moin (1.9.8-1) unstable; urgency=medium * New upstream release, lots of bug fixes * Remove patches that are now upstream: + avoid_empty_dir_creation.patch + subscribercache.patch * Update patches to fit upstream changes: + disable_gui_editor_if_fckeditor_missing.patch + use_systemwide_libs.patch + mail-verification.patch + external_account_creation_check.patch * Update README.Debian; add more info about "moin maint" etc. -- Steve McIntyre <93sam@debian.org> Sun, 19 Oct 2014 01:31:22 +0100 moin (1.9.7-2) unstable; urgency=medium * Add source for the minified copy of jquery.js included in the upstream source tarball, even though it's never used in the Debian build at all. Close: #754783. Mention it in README.source too * Minor updates prompted by lintian: + Update Standards-Version + Switch from "dh_clean -k" to "dh_prep" + Minor tweaks to debian/copyright to fix parse errors -- Steve McIntyre <93sam@debian.org> Thu, 31 Jul 2014 14:34:47 +0100 moin (1.9.7-1) unstable; urgency=low * New upstream release (x2) * Make sure that strings output to the external account creation checker are marked as UTF-8. * Re-add missing dependencies, fallout from the CDBS switch. Closes: #704433 * Add dependency on python-passlib rather than use the bundled version. * Update patches to fit upstream changes: + recaptcha.patch + subscribercache.patch + use_systemwide_libs.patch + mail-verification.patch * Remove patches that were already from upstream: + constant_time_strcmp.patch + escape_css_url.patch + secure_taintfile_name.patch + escape_pagename_in_rss.patch + draw-taintfile.patch + attachfile-path-traversal.patch * Split out the call to external account creation check into a separate patch (external_account_creation_check.patch) instead of lumping it in with mail-verification.patch * Do not create empty pagedir (with empty edit-log). Patch from upstream. Closes: #721557 -- Steve McIntyre <93sam@debian.org> Tue, 30 Apr 2013 18:45:43 +0100 moin (1.9.5-5) unstable; urgency=low * Re-package without CDBS. * Switch from dh_pysupport to dh_python2 -- Steve McIntyre <93sam@debian.org> Sat, 19 Jan 2013 19:45:43 +0000 moin (1.9.5-4) unstable; urgency=high * Another security fix from upstream: + fix path traversal vulnerability in AttachFile action (CVE-2012-6080). -- Steve McIntyre <93sam@debian.org> Sat, 29 Dec 2012 19:01:04 +0000 moin (1.9.5-3) unstable; urgency=high * Security fix from upstream: + fix remote code execution vulnerability in twikidraw/anywikidraw actions (CVE-2012-6081). -- Steve McIntyre <93sam@debian.org> Sat, 29 Dec 2012 16:54:15 +0000 moin (1.9.5-2) unstable; urgency=high * Several security fixes from upstream: + fix XSS issue, escape page name in rss link (CVE-2012-6082) + make taintfilename more secure + escape user- or admin-defined css url + use a constant time str comparison function to prevent timing attacks -- Steve McIntyre <93sam@debian.org> Wed, 12 Dec 2012 14:17:35 +0000 moin (1.9.5-1) unstable; urgency=low * New upstream release. * New maintainer: Steve McIntyre. Thanks to Jonas for all his previous hard work. -- Steve McIntyre <93sam@debian.org> Sat, 10 Nov 2012 20:19:36 +0000 moin (1.9.4-8) unstable; urgency=high * High urgency for a security fix * Add patch from upstream to fix a virtual group bug in ACL evaluation (CVE-2012-4404). -- Steve McIntyre <93sam@debian.org> Wed, 05 Sep 2012 01:57:30 +0100 moin (1.9.4-7) unstable; urgency=low * subprocess.check_output only appeared in python 2.7. Use subprocess.Popen and .communicate() instead to get the same effect but working on older python versions too. -- Steve McIntyre <93sam@debian.org> Fri, 10 Aug 2012 14:20:26 +0100 moin (1.9.4-6) unstable; urgency=low * Fix the error message displayed when external_creation_check fails -- Steve McIntyre <93sam@debian.org> Mon, 30 Jul 2012 19:52:39 +0100 moin (1.9.4-5) unstable; urgency=low * Store date and host when a new account is created * Add the option to call an external helper program at account creation time to help with local account control policy (e.g. anti-spam) * Make sending of email verification messages slightly more verbose. -- Steve McIntyre <93sam@debian.org> Sun, 29 Jul 2012 11:40:28 +0100 moin (1.9.4-4) unstable; urgency=low * Fix stupid typo in the mail verification patch. Closes: #671211 -- Steve McIntyre <93sam@debian.org> Thu, 03 May 2012 12:55:49 +0100 moin (1.9.4-3) unstable; urgency=low * Update the subscriber lookup patch to add locking. * Add a new patch to add support for verifying email addresses during account creation. -- Steve McIntyre <93sam@debian.org> Mon, 30 Apr 2012 17:22:27 +0100 moin (1.9.4-2) unstable; urgency=low * Add a cache for subscriber lookup to boost performance on page save. Patch from Vitaliy Shchupak. Closes: #668000 -- Steve McIntyre <93sam@debian.org> Mon, 16 Apr 2012 20:18:27 +0100 moin (1.9.4-1) unstable; urgency=low * New upstream release. Closes: bug#663340. * Bump debhelper compatibility level to 7. * Stop providing/replacing/conflicting with moinmoin-common: Transitional quirk unneeded since Lenny. * Drop preinst/postrm conffile renaming hack, unneeded since MoinMoin 1.5.2. * Update package relations: + Stop needlessly build-depend versioned on cdbs: shadowed by even tighter versioning due to use of default Python install helper. + Use unversioned suggest for python-docutils: Needed version satisfied even in oldstable. * Drop dpkg-source local-options hint: Declared options are default since dpkg-source 1.16.1. * Drop patch implementing CVE-2011-1058: Applied upstream. * Unfuzz patch disabling GUI editor. * Update copyright file: + Extend/bump some copyright years. + Introduce new copyright holder. + Fix list more specific Files section after general one. + Bump format to 1.0. + Fix double-indent in Copyright fields as per Policy §5.6.13. * Bump standards-version to 3.9.3. -- Jonas Smedegaard Tue, 13 Mar 2012 11:20:33 +0100 moin (1.9.3-3) unstable; urgency=high [ Steve McIntyre ] * Add myself to Uploaders * Add patch from upstream to fix a cross-site scripting vulnerability in the rst parser (CVE-2011-1058). Closes: #643904 -- Steve McIntyre <93sam@debian.org> Tue, 04 Oct 2011 13:14:09 +0100 moin (1.9.3-2) unstable; urgency=low * Ease building with git-buildpackage: + Git-ignore quilt .pc dir. + Add source local-options. * Add patch to add simple support for using recaptcha. Closes: bug#637880. Thanks to Steve McIntyre. * Depend on python-recaptcha, required by recaptcha support. * Suggest cifs-utils (not smbfs). Closes: bug#638156. Thanks to Luk Claes. * Update copyright file: + Rewrite using draft 174 of DEP-5 format. + Add recaptcha patch, licensed GPL-2+. * Use Python helper python2 (not python-support). * Bump Policy compliance to Standards-Version 3.9.2. -- Jonas Smedegaard Mon, 22 Aug 2011 19:13:00 +0200 moin (1.9.3-1) unstable; urgency=low * New upstream release. [ Frank Lin PIAT ] * Build-Depends on python rather than python-dev. Closes: bug#576426. * Fix location of README.Migration in NEWS file. * Install upstream's docs/REQUIREMENTS file. * Add manpage moin(1). * Drop lintian override for test.wsgi: no longer executable. * Add lintian override for no-doc-base-registration. * Install the desktop edition sample config files. * Fix werkzeug-0.6 http redirect incompatibility. Closes: bug#579189. * Improve DEP3 header for patch fix_werkzeug_0.6_http_redirect * Fix werkzeug-0.6 xmlxpc incompatibility. Closes: bug#580186. [ Jonas Smedegaard ] * Fix conditionally append version in hash-bang of Python scripts (relevant only on systems where default Python version is unsupported - i.e. highly unlikely to have caused real trouble anywhere). Tighten build-dependency on cdbs to versions providing new variable name. Rephrase related comment. * Drop files section in copyright file for no longer shipped CDBS snippet. * Fix append version to python dependency if using non-default version. * Tidy rules file: move variable below cdbs inclusions, and improve some comments. * Drop patches applied in upstream 0.9.3 release. Refresh patches. * Tighten build-dependency on cdbs. * Bump Policy compliance to Standards-Version 3.9.1. -- Jonas Smedegaard Sat, 31 Jul 2010 20:46:59 -0400 moin (1.9.2-3) unstable; urgency=high [ Frank Lin PIAT ] * Add patch to fix CVE-2010-0828: XSS in Despam page. Closes: 575995, thanks to Jamie Strandboge (Ubuntu). [ Jakub Wilk ] * Fix htdocs symlink, when compiled with python2.6. Closes: bug#557956. [ Jonas Smedegaard ] * Drop local package-relations.mk snippet, now in main cdbs package. * Unfuzz and refresh patches (with quilt compacting options --no-timestamps --no-index -pab). * Add DEP3 header to patch "CVE-2010-0828.patch". * Stop suppressing optional build-dependencies: we need recent cdbs anyway (to not complicate packaging with a local CDBS snippet) so cannot please backporters anyway. * Build-depend on devscripts and dh-buildinfo, and tighten build- dependency on cdbs, due to above changes. -- Jonas Smedegaard Sat, 03 Apr 2010 16:27:00 +0200 moin (1.9.2-2) unstable; urgency=medium [ Frank Lin PIAT ] * Minor improvements to moin-update-wikilist.1 manpage [ Jonas Smedegaard ] * Update local CDBS snippets: + use main upstream-tarball.mk, and drop no longer used local one. + Include main utils.mk (not copyright-check.mk now gone). + Only dash-include non-crucial upstream-tarball.mk and suppress its build-dependency hint, to ease backporting. + Temporarily disable buildinfo.mk, until more backport-friendly. + Shrink local package-relations.mk to only handle binary relations (the rest merged into buildcore.mk since cdbs 0.4.69), and fix avoid accidentally relying on debhelper.mk. * As effect of above, stop build-depending on devscripts or dh-buildinfo, and relax build-dependency on cdbs to be unversioned. * Set urgency=medium, as only manpage changes should affect content of package, and improved backportability is wanted in testing. -- Jonas Smedegaard Mon, 08 Mar 2010 20:41:32 +0100 moin (1.9.2-1) unstable; urgency=low [ Frank Lin PIAT ] * New upstream release. + Fix broken with python-werkzeug 0.6-1, Closes: #571016 + Fix CVE-2010-0668 and CVE-2010-0669, Closes: #569975 + Fix action=diff Exception if a page doesn't exist/has no editlog, Closes: #567129 + Fix incompatibility with old style configuration "cookie_lifetime = 1" Closes: #560172 + Improve documentation of farmconfig.py, Closes: #559896 [ Jonas Smedegaard ] * Drop old conflicts/replaces needed for Etch transition. * Update copyright file: + Comma-separate files + merge some debian entries + bump some years + Add leading ./ to files + Improve wording of X-Copyright-Comment stanza + Use Maintainer stanza (not Contact) + Use Expat (not other-MIT) as license short-name + Fix GPL licenses to include verbatim license text, disclaimer and reference to FSF + Merge license other-ModifiedBSD with virtually identical other- ModifiedBSD-contributors + Declare copyright conformant with DEP5 rev. 135 * Bump copyright years and add Frank Lin as owner in rules file. * Refer to FSF website (not postal address) in rules file header. * Drop DEB_AUTO_UPDATE_DEBIAN_CONTROL handling from rules file (included in main cdbs since 0.4.67). Drop now unneeded lintian- overrides. * Stop build-depending on (yet) unused help2man. * Simplify installation of desktop edition (both ours and that of the local user). * Drop workaround rules for cruft no longer shipped upstream. * Ensure variable-expanded files are not accidentally copyright- checked (double-colon rules may run in parallel). * Drop local CDBS snippets copyright-check.mk and buildinfo.mk, included with cdbs since 0.4.67. Tighten build-dependency on cdbs to versions providing the snippets. * Improve package-relationships.mk to strip unversioned build- dependency following same versioned. * Use source format "3.0 'quilt'": + Add format hint to source + Update README.source + Stop including patchsys-quilt.mk + Stop build-depending on quilt or patchutils * Drop local CDBS snippet python-distutils.mk, cdbs now mature enough. Relax build-dependencies on python-dev and python-support. -- Jonas Smedegaard Mon, 01 Mar 2010 23:23:11 +0100 moin (1.9.1-1) unstable; urgency=high * New upstream release. + Fixes security issue in CGI handling, introduced in 1.9. Closes: bug#565854, thanks to Pascal Volk and Frank Lin PIAT. * Update local CDBS snippets: + Tighten and minor fix of package-relations.mk dependency cleanup. + Relax upstream-tarball.mk to depend unversioned on cdbs (the needed 0.4.39 is in oldstable). + Check most lines (top 99999, not just 60) in copyright-check.mk. Improve licensecheck filtering. Group files by owners (ignore years) and sort owners by ownership string (years and then owner). + Update upstream-tarball.mk to preserve bzip2 tarballs with source format 3.0 (quilt). * Minor updates to debian/copyright (no new owners or licenses). * Make debhelper build-dependency unversioned (thanks to CDBS). * Fix emodify explicitly ownership for all in zip repackaging script process_language_pages, to avoid spurious failure to remove write access from lithuanian binary. * Set urgency=high due to security fix. -- Jonas Smedegaard Fri, 22 Jan 2010 12:16:29 +0100 moin (1.9.0-1) unstable; urgency=low * New upstream release -- Jonas Smedegaard Mon, 07 Dec 2009 12:42:08 +0100 moin (1.9.0~rc2-1) unstable; urgency=low [ Frank Lin PIAT ] * New upstream prerelease [ Jonas Smedegaard ] * Another new upstream prerelease. * Unfuzz and merge patches to use separately packaged Python modules, and extend to cover Xappy. Recommend python-xappy. * Build-depend on unzip and zip. * Suggest (not depend on) python-flup. * Suggest python-openid, python-tz, python-ldap, python-mysqldb, smbfs, poppler-utils/xpdf-utils and docbook-dsssl. * Improve local hacked licensecheck to adjust more known contributors, and sync with distributed version 2.10.58. * Update debian/copyright: many new, changed and dropped owners and copyright years in new upstream release, and a new ModifiedBSD licensing variant. * Update version mangling for get-orig-source rule. * Fix explicitly use sh to invoke process_language_pages in debian/rules (script not guaranteed to be set executable). * Restructure patches to DEP3 format: Adjust meta-info; drop leading numbers and README, unfuzz. * Add NEWS item (targeted right before upstream 1.9.0 release) about need for migration. Bump firstcompat migration hint in postinst. * Tighten supported Python versions to at least 2.4. -- Jonas Smedegaard Tue, 01 Dec 2009 13:20:06 +0100 moin (1.8.5-1) unstable; urgency=low [ Frank Lin PIAT ] * New Upstream Version * Bump standards-version to 3.8.3. * Move package to section "web". * Suppress lintian warnings about test.wsgi script not being executable. * Re-enable patch 10001 (disable RenderAsDocbook if no xml) the patch was updated but not enabled. * Improve upgrading note in README.Debian, Closes: bug#494355. [ Jonas Smedegaard ] * Update package-relations.mk: Cleanup unversioned+versioned dependency mix. Improve whitespace cleanup. Rewrite and silence applying dependencies. * Drop binary section stanza (superfluous when equal to source stanza). * Update Vcs-Browser stanza to versioned branches (to make room for concurrent packaging of multiple major releases of MoinMoin). * Update a copyright year in debian/copyright. -- Jonas Smedegaard Sun, 13 Sep 2009 00:40:07 +0200 moin (1.8.4-1) unstable; urgency=low [ Frank Lin PIAT ] * New Upstream Version. * Define VirtualHost port number in Apache2 examples, Closes: bug#533062. [ Jonas Smedegaard ] * Update URL to draft DEP5 format in copyright-check.mk output. * Sync local patched licensecheck script with devscript 2.10.51. -- Jonas Smedegaard Thu, 18 Jun 2009 00:14:44 +0200 moin (1.8.3-2) unstable; urgency=low [ Frank Lin PIAT ] * Fix an error in moin-mass-migrate, when setuid account belongs to a group through NSS (ldap, psql). Closes: #530635. Thanks to Joey Hess for the patch (initially targeted to ikiwiki-mass-rebuild). [ Jonas Smedegaard ] * Recommend default-mta (not exim4) as, well, default MTA. Closes: bug#531729. * Update CDBS snippets: + Fix package-relations cleanup of debhelper 7 + Implement fail-source-not-repackaged rule in upstream-tarball.mk * Rewrite copyright to use DEP5 r54 proposed machine-readable format. -- Jonas Smedegaard Wed, 03 Jun 2009 20:11:53 +0200 moin (1.8.3-1) unstable; urgency=high [ Frank Lin PIAT ] * Re-implement patch 10001_disable_RenderAsDocbook_if_no_xml. * Warn if fckeditor is installed but not configured. * Don't create fake fckeditor.js because we can't invalidate the client side caching once fckeditor is installed. * Update the copyright file. [ Jonas Smedegaard ] * New upstream release: + Fixes CVE-2009-1482. Closes: bug#526594. * Add README.source. Drop custom hints about CDBS. * Bump standards-version to 3.8.1. * Maintain all package relations in debian/rules, resolved using CDBS. * Set urgency=high due to security fix. -- Jonas Smedegaard Wed, 20 May 2009 17:44:30 +0200 moin (1.8.2-2) unstable; urgency=low [ Jonas Smedegaard ] * Update debian/copyright (Bump years, merge equally licensed and authored files. * Update copyright hints. * Refer to …/README.Debian(.gz) (not just …/README.Debian), and limit note to max. 72 chars per line. Closes: bug#516123, thanks to Brent Clark. [ Frank Lin PIAT ] * Use systemwide copy of fckeditor Closes: bug#452599 -- Jonas Smedegaard Thu, 26 Feb 2009 04:47:03 +0100 moin (1.8.2-1) unstable; urgency=low * New upstream release. -- Jonas Smedegaard Sun, 08 Feb 2009 20:48:30 +0100 moin (1.8.1-1) unstable; urgency=low * New upstream release. * Add NEWS item (targeted for upstream 1.8.1 release) about need for migration. Bump firstcompat migration hint in postinst. * Auto-resolve html staticpath at build time. Closes: bug#507182, thanks to John Goerzen. * Update CDBS snippets: + Several minor improvements to upstream-tarball.mk. + Compact simple licenses (those without ' or later') in copyright-check.mk + Fix use underscore (not dash) in internal variable + Ignore only debian changelog and copyright-related files by default in copyright-check.mk + Correct and update copyright hints of the snippets themselves * Add licensing info to debian/rules. * Include local copy of licensecheck, patched to vastly improve discovery of the hinting style used in MoinMoin sources. Patch copyright-check.mk CDBS snippet to use local licensecheck. * Update copyright hints. * Rewrite debian/copyright to use new proposed format (v420). * Drop depending on dropped or irrelevant packages: + libapache-mod-python (dropped) + libapache-mod-fastcgi (dropped) + python-twisted (just a transitional package) Closes: bug#429713, thanks to Jérémie Corbier. * Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis). * Depend on ${misc:Depends}. * Semi-auto-update debian/control to update dependencies: DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean -- Jonas Smedegaard Tue, 30 Dec 2008 02:25:54 +0100 moin (1.8.0-1) unstable; urgency=low * New upstream release. * Fix prerelease numbering in uscan and debian/rules to use ~ (not dot). (Luckily the recent prereleases was done only to experimental, so the odd version numbers shouldn't count). * Drop installing documentation file docs/HACKS: Dropped upstream. -- Jonas Smedegaard Tue, 04 Nov 2008 23:40:01 +0100 moin (1.8.0.beta1-2) experimental; urgency=low * Document how to use various features in README.Debian -- Frank Lin PIAT Mon, 15 Sep 2008 22:02:36 +0200 moin (1.8.0.beta1-1) experimental; urgency=low * New upstream prerelease. * Add leading dot to Debian representation of upstream prereleases (to keep it lower than final release) in debian/rules and watch file. * Disable patch 10001 (disable RenderAsDocbook if no xml) as upstream config parsing code has changed: patch needs a complete rewrite! * Drop installing example code phpwiki_migration: Dropped upstream. -- Jonas Smedegaard Sun, 14 Sep 2008 18:26:57 +0200 moin (1.7.2-1) unstable; urgency=low * New upstream release. * Preserve upstream automade i18n files instead of removing in clean target (works more robust with source maintained under VCS). -- Jonas Smedegaard Tue, 09 Sep 2008 08:41:11 +0200 moin (1.7.1-2) never-really-releasedq; urgency=low * Update cdbs snippet python-distutils.mk to run dh_py* scripts before dh_installinit. See bug#494288. -- Jonas Smedegaard Fri, 08 Aug 2008 13:38:17 +0200 moin (1.7.1-1) unstable; urgency=low * New upstream release. Closes: bug#492233, thanks to Teodor. + Fixes bogus empty page creation. Closes: bug#489146, thanks to Sam Morris. * Recommend python-xml, needed for RSS feeds. Closes: bug#488777, thanks to Sam Morris. * Add patch 10001 to disable RenderAsDocbook if python-xml is not available. Closes: bug#487741, thanks to Franklin Piat. * Update cdbs snippets: + Move dependency cleanup to new local snippet package-relations.mk. + Update copyright-check output to more closely match proposed new copyright file format. + Update README.cdbs-tweaks. -- Jonas Smedegaard Thu, 24 Jul 2008 23:50:51 +0200 moin (1.7.0-3) unstable; urgency=low * Simplify /etc/moin/wikilist format: "USER URL" (drop unneeded middle CONFIG_DIR that was wrongly advertised as DATA_DIR). Make moin-mass-migrate handle both formats and warn about deprecation of the old one. -- Jonas Smedegaard Sun, 22 Jun 2008 21:17:13 +0200 moin (1.7.0-2) unstable; urgency=low * Add NEWS item (targeted for upstream 1.7.0 release) about need for migration. Bump firstcompat migration hint in postinst. * Suggest python-pyxmpp. * Recommend webserver packages (instead of suggesting them). Favor apache2, and rewrite README.Debian example to use apache2. Add python-twisted-web, libapache-mod-fcgid and libapache2-mod-fastcgi as fallback recommendations. Stop recommending apache (provided by httpd-cgi). * Drop conflicting/replacing moin (even oldstable has python-moinmoin). * Merge moinmoin-common into python-moinmoin. Rationale: separation of common stuff was no longer needed when Python policy 2 made it possible to provide a single binary package for all supported versions of Python. On the other hand it didn't hurt anything either. When the mass-migration routine was recently added, it got tied to the wrong package. Instead of adding even more complexity, it makes better sense to simplify instead. * Install the "moin" script normally (not as example script). Closes: bug#487511, thanks to Franklin Piat. * Fix servertweaks sed rules to properly hardcode configdir /etc/moin for the various server scripts. Closes: bug#487507, thanks to Franklin Piat. * Add patch 20002 to hardcode configdir /etc/moin for "moin" script. * Improve README.Debian example to setup wikilist, and improve wikilist commented out example to match README.Debian. Closes: bug#487531, thanks to Franklin Piat. * Fix wikilist header comment to talk about data dir (not config dir). * Semi-auto-update debian/control to update dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean -- Jonas Smedegaard Sun, 22 Jun 2008 16:57:20 +0200 moin (1.7.0-1) unstable; urgency=low * New upstream release. * Unfuzz patch. * Suggest python-4suite-xml (not python-4suite). Closes: bug#434431, thanks to Raphael Bossek, Franklin PIAT and Matthias Klose. * Drop obsolete instructions in README.Debian. Closes: bug#365069, thanks to Mike O'Connor. * Recommend python-xapian, and suggest antiword and catdoc. Closes: bug#486473, thanks to Sam Morris. * Update debian/copyright-hints. * Update local cdbs snippets: + Relax copyright-check to only warn about its discoveries. Closes: bug#487073, thanks to Lucas Nussbaum. + Update dependency cleanup to strip cdbs 0.4.27 (not 0.4.27-1). * Semi-auto-update debian/control to update build-dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean -- Jonas Smedegaard Sun, 22 Jun 2008 02:52:47 +0200 moin (1.6.3-1) unstable; urgency=high * New upstream release. Highlights: + Security fix: major ACL and superuser priviledge escalation if using ACL entries other than "Known:" or "All:" and/or a non-empty superuser list. + Security fix: ACL processing sometimes wrong when acl_hierarchic=True. + No longer check protocol for {{transclusion_targets}}. + Fixed TableOfContents macro for included pages. + server_fastcgi: added Config.port = None. + category: search matches categories even if there are comment lines between the horizontal rule and the real categories. + Added 'notes' to config.url_schemas, to use notes://notessrv/... to invoke your Lotus Notes client. + Immediately login user after creating a new user profile via UserPreferences. * Set urgency=high due to security fixes. * Add new helper script moin-mass-migrate, based on the ikiwiki script ikiwiki-mass-upgrade written by Joey Hess. Add NEWS entry, and rewrite migration section in README.Debian. * Add new helper script moin-update-wikilist, based on the ikiwiki script ikiwiki-update-wikilist written by Joey Hess. * Update cdbs tweaks: + Strip any non-printable characters in copyright-check.mk. Update copyright-hints. + Relax python-central build-dependencies in python-distutils.mk. * Bump debhelper compatibility level to 6 (was 4). * Bump standards-version to 3.7.3 (no changes needed). * Rely on dh_lintian (already included in cdbs debhelper.mk rule) to install lintian overrides. * Drop custom distribution support (unmaintained for some time now). * Drop support for old Python policy. * Remove no longer true comments in debian/rules. * Semi-auto-update debian/control to update build-dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean -- Jonas Smedegaard Wed, 23 Apr 2008 12:24:37 +0200 moin (1.6.2-1) unstable; urgency=low * New upstream release. Closes: bug#461920. + Drop HG snapshot patches 0*: applied upstream. + Drop security patch 10010: Fixed differently upstream. * Update upstream source URL in debian/copyright, debian/rules and debian/watch. * Avoid graphical editor (based on old version of FCKeditor): + Add patch 20001 to always use text editor + Install FCKeditor files only as example files + Add NEWS item about the change + Drop patch 10011 patching known security issues with the editor. Closes: bug#467363. * Packaging moved to collab-maint Git at Alioth. Update VCS-* hints. * Update upstream URL in Homepage hint. * Update cdbs tweaks: + Support zip in upstream-tarball.mk + Use ~ as repackaging delimiter in upstream-tarball.mk to make room for point releases and cleaned up rerelease + Rename top srcdir in repackaged tarball to $pkg-$ver.orig to comply with Developers Reference 6.7.8.2. + Support mangling upstream version string in upstream-tarball.mk + Drop wget options broken with recent versions of wget in update-tarball.mk + Drop unneeded buildcore.mk override (just set environment flag manually when needed instead). + Update copyright-check.mk to use licensecheck script, and store newline-delimited hints * Update copyright_hints. * Semi-auto-update debian/control to update build-dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean -- Jonas Smedegaard Tue, 08 Apr 2008 23:59:28 +0200 moin (1.5.8-5.1) unstable; urgency=high * NMU with maintainer consent, urgency for security updates * update upstream patches to moin-1.5 branch revision 856 to fix bugs + cross-site scripting vulnerabilities using AttachFile, CVE-2008-0781 + directory traversal in MOIN_ID cookie vulnerability, CVE-2008-0782 (Closes: #462984) + XSS problem in login, CVE-2008-780 -- Thomas Viehmann Tue, 19 Feb 2008 22:38:10 +0100 moin (1.5.8-5) unstable; urgency=high * Acknowledge NMU. + Rename patch to 10011 (to match documented naming scheme). + Unfuzz patch. * Use Vcs-* fields (not XS-Vcs-* fields) in debian/control. -- Jonas Smedegaard Sun, 21 Oct 2007 17:39:47 +0200 moin (1.5.8-4.1) unstable; urgency=high * Non-maintainer upload by the testing-security team * Include upstream patch to enable whitelisting, instead of insufficient blacklisting for file uploads (Closes: #429205) Fixes: CVE-2007-5156, CVE-2007-3163, CVE-2007-2630, CVE-2006-0658 -- Steffen Joeris Sun, 21 Oct 2007 14:43:37 +0000 moin (1.5.8-4) unstable; urgency=low * Sync with upstream HG development source as of today (patchset 851): + Avoid out-of-space file corruption of "current" page. + Fix translation of "Toggle line numbers" link. * Move Homepage to own field (from pseudo-field in long description). -- Jonas Smedegaard Sat, 29 Sep 2007 19:16:43 +0200 moin (1.5.8-3) unstable; urgency=high * Acutally apply the added patch in 1.5.8-2. * Raise to urgency=high as these are only security-related bugfixes. -- Jonas Smedegaard Sun, 16 Sep 2007 21:57:48 +0200 moin (1.5.8-2) unstable; urgency=low * Sync with upstream HG development source as of today (patchset 849): + XSS fix with RenamePage and and DeletePage + ACL fix: only send Sun, 16 Sep 2007 20:05:00 +0200 moin (1.5.8-1) unstable; urgency=low * New upstream release. * Drop all earlier patches from upstream Mercurial: applied upstream. * Sync with upstream HG development source as of today (patchset 845). * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control. * Update cdbs tweaks: + Various improvements to update-tarball. * Better duplicate build-dependency cleanup in debian/rules, and semi- auto-update debian/control: DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build * Replace deprecated ${Source-Version} with Use binNMU-safe ${source:Version} in debian/control. Thanks to Lintian. * Remove MoinMoin/i18n/meta.py in clean target. -- Jonas Smedegaard Mon, 03 Sep 2007 02:31:41 +0200 moin (1.5.7-3) unstable; urgency=high * Sync with upstream HG development source, including a security fix: + XSS fix for AttachFile 'do' parameter. CVE-2007-2423. Closes: bug#422408, thanks to EN Douli for discovery and to Florian Weimer for reporting to Debian BTS. * Update local cdbs tweaks: + Improved upstream-tarball handling. + Minor updates to debain/README.cdbs-tweaks. * Cleanup duplicate build-dependencies. * Set urgency=high due to the upstream security fix. -- Jonas Smedegaard Sun, 06 May 2007 10:01:44 +0200 moin (1.5.7-2) unstable; urgency=high * Sync with upstream HG development source, including a security fix: + Respect ACLs in MonthCalendar macro. * Update local cdbs tweaks: + Check for copyrights at pre-build (at clean we might run before actual cleanup has finished). + Add new upstream-tarball.mk: get-orig-source target and more. + Update debain/README.cdbs-tweaks. * Set urgency=high due to the upstream security fix. -- Jonas Smedegaard Wed, 04 Apr 2007 10:48:07 +0200 moin (1.5.7-1) unstable; urgency=low * New upstream release. Closes: Bug#384349. Highlights: + XSS Fixes (already fixed in Debian NMU). + Improved LDAP authentication. + Various GUI editor improvements (but still buggy!). + Attachments can be overwritten, moved to a different page, and referenced. + Various performance improvements. + Rendering fixes (especially workarounds for IE6 bugs). + Simplified migration routine. Please read /usr/share/doc/moinmoin-common/README.Migration(.gz). + Fix for forgotten password email login URL. + Google sitemap support: ?action=sitemap. + Updated translations: i18n strings, system and help pages. + Hyphens are now allowed in usernames. Closes: Bug#383909. + Improved docutils and ReST support. * Acknowledge NMUs. Closes: Bug#373464, #383841, #410338, thanks to Josselin Mouette, Pierre Habouzit, Martin Zobel-Helas and Toni Mueller. * Reorganize patches. + Extend patches to 5 digits to make room for Hg changesets. + Adjust debian/patches/README to mention Hg (not Arch). + Use quilt (not the simple cdbs-internal patch system). * Add patches to bring in sync with upstream Hg (patchset 822). * Remove parts of CVE-2007-0857 applied upstream (changesets 805-806). Rename patch to follow new 5-digit scheme. * Rewrite README.packaging to describe getting changesets from Hg (not Arch). * Update CDBS tweaks: + Update copyright-check.mk: Look for "(c)" too, avoid non-printable characters, verbose error report. + Update buildinfo.mk: Fix touchfile to run only once. + Major overhaul of python-distutils.mk: Syncronize with main cdbs, which adds support for new Python policy, and massive rewrite to bring back functionality broken in the default implementation of that new policy. + Replace auto-update.mk with (overload of) buildcore.mk. + Add README.cdbs-tweaks documenting the added tweaks. + Advertise README.cdbs-tweaks in debian/rules. * Enable new Python policy, except when DEB_BUILD_OPTIONS contains "sarge". Closes: Bug#373464 (thanks to Pierre Habouzit and ). * Bump up Standards-Version to 3.7.2 for non-default distros. * Adjust long description to not mention dropped pythonXX-moinmoin. * As stated in README.Debian, CGI interface has had most testing: + Revert to suggesting apache in favor of libapache(2)-python. + Suggest httpd-cgi (not httpd) as fallback. * Cleanup and improve debian/rules: + Use (newly improved!) tweaked cdbs again, to also support distributions using the old python policy. + Restore rules aaplying only to old python policy. + Add switch to declare variables varying between python policies. + Stitch together README.Debian from parts, referring to build- dependent default python version, and leaving out section on multiple packages when using new python policy. + Stitch together README.Debian and moinmoin-common.postinst in pre-build, and remove in clean. This avoids distributing changes and then loosing it again automatically at next build. + Add more comments. + Move build targets to switch distribution down to the bottom. * Update debian/copyright: + Add new copyright for Bubblehelp infoboxes (license: GPLv2). + Add new copyright for EXIF filter (license: BSD-like). + Fix non-unicode Character (copyright-holder Peter Åstrand). * No longer install docs/CHANGES.config dropped upstream. * Add note to README.Debian about risk of dict symlink breaking if copying and using the data from a different location. This relates only to the recent NMU changing (without documentaing!!!) from static to shared symlink. * Use Build-depends (not Build-depends-Indep) for non-default distributions. * Tightened pyversions to only include 2.3 and higher. * Suppress lintian warnings about INSTALL.html in docs (contains valuable info on further steps than automated in this packaging) and non-executable scripts in underlay (they should never be executed from there). -- Jonas Smedegaard Fri, 16 Mar 2007 18:07:48 +0100 moin (1.5.3-1.2) unstable; urgency=low * Non-maintainer upload. * Adding patch from BTS to fix CVE-2007-0857 (Closes: #410338) -- Martin Zobel-Helas Tue, 27 Feb 2007 10:00:39 +0100 moin (1.5.3-1.1) unstable; urgency=low [ Pierre Habouzit ] * Non-maintainer upload. * Update package to the last python policy (Closes: #373464). * Bump Standards-Version to 3.7.2. [ Josselin Mouette ] * Update Suggests now that mod_python packages were rebuilt. * Build-depend on python-dev, python-all-dev is too much. * python-moinmoin needs python-support for a few private modules. -- Josselin Mouette Sat, 30 Sep 2006 11:28:58 +0200 moin (1.5.3-1) unstable; urgency=medium * New upstream release. Closes: bug#363354 (thanks to Bob Tanner ). * Drop all patches: they are all included upstream now. * Raise to urgency=medium due to XSS fix. -- Jonas Smedegaard Wed, 19 Apr 2006 13:40:13 +0200 moin (1.5.2-7) never-really-released; urgency=low * Add patches to match upstream changeset 473. * Mention source of upstream patches in debian/copyright. -- Jonas Smedegaard Mon, 13 Mar 2006 11:59:40 +0100 moin (1.5.2-6) unstable; urgency=medium * Add patches to match upstream changeset 457. + Fixes mild security issue when SuperUser is wrongly configured. * Raise to urgency=medium due to the above mild security issue. * Improve wording of renaming in preinst, and emit only a single long line on error. * Update TODO with a bunch of entries. * Add README.packaging to source, with hints about, well, packaging. -- Jonas Smedegaard Thu, 23 Feb 2006 00:02:28 +0100 moin (1.5.2-5) unstable; urgency=low * Fix parsing options within preinst. * While at it, improve preinst to include a package version next to each md5sum. * Fix a few typos (missing "echo" and line continuation) in preinst and postinst, and change their indentation. -- Jonas Smedegaard Sat, 18 Feb 2006 14:16:58 +0100 moin (1.5.2-4) unstable; urgency=low * Whoops: Fix line-continuation in preinst. -- Jonas Smedegaard Fri, 17 Feb 2006 20:21:55 +0100 moin (1.5.2-3) unstable; urgency=low * Add patches to match upstream changeset 450. * Add md5sum of 1.4.99+1.5.0rc1 configfile to preinst rename routine. * ReST parser is again included by default: + Suggest recent python2.3-docutils. + Drop TODO item about packaging rst separately. * Semi-auto-update debian/control. -- Jonas Smedegaard Fri, 17 Feb 2006 02:02:11 +0100 moin (1.5.2-2) unstable; urgency=low * Add patches to match upstream cset 446. -- Jonas Smedegaard Thu, 16 Feb 2006 17:38:25 +0100 moin (1.5.2-1) unstable; urgency=low * Official packaging of new upstream release, incorporating the work documented in the below two changelog entries (thanks to Overfiend). + Fixes running as python handler in apache 1.x. Closes: bug#339543 (thanks to Nick Phillips ). + Favor quoted-printable for email notifications over base64. This closes: bug#343621 (thanks to "Brian T. Sniffen" ). * Move cdbs auto-update enabling into local snippet. * Correct namespace of cdbs snippet buildinfo.mk * Correct namespace and improve cdbs snippet copyright-check.mk. * Use Homepage instead of Website in debian/control, per DDR 6.2.4. * Improve watch file: Use special sf-syntax, and simplify regex. * Semi-auto-update debian/control. * Add hint about python-moinmoin to moinmoin-common long description (thanks to Alexander Schremmer ). * Improve wording of README.Debian: + Recommend reading upstream INSTALL.html not only for other kinds of setup but also for more info on the one with example provided. + Mention in section about farmconfig that this is enabled in Debian by default. Both thanks to Alexander Schremmer . * Relax conflict/replacement of moin, and tighten dependencies on moinmoin-common. This closes: bug#347450 (thanks to Raphael Bossek ). -- Jonas Smedegaard Sat, 11 Feb 2006 00:55:30 +0100 moin (1.5.2-0.branden.1) unstable; urgency=low * Local NMU to package latest upstream release, 1.5.2. * debian/configtweaks.sed: Normalize whitespace so upstream changes to it don't provoke changed-conffile prompts. * debian/rules: Clean up the logic for munging the upstream wikifarm config files a little. Remove a useless use of cat. * Upstream has renamed the moinmaster.py wikifarm example script to mywiki.py; add logic to moinmoin-common's maintainer scripts to rename the conffile likewise on package upgrades. + debian/moinmoin-common.preinst: (new) Perform renaming, if applicable. + debian/moinmoin-common.postinst: Finalize renaming. + debian/moinmoin-common.prerm: (new) Roll back renaming if package upgrade or install is aborted, and if renaming took place in the preinst. -- Branden Robinson Wed, 8 Feb 2006 00:37:35 -0500 moin (1.5.1+1.5.2rc1-0.branden.1) unstable; urgency=low * Local NMU to package latest upstream release candidate, 1.5.2rc1. * debian/rules: UPDATE.html vanished upstream; stop trying to ship it. * debian/rules: Search for farmconfig files in config/wikifarm, since they have moved upstream. Also remove the -and -not -name wikiconfig.py test from the corresponding find command, since the single-site wikiconfig.py is stored in the parent directory, where it won't be found. -- Branden Robinson Sat, 4 Feb 2006 15:31:24 -0500 moin (1.4.99+1.5.0rc1-1) unstable; urgency=low * New upstream prerelease. Closes: bug#339363 (thanks to Saku Ytti ). * Add note to NEWS about non-english underlay pages now distributed as packages attached to SystemPagesSetup. Add TODO item about packaging non-english underlay pages as Debian packages instead (or as well?). -- Jonas Smedegaard Wed, 21 Dec 2005 12:52:05 +0100 moin (1.4.99+1.5.0beta6-1) experimental; urgency=low * New upstream prerelease. * Drop quoting more than just copyright and licensing of GPL texts in debian/copyright, to avoid lintian complaining about wrong address. -- Jonas Smedegaard Fri, 16 Dec 2005 23:57:38 +0100 moin (1.4.99+1.5.0beta5-1) experimental; urgency=low * New upstream prerelease. + Fixes mod_python adaptor failing to handle Location correctly. Closes: bug#339543 (thanks to Nick Phillips ). + Licensing issues fixed for cplusplus and java parser modules. -- Jonas Smedegaard Tue, 13 Dec 2005 01:54:19 +0100 moin (1.4.99+1.5.0beta4-1) experimental; urgency=low * Improve wording of use of non-default Python versions in README.Debian (thanks to Michael Schmitt ). * Refer to specific further reading beyond the simple exaple setup in README.Debian. * Drop python2.2-moinmoin - it might still work but too little tested for upstream to support it. * Drop support for woody backports. * Include new doc files docs/CHANGES.config and docs/HACKS. * Improve debian/copyright: + Added ReStructured Text Parser: GPL. + Added FCKeditor: LGPL. + Added daemon.py: BSD-like. + Added thfcgi.py: GPL. + Added NetRube_Upload: Free use. + Added wz_jsgraphics: GPL. + Added IE7: LGPL. + Added phpwiki2moinmoin: GPL. * Strip Mega Upload and other unused parts of FCKeditor from source, as suggested by upstream of FCKeditor. * Strip cplusplus and java parser modules from source, as licensing info is simply "all rights reserved". * Add new cdbs snippet to check at build time for changed copyright notices. * Strip irrelevant parts of FCKeditor, and move documentation parts below below /usr/share/doc/.../FCKeditor/ . * Add note to NEWS about loads of config changes requiring manual adjustments after examining upstream changelog. * Add notes to TODO about things I should do before final release but haven't found time to do yet... * Drop a TODO note about fixing a cache bug: Can't even reproduce it myself anymore, so probably fixed upstream already without my reporting it :-P . -- Jonas Smedegaard Thu, 24 Nov 2005 21:02:12 +0100 moin (1.4.99+1.5.0beta3-1) experimental; urgency=low * New upstream prerelease. Closes: bug#339363 (thanks to Nick Phillips ). * Drop all patches: They are all included upstream now. * Update danish l12n. -- Jonas Smedegaard Tue, 15 Nov 2005 00:05:29 +0100 moin (1.3.5-1) unstable; urgency=low * New upstream release. Closes: bug#331222 (thanks to Steffen Joeris ). * Drop patches now included upstream: - 001_patch-867 - 002_patch-868 - 003_patch-869 * Add upstream post-release patches, and manually add patch version: + 001_patches-883-935.patch + 202_make_patchlevel-visible.patch * Add note to debian/TODO about ant command to compile TWikiDrawPlugin using gcj (still not included as build.xml is broken: requires internet access in the build environment :-P ). * Bump up standards-version to 3.6.2. * Improve notes on simple sample setup in README.Debian: + Store data below outside webroot to avoid leaking private info. Closes: bug#308764 (thanks to Olivier Sessink ). + Setup underlay. + Mention (briefly) non-Apache setups. + Comment out variables in farmconfig defined locally in each wiki. Closes: bug#326172 (thanks to Branden Robinson ). -- Jonas Smedegaard Fri, 4 Nov 2005 16:21:57 +0100 moin (1.3.4.really.1.3.5rc1-1) unstable; urgency=low * New upstream prerelease. * Use pristine source again (I believe it is ok to distribute the java binary with source when its source is included too - a fresh compile for inclusion in a binary package is still on the TODO). * Add small note pointing an unofficial home of TwikiDrawPlugin at http://debian.jones.dk/auryn/pool-all/official/moin/twikidraw/ * Drop prepatch now included upstream: - 11_failsafe_i18_clean * Drop patches included upstream: - 22_danish_locale_update - 25_allow_singlequote_in_acounts - 27_xslt_fix * Add upstream post-rc patches and drop older patches they supercede: + 001_patch-867 + 002_patch-868 + 003_patch-869 - 22_german_locale_update - 24_twikidraw_strip_cr - 26_fallback_to_iso8859-1_dicts * Renumber remaining patch, and add README about numbering scheme: - 02_dict_is_local + 201_dict_is_local * Adjust path in source to changelog and docs. * Added copyright and licensing info of pikipiki, twikidraw and lupy to debian/copyright. * UTF-encode debian/copyright. * Bump up watch file to version 3. * Move examples to subdir debian/examples. * Add a couple of example scripts for maintaining underlay dirs. -- Jonas Smedegaard Sun, 31 Jul 2005 13:26:40 +0200 moin (1.3.4-6) unstable; urgency=low * Patch user.py to allow account names containing single-quotes. Closes: bug#317514 (thanks to Marco d'Itri ). * Small update to german (de) locale. Closes: bug#313952 (thanks to Jens Seidel ). * Update local python cdbs snippet (and manually strip spurious build- dependency build-essential due to bug#316034). * Only do cdbs debian/rules auto-update when DEB_BUILD_OPTIONS=update. * Patch action/SpellCheck.py to fallback to iso8859-1 encoded dicts. * Tweak paths in all patches to apply in first attempt by cdbs. * Fix XSLT brokennes (using info found here: http://moinmoin.wikiwikiweb.de/MoinMoinBugs/XsltParserOnDebian ). Actually - it is still broken to me, but at least the error is now a different one (and may only relate to the XsltVersion test page)... * Strip comments in underlay about only editing on masterwiki (especially for templates they are confusing). -- Jonas Smedegaard Sat, 9 Jul 2005 14:19:53 +0200 moin (1.3.4-5) unstable; urgency=medium * Run dh-python a bit earlier (bug#172283 resurfacing) to get python code optimized at install time. (this breaks woody backport support but that was already broken anyway). * Include unversioned python-gdchart suggestion only for python2.3-moinmoin package. * Set urgency=medium as the changes are small but the gain is high. -- Jonas Smedegaard Fri, 6 May 2005 22:42:40 +0200 moin (1.3.4-4) unstable; urgency=low * Use prdownloads.sourceforge.net for upstream source in copyright. * Make suggestions Python-versioned. * Add hint to README.Debian on easing migration with mc. * Add pointers to additional cleanup code on moinmoin..de wiki. * Install README.Debian with all packages. Closes: bug#304540. * Include example configs for apache 1.3 and 2.0. Closes: bug#284424. * . -- Jonas Smedegaard Thu, 5 May 2005 00:25:14 +0200 moin (1.3.4-3) unstable; urgency=high * Drop transitional binary package "moin", as it is only relevant for users of testing and unstable, and there it causes unpleasant surprises more(?) than it helps. Closes: bug#304054, #303957 (thanks to Toni Mueller and others). * Improve migration section of README.Debian and refer NEWS item to that instead of directly to README.migration. Closes: bug#204146 (thanks to Markku Tavasti and Aaron Bentley ). * Remove TODO item related to the above. * Force using/aoviding specific python version also for scripts installed as part of the library. * Set urgency=high as these changes (together with removing the old "moin" package from the archive) "fixes" breakage of existing unstable and testing moin installs. -- Jonas Smedegaard Mon, 11 Apr 2005 13:55:57 +0200 moin (1.3.4-2) unstable; urgency=low * Official release. * README.Debian updated and improved. Closes: bug#201580 (thanks to Hanspeter Kunz and others). * LocalSpellingWords is now utf-8 encoded. Closes: bug#302602 thanks to Martin F. Krafft and others for reporting this). * INSTALL.html is included now. Closes: bug#302339 (thanks to Paul ). -- Jonas Smedegaard Fri, 8 Apr 2005 04:44:24 +0200 moin (1.3.4-1.0.jones.3) unstable; urgency=low * Have cdbs snippet get python version from 'python -V' like dh_python does it. * Simply have a rule for each of woody, sarge and ubuntu, untied to the standard build to force switch distro and then stay with it. * Hardcode dependencies for library packages (dh_python is broken: adds dependency always on default python). * Make scripts executable. -- Jonas Smedegaard Fri, 8 Apr 2005 03:08:30 +0200 moin (1.3.4-1.0.jones.2) unstable; urgency=low * Handle ubuntu and woody builds as DEB_BUILD_OPTIONS. * Make source of ubuntu build be moin1.3 (they have old moin released already and want both distributed concurrently). * Correct hashbang-line in example files of library packages. * Improve python cdbs snippet, and setup variables in separate one. -- Jonas Smedegaard Thu, 31 Mar 2005 00:20:22 +0200 moin (1.3.4-1.0.jones.1) unstable; urgency=low * Split into several binary packages: moinmoin-common with data and and python2.x-moinmoin with libraries built for each version of Python. * Suggest 4suite non-python-versioned. * Fix encoding of handcrafted LocalSpellingWords wikipage. * Update and improve README.Debian. Closes: bug#201580 (thanks to Hanspeter Kunz and others). * Include INSTALL.html. * Conflict with old moin. * Prerelease...! -- Jonas Smedegaard Wed, 30 Mar 2005 04:56:07 +0200 moin (1.3.4-1) unstable; urgency=low * New upstream release. Closes: bug#287006, #291527 (thanks for the patience, everyone). + XMLRPC fixed. Closes: bug#285555, #285672 (thanks to Kai Weber and Christian Grigis ). * Extend dependency on http daemons to include libapache2-mod-python. * Drop some patches (for arguments on remaining patches see http://moinmoin.wikiwikiweb.de/DebianPatches ): + Adopted upstream: - 06_interwiki_update.diff - 07_avoid_hardcoded_pythonversion.patch - 21_danish_locale_fixup.diff - 22_danish_locale_update.diff + Possibly too tight for some (preserved in source tarball): - 01avoid_world_write_access.diff + Implemented differently upstream: - 03_enable_farm_config.diff + Obsolete: - 05ftversion_is_revision.diff * Add patch 22_danish_locale_update.diff. * Rebuild MoinMoin/i18n/ after patching to make sure all is in sync. * Suggest 4suite non-python-versioned. * Drop obsolete example config. * Disable (but keep) bad-permission-check rule (world-write patch dropped - see above). * Use local cdbs snippet to invoke dh_buildinfo. * Rename NEWS.Debian to NEWS to get properly installed. * Patch MoinMoin/i18n to not fail if cleaned files doesn't exist (and include the patch in source below debian/prepatches). * Fix cdbs hint to not compress example Python scripts. * Use CHANGES (not the more verbose Changelog) as upstream changelog. * Add patch 24_twikidraw_strip_cr.diff. Closes: bug#297960 (thanks to Pedro Zorzenon Neto ). * Include pristine config files as example files. * Update and correct README.Debian. * Use cdbs debian/control auto-update (and enhance local cdbs snippets to use it). -- Jonas Smedegaard Tue, 22 Mar 2005 03:05:47 +0100 moin (1.2.4-1) unstable; urgency=high * New upstream release. Fixes: + fixed "None" pagename bug in fullsearch/titlesearch. + fixed projection CSS usage. + the compiled page is removed when a page is deleted, so no ghost page appears after deletion. + fixed AbandonedPages day-break problem. + fixed [[GetVal(WikiDict,key)]]. + the msg box is now outside content div on PageEditor, too. + privacy fix for email notifications: you don't see other email addresses in To: any more. mail_from is now also used for To: header field, but we don't really send email to that address. + privacy fix for /MoinEditorBackup pages that were made on previews of pages that were not saved in the end. + fix double content div on PageEditor preview. Other changes: + workaround for broken Microsoft Internet Explorer, the page editor now stops expanding to the right (e.g. with rightsidebar theme). Nevertheless it is a very good idea to use a non-broken and more secure browser like Mozilla, Firefox or Opera! + from MoinMoin.util.antispam import SecurityPolicy in your moin_config.py will protect your wiki from at least the known spammers. See MoinMoin:AntiSpamGlobalSolution for details. + xmlrpc plugin for usage logging, currently used for antispam accesses. + (re-)added some configurable meta tags. + i18n updates/fixes, new: nb. + New UserPreferences switch: you may subscribe to trivial changes (when you want to be notified about ALL changes to pages, even if the author deselected to send notifications). This closes: bug#269456 (thanks to Laurent Fousse for the - slightly different - patch). + New AttachList and AttachInfo macros - thanks to Nigel Metheringham and Jacob Cohen. * Update TODO (one wish solved in the new upstream release). * Update danish locale. * Add (commented out) new antispam setting to farm_config.py. * Patch to avoid hardcoded python version (thanks to my own clever build targets :-) ). * Set urgency=high to hopefully get this bugfix release into sarge. -- Jonas Smedegaard Fri, 29 Oct 2004 13:35:35 +0200 moin (1.2.3-1) unstable; urgency=high * New upstream release. Closes: Bug#265376, #263564 (thanks to Douglas F. Calvert and Kai Weber ): + fixed NameError "UnpicklingError" in user.py + Security-related bugfix: reverts done by bots or leechers... There was a bad, old bug that triggered if you did not use ACLs. In that case, moin used some simple (but wrong and incomplete) function to determine what a user (or bot) may do or may not do. The function is now fixed to allow only read and write to anon users, and only delete and revert to known users additionally - and disallow everything else. + avoid creation of unneccessary pages/* directories + removed double content divs in general info and history info pages + fixed wiki xmlrpc getPageHTML + fixed rightsidebar logout URL, also fixed top banner to link to FrontPage + use config.page_front_page and .page_title_index for robots meta tag (whether it uses index,follow or index,nofollow), not hardcoded english page names + ACL security fix for PageEditor, thanks to Dr. Pleger for reporting + default options for new users are same as for anon users + do not show excluded actions at bottom of page + i18n updated: ja, de, zh + editor: removed the columns size setting, just using 100% of browser window width (it didn't work because of that anyway). Also removed that "reduce editor size" link at top of editor as you would lose your changes when using it. * Remember to strip twikidraw.jar from source tarball. * Set urgency=high due to the above security-related bugfixes, and due to twikidraw.jar erronously provided with the earlier release. * Drop patch included upstream: 11_UnpicklingError.diff. * Drop cleaning debian/dh-buildinfo (never created - must've been from a manual test run). * Added danish localisation for newly added reject string. * Added note in README.Debian about the need for CGI support. Closes: Bug#260861 (thanks to , although not using the provided diff). * Udate watch file: + Use generic sourceforge "prdownload" host, which seems to be the only option currently - although working only for checking, not for automated downloads. + Add comment about usage of the file. + Add comment about brokenness of sourceforge URL. + Make URL as generic as possible. * Update TODO (add note on *.py optimizing below /usr/share/moin). -- Jonas Smedegaard Fri, 20 Aug 2004 17:17:42 +0200 moin (1.2.2-1) unstable; urgency=low * New upstream release. Closes: Bug#254756 (thanks to Ben ): + Improved diff generation (python 2.3 difflib used and local copy dropped). + Scripts changed to use #!/usr/bin/env python. + Users now _must_ specify a password when creating a new account. + User accounts matching config.page_group_regex are now illegal. Note: existing accounts must be manually checked (read upstream changelog for more info). + subscription email sending now honours ACLs correctly. + Several markup / rendering / user interface fixes/improvements. + RSS fixes: non-ASCII characters; UTC timestamps; RecentChanges ok. + Better email generation: Message-ID header; standards compliant subject; use config.mail_from with "lost my password" emails. + Improved file attachments handling. + Themes improvements, and new theme "rightsidebar" added. + Crashing bugs fixed: diffs for deleted pages; xml footnotes; SystemInfo with empty editlog. + Improved robots hints. + Translation updates / fixes, and russian i18n added. + TitleIndex now sorts case-insensitively. + New macro: PageHits.py. * Include patch for UnpicklingError bug (thanks again to Ben ). * Drop hashbang patches: fixed upstream now. * Improve woody backport-ability: + Set DEB_PYTHON_COMPILE_VERSION immediately (use := instead of =). + Add newline when changing hashbang (bug in perl 5.6?). + Include difflib from python 2.2.3. * Update InterWiki.txt. * Small but important fix to danish localisation: s/BrugerIndstillinger/BrugerProfil/g . * Standards-version 3.6.1 (no changes needed). -- Jonas Smedegaard Thu, 17 Jun 2004 07:27:16 +0200 moin (1.2.1-1) unstable; urgency=low * New upstream release. + wiki/data/plugin/__init__.py added (closes: Bug#235225) + plugin processors work now, too + fixed displaying non-existant translations of SiteNavigation in footer + fixed zh-tw iso name (wrong zh_tw -> correct zh-tw) + fixed reversed diffs in RecentChanges RSS + fixed "last change" info in footer (wasn't updated) + fixed event.log missing pagename (and other) information + fixed horizontal line thickness >1 + fixed setup.py running from CVS workdir + fixed crash when doing action=info on first revision of a page + fixed hostname truncation in footer + minor css fixes + fixed clear msg links (they missed quoting, leading to strange page names when you click on some of them) + fixed python colorizer processor + fixed quoting of stats cache filenames + catched "bad marshal data" error when switching python versions + updated danish, japanese, serbian and chinese i18n, and maintainance scripts now included with source (closes: Bug#220913) + new "viewonly" theme + New scripts for xmlrpc-tools and account checking added * Include as separate file the patch to enable farm_config by default. * Remove debian/buildinfo in clean target. * Make CGI script executable. * Improved python version handling in debian/rules: + Current python version hardcoded only once (to ease upgrading to next major release) + Patch hashbang of all scripts to use unversioned python (closes: bug#236254) + Check in clean target that no new versioned python scripts slips through + Support explicit using python2.2 (needed for backport to woody) simply by setting "DEB_BUILD_OPTIONS=python22" at build time. + Tighten build-dependency on cdbs to support the above * Add note to debian/copyright about java applet stripped from source. * Unfuzz patches, and update 11_danish_l10n_updates (all earlier changes adopted upstream, minor new corrections added). * Replace patch 06_wikipedia_url_update with a larger and more general 06_interwiki_update (matching update done upstream on MoinMaster). * Minor tweaks to farm_config.py. * Update example config with more ACL stuff and update l12n. * Move some files from cgi-bin dir out as example scripts. * Add some items to TODO. -- Jonas Smedegaard Sun, 21 Mar 2004 14:15:15 +0100 moin (1.2-1) unstable; urgency=low * New upstream release. Closes: Bug#229759. + Support for persistent environments twisted-web, standalone, mod_python and FastCGI (none of them tested with Debian) in addition to plain CGI. + Caching of rendered pages. + Improved, internal diff handling. + Support for http basic auth. + Configurable timezone offset. + Configurable cookie lifetime. + Theme support. + Improved logfile access. Closes: Bug#224218. + Support for automatic page refreshing. + Improved UserPreferences layout (most options suppressed until user has logged in). + Support for dictionary definitions. + Improved UTF8 support (but still ISO-8859-1 by default). + Improved "wiki groups" handling. + Mostly HTML 4.01 Strict compliant HTML, and use of CSS for visual markup. + Updated (and further improved to handle imagemaps) TWikiDrawPlugin (not included with this Debian package). + Fixed email headers and encoding. * Updated debian/copyright: + Drop info included in debian/changelog + Update copyright and licensing info (only cosmetic changes, and years covered updated) * Add NEWS.Debian suggesting to read HelpOnUpdating for needed local updates. * Update patches. + Unfuzz. + Drop outdated 04german_locale_update.diff + New danish l18n update. * Remove obsolete (and temporarily disabled) simplified login patch. * Tighten access rights to 0750/0640 (giving world read access doesn't make sense with ACLs - as pointed out in upstream comment). Also, no longer "shout" at upstream default (no longer world write, only group write - which is still unnecessary in most situations). * Ignore PNG files in compile time access rights check. * Update farm_config.py and sample config.py to match upstream changes. * Enable farm_config by default. * Avoid installing as Debian native package. * Recommend mail-transport-agent. * Suggest httpd, libapache-mod-python, twisted or libapache-mod-fastcgi. -- Jonas Smedegaard Fri, 27 Feb 2004 01:34:24 +0100 moin (1.1.cvs20031026-1) unstable; urgency=low * New CVS snapshot. * Shrink l10n patch to only include da.py file (translated text files are included upstream). * Change suggestion to python2.3-4suite (not in Debian yet, but hopefully one day...). * Disable patch 21_simplify_new_login.diff (it wad buggy, and upstream has changed userform design). * Add symlink from /usr/share/dict/words to /usr/share/moin/data/dict/words. * Add new /etc/moin/farm_config.py, and update example moin_config.py to use it. * Correct make target so dh_buildinfo is actually used (closes: Bug#211416). * The scripts in site-packages are not meant to be executed, so strip hashbang altogether (closes: Bug#206395). The actual scripts are provided at /usr/share/doc/moin/examples, because they need tweaking to include local config of each installed wiki (closes: Bug#210451). -- Jonas Smedegaard Mon, 27 Oct 2003 03:09:51 +0100 moin (1.1.cvs20030814-1) unstable; urgency=low * New CVS snapshot. * Update to python2.3 (closes: Bug#205143). * Add a couple of wishlist items to TODO. -- Jonas Smedegaard Thu, 14 Aug 2003 02:39:27 +0200 moin (1.1.cvs20030802-3) unstable; urgency=low * Even more updates to danish l10n. -- Jonas Smedegaard Sat, 9 Aug 2003 16:48:56 +0200 moin (1.1.cvs20030802-2) unstable; urgency=low * Update danish l10n. * Patch userform.py to simply login for first time users. * Update example config to use new security scheme, and include l10n of both template, category and form pages. * Add watch file. -- Jonas Smedegaard Thu, 7 Aug 2003 13:07:18 +0200 moin (1.1.cvs20030802-1) unstable; urgency=low * New CVS snapshot. + Added Croatian + added ACL support, written by Gustavo Niemeyer of Conectiva and Thomas Waldmann. See HelpOnAccessControlLists for more infos. * Switch to cdbs. * Standards-version 3.6.0. * Re-include wikiext.py (still unfinished, but at least compiles without error now). * Use (and build-depend on) dh-buildinfo. -- Jonas Smedegaard Sun, 3 Aug 2003 21:47:21 +0200 moin (1.1.cvs20030430-1) unstable; urgency=medium * New CVS snapshot. Security fixes: + [ 522246 ] Transparently recode localized messages + [ 685003 ] Using "preview" button when editing can lose data + use gmtime() for time handling + [[Include]] accepts relative page names New features: + if a fancy link starts with '^' (i.e. if it has the form "[^http:... ...]"), it's opened in a new window + moin-dump: New option "--page" + list items set apart by empty lines are now also set apart visually (by adding the CSS class "gap" to
  • ) + selection to add categories to a page in the editor (use preview button to add more than one category) + `MailTo` macro for adding spam-safe email links to a page + added "revert" link to PageInfo view (which makes DeletePage more safe in public wikis, since you can easily revive deleted pages via revert) + `config.mail_login` can be set to "user pwd", if you need to use SMTP AUTH + replaced `config.page_template_ending` by a more flexible setting named `config.page_template_regex` + `config.edit_locking` can be set to None (old behaviour, no locking), 'warn ' (warn about concurrent edits, but do not enforce anything), or 'lock ' (strict locking) + if user has a homepage, a backup of save/preview text is saved as an attachment named `moin-editor-backup.txt` + `[[Navigation]]` macro for slides and subpage navigation + ../SubPageOfParent links + Selection for logged in users (i.e. no bots) to extend the listing of recent changes beyond the default limits + `config.shared_intermap` can be a list of filenames (instead of a single string) + [[ShowSmileys]] displays ALL smileys, including user-defined ones + Updated the XSLT parser to work with 4Suite 1.0a1 + "save" check for security.Permissions + editor returns to including page when editing an included page + the Include macro has new parameters (from, to, sort, items) and is able to include more than one page (via a regex pattern) Unfinished or experimental features: + SystemAdmin macro * Remove Debian-specific danish pages (they where all adopted upstream). * Roll back danish translation a few days to avoid newest unwanted changes. * Urgency medium because of the security issues. * Update to latest version of CBS (Colin's Build System). * Declare compliance with Debian Policy 3.5.9 (no changes needed). * Update license info (added the year 2003) and add license of PikiPiki. * Update example config to include switching to MoinMoinMannen (thanks to Jonas Furberg ) on authorized access. * Update patches. + Fix yet another bad permission setting. + Remove danish translation updates included upstream now. + Drop restructuring of configuration page (too lazy to maintain them). -- Jonas Smedegaard Wed, 30 Apr 2003 22:04:29 +0200 moin (1.1.cvs20021222-1) unstable; urgency=low * New CVS snapshot. + Make sure (again!) that twikidraw.jar is stripped from source. Bugfixes also in 1.0 branch: + correct handling of spaces in attachment filenames and URLs Bugfixes: + Create unique anchors for repeated titles New features: + "#pragma section-numbers 2" only displays section numbers for headings of level 2 and up (similarly for 3 to 6) + reciprocal footnote linking (definition refers back to reference) + "Ex-/Include system pages" link for title index + `config.smileys` for user-defined smileys + new fancy diffs + `config.hosts_deny` to forbid access based on IP address Content updates: + New language: it + New language: sv (conflicting with da, grrr!) + CSS improved + Locale hint added on all pages + Misc corrections and improvements + Section "Arbitrary Page Names" moved from HelpForBeginners to HelpOnLinking + HelpOnConfiguration: Updated + HelpOnInstalling_2fBasicInstallation: Add link to download site + HelpOnMacros: Updated + HelpOnSmileys: Line up example smileys in two rows + SystemInfo: SystemAdmin macro removed + RecentChanges: RandomQuote added + WikiSandBox: Sample image and drawing added * Remove CHANGELOG.old from CVS snapshot (my mess - not from upstream). * Switch to using Colin's Build System + Invoke dh_python before dh_installdep (see BUG#172283) + Get rid of bash dependency + Isolate and update source patches. * Scan at build time for evil chmod 777 and fail if found (found yet another one in filesys.py). * Remove byte-compiled configfile in postinst. * Move (instead of patch and duplicate) german LocalSpellingWords. * Enable all options in example config, and put all examples in same folder. * Add locale hint to danish pages. * Update danish translated pages (only Hj_e6lpForBegyndere affected). * Run a 'make test' at build time. -- Jonas Smedegaard Sun, 22 Dec 2002 22:32:26 +0100 moin (1.1.cvs20021129-1) unstable; urgency=low * New CVS snapshot. + config.title1, config.title2, config.page_footer1, config.page_footer2 can now be callables and will be called with the "request" object as a single argument (note that you should accept any keyword arguments in order to be compatible to future changes) + "config.html_pagetitle" allows you to set a specific HTML page title (if not set, it defaults to "config.sitename") + if a quick link starts with '^', it opens in a new window; help now opens in a new window also + last edit action is stored into "last-edited" file, and displayed in the page footer + Bugfix for wrong mail notifications * Use new dh_python to calculate dependencies and handle compilation at install-time, and depend on debhelper at least version 4.1.25 that introduced the script. * Change to use debhelper V4 now that it is needed anyway. * Update TODO: Remove gdchart suggestion is done. * Look for revision instead of version in optional 4suite module (since current 4suite does that). This closes: Bug#171304 thanks to Michael Schuerig . -- Jonas Smedegaard Sun, 1 Dec 2002 04:04:29 +0100 moin (1.1.cvs20021008-1) unstable; urgency=low * New CVS snapshot. + handle corrupt cookies gracefully. + Remove obsolete SecurityPolicy code from moin_config.py. * Correct path to local dict directory (thanks to Dave Carrigan for not giving up). This closes (for real) Bug#163441. -- Jonas Smedegaard Tue, 8 Oct 2002 06:12:19 +0200 moin (1.1.cvs20020909-4) unstable; urgency=low * Remove badly coded and unused file wikiext.py (closes: bug#162246). -- Jonas Smedegaard Wed, 25 Sep 2002 12:47:04 +0200 moin (1.1.cvs20020909-3) unstable; urgency=low * Add postinst and prerm scripts found in python-optik. -- Jonas Smedegaard Tue, 24 Sep 2002 00:46:48 +0200 moin (1.1.cvs20020909-2) unstable; urgency=low * Suggest python-gdchart, and enable gdchart test. -- Jonas Smedegaard Mon, 23 Sep 2002 06:08:18 +0200 moin (1.1.cvs20020909-1) unstable; urgency=low * New CVS snapshot. -- Jonas Smedegaard Thu, 12 Sep 2002 20:18:17 +0200 moin (1.1.cvs20020805-2) unstable; urgency=low * Update danish config script to reflect new policy setup. -- Jonas Smedegaard Thu, 29 Aug 2002 03:42:20 +0200 moin (1.1.cvs20020805-1) unstable; urgency=low * New CVS snapshot. * Build against python 2.2. Update (build-)dependencies respectively. -- Jonas Smedegaard Thu, 29 Aug 2002 03:06:58 +0200 moin (1.1.cvs20020715-2) unstable; urgency=low * Danish locale updates. -- Jonas Smedegaard Wed, 17 Jul 2002 02:13:51 +0200 moin (1.1.cvs20020715-1) unstable; urgency=low * New CVS Snapshot (nothing changed, actually, but needed a new source for the next item...). * Remove TwikiDrawApplet.jar from source. Will probably package it seperately, but needs to go in non-free, because use of AWT makes it require jre2. * A few corrections to danish locale. -- Jonas Smedegaard Tue, 16 Jul 2002 06:26:34 +0200 moin (1.1.cvs20020711-4) unstable; urgency=low * Update WikiPedia InterWiki URL. * Updates to danish locale, and a few additions to german locale. * Added some danish help pages. -- Jonas Smedegaard Tue, 16 Jul 2002 05:28:19 +0200 moin (1.1.cvs20020711-3) unstable; urgency=low * Add some danish translated pages (and pass them upstream as well). * Empty LocalSpellingWords (it was all german), except for a few universal entries. Add the original file as example. * Add my own danish localized config as example. * Change default dir and file umask to 0755 and 0644. World writable stuff is BAD! * Suggest python2.1-4suite for xslt support (which is disabled by default). * Minor updates to danish locale. * Use Makefile, and add a 'make test' (disabled for now...). * Move intro text below the form in UserPreferences, to help type- without-reading kind of new users. -- Jonas Smedegaard Sun, 14 Jul 2002 19:33:33 +0200 moin (1.1.cvs20020711-2) unstable; urgency=low * Remove wordlist link. Debian policy (and LFS?) says it to be a relative link which (obviously) fails when moved somewhere else. * Rewrite README.Debian and lower wordlist from Recommends to Suggests, to reflect the above. -- Jonas Smedegaard Fri, 12 Jul 2002 19:22:02 +0200 moin (1.1.cvs20020711-1) unstable; urgency=high * New upstream CVS snapshot. * Urgency high: Acouple of XSS vulnerabilities fixed today. * My danish translation is adopted upstream now, Thanks :-) * Remove MoinMoin/i18n/__init__.py.orig i left there when translating. * Add dict folder with a link to site-wide words, and make a comment about it in README.Debian. * Recommend wordlist to support the above. -- Jonas Smedegaard Thu, 11 Jul 2002 21:59:15 +0200 moin (1.1.cvs20020623-6) unstable; urgency=low * Minor updates to danish locale. * Add to danish locale a hint about logging in when denied access - as suggested in documentaion at HelpOnConfiguration/SecurityPolicy (wanted to do english as well, but that is not a locale :-( !!!). -- Jonas Smedegaard Sat, 29 Jun 2002 02:28:42 +0200 moin (1.1.cvs20020623-5) unstable; urgency=low * Explicitly note upstream author (apart from being mentioned in License). * Update danish l10n. -- Jonas Smedegaard Tue, 25 Jun 2002 18:56:46 +0200 moin (1.1.cvs20020623-4) unstable; urgency=low * Correct fatal quoting errors in danish locale. -- Jonas Smedegaard Tue, 25 Jun 2002 05:21:21 +0200 moin (1.1.cvs20020623-3) unstable; urgency=low * Add danish translation. * Mention MoinMoin in short description (thanks to Luca De Vitis). -- Jonas Smedegaard Tue, 25 Jun 2002 04:46:31 +0200 moin (1.1.cvs20020623-2) unstable; urgency=low * Move scripts from /usr/bin to examples (not really sure if they are useful out-of-the-box on Debian). * The package is real (Closes: #150761). -- Jonas Smedegaard Sun, 23 Jun 2002 16:23:56 +0200 moin (1.1.cvs20020623-1) unstable; urgency=low * First unofficial release. * Uncomment gdchart import attempt from moin_config.py for a small speed gain. -- Jonas Smedegaard Sun, 23 Jun 2002 14:44:21 +0200