a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
---------------
- /usr/bin/env police
Upstream Changes:
-----------------
Version 1.9.6:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
Fixes:
* fix remote code execution vulnerability in twikidraw/anywikidraw action
* fix path traversal vulnerability in AttachFile action
* fix XSS issue, escape page name in rss link
* escape user- or admin-defined css url
* make taintfilename more secure
* use a constant time str comparison function to prevent timing attacks
* Attachment handler: catch all Zip-related errors
Version 1.9.5:
Fixes:
* Security fix: fix virtual group bug in ACL evaluation.
* Avoid crash if #refresh processing instruction is used without arguments.
* Fix issue with non-ASCII textchas.
* Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
after page save.
* Fix dictionary file reading crash under Windows.
* Work around crash of AdvancedSearch macro rendering caused by non-ascii
mimetypes.types_map entries.
* Added migration script for moin 1.8.9.
* rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
listed in feed and not just last page diffs). Links generated with ddiffs=1
also fixed.
* rss_rc: fix double escaping issue.
* rss_rc: respect show_names configuration option.
* rss_rc: proper support of rename, revert, page creation.
* modern/modernized theme: fix padding/width for editor preview
* group/pagelinks formatters: avoid to create unnecessary output, redirect
output of send_page call with the groups formatter, it must not be written
to the output stream
* rst parser: fix include and macro directives
* wikisync: fix unicode pagename sending for python 2.7 httplib
New features:
* add a comment_required config option (default: False) to require a
non-empty comment when saving a page
* when a save error happens, show the editor again and highlight the error
* rss_rc: several new options added: lines parameter gives ability to set
maximum size of diffs showed in RSS. show_att parameter gives ability
to show information aboout attachment-related items in RSS. page parameter
gives ability to specify set of pages for which changes RSS feed should be
generated. Configuration of defaults and limits can now be done via wiki
configuration mechanism.
* As soon as it is now possible to provide RSS for page change history,
appropriate alternate link is now added for every page (controlled by
rss_show_page_history_link configuration parameter).
* Search: "no_highlight:" search query option provided for suppressing
highlighting search results.
* Search macros: new options for FullSearch, FullSearchCached and PageList
available:
* highlight_titles option controls highlighting of matches in search
results provided by these macros. Default value is set in
search_macro_highlight_titles configuration option)
* highlight_pages option controls adding of highlight URL parameter to
page links (so search term is highlighted when user goes to one of
these pages via provided link) in search results. Default value is set
in search_macro_highlight_pages configuration option.
Usage of these options is disabled (via search_macro_parse_args
configuration option) by default due to behavioural changes introduced
in macro parameter parsing mechanism to support them. Related to
http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight .
Other changes:
* Remove 4suite dependency for docbook formatter, use minidom (included in
Python).
* Upgraded FCKeditor to 2.6.8.
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
* no compiler languages is required to build.
* `/usr/bin/env python' shebang are also be handled with REPLACE_PYTHON.
* distutils pkg, register egg-info.
* add an patch for python27, from upstream repo.
Bump PKGREVISION.
PR#43524 by Wen Heping.
Known main issues:
* The GUI WYSIWYG editor has still some issues and limitations.
If you can't live with those, you can simply switch it off by using:
editor_force = True
editor_default = 'text' # internal default, just for completeness
Version 1.9.3:
Fixes:
* Fix XSS in Despam action (CVE-2010-0828).
* Fix XSS issues (see MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg):
* by escaping template name in messages
* by fixing other places that had similar issues
* Make moin compatible to werkzeug 0.5 .. 0.6.2 (1.9.2 had issues
with xmlrpc when used with werkzeug 0.6.x).
* MoinMoin.util.filesys: disable usage of dircache, deprecate dc* functions,
because the dircache stdlib module can't work correctly for fast updates of
directories.
* rss_rc and sisterpages actions: fix Content-Type header (mimetype)
* Fix associating OpenID identity with user, wasn't adapted to werkzeug yet.
* openidrp auth: fix undefined _ (gettext)
* Fix auth.cas and userprefs.oidserv request object usage.
* highlight parser: fixed MoinMoinBugs/LineNumberSpansForProcessInstructionsMissed
* Pygments syntax highlighting: add missing code files
* Notifications: use same email subject format for every notification
* Fix docbook formatter crashing, see MoinMoinPatch/IncludeMacroWithDocBookFormatter
* Fix regex content search for xapian search.
* Get rid of the empty line at the end of code highlights.
* GUI editor: compute editor height like the text editor does.
* Added help texts for: standalone server and moin migration.
* script.maint.cleancache: clean also i18n cache files
* Improved formatter.text_plain, see FeatureRequests/TextPlainFormatterRewrite
(fixes many issues of this formatter).
* text_html_text_moin_wiki: fixed index error for width="", see also:
MoinMoinBugs/GUI_convertor_list_index_out_of_range
* xmlrpc: disable editor backup for putPage, renamePage and revertPage
because if pages get uploaded by xmlrpc then the draft cache file can
rapidly increase in size, causing high memory usage because it needs to
get loaded into memory for updating/processing.
* Emit Content-Type header (with charset) for SlideShow action and many other
actions that just call send_title().
* ActionBase: better compatibility to moin 1.8, use request.values by
default, optionally use request.form data only
New features:
* RenamePage action: added ability to create redirect pages when renaming
(turned off by default, see show_rename_redirect config option).
* formatter/text_html: Added line number links to code blocks.
* diff action:
* Fixed whitespace in generated (html) diff view table so white-space: pre
can be used (and whitespace in diffs preserved).
* Added links to first/last revision.
* MoinMoin.widget.browser: introduced feature for sorting tables, see:
http://moinmo.in/FeatureRequests/SortableTables
* SystemAdmin user and attachment browsers: sorting feature used there now
* Scrolling the text editor to the double clicked line.
* Enable double-click-editing by default.
* WikiConfigHelp macro: make heading and description display optional,
heading level as a parameter (default 2)
* If edit ticket check fails, send the editor with the current content.
* moin import wikipage - use this script to import local files as a wiki page
Other changes:
* upgraded pygments from 1.2.2 to 1.3.1
* upgraded FCKeditor from 2.6.4.1 to 2.6.6
* added configuration snippet for ldap authentication against 2 servers
* improved script help output
* New modular group and dict data access, you can use group and dict
backend modules to access group and dict data stored anywhere you like.
* Improved Xapian indexing / search
* Improved drawing support
* Themes / static files related
* Syntax highlighting is based on the pygments library now
* Authentication improvements
* Sessions / cookies improvements
* Macros fuctions improved
* More Actions added/improved
* Improved logging / debugging / developer support
* GUI editor: improved attachment dialog
* "moin ... account homepage" script to create user homepages
A bunch of bugfixes!
For the full Changelog, see: http://moinmo.in/MoinMoinRelease1.9
ok'ed during the freeze by agc@
- Fix a Cross Site Scripting attack
- changes in caching API
Changes in 1.7.0:
- new event/notification/authentication/session framework
- OpenID support
- improvements for LDAP auth, attachment performance, logging etc
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
Major new features:
* quickly working standalone mode (similar to DesktopEdition)
* xapian index search (including attachments of supported mimetypes)
* WikiSynchronisation
* moin can receive email now
* wiki parser: easier link and transclusion markup (and new macro
markup)
* new parsers for: creole wiki markup, html (safe), diffs
* discussion pages
* inline comments
* hierarchical ACLs (see HelpOnAccessControlLists)
* new anti-spam feature: TextChas
* SisterSites support
* new xmlrpc methods, easier auth, multicall support
* Improved params for [[target|label|params]]:
* AdvancedSearch: make multiple categories/languages/mimetype selections
possible
* Added a configuration directive to only do one bind to the LDAP
server.
+ many bugfixes, including at least one XSS fix.
A WikiWikiWeb is a collaborative hypertext environment, with an
emphasis on easy access to and modification of information. MoinMoin
is a Python WikiClone that allows you to easily set up your own wiki,
only requiring a Python installation.
