Revert "Lumping 3 together, all will be dropped as fixed in new debian."
Drop patches as already picked up by Debian:
- debian/patches/CVE-2016-7146.patch
- debian/patches/CVE-2016-7148.patch
- debian/patches/CVE-2016-9119.patch
This reverts commit 9989cf15e43eaf245da9bedbd8bcaa7aaefbb62f.
Two logical changes, but both still needed at end, so meh.
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
New changelog entries:
* New upstream release, lots of bug fixes
* Includes a few security updates:
+ CVE-2016-9119: XSS in GUI editor's link dialogue
(Closes: #844338)
+ CVE-2016-7146: XSS in GUI editor's attachment dialogue
(Closes:#844340)
+ CVE-2016-7148: XSS in AttachFile view (multifile related)
(Closes: #844341)
* Apply recommended patch from upstream: fix wrong digestmod of hmac.new
calls
* Update patches to fit upstream changes:
+ use_systemwide_libs.patch
+ mail-verification.patch
* Add patch from Paul Wise to implement an incremental dump process in
moin dump
* Fix timestamps to make package build reproducibly. Thanks to Eduard
Sanou for the patch. Closes: #794014
New changelog entries:
* New upstream release, lots of bug fixes
* Remove patches that are now upstream:
+ avoid_empty_dir_creation.patch
+ subscribercache.patch
* Update patches to fit upstream changes:
+ disable_gui_editor_if_fckeditor_missing.patch
+ use_systemwide_libs.patch
+ mail-verification.patch
+ external_account_creation_check.patch
* Update README.Debian; add more info about "moin maint" etc.
New changelog entries:
* Add source for the minified copy of jquery.js included in the upstream
source tarball, even though it's never used in the Debian build at all.
Close: #754783. Mention it in README.source too
* Minor updates prompted by lintian:
+ Update Standards-Version
+ Switch from "dh_clean -k" to "dh_prep"
+ Minor tweaks to debian/copyright to fix parse errors
New changelog entries:
* New upstream release (x2)
* Make sure that strings output to the external account creation checker
are marked as UTF-8.
* Re-add missing dependencies, fallout from the CDBS switch.
Closes: #704433
* Add dependency on python-passlib rather than use the bundled version.
* Update patches to fit upstream changes:
+ recaptcha.patch
+ subscribercache.patch
+ use_systemwide_libs.patch
+ mail-verification.patch
* Remove patches that were already from upstream:
+ constant_time_strcmp.patch
+ escape_css_url.patch
+ secure_taintfile_name.patch
+ escape_pagename_in_rss.patch
+ draw-taintfile.patch
+ attachfile-path-traversal.patch
* Split out the call to external account creation check into a separate
patch (external_account_creation_check.patch) instead of lumping it in
with mail-verification.patch
* Do not create empty pagedir (with empty edit-log). Patch from
upstream. Closes: #721557