Hello community, here is the log from the commit of package viewvc for openSUSE:Factory checked in at 2012-07-24 16:14:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/viewvc (Old) and /work/SRC/openSUSE:Factory/.viewvc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "viewvc", Maintainer is "DMueller@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/viewvc/viewvc.changes 2011-09-23 12:49:49.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.viewvc.new/viewvc.changes 2012-07-24 17:22:52.000000000 +0200 @@ -1,0 +2,26 @@ +Mon Jun 25 11:46:02 UTC 2012 - dmueller@suse.com + +- update to 1.1.15 (bnc#768680): + * security fix: complete authz support for remote SVN views (CVE-2012-3356) + * security fix: log msg leak in SVN revision view with unreadable copy source (CVE-2012-3357) + * fix several instances of incorrect information in remote SVN views + * increase performance of some revision metadata lookups in remote SVN views + * fix RSS feed regression introduced in 1.1.14 + * fix annotation of svn files with non-URI-safe paths + * handle file:/// Subversion rootpaths as local roots + * fix bug caused by trying to case-normalize anon usernames + * speed up log handling by reusing tokenization results + * add support for custom review log markup rules + * fix svndbadmin failure on deleted paths under Subversion 1.7 + * fix annotation of files in svn roots with non-URI-safe paths + * fix stray annotation warning in markup display of images + * more gracefully handle attempts to display binary content + * fix path display in patch and certain diff views + * fix broken cvsdb glob searching + * allow svn revision specifiers to have leading r's + * allow environmental override of configuration location + * fix exception HTML-escaping non-string data under WSGI + * add links to root logs from roots view + * use Pygments lexer-guessing functionality + +------------------------------------------------------------------- Old: ---- viewvc-1.1.11.tar.bz2 New: ---- viewvc-1.1.15.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ viewvc.spec ++++++ --- /var/tmp/diff_new_pack.mdIX7I/_old 2012-07-24 17:22:55.000000000 +0200 +++ /var/tmp/diff_new_pack.mdIX7I/_new 2012-07-24 17:22:55.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package viewvc # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,13 +15,12 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: viewvc -BuildRequires: apache2-devel python-devel -Version: 1.1.11 -Release: 2 +BuildRequires: apache2-devel +BuildRequires: python-devel +Version: 1.1.15 +Release: 0 # %define apxs /usr/sbin/apxs2 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) @@ -36,14 +35,13 @@ Obsoletes: subversion-viewcvs < %{version} Obsoletes: viewcvs < %{version} Supplements: packageand(subversion-server:apache2) -Group: Development/Tools/Version Control Url: http://www.viewvc.org/ Summary: Browse a Subversion Repository with a Web Browser +License: BSD-3-Clause +Group: Development/Tools/Version Control # BuildRoot: %{_tmppath}/%{name}-%{version}-build -License: BSD-3-Clause -# http://www.viewvc.org/viewvc-%{version}.tar.gz -Source0: viewvc-%{version}.tar.bz2 +Source0: http://www.viewvc.org/viewvc-%{version}.tar.gz Source1: viewvc.conf Source99: viewvc-rpmlintrc Patch0: viewvc-buglink.patch ++++++ viewvc-buglink.patch ++++++ --- /var/tmp/diff_new_pack.mdIX7I/_old 2012-07-24 17:22:55.000000000 +0200 +++ /var/tmp/diff_new_pack.mdIX7I/_new 2012-07-24 17:22:55.000000000 +0200 @@ -1,6 +1,6 @@ ---- conf/viewvc.conf.dist.orig 2011-02-18 19:28:55.000000000 +0100 -+++ conf/viewvc.conf.dist 2011-02-19 01:46:36.000000000 +0100 -@@ -323,6 +323,21 @@ +--- conf/viewvc.conf.dist ++++ conf/viewvc.conf.dist +@@ -329,6 +329,21 @@ ##--------------------------------------------------------------------------- [options] @@ -22,12 +22,22 @@ ## root_as_url_component: Interpret the first path component in the URL ## after the script location as the root to use. This is an ## alternative to using the "root=" query key. If ViewVC is configured ---- lib/viewvc.py.orig 2011-02-18 20:43:26.000000000 +0100 -+++ lib/viewvc.py 2011-02-19 01:46:36.000000000 +0100 -@@ -1100,6 +1100,10 @@ - # Matches revision references - _re_rewrite_svnrevref = re.compile(r'\b(r|rev #?|revision #?)([0-9]+)\b') +--- lib/config.py ++++ lib/config.py +@@ -438,6 +438,7 @@ + self.options.log_pagesize = 0 + self.options.log_pagesextra = 3 + self.options.limit_changes = 100 ++ self.options.buglink_base = None + + self.templates.diff = None + self.templates.directory = None +--- lib/viewvc.py ++++ lib/viewvc.py +@@ -1122,6 +1122,10 @@ + return out, out_len, 0 + +# Matches bug numbers +_re_rewrite_bug = re.compile(r'((?:\bbug[\s:#+]|[^&]#|^#)\s*(\d\d+))', re.I) +_re_buglink_prefix = "" @@ -35,7 +45,7 @@ class ViewVCHtmlFormatter: """Format a string as HTML-encoded output with customizable markup rules, for example turning strings that look like URLs into anchor links. -@@ -1112,6 +1116,19 @@ +@@ -1134,6 +1138,19 @@ def __init__(self): self._formatters = [] @@ -55,24 +65,15 @@ def format_url(self, mobj, userdata, maxlen=0): """Return a 2-tuple containing: - the text represented by MatchObject MOBJ, formatted as -@@ -1289,6 +1306,10 @@ - escape=1) - lf.add_formatter(_re_rewrite_svnrevref, lf.format_svnrevref, - revision_to_url) -+ if cfg.options.buglink_base is not None: -+ global _re_buglink_prefix -+ _re_buglink_prefix = cfg.options.buglink_base -+ lf.add_formatter(_re_rewrite_bug, lf.format_bugzilla); - if cfg.options.mangle_email_addresses == 2: - lf.add_formatter(_re_rewrite_email, lf.format_email_truncated) - elif cfg.options.mangle_email_addresses == 1: ---- lib/config.py.orig 2011-02-18 20:27:50.000000000 +0100 -+++ lib/config.py 2011-02-19 01:46:56.000000000 +0100 -@@ -436,6 +436,7 @@ - self.options.log_pagesize = 0 - self.options.log_pagesextra = 3 - self.options.limit_changes = 100 -+ self.options.buglink_base = None +@@ -1356,6 +1373,11 @@ + lf.add_formatter(_re_rewrite_svnrevref, lf.format_svnrevref, + revision_to_url) - self.templates.diff = None - self.templates.directory = None ++ if cfg.options.buglink_base is not None: ++ global _re_buglink_prefix ++ _re_buglink_prefix = cfg.options.buglink_base ++ lf.add_formatter(_re_rewrite_bug, lf.format_bugzilla) ++ + # Rewrite email addresses. + if cfg.options.mangle_email_addresses == 2: + lf.add_formatter(_re_rewrite_email, lf.format_email_truncated) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org