bin/cgi/viewvc.cgi | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 prevent robots from hitting the viewvc instance.
 If ViewVC is in control of the /robots.txt URL, it will stop crawlers from
 hitting every part of the repo, to avoid useless load.

viewvc-install | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 proper path and permissions for several installed files.
 Debianize and fix permissions in the install script.

conf/viewvc.conf.dist | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 create good defaults for viewvc.conf.
 Make default values for the CVS and SVN repos directories, and the
 templates directory.

lib/vclib/ccvs/ccvs.py | 2 1 + 1 - 0 !
lib/win32popen.py | 4 2 + 2 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 make exceptions valid again.
 Modern Pythons don't allow a string in the raise command.

bin/wsgi/query.wsgi | 1 1 + 0 - 0 !
bin/wsgi/viewvc.wsgi | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 <short summary of the patch>dd shebangs for wsgi scripts.
 Lintian is reporting executables without a shebang line, so adding it.

lib/viewvc.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 apply upstream patch to avoid xss attack

Escape the 'name' property of navigation path components
the same way we escape that of the 'root' path component.

Fix for CVE-2017-5938.

Reported upstream by: Thomas Gerbet <thomas.gerbet@enalean.com>