="Image" size="100%"]]
+The size parameter should accept relative values, like "100%". When including large images, I would like it to be scaled relative to the available space.

diff --git a/doc/bugs/img_tag_should_support_relative_size.mdwn b/doc/bugs/img_tag_should_support_relative_size.mdwn
new file mode 100644
index 0000000..23fef37
--- /dev/null
+++ b/doc/bugs/img_tag_should_support_relative_size.mdwn
@@ -0,0 +1,3 @@
+I would like to include a image with a relative size, rather than absolute pixels. Like this:
+
+ [[!img MyImage.png alt="Image" size="100%"]]

consider portier as a successor to OpenID?
diff --git a/doc/plugins/openid/discussion.mdwn b/doc/plugins/openid/discussion.mdwn
index a88da8b..6efbf34 100644
--- a/doc/plugins/openid/discussion.mdwn
+++ b/doc/plugins/openid/discussion.mdwn
@@ -24,3 +24,7 @@ They have more on OpenID 2.0 in [their FAQ](http://developer.yahoo.com/openid/fa
 I'm trying to add a way to query the data saved by the OpenID plugin from outside of ikiwiki, to see what identity the user has been authenticated as, if any. I'm thinking of designating some directories as internal pages and check the identity against a list in a mod_perl access hook. I would also write a CGI script that would return a JSON formatted reply to tell if the user is authenticated for those pages and query it with AJAX and only render links to the internal pages if the user would have access to them. That's just a couple of ideas I'm working on first, but I can imagine that there's any number of other tricks that people could implement with that sort of a thing.
 
 Also, this isn't really specific to OpenID but to all auth plugins, but I'm going to use only OpenID for authentication so that's what I'm targeting right now. I suppose that would be worth its own TODO item. --[[kaol]]
+
+----
+
+So OpenID is dying, but OpenID connect is actually out there: Google is using it now, and probably other providers. There is interesting hybrid of OpenID and email auth called [Portier](https://portier.github.io) that is a successor to Persona that may be interesting here... The main problem here is that the broker is written in Rust and I am not sure we want to depend on such a thing in Ikiwiki. Still, the protocol could be used as a basis here... --[[anarcat]]

introduce portier here as well, while i'm here
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index ec7b4b9..de5d2b1 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -134,3 +134,7 @@ Thoughts anyone? --[[Joey]]
 >>> --[[smcv]]a
 
 >>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]
+
+Note that the implementation of this lives in [[plugins/emailauth]].
+
+Also, I have found a similar system called [Portier](https://portier.github.io) that enables email-based auth but enhances it with [[plugins/openid]] connect... Maybe ikiwiki's authentication system could follow the standards set by Portier? OpenID connect discovery is particularly interesting, as it could mean that using your GMail address to login to ikiwiki would mean that you go straight to the more secure OpenID / Oauth authentication instead of relying on the slow "send email and click link" system... --[[anarcat]]

nextgen persona?
diff --git a/doc/todo/BrowserID.mdwn b/doc/todo/BrowserID.mdwn
index 239d33e..1bcfaef 100644
--- a/doc/todo/BrowserID.mdwn
+++ b/doc/todo/BrowserID.mdwn
@@ -26,3 +26,5 @@ Some additional information on BrowserID:
 
 BrowserID, or Mobilla Persona, is shutting down with 30th of November 2016.
 Seen at <https://login.persona.org/about> --[[leg]]
+
+The successor to Persona seems to be [Portier](https://portier.github.io), which is based on OpenID connect. --[[anarcat]]

another look at bootstrap and packaging strategies
diff --git a/doc/todo/merge_bootstrap_branch.mdwn b/doc/todo/merge_bootstrap_branch.mdwn
index 34a4a1f..5e046f7 100644
--- a/doc/todo/merge_bootstrap_branch.mdwn
+++ b/doc/todo/merge_bootstrap_branch.mdwn
@@ -29,3 +29,35 @@ except when the bootstrap theme is enabled.
 >> [See for yourself](https://notabug.org/iikb/ikiwiki-theme-bootstrap/commit/7f30630b6255336a34b14f70f2a674e15cd797a0) - don't mind the red parts.
 >> This is tedious and boring, it's easier to tamper with template files
 >> than to rewrite bootstrap by copying and pasting it. --[[desci]]
+
+> Is there any progress here? Someone wanting to build a Bootstrap 4
+> should look at working with this branch or a custom theme?
+>
+> For the record, there is a Debian package for
+> [font-awesome][]. [mkdocs-bootstrap][] uses
+> that. [sphinx-bootstrap-theme][] is another bootstrap-based theme
+> packaged in Debian. Both ship embeded copies of Bootstrap 3, so
+> there are prior offenses to just shipping the code within the
+> package.
+>
+> It would be preferable to package bootstrap 4 seperately of
+> course... I made a [RFP for packaging B4](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842828).
+>
+> I was somehow under the impression that Boostrap 4 was lighter, but
+> looking at the actual code on the alpha site makes me think that it
+> is actually larger, which reduces the incentives for me to do the
+> upgrade... Along with jquery, it's a 100KB overhead on first load,
+> something that shouldn't be neglected. The [alpha site][] is around
+> 1MB and 25 requests! My site can currently squeeze all of jquery and
+> boostrap in 80KB (including the glyphs font) and it's only that
+> stupid Mozilla Fira font that makes it blow up to 300KB... So I am
+> not sure I would switch to B4 - maybe doing a B3 merge would be best
+> for now, especially since Bootstrap 3 is already packaged in Debian?
+> -- [[anarcat]]
+
+[alpha site]: https://v4-alpha.getbootstrap.com
+[bug #704330]: https://bugs.debian.org/704330
+[orphaned]: https://tracker.debian.org/pkg/twitter-bootstrap
+[sphinx-bootstrap-theme]: https://tracker.debian.org/pkg/sphinx-bootstrap-theme
+[mkdocs-bootstrap]: https://tracker.debian.org/pkg/mkdocs-bootstrap
+[font-awesome]: https://tracker.debian.org/pkg/fonts-font-awesome

The C2 wiki appears to have moved.
diff --git a/doc/shortcuts.mdwn b/doc/shortcuts.mdwn
index 1748a02..ea905d8 100644
--- a/doc/shortcuts.mdwn
+++ b/doc/shortcuts.mdwn
@@ -44,7 +44,7 @@ This page controls what shortcut links the wiki supports.
 * [[!shortcut name=iki url="http://ikiwiki.info/%S/"]]
 * [[!shortcut name=ljuser url="http://%s.livejournal.com/"]]
 * [[!shortcut name=rfc url="https://www.ietf.org/rfc/rfc%s.txt" desc="RFC %s"]]
-* [[!shortcut name=c2 url="http://c2.com/cgi/wiki?%s"]]
+* [[!shortcut name=c2 url="http://wiki.c2.com/?%s"]]
 * [[!shortcut name=meatballwiki url="http://www.usemod.com/cgi-bin/mb.pl?%s"]]
 * [[!shortcut name=emacswiki url="http://www.emacswiki.org/cgi-bin/wiki/%s"]]
 * [[!shortcut name=haskellwiki url="http://haskell.org/haskellwiki/%s"]]

diff --git a/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__.mdwn b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__.mdwn
new file mode 100644
index 0000000..9da692d
--- /dev/null
+++ b/doc/forum/laptop_wiki_with_git_-_but_the_other_way_around__63__.mdwn
@@ -0,0 +1,42 @@
+Hey everyone, I have a local "laptop" wiki which uses git as it's version control system. I would like my wiki to be mirrored by my hoster (nearlyfreespeech) so I can browse and edit it on the go as well as have an offsite backup of it if my laptop should ever die. In the last three hours I figured out that:
+
+1. I need to install ikiwiki on my nearlyfreespeech site
+2. I need to create a remote for my local repository on my nfs site.
+3. I need to setup ikiwiki on nfs
+4. I need to mirror/sync continously my local laptop repo with the main repo on my server (probably through the remote)
+
+So far I figured out parts of this plan. My status quo is the following:
+
+- laptop:
+    - srcdir: ~/wiki
+    - destdir: ~/sites/wiki (this shouldn't matter since it points to my local webserver setup)
+    - repository: ~/wiki.git
+- nfs:
+    - srcdir: /home/private/wiki
+    - destdir: /home/public
+    - repository: /home/private/2wiki.git
+    - remote repository: /home/private/wiki.git (configured as a remote named "nfswiki" on my laptop)
+
+On my laptop I can now go into ~/wiki, edit some files and afterwards can invoke ikiwiki --setup ~/wiki.setup which will generate a local version of my site for me. If I want to update my server copy, I can go into ~/wiki do git add ., git commit -m "Update", git push nfswiki master (which I hope is the correct way of doing things???). Afterwards I should have a (bare) repo on my nfs server with the same contents as my local (bare) repo, since I setup my remote with my local (bare) repo, which gets updated whenever I update my working copy (= srcdir).
+
+On my server I have installed ikiwiki more or less as described [here](https://ikiwiki.info/tips/nearlyfreespeech/). I setup this wiki by using the auto.setup method. It works. I basically have an empty wiki waiting to be filled.
+
+But how do I now create the plumbing necessary to let me…
+
+- connect the remote of my laptop repo to the nfs repo?
+- connect the nfs repo to the laptop repo through my remote?
+- edit either wiki (local/nfs) and the changes get synced to both wikis?
+
+Here my sparse understanding (which is still a generous way to put it) of git is simply not enough.
+
+Pages I have checked out:
+
+- [nearlyfreespeech](https://ikiwiki.info/tips/nearlyfreespeech/)
+- [distributed wikis](https://ikiwiki.info/tips/distributed_wikis/)
+- [laptop wiki with git](https://ikiwiki.info/tips/laptop_wiki_with_git/)
+- [byhand](https://ikiwiki.info/setup/byhand/)
+- [setup](https://ikiwiki.info/setup/)
+
+I'm very very thankful for any suggestions, since I have myself commited to solve any problems (and at least kinda understand what is involved here) to make this work at least to a degree that I can replicate the results in similar situations.
+
+Thanks for reading and for any tips that you can offer towards making me understand this admittedly complicated and involved question.

diff --git a/doc/sandbox.mdwn b/doc/sandbox.mdwn
index e3b8412..0872462 100644
--- a/doc/sandbox.mdwn
+++ b/doc/sandbox.mdwn
@@ -215,3 +215,5 @@ Testing. Test. 試験として書き込みします。
 Καλημέρα!
 
 test
+
+I must **emphasise** this.

That was a (curious) mistake.
This reverts commit 1bfe2e2e19bf45bac52c0cc0bc0b17cea64887b6
diff --git a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
new file mode 100644
index 0000000..a667bfa
--- /dev/null
+++ b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
@@ -0,0 +1,46 @@
+This may, strictly speaking, be a bug in the [[plugins/contrib/pandoc]] plugin, but I think it would be better to fix it in ikiwiki because of its kind (and maybe because I believe/hope pandoc will become the markdown dialect standard). For all I know it might not only affect pandoc tables. 
+
+When creating a simple table in pandoc-flavoured markdown,
+
+    1    2
+    ---  ---
+    3    4
+
+pandoc converts this to the html code
+
+	<table>
+	<thead>
+	<tr class="header">
+	<th align="left">1</th>
+	<th align="left">2</th>
+	</tr>
+	</thead>
+	<tbody>
+	<tr class="odd">
+	<td align="left">3</td>
+	<td align="left">4</td>
+	</tr>
+	</tbody>
+	</table>
+
+`<tr class="header">` causes it to be affected by `style.css`'s
+
+	.header {
+		margin: 0;
+		font-size: 140%;
+		font-weight: bold;
+		line-height: 1em;
+		display: block;
+	}
+
+(more specifically by `display: block;`), which results in all header cells to cramp together in the first column.
+
+The fix is easy: In `style.css` change `.header {` to `.header tr:not(.header) {`.
+
+Alternatively, add the following code.
+
+	tr.header {
+		display: table-row;
+		}
+
+I've added that last code snippet to my `custom.css` file. I admit `.header tr:not(.header)` is not especially elegant, but then again, I have almost no knowledge of CSS. There might be better solutions. (I don't even know why `display: block;` breaks the tables or why changing it to `display: table-header;` doesn't fix it but `display: table-row;` does :D )

removed
diff --git a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
deleted file mode 100644
index a667bfa..0000000
--- a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
+++ /dev/null
@@ -1,46 +0,0 @@
-This may, strictly speaking, be a bug in the [[plugins/contrib/pandoc]] plugin, but I think it would be better to fix it in ikiwiki because of its kind (and maybe because I believe/hope pandoc will become the markdown dialect standard). For all I know it might not only affect pandoc tables. 
-
-When creating a simple table in pandoc-flavoured markdown,
-
-    1    2
-    ---  ---
-    3    4
-
-pandoc converts this to the html code
-
-	<table>
-	<thead>
-	<tr class="header">
-	<th align="left">1</th>
-	<th align="left">2</th>
-	</tr>
-	</thead>
-	<tbody>
-	<tr class="odd">
-	<td align="left">3</td>
-	<td align="left">4</td>
-	</tr>
-	</tbody>
-	</table>
-
-`<tr class="header">` causes it to be affected by `style.css`'s
-
-	.header {
-		margin: 0;
-		font-size: 140%;
-		font-weight: bold;
-		line-height: 1em;
-		display: block;
-	}
-
-(more specifically by `display: block;`), which results in all header cells to cramp together in the first column.
-
-The fix is easy: In `style.css` change `.header {` to `.header tr:not(.header) {`.
-
-Alternatively, add the following code.
-
-	tr.header {
-		display: table-row;
-		}
-
-I've added that last code snippet to my `custom.css` file. I admit `.header tr:not(.header)` is not especially elegant, but then again, I have almost no knowledge of CSS. There might be better solutions. (I don't even know why `display: block;` breaks the tables or why changing it to `display: table-header;` doesn't fix it but `display: table-row;` does :D )

Added a comment: Translating "Last edited"
diff --git a/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site/comment_1_a08c809d6603f61a157984af6ccf6603._comment b/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site/comment_1_a08c809d6603f61a157984af6ccf6603._comment
new file mode 100644
index 0000000..43374b0
--- /dev/null
+++ b/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site/comment_1_a08c809d6603f61a157984af6ccf6603._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spalax"
+ subject="Translating &quot;Last edited&quot;"
+ date="2016-09-27T19:08:29Z"
+ content="""
+Since the \"last edited\" text is hard coded (see line 209 of [the page template](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=templates/page.tmpl;hb=72c3b81efb1079f8db070ac89e97e9b7bcedd61b#l209)), I think that the only way to translate it is to copy the page template into your website source, and translate the text in it.
+
+Concerning the localized time, I wonder if ensuring that your LANG environment variable is correctly set is sufficient…
+"""]]

diff --git a/doc/bugs/show_parameter_in_map_directive_is_ignored_on_wiki_rebuild.mdwn b/doc/bugs/show_parameter_in_map_directive_is_ignored_on_wiki_rebuild.mdwn
new file mode 100644
index 0000000..9b5809e
--- /dev/null
+++ b/doc/bugs/show_parameter_in_map_directive_is_ignored_on_wiki_rebuild.mdwn
@@ -0,0 +1 @@
+When I run `ikiwiki` with the ``--rebuild`` option (or only with the `--setup file.setup` option a map directive like `\[[!map  pages="*" show=title]]` generates a page map as if it didn't contain any `show` parameter. Only after I manually edit something which causes the page containing the map directive to be rebuilt is the page map regenerated without ignoring the `show` parameter.

diff --git a/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
new file mode 100644
index 0000000..a667bfa
--- /dev/null
+++ b/doc/bugs/style.css___40__unnecessarily__41___breaks_pandoc_table_headers.mdwn
@@ -0,0 +1,46 @@
+This may, strictly speaking, be a bug in the [[plugins/contrib/pandoc]] plugin, but I think it would be better to fix it in ikiwiki because of its kind (and maybe because I believe/hope pandoc will become the markdown dialect standard). For all I know it might not only affect pandoc tables. 
+
+When creating a simple table in pandoc-flavoured markdown,
+
+    1    2
+    ---  ---
+    3    4
+
+pandoc converts this to the html code
+
+	<table>
+	<thead>
+	<tr class="header">
+	<th align="left">1</th>
+	<th align="left">2</th>
+	</tr>
+	</thead>
+	<tbody>
+	<tr class="odd">
+	<td align="left">3</td>
+	<td align="left">4</td>
+	</tr>
+	</tbody>
+	</table>
+
+`<tr class="header">` causes it to be affected by `style.css`'s
+
+	.header {
+		margin: 0;
+		font-size: 140%;
+		font-weight: bold;
+		line-height: 1em;
+		display: block;
+	}
+
+(more specifically by `display: block;`), which results in all header cells to cramp together in the first column.
+
+The fix is easy: In `style.css` change `.header {` to `.header tr:not(.header) {`.
+
+Alternatively, add the following code.
+
+	tr.header {
+		display: table-row;
+		}
+
+I've added that last code snippet to my `custom.css` file. I admit `.header tr:not(.header)` is not especially elegant, but then again, I have almost no knowledge of CSS. There might be better solutions. (I don't even know why `display: block;` breaks the tables or why changing it to `display: table-header;` doesn't fix it but `display: table-row;` does :D )

diff --git a/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site.mdwn b/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site.mdwn
new file mode 100644
index 0000000..5e74844
--- /dev/null
+++ b/doc/forum/How_to_translate___34__Last_edited...__34___etc._for_static_ikiwiki_site.mdwn
@@ -0,0 +1,9 @@
+I host a static ikiwiki site with pages written in Norwegian. To the end user, not much English is visible except for "Last edited" on the bottom and RecentChanges on top of every page.
+
+I'd like ikiwiki to translate these terms (and preferably also localize the time and date displayed). What is the proper way to do this?
+
+I've looked at [[translation]], [[plugins/po]] and I still haven't got a clue. Translating the RecentChanges page itself is not a concern.
+
+Thanks in advance!
+
+PS: As much as I admire the software of Joey Hess, I'm amazed over and over of how hard it is for me to do certain easy things with it, and how it seems like no one else considers this to be a difficulty. It's like the software presupposed a type of thinking one acquires when coding? working a lot with git etc? I don't know. Is is only me? (Semivalid example: Using my ikiwiki setup-file and wiki pages to generate a site with all dynamic stuff enabled (meant as a read-only wiki) Wouldn't a lot of ikiwiki users like to do this?  The example is semivalid because apparently [someone else](https://wiki.math.cmu.edu/iki/wiki/tips/20130930-ikiwiki/020-local-preview.html) found this intuitive too.)