File: changelog

package info (click to toggle)
moin 1.9.9-1+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 76,024 kB
  • sloc: python: 143,896; java: 10,704; php: 2,385; perl: 1,574; xml: 371; makefile: 214; sh: 81; sed: 5
file content (1942 lines) | stat: -rw-r--r-- 81,860 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
moin (1.9.9-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776)

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 11 Oct 2018 20:54:28 +0200

moin (1.9.9-1) unstable; urgency=medium

  * New upstream release, lots of bug fixes
  * Includes a few security updates:
    + CVE-2016-9119: XSS in GUI editor's link dialogue
      (Closes: #844338)
    + CVE-2016-7146: XSS in GUI editor's attachment dialogue
      (Closes:#844340)
    + CVE-2016-7148: XSS in AttachFile view (multifile related)
      (Closes: #844341)
  * Apply recommended patch from upstream: fix wrong digestmod of hmac.new
    calls
  * Update patches to fit upstream changes:
    + use_systemwide_libs.patch
    + mail-verification.patch
  * Add patch from Paul Wise to implement an incremental dump process in
    moin dump
  * Fix timestamps to make package build reproducibly. Thanks to Eduard
    Sanou for the patch. Closes: #794014

 -- Steve McIntyre <93sam@debian.org>  Thu,  8 Dec 2016 22:13:08 +0000

moin (1.9.8-1) unstable; urgency=medium

  * New upstream release, lots of bug fixes
  * Remove patches that are now upstream:
    + avoid_empty_dir_creation.patch
    + subscribercache.patch
  * Update patches to fit upstream changes:
    + disable_gui_editor_if_fckeditor_missing.patch
    + use_systemwide_libs.patch
    + mail-verification.patch
    + external_account_creation_check.patch
  * Update README.Debian; add more info about "moin maint" etc.

 -- Steve McIntyre <93sam@debian.org>  Sun, 19 Oct 2014 01:31:22 +0100

moin (1.9.7-2) unstable; urgency=medium

  * Add source for the minified copy of jquery.js included in the upstream
    source tarball, even though it's never used in the Debian build at all.
    Close: #754783. Mention it in README.source too
  * Minor updates prompted by lintian:
    + Update Standards-Version
    + Switch from "dh_clean -k" to "dh_prep"
    + Minor tweaks to debian/copyright to fix parse errors

 -- Steve McIntyre <93sam@debian.org>  Thu, 31 Jul 2014 14:34:47 +0100

moin (1.9.7-1) unstable; urgency=low

  * New upstream release (x2)
  * Make sure that strings output to the external account creation checker
    are marked as UTF-8.
  * Re-add missing dependencies, fallout from the CDBS switch.
    Closes: #704433
  * Add dependency on python-passlib rather than use the bundled version.
  * Update patches to fit upstream changes:
    + recaptcha.patch
    + subscribercache.patch
    + use_systemwide_libs.patch
    + mail-verification.patch
  * Remove patches that were already from upstream:
    + constant_time_strcmp.patch
    + escape_css_url.patch
    + secure_taintfile_name.patch
    + escape_pagename_in_rss.patch
    + draw-taintfile.patch
    + attachfile-path-traversal.patch
  * Split out the call to external account creation check into a separate
    patch (external_account_creation_check.patch) instead of lumping it in
    with mail-verification.patch
  * Do not create empty pagedir (with empty edit-log). Patch from
    upstream. Closes: #721557

 -- Steve McIntyre <93sam@debian.org>  Tue, 30 Apr 2013 18:45:43 +0100

moin (1.9.5-5) unstable; urgency=low

  * Re-package without CDBS.
  * Switch from dh_pysupport to dh_python2

 -- Steve McIntyre <93sam@debian.org>  Sat, 19 Jan 2013 19:45:43 +0000

moin (1.9.5-4) unstable; urgency=high

  * Another security fix from upstream:
    + fix path traversal vulnerability in AttachFile action
      (CVE-2012-6080).

 -- Steve McIntyre <93sam@debian.org>  Sat, 29 Dec 2012 19:01:04 +0000

moin (1.9.5-3) unstable; urgency=high

  * Security fix from upstream:
    + fix remote code execution vulnerability in twikidraw/anywikidraw
      actions (CVE-2012-6081).

 -- Steve McIntyre <93sam@debian.org>  Sat, 29 Dec 2012 16:54:15 +0000

moin (1.9.5-2) unstable; urgency=high

  * Several security fixes from upstream:
    + fix XSS issue, escape page name in rss link (CVE-2012-6082)
    + make taintfilename more secure
    + escape user- or admin-defined css url
    + use a constant time str comparison function to prevent timing
      attacks

 -- Steve McIntyre <93sam@debian.org>  Wed, 12 Dec 2012 14:17:35 +0000

moin (1.9.5-1) unstable; urgency=low

  * New upstream release.
  * New maintainer: Steve McIntyre. Thanks to Jonas for all his previous
    hard work.

 -- Steve McIntyre <93sam@debian.org>  Sat, 10 Nov 2012 20:19:36 +0000

moin (1.9.4-8) unstable; urgency=high

  * High urgency for a security fix
  * Add patch from upstream to fix a virtual group bug in ACL evaluation
    (CVE-2012-4404).

 -- Steve McIntyre <93sam@debian.org>  Wed, 05 Sep 2012 01:57:30 +0100

moin (1.9.4-7) unstable; urgency=low

  * subprocess.check_output only appeared in python 2.7. Use
    subprocess.Popen and .communicate() instead to get the same effect but
    working on older python versions too.

 -- Steve McIntyre <93sam@debian.org>  Fri, 10 Aug 2012 14:20:26 +0100

moin (1.9.4-6) unstable; urgency=low

  * Fix the error message displayed when external_creation_check fails

 -- Steve McIntyre <93sam@debian.org>  Mon, 30 Jul 2012 19:52:39 +0100

moin (1.9.4-5) unstable; urgency=low

  * Store date and host when a new account is created
  * Add the option to call an external helper program at account creation
    time to help with local account control policy (e.g. anti-spam)
  * Make sending of email verification messages slightly more verbose.

 -- Steve McIntyre <93sam@debian.org>  Sun, 29 Jul 2012 11:40:28 +0100

moin (1.9.4-4) unstable; urgency=low

  * Fix stupid typo in the mail verification patch. Closes: #671211

 -- Steve McIntyre <93sam@debian.org>  Thu, 03 May 2012 12:55:49 +0100

moin (1.9.4-3) unstable; urgency=low

  * Update the subscriber lookup patch to add locking.
  * Add a new patch to add support for verifying email addresses during
    account creation.

 -- Steve McIntyre <93sam@debian.org>  Mon, 30 Apr 2012 17:22:27 +0100

moin (1.9.4-2) unstable; urgency=low

  * Add a cache for subscriber lookup to boost performance on page save.
    Patch from Vitaliy Shchupak. Closes: #668000

 -- Steve McIntyre <93sam@debian.org>  Mon, 16 Apr 2012 20:18:27 +0100

moin (1.9.4-1) unstable; urgency=low

  * New upstream release.
    Closes: bug#663340.
  * Bump debhelper compatibility level to 7.
  * Stop providing/replacing/conflicting with moinmoin-common:
    Transitional quirk unneeded since Lenny.
  * Drop preinst/postrm conffile renaming hack, unneeded since MoinMoin
    1.5.2.
  * Update package relations:
    + Stop needlessly build-depend versioned on cdbs: shadowed by even
      tighter versioning due to use of default Python install helper.
    + Use unversioned suggest for python-docutils: Needed version
      satisfied even in oldstable.
  * Drop dpkg-source local-options hint: Declared options are default
    since dpkg-source 1.16.1.
  * Drop patch implementing CVE-2011-1058: Applied upstream.
  * Unfuzz patch disabling GUI editor.
  * Update copyright file:
    + Extend/bump some copyright years.
    + Introduce new copyright holder.
    + Fix list more specific Files section after general one.
    + Bump format to 1.0.
    + Fix double-indent in Copyright fields as per Policy §5.6.13.
  * Bump standards-version to 3.9.3.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 13 Mar 2012 11:20:33 +0100

moin (1.9.3-3) unstable; urgency=high

  [ Steve McIntyre ]
  * Add myself to Uploaders
  * Add patch from upstream to fix a cross-site scripting vulnerability in
    the rst parser (CVE-2011-1058). Closes: #643904

 -- Steve McIntyre <93sam@debian.org>  Tue, 04 Oct 2011 13:14:09 +0100

moin (1.9.3-2) unstable; urgency=low

  * Ease building with git-buildpackage:
    + Git-ignore quilt .pc dir.
    + Add source local-options.
  * Add patch to add simple support for using recaptcha.
    Closes: bug#637880. Thanks to Steve McIntyre.
  * Depend on python-recaptcha, required by recaptcha support.
  * Suggest cifs-utils (not smbfs).
    Closes: bug#638156. Thanks to Luk Claes.
  * Update copyright file:
    + Rewrite using draft 174 of DEP-5 format.
    + Add recaptcha patch, licensed GPL-2+.
  * Use Python helper python2 (not python-support).
  * Bump Policy compliance to Standards-Version 3.9.2.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 22 Aug 2011 19:13:00 +0200

moin (1.9.3-1) unstable; urgency=low

  * New upstream release.

  [ Frank Lin PIAT ]
  * Build-Depends on python rather than python-dev.
    Closes: bug#576426.
  * Fix location of README.Migration in NEWS file.
  * Install upstream's docs/REQUIREMENTS file.
  * Add manpage moin(1).
  * Drop lintian override for test.wsgi: no longer executable.
  * Add lintian override for no-doc-base-registration.
  * Install the desktop edition sample config files.
  * Fix werkzeug-0.6 http redirect incompatibility.
    Closes: bug#579189.
  * Improve DEP3 header for patch fix_werkzeug_0.6_http_redirect
  * Fix werkzeug-0.6 xmlxpc incompatibility.
    Closes: bug#580186.

  [ Jonas Smedegaard ]
  * Fix conditionally append version in hash-bang of Python scripts
    (relevant only on systems where default Python version is
    unsupported - i.e. highly unlikely to have caused real trouble
    anywhere). Tighten build-dependency on cdbs to versions providing
    new variable name. Rephrase related comment.
  * Drop files section in copyright file for no longer shipped CDBS
    snippet.
  * Fix append version to python dependency if using non-default
    version.
  * Tidy rules file: move variable below cdbs inclusions, and improve
    some comments.
  * Drop patches applied in upstream 0.9.3 release. Refresh patches.
  * Tighten build-dependency on cdbs.
  * Bump Policy compliance to Standards-Version 3.9.1.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 31 Jul 2010 20:46:59 -0400

moin (1.9.2-3) unstable; urgency=high

  [ Frank Lin PIAT ]
  * Add patch to fix CVE-2010-0828: XSS in Despam page.
    Closes: 575995, thanks to Jamie Strandboge (Ubuntu).

  [ Jakub Wilk ]
  * Fix htdocs symlink, when compiled with python2.6.
    Closes: bug#557956.

  [ Jonas Smedegaard ]
  * Drop local package-relations.mk snippet, now in main cdbs package.
  * Unfuzz and refresh patches (with quilt compacting options
    --no-timestamps --no-index -pab).
  * Add DEP3 header to patch "CVE-2010-0828.patch".
  * Stop suppressing optional build-dependencies: we need recent cdbs
    anyway (to not complicate packaging with a local CDBS snippet) so
    cannot please backporters anyway.
  * Build-depend on devscripts and dh-buildinfo, and tighten build-
    dependency on cdbs, due to above changes.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 03 Apr 2010 16:27:00 +0200

moin (1.9.2-2) unstable; urgency=medium

  [ Frank Lin PIAT ]
  * Minor improvements to moin-update-wikilist.1 manpage

  [ Jonas Smedegaard ]
  * Update local CDBS snippets:
    + use main upstream-tarball.mk, and drop no longer used local one.
    + Include main utils.mk (not copyright-check.mk now gone).
    + Only dash-include non-crucial upstream-tarball.mk and suppress its
      build-dependency hint, to ease backporting.
    + Temporarily disable buildinfo.mk, until more backport-friendly.
    + Shrink local package-relations.mk to only handle binary relations
      (the rest merged into buildcore.mk since cdbs 0.4.69), and fix
      avoid accidentally relying on debhelper.mk.
  * As effect of above, stop build-depending on devscripts or
    dh-buildinfo, and relax build-dependency on cdbs to be unversioned.
  * Set urgency=medium, as only manpage changes should affect content of
    package, and improved backportability is wanted in testing.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 08 Mar 2010 20:41:32 +0100

moin (1.9.2-1) unstable; urgency=low

  [ Frank Lin PIAT ]
  * New upstream release.
    + Fix broken with python-werkzeug 0.6-1, Closes: #571016
    + Fix CVE-2010-0668 and CVE-2010-0669, Closes: #569975
    + Fix action=diff Exception if a page doesn't exist/has no editlog,
      Closes: #567129
    + Fix incompatibility with old style configuration "cookie_lifetime = 1"
      Closes: #560172
    + Improve documentation of farmconfig.py, Closes: #559896

  [ Jonas Smedegaard ]
  * Drop old conflicts/replaces needed for Etch transition.
  * Update copyright file:
    + Comma-separate files
    + merge some debian entries
    + bump some years
    + Add leading ./ to files
    + Improve wording of X-Copyright-Comment stanza
    + Use Maintainer stanza (not Contact)
    + Use Expat (not other-MIT) as license short-name
    + Fix GPL licenses to include verbatim license text, disclaimer and
      reference to FSF
    + Merge license other-ModifiedBSD with virtually identical other-
      ModifiedBSD-contributors
    + Declare copyright conformant with DEP5 rev. 135
  * Bump copyright years and add Frank Lin as owner in rules file.
  * Refer to FSF website (not postal address) in rules file header.
  * Drop DEB_AUTO_UPDATE_DEBIAN_CONTROL handling from rules file
    (included in main cdbs since 0.4.67). Drop now unneeded lintian-
    overrides.
  * Stop build-depending on (yet) unused help2man.
  * Simplify installation of desktop edition (both ours and that of the
    local user).
  * Drop workaround rules for cruft no longer shipped upstream.
  * Ensure variable-expanded files are not accidentally copyright-
    checked (double-colon rules may run in parallel).
  * Drop local CDBS snippets copyright-check.mk and buildinfo.mk,
    included with cdbs since 0.4.67.
    Tighten build-dependency on cdbs to versions providing the snippets.
  * Improve package-relationships.mk to strip unversioned build-
    dependency following same versioned.
  * Use source format "3.0 'quilt'":
    + Add format hint to source
    + Update README.source
    + Stop including patchsys-quilt.mk
    + Stop build-depending on quilt or patchutils
  * Drop local CDBS snippet python-distutils.mk, cdbs now mature enough.
    Relax build-dependencies on python-dev and python-support.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 01 Mar 2010 23:23:11 +0100

moin (1.9.1-1) unstable; urgency=high

  * New upstream release.
    + Fixes security issue in CGI handling, introduced in 1.9. Closes:
      bug#565854, thanks to Pascal Volk and Frank Lin PIAT.
  * Update local CDBS snippets:
    + Tighten and minor fix of package-relations.mk dependency cleanup.
    + Relax upstream-tarball.mk to depend unversioned on cdbs (the
      needed 0.4.39 is in oldstable).
    + Check most lines (top 99999, not just 60) in copyright-check.mk.
      Improve licensecheck filtering. Group files by owners (ignore
      years) and sort owners by ownership string (years and then owner).
    + Update upstream-tarball.mk to preserve bzip2 tarballs with source
      format 3.0 (quilt).
  * Minor updates to debian/copyright (no new owners or licenses).
  * Make debhelper build-dependency unversioned (thanks to CDBS).
  * Fix emodify explicitly ownership for all in zip repackaging script
    process_language_pages, to avoid spurious failure to remove write
    access from lithuanian binary.
  * Set urgency=high due to security fix.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 22 Jan 2010 12:16:29 +0100

moin (1.9.0-1) unstable; urgency=low

  * New upstream release

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 07 Dec 2009 12:42:08 +0100

moin (1.9.0~rc2-1) unstable; urgency=low

  [ Frank Lin PIAT ]
  * New upstream prerelease

  [ Jonas Smedegaard ]
  * Another new upstream prerelease.
  * Unfuzz and merge patches to use separately packaged Python modules,
    and extend to cover Xappy. Recommend python-xappy.
  * Build-depend on unzip and zip.
  * Suggest (not depend on) python-flup.
  * Suggest python-openid, python-tz, python-ldap, python-mysqldb,
    smbfs, poppler-utils/xpdf-utils and docbook-dsssl.
  * Improve local hacked licensecheck to adjust more known contributors,
    and sync with distributed version 2.10.58.
  * Update debian/copyright: many new, changed and dropped owners and
    copyright years in new upstream release, and a new ModifiedBSD
    licensing variant.
  * Update version mangling for get-orig-source rule.
  * Fix explicitly use sh to invoke process_language_pages in
    debian/rules (script not guaranteed to be set executable).
  * Restructure patches to DEP3 format: Adjust meta-info; drop leading
    numbers and README, unfuzz.
  * Add NEWS item (targeted right before upstream 1.9.0 release) about
    need for migration.  Bump firstcompat migration hint in postinst.
  * Tighten supported Python versions to at least 2.4.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 01 Dec 2009 13:20:06 +0100

moin (1.8.5-1) unstable; urgency=low

  [ Frank Lin PIAT ]
  * New Upstream Version
  * Bump standards-version to 3.8.3.
  * Move package to section "web".
  * Suppress lintian warnings about test.wsgi script not being
    executable.
  * Re-enable patch 10001 (disable RenderAsDocbook if no xml) the
    patch was updated but not enabled.
  * Improve upgrading note in README.Debian, Closes: bug#494355.

  [ Jonas Smedegaard ]
  * Update package-relations.mk: Cleanup unversioned+versioned
    dependency mix. Improve whitespace cleanup. Rewrite and silence
    applying dependencies.
  * Drop binary section stanza (superfluous when equal to source
    stanza).
  * Update Vcs-Browser stanza to versioned branches (to make room for
    concurrent packaging of multiple major releases of MoinMoin).
  * Update a copyright year in debian/copyright.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 13 Sep 2009 00:40:07 +0200

moin (1.8.4-1) unstable; urgency=low

  [ Frank Lin PIAT ]
  * New Upstream Version.
  * Define VirtualHost port number in Apache2 examples, Closes: 
    bug#533062.

  [ Jonas Smedegaard ]
  * Update URL to draft DEP5 format in copyright-check.mk output.
  * Sync local patched licensecheck script with devscript 2.10.51.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 18 Jun 2009 00:14:44 +0200

moin (1.8.3-2) unstable; urgency=low

  [ Frank Lin PIAT ]
  * Fix an error in moin-mass-migrate, when setuid account belongs to a
    group through NSS (ldap, psql). Closes: #530635. Thanks to Joey Hess
    for the patch (initially targeted to ikiwiki-mass-rebuild).

  [ Jonas Smedegaard ]
  * Recommend default-mta (not exim4) as, well, default MTA. Closes:
    bug#531729.
  * Update CDBS snippets:
    + Fix package-relations cleanup of debhelper 7
    + Implement fail-source-not-repackaged rule in upstream-tarball.mk
  * Rewrite copyright to use DEP5 r54 proposed machine-readable format.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 03 Jun 2009 20:11:53 +0200

moin (1.8.3-1) unstable; urgency=high

  [ Frank Lin PIAT ]
  * Re-implement patch 10001_disable_RenderAsDocbook_if_no_xml.
  * Warn if fckeditor is installed but not configured.
  * Don't create fake fckeditor.js because we can't invalidate the client
    side caching once fckeditor is installed.
  * Update the copyright file.

  [ Jonas Smedegaard ]
  * New upstream release:
    + Fixes CVE-2009-1482. Closes: bug#526594.
  * Add README.source.  Drop custom hints about CDBS.
  * Bump standards-version to 3.8.1.
  * Maintain all package relations in debian/rules, resolved using CDBS.
  * Set urgency=high due to security fix.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 20 May 2009 17:44:30 +0200

moin (1.8.2-2) unstable; urgency=low

  [ Jonas Smedegaard ]
  * Update debian/copyright (Bump years, merge equally licensed and
    authored files.
  * Update copyright hints.
  * Refer to …/README.Debian(.gz) (not just …/README.Debian), and limit
    note to max. 72 chars per line. Closes: bug#516123, thanks to Brent
    Clark.

  [ Frank Lin PIAT ]
  * Use systemwide copy of fckeditor Closes: bug#452599

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 26 Feb 2009 04:47:03 +0100

moin (1.8.2-1) unstable; urgency=low

  * New upstream release.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 08 Feb 2009 20:48:30 +0100

moin (1.8.1-1) unstable; urgency=low

  * New upstream release.
  * Add NEWS item (targeted for upstream 1.8.1 release) about need for
    migration.  Bump firstcompat migration hint in postinst.
  * Auto-resolve html staticpath at build time. Closes: bug#507182,
    thanks to John Goerzen.
  * Update CDBS snippets:
    + Several minor improvements to upstream-tarball.mk.
    + Compact simple licenses (those without ' or later') in
      copyright-check.mk
    + Fix use underscore (not dash) in internal variable
    + Ignore only debian changelog and copyright-related files by
      default in copyright-check.mk
    + Correct and update copyright hints of the snippets themselves
  * Add licensing info to debian/rules.
  * Include local copy of licensecheck, patched to vastly improve
    discovery of the hinting style used in MoinMoin sources.  Patch
    copyright-check.mk CDBS snippet to use local licensecheck.
  * Update copyright hints.
  * Rewrite debian/copyright to use new proposed format (v420).
  * Drop depending on dropped or irrelevant packages:
    + libapache-mod-python (dropped)
    + libapache-mod-fastcgi (dropped)
    + python-twisted (just a transitional package)
    Closes: bug#429713, thanks to Jérémie Corbier.
  * Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
  * Depend on ${misc:Depends}.
  * Semi-auto-update debian/control to update dependencies:
      DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 30 Dec 2008 02:25:54 +0100

moin (1.8.0-1) unstable; urgency=low

  * New upstream release.
  * Fix prerelease numbering in uscan and debian/rules to use ~ (not
    dot).
    (Luckily the recent prereleases was done only to experimental, so
    the odd version numbers shouldn't count).
  * Drop installing documentation file docs/HACKS: Dropped upstream.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 04 Nov 2008 23:40:01 +0100

moin (1.8.0.beta1-2) experimental; urgency=low

  * Document how to use various features in README.Debian

 -- Frank Lin PIAT <fpiat@klabs.be>  Mon, 15 Sep 2008 22:02:36 +0200

moin (1.8.0.beta1-1) experimental; urgency=low

  * New upstream prerelease.
  * Add leading dot to Debian representation of upstream prereleases (to
    keep it lower than final release) in debian/rules and watch file.
  * Disable patch 10001 (disable RenderAsDocbook if no xml) as upstream
    config parsing code has changed: patch needs a complete rewrite!
  * Drop installing example code phpwiki_migration: Dropped upstream.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 14 Sep 2008 18:26:57 +0200

moin (1.7.2-1) unstable; urgency=low

  * New upstream release.
  * Preserve upstream automade i18n files instead of removing in clean
    target (works more robust with source maintained under VCS).

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 09 Sep 2008 08:41:11 +0200

moin (1.7.1-2) never-really-releasedq; urgency=low

  * Update cdbs snippet python-distutils.mk to run dh_py* scripts before
    dh_installinit.  See bug#494288.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 08 Aug 2008 13:38:17 +0200

moin (1.7.1-1) unstable; urgency=low

  * New upstream release.  Closes: bug#492233, thanks to Teodor.
    + Fixes bogus empty page creation.  Closes: bug#489146, thanks to
      Sam Morris.
  * Recommend python-xml, needed for RSS feeds.  Closes: bug#488777,
    thanks to Sam Morris.
  * Add patch 10001 to disable RenderAsDocbook if python-xml is not
    available. Closes: bug#487741, thanks to Franklin Piat.
  * Update cdbs snippets:
    + Move dependency cleanup to new local snippet package-relations.mk.
    + Update copyright-check output to more closely match proposed new
      copyright file format.
    + Update README.cdbs-tweaks.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 24 Jul 2008 23:50:51 +0200

moin (1.7.0-3) unstable; urgency=low

  * Simplify /etc/moin/wikilist format: "USER URL" (drop unneeded middle
    CONFIG_DIR that was wrongly advertised as DATA_DIR).  Make
    moin-mass-migrate handle both formats and warn about deprecation of
    the old one.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 22 Jun 2008 21:17:13 +0200

moin (1.7.0-2) unstable; urgency=low

  * Add NEWS item (targeted for upstream 1.7.0 release) about need for
    migration.  Bump firstcompat migration hint in postinst.
  * Suggest python-pyxmpp.
  * Recommend webserver packages (instead of suggesting them).  Favor
    apache2, and rewrite README.Debian example to use apache2.  Add
    python-twisted-web, libapache-mod-fcgid and libapache2-mod-fastcgi
    as fallback recommendations.  Stop recommending apache (provided by
    httpd-cgi).
  * Drop conflicting/replacing moin (even oldstable has
    python-moinmoin).
  * Merge moinmoin-common into python-moinmoin.
    Rationale: separation of common stuff was no longer needed when
    Python policy 2 made it possible to provide a single binary package
    for all supported versions of Python.  On the other hand it didn't
    hurt anything either.
    When the mass-migration routine was recently added, it got tied to
    the wrong package.  Instead of adding even more complexity, it makes
    better sense to simplify instead.
  * Install the "moin" script normally (not as example script).  Closes:
    bug#487511, thanks to Franklin Piat.
  * Fix servertweaks sed rules to properly hardcode configdir /etc/moin
    for the various server scripts.  Closes: bug#487507, thanks to
    Franklin Piat.
  * Add patch 20002 to hardcode configdir /etc/moin for "moin" script.
  * Improve README.Debian example to setup wikilist, and improve
    wikilist commented out example to match README.Debian.  Closes:
    bug#487531, thanks to Franklin Piat.
  * Fix wikilist header comment to talk about data dir (not config dir).
  * Semi-auto-update debian/control to update dependencies:
      DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 22 Jun 2008 16:57:20 +0200

moin (1.7.0-1) unstable; urgency=low

  * New upstream release.
  * Unfuzz patch.
  * Suggest python-4suite-xml (not python-4suite).  Closes: bug#434431,
    thanks to Raphael Bossek, Franklin PIAT and Matthias Klose.
  * Drop obsolete instructions in README.Debian.  Closes: bug#365069,
    thanks to Mike O'Connor.
  * Recommend python-xapian, and suggest antiword and catdoc.  Closes:
    bug#486473, thanks to Sam Morris.
  * Update debian/copyright-hints.
  * Update local cdbs snippets:
    + Relax copyright-check to only warn about its discoveries.  Closes:
      bug#487073, thanks to Lucas Nussbaum.
    + Update dependency cleanup to strip cdbs 0.4.27 (not 0.4.27-1).
  * Semi-auto-update debian/control to update build-dependencies:
      DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 22 Jun 2008 02:52:47 +0200

moin (1.6.3-1) unstable; urgency=high

  * New upstream release.
    Highlights:
    + Security fix: major ACL and superuser priviledge escalation if
      using ACL entries other than "Known:" or "All:" and/or a non-empty
      superuser list.
    + Security fix: ACL processing sometimes wrong when
      acl_hierarchic=True.
    + No longer check protocol for {{transclusion_targets}}.
    + Fixed TableOfContents macro for included pages.
    + server_fastcgi: added Config.port = None.
    + category: search matches categories even if there are comment lines
      between the horizontal rule and the real categories.
    + Added 'notes' to config.url_schemas, to use notes://notessrv/...
      to invoke your Lotus Notes client.
    + Immediately login user after creating a new user profile via
      UserPreferences.
  * Set urgency=high due to security fixes.
  * Add new helper script moin-mass-migrate, based on the ikiwiki script
    ikiwiki-mass-upgrade written by Joey Hess.
    Add NEWS entry, and rewrite migration section in README.Debian.
  * Add new helper script moin-update-wikilist, based on the ikiwiki
    script ikiwiki-update-wikilist written by Joey Hess.
  * Update cdbs tweaks:
    + Strip any non-printable characters in copyright-check.mk.  Update
      copyright-hints.
    + Relax python-central build-dependencies in python-distutils.mk.
  * Bump debhelper compatibility level to 6 (was 4).
  * Bump standards-version to 3.7.3 (no changes needed).
  * Rely on dh_lintian (already included in cdbs debhelper.mk rule) to
    install lintian overrides.
  * Drop custom distribution support (unmaintained for some time now).
  * Drop support for old Python policy.
  * Remove no longer true comments in debian/rules.
  * Semi-auto-update debian/control to update build-dependencies:
      DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 23 Apr 2008 12:24:37 +0200

moin (1.6.2-1) unstable; urgency=low

  * New upstream release. Closes: bug#461920.
    + Drop HG snapshot patches 0*: applied upstream.
    + Drop security patch 10010: Fixed differently upstream.
  * Update upstream source URL in debian/copyright, debian/rules and
    debian/watch.
  * Avoid graphical editor (based on old version of FCKeditor):
    + Add patch 20001 to always use text editor
    + Install FCKeditor files only as example files
    + Add NEWS item about the change
    + Drop patch 10011 patching known security issues with the editor.
    Closes: bug#467363.
  * Packaging moved to collab-maint Git at Alioth. Update VCS-* hints.
  * Update upstream URL in Homepage hint.
  * Update cdbs tweaks:
    + Support zip in upstream-tarball.mk
    + Use ~ as repackaging delimiter in upstream-tarball.mk to make room
      for point releases and cleaned up rerelease
    + Rename top srcdir in repackaged tarball to $pkg-$ver.orig to
      comply with Developers Reference 6.7.8.2.
    + Support mangling upstream version string in upstream-tarball.mk
    + Drop wget options broken with recent versions of wget in
      update-tarball.mk
    + Drop unneeded buildcore.mk override (just set environment flag
      manually when needed instead).
    + Update copyright-check.mk to use licensecheck script, and store
      newline-delimited hints
  * Update copyright_hints.
  * Semi-auto-update debian/control to update build-dependencies:
      DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 08 Apr 2008 23:59:28 +0200

moin (1.5.8-5.1) unstable; urgency=high

  * NMU with maintainer consent, urgency for security updates
  * update upstream patches to moin-1.5 branch revision 856 to fix bugs
    + cross-site scripting vulnerabilities using AttachFile,
      CVE-2008-0781
    + directory traversal in MOIN_ID cookie vulnerability,
      CVE-2008-0782 (Closes: #462984)
    + XSS problem in login, CVE-2008-780

 -- Thomas Viehmann <tv@beamnet.de>  Tue, 19 Feb 2008 22:38:10 +0100

moin (1.5.8-5) unstable; urgency=high

  * Acknowledge NMU.
    + Rename patch to 10011 (to match documented naming scheme).
    + Unfuzz patch.
  * Use Vcs-* fields (not XS-Vcs-* fields) in debian/control.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 21 Oct 2007 17:39:47 +0200

moin (1.5.8-4.1) unstable; urgency=high

  * Non-maintainer upload by the testing-security team
  * Include upstream patch to enable whitelisting, instead of
    insufficient blacklisting for file uploads (Closes: #429205)
    Fixes: CVE-2007-5156, CVE-2007-3163, CVE-2007-2630, CVE-2006-0658

 -- Steffen Joeris <white@debian.org>  Sun, 21 Oct 2007 14:43:37 +0000

moin (1.5.8-4) unstable; urgency=low

  * Sync with upstream HG development source as of today (patchset 851):
    + Avoid out-of-space file corruption of "current" page.
    + Fix translation of "Toggle line numbers" link.
  * Move Homepage to own field (from pseudo-field in long description).

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 29 Sep 2007 19:16:43 +0200

moin (1.5.8-3) unstable; urgency=high

  * Acutally apply the added patch in 1.5.8-2.
  * Raise to urgency=high as these are only security-related bugfixes.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 16 Sep 2007 21:57:48 +0200

moin (1.5.8-2) unstable; urgency=low

  * Sync with upstream HG development source as of today (patchset 849):
    + XSS fix with RenamePage and and DeletePage
    + ACL fix: only send <link rel=Appendix... when there's read access

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 16 Sep 2007 20:05:00 +0200

moin (1.5.8-1) unstable; urgency=low

  * New upstream release.
  * Drop all earlier patches from upstream Mercurial: applied upstream.
  * Sync with upstream HG development source as of today (patchset 845).
  * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control.
  * Update cdbs tweaks:
    + Various improvements to update-tarball.
  * Better duplicate build-dependency cleanup in debian/rules, and semi-
    auto-update debian/control:
      DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build
  * Replace deprecated ${Source-Version} with Use binNMU-safe
    ${source:Version} in debian/control. Thanks to Lintian.
  * Remove MoinMoin/i18n/meta.py in clean target.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 03 Sep 2007 02:31:41 +0200

moin (1.5.7-3) unstable; urgency=high

  * Sync with upstream HG development source, including a security fix:
    + XSS fix for AttachFile 'do' parameter.
    CVE-2007-2423. Closes: bug#422408, thanks to EN Douli for discovery
    and to Florian Weimer for reporting to Debian BTS.
  * Update local cdbs tweaks:
    + Improved upstream-tarball handling.
    + Minor updates to debain/README.cdbs-tweaks.
  * Cleanup duplicate build-dependencies.
  * Set urgency=high due to the upstream security fix.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 06 May 2007 10:01:44 +0200

moin (1.5.7-2) unstable; urgency=high

  * Sync with upstream HG development source, including a security fix:
    + Respect ACLs in MonthCalendar macro.
  * Update local cdbs tweaks:
    + Check for copyrights at pre-build (at clean we might run before
      actual cleanup has finished).
    + Add new upstream-tarball.mk: get-orig-source target and more.
    + Update debain/README.cdbs-tweaks.
  * Set urgency=high due to the upstream security fix.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 04 Apr 2007 10:48:07 +0200

moin (1.5.7-1) unstable; urgency=low

  * New upstream release. Closes: Bug#384349.
    Highlights:
    + XSS Fixes (already fixed in Debian NMU).
    + Improved LDAP authentication.
    + Various GUI editor improvements (but still buggy!).
    + Attachments can be overwritten, moved to a different page, and
      referenced.
    + Various performance improvements.
    + Rendering fixes (especially workarounds for IE6 bugs).
    + Simplified migration routine. Please read
      /usr/share/doc/moinmoin-common/README.Migration(.gz).
    + Fix for forgotten password email login URL.
    + Google sitemap support: ?action=sitemap.
    + Updated translations: i18n strings, system and help pages.
    + Hyphens are now allowed in usernames. Closes: Bug#383909.
    + Improved docutils and ReST support.
  * Acknowledge NMUs. Closes: Bug#373464, #383841, #410338, thanks to
    Josselin Mouette, Pierre Habouzit, Martin Zobel-Helas and Toni
    Mueller.
  * Reorganize patches.
    + Extend patches to 5 digits to make room for Hg changesets.
    + Adjust debian/patches/README to mention Hg (not Arch).
    + Use quilt (not the simple cdbs-internal patch system).
  * Add patches to bring in sync with upstream Hg (patchset 822).
  * Remove parts of CVE-2007-0857 applied upstream (changesets 805-806).
    Rename patch to follow new 5-digit scheme.
  * Rewrite README.packaging to describe getting changesets from Hg (not
    Arch).
  * Update CDBS tweaks:
    + Update copyright-check.mk: Look for "(c)" too, avoid non-printable
      characters, verbose error report.
    + Update buildinfo.mk: Fix touchfile to run only once.
    + Major overhaul of python-distutils.mk: Syncronize with main cdbs,
      which adds support for new Python policy, and massive rewrite to
      bring back functionality broken in the default implementation of
      that new policy.
    + Replace auto-update.mk with (overload of) buildcore.mk.
    + Add README.cdbs-tweaks documenting the added tweaks.
    + Advertise README.cdbs-tweaks in debian/rules.
  * Enable new Python policy, except when DEB_BUILD_OPTIONS contains
    "sarge". Closes: Bug#373464 (thanks to Pierre Habouzit and ).
  * Bump up Standards-Version to 3.7.2 for non-default distros.
  * Adjust long description to not mention dropped pythonXX-moinmoin.
  * As stated in README.Debian, CGI interface has had most testing:
    + Revert to suggesting apache in favor of libapache(2)-python.
    + Suggest httpd-cgi (not httpd) as fallback.
  * Cleanup and improve debian/rules:
    + Use (newly improved!) tweaked cdbs again, to also support
      distributions using the old python policy.
    + Restore rules aaplying only to old python policy.
    + Add switch to declare variables varying between python policies.
    + Stitch together README.Debian from parts, referring to build-
      dependent default python version, and leaving out section on
      multiple packages when using new python policy.
    + Stitch together README.Debian and  moinmoin-common.postinst in
      pre-build, and remove in clean. This avoids distributing changes
      and then loosing it again automatically at next build.
    + Add more comments.
    + Move build targets to switch distribution down to the bottom.
  * Update debian/copyright:
    + Add new copyright for Bubblehelp infoboxes (license: GPLv2).
    + Add new copyright for EXIF filter (license: BSD-like).
    + Fix non-unicode Character (copyright-holder Peter Åstrand).
  * No longer install docs/CHANGES.config dropped upstream.
  * Add note to README.Debian about risk of dict symlink breaking if
    copying and using the data from a different location. This relates
    only to the recent NMU changing (without documentaing!!!) from
    static to shared symlink.
  * Use Build-depends (not Build-depends-Indep) for non-default
    distributions.
  * Tightened pyversions to only include 2.3 and higher.
  * Suppress lintian warnings about INSTALL.html in docs (contains
    valuable info on further steps than automated in this packaging) and
    non-executable scripts in underlay (they should never be executed
    from there).

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 16 Mar 2007 18:07:48 +0100

moin (1.5.3-1.2) unstable; urgency=low

  * Non-maintainer upload.
  * Adding patch from BTS to fix CVE-2007-0857 (Closes: #410338) 

 -- Martin Zobel-Helas <zobel@debian.org>  Tue, 27 Feb 2007 10:00:39 +0100

moin (1.5.3-1.1) unstable; urgency=low

  [ Pierre Habouzit ]
  * Non-maintainer upload.
  * Update package to the last python policy (Closes: #373464).
  * Bump Standards-Version to 3.7.2.

  [ Josselin Mouette ]
  * Update Suggests now that mod_python packages were rebuilt.
  * Build-depend on python-dev, python-all-dev is too much.
  * python-moinmoin needs python-support for a few private modules.

 -- Josselin Mouette <joss@debian.org>  Sat, 30 Sep 2006 11:28:58 +0200

moin (1.5.3-1) unstable; urgency=medium

  * New upstream release. Closes: bug#363354 (thanks to Bob Tanner
    <tanner@real-time.com>).
  * Drop all patches: they are all included upstream now.
  * Raise to urgency=medium due to XSS fix.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 19 Apr 2006 13:40:13 +0200

moin (1.5.2-7) never-really-released; urgency=low

  * Add patches to match upstream changeset 473.
  * Mention source of upstream patches in debian/copyright.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 13 Mar 2006 11:59:40 +0100

moin (1.5.2-6) unstable; urgency=medium

  * Add patches to match upstream changeset 457.
    + Fixes mild security issue when SuperUser is wrongly configured.
  * Raise to urgency=medium due to the above mild security issue.
  * Improve wording of renaming in preinst, and emit only a single long
    line on error.
  * Update TODO with a bunch of entries.
  * Add README.packaging to source, with hints about, well, packaging.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 23 Feb 2006 00:02:28 +0100

moin (1.5.2-5) unstable; urgency=low

  * Fix parsing options within preinst.
  * While at it, improve preinst to include a package version next to
    each md5sum.
  * Fix a few typos (missing "echo" and line continuation) in preinst
    and postinst, and change their indentation.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 18 Feb 2006 14:16:58 +0100

moin (1.5.2-4) unstable; urgency=low

  * Whoops: Fix line-continuation in preinst.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 17 Feb 2006 20:21:55 +0100

moin (1.5.2-3) unstable; urgency=low

  * Add patches to match upstream changeset 450.
  * Add md5sum of 1.4.99+1.5.0rc1 configfile to preinst rename routine.
  * ReST parser is again included by default:
    + Suggest recent python2.3-docutils.
    + Drop TODO item about packaging rst separately.
  * Semi-auto-update debian/control.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 17 Feb 2006 02:02:11 +0100

moin (1.5.2-2) unstable; urgency=low

  * Add patches to match upstream cset 446.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 16 Feb 2006 17:38:25 +0100

moin (1.5.2-1) unstable; urgency=low

  * Official packaging of new upstream release, incorporating the work
    documented in the below two changelog entries (thanks to Overfiend).
    + Fixes running as python handler in apache 1.x. Closes: bug#339543
      (thanks to Nick Phillips <nwp@debian.org>).
    + Favor quoted-printable for email notifications over base64. This
      closes: bug#343621 (thanks to "Brian T. Sniffen"
      <bts+debian@alum.mit.edu>).
  * Move cdbs auto-update enabling into local snippet.
  * Correct namespace of cdbs snippet buildinfo.mk
  * Correct namespace and improve cdbs snippet copyright-check.mk.
  * Use Homepage instead of Website in debian/control, per DDR 6.2.4.
  * Improve watch file: Use special sf-syntax, and simplify regex.
  * Semi-auto-update debian/control.
  * Add hint about python-moinmoin to moinmoin-common long description
    (thanks to Alexander Schremmer <alex@alexanderweb.de>).
  * Improve wording of README.Debian:
    + Recommend reading upstream INSTALL.html not only for other kinds
      of setup but also for more info on the one with example provided.
    + Mention in section about farmconfig that this is enabled in Debian
      by default.
    Both thanks to Alexander Schremmer <alex@alexanderweb.de>.
  * Relax conflict/replacement of moin, and tighten dependencies on
    moinmoin-common. This closes: bug#347450 (thanks to Raphael Bossek
    <bossekr@debian.org>).

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 11 Feb 2006 00:55:30 +0100

moin (1.5.2-0.branden.1) unstable; urgency=low

  * Local NMU to package latest upstream release, 1.5.2.

  * debian/configtweaks.sed: Normalize whitespace so upstream changes to it
    don't provoke changed-conffile prompts.
  * debian/rules: Clean up the logic for munging the upstream wikifarm config
    files a little.  Remove a useless use of cat.

  * Upstream has renamed the moinmaster.py wikifarm example script to
    mywiki.py; add logic to moinmoin-common's maintainer scripts to rename the
    conffile likewise on package upgrades.
    + debian/moinmoin-common.preinst: (new) Perform renaming, if applicable.
    + debian/moinmoin-common.postinst: Finalize renaming.
    + debian/moinmoin-common.prerm: (new) Roll back renaming if package
      upgrade or install is aborted, and if renaming took place in the preinst.

 -- Branden Robinson <branden@debian.org>  Wed,  8 Feb 2006 00:37:35 -0500

moin (1.5.1+1.5.2rc1-0.branden.1) unstable; urgency=low

  * Local NMU to package latest upstream release candidate, 1.5.2rc1.

  * debian/rules: UPDATE.html vanished upstream; stop trying to ship it.
  * debian/rules: Search for farmconfig files in config/wikifarm, since they
    have moved upstream.  Also remove the -and -not -name wikiconfig.py test
    from the corresponding find command, since the single-site wikiconfig.py
    is stored in the parent directory, where it won't be found.

 -- Branden Robinson <branden@debian.org>  Sat,  4 Feb 2006 15:31:24 -0500

moin (1.4.99+1.5.0rc1-1) unstable; urgency=low

  * New upstream prerelease. Closes: bug#339363 (thanks to Saku Ytti
    <saku@ytti.fi>).
  * Add note to NEWS about non-english underlay pages now distributed as
    packages attached to SystemPagesSetup. Add TODO item about packaging
    non-english underlay pages as Debian packages instead (or as well?).

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 21 Dec 2005 12:52:05 +0100

moin (1.4.99+1.5.0beta6-1) experimental; urgency=low

  * New upstream prerelease.
  * Drop quoting more than just copyright and licensing of GPL texts in
    debian/copyright, to avoid lintian complaining about wrong address.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 16 Dec 2005 23:57:38 +0100

moin (1.4.99+1.5.0beta5-1) experimental; urgency=low

  * New upstream prerelease.
    + Fixes mod_python adaptor failing to handle Location correctly.
      Closes: bug#339543 (thanks to Nick Phillips <nwp@debian.org>).
    + Licensing issues fixed for cplusplus and java parser modules.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 13 Dec 2005 01:54:19 +0100

moin (1.4.99+1.5.0beta4-1) experimental; urgency=low

  * Improve wording of use of non-default Python versions in
    README.Debian (thanks to Michael Schmitt <TCW@unixkiste.org>).
  * Refer to specific further reading beyond the simple exaple setup
    in README.Debian.
  * Drop python2.2-moinmoin - it might still work but too little tested
    for upstream to support it.
  * Drop support for woody backports.
  * Include new doc files docs/CHANGES.config and docs/HACKS.
  * Improve debian/copyright:
    + Added ReStructured Text Parser: GPL.
    + Added FCKeditor: LGPL.
    + Added daemon.py: BSD-like.
    + Added thfcgi.py: GPL.
    + Added NetRube_Upload: Free use.
    + Added wz_jsgraphics: GPL.
    + Added IE7: LGPL.
    + Added phpwiki2moinmoin: GPL.
  * Strip Mega Upload and other unused parts of FCKeditor from source,
    as suggested by upstream of FCKeditor.
  * Strip cplusplus and java parser modules from source, as licensing
    info is simply "all rights reserved".
  * Add new cdbs snippet to check at build time for changed copyright
    notices.
  * Strip irrelevant parts of FCKeditor, and move documentation parts
    below below /usr/share/doc/.../FCKeditor/ .
  * Add note to NEWS about loads of config changes requiring manual
    adjustments after examining upstream changelog.
  * Add notes to TODO about things I should do before final release but
    haven't found time to do yet...
  * Drop a TODO note about fixing a cache bug: Can't even reproduce it
    myself anymore, so probably fixed upstream already without my
    reporting it :-P .

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 24 Nov 2005 21:02:12 +0100

moin (1.4.99+1.5.0beta3-1) experimental; urgency=low

  * New upstream prerelease. Closes: bug#339363 (thanks to Nick Phillips
    <nwp@debian.org>).
  * Drop all patches: They are all included upstream now.
  * Update danish l12n.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 15 Nov 2005 00:05:29 +0100

moin (1.3.5-1) unstable; urgency=low

  * New upstream release. Closes: bug#331222 (thanks to Steffen Joeris
    <steffen.joeris@skolelinux.de>).
  * Drop patches now included upstream:
    - 001_patch-867
    - 002_patch-868
    - 003_patch-869
  * Add upstream post-release patches, and manually add patch version:
    + 001_patches-883-935.patch
    + 202_make_patchlevel-visible.patch
  * Add note to debian/TODO about ant command to compile TWikiDrawPlugin
    using gcj (still not included as build.xml is broken: requires
    internet access in the build environment :-P ).
  * Bump up standards-version to 3.6.2.
  * Improve notes on simple sample setup in README.Debian:
    + Store data below outside webroot to avoid leaking private info.
      Closes: bug#308764 (thanks to Olivier Sessink
      <lists@olivier.pk.wau.nl>).
    + Setup underlay.
    + Mention (briefly) non-Apache setups.
    + Comment out variables in farmconfig defined locally in each wiki.
      Closes: bug#326172 (thanks to Branden Robinson
      <branden@debian.org>).

 -- Jonas Smedegaard <dr@jones.dk>  Fri,  4 Nov 2005 16:21:57 +0100

moin (1.3.4.really.1.3.5rc1-1) unstable; urgency=low

  * New upstream prerelease.
  * Use pristine source again (I believe it is ok to distribute the java
    binary with source when its source is included too - a fresh compile
    for inclusion in a binary package is still on the TODO).
  * Add small note pointing an unofficial home of TwikiDrawPlugin at
    http://debian.jones.dk/auryn/pool-all/official/moin/twikidraw/
  * Drop prepatch now included upstream:
    - 11_failsafe_i18_clean
  * Drop patches included upstream:
    - 22_danish_locale_update
    - 25_allow_singlequote_in_acounts
    - 27_xslt_fix
  * Add upstream post-rc patches and drop older patches they supercede:
    + 001_patch-867
    + 002_patch-868
    + 003_patch-869
    - 22_german_locale_update
    - 24_twikidraw_strip_cr
    - 26_fallback_to_iso8859-1_dicts
  * Renumber remaining patch, and add README about numbering scheme:
    - 02_dict_is_local
    + 201_dict_is_local
  * Adjust path in source to changelog and docs.
  * Added copyright and licensing info of pikipiki, twikidraw and lupy
    to debian/copyright.
  * UTF-encode debian/copyright.
  * Bump up watch file to version 3.
  * Move examples to subdir debian/examples.
  * Add a couple of example scripts for maintaining underlay dirs.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 31 Jul 2005 13:26:40 +0200

moin (1.3.4-6) unstable; urgency=low

  * Patch user.py to allow account names containing single-quotes.
    Closes: bug#317514 (thanks to Marco d'Itri <md@linux.it>).
  * Small update to german (de) locale. Closes: bug#313952 (thanks to
    Jens Seidel <jensseidel@users.sf.net>).
  * Update local python cdbs snippet (and manually strip spurious build-
    dependency build-essential due to bug#316034).
  * Only do cdbs debian/rules auto-update when DEB_BUILD_OPTIONS=update.
  * Patch action/SpellCheck.py to fallback to iso8859-1 encoded dicts.
  * Tweak paths in all patches to apply in first attempt by cdbs.
  * Fix XSLT brokennes (using info found here:
    http://moinmoin.wikiwikiweb.de/MoinMoinBugs/XsltParserOnDebian ).
    Actually - it is still broken to me, but at least the error is now a
    different one (and may only relate to the XsltVersion test page)...
  * Strip comments in underlay about only editing on masterwiki
    (especially for templates they are confusing).

 -- Jonas Smedegaard <dr@jones.dk>  Sat,  9 Jul 2005 14:19:53 +0200

moin (1.3.4-5) unstable; urgency=medium

  * Run dh-python a bit earlier (bug#172283 resurfacing) to get python
    code optimized at install time. (this breaks woody backport support
    but that was already broken anyway).
  * Include unversioned python-gdchart suggestion only for
    python2.3-moinmoin package.
  * Set urgency=medium as the changes are small but the gain is high.

 -- Jonas Smedegaard <dr@jones.dk>  Fri,  6 May 2005 22:42:40 +0200

moin (1.3.4-4) unstable; urgency=low

  * Use prdownloads.sourceforge.net for upstream source in copyright.
  * Make suggestions Python-versioned.
  * Add hint to README.Debian on easing migration with mc.
  * Add pointers to additional cleanup code on moinmoin..de wiki.
  * Install README.Debian with all packages. Closes: bug#304540.
  * Include example configs for apache 1.3 and 2.0. Closes: bug#284424.
  * .

 -- Jonas Smedegaard <dr@jones.dk>  Thu,  5 May 2005 00:25:14 +0200

moin (1.3.4-3) unstable; urgency=high

  * Drop transitional binary package "moin", as it is only relevant for
    users of testing and unstable, and there it causes unpleasant
    surprises more(?) than it helps. Closes: bug#304054, #303957 (thanks
    to Toni Mueller <support@oeko.net> and others).
  * Improve migration section of README.Debian and refer NEWS item to
    that instead of directly to README.migration. Closes: bug#204146
    (thanks to Markku Tavasti <tavasti@tavastisolutions.com> and Aaron
    Bentley <aaron.bentley@utoronto.ca>).
  * Remove TODO item related to the above.
  * Force using/aoviding specific python version also for scripts
    installed as part of the library.
  * Set urgency=high as these changes (together with removing the old
    "moin" package from the archive) "fixes" breakage of existing
    unstable and testing moin installs.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 11 Apr 2005 13:55:57 +0200

moin (1.3.4-2) unstable; urgency=low

  * Official release.
  * README.Debian updated and improved. Closes: bug#201580 (thanks to
    Hanspeter Kunz <hkunz@ailab.ch> and others).
  * LocalSpellingWords is now utf-8 encoded. Closes: bug#302602 thanks
    to Martin F. Krafft <madduck@debian.org> and others for reporting
    this).
  * INSTALL.html is included now. Closes: bug#302339 (thanks to Paul
    <elegant_dice@yahoo.com>).

 -- Jonas Smedegaard <dr@jones.dk>  Fri,  8 Apr 2005 04:44:24 +0200

moin (1.3.4-1.0.jones.3) unstable; urgency=low

  * Have cdbs snippet get python version from 'python -V' like dh_python
    does it.
  * Simply have a rule for each of woody, sarge and ubuntu, untied to
    the standard build to force switch distro and then stay with it.
  * Hardcode dependencies for library packages (dh_python is broken:
    adds dependency always on default python).
  * Make scripts executable.

 -- Jonas Smedegaard <dr@jones.dk>  Fri,  8 Apr 2005 03:08:30 +0200

moin (1.3.4-1.0.jones.2) unstable; urgency=low

  * Handle ubuntu and woody builds as DEB_BUILD_OPTIONS.
  * Make source of ubuntu build be moin1.3 (they have old moin released
    already and want both distributed concurrently).
  * Correct hashbang-line in example files of library packages.
  * Improve python cdbs snippet, and setup variables in separate one.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 31 Mar 2005 00:20:22 +0200

moin (1.3.4-1.0.jones.1) unstable; urgency=low

  * Split into several binary packages: moinmoin-common with data and
    and python2.x-moinmoin with libraries built for each version of
    Python.
  * Suggest 4suite non-python-versioned.
  * Fix encoding of handcrafted LocalSpellingWords wikipage.
  * Update and improve README.Debian. Closes: bug#201580 (thanks to
    Hanspeter Kunz <hkunz@ailab.ch> and others).
  * Include INSTALL.html.
  * Conflict with old moin.

  * Prerelease...!

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 30 Mar 2005 04:56:07 +0200

moin (1.3.4-1) unstable; urgency=low

  * New upstream release. Closes: bug#287006, #291527 (thanks for the
    patience, everyone).
    + XMLRPC fixed. Closes: bug#285555, #285672 (thanks to Kai Weber
      <kai.weber@glorybox.de> and Christian Grigis <glove@grigri.org>).
  * Extend dependency on http daemons to include libapache2-mod-python.
  * Drop some patches (for arguments on remaining patches see
    http://moinmoin.wikiwikiweb.de/DebianPatches ):
    + Adopted upstream:
      - 06_interwiki_update.diff
      - 07_avoid_hardcoded_pythonversion.patch
      - 21_danish_locale_fixup.diff
      - 22_danish_locale_update.diff
    + Possibly too tight for some (preserved in source tarball):
      - 01avoid_world_write_access.diff
    + Implemented differently upstream:
      - 03_enable_farm_config.diff
    + Obsolete:
      - 05ftversion_is_revision.diff
  * Add patch 22_danish_locale_update.diff.
  * Rebuild MoinMoin/i18n/ after patching to make sure all is in sync.
  * Suggest 4suite non-python-versioned.
  * Drop obsolete example config.
  * Disable (but keep) bad-permission-check rule (world-write patch
    dropped - see above).
  * Use local cdbs snippet to invoke dh_buildinfo.
  * Rename NEWS.Debian to NEWS to get properly installed.
  * Patch MoinMoin/i18n to not fail if cleaned files doesn't exist (and
    include the patch in source below debian/prepatches).
  * Fix cdbs hint to not compress example Python scripts.
  * Use CHANGES (not the more verbose Changelog) as upstream changelog.
  * Add patch 24_twikidraw_strip_cr.diff. Closes: bug#297960 (thanks to
    Pedro Zorzenon Neto <pzn@terra.com.br>).
  * Include pristine config files as example files.
  * Update and correct README.Debian.
  * Use cdbs debian/control auto-update (and enhance local cdbs snippets
    to use it).

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 22 Mar 2005 03:05:47 +0100

moin (1.2.4-1) unstable; urgency=high

  * New upstream release.
    Fixes:
    + fixed "None" pagename bug in fullsearch/titlesearch.
    + fixed projection CSS usage.
    + the compiled page is removed when a page is deleted, so no ghost
      page appears after deletion.
    + fixed AbandonedPages day-break problem.
    + fixed [[GetVal(WikiDict,key)]].
    + the msg box is now outside content div on PageEditor, too.
    + privacy fix for email notifications: you don't see other email
      addresses in To: any more. mail_from is now also used for To:
      header field, but we don't really send email to that address.
    + privacy fix for /MoinEditorBackup pages that were made on previews
      of pages that were not saved in the end.
    + fix double content div on PageEditor preview.
    Other changes:
    + workaround for broken Microsoft Internet Explorer, the page editor
      now stops expanding to the right (e.g. with rightsidebar theme).
      Nevertheless it is a very good idea to use a non-broken and more
      secure browser like Mozilla, Firefox or Opera!
    + from MoinMoin.util.antispam import SecurityPolicy in your
      moin_config.py will protect your wiki from at least the known
      spammers. See MoinMoin:AntiSpamGlobalSolution for details.
    + xmlrpc plugin for usage logging, currently used for antispam
      accesses.
    + (re-)added some configurable meta tags.
    + i18n updates/fixes, new: nb.
    + New UserPreferences switch:
      you may subscribe to trivial changes (when you want to be notified
      about ALL changes to pages, even if the author deselected to send
      notifications). This closes: bug#269456 (thanks to Laurent Fousse
      <laurent@komite.net> for the - slightly different - patch).
    + New AttachList and AttachInfo macros - thanks to Nigel
      Metheringham and Jacob Cohen.
  * Update TODO (one wish solved in the new upstream release).
  * Update danish locale.
  * Add (commented out) new antispam setting to farm_config.py.
  * Patch to avoid hardcoded python version (thanks to my own clever
    build targets :-) ).
  * Set urgency=high to hopefully get this bugfix release into sarge.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 29 Oct 2004 13:35:35 +0200

moin (1.2.3-1) unstable; urgency=high

  * New upstream release. Closes: Bug#265376, #263564 (thanks to Douglas F.
    Calvert <dfc@anize.org> and Kai Weber <kai.weber@glorybox.de>):
    + fixed NameError "UnpicklingError" in user.py
    + Security-related bugfix: reverts done by bots or leechers...
      There was a bad, old bug that triggered if you did not use ACLs. In that
      case, moin used some simple (but wrong and incomplete) function to
      determine what a user (or bot) may do or may not do. The function is now
      fixed to allow only read and write to anon users, and only delete and
      revert to known users additionally - and disallow everything else.
    + avoid creation of unneccessary pages/* directories
    + removed double content divs in general info and history info pages
    + fixed wiki xmlrpc getPageHTML
    + fixed rightsidebar logout URL, also fixed top banner to link to FrontPage
    + use config.page_front_page and .page_title_index for robots meta tag
      (whether it uses index,follow or index,nofollow), not hardcoded english
      page names
    + ACL security fix for PageEditor, thanks to Dr. Pleger for reporting
    + default options for new users are same as for anon users
    + do not show excluded actions at bottom of page
    + i18n updated: ja, de, zh
    + editor: removed the columns size setting, just using 100% of browser
      window width (it didn't work because of that anyway). Also removed that
      "reduce editor size" link at top of editor as you would lose your
      changes when using it.
  * Remember to strip twikidraw.jar from source tarball.
  * Set urgency=high due to the above security-related bugfixes, and due
    to twikidraw.jar erronously provided with the earlier release.
  * Drop patch included upstream: 11_UnpicklingError.diff.
  * Drop cleaning debian/dh-buildinfo (never created - must've been from
    a manual test run).
  * Added danish localisation for newly added reject string.
  * Added note in README.Debian about the need for CGI support. Closes:
    Bug#260861 (thanks to  <nachtigall@web.de>, although not using the
    provided diff).
  * Udate watch file:
    + Use generic sourceforge "prdownload" host, which seems to be the
      only option currently - although working only for checking, not
      for automated downloads.
    + Add comment about usage of the file.
    + Add comment about brokenness of sourceforge URL.
    + Make URL as generic as possible.
  * Update TODO (add note on *.py optimizing below /usr/share/moin).

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 20 Aug 2004 17:17:42 +0200

moin (1.2.2-1) unstable; urgency=low

  * New upstream release. Closes: Bug#254756 (thanks to Ben
    <synrg@nslug.ns.ca>):
    + Improved diff generation (python 2.3 difflib used and local copy
      dropped).
    + Scripts changed to use #!/usr/bin/env python.
    + Users now _must_ specify a password when creating a new account.
    + User accounts matching config.page_group_regex are now illegal.
      Note: existing accounts must be manually checked (read upstream
      changelog for more info).
    + subscription email sending now honours ACLs correctly.
    + Several markup / rendering / user interface fixes/improvements.
    + RSS fixes: non-ASCII characters; UTC timestamps; RecentChanges ok.
    + Better email generation: Message-ID header; standards compliant
      subject; use config.mail_from with "lost my password" emails.
    + Improved file attachments handling.
    + Themes improvements, and new theme "rightsidebar" added.
    + Crashing bugs fixed: diffs for deleted pages; xml footnotes;
      SystemInfo with empty editlog.
    + Improved robots hints.
    + Translation updates / fixes, and russian i18n added.
    + TitleIndex now sorts case-insensitively.
    + New macro: PageHits.py.
  * Include patch for UnpicklingError bug (thanks again to Ben
    <synrg@nslug.ns.ca>).
  * Drop hashbang patches: fixed upstream now.
  * Improve woody backport-ability:
    + Set DEB_PYTHON_COMPILE_VERSION immediately (use := instead of =).
    + Add newline when changing hashbang (bug in perl 5.6?).
    + Include difflib from python 2.2.3.
  * Update InterWiki.txt.
  * Small but important fix to danish localisation:
    s/BrugerIndstillinger/BrugerProfil/g .
  * Standards-version 3.6.1 (no changes needed).

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 17 Jun 2004 07:27:16 +0200

moin (1.2.1-1) unstable; urgency=low

  * New upstream release.
    + wiki/data/plugin/__init__.py added (closes: Bug#235225)
    + plugin processors work now, too
    + fixed displaying non-existant translations of SiteNavigation in
      footer
    + fixed zh-tw iso name (wrong zh_tw -> correct zh-tw)
    + fixed reversed diffs in RecentChanges RSS
    + fixed "last change" info in footer (wasn't updated)
    + fixed event.log missing pagename (and other) information
    + fixed horizontal line thickness >1
    + fixed setup.py running from CVS workdir
    + fixed crash when doing action=info on first revision of a page
    + fixed hostname truncation in footer
    + minor css fixes
    + fixed clear msg links (they missed quoting, leading to strange page
      names when you click on some of them)
    + fixed python colorizer processor
    + fixed quoting of stats cache filenames
    + catched "bad marshal data" error when switching python versions
    + updated danish, japanese, serbian and chinese i18n, and
      maintainance scripts now included with source (closes: Bug#220913)
    + new "viewonly" theme
    + New scripts for xmlrpc-tools and account checking added
  * Include as separate file the patch to enable farm_config by default.
  * Remove debian/buildinfo in clean target.
  * Make CGI script executable.
  * Improved python version handling in debian/rules:
    + Current python version hardcoded only once (to ease upgrading to
      next major release)
    + Patch hashbang of all scripts to use unversioned python (closes:
      bug#236254)
    + Check in clean target that no new versioned python scripts slips
      through
    + Support explicit using python2.2 (needed for backport to woody)
      simply by setting "DEB_BUILD_OPTIONS=python22" at build time.
    + Tighten build-dependency on cdbs to support the above
  * Add note to debian/copyright about java applet stripped from source.
  * Unfuzz patches, and update 11_danish_l10n_updates (all earlier
    changes adopted upstream, minor new corrections added).
  * Replace patch 06_wikipedia_url_update with a larger and more general
    06_interwiki_update (matching update done upstream on MoinMaster).
  * Minor tweaks to farm_config.py.
  * Update example config with more ACL stuff and update l12n.
  * Move some files from cgi-bin dir out as example scripts.
  * Add some items to TODO.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 21 Mar 2004 14:15:15 +0100

moin (1.2-1) unstable; urgency=low

  * New upstream release. Closes: Bug#229759.
    + Support for persistent environments twisted-web, standalone,
      mod_python and FastCGI (none of them tested with Debian) in
      addition to plain CGI.
    + Caching of rendered pages.
    + Improved, internal diff handling.
    + Support for http basic auth.
    + Configurable timezone offset.
    + Configurable cookie lifetime.
    + Theme support.
    + Improved logfile access. Closes: Bug#224218.
    + Support for automatic page refreshing.
    + Improved UserPreferences layout (most options suppressed until
      user has logged in).
    + Support for dictionary definitions.
    + Improved UTF8 support (but still ISO-8859-1 by default).
    + Improved "wiki groups" handling.
    + Mostly HTML 4.01 Strict compliant HTML, and use of CSS for visual
      markup.
    + Updated (and further improved to handle imagemaps) TWikiDrawPlugin
      (not included with this Debian package).
    + Fixed email headers and encoding.
  * Updated debian/copyright:
    + Drop info included in debian/changelog
    + Update copyright and licensing info (only cosmetic changes, and
      years covered updated)
  * Add NEWS.Debian suggesting to read HelpOnUpdating for needed local
    updates.
  * Update patches.
    + Unfuzz.
    + Drop outdated 04german_locale_update.diff
    + New danish l18n update.
  * Remove obsolete (and temporarily disabled) simplified login patch.
  * Tighten access rights to 0750/0640 (giving world read access doesn't
    make sense with ACLs - as pointed out in upstream comment). Also, no
    longer "shout" at upstream default (no longer world write, only
    group write - which is still unnecessary in most situations).
  * Ignore PNG files in compile time access rights check.
  * Update farm_config.py and sample config.py to match upstream
    changes.
  * Enable farm_config by default.
  * Avoid installing as Debian native package.
  * Recommend mail-transport-agent.
  * Suggest httpd, libapache-mod-python, twisted or
    libapache-mod-fastcgi.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 27 Feb 2004 01:34:24 +0100

moin (1.1.cvs20031026-1) unstable; urgency=low

  * New CVS snapshot.
  * Shrink l10n patch to only include da.py file (translated text files
    are included upstream).
  * Change suggestion to python2.3-4suite (not in Debian yet, but
    hopefully one day...).
  * Disable patch 21_simplify_new_login.diff (it wad buggy, and upstream
    has changed userform design).
  * Add symlink from /usr/share/dict/words to
    /usr/share/moin/data/dict/words.
  * Add new /etc/moin/farm_config.py, and update example moin_config.py
    to use it.
  * Correct make target so dh_buildinfo is actually used (closes:
    Bug#211416).
  * The scripts in site-packages are not meant to be executed, so strip
    hashbang altogether (closes: Bug#206395). The actual scripts are
    provided at /usr/share/doc/moin/examples, because they need tweaking
    to include local config of each installed wiki (closes: Bug#210451).

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 27 Oct 2003 03:09:51 +0100

moin (1.1.cvs20030814-1) unstable; urgency=low

  * New CVS snapshot.
  * Update to python2.3 (closes: Bug#205143).
  * Add a couple of wishlist items to TODO.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 14 Aug 2003 02:39:27 +0200

moin (1.1.cvs20030802-3) unstable; urgency=low

  * Even more updates to danish l10n.

 -- Jonas Smedegaard <dr@jones.dk>  Sat,  9 Aug 2003 16:48:56 +0200

moin (1.1.cvs20030802-2) unstable; urgency=low

  * Update danish l10n.
  * Patch userform.py to simply login for first time users.
  * Update example config to use new security scheme, and include l10n
    of both template, category and form pages.
  * Add watch file.

 -- Jonas Smedegaard <dr@jones.dk>  Thu,  7 Aug 2003 13:07:18 +0200

moin (1.1.cvs20030802-1) unstable; urgency=low

  * New CVS snapshot.
    + Added Croatian
    + added ACL support, written by Gustavo Niemeyer of Conectiva and
      Thomas Waldmann. See HelpOnAccessControlLists for more infos.
  * Switch to cdbs.
  * Standards-version 3.6.0.
  * Re-include wikiext.py (still unfinished, but at least compiles
    without error now).
  * Use (and build-depend on) dh-buildinfo.

 -- Jonas Smedegaard <dr@jones.dk>  Sun,  3 Aug 2003 21:47:21 +0200

moin (1.1.cvs20030430-1) unstable; urgency=medium

  * New CVS snapshot.
    Security fixes:
    + [ 522246 ] Transparently recode localized messages
    + [ 685003 ] Using "preview" button when editing can lose data
    + use gmtime() for time handling
    + [[Include]] accepts relative page names
    New features:
    + if a fancy link starts with '^' (i.e. if it has the form
     "[^http:... ...]"), it's opened in a new window
    + moin-dump: New option "--page"
    + list items set apart by empty lines are now also set apart
      visually (by adding the CSS class "gap" to <li>)
    + selection to add categories to a page in the editor (use preview
      button to add more than one category)
    + `MailTo` macro for adding spam-safe email links to a page
    + added "revert" link to PageInfo view (which makes DeletePage more
      safe in public wikis, since you can easily revive deleted pages
      via revert)
    + `config.mail_login` can be set to "user pwd", if you need to
      use SMTP AUTH
    + replaced `config.page_template_ending` by a more flexible setting
      named `config.page_template_regex`
    + `config.edit_locking` can be set to None (old behaviour, no
      locking), 'warn <timeout mins>' (warn about concurrent edits, but
      do not enforce anything), or 'lock <timeout mins>' (strict locking)
    + if user has a homepage, a backup of save/preview text is saved as
      an attachment named `moin-editor-backup.txt`
    + `[[Navigation]]` macro for slides and subpage navigation
    + ../SubPageOfParent links
    + Selection for logged in users (i.e. no bots) to extend the listing
      of recent changes beyond the default limits
    + `config.shared_intermap` can be a list of filenames (instead of a
      single string)
    + [[ShowSmileys]] displays ALL smileys, including user-defined ones
    + Updated the XSLT parser to work with 4Suite 1.0a1
    + "save" check for security.Permissions
    + editor returns to including page when editing an included page
    + the Include macro has new parameters (from, to, sort, items) and
      is able to include more than one page (via a regex pattern)
    Unfinished or experimental features:
    + SystemAdmin macro
  * Remove Debian-specific danish pages (they where all adopted
    upstream).
  * Roll back danish translation a few days to avoid newest unwanted
    changes.
  * Urgency medium because of the security issues.
  * Update to latest version of CBS (Colin's Build System).
  * Declare compliance with Debian Policy 3.5.9 (no changes needed).
  * Update license info (added the year 2003) and add license of
    PikiPiki.
  * Update example config to include switching to MoinMoinMannen (thanks
    to Jonas Furberg <jonasfurberg@hotmail.com>) on authorized access.
  * Update patches.
    + Fix yet another bad permission setting.
    + Remove danish translation updates included upstream now.
    + Drop restructuring of configuration page (too lazy to maintain
      them).

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 30 Apr 2003 22:04:29 +0200

moin (1.1.cvs20021222-1) unstable; urgency=low

  * New CVS snapshot.
    + Make sure (again!) that twikidraw.jar is stripped from source.
    Bugfixes also in 1.0 branch:
    + correct handling of spaces in attachment filenames and URLs
    Bugfixes:
    + Create unique anchors for repeated titles
    New features:
    + "#pragma section-numbers 2" only displays section numbers for
      headings of level 2 and up (similarly for 3 to 6)
    + reciprocal footnote linking (definition refers back to reference)
    + "Ex-/Include system pages" link for title index
    + `config.smileys` for user-defined smileys
    + new fancy diffs
    + `config.hosts_deny` to forbid access based on IP address
    Content updates:
    + New language: it
    + New language: sv (conflicting with da, grrr!)
    + CSS improved
    + Locale hint added on all pages
    + Misc corrections and improvements
    + Section "Arbitrary Page Names" moved from HelpForBeginners to
      HelpOnLinking
    + HelpOnConfiguration: Updated
    + HelpOnInstalling_2fBasicInstallation: Add link to download site
    + HelpOnMacros: Updated
    + HelpOnSmileys: Line up example smileys in two rows
    + SystemInfo: SystemAdmin macro removed
    + RecentChanges: RandomQuote added
    + WikiSandBox: Sample image and drawing added
  * Remove CHANGELOG.old from CVS snapshot (my mess - not from
    upstream).
  * Switch to using Colin's Build System
    + Invoke dh_python before dh_installdep (see BUG#172283)
    + Get rid of bash dependency
    + Isolate and update source patches.
  * Scan at build time for evil chmod 777 and fail if found (found yet
    another one in filesys.py).
  * Remove byte-compiled configfile in postinst.
  * Move (instead of patch and duplicate) german LocalSpellingWords.
  * Enable all options in example config, and put all examples in same
    folder.
  * Add locale hint to danish pages.
  * Update danish translated pages (only Hj_e6lpForBegyndere affected).
  * Run a 'make test' at build time.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 22 Dec 2002 22:32:26 +0100

moin (1.1.cvs20021129-1) unstable; urgency=low

  * New CVS snapshot.
    + config.title1, config.title2, config.page_footer1,
      config.page_footer2 can now be callables and will be called with
      the "request" object as a single argument (note that you should
      accept any keyword arguments in order to be compatible to future
      changes)
    + "config.html_pagetitle" allows you to set a specific HTML page
      title (if not set, it defaults to "config.sitename")
    + if a quick link starts with '^', it opens in a new window; help
      now opens in a new window also
    + last edit action is stored into "last-edited" file, and
      displayed in the page footer
    + Bugfix for wrong mail notifications
  * Use new dh_python to calculate dependencies and handle compilation
    at install-time, and depend on debhelper at least version 4.1.25
    that introduced the script.
  * Change to use debhelper V4 now that it is needed anyway.
  * Update TODO: Remove gdchart suggestion is done.
  * Look for revision instead of version in optional 4suite module
    (since current 4suite does that). This closes: Bug#171304 thanks to
    Michael Schuerig <schuerig@acm.org>.

 -- Jonas Smedegaard <dr@jones.dk>  Sun,  1 Dec 2002 04:04:29 +0100

moin (1.1.cvs20021008-1) unstable; urgency=low

  * New CVS snapshot.
    + handle corrupt cookies gracefully.
    + Remove obsolete SecurityPolicy code from moin_config.py.
  * Correct path to local dict directory (thanks to Dave Carrigan
    <dave@rudedog.org> for not giving up). This closes (for real)
    Bug#163441.

 -- Jonas Smedegaard <dr@jones.dk>  Tue,  8 Oct 2002 06:12:19 +0200

moin (1.1.cvs20020909-4) unstable; urgency=low

  * Remove badly coded and unused file wikiext.py (closes: bug#162246).

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 25 Sep 2002 12:47:04 +0200

moin (1.1.cvs20020909-3) unstable; urgency=low

  * Add postinst and prerm scripts found in python-optik.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 24 Sep 2002 00:46:48 +0200

moin (1.1.cvs20020909-2) unstable; urgency=low

  * Suggest python-gdchart, and enable gdchart test.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 23 Sep 2002 06:08:18 +0200

moin (1.1.cvs20020909-1) unstable; urgency=low

  * New CVS snapshot.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 12 Sep 2002 20:18:17 +0200

moin (1.1.cvs20020805-2) unstable; urgency=low

  * Update danish config script to reflect new policy setup.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 29 Aug 2002 03:42:20 +0200

moin (1.1.cvs20020805-1) unstable; urgency=low

  * New CVS snapshot.
  * Build against python 2.2. Update (build-)dependencies respectively.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 29 Aug 2002 03:06:58 +0200

moin (1.1.cvs20020715-2) unstable; urgency=low

  * Danish locale updates.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 17 Jul 2002 02:13:51 +0200

moin (1.1.cvs20020715-1) unstable; urgency=low

  * New CVS Snapshot (nothing changed, actually, but needed a new source
    for the next item...).
  * Remove TwikiDrawApplet.jar from source. Will probably package it
    seperately, but needs to go in non-free, because use of AWT makes it
    require jre2.
  * A few corrections to danish locale.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 16 Jul 2002 06:26:34 +0200

moin (1.1.cvs20020711-4) unstable; urgency=low

  * Update WikiPedia InterWiki URL.
  * Updates to danish locale, and a few additions to german locale.
  * Added some danish help pages.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 16 Jul 2002 05:28:19 +0200

moin (1.1.cvs20020711-3) unstable; urgency=low

  * Add some danish translated pages (and pass them upstream as well).
  * Empty LocalSpellingWords (it was all german), except for a few
    universal entries. Add the original file as example.
  * Add my own danish localized config as example.
  * Change default dir and file umask to 0755 and 0644. World writable
    stuff is BAD!
  * Suggest python2.1-4suite for xslt support (which is disabled by
    default).
  * Minor updates to danish locale.
  * Use Makefile, and add a 'make test' (disabled for now...).
  * Move intro text below the form in UserPreferences, to help type-
    without-reading kind of new users.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 14 Jul 2002 19:33:33 +0200

moin (1.1.cvs20020711-2) unstable; urgency=low

  * Remove wordlist link. Debian policy (and LFS?) says it to be a
    relative link which (obviously) fails when moved somewhere else.
  * Rewrite README.Debian and lower wordlist from Recommends to
    Suggests, to reflect the above.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 12 Jul 2002 19:22:02 +0200

moin (1.1.cvs20020711-1) unstable; urgency=high

  * New upstream CVS snapshot.
  * Urgency high: Acouple of XSS vulnerabilities fixed today.
  * My danish translation is adopted upstream now, Thanks :-)
  * Remove MoinMoin/i18n/__init__.py.orig i left there when translating.
  * Add dict folder with a link to site-wide words, and make a comment
    about it in README.Debian.
  * Recommend wordlist to support the above.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 11 Jul 2002 21:59:15 +0200

moin (1.1.cvs20020623-6) unstable; urgency=low

  * Minor updates to danish locale.
  * Add to danish locale a hint about logging in when denied access - as
    suggested in documentaion at HelpOnConfiguration/SecurityPolicy
    (wanted to do english as well, but that is not a locale :-( !!!).

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 29 Jun 2002 02:28:42 +0200

moin (1.1.cvs20020623-5) unstable; urgency=low

  * Explicitly note upstream author (apart from being mentioned in
    License).
  * Update danish l10n.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 25 Jun 2002 18:56:46 +0200

moin (1.1.cvs20020623-4) unstable; urgency=low

  * Correct fatal quoting errors in danish locale.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 25 Jun 2002 05:21:21 +0200

moin (1.1.cvs20020623-3) unstable; urgency=low

  * Add danish translation.
  * Mention MoinMoin in short description (thanks to Luca De Vitis).

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 25 Jun 2002 04:46:31 +0200

moin (1.1.cvs20020623-2) unstable; urgency=low

  * Move scripts from /usr/bin to examples (not really sure if they are
    useful out-of-the-box on Debian).
  * The package is real (Closes: #150761).

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 23 Jun 2002 16:23:56 +0200

moin (1.1.cvs20020623-1) unstable; urgency=low

  * First unofficial release.
  * Uncomment gdchart import attempt from moin_config.py for a small
    speed gain.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 23 Jun 2002 14:44:21 +0200