Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package viewvc.15498 for openSUSE:Leap:15.1:Update checked in at 2021-01-16 12:24:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/viewvc.15498 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.viewvc.15498.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "viewvc.15498" Sat Jan 16 12:24:49 2021 rev:1 rq:862428 version:1.1.28 Changes: -------- New Changes file: --- /dev/null 2021-01-11 18:20:20.070723563 +0100 +++ /work/SRC/openSUSE:Leap:15.1:Update/.viewvc.15498.new.28504/viewvc.changes 2021-01-16 12:24:50.336823173 +0100 @@ -0,0 +1,1764 @@ +------------------------------------------------------------------- +Mon Mar 30 16:27:11 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 1.1.28 (bsc#1167974, CVE-2020-5283): + * security fix: escape subdir lastmod file name (#211) + * fix standalone.py first request failure (#195) + * suppress stack traces (with option to show) (#140) + * distinguish text/binary/image files by icons (#166, #175) + * colorize alternating file content lines (#167) + * link to the instance root from the ViewVC logo (#168) + * display directory and root counts, too (#169) + * fix double fault error in standalone.py (#157) + * support timezone offsets with minutes piece (#176) + +------------------------------------------------------------------- +Mon Feb 13 09:09:31 UTC 2017 - [email protected] + +- vievwc 1.1.26, including one security fix: + * CVE-2017-5938 escape nav_data name to avoid XSS attack + (boo#1024393) + +------------------------------------------------------------------- +Sun Dec 18 14:38:28 UTC 2016 - [email protected] + +- vievwc 1.1.25: + * fix _rev2optrev assertion on long input +- license is BSD-2-Clause, package LICENSE text + +------------------------------------------------------------------- +Fri May 20 20:32:45 UTC 2016 - [email protected] + +- Update viewvc.conf for Apache 2.4 syntax. + +------------------------------------------------------------------- +Wed Mar 23 13:18:53 UTC 2016 - [email protected] + +- viewvc 1.1.24: + * fix minor bug in human_readable boolean calculation + * allow hr_funout option to apply to unidiff diffs, too + * fix infinite loop in rcsparse + * fix iso8601 timezone offset handling + * add support for renamed roots + * fix minor buglet in viewvc-install error message + +------------------------------------------------------------------- +Wed Apr 8 03:36:20 UTC 2015 - [email protected] + +- Update to version 1.1.23 + * fix annotate bug triggered by files with trailing blank lines + (issue #533) + * fix markup display of files with trailing blank lines (issue #533) + * add support for root-relative svnauthz access files (issue #535) + * fix cvsdb MySQL-python argument conversion error (issue #539) + * fix double-escaping of revision links (issue #541) + * fix bug that prevented mod_python 3.4+ deployment (issue #540) +- Drop redundant dependencies + * pkgconfig(python) + * pkgconfig(python-2.7) + * pkgconfig(python2) + +------------------------------------------------------------------- +Sat Mar 8 19:25:56 UTC 2014 - [email protected] + +- update to 1.1.22: + * minor directory sorting logic fix (re: show_subdir_lastmod) + * fix display of show_subdir_lastmod details + * pay attention to chardet's detection confidence + * linkify line numbers in markup/annotate view +- some spec file cleaning + +------------------------------------------------------------------- +Mon Sep 16 09:50:44 UTC 2013 - [email protected] + +- update to 1.1.21: + * restore compatibility with Python 2.6.x + +------------------------------------------------------------------- +Thu Apr 25 11:51:43 UTC 2013 - [email protected] + +- update to 1.1.20: + * fix tab-to-space handling regression in markup view + * fix regression in root lookup handling (issue #526) + +------------------------------------------------------------------- +Tue Apr 23 09:51:32 UTC 2013 - [email protected] + +- update to 1.1.19: + * improve root lookup performance (issue #523) + * new 'max_filesize_kbytes' config option and handling (issue #524) + * tarball generation improvements: + - preserve Subversion symlinks in generated tarballs (issue #487) + - reduce memory usage of tarball generation logic + - fix double compression of generated tarballs (issue #525) + * file content handling improvements: + - expanded support for encoding detection and transcoding (issue #11) + - fix tab-to-space conversion bugs in markup, annotate, and diff views + - fix handling of trailing whitespace in diff view + * add support for timestamp display in ISO8601 format (issue #46) + * fix exception raised by BDB-backed SVN repositories (issue #519) + * hide revision-less files when rcsparse is in use + * include branchpoints in branch views using rcsparse (issue #347) + * miscellaneous cvsdb improvements: + - add --port option to make-database (issue #521) + - explicitly name columns in queries (issue #522) + - update MySQL syntax to avoid discontinued "TYPE=" terms + +------------------------------------------------------------------- +Fri Oct 26 09:25:45 UTC 2012 - [email protected] + +- update to 1.1.17 (bnc#787072): + * fix exception caused by uninitialized variable usage (issue #516) + * security fix: escape "extra" diff info to avoid XSS attack (issue #515) + * add 'binary_mime_types' configuration option and handling (issue #510) + * fix 'select for diffs' persistence across log pages (issue #512) + * remove lock status and filesize check on directories in remote SVN views + * fix bogus 'Annotation of' page title for non-annotated view (issue #514) + +------------------------------------------------------------------- +Mon Jun 25 11:46:02 UTC 2012 - [email protected] + +- update to 1.1.15 (bnc#768680): + * security fix: complete authz support for remote SVN views (CVE-2012-3356) + * security fix: log msg leak in SVN revision view with unreadable copy source (CVE-2012-3357) + * fix several instances of incorrect information in remote SVN views + * increase performance of some revision metadata lookups in remote SVN views + * fix RSS feed regression introduced in 1.1.14 + * fix annotation of svn files with non-URI-safe paths + * handle file:/// Subversion rootpaths as local roots + * fix bug caused by trying to case-normalize anon usernames + * speed up log handling by reusing tokenization results + * add support for custom review log markup rules + * fix svndbadmin failure on deleted paths under Subversion 1.7 + * fix annotation of files in svn roots with non-URI-safe paths + * fix stray annotation warning in markup display of images + * more gracefully handle attempts to display binary content + * fix path display in patch and certain diff views + * fix broken cvsdb glob searching + * allow svn revision specifiers to have leading r's + * allow environmental override of configuration location + * fix exception HTML-escaping non-string data under WSGI + * add links to root logs from roots view + * use Pygments lexer-guessing functionality + +------------------------------------------------------------------- +Fri Aug 12 22:29:56 CEST 2011 - [email protected] + +- add supplements for apache2/subversion-server + +------------------------------------------------------------------- +Tue May 17 23:39:16 UTC 2011 - [email protected] + +- update to 1.1.11 (bnc#694785): + * security fix: remove user-reachable override of cvsdb row limit + * fix broken standalone.py -c and -d options handling + * add --help option to standalone.py + * fix stack trace when asked to checkout a directory (issue #478) + * improve memory usage and speed of revision log markup (issue #477) + * fix broken annotation view in CVS keyword-bearing files (issue #479) + * warn users when query results are incomplete (issue #443) + * avoid parsing errors on RCS newphrases in the admin section (issue #483) + * make rlog parsing code more robust in certain error cases (issue #444) + +------------------------------------------------------------------- +Tue Mar 15 22:17:29 UTC 2011 - [email protected] + +- update to 1.1.10: + * 1.1.9 shipped with a stack-trace-causing bug in the Subversion revision + info gathering logic + +------------------------------------------------------------------- +Sat Feb 19 00:42:56 UTC 2011 - [email protected] + +- update to 1.1.9: + * vcauth universal access determinations (issue #425) + * rework svn revision info cache for performance + * make revision log "extra pages" count configurable + * fix Subversion 1.4.x revision log compatibility code regression + * display sanitized error when authzfile is malformed + * handle file:/// Subversion rootpaths as local roots (issue #446) + * restore markup of URLs in file contents (issue #455) + * optionally display last-committed metadata in roots view (issue #457) + +------------------------------------------------------------------- +Thu Dec 2 22:43:14 UTC 2010 - [email protected] + +- update to 1.1.8: + * fix slowness triggered by allow_compress=1 configuration (issue #467) + * yield more useful error on directory markup/annotate request (issue #472) + +------------------------------------------------------------------- +Sat Sep 11 18:55:54 UTC 2010 - [email protected] + +- update to 1.1.7: + * maintenance release that includes all the bugfixes and enhancements made + thus far to the 1.1.x line + * adds a few features: + + FastCGI deployment support ++++ 1567 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.viewvc.15498.new.28504/viewvc.changes New: ---- viewvc-1.1.28.tar.gz viewvc-buglink.patch viewvc-rpmlintrc viewvc.changes viewvc.conf viewvc.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ viewvc.spec ++++++ # # spec file for package viewvc # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # %define apxs %{_sbindir}/apxs2 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) %define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) # %define site_python %(python -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib()") # %define viewvc_dir /srv/viewvc Name: viewvc Version: 1.1.28 Release: 0 Summary: Browse a Subversion Repository with a Web Browser License: BSD-2-Clause Group: Development/Tools/Version Control Url: http://www.viewvc.org/ Source0: http://www.viewvc.org/viewvc-%{version}.tar.gz Source1: viewvc.conf Source99: viewvc-rpmlintrc Patch0: viewvc-buglink.patch BuildRequires: apache2-devel BuildRequires: python-devel Requires: subversion-python Supplements: packageand(subversion-server:apache2) Provides: subversion-viewcvs = %{version} Provides: viewcvs = %{version} Obsoletes: subversion-viewcvs < %{version} Obsoletes: viewcvs < %{version} BuildArch: noarch %description ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bulk of the report-like functionality you expect out of your version control tool, but much prettier than the average textual command-line program output. ViewVC is the successor of ViewCVS. %prep %setup -q %patch0 %build %install rm -rf "lib/vclib/ccvs/rcsparse/test-data" # mkdir -p %{buildroot}/%{apache_sysconfdir}/conf.d cp -avL %{SOURCE1} %{buildroot}/%{apache_sysconfdir}/conf.d/viewvc.conf # viewvc ./viewvc-install --prefix "%{viewvc_dir}" --destdir %{buildroot} # hack for usage under mod_python # http://archive.netbsd.se/?ml=viewcvs-users&a=2007-02&t=3231282 # rename /srv/viewcvs/bin/mod_python/viewvc.py to myviewvc.py # to prevent import cycle with a newer mod_python versions mv %{buildroot}/srv/viewvc/bin/mod_python/viewvc.py \ %{buildroot}/srv/viewvc/bin/mod_python/myviewvc.py # rm -f %{buildroot}/srv/viewvc/cvsgraph.conf.dist sed ' s@^#docroot.*@docroot = /viewvc-docroot@ s@^default_root.*@default_root = your_unnamed_project@ s@^cvsgraph_conf.*@cvsgraph_conf = %{viewvc_dir}/cvsgraph.conf@ s@^hr_funout.*@hr_funout = 1@ s@^show_changed_paths.*@show_changed_paths = 0@ /^cvs_roots/,/^$/s/^/###/ /^#svn_roots/,/^$/c\ svn_roots:\ your_unnamed_project : /srv/svn/repos/<your_unnamed_project> , \ another_project : /srv/svn/repos/<another_project> \ # ' < conf/viewvc.conf.dist > %{buildroot}%{viewvc_dir}/viewvc.conf diff -up conf/viewvc.conf.dist %{buildroot}%{viewvc_dir}/viewvc.conf || true find %{buildroot}%{viewvc_dir} -type d | \ sed "s@%{buildroot}@%dir @" > files.viewvc find %{buildroot}%{viewvc_dir} -type f | \ sed "s@%{buildroot}@@;/\/templates\/\|\.conf$/s@^@%config (noreplace) @" >> files.viewvc cat files.viewvc # %files -f files.viewvc %license LICENSE %dir %{apache_sysconfdir}/conf.d %config (noreplace) %{apache_sysconfdir}/conf.d/viewvc.conf %changelog ++++++ viewvc-buglink.patch ++++++ ++++ 1064 lines (skipped) ++++++ viewvc-rpmlintrc ++++++ addFilter("W: non-etc-or-var-file-marked-as-conffile /srv/viewvc/.*") addFilter("W: script-without-shebang /srv/viewvc/bin/mod_python/.*") addFilter("W: files-duplicate /srv/viewvc/templates/.*") addFilter("W: files-duplicate /srv/viewvc/templates-contrib/.*") addFilter("W: files-duplicate /srv/viewvc/mimetypes.conf.*") addFilter("W: htaccess-file /srv/viewvc/bin/mod_python/.*") ++++++ viewvc.conf ++++++ # Example configuration for a subversion viewvc repository # # put the string SVN_VIEWCVS in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS # to enable the URL # http://localhost/viewvc # - OR - # add SVN_VIEWCVS_MODPYTHON to APACHE_SERVER_FLAGS to use mod_python # instead of CGI Python <IfDefine SVN_VIEWCVS> <IfModule mod_rewrite.c> RewriteEngine On RewriteRule /viewcvs(.*) /viewvc$1 [L,R] </IfModule> ScriptAlias /viewvc /srv/viewvc/bin/cgi/viewvc.cgi <Directory "/srv/viewvc/bin/cgi"> AllowOverride None Options +ExecCGI <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </Directory> # apache can serve the static files directly Alias /viewvc-docroot "/srv/viewvc/templates/docroot" <Directory /srv/viewvc/templates/docroot/> AllowOverride None <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </Directory> </IfDefine> <IfModule mod_python.c> <IfDefine SVN_VIEWCVS_MODPYTHON> <IfModule mod_rewrite.c> RewriteEngine On RewriteRule /viewcvs(.*) /viewvc$1 [L,R] </IfModule> <Directory "/srv/viewvc/bin/mod_python"> AllowOverride None #Options +ExecCGI <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </Directory> ScriptAlias /viewvc "/srv/viewvc/bin/mod_python/myviewvc.py" <Location /viewvc> AddHandler python-program .py PythonPath "['/srv/viewvc/bin/mod_python']+sys.path" PythonHandler handler #PythonDebug On #AddDefaultCharset UTF-8 </Location> # apache can serve the static files directly Alias /viewvc-docroot "/srv/viewvc/templates/docroot" <Directory /srv/viewvc/templates/docroot/> AllowOverride None <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </Directory> </IfDefine> </IfModule>
