Hello community, here is the log from the commit of package viewvc for openSUSE:Factory checked in at Thu Sep 10 13:10:22 CEST 2009. -------- --- viewvc/viewvc.changes 2009-05-13 20:56:03.000000000 +0200 +++ /mounts/work_src_done/STABLE/viewvc/viewvc.changes 2009-08-11 20:14:58.000000000 +0200 @@ -1,0 +2,18 @@ +Tue Aug 11 20:13:28 CEST 2009 - poeml@suse.de + +- update to 1.1.2: + * security fix: validate the 'view' parameter to avoid XSS attack + * security fix: avoid printing illegal parameter names and values + * add optional support for character encoding detection (issue #400) + * fix username case handling in svnauthz module (issue #419) + * fix cvsdbadmin/svnadmin rebuild error on missing repos (issue #420) + * don't drop leading blank lines from colorized file contents (issue #422) + * add file.ezt template logic for optionally hiding binary file contents +- update to 1.1.1: + * fix broken query form (missing required template variables) (issue #416) + * fix bug in cvsdb which caused rebuild operations to lose data (issue #417) + * fix cvsdb purge/rebuild repos lookup to error on missing repos + * fix misleading file contents view page title +- forward-ported the buglink patch (viewvc-buglink.patch) to 1.1.2 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- viewvc-1.1.0.tar.bz2 New: ---- viewvc-1.1.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ viewvc.spec ++++++ --- /var/tmp/diff_new_pack.LiHYar/_old 2009-09-10 13:09:31.000000000 +0200 +++ /var/tmp/diff_new_pack.LiHYar/_new 2009-09-10 13:09:31.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package viewvc (Version 1.1.0) +# spec file for package viewvc (Version 1.1.2) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: viewvc BuildRequires: apache2-devel python-devel -Version: 1.1.0 +Version: 1.1.2 Release: 1 # %define apxs /usr/sbin/apxs2 @@ -38,7 +38,7 @@ Summary: ViewVC - Browse a Subversion Repository with a Web Browser # BuildRoot: %{_tmppath}/%{name}-%{version}-build -License: BSD 3-Clause +License: BSD 3-clause (or similar) Source0: viewvc-%{version}.tar.bz2 Source1: viewvc.conf Patch0: viewvc-buglink.patch @@ -68,7 +68,7 @@ %prep %setup -q -%patch0 +%patch0 -p1 %build ++++++ viewvc-1.1.0.tar.bz2 -> viewvc-1.1.2.tar.bz2 ++++++ ++++ 5115 lines of diff (skipped) ++++++ viewvc-buglink.patch ++++++ --- /var/tmp/diff_new_pack.LiHYar/_old 2009-09-10 13:09:32.000000000 +0200 +++ /var/tmp/diff_new_pack.LiHYar/_new 2009-09-10 13:09:32.000000000 +0200 @@ -1,30 +1,43 @@ ---- conf/viewvc.conf.dist.orig 2009-05-13 20:51:38.000000000 +0200 -+++ conf/viewvc.conf.dist 2009-05-13 20:52:20.000000000 +0200 -@@ -261,6 +261,21 @@ - #--------------------------------------------------------------------------- +diff -uNr viewvc-1.1.2.orig/conf/viewvc.conf.dist viewvc-1.1.2/conf/viewvc.conf.dist +--- viewvc-1.1.2.orig/conf/viewvc.conf.dist 2009-07-07 16:06:18.000000000 +0200 ++++ viewvc-1.1.2/conf/viewvc.conf.dist 2009-08-11 20:12:38.790913000 +0200 +@@ -298,6 +298,21 @@ + ##--------------------------------------------------------------------------- [options] -+# The 'buglink_base' value is a string that can be used to form a URL -+# by appending a bug number. If viewvc sees something that looks -+# like a bug number in a log message (eg. "bug 12345" or "#12345"), it -+# will be displayed as a link to the bug in your bug tracking system. -+# -+# For a Bugzilla installation, you probably want to set this to -+# something like "http://hostname/show_bug.cgi?id=". For the Debian -+# bug tracker, you might use -+# "http://hostname/cgi-bin/bugreport.cgi?bug=". -+# -+# If 'buglink_base' is not set, then bug tracker links won't be -+# generated. -+# -+# buglink_base = http://example.com/show_bug.cgi?id= -+ - # root_as_url_component: Interpret the first path component in the URL - # after the script location as the root to use. This is an - # alternative to using the "root=" query key. If ViewVC is configured ---- lib/viewvc.py.orig 2009-05-13 20:45:43.000000000 +0200 -+++ lib/viewvc.py 2009-05-13 20:53:46.000000000 +0200 -@@ -1092,11 +1092,14 @@ ++## The 'buglink_base' value is a string that can be used to form a URL ++## by appending a bug number. If viewvc sees something that looks ++## like a bug number in a log message (eg. "bug 12345" or "#12345"), it ++## will be displayed as a link to the bug in your bug tracking system. ++## ++## For a Bugzilla installation, you probably want to set this to ++## something like "http://hostname/show_bug.cgi?id=". For the Debian ++## bug tracker, you might use ++## "http://hostname/cgi-bin/bugreport.cgi?bug=". ++## ++## If 'buglink_base' is not set, then bug tracker links won't be ++## generated. ++## ++#buglink_base = http://example.com/show_bug.cgi?id= ++ + ## root_as_url_component: Interpret the first path component in the URL + ## after the script location as the root to use. This is an + ## alternative to using the "root=" query key. If ViewVC is configured +diff -uNr viewvc-1.1.2.orig/lib/config.py viewvc-1.1.2/lib/config.py +--- viewvc-1.1.2.orig/lib/config.py 2009-06-04 17:41:53.000000000 +0200 ++++ viewvc-1.1.2/lib/config.py 2009-08-11 19:56:29.726935000 +0200 +@@ -251,6 +251,7 @@ + self.options.dir_pagesize = 0 + self.options.log_pagesize = 0 + self.options.limit_changes = 100 ++ self.options.buglink_base = None + + self.templates.diff = None + self.templates.directory = None +diff -uNr viewvc-1.1.2.orig/lib/viewvc.py viewvc-1.1.2/lib/viewvc.py +--- viewvc-1.1.2.orig/lib/viewvc.py 2009-08-11 15:05:06.000000000 +0200 ++++ viewvc-1.1.2/lib/viewvc.py 2009-08-11 19:56:29.721946000 +0200 +@@ -1096,11 +1096,14 @@ # otherwise, no mangling return text @@ -40,7 +53,7 @@ html = mangle_email_addresses(html, mangle_email_addrs) return html -@@ -1105,7 +1108,8 @@ +@@ -1109,7 +1112,8 @@ return log if htmlize: s = htmlify(log[:cfg.options.short_log_len], @@ -50,7 +63,7 @@ else: s = cgi.escape(log[:cfg.options.short_log_len]) if cfg.options.mangle_email_addresses == 2: -@@ -1314,7 +1318,7 @@ +@@ -1318,7 +1322,7 @@ if not chunk: break if htmlize: @@ -59,7 +72,7 @@ dst.write(chunk) class MarkupPipeWrapper: -@@ -1557,7 +1561,7 @@ +@@ -1572,7 +1576,7 @@ data['date'] = make_time_string(entry.date, cfg) data['author'] = entry.author data['changed'] = entry.changed @@ -68,7 +81,7 @@ data['size'] = entry.size if entry.date is not None: -@@ -1774,7 +1778,7 @@ +@@ -1789,7 +1793,7 @@ row.ago = html_time(request, file.date) if cfg.options.show_logs: row.short_log = format_log(file.log, cfg) @@ -77,7 +90,7 @@ row.lockinfo = file.lockinfo row.anchor = request.server.escape(file.name) row.name = request.server.escape(file.name) -@@ -1861,7 +1865,7 @@ +@@ -1876,7 +1880,7 @@ 'sortby' : sortby, 'sortdir' : sortdir, 'search_re' : search_re \ @@ -86,7 +99,7 @@ or None, 'dir_pagestart' : None, 'sortby_file_href' : request.get_url(params={'sortby': 'file', -@@ -2149,7 +2153,7 @@ +@@ -2164,7 +2168,7 @@ entry.ago = None if rev.date is not None: entry.ago = html_time(request, rev.date, 1) @@ -95,7 +108,7 @@ entry.size = rev.size entry.lockinfo = rev.lockinfo entry.branch_point = None -@@ -2604,7 +2608,7 @@ +@@ -2619,7 +2623,7 @@ text = string.replace(text, ' ', ' \x01nbsp;') else: text = string.replace(text, ' ', '\x01nbsp;') @@ -104,7 +117,7 @@ text = string.replace(text, '\x01', '&') text = string.replace(text, '\x02', '<span style="color:red">\</span><br />') -@@ -2980,7 +2984,7 @@ +@@ -2995,7 +2999,7 @@ changes = DiffSource(fp, cfg) else: raw_diff_fp = MarkupPipeWrapper(cfg, fp, @@ -113,7 +126,7 @@ None, 1) no_format_params = request.query_dict.copy() -@@ -3357,7 +3361,7 @@ +@@ -3372,7 +3376,7 @@ 'rev' : str(rev), 'author' : author, 'date' : date_str, @@ -122,7 +135,7 @@ 'ago' : date is not None and html_time(request, date, 1) or None, 'changes' : changes, 'prev_href' : prev_rev_href, -@@ -3487,7 +3491,7 @@ +@@ -3504,7 +3508,7 @@ comment = request.query_dict.get('comment', '') if comment: ret.append('with comment <i>%s</i> ' @@ -131,7 +144,7 @@ if who: ret.append('by <em>%s</em> ' % request.server.escape(who)) date = request.query_dict.get('date', 'hours') -@@ -3675,7 +3679,7 @@ +@@ -3692,7 +3696,7 @@ commit.log = None commit.short_log = None else: @@ -140,26 +153,3 @@ commit.short_log = format_log(desc, cfg, format != 'rss') commit.author = request.server.escape(author) commit.rss_date = make_rss_time_string(date, request.cfg) -@@ -4068,10 +4072,9 @@ - exc_dict = debug.GetExceptionData() - status = exc_dict['status'] - if exc_dict['msg']: -- exc_dict['msg'] = htmlify(exc_dict['msg'], mangle_email_addrs=0) -+ exc_dict['msg'] = htmlify(exc_dict['msg'], cfg.options.mangle_email_addresses, cfg.options.buglink_base) - if exc_dict['stacktrace']: -- exc_dict['stacktrace'] = htmlify(exc_dict['stacktrace'], -- mangle_email_addrs=0) -+ exc_dict['stacktrace'] = htmlify(exc_dict['stacktrace'], cfg.options.mangle_email_addresses, cfg.options.buglink_base) - handled = 0 - - # use the configured error template if possible ---- lib/config.py.orig 2009-05-13 20:45:20.000000000 +0200 -+++ lib/config.py 2009-05-13 20:45:41.000000000 +0200 -@@ -250,6 +250,7 @@ - self.options.dir_pagesize = 0 - self.options.log_pagesize = 0 - self.options.limit_changes = 100 -+ self.options.buglink_base = None - - self.templates.diff = None - self.templates.directory = None ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org