moin 1.5.7-3ubuntu1 source package in Ubuntu

Changelog

moin (1.5.7-3ubuntu1) gutsy; urgency=low

  * Merge from debian unstable, remaining changes:
    - 11000_show_traceback_toggle.patch: allow for 'show_traceback=0' in
      Moin configurations.

moin (1.5.7-3) unstable; urgency=high

  * Sync with upstream HG development source, including a security fix:
    + XSS fix for AttachFile 'do' parameter.
    CVE-2007-2423. Closes: bug#422408, thanks to EN Douli for discovery
    and to Florian Weimer for reporting to Debian BTS.
  * Update local cdbs tweaks:
    + Improved upstream-tarball handling.
    + Minor updates to debain/README.cdbs-tweaks.
  * Cleanup duplicate build-dependencies.
  * Set urgency=high due to the upstream security fix.

moin (1.5.7-2) unstable; urgency=high

  * Sync with upstream HG development source, including a security fix:
    + Respect ACLs in MonthCalendar macro.
  * Update local cdbs tweaks:
    + Check for copyrights at pre-build (at clean we might run before
      actual cleanup has finished).
    + Add new upstream-tarball.mk: get-orig-source target and more.
    + Update debain/README.cdbs-tweaks.
  * Set urgency=high due to the upstream security fix.

moin (1.5.7-1) unstable; urgency=low

  * New upstream release. Closes: Bug#384349.
    Highlights:
    + XSS Fixes (already fixed in Debian NMU).
    + Improved LDAP authentication.
    + Various GUI editor improvements (but still buggy!).
    + Attachments can be overwritten, moved to a different page, and
      referenced.
    + Various performance improvements.
    + Rendering fixes (especially workarounds for IE6 bugs).
    + Simplified migration routine. Please read
      /usr/share/doc/moinmoin-common/README.Migration(.gz).
    + Fix for forgotten password email login URL.
    + Google sitemap support: ?action=sitemap.
    + Updated translations: i18n strings, system and help pages.
    + Hyphens are now allowed in usernames. Closes: Bug#383909.
    + Improved docutils and ReST support.
  * Acknowledge NMUs. Closes: Bug#373464, #383841, #410338, thanks to
    Josselin Mouette, Pierre Habouzit, Martin Zobel-Helas and Toni
    Mueller.
  * Reorganize patches.
    + Extend patches to 5 digits to make room for Hg changesets.
    + Adjust debian/patches/README to mention Hg (not Arch).
    + Use quilt (not the simple cdbs-internal patch system).
  * Add patches to bring in sync with upstream Hg (patchset 822).
  * Remove parts of CVE-2007-0857 applied upstream (changesets 805-806).
    Rename patch to follow new 5-digit scheme.
  * Rewrite README.packaging to describe getting changesets from Hg (not
    Arch).
  * Update CDBS tweaks:
    + Update copyright-check.mk: Look for "(c)" too, avoid non-printable
      characters, verbose error report.
    + Update buildinfo.mk: Fix touchfile to run only once.
    + Major overhaul of python-distutils.mk: Syncronize with main cdbs,
      which adds support for new Python policy, and massive rewrite to
      bring back functionality broken in the default implementation of
      that new policy.
    + Replace auto-update.mk with (overload of) buildcore.mk.
    + Add README.cdbs-tweaks documenting the added tweaks.
    + Advertise README.cdbs-tweaks in debian/rules.
  * Enable new Python policy, except when DEB_BUILD_OPTIONS contains
    "sarge". Closes: Bug#373464 (thanks to Pierre Habouzit and ).
  * Bump up Standards-Version to 3.7.2 for non-default distros.
  * Adjust long description to not mention dropped pythonXX-moinmoin.
  * As stated in README.Debian, CGI interface has had most testing:
    + Revert to suggesting apache in favor of libapache(2)-python.
    + Suggest httpd-cgi (not httpd) as fallback.
  * Cleanup and improve debian/rules:
    + Use (newly improved!) tweaked cdbs again, to also support
      distributions using the old python policy.
    + Restore rules aaplying only to old python policy.
    + Add switch to declare variables varying between python policies.
    + Stitch together README.Debian from parts, referring to build-
      dependent default python version, and leaving out section on
      multiple packages when using new python policy.
    + Stitch together README.Debian and  moinmoin-common.postinst in
      pre-build, and remove in clean. This avoids distributing changes
      and then loosing it again automatically at next build.
    + Add more comments.
    + Move build targets to switch distribution down to the bottom.
  * Update debian/copyright:
    + Add new copyright for Bubblehelp infoboxes (license: GPLv2).
    + Add new copyright for EXIF filter (license: BSD-like).
    + Fix non-unicode Character (copyright-holder Peter Åstrand).
  * No longer install docs/CHANGES.config dropped upstream.
  * Add note to README.Debian about risk of dict symlink breaking if
    copying and using the data from a different location. This relates
    only to the recent NMU changing (without documentaing!!!) from
    static to shared symlink.
  * Use Build-depends (not Build-depends-Indep) for non-default
    distributions.
  * Tightened pyversions to only include 2.3 and higher.
  * Suppress lintian warnings about INSTALL.html in docs (contains
    valuable info on further steps than automated in this packaging) and
    non-executable scripts in underlay (they should never be executed
    from there).

moin (1.5.3-1.2) unstable; urgency=low

  * Non-maintainer upload.
  * Adding patch from BTS to fix CVE-2007-0857 (Closes: #410338)

 -- Kees Cook <email address hidden>   Mon, 14 May 2007 15:55:15 -0700