lp:~bkerensa/ubuntu/saucy/moin/1.9.5-5
- Get this branch:
- bzr branch lp:~bkerensa/ubuntu/saucy/moin/1.9.5-5
Branch merges
- Sebastien Bacher: Disapprove
- Ubuntu branches: Pending requested
-
Diff: 23270 lines (+189/-22492)50 files modified.pc/.quilt_patches (+0/-1)
.pc/.quilt_series (+0/-1)
.pc/.version (+0/-1)
.pc/applied-patches (+0/-13)
.pc/attachfile-path-traversal.patch/MoinMoin/action/AttachFile.py (+0/-1180)
.pc/constant_time_strcmp.patch/MoinMoin/security/textcha.py (+0/-218)
.pc/constant_time_strcmp.patch/MoinMoin/user.py (+0/-1112)
.pc/constant_time_strcmp.patch/MoinMoin/wikiutil.py (+0/-2657)
.pc/disable_gui_editor_if_fckeditor_missing.patch/MoinMoin/config/multiconfig.py (+0/-1351)
.pc/draw-taintfile.patch/MoinMoin/action/AttachFile.py (+0/-1172)
.pc/draw-taintfile.patch/MoinMoin/action/anywikidraw.py (+0/-210)
.pc/draw-taintfile.patch/MoinMoin/action/twikidraw.py (+0/-222)
.pc/escape_css_url.patch/MoinMoin/theme/__init__.py (+0/-1946)
.pc/escape_pagename_in_rss.patch/MoinMoin/theme/__init__.py (+0/-1946)
.pc/hardcode_configdir.patch/setup.py (+0/-387)
.pc/htdocs_moved_to_usr_share_moin.patch/MoinMoin/web/static/__init__.py (+0/-80)
.pc/mail-verification.patch/MoinMoin/action/newaccount.py (+0/-204)
.pc/mail-verification.patch/MoinMoin/auth/__init__.py (+0/-482)
.pc/mail-verification.patch/MoinMoin/config/multiconfig.py (+0/-1359)
.pc/mail-verification.patch/MoinMoin/user.py (+0/-1105)
.pc/recaptcha.patch/MoinMoin/action/newaccount.py (+0/-189)
.pc/secure_taintfile_name.patch/MoinMoin/wikiutil.py (+0/-2659)
.pc/subscribercache.patch/MoinMoin/Page.py (+0/-1889)
.pc/subscribercache.patch/MoinMoin/user.py (+0/-1072)
.pc/use_systemwide_libs.patch/setup.py (+0/-386)
MoinMoin/Page.py (+1/-110)
MoinMoin/action/AttachFile.py (+0/-24)
MoinMoin/action/anywikidraw.py (+0/-2)
MoinMoin/action/newaccount.py (+9/-98)
MoinMoin/action/twikidraw.py (+0/-2)
MoinMoin/action/verifyaccount.py (+0/-64)
MoinMoin/auth/__init__.py (+1/-8)
MoinMoin/config/multiconfig.py (+0/-12)
MoinMoin/security/sec_recaptcha.py (+0/-73)
MoinMoin/security/textcha.py (+1/-3)
MoinMoin/theme/__init__.py (+2/-3)
MoinMoin/user.py (+3/-45)
MoinMoin/web/static/__init__.py (+1/-1)
MoinMoin/wikiutil.py (+4/-6)
debian/changelog (+23/-4)
debian/control (+4/-8)
debian/control.in (+0/-25)
debian/patches/mail-verification.patch (+1/-1)
debian/python-moinmoin.dirs (+4/-0)
debian/python-moinmoin.docs (+5/-0)
debian/python-moinmoin.examples (+4/-0)
debian/python-moinmoin.install (+2/-0)
debian/python-moinmoin.manpages (+3/-0)
debian/rules (+105/-145)
setup.py (+16/-16)
Branch information
- Owner:
- Benjamin Kerensa
- Status:
- Development
Recent revisions
- 40. By Benjamin Kerensa
-
* Merge from Debian unstable. Remaining changes:
- debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
isn't in sys.path any more.
- debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
code was previously embedded in moin, but it was also disabled, so
there's no reason for us to pull this in by default currently. Note:
fckeditor has a number of security problems and so this change probably
needs to be carried indefinitely.
* Re-package without CDBS.
(CVE-2012-6080) .
actions (CVE-2012-6081).
+ fix XSS issue, escape page name in rss link (CVE-2012-6082) - 39. By Jamie Strandboge
-
* Merge from Debian unstable. Remaining changes:
- debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
isn't in sys.path any more.
- debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
code was previously embedded in moin, but it was also disabled, so
there's no reason for us to pull this in by default currently. Note:
fckeditor has a number of security problems and so this change probably
needs to be carried indefinitely.
* Dropped the following patches, no longer needed:
- debian/patches/ CVE-2012- XXXX.patch
- debian/patches/ CVE-2012- YYYY.patch - 38. By Jamie Strandboge
-
* SECURITY UPDATE: arbitrary code execution via anywikidraw/
twikidraw
- debian/patches/ CVE-2012- XXXX.patch: adjust action/ anywikidraw. py and
action/twikidraw. py to use wikiutil. taintfilename( )
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/ CVE-2012- YYYY.patch: adjust action/ AttachFile. py to use
wikiutil.taintfilename( )
- CVE-2012-YYYY - 37. By Marc Deslauriers
-
* Merge from Debian unstable (LP: #1046616). Remaining changes:
- Remove python-xml from Suggests field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason
for us to pull this in by default currently. Note: fckeditor has a
number of security problems and so this change probably needs to be
carried indefinitely. - 36. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/ CVE-2011- 1058.patch: remove javascript support in
MoinMoin/parser/ text_rst. py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/ CVE-2012- 4404.patch: fix group test in
MoinMoin/security/ __init_ _.py, added test in
MoinMoin/security/ _tests/ test_security. py.
- CVE-2012-4404 - 34. By Clint Byrum
-
* Merge from Debian unstable (LP: #586518). Based on work by Stefan Ebner.
Remaining changes:
- Remove python-xml from Suggests field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason
for us to pull this in by default currently. Note: fckeditor has a
number of security problems and so this change probably needs to be
carried indefinitely. - 33. By Thierry Carrez
-
debian/rules: Avoid pulling libapache2-mod-wsgi by default, by recommending
"apache2 | httpd-cgi" instead of "libapache2-mod-wsgi | httpd-cgi".
Suggest libapache2-mod-wsgi instead. That prevents us from needing to rush
libapache2-mod-wsgi in main one week before release. - 32. By Jamie Strandboge
-
* Debian declares python-werkzeug and python-
parsedatetime as Depends and
python-xappy as Recommends, however these packages are in universe,
which breaks Ubuntu policy (section 2.2.1). Until these packages can be
added to main, use the embedded copies in moin.
- debian/patches/ ubuntu_ use_embedded_ for_main. patch: update setup.py
- debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/ CVE-2010- 0828.patch: use wikiutil.escape() in
revert_pages()
- CVE-2010-0828 - 31. By Jamie Strandboge
-
* Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner.
Remaining changes:
- Remove python-xml from Suggests field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: This isn't necessary anymore
but needs a MIR for fckeditor, so postpone dropping this change until
lucid+1
* debian/rules:
- Replace hardcoded python2.5 with python* and hardcore python2.6 for ln
* debian/control.in: drop versioned depends on cdbs
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/moin