[ John Zaitseff ] * New upstream release (closes: #532611, #575777, #575787, #576307). This solves CVE-2010-0004, CVE-2010-0005, CVE-2010-0736 and CVE-2010-0132. * Extensive rewrite of files in the debian directory. Updated to Debian policy 3.8.4, updated all control files to Debhelper 7, rewrote debian/rules for clarity (and to use Debhelper 7). * Removed all references to Debconf, as previous versions of this package violated Debian policy (section 10.7.3): /etc/viewvc/viewvc.conf is a conffile, and maintainer scripts must NOT modify it at any time. * Reorganised the installation files in /usr/lib/viewvc. The CGI programs are now links to files in /usr/lib/viewvc/cgi-bin. * Packaged the Apache mod-python modules for optional use (in /usr/lib/viewvc/mod-python). See README.Debian for more information. * Moved the static help documentation ("docroot") from /usr/share/viewvc to /usr/share/viewvc/docroot, as per Webapps Policy, section 3.1. * Updated the debian/patches subdirectory to remove patches no longer relevant to ViewVC 1.1.x and to update those that still apply. * debian/control: - Removed the dependency on gawk, as that was only required for Debconf configuration. - Demoted the dependency on mime-support to "Suggests": ViewVC can use it, if appropriately configured, but does not require it. - Added a suggestion for the python-tk package: viewvc-standalone(1) uses this when passed the "--gui" flag. - Modified all dependencies as appropriate. Depend on httpd-cgi, not httpd, since the viewvc package needs a CGI server. In addition, python-egenix-mxdatetime is no longer needed (since ViewVC 1.0.x). - Updated the XS-Python-Version field to "all" (Closes: #570573). - ViewVC 1.1.x supports only python-pygments as a syntax highlighter, not enscript. Adjusted dependencies as appropriate.
[ David Martínez Moreno ] * Changed history and added the CVE entry to the changelog for 1.0.9-1. * debian/control: - Moved Section to vcs in order to match the overrides. - Make python-dev dependency just python. - Removed dummy package viewcvs, it was already dummy in lenny. * debian/viewcvs.*: Removed. * debian/NEWS: Fixed version in John's entry and removed old news from 0.9.4. * debian/README.source: Added. * The new release also addresses in a different way how to show long annotation messages (closes: #434301). * Added debian/patches/92-no_strings_in_raise for fixing a couple of occurrences of string exceptions in the code, no longer valid in Python 2.6, the default now (closes: #585366).