[FFe] Please merge moin to 1.9.2-2 from Debian(Unstable)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
moin (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
After a discussion with Debian we decided to update to 1.9.2 (from Debian Unstable) because upstream decided to support 1.9.x series longer than 1.8.x (mind LTS!)
MoinMoin Version History
=======
Version 1.9.2:
Fixes:
* Fixed CVE-2010-0668: major security issues were discovered in misc. parts
of moin.
HINT: if you have removed superuser configuration to workaround the issue
(following our security advisory), you may re-add it after installing this
moin release. If you don't need superuser capabilities often, it might be
wise to not have superusers configured all the time, though.
* Fixed CVE-2010-0669: potential security issue due to incomplete user profile
input sanitizing.
* Improved package security: cfg.packagepage
unsafe or otherwise questionable package actions by default now.
* wiki parser: fixed transclusion of (e.g. video) attachments from other
pages.
* Fixed edit locking for non-logged in editors and cfg.log_
* mailimport: fix missing wikiutil import for normalize_pagename
* SubProcess: fix "timeout" AttributeError
* "standalone" wikiserver.py: fixed calling non-existing os.getuid on win32
* HTTPAuth deprecation warning moved from class level to __init__
* Fixed MoinMoinBugs/
* Fixed misc. session related problems, avoid unneccessary session file
updates.
* Fix/improve rename-related problems on Win32 (depending on Windows version).
* Fixed spider / user agent detection.
* Make sure to use language_default when language_
* diff action: fix for case when user can't revert page.
* Fix trail size (was off by one).
* Updated bundled flup middleware (upstream repo checkout), avoids
socket.fromfd AttributeError on win32 if cgi is forced, gives helpful
exception msg.
* wikiutil: Fixed required_arg handling (no exception when trying to raise
exception that choice is wrong).
* Do not use MoinMoin.support.* to import 3rd party code, give dist packages
a chance.
* wikiutil.
* request: fixed for werkzeug 0.6 and 0.5.1 compatibility. Please note that
we didn't do much testing with 0.6 yet. So, if you use 0.6, please do some
testing and provide feedback to us.
* AttachFile.
* attachUrl: fix wrongly generated tickets (e.g. for AttachList macro)
* http headers: fix duplicated http headers (e.g. content-type)
New features:
* info action: added pagination ability to revision history viewer.
Use cfg.history_paging = True [default] / False to enable/disable it.
* ldap_login auth: add report_
credentials error message (this is typically used when using multiple
ldap authenticators).
* Add RenderAsDocbook to actions_excluded if we have no python-xml.
* Upgraded pygments to 1.2.2 (some fixes, some new lexers).
* Text editor: if edit_rows==0 (user profile or config), we dynamically size
the text editor height. This avoids double sliders for the editor page
in most cases.
Other changes:
* New docs/REQUIREMENTS.
* Added a less magic cgi/fcgi driver (moin.fcgi), added fixer middleware
for apache2/win32 to it.
Version 1.9.1:
Bug fixes:
* Fixed sys.argv security issue.
* Fixed FileSessionService - use session_dir from CURRENT request.cfg (it
mixed up session_dirs in farm setups).
HINT: if you added the hotfix to your wikiconfig, please remove it now.
* Fixed creation of lots of session files (if anon session were enabled and
user agent did not support cookies).
* Fixed session file storage for a non-ascii base path.
* Fixed session cookie confusion for nested URL paths (like path=/ and
path=/mywiki - for more info, see also "New features").
* Handle cookie_lifetime / anonymous_
gracefully: emit errors/warnings to log, use old settings to create
cfg.
* flup based frontends: fixed SCGI and AJP (didn't work).
* farmconfig example: remove wrong comment, add sample http/https entry.
* Fixed password reset url (email content needs full URL).
* Page: fixed adding of page contents (only data added now, without metadata) -
fixes MoinMoinBugs/
* xmlrpc:
* Process attachname in get/putAttachment similarly.
* revertPage: convert pagename to internal representation.
* Fixed auth calls used by jabberbot (needs more work).
* Added missing config.umask support code (setting was not used), fixed
config.umask usage for page packages.
* Fixed browser language detection.
* Fixed language pack generation/
* Fixed caching of formatted msgs, see MoinMoinBugs/
* Fixed usage of i18n.wikiLangua
when tools import the module (e.g. pydoc -k foo).
* highlight parser:
* fixed caching issue for "toggle line numbers" link.
* added missing support for console/bash session
* Fixed precedence of parsers: more special parsers now have precedence
before moin falls back to using the HighlightParser (syntax highlighting).
* Added extensions to the rst, moin and creole parser (example.rst, example.moin and
example.creole attachments are rendered now when viewed).
* Fixed MoinMoinBugs/
moin_wiki, highlight and plain parser.
* Fixed MoinMoinBugs/
plain parser.
* Fixed MoinMoinBugs/
* Exception raised on calling add_msg() after send_title(), which leads to
Internal Server Error on calling several actions (diff, preview) for
deprecated pages, is replaced with warning and call stack information in
the log.
* AttachFile.
* SubProcess: fixed win32-specific parts, fixed imports (fixes calling of
external xapian index filters)
* Fixed auth methods that use redirects (like OpenID).
* OpenID client:
* Add setting cfg.openidrp_
* Fixed logging in with openid and associating with an existing account.
* openidrp_sreg extension: handle UnknownTimeZone
* OpenID server:
* Fixed TypeError.
* Fixed processing POSTed form data AND URL args.
New features:
* diff: Added displaying of information about revisions (editor, size,
timestamp, comment), added revision navigation.
* text editor: added @TIMESTAMP@ variable for adding a raw time stamp
* xmlrpc: added renamePage and deleteAttachment methods.
* Accept "rel" attribute for links (moin wiki parser).
* Generate session cookie names to fix cookie path confusion and enable port-
based wiki farming.
HINT: New setting cfg.cookie_name:
None (default): use MOIN_SESSION_
'siteidmagic': use MOIN_SESSION_
'other_value': use MOIN_SESSION_
HINT: Please do not use cfg.cookie_path any more - it usually should not be
needed any more, as we now always put path=/ into the cookie except if you
explicitly configure something else (only do that if you know exactly what
you're doing and if the default does not work for you).
HINT: see also the HelpOnSessions page which shows some typical configs.
* Store expiry into sessions, use moin maint cleansessions script to clean up.
HINT: use moin ... maint cleansessions --all once after upgrading.
HINT: you may want to add a cron job calling moin ... maint cleansessions
to regularly cleanup expired sessions (it won't remove not expired
Other changes:
* Added rtsp, rtp, rtcp protocols to url_schemas.
* Added more info about index building to xapian wikiconfig snippet.
* Updated the wikicreole parser to version 1.1.
Version 1.9.0:
Note: This is a reduced CHANGES, ommitting details from rc/beta test and
also less interesting minor changes and fixes. It shows changes
relative to 1.8.6 release.
If you want to see full detail, read it there:
http://
New features: =======
* HINT: MoinMoin requires Python 2.4 now. If you only have Python 2.3 and
you don't want to upgrade it, please use MoinMoin 1.8.x.
* HINT: MoinMoin is now a WSGI application.
Please read the new install docs about how to use it, see:
http://
You also have a local copy of that page as docs/INSTALL.html.
* HINT: due to big changes in the request processing and the request
object (related to the WSGI refactoring), many 3rd party plugins might
need code updates to work with moin 1.9.
* HINT: We now offer different sized sets of system/help pages and the default
underlay just contains a single page: LanguageSetup. You need to be
superuser, visit that page and then install the language packs you like
(minimum is the essential set for English).
* HINT: LanguageSetup is the default page_front_page, you need to change that
after installing language packs (see above).
* New modular group and dict data access, you can use group and dict
backend modules to access group and dict data stored anywhere you like.
Currently we provide these backends:
* WikiGroups and WikiDicts backends get data from wikipages. They work
similar to old wikidicts code (but with less caching issues :).
* ConfigGroups and ConfigDicts backends get data from a dictionary
defined in the wiki config.
* CompositeGroups and CompositeDicts compose several backends, so data
may be retrieved from several sources. For example, groups may be
defined in the wiki config and on wiki pages.
* Using cfg.groups and cfg.dicts, you can define the backend to use to
access group and dict information (default: WikiGroups / WikiDicts
backend).
See the wiki/config/
and dicts_wikiconfi
* See also the new HelpOnDictionaries and HelpOnGroups pages.
* Improved Xapian indexing / search:
* Moin's Xapian based search code was refactored:
* It is now based on the xappy library (see MoinMoin.
* Minimum Xapian requirement is 1.0.6 now.
* Outdated and unmaintained xapwrap lib was removed.
* regex search with Xapian enabled also is based on the xapian index now
* Safe 2-stage xapian index rebuilding:
moin index build --mode=
<stop wiki>
moin index build --mode=usenewindex # fast
<start wiki>
* Added wikiconfig snippet for xapian search.
* Improved drawing support:
* TWikiDraw:
* Support code was refactored/moved to the twikidraw action.
* Use drawing:
works for backwards compatibility)
* Drawings are now stored as a single attachment foo.tdraw.
We added a migration script that converts your existing drawings.
* AnyWikiDraw:
* Java applet added, source code see contrib/.
* Support code for it is in anywikidraw action.
* Use drawing:
* Drawings are stored in a similar way as foo.adraw.
* cfg.extensions_
to actions (currently used for anywikidraw/
* Themes / static files related:
* Added modernized_cms theme (hides most wiki widgets from modernized if the
user is not logged in).
* Static file serving built-in (moved wiki/htdocs to MoinMoin/
MoinMoin.
from htdocs subdirectory by default (docs=True).
You can also give another path or switch off creation of that static wrapper.
See the docstring of the static package for details.
* Theme packages: do_copythemefile now copies theme files to
MoinMoin/
* Syntax highlighting is based on the pygments library now, it does this for
LOTS of stuff (programming languages, config files, ...) - use it like this:
{{{#!highlight xxx
...
}}}
xxx is any of the markups pygments supports (see HelpOnParsers).
Note: we still have some (deprecated) small wrappers around pygments,
so the old syntax #!python/
* Authentication improvements:
* HTTP auth related (see also HelpOnAuthentic
* HTTPAuthMoin: http basic auth done by moin
* HINT: auth.http.HTTPAuth is now auth.GivenAuth
This was badly named from the beginning as for most servers, it just
looked at REMOTE_USER environment variable and relied on the server
doing the authentication (could be http basic auth or any other auth).
* LDAP/AD auth: new name_callback param to create a custom wiki username (not
the ldap login username)
* OpenID auth:
* Support for Simple Registration (SREG) extension.
Basic profile fields can be copied from OpenID provider when logging in.
* Support for Teams extension.
* Ability to accept logins from specific OpenID providers.
Login form changes based on configuration for better usability:
* 0 providers: normal text input box for OpenID URL
* 1 provider: hidden field, automatic form submission with JavaScript
* 2+ providers: select field, uses directed identity
* Sessions / cookies:
* HINT: cfg.cookie_lifetime is now a tuple (anon, loggedin), giving the
lifetime of the cookie in hours, accepting floats, for anon sessions and
logged-in sessions. Default is (0, 12). 0 means not to use a session
cookie (== not to establish a session) and makes only sense for anon users.
* cfg.cookie_httponly is new and defaults to False. Please note that if you
set it to True, TWikiDraw and similar stuff won't be able to use the session
cookie. Thus, if your wiki page doesn't allow writing for everybody, saving
a drawing will fail, because there is no session (== no logged in user) for
the TWikiDraw applet's saving POSTs.
* Macros:
* WikiConfigHelp: added section keyword for selecting a subset of the
description, e.g. <<WikiConfigHel
* HighlighterList: show Pygments syntax highlighters (see HelpOnParsers)
* Actions:
* SlideShow action added (please use the "modernized" theme [default])
* raw action mimetype support: ...?action=
* PackagePages: create package file on-the-fly in memory and send it to the
client (do NOT create package.zip attachment)
* Improved logging / debugging / developer support:
* Main exception handler: include request url in log output.
* Environment variable MOIN_DEBUGGER=
* Handle wikiserverconfi
* GUI editor: improved attachment dialog
* "moin ... account homepage" script to create user homepages.
Removed features: =======
* Removed cfg.traceback_* settings (use logging configuration)
* Removed old session code and settings:
* Removed cfg.session_handler and session_id_handler (use cfg.session_
* Removed cfg.anonymous_
Bug fixes: =======
* Xapian indexing:
* Rely on xapian's locking (remove moin's additional and sometimes broken
locking, that blocked index-rebuilds or updates sometimes).
* Removed indexer threading.
* Fixed (reimplemented) indexer queue.
* Less disruptive xapian index rebuild.
* AdvancedSearch: example didn't work, fixed
* With the groups/dicts code rewrite, we fixed the caching problems that the
old code (< 1.9) sometimes had.
* Actions:
* Abort RenamePage if renaming of main page fails (do not try to rename
subpages).
* AttachFile do=view: quote filename and pagename params for EmbedObject
macro call
* unsubscribe action: add msg types so icons get displayed
* Parsers:
* fixed MoinMoinBugs/
* GUI editor: roundtripping works now for .pdf/doc/... attachment transclusion
* AttachFile: added remove_attachment() and FileRemovedEvent (mail and xapian
support, no jabber support yet).
* Fix makeForbidden403() calls - is makeForbidden(403, ...) now.
* sendmail: add more debug logging, check for empty recipients list
* Fix MoinMoinBugs/
* Fix MoinMoinBugs/
* Bug with "language:en" was fixed for the Moin search. Now language:
behaves like described on HelpOnSearching.
* Fixed MoinMoinBugs/
* OpenID: always return error messages with CancelLogin if OpenID process fails.
* suid: simplify and fix, bigger selection box
* patch werkzeug 0.5.1 to catch OverFlowError and ValueError so it doesn't
crash when receiving invalid If-modified-since header from client.
Other changes: =======
* 'modernized' theme:
* use it by default (1.8 used 'modern')
* move title_with_
* add a span with "pagepath" class to title_with_
* add the sidebar() method from Mandarin and Gugiel themes to ThemeBase
* updated flup to 1.0.2+ ( http://
* updated pygments to 1.1.1+ ( http://
* updated parsedatetime to 0.8.7
* increase surge protection limits for AttachFile to avoid trouble with image galleries
* HINT: simplify wikiserver configuration by using same names as werkzeug's
run_simple() call.
* Removed moin account check's --lastsaved option, it is default now
(checking last use with trail file did not work in 1.9 anyway).
* ImageLink page has been killed (ImageLink macro is gone since 1.6.1).
* Allowed disabling of timezone and language user prefs if they are
part of the user's login fields (i.e. OpenID SREG).
* Added option to disable local registration links and direct user
to registration page at an OpenID provider instead.
Developer notes: =======
* groups and dicts API changes:
* request.groups and request.dicts provide access to groups and dicts.
* MoinMoin.wikidicts is gone, please use MoinMoin.
* LazyGroup and LazyGroupsBackend base classes for implementing backends
which potentially deal with huge amounts of data (like a LDAP directory).
Use MoinMoin/
new backends.
* See http://
* i18n: new approach for defining sets of system/help pages (see i18n.strings).
CheckTransl
* killed deprecated macro.form attribute (didn't work as expected anyway due
to WSGI refactoring) - please use macro.request.
Version 1.8.6:
Bug fixes:
* Xapian indexing / indexing filters:
* fix deadlocks with well- and misbehaving external filters
* work around indexing run crashing when encountering encoding problems
with non-ascii filenames
* OpenOffice/
with password protected files)
* i18n: check if languages is not initialized yet, don't crash
* http_redirect: use 301 redirect for some cases
* do not use httponly session cookies, makes trouble with twikidraw and ACLs
* GetText2 macro: fix for named placeholder
* Fix SHA -> SSHA password hash upgrade for old user profiles.
* abort RenamePage if renaming of main page fails (do not try to rename
subpages)
New features:
* search: improve search result ordering
* add MS Powerpoint indexing filter (needs catppt from catdoc package)
* migration scripts: make finding damaged edit-log entries easier
* SubscribeUser action: support username regexes and unsubscribing.
Usage (enter this into the input form field you get after invoking
SubscribeUser action from the "More Actions" menu:
[+|
+username: subscribes user <username> (+ is optional/default)
-username: unsubscribes user <username>
+re:
-re:
Version 1.8.5:
Bug fixes:
* Attachment links: fix processing of attributes (e.g. 'target', 'title')
* Upgrade FCKeditor from 2.6.4 to 2.6.4.1.
* PDF embedding: fix html, works better with PDF browser plugins now.
* Fix typo in rightsidebar CSS.
* Action revert: avoids reverting to a deleted current revision.
* Action diff: enable prev/next button only in the range of given revisions.
* Add a Auto-Submitted: auto-generated header to generated mails.
* Include comment in email notifies.
* mailimport: fix endless looping while trying to import a forwarded mail.
* fuid: keep same fake_mtime for intervals of max_staleness duration.
* Fixes a bug with empty list items in the GUI editor.
* Improve filesys.rename compatibility code (win32).
* Fix locking for CacheEntry.
* Xapian indexing: catch exception when a bad zip file is encountered.
* openidrp / botbouncer: fix param count for CancelLogin().
New features:
* Added CAS authentication.
* Added httponly cookie support and use it for session cookie.
Other changes:
* HTTP auth: added debug logging.
* Minor LDAP auth improvements.
* Data browser widget:
* Add (h)column<idx> css class to make it styleable.
* Include only necessary autofilter options.
* moin maint cleancache purges now drafts, too.
* Add gopher and apt protocols to url_schemas.
* Add .csv, .flv, .swf to MIMETYPES_MORE.
Related branches
Changed in moin (Ubuntu): | |
status: | New → Confirmed |
summary: |
- Please merge moin 1.9.1-1 (main) from debian unstable. + [FFe] Please update moin to 1.8.7 |
Changed in moin (Ubuntu): | |
assignee: | nobody → Stefan Ebner (sebner) |
importance: | Undecided → Wishlist |
status: | Confirmed → In Progress |
description: | updated |
description: | updated |
Changed in moin (Ubuntu): | |
assignee: | Stefan Ebner (sebner) → Luca Falavigna (dktrkranz) |
summary: |
- [FFe] Please sync moin to 1.9.2-1 from Debian(Unstable) + [FFe] Please merge moin to 1.9.2-1 from Debian(Unstable) |
description: | updated |
Changed in moin (Ubuntu): | |
status: | In Progress → Confirmed |
assignee: | Stefan Ebner (sebner) → nobody |
Changed in moin (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | Confirmed → In Progress |
> After a discussion with Debian we decided to not update to 1.9.1 (from Debian Unstable) but move forward in the 1.8.x series which is mostly for bugfixes...
Can we read the discussion?