--- viewvc-1.1.5.orig/debian/NEWS +++ viewvc-1.1.5/debian/NEWS @@ -0,0 +1,21 @@ +viewvc (1.1.5-1) unstable; urgency=medium + + * The ViewVC packages (viewvc, viewvc-query and viewcvs) have been + reorganised rather extensively. However, upgrading from an older + version _should_ result in a still-working installation. + + * The Apache mod-python modules are now part of the Debian packages; + these are installed to /usr/lib/viewvc/mod-python. See README.Debian + for information on how to use these modules. + + * All references to Debconf have been removed. Previous versions of + this package violated Debian policy (section 10.7.3): the file + /etc/viewvc/viewvc.conf is a conffile, and maintainer scripts must NOT + modify it at any time. The shipped viewvc.conf file does not have any + CVS or Subversion repositories defined. + + * The "*docroot*" path has been moved from /usr/share/viewvc to + /usr/share/viewvc/docroot. This new location better complies with the + Webapps Policy, section 3.1. + + -- John Zaitseff Thu, 01 Apr 2010 13:08:05 +1100 --- viewvc-1.1.5.orig/debian/README.Debian +++ viewvc-1.1.5/debian/README.Debian @@ -0,0 +1,154 @@ +ViewVC for Debian +================= + +ViewVC is a browser (web) interface for CVS and Subversion version +control repositories. It generates templatized HTML to present navigable +directory, revision, and change log listings. It can display specific +versions of files as well as diffs between those versions. + +Basically, ViewVC provides the bulk of the report-like functionality you +expect out of your version control tool, but much more prettily than the +average textual command-line program output. + +ViewVC can be used in two modes, both of which are supported by this +Debian package: + +1. By running the simple stand-alone server "viewvc-standalone", with or + without a graphical interface, and/or + +2. By integrating ViewVC with Apache (or another CGI-enabled HTTP + server), using either CGI or mod-python. + +The second mode is the normal way ViewVC is used. + + +Stand-alone server +------------------ + +Running the stand-alone server is as simple as issuing the following +command line: + + viewvc-standalone + +You can then point your web browser to http://localhost:49152/viewvc. A +number of options are available; see viewvc-standalone(1) for more +details. + + +Integrating with Apache: CGI module +----------------------------------- + +By default, the Debian package installs appropriate symbolic links in the +/usr/lib/cgi-bin directory. If you already have a CGI-enabled HTTP +server installed and configured, all you should need to do is point your +web browser to: + + http://YOUR_WEBSITE/cgi-bin/viewvc.cgi + +By default, the configuration file /etc/viewvc/viewvc.conf does NOT have +any CVS or Subversion repositories enabled. You will need to modify the +cvs_roots and either svn_roots or root_parents variables in that file. + +Please note that the ViewVC packages do NOT modify your Apache (or other +HTTP server) configuration. In particular, if accessing the above URL +shows Python code instead of the ViewVC pages, you will need to enable +CGI processing. This can be done by running as root: + + a2enmod cgid + +and making sure something like the following appears in an appropriate +Apache configuration (such as /etc/apache2/sites-available/default): + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + +You will need to restart the Apache web server after making such changes. +See the Apache server documentation for mod_cgi and mod_cgid for more +information. + + +Integrating with Apache: mod-python module +------------------------------------------ + +If you are running a high-traffic or high-performance web site, you can +use ViewVC with the Apache mod-python plug-in. This requires you to +modify the Apache HTTP server configuration (such as in the file +/etc/apache2/sites-available/default). The appropriate modules are +located in /usr/lib/viewvc/mod-python: + + Alias /viewvc /usr/lib/viewvc/mod-python/viewvc.py + Alias /viewvc-query /usr/lib/viewvc/mod-python/query.py + + + AddHandler mod_python .py + PythonHandler handler + PythonDebug On + + AllowOverride None + Order allow,deny + Allow from all + + +You will also need to install the libapache2-mod-python Debian package +and, if needed, enable it: + + a2enmod python + +You will need to restart the Apache web server after making such changes. +Once this is done, you should be able to point your web browser to + + http://YOUR_WEBSITE/viewvc + +and + + http://YOUR_WEBSITE/viewvc-query + +and see the appropriate ViewVC web pages (the second URL is only +applicable if you have installed the viewvc-query package). You can, of +course, change the URL by changing the first part of the Alias directive. + +See the Apache server documentation, as well as documentation for +libapache2-mod-python, for more information. + + +ViewVC *docroot* +---------------- + +Ever since release 0.9.4+svn20060318-1, the default configuration in +/etc/viewvc/viewvc.conf makes the ViewVC program itself serve all help +documents, images and style sheets. These are referenced using *docroot* +as a URL component; see /usr/share/doc/viewvc/docs/url-reference.html for +more information. By default, the "*docroot*" URL component is mapped to +/etc/viewvc/templates/docroot, which in turn is a symbolic link to +/usr/share/viewvc/docroot. + +This state of affairs is somewhat suboptimal, as it causes a performance +hit on the web server: every request for these files needs to go through +the CGI or mod-python module. It does, however, allow ViewVC to be +shipped more or less "working out-of-the-box", without having to modify +your web server configuration files. + +If you wish to avoid the performance penalty of doing things this way, +you will need to uncomment the "docroot" directive in viewvc.conf, give +it an appropriate value and make whatever changes to your HTTP server +configuration you need to expose /usr/share/viewvc/docroot as the value +of "docroot". + +Once this is done, content previously served as + + http://YOUR_WEBSITE/cgi-bin/viewvc.cgi/*docroot*/images/logo.png + +becomes + + http://YOUR_WEBSITE/$DOCROOT/images/logo.png + +where $DOCROOT is the value of the ViewVC "docroot" directive. + + + -- John Zaitseff Thu, 01 Apr 2010 13:03:23 +1100 --- viewvc-1.1.5.orig/debian/README.source +++ viewvc-1.1.5/debian/README.source @@ -0,0 +1,4 @@ +This package uses quilt for patch management. Refer to /usr/share/doc/quilt/README.source +from the package 'quilt' for more information about this system. + + -- David Martínez Moreno Wed, 30 Jun 2010 19:41:40 +0200 --- viewvc-1.1.5.orig/debian/TODO +++ viewvc-1.1.5/debian/TODO @@ -0,0 +1,13 @@ +Remaining things to do +====================== + +* Write manual pages for the following programs: + + /usr/sbin/viewvc-cvsdbadmin + /usr/sbin/viewvc-loginfo-handler + /usr/sbin/viewvc-make-database + /usr/sbin/viewvc-svndbadmin + +* The old Debconf integration violated Debian policy (section 10.7.3) by + modifying a conffile, /etc/viewvc/viewvc.conf. Perhaps use ucf(1) and + restore the Debconf questions? To be honest, I never liked Debconf... --- viewvc-1.1.5.orig/debian/changelog +++ viewvc-1.1.5/debian/changelog @@ -0,0 +1,798 @@ +viewvc (1.1.5-1.4+deb7u1build0.14.04.1) trusty-security; urgency=medium + + * fake sync from Debian + + -- Tyler Hicks Fri, 10 Feb 2017 17:31:42 +0000 + +viewvc (1.1.5-1.4+deb7u1) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Fix CVE-2017-5938: + Cross-Site Scripting (XSS) vulnerability in lib/viewvc.py. + + -- Markus Koschany Thu, 09 Feb 2017 23:04:34 +0100 + +viewvc (1.1.5-1.4) unstable; urgency=high + + * Non-maintainer upload. + * CVE-2012-4533: Fix XSS in commit message view. Found and patch provided + by Nicolás Alvarez (closes: #69106). + + -- Thijs Kinkhorst Tue, 23 Oct 2012 08:19:39 +0000 + +viewvc (1.1.5-1.3) unstable; urgency=low + + * Non-maintainer upload. + + [ gregor herrmann ] + * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357": + - CVE-2012-3356: * security fix: complete authz support for remote SVN views + - CVE-2012-3357: * security fix: log msg leak in SVN revision view with + unreadable copy source + Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn. + (Closes: #679069) + + [ Ben Hutchings ] + * view_query: No longer allow an undocumented URL parameter to + override the admin-declared SQL row limit, which could result + in excessive CPU usage and memory consumption (CVE-2009-5024) + (Closes: #671482) + + -- Thijs Kinkhorst Sun, 14 Oct 2012 20:12:07 +0000 + +viewvc (1.1.5-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix "viewvc runs extremely slowly (~15s per page)": + backport upstream commit r2471 as new patch compression-content-length: + don't set Content-Length when compression is used. + (Closes: #636805) + + -- gregor herrmann Fri, 17 Aug 2012 16:21:49 +0200 + +viewvc (1.1.5-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Backporting oneliner fix from version 1.1.6, r2369, + (escape): Ensure that the input is string-ified before doing string + transformations on it. (Closes: #601805) + Thanks to Tom Albers. + + -- Ana Beatriz Guerrero Lopez Sat, 30 Oct 2010 12:12:36 +0200 + +viewvc (1.1.5-1) unstable; urgency=medium + + [ John Zaitseff ] + * New upstream release (closes: #532611, #575777, #575787, #576307). This + solves CVE-2010-0004, CVE-2010-0005, CVE-2010-0736 and CVE-2010-0132. + * Extensive rewrite of files in the debian directory. Updated to Debian + policy 3.8.4, updated all control files to Debhelper 7, rewrote + debian/rules for clarity (and to use Debhelper 7). + * Removed all references to Debconf, as previous versions of this + package violated Debian policy (section 10.7.3): /etc/viewvc/viewvc.conf + is a conffile, and maintainer scripts must NOT modify it at any time. + * Reorganised the installation files in /usr/lib/viewvc. The CGI + programs are now links to files in /usr/lib/viewvc/cgi-bin. + * Packaged the Apache mod-python modules for optional use (in + /usr/lib/viewvc/mod-python). See README.Debian for more information. + * Moved the static help documentation ("docroot") from /usr/share/viewvc + to /usr/share/viewvc/docroot, as per Webapps Policy, section 3.1. + * Updated the debian/patches subdirectory to remove patches no longer + relevant to ViewVC 1.1.x and to update those that still apply. + * debian/control: + - Removed the dependency on gawk, as that was only required for Debconf + configuration. + - Demoted the dependency on mime-support to "Suggests": ViewVC can use + it, if appropriately configured, but does not require it. + - Added a suggestion for the python-tk package: viewvc-standalone(1) + uses this when passed the "--gui" flag. + - Modified all dependencies as appropriate. Depend on httpd-cgi, not + httpd, since the viewvc package needs a CGI server. In addition, + python-egenix-mxdatetime is no longer needed (since ViewVC 1.0.x). + - Updated the XS-Python-Version field to "all" (Closes: #570573). + - ViewVC 1.1.x supports only python-pygments as a syntax highlighter, + not enscript. Adjusted dependencies as appropriate. + + [ David Martínez Moreno ] + * Changed history and added the CVE entry to the changelog for 1.0.9-1. + * debian/control: + - Moved Section to vcs in order to match the overrides. + - Make python-dev dependency just python. + - Removed dummy package viewcvs, it was already dummy in lenny. + * debian/viewcvs.*: Removed. + * debian/NEWS: Fixed version in John's entry and removed old news from 0.9.4. + * debian/README.source: Added. + * The new release also addresses in a different way how to show long + annotation messages (closes: #434301). + * Added debian/patches/92-no_strings_in_raise for fixing a couple of + occurrences of string exceptions in the code, no longer valid in Python + 2.6, the default now (closes: #585366). + + -- David Martínez Moreno Fri, 02 Jul 2010 02:24:34 +0200 + +viewvc (1.0.9-1) unstable; urgency=high + + * New upstream release (closes: #502257): + - CVE-2008-4325: Ignore arbitrary user-provided MIME types (closes: + #500779). + - Fixed bug in regexp searches. + - Fixed bug in handling of certain 'co' output. + - Fixed annotate code syntax error. + - Fixed mod_python import cycle. + - Fixed directory view sorting UI. + - Tolerate malformed Accept-Language headers. + - Fixed directory log views in revision-less Subversion repositories. + - Fixed exception in rev-sorted remote Subversion directory views. + - Security fixes: validate the 'view' parameter to avoid XSS attack + and avoid printing illegal parameter names and values (closes: + #545779). + * debian/control: + - Moved docbook-to-man from B-D-I to B-D, as it is in build target + (closes: #440188). + - Added B-D on quilt (>= 0.46-7) in order to have dh_quilt_*. + - Upgraded Standards-Version to 3.8.3. + - Added ${misc:Depends} to viewvc and viewvc-query. + - Bumped dependency on debhelper to >=6. + - Added Homepage. + * debian/rules: + - Moved patch targets into the XXI century: removed lots of old lines + by a couple of calls to dh_quilt_* helpers. + * debian/patches: + - Refreshed everything to get rid of errors and removed additional + options like -p0 (closes: #485187). + - 04_tarball_permission_fix: Added to series, closes: #482323. + * debian/viewvc.config: Removed prepended path to debconf-show. + * debian/compat: Upgraded to v6. + * debian/viewvc.postinst: Added set -e to catch up errors. + + -- David Martínez Moreno Mon, 28 Sep 2009 05:24:27 +0200 + +viewvc (1.0.5-0.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n bugs. Debconf translations: + - Portuguese. Closes: #489388 + + -- Christian Perrier Thu, 25 Sep 2008 07:03:03 +0200 + +viewvc (1.0.5-0.1) unstable; urgency=medium + + * Non-maintainer upload to fix security, and pending l10n, issues + + [ John Zaitseff ] + * New upstream release, originally packaged by the ZAP Group + (Closes: #471380, #463195). Thanks to John Zaitseff for the patch + Fixed: + - CVE-2008-1290 - list CVS or SVN commits on "all-forbidden" + files + - CVE-2008-1291 - directly access hidden CVSROOT folders + - CVE-2008-1292 - expose restricted content via the revision + view, the log history, or the diff view + * Updated the following files in the debian/patches subdirectory: + series + 02_py2html_activation + 101_viewvc-install_Debian_paths + 102_viewvc.conf_Debian_customization + * Updated debian/rules to install documentation in the docs directory + and example templates in templates-contrib. + + [ Christian Perrier ] + * Debconf translations: + - Vietnamese. Closes: #426876 + * [Lintian] Fix syntax in NEWS.Debian + * [Lintian] Replace obsolete ${Source-Version} variable by + ${source:Version} + * Finnish. Closes: #473466 + * Basque. Closes: #476172 + + -- Christian Perrier Mon, 31 Mar 2008 08:42:29 +0200 + +viewvc (1.0.3-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply the "forbidden" option on files as well, thanks to Chung-chieh Shan + for the patch (Closes: #416696). + * Really added quilt to build dependencies + (Closes: #426073, #409774, #419674). + + -- Sebastian Harl Tue, 4 Sep 2007 17:34:21 +0200 + +viewvc (1.0.3-2) unstable; urgency=low + + * debian/control: + - It seems that the build dependency on quilt was lost in some internal + release. Now it is back (closes: #409774). + - Added po-debconf to Build-Depends. + * Debconf translations: + - Updated Czech (closes: #409618). Thanks, Miroslav Kure. + - Updated Swedish (closes: #409624). Thanks, Daniel Nylander. + - Added Galician (closes: #409626). Thanks, Jacobo Tarrío. + - Updated Japanese (closes: #409940). Thanks, Hideki Yamane. + - Updated French (closes: #409949). Thanks, Michel Grentzinger. + - Added Russian (closes: #409958). Thanks, Yuri Kozlov. + - Added German (closes: #409979). Thanks, Henrik Kröger. + - Updated Dutch (closes: #410034). Thanks, Thijs Kinkhorst. + - Added Romanian (closes: #410136). Thanks, Eddy Petrișor. + * debian/viewvc-config: Added -c/--config in order to have the possibility + to query a different config file. + * debian/viewvc.config, debian/viewvc.postinst: Rewrote the migration code + in order to make it compliant with the debconf Developers' Guide, in + particular: + "[...]the config script is run before the package is unpacked.[...] The + config script should not need to modify the filesystem at all." + Now it simply saves viewcvs' information for later use in postinst, where + it moves viewcvs.conf into viewvc.conf (closes: #409836). + + -- David Martínez Moreno Fri, 9 Feb 2007 02:45:37 +0100 + +viewvc (1.0.3-1) unstable; urgency=low + + * Sorry for the enormous delay. Viewvc was in a bad shape and I was not in + the mood. Let's try finally viewvc in unstable. + * New upstream release (closes: #388527, #397669). Main changes since the + last snapshot are: + - Fixed issues with Subversion tarballs. + - Fixed annotate in several cases. + - Security fix: declare charset for views to avoid IE UTF7 XSS attacks. + - Minor documentation fixes. + - Lots of other fixes in RSS, CVS and XHTML code. + * debian/control: + - Build-Depends on quilt (closes: #386990). + - Added gawk to Depends in viewvc, in order to fix error when no roots are + present, and replaced awk by gawk in debian/viewvc.postinst. + * Renamed debian/README to debian/README.Debian. Thanks, Romain Francoise + (closes: #386992). + * Included some parts of the diff from NMU 0.9.2+cvs.1.0.dev.2004.07.28-4.1 + by Joey Hess to fix #384750 (already included with the fix for #380981). + * debian/patches: Removed 03_ValueErrorException_and_commitid patch, as it + was included in 1.0.3. + + -- David Martínez Moreno Fri, 2 Feb 2007 18:29:19 +0100 + +viewvc (0.9.4+svn20060318-1) experimental; urgency=low + + * New SVN snapshot. ViewCVS project has become ViewVC, under tigris.org's + umbrella. Fresh SVN checkout as of 18-03-2006, closes: #339537. Main + changes were: + - All the files related to ViewCVS (viewcvs.conf, viewcvs.cgi and so on) + have been renamed to viewvc.whatever. + - Templates are Apache-agnostic, so this addresses part of #263268. + - There is no diff_font_face setting, thus closes: #229906. + - The templates no longer include invalid SGML comments. Closes: #245550. + - The URLs are properly escaped now (closes: #363972). + - URLs in commit messages are no longer truncated (closes: #190975). + - I am not able to leave any lock in repositories, so I suppose this + closes: #280877. + - I suspect that #200691 was produced by problems with python-subversion. + Now it is working for me, so closes: #200691. + - I have no problems to see markup in log or annotate views. Closes: + #204595. + - hide_attic shows or hides files inside the Attic always, including + subdirectories (closes: #178999). + - The layout is correct now (closes: #189544). + - Coloring works with diffs (closes: #344941). + - File size now appears in the detailed view (closes: #319250). + - svn_parent_path has been removed in favour of a wider 'root_parents' + parameter, valid for either CVS or Subversion. Added to NEWS.Debian. + Closes: #264110. + - markup_stream_enscript does not longer exist as individual method. + Closes: #191455. + - Disabling annotation works now. Closes: #321584. + - Fixed tarball generator so it doesn't include forbidden modules. + Closes: #295031. + - CVS branches now show correct information. Closes: #217070. + - As far as I understood in #217049, the problem is that certain files + does not have Attic/ in their URL. Now the file in Attic are shown as + every other file, but with proper FILE REMOVED labels, so this closes: + #217049. + - Added integrated RSS feeds. + - Make "default_root" option optional. When no root is specified, it shows + a page listing all available repositories. + - Added stricter parameter validation to lower likelihood of cross-site + scripting vulnerabilities. + - Added support for cvsweb's "mime_type=text/x-cvsweb-markup" URLs. + - Fixed incompatibility with enscript 1.6.3. + - Output "404 Not Found" errors instead of "403 Forbidden" errors to not + reveal whether forbidden paths exist. + - Cleaned up zombie processes from running enscript. + - Results from viewvc-query give now a correct path. Closes: #181888. + - Lots of other fixes. + * This release is very close to ViewVC 1.0, and all the requests that + Richard A. Nelson made are in current snapshot, so I suppose that it + closes: #369744. + * Altered drastically the way that patches are stored. Added infrastructure + to manage them with quilt. This will cause for sure some headaches, as it + will be regressions and already fixed bugs in the present code, but the + old package was unmanageable. Sorry for the annoyance. If I made this, it + was for a better future. :-) + * "And now, the continuation!" + * I pushed several things present in unreleased packages to upstream, so the + diff size is small again. :-) + * debian/TODO: Added. + * debian/copyright: Clarified the difference between license and copyright, + and added some words about the name change. + * debian/rules: Changed DH_COMPAT=3 to debian/compat(=4). + * debian/po/*po: Replaced 'ViewCVS' by 'ViewVC'. + * debian/templates: All the templates now belong to viewvc/whatever. Removed + svnparentpath, as it was not supported in the old packages and I prefer to + keep this situation for now. + * debian/po/vi.po: Added Vietnamese translation. Thanks, Clytie Siddall! + (closes: #324077). + * debian/po/sv.po: Added Swedish translation. Thanks, Daniel Nylander! + (closes: #332555). + * debian/po/es.po: Added Spanish translation. + * Created viewvc.config in order to transfer all the existing debconf + answers to the new hierarchy, and added code to viewcvs.postrm in order to + remove such questions when purged. Thanks to Joey Hess for advice in this + situation. Altered viewvc-config in order to use the new config file. + Robustified several routines that deal with debconf entries. The + configuration system now is able to uncomment an entry. I am not able to + reproduce several related bugs, so this closes: #296191, #270331. + * Fixed a greedy regular expression in viewvc-config that made full lines + disappear from the config file when at least an option was empty. + * Unified methods of obtaining list of roots in postinst and config scripts. + * debian/control: + - Renamed viewcvs to viewvc, and added a dummy viewcvs package for + upgrades. + - Rewrote some descriptions, and this surprisingly closes: #354752. + - Added '| debconf-2.0' to Depends in viewvc. Closes: #332137. + - Replaced in Build-Depends python2.3-subversion by new package + python-subversion. + - Moved python-subversion from Build-Depends to Depends. + - Upgraded Standards-Version to 3.7.2.1. + * Merged code from .diff.gz into debian/patches and with upstream in order to + deal with past bug reports. This is only to make sure that I did not drop + something in the way...: + - #196975: robots exclusion + - #261986: viewcvs: Exception enumerating branches + - #284237: NMU: Security update for CAN-2004-0915 + - #287771: [CAN-2004-1062]: cross site scripting security problem + - #289466: viewcvs: breaks config file on upgrade + - #293426: viewcvs: split log info from file content so it can be distinguished + - #293529: viewcvs: Please include svndbadmin + - #297032: viewcvs: Error message "UnknownReference: current_root" + - #303756: viewcvs: Unknown Reference: current_root (includes patch) + * Pushed to upstream an upgrade to embedded py2html to 0.8, and activated + processing for .py scripts. Closes: #282718. + * Call dh_python *before* dh_installdeb, so that *.py files are compiled + Closes: #245181. + * Applied patch fixing some typos in debian/templates. Thanks, Tobias + Toedter and Clytie Siddall (closes: #251762, #324076). While at it, + upstream replaced all the 'ViewCVS' strings by 'ViewVC' in the tree. + * Incorporate remaining pieces from doogie's NMU to packages, except the + setuid wrapper. Closes: #294242. + * debian/viewvc.links: Add a link from /usr/share/viewvc to + /etc/viewvc/templates/docroot. + * Changed default path in ViewVC to /etc/viewvc/templates. This change, + along with a commented out 'docroot' value in viewvc.conf by default, + allowed to simply make a symbolic link from /etc/viewvc/templates/docroot + to /usr/share/viewvc, and all the problems with CSS and images simply + vanished. Reading the policy I was unable to find anything against this. + Yes, this is a performance penalty, as viewvc is serving images that + otherwise you could get directly from the web server, but it avoids to + deal with web server configurations. Added a NEWS.Debian entry about this + subject. I am grateful to say that it closes: #305130, #263268, #307092, + #307789, #232847, #274422. + * We do not fiddle with Apache config, thus also closes: #291358, #304680. + * Added a README.Debian with information about solving the performance hit + of having viewvc serving all the content, and with basic information about + viewvc (closes: #150214). I think that adding this information also + closes: #241545 as well, because the other part is 'solved' as we do not + touch web server configurations anymore. + * Added a patch from 1.0.x branch to upgrade lib/vclib/bincvs/__init__.py: + - Fixed a ValueError exception raised (closes: #265271). + - Fixed parsing of recent CVS format (closes: #372655). + * Fixed building in order to support the new Python policy (closes: #380981): + - debian/control: Added python-support (>= 0.3) to B-D-I. Bumped + dependency on debhelper (>= 5.0.37.2). + - Added an 'XB-Python-Version: ${python:Versions}' field to viewvc and + viewvc-query. + - Added an 'XS-Python-Version: current' field to viewvc and viewvc-query. + - debian/rules: Insert dh_pysupport before dh_python. + - debian/pycompat: Created with a content of '2'. + * Improved description for viewvc-query. Closes: #293301. + * We do not rename query.cgi to viewvc-query.cgi (at least for the moment). + Closes: #194472. + + -- David Martínez Moreno Mon, 14 Aug 2006 01:30:24 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-4.1) unstable; urgency=low + + * NMU + * Updated for python transition, using python-support. Closes: #384750 + + -- Joey Hess Wed, 30 Aug 2006 16:14:18 -0400 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-4) unstable; urgency=low + + * File contents are now visible. Thanks, Marius Gedminas! (closes: #239968). + * debian/po/cs.po: Added Czech translation. Thanks, Miroslav Kure! (closes: + #318953). + * www/cgi/viewcvs.cgi: Added code to return response for robots in order to + not index the site. Thanks, Kai Hendry. Closes: #196975. + * templates/markup.ezt: Added a trivial patch to split log info from file + content. Thanks, Guillem Jover. Closes: #293426. + * viewcvs-install-debian: Include svndbadmin in the contents of the viewcvs + package (closes: #293529). + * debian/control: + - Update Standards-Version to 3.6.2. + - Added ${python:Depends} to viewcvs-query to shut up lintian. + - Build-Depends line was really Build-Depends-Indep. + - Added apache to Recommends, as Policy Manual says that it needs at least + one real package. + + -- David Martínez Moreno Thu, 21 Jul 2005 17:15:21 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-3) unstable; urgency=low + + * Sigh. Really change maintainer in debian/control. Thanks, + Martin Michlmayr. + + -- David Martínez Moreno Fri, 17 Jun 2005 06:25:14 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-2) unstable; urgency=low + + * New maintainer. + + -- David Martínez Moreno Fri, 17 Jun 2005 00:26:29 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1.5) unstable; urgency=medium + + * NMU + * Urgency medium because it fixes an important bug and it would + be great if it still could get into sarge, even if it's frozen. + * Update templates/include/branch_form.ezt from upstream CVS so that viewcvs + actually shows files in CVS trees without backtraces + (closes: #303756). + + -- Peter Palfrader Tue, 24 May 2005 00:47:29 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1.4) unstable; urgency=high + + * NMU. + * Don't try to change the config file if there are vhosts configured. + This will most probably mess it up (Closes: #289466) + * Bug fix: "viewcvs: Updated Japanese po-debconf template translation + (ja.po)", thanks to Hideki Yamane (Closes: #241832). + * Bug fix: "Update of the french debconf translation", thanks to Michel + Grentzinger (Closes: #244514). + * Bug fix: "[INTL:nl] New po-debconf translation in Dutch for viewcvs.", + thanks to Tim Dijkstra (Closes: #289639). + * Copyright holder has changed, correct copyright file + * More changes by Christian Perrier: + + Remove dh-make boilerplate in copyright + + Remove initial capitals in packages description synopsis + and improve English slightly + + -- Frank Lichtenheld Fri, 21 Jan 2005 12:33:29 +0100 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1.3) unstable; urgency=HIGH + + * NMU. + * Fix cross-site-scripting hole in 404 not found pages. (CAN-2004-1062) + Closes: #287771 + + -- Joey Hess Fri, 31 Dec 2004 15:21:28 -0500 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1.2) unstable; urgency=high + + * Non-maintainer upload by the Security Team + * Corrected code to honor hide_cvsroot and forbidden when making a + tarball [lib/viewcvs.py, CAN-2004-0915] + + -- Martin Schulze Fri, 3 Dec 2004 10:15:22 +0100 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix error in lib/dbi.py which prevented it working with + python >= 2.3 (Closes: #273997) Patch from upstream CVS. + * Add some missing quotes in debian/po/ja.po + + -- Frank Lichtenheld Tue, 12 Oct 2004 18:54:30 +0200 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.28-1) unstable; urgency=low + + * New upstream release + * fix *_pagesize (closes: #249722) + * /etc/apache2/conf.d/viewcvs: new added + Alias /doc/viewcvs/ /usr/share/viewcvs/ + * README.Debian: Alias /doc/viewcvs/ /usr/share/viewcvs/ + * templates/include/footer.ezt: use /doc/viewcvs/images/logo.png + * lib/viewcvs.py: fix handling '&' and '+' in URL htmlify + + -- Takuo KITAME Thu, 29 Jul 2004 17:01:18 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2004.07.01-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Fri, 16 Jul 2004 17:29:29 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2004.03.24-2) unstable; urgency=high + + * debian/config,postinst,preinst: Applied patch to fix #239967 (closes: #239967) + * urgency=high because of RC Bug fix + + -- Takuo KITAME Sun, 11 Jul 2004 02:03:25 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2004.03.24-1) unstable; urgency=low + + * New upstream release + * fix operating with Subversion 0.37 and later. (Closes: #234906, #234937, #210303) + Thanks NMUing by Branden Robinson. (closes: #239526) + * fix query.ezt points to query.cgi (closes: #237162) + * install into /usr/lib/python2.3/site-packages/ (closes: #235518) + * remove useless README (closes: #211208) + * added nl,po ca.po and ja.po for debconf (closes: #219963, #236217, #225799) + * mentioned subversion in description (closes: #223752) + * ask svn_root in debconf + + -- Takuo KITAME Wed, 24 Mar 2004 12:37:26 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2003.08.26-1) unstable; urgency=low + + * New upstream cvs checkout (closes: #202052) + * CGI script run with umask 0002 + * build-depends + * switch to gettext format for the debconf templates (closes: #199127) + * added fr.po (closes: #200201) + * build-depends on pyhton2.3-subversion (closes: #206640) + + -- Takuo KITAME Sun, 14 Sep 2003 15:02:55 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2003.05.05-3) unstable; urgency=low + + * Applied patch to fix svn support (closes: Bug#199201) + + -- Takuo KITAME Fri, 4 Jul 2003 11:40:12 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2003.05.05-2) unstable; urgency=low + + * Fixed cp process in postinst (closes: #192512) + + -- Takuo KITAME Tue, 20 May 2003 11:52:45 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2003.05.05-1) unstable; urgency=low + + * New upstream release + * Thanks Raphael Bossek to following changes. + - Multiple repositories support fixed. [ViewCVSBug:705560,656677,624608] + - Tarball download fixed. (closes: #188908) [ViewCVSBug:724971] + - Blank site while markup unknown file extension fixed. [ViewCVSBug:724978,702915] + - PHP markup support improved as mentioned by ViewCVSBug 702915. + - Removed bug 175022 patch from sources due to trouble with repository + entries containing blanks. We are also depending on Python 2.2 where + the described problem doesn't exist anymore. [ViewCVSBug:724967] + * don't use examples as conffile template.(closes: #189861) + + -- Takuo KITAME Tue, 6 May 2003 16:09:39 +0900 + +viewcvs (0.9.2+cvs.1.0.dev.2003.04.08-0.1) unstable; urgency=low + + * New upstream release, includes svn support and bug fixes + (closes: #188021, #181649) + * lib/viewcvs.py: applied path for download support w/ py2.1(woody) (closes: #175022) + * debian/control: fix build-depends (closes: #188022) + + -- Takuo KITAME Thu, 10 Apr 2003 14:55:55 +0900 + +viewcvs (0.9.2-8) unstable; urgency=low + + * debian/rules: PYTHONDIR=/usr/lib/python2.2 (closes: #170344) + + -- Takuo KITAME Sun, 24 Nov 2002 00:20:40 +0900 + +viewcvs (0.9.2-7) unstable; urgency=low + + * Depends on python-tk (closes: #154445) + * Build-Depends: python-dev (>= 2.2, << 2.3) (closes: #169851) + * Fix enscript option. (closes: #149980) + * Fix typo in debconf template (closes: #149870) + * Fix comments of viewcvs.conf for cvsgraph package (closes: #156307) + * improved colorised enscript support (closes: #169187) + * include INSTALL documentaion. (closes: #153592) + * change default cvsroot to /var/lib/cvs (closes: #150247) + + -- Takuo KITAME Fri, 22 Nov 2002 12:00:01 +0900 + +viewcvs (0.9.2-6) unstable; urgency=low + + * split out viewcvs-query.cgi into viewcvs-query. (closes: #147414, #147170) + + -- Takuo KITAME Fri, 31 May 2002 16:02:29 +0900 + +viewcvs (0.9.2-5) unstable; urgency=low + + * fix enscript support (closes: #140354) + * fix Cross Site Scripting vulnerability + + -- Takuo KITAME Wed, 24 Apr 2002 09:55:34 +0900 + +viewcvs (0.9.2-4) unstable; urgency=low + + * /etc/viewcvs/viewcvs.conf: do not mark as conffiles + * default cvs is /var/lib/cvs (closes: #141389) + * fix documents (closes: #141387) + + -- Takuo KITAME Sun, 7 Apr 2002 02:22:45 +0900 + +viewcvs (0.9.2-3) unstable; urgency=low + + * added debconf chooser for Default CVS Root + * Implement disallowing to list modules of '/' + disallow_root = 0 (disable) or 1 (enable) # (default is disable) + It behave like SourceForge's viewcvs. + * read 'viewcvs.conf' of current directory when it exists. + It useful for VirtualHost. + + -- Takuo KITAME Wed, 20 Feb 2002 18:54:32 +0900 + +viewcvs (0.9.2-2) unstable; urgency=low + + * Online documents and icons were moved to /usr/share/viewcvs/ + And fixed README.Debian + (closes: #131332) + * debian/templates: + - added Note for icons directory. + * debian/links: + - /usr/share/viewcvs /usr/share/doc/viewcvs/html + * templates/*: + - use /viewcvs/icons/ instead of /doc/viewcvs/icons/ + - don't use apache_pb.gif. use viewcvs's logo.png instead. + + -- Takuo KITAME Wed, 30 Jan 2002 17:48:31 +0900 + +viewcvs (0.9.2-1) unstable; urgency=low + + * New upstream release (closes: #130851) + * applied fix icon path patch (#130851) Thanks. + + -- Takuo KITAME Sun, 27 Jan 2002 15:37:20 +0900 + +viewcvs (0.9.1-2) unstable; urgency=low + + * cgi/viewcvs.conf.dist: + - default cvsgraph_conf is /etc/cvsgraph/cvsgraph.conf + * debian/control: + - Suggests: cvsgraph + + -- Takuo KITAME Mon, 14 Jan 2002 03:20:05 +0900 + +viewcvs (0.9.1-1) unstable; urgency=low + + * New upstream release (closes: #127147) + * viewcvs-install-debian: + - update with original. + + -- Takuo KITAME Mon, 31 Dec 2001 12:14:55 +0900 + +viewcvs (0.8-4) unstable; urgency=low + + * debian/template: + - Fix grammer, boolean value, more detail for allow_tar. + and fix debconf manner. Thanks Joey Hess (closes: #126538, #126541) + * viewcvs-install-debian: + - install help_query.html (closes: #126572) + + -- Takuo KITAME Fri, 28 Dec 2001 01:27:19 +0900 + +viewcvs (0.8-3) unstable; urgency=low + + * debian/config: + - remove duplicate code with postinst. + * lib/viewcvs.py: + - enscript_extensions: add '.rb' : 'ruby' + + -- Takuo KITAME Fri, 21 Dec 2001 20:26:42 +0900 + +viewcvs (0.8-2) unstable; urgency=low + + * test /usr/lib/viewcvs/viewcvs-config when run it (closes: #123622) + + -- Takuo KITAME Thu, 13 Dec 2001 02:10:42 +0900 + +viewcvs (0.8-1) unstable; urgency=low + + * New upstream release + * fix duplicate conffiles (closes: #108198) + * standalone.py will be installed as /usr/sbin/viewcvsd + * added manpage viewcvsd.8 + * wrote a little documents README.Debian (closes: #66842, #109842) + wrote about Alias to icons dir (closes: #121105) + * move viewcvs.conf to /etc/viewcvs/ + * renamed query.cgi to viewcvs-query.cgi (closes: #104146) + * install byte compiled py (pyc) into /usr/lib/python2.1/viewcvs (closes: #92742) + * install template into /etc/viewcvs/templates + * other files are into /usr/lib/viewcvs/ + * use debconf to set cvs_roots, address, forbidden and allow_tar + * Build-Depends: + python2.1-dev + * Depends: debconf (>= 1.0) + * Depends: -httpd, Recommends: +httpd (viewcvsd not need httpd) + * default cvsroot is /var/cvsroot (closes: #117138) + * lib/viewcvs.py (view_doc): doc_directory is statically "/usr/share/doc/viewcvs" + + -- Takuo KITAME Tue, 11 Dec 2001 17:06:12 +0900 + +viewcvs (0.7-4) unstable; urgency=low + + * Fix python2 issue. (closes: #118596) + + -- Takuo KITAME Fri, 9 Nov 2001 18:01:18 +0900 + +viewcvs (0.7-3) unstable; urgency=low + + * Fix preinst. + + -- Takuo KITAME Mon, 4 Jun 2001 19:19:47 +0900 + +viewcvs (0.7-2) unstable; urgency=low + + * Fixed Build-Depends (closes: Bug#99472) + + -- Takuo KITAME Sat, 2 Jun 2001 02:38:56 +0900 + +viewcvs (0.7-1) unstable; urgency=low + + * New upstream release + some upstream bugs were fixed. (closes: Bug#67627,Bug#71124,Bug#80948,Bug#84425,Bug#66846) + + -- Takuo KITAME Thu, 31 May 2001 10:34:53 +0900 + +viewcvs (0.6-4) unstable; urgency=low + + * Applied tarball generate patch By Akira Tanaka . + + -- Takuo KITAME Sun, 22 Apr 2001 07:10:53 +0900 + +viewcvs (0.6-3) unstable; urgency=low + + * closes: Bug#85826: bashism in debian/rules + + -- Takuo KITAME Wed, 28 Feb 2001 15:26:13 +0900 + +viewcvs (0.6-2) unstable; urgency=low + + * Added debian.jpg as log and {back,dir,text}.gif which from ViewCVS website. + Modified default viewcvs.conf. It remove apache dependency. + closes: Bug#66843, Bug#66845 + + -- Takuo KITAME Fri, 25 Aug 2000 18:57:17 +0900 + +viewcvs (0.6-1) unstable; urgency=low + + * New upstream release + * Depends: python-base(>=1.5.2), closes: Bug#67298 + + -- Takuo KITAME Wed, 26 Jul 2000 00:29:03 +0900 + +viewcvs (0.5-2) unstable; urgency=low + + * debian/rules patch by Karl M. Hegbloom + - fixes the ViewCVS mysql database support by ensuring that installed + paths are substituted into the scripts so it can find itself where + we've installed it for Debian. + - install from binary-indep rather than binary-arch target. + - move from /usr/lib/viewcvs to /usr/share/viewcvs + - clarify ambiguity in long description by saying "commit-logs" rather + than "change logs" (two words), because I thought it meant it would + let me edit typos in log entries from previous commits. + * closes: Bug#65734: [patch] Fix database support. + Thanks a lot, Karl. + + -- Takuo KITAME Fri, 16 Jun 2000 15:02:16 +0900 + +viewcvs (0.5-1) unstable; urgency=low + + * New upstream release + * Applied #64657 wishlist. (closes: Bug#64657) + Thanks, Tuomas Jormola + + -- Takuo KITAME Sat, 27 May 2000 22:58:22 +0900 + +viewcvs (0.4-1) unstable; urgency=low + + * Initial Release. + + -- Takuo KITAME Wed, 10 May 2000 05:42:29 +0900 + --- viewvc-1.1.5.orig/debian/compat +++ viewvc-1.1.5/debian/compat @@ -0,0 +1 @@ +7 --- viewvc-1.1.5.orig/debian/control +++ viewvc-1.1.5/debian/control @@ -0,0 +1,51 @@ +Source: viewvc +Section: vcs +Priority: optional +Maintainer: David Martínez Moreno +Build-Depends-Indep: python, python-subversion, python-support (>= 0.8) +Build-Depends: debhelper (>= 7), quilt +Standards-Version: 3.8.4 +XS-Python-Version: all +Homepage: http://www.viewvc.org/ + +Package: viewvc +Architecture: all +Depends: ${python:Depends}, python-subversion, cvs | subversion, rcs, ${misc:Depends} +Replaces: viewcvs (<< 0.9.4) +Conflicts: viewcvs (<< 0.9.4) +Recommends: python-pygments, apache2 | httpd-cgi +Suggests: cvsgraph, viewvc-query, libapache2-mod-python, python-tk, mime-support +XB-Python-Version: ${python:Versions} +Description: web interface for CVS and/or Subversion repositories + ViewVC is a browser (web) interface for CVS and Subversion version + control repositories. It generates templatized HTML to present + navigable directory, revision, and change log listings. It can display + specific versions of files as well as diffs between those versions. + . + Basically, ViewVC provides the bulk of the report-like functionality you + expect out of your version control tool, but much more prettily than the + average textual command-line program output. + . + ViewVC can be used in two modes, both of which are supported by this + package: (1) by running the simple stand-alone server + "viewvc-standalone", with or without a GUI, and/or (2) by integrating + ViewVC with Apache (or another CGI-enabled HTTP server), using either + CGI or mod-python. This second mode is the normal way ViewVC is used. + +Package: viewvc-query +Architecture: all +Depends: viewvc (= ${binary:Version}), python-mysqldb, ${python:Depends}, ${misc:Depends} +Replaces: viewvc (<< 0.9.2-6) +Suggests: mysql-server +XB-Python-Version: ${python:Versions} +Description: utility to query CVS and Subversion commit database + ViewVC is a browser (web) interface for CVS and Subversion version + control repositories. It generates templatized HTML to present + navigable directory, revision, and change log listings. It can display + specific versions of files as well as diffs between those versions. + . + This package includes query.cgi (and equivalent mod-python modules): a + utility to query a separate CVS and Subversion commit database. You can + search for multiple matches by typing comma-separated lists into the + text fields. Regular expressions and wildcards are also supported. It + requires a stand-alone MySQL database server. --- viewvc-1.1.5.orig/debian/copyright +++ viewvc-1.1.5/debian/copyright @@ -0,0 +1,50 @@ +This package was debianized by David Martínez Moreno +on Fri, 17 Feb 2006 01:17:46 +0100. It is currently being maintained for +the ZAP Group by John Zaitseff . + +It was downloaded from http://www.viewvc.org/ + +Upstream Authors: + + Greg Stein and the rest of the ViewVC Group. + +(The copyright and license refer to ViewCVS, although the software was +later renamed to ViewVC. In case of doubt, replace ViewCVS by ViewVC). + +Copyright: + + Copyright (C) 1999-2010, The ViewCVS Group. All rights reserved. + +License: + + By using ViewVC, you agree to the terms and conditions set forth below: + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Debian packaging: + + Copyright (C) 2006-10, David Martínez Moreno and John Zaitseff. + + The Debian packaging is licensed under the GNU General Public License, + version 2 or later, as referenced in /usr/share/common-licenses/GPL-2. --- viewvc-1.1.5.orig/debian/patches/01-robots-support +++ viewvc-1.1.5/debian/patches/01-robots-support @@ -0,0 +1,22 @@ +Index: trunk/bin/cgi/viewvc.cgi +=================================================================== +--- trunk.orig/bin/cgi/viewvc.cgi 2010-03-31 11:48:35.000000000 +1100 ++++ trunk/bin/cgi/viewvc.cgi 2010-03-31 11:57:56.000000000 +1100 +@@ -47,6 +47,17 @@ + "../../../lib"))) + + ######################################################################### ++# ++# Disable robots ++# ++ ++PATH_INFO = os.environ.get('PATH_INFO', '') ++if PATH_INFO == '/robots.txt': ++ print "Content-Type: text/plain\n\nUser-agent: *\nDisallow: /\n" ++ sys.exit(0) ++ ++ ++######################################################################### + + ### add code for checking the load average + --- viewvc-1.1.5.orig/debian/patches/90-viewvc-install-debian-paths +++ viewvc-1.1.5/debian/patches/90-viewvc-install-debian-paths @@ -0,0 +1,39 @@ +Index: trunk/viewvc-install +=================================================================== +--- trunk.orig/viewvc-install 2010-03-31 19:36:34.000000000 +1100 ++++ trunk/viewvc-install 2010-03-31 20:00:56.000000000 +1100 +@@ -49,10 +49,10 @@ + FILE_INFO_LIST = [ + ("bin/cgi/viewvc.cgi", "bin/cgi/viewvc.cgi", 0755, 1, 0, 0), + ("bin/cgi/query.cgi", "bin/cgi/query.cgi", 0755, 1, 0, 0), +- ("bin/mod_python/viewvc.py", "bin/mod_python/viewvc.py", 0755, 1, 0, 0), +- ("bin/mod_python/query.py", "bin/mod_python/query.py", 0755, 1, 0, 0), +- ("bin/mod_python/handler.py", "bin/mod_python/handler.py", 0755, 1, 0, 0), +- ("bin/mod_python/.htaccess", "bin/mod_python/.htaccess", 0755, 0, 0, 0), ++ ("bin/mod_python/viewvc.py", "bin/mod_python/viewvc.py", 0644, 1, 0, 0), ++ ("bin/mod_python/query.py", "bin/mod_python/query.py", 0644, 1, 0, 0), ++ ("bin/mod_python/handler.py", "bin/mod_python/handler.py", 0644, 1, 0, 0), ++ ("bin/mod_python/.htaccess", "bin/mod_python/.htaccess", 0644, 0, 0, 0), + ("bin/standalone.py", "bin/standalone.py", 0755, 1, 0, 0), + ("bin/loginfo-handler", "bin/loginfo-handler", 0755, 1, 0, 0), + ("bin/cvsdbadmin", "bin/cvsdbadmin", 0755, 1, 0, 0), +@@ -122,7 +122,7 @@ + """Replace instances of the variable VAR as found in file CONTENTS + with VALUE.""" + pattern = re.compile('^' + var + r'\s*=\s*.*$', re.MULTILINE) +- repl = '%s = r"%s"' % (var, os.path.join(ROOT_DIR, value)) ++ repl = '%s = r"%s"' % (var, value) + return re.sub(pattern, _escape(repl), contents) + + +@@ -131,8 +131,8 @@ + if contents[:2] == '#!': + shbang = '#!' + sys.executable + contents = re.sub('^#![^\n]*', _escape(shbang), contents) +- contents = replace_var(contents, 'LIBRARY_DIR', 'lib') +- contents = replace_var(contents, 'CONF_PATHNAME', 'viewvc.conf') ++ contents = replace_var(contents, 'LIBRARY_DIR', '/usr/lib/viewvc/lib') ++ contents = replace_var(contents, 'CONF_PATHNAME', '/etc/viewvc/viewvc.conf') + return contents + + --- viewvc-1.1.5.orig/debian/patches/91-viewvc-conf-debian-custom +++ viewvc-1.1.5/debian/patches/91-viewvc-conf-debian-custom @@ -0,0 +1,31 @@ +Index: trunk/conf/viewvc.conf.dist +=================================================================== +--- trunk.orig/conf/viewvc.conf.dist 2010-04-01 09:34:36.000000000 +1100 ++++ trunk/conf/viewvc.conf.dist 2010-04-01 09:41:07.000000000 +1100 +@@ -93,7 +93,7 @@ + ## cvs_roots = cvsroot: /opt/cvs/repos1, + ## anotherroot: /usr/local/cvs/repos2 + ## +-#cvs_roots = ++#cvs_roots = cvs: /var/lib/cvs + + ## svn_roots: Specifies each of the Subversion roots (repositories) on + ## your system and assigns names to them. Each root should be given by +@@ -104,7 +104,7 @@ + ## svn_roots = svnrepos: /opt/svn/, + ## anotherrepos: /usr/local/svn/repos2 + ## +-#svn_roots = ++#svn_roots = svn: /var/lib/svn + + ## root_parents: Specifies a list of directories in which any number of + ## repositories may reside. Rather than force you to add a new entry +@@ -520,7 +520,7 @@ + ## SEE ALSO: the [templates] configuration section, where you can + ## override templates on a per-view basis. + ## +-#template_dir = templates ++template_dir = /etc/viewvc/templates + + ## docroot: Web path to a directory that contains ViewVC static files + ## (stylesheets, images, etc.) If set, static files will get --- viewvc-1.1.5.orig/debian/patches/92-no_strings_in_raise +++ viewvc-1.1.5/debian/patches/92-no_strings_in_raise @@ -0,0 +1,35 @@ +Index: viewvc-1.1.5/lib/vclib/ccvs/ccvs.py +=================================================================== +--- viewvc-1.1.5.orig/lib/vclib/ccvs/ccvs.py ++++ viewvc-1.1.5/lib/vclib/ccvs/ccvs.py +@@ -302,7 +302,7 @@ class TreeSink(rcsparse.Sink): + added = added + count + idx = idx + count + elif command: +- raise "error while parsing deltatext: %s" % command ++ raise vclib.Error("error while parsing deltatext: %s" % command) + + if len(rev.number) == 2: + rev.next_changed = changed and "+%i -%i" % (deled, added) +Index: viewvc-1.1.5/lib/win32popen.py +=================================================================== +--- viewvc-1.1.5.orig/lib/win32popen.py ++++ viewvc-1.1.5/lib/win32popen.py +@@ -184,7 +184,7 @@ def SpoolWorker(srcHandle, destHandle, o + hr, data = win32file.ReadFile(srcHandle, buffer) + #print >> SPOOL_ERROR, "ReadFile returned '%s', '%s'" % (str(hr), str(data)); SPOOL_ERROR.flush() + if hr != 0: +- raise "win32file.ReadFile returned %i, '%s'" % (hr, data) ++ raise Exception("win32file.ReadFile returned %i, '%s'" % (hr, data)) + elif len(data) == 0: + break + except pywintypes.error, e: +@@ -205,7 +205,7 @@ def SpoolWorker(srcHandle, destHandle, o + hr, bytes = win32file.WriteFile(destHandle, data) + #print >> SPOOL_ERROR, "WriteFile() passed %i bytes and returned %i, %i" % (len(data), hr, bytes); SPOOL_ERROR.flush() + if hr != 0 or bytes != len(data): +- raise "win32file.WriteFile() passed %i bytes and returned %i, %i" % (len(data), hr, bytes) ++ raise Exception("win32file.WriteFile() passed %i bytes and returned %i, %i" % (len(data), hr, bytes)) + + srcHandle.Close() + --- viewvc-1.1.5.orig/debian/patches/CVE-2012-3356 +++ viewvc-1.1.5/debian/patches/CVE-2012-3356 @@ -0,0 +1,368 @@ +Bugs-Debian: http://bugs.debian.org/679069 +Description: fix CVE-2012-3356 +Last-Update: 2012-09-05 +Origin: upstream svn, cf. details below +Comment: this is the commit from upstream, with the path adjusted and quilt + refresh'd plus heavy manual backporting to the old version in Debian + because 5/13 hunks failed + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 + +Author cmpilato +Date 2012-06-13 14:57:38-0700 (2 months, 3 weeks ago) +Log message + +For issue #353, check path access in the code that backs the revision +log view for remote SVN repositories. + +* lib/vclib/svn/svn_ra.py + (LogCollector.__init__): Add 'access_check_func' parameter, stashed + away as a member variable. Initialize 'done' variable to False. + (LogCollector.add_log): Use access_check_func() to test for access. + If access is denied, set 'done' to True and ignore future + invocations. + (RemoteSubversionRepository.itemlog): Add _access_checker inner + function, passed as a callback to LogCollector.__init__(). + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 + +Author cmpilato +Date 2012-06-14 19:11:12-0700 (2 months, 3 weeks ago) +Log message + +For issue #353 ("Remote Subversion repositories not fully honoring +authz rules"): + +* lib/vclib/svn/svn_ra.py + (RemoteSubversionRepository.get_locations): Check authz on the + result of a get_locations lookup (being sure to use the original + path in the error message, if any). + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 + +Author cmpilato +Date 2012-06-14 19:17:55-0700 (2 months, 3 weeks ago) +Log message + +For issue #353, check path access in the annotation view code for +remote SVN repositories. + +* lib/vclib/svn/svn_ra.py + (RemoteSubversionRepository.annotate): Examine revision logs to + determine the legal annotation range we are allowed to request, + and use the revinfo cache to strip sensitive author/data info from + the annotation data. + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759 + +Author cmpilato +Date 2012-06-15 16:07:22-0700 (2 months, 2 weeks ago) +Log message + +* lib/vclib/svn/svn_ra.py + (LogCollector.add_log): Allow the access_check_func to be None (and + avoid trying to call it in that case). + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760 + +Author cmpilato +Date 2012-06-15 16:34:01-0700 (2 months, 2 weeks ago) +Log message + +Finish, I believe, issue #353 ("Remote Subversion repositories not +fully honoring authz rules"). In doing so, this makes the svn_ra +module the most accurate it has ever been, hopefully without too +terribly much extra cost. + +* lib/vclib/svn/svn_ra.py + (RemoteSubversionRepository.listdir): No longer check access here. + That's handled down in _get_dirents() now. + (RemoteSubversionRepository.dirlogs): Don't check dirent access here. + Just ensure that the returned entries are those which are + represented in the (filtered) set return from _get_dirents(). + Also, replace the revision metadata stored on each dirent with + values from the revinfo cache (which does authz sanitizing). + (RemoteSubversionRepository._get_dirents): Do authz-checking of + dirents here, and use _get_last_history_rev() to populate a useful + created_rev. + (RemoteSubversionRepository._get_last_history_rev): Because + Subversion's RA layer doesn't consider copy events when + determining an item's last-committed-rev, compensate for this with + a bounded log operation which does. This brings created-rev + parity with the svn_repos module (at the cost of the extra RA + work, but with the benefit of, you know, accuracy. + (RemoteSubversionRepository._revinfo_raw): Leave a TODO about a + future optimization. + (RemoteSubversionRepository._log_cb): Set found_unreadable when + sanitizing an unreadable copyfrom path, too. + (RemoteSubversionRepository.created_rev): Now just a thin wrapper + around the beefed-up _get_last_history_rev() function. + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2761 + +Author cmpilato +Date 2012-06-15 17:03:57-0700 (2 months, 2 weeks ago) +Log message + +Merge the fixes for issue #353 ("Remote Subversion repositories not +fully honoring authz rules") from trunk. This merges r2755, r2756, +r2757, r2759, and r2760, which see for detail log revision information. + +--- a/lib/vclib/svn/svn_ra.py ++++ b/lib/vclib/svn/svn_ra.py +@@ -56,9 +56,8 @@ + + + class LogCollector: +- ### TODO: Make this thing authz-aware + +- def __init__(self, path, show_all_logs, lockinfo): ++ def __init__(self, path, show_all_logs, lockinfo, access_check_func): + # This class uses leading slashes for paths internally + if not path: + self.path = '/' +@@ -67,8 +66,12 @@ + self.logs = [] + self.show_all_logs = show_all_logs + self.lockinfo = lockinfo ++ self.access_check_func = access_check_func ++ self.done = False + + def add_log(self, paths, revision, author, date, message, pool): ++ if self.done: ++ return + # Changed paths have leading slashes + changed_paths = paths.keys() + changed_paths.sort(lambda a, b: _compare_paths(a, b)) +@@ -88,9 +91,13 @@ + if change.copyfrom_path: + this_path = change.copyfrom_path + self.path[len(changed_path):] + if self.show_all_logs or this_path: +- entry = Revision(revision, _datestr_to_date(date), author, message, None, +- self.lockinfo, self.path[1:], None, None) +- self.logs.append(entry) ++ if self.access_check_func is None \ ++ or self.access_check_func(self.path[1:], revision): ++ entry = Revision(revision, _datestr_to_date(date), author, message, None, ++ self.lockinfo, self.path[1:], None, None) ++ self.logs.append(entry) ++ else: ++ self.done = True + if this_path: + self.path = this_path + +@@ -229,7 +236,7 @@ + if self.itemtype(path_parts, rev) != vclib.DIR: # does auth-check + raise vclib.Error("Path '%s' is not a directory." % path) + rev = self._getrev(rev) +- entries = [ ] ++ entries = [] + dirents, locks = self._get_dirents(path, rev) + for name in dirents.keys(): + entry = dirents[name] +@@ -237,8 +244,9 @@ + kind = vclib.DIR + elif entry.kind == core.svn_node_file: + kind = vclib.FILE +- if vclib.check_path_access(self, path_parts + [name], kind, rev): +- entries.append(vclib.DirEntry(name, kind)) ++ else: ++ kind = None ++ entries.append(vclib.DirEntry(name, kind)) + return entries + + def dirlogs(self, path_parts, rev, entries, options): +@@ -249,9 +257,11 @@ + dirents, locks = self._get_dirents(path, rev) + for entry in entries: + entry_path_parts = path_parts + [entry.name] +- if not vclib.check_path_access(self, entry_path_parts, entry.kind, rev): ++ dirent = dirents.get(entry.name, None) ++ # dirents is authz-sanitized, so ensure the entry is found therein. ++ if dirent is None: + continue +- dirent = dirents[entry.name] ++ # Get authz-sanitized revision metadata. + entry.date, entry.author, entry.log, changes = \ + self.revinfo(dirent.created_rev) + entry.rev = str(dirent.created_rev) +@@ -275,9 +285,14 @@ + if locks.has_key(basename): + lockinfo = locks[basename].owner + ++ def _access_checker(check_path, check_rev): ++ return vclib.check_path_access(self, _path_parts(check_path), ++ path_type, check_rev) ++ + # It's okay if we're told to not show all logs on a file -- all + # the revisions should match correctly anyway. +- lc = LogCollector(path, options.get('svn_show_all_dir_logs', 0), lockinfo) ++ lc = LogCollector(path, options.get('svn_show_all_dir_logs', 0), ++ lockinfo, _access_checker) + + cross_copies = options.get('svn_cross_copies', 0) + log_limit = 0 +@@ -290,6 +305,10 @@ + revs.sort() + prev = None + for rev in revs: ++ # Swap out revision info with stuff from the cache (which is ++ # authz-sanitized). ++ rev.date, rev.author, rev.log, revprops, changes \ ++ = self.revinfo(rev.number) + rev.prev = prev + prev = rev + revs.reverse() +@@ -316,6 +335,14 @@ + rev = self._getrev(rev) + url = self._geturl(path) + ++ # Examine logs for the file to determine the oldest revision we are ++ # permitted to see. ++ revs = self.itemlog(path_parts, rev, vclib.SORTBY_REV, 0, 0, {}) ++ oldest_rev = revs[-1].number ++ ++ # Now calculate the annotation data. Note that we'll not ++ # inherently trust the provided author and date, because authz ++ # rules might necessitate that we strip that information out. + blame_data = [] + + def _blame_cb(line_no, revision, author, date, +@@ -323,10 +350,14 @@ + prev_rev = None + if revision > 1: + prev_rev = revision - 1 ++ if revision >= 0: ++ date, author, msg, revprops, changes = self.revinfo(revision) ++ else: ++ date = author = None + blame_data.append(vclib.Annotation(line, line_no+1, revision, prev_rev, + author, None)) + +- client.svn_client_blame(url, _rev2optrev(1), _rev2optrev(rev), ++ client.svn_client_blame(url, _rev2optrev(oldest_rev), _rev2optrev(rev), + _blame_cb, self.ctx) + + return blame_data, rev +@@ -392,32 +423,73 @@ + + def _get_dirents(self, path, rev): + """Return a 2-type of dirents and locks, possibly reading/writing +- from a local cache of that information.""" ++ from a local cache of that information. This functions performs ++ authz checks, stripping out unreadable dirents.""" + + dir_url = self._geturl(path) + if path: + key = str(rev) + '/' + path + else: + key = str(rev) ++ ++ # Ensure that the cache gets filled... + dirents_locks = self._dirent_cache.get(key) + if not dirents_locks: +- dirents, locks = list_directory(dir_url, _rev2optrev(rev), +- _rev2optrev(rev), 0, self.ctx) ++ tmp_dirents, locks = list_directory(dir_url, _rev2optrev(rev), ++ _rev2optrev(rev), 0, self.ctx) ++ dirents = {} ++ for name, dirent in tmp_dirents.items(): ++ dirent_parts = _path_parts(path) + [name] ++ kind = dirent.kind ++ if (kind == core.svn_node_dir or kind == core.svn_node_file) \ ++ and vclib.check_path_access(self, dirent_parts, ++ kind == core.svn_node_dir \ ++ and vclib.DIR or vclib.FILE, rev): ++ dirent.created_rev = self._get_last_history_rev(dirent_parts, rev) ++ dirents[name] = dirent + dirents_locks = [dirents, locks] + self._dirent_cache[key] = dirents_locks ++ ++ # ...then return the goodies from the cache. + return dirents_locks[0], dirents_locks[1] + + def _get_last_history_rev(self, path_parts, rev): ++ """Return the last interesting revision equal to or older than REV ++ in the history of PATH_PARTS.""" ++ ++ path = self._getpath(path_parts) + url = self._geturl(self._getpath(path_parts)) + optrev = _rev2optrev(rev) ++ ++ # Get the last-changed-rev. + revisions = [] + def _info_cb(path, info, pool, retval=revisions): + revisions.append(info.last_changed_rev) + client.svn_client_info(url, optrev, optrev, _info_cb, 0, self.ctx) +- return revisions[0] ++ last_changed_rev = revisions[0] ++ ++ # Now, this object might not have been directly edited since the ++ # last-changed-rev, but it might have been the child of a copy. ++ # To determine this, we'll run a potentially no-op log between ++ # LAST_CHANGED_REV and REV. ++ lc = LogCollector(path, 1, None, None) ++ client_log(url, optrev, _rev2optrev(last_changed_rev), 1, 0, ++ lc.add_log, self.ctx) ++ revs = lc.logs ++ if revs: ++ revs.sort() ++ return revs[0].number ++ else: ++ return last_changed_rev + + def _revinfo_raw(self, rev): + # return 5-tuple (date, author, message, changes) ++ ++ ### TODO: This function and its related cache would benefit from ++ ### optimizations such as what the matching svn_repos functions ++ ### have, where the 'changes' information is only fully ++ ### calculated/authz-sanitized when the caller actually needs it. ++ + optrev = _rev2optrev(rev) + revs = [] + +@@ -457,10 +529,11 @@ + if vclib.check_path_access(self, parts, vclib.FILE, revision): + if is_copy and base_path and (base_path != path): + parts = _path_parts(base_path) +- if vclib.check_path_access(self, parts, vclib.FILE, base_rev): ++ if not vclib.check_path_access(self, parts, vclib.FILE, base_rev): + is_copy = 0 + base_path = None + base_rev = None ++ found_unreadable = 1 + changes.append(SVNChangedPath(path, revision, pathtype, base_path, + base_rev, action, is_copy, 0, 0)) + found_readable = 1 +@@ -495,23 +568,15 @@ + old_path = results[old_rev] + except KeyError: + raise vclib.ItemNotFound(path) +- +- return _cleanup_path(old_path) ++ old_path = _cleanup_path(old_path) ++ old_path_parts = _path_parts(old_path) ++ # Check access (lying about path types) ++ if not vclib.check_path_access(self, old_path_parts, vclib.FILE, old_rev): ++ raise vclib.ItemNotFound(path) ++ return old_path + + def created_rev(self, path, rev): +- # NOTE: We can't use svn_client_propget here because the +- # interfaces in that layer strip out the properties not meant for +- # human consumption (such as svn:entry:committed-rev, which we are +- # using here to get the created revision of PATH@REV). +- kind = ra.svn_ra_check_path(self.ra_session, path, rev) +- if kind == core.svn_node_none: +- raise vclib.ItemNotFound(_path_parts(path)) +- elif kind == core.svn_node_dir: +- props = get_directory_props(self.ra_session, path, rev) +- elif kind == core.svn_node_file: +- fetched_rev, props = ra.svn_ra_get_file(self.ra_session, path, rev, None) +- return int(props.get(core.SVN_PROP_ENTRY_COMMITTED_REV, +- SVN_INVALID_REVNUM)) ++ return self._get_last_history_rev(_path_parts(path), rev) + + def last_rev(self, path, peg_revision, limit_revision=None): + """Given PATH, known to exist in PEG_REVISION, find the youngest --- viewvc-1.1.5.orig/debian/patches/CVE-2012-3357 +++ viewvc-1.1.5/debian/patches/CVE-2012-3357 @@ -0,0 +1,52 @@ +Bugs-Debian: http://bugs.debian.org/679069 +Description: fix CVE-2012-3357 +Last-Update: 2012-09-05 +Origin: upstream svn, cf. details below +Comment: this is the original commit from upstream, with only the path + adjusted and quilt refresh'd + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 + +Author cmpilato +Date 2012-06-15 16:05:47-0700 (2 months, 2 weeks ago) +Log message + +Fix a security issue: When a readable path is copied from an +unreadable one, Subversion will obscure the fact that the operation +was a copy (by removing copyfrom info) and will deem the log message +for the revision in which the copy occurred to be unreadable. ViewVC +was only doing the former bit; now it does the latter, too. + +* lib/vclib/svn/svn_repos.py + (LocalSubversionRepository._get_changed_paths): Set found_unreadable + when we have to hide a copyfrom path, too. + +http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2762 + +Author cmpilato +Date 2012-06-15 17:25:33-0700 (2 months, 2 weeks ago) +Log message + +Merge from trunk r2758, whose log message read like so: + + Fix a security issue: When a readable path is copied from an + unreadable one, Subversion will obscure the fact that the operation + was a copy (by removing copyfrom info) and will deem the log message + for the revision in which the copy occurred to be unreadable. ViewVC + was only doing the former bit; now it does the latter, too. + + * lib/vclib/svn/svn_repos.py + (LocalSubversionRepository._get_changed_paths): Set found_unreadable + when we have to hide a copyfrom path, too. + + +--- a/lib/vclib/svn/svn_repos.py ++++ b/lib/vclib/svn/svn_repos.py +@@ -648,6 +648,7 @@ + is_copy = 0 + change.base_path = None + change.base_rev = None ++ found_unreadable = 1 + changedpaths[path] = SVNChangedPath(path, rev, pathtype, + change.base_path, + change.base_rev, action, --- viewvc-1.1.5.orig/debian/patches/CVE-2012-4533 +++ viewvc-1.1.5/debian/patches/CVE-2012-4533 @@ -0,0 +1,13 @@ +Index: viewvc-1.1.5/lib/viewvc.py +=================================================================== +--- viewvc-1.1.5.orig/lib/viewvc.py 2012-10-20 17:50:09.000000000 -0300 ++++ viewvc-1.1.5/lib/viewvc.py 2012-10-20 17:51:24.000000000 -0300 +@@ -2819,7 +2819,7 @@ + return _item(type='header', + line_info_left=match.group(1), + line_info_right=match.group(2), +- line_info_extra=match.group(3)) ++ line_info_extra=self._format_text(match.group(3))) + + if line[0] == '\\': + # \ No newline at end of file --- viewvc-1.1.5.orig/debian/patches/CVE-2017-5938.patch +++ viewvc-1.1.5/debian/patches/CVE-2017-5938.patch @@ -0,0 +1,23 @@ +From: Markus Koschany +Date: Thu, 9 Feb 2017 23:02:52 +0100 +Subject: CVE-2017-5938 + +Bug-Debian: https://bugs.debian.org/854681 +Origin: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad +--- + lib/viewvc.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/viewvc.py b/lib/viewvc.py +index 494b813..727d667 100644 +--- a/lib/viewvc.py ++++ b/lib/viewvc.py +@@ -949,7 +949,7 @@ def nav_path(request): + path_parts.append(part) + is_last = len(path_parts) == len(request.path_parts) + +- item = _item(name=part, href=None) ++ item = _item(name=request.server.escape(part), href=None) + + if not is_last or (is_dir and request.view_func is not view_directory): + item.href = request.get_url(view_func=view_directory, --- viewvc-1.1.5.orig/debian/patches/compression-content-length +++ viewvc-1.1.5/debian/patches/compression-content-length @@ -0,0 +1,54 @@ +Description: Fix issue #467 (I think...) by not claiming a particular content + length when compression would skew that. + . + * lib/viewvc.py + (get_writeready_server_file): Add optional 'content_length' + parameter, and the code to handle it. + (view_doc): Update call to get_writeready_server_file(). +Origin: upstream, svn r2471 +Bug: http://viewvc.tigris.org/issues/show_bug.cgi?id=467 +Bug-Debian: http://bugs.debian.org/636805 +Author: C. Michael Pilato +Reviewed-by: gregor herrmann +Last-Update: 2012-08-07 +Applied-Upstream: yup + +--- a/lib/viewvc.py ++++ b/lib/viewvc.py +@@ -896,13 +896,17 @@ + + return template + +-def get_writeready_server_file(request, content_type=None): ++def get_writeready_server_file(request, content_type=None, content_length=None): + """Return a file handle to a response body stream, after outputting + any queued special headers (on REQUEST.server) and (optionally) a + 'Content-Type' header whose value is CONTENT_TYPE. After this is +- called, it is too late to add new headers to the response.""" ++ called, it is too late to add new headers to the response. ++ If CONTENT_LENGTH is provided and compression is not in use, also ++ generate a 'Content-Length' header for this response.""" + if request.gzip_compress_level: + request.server.addheader('Content-Encoding', 'gzip') ++ elif content_length is not None: ++ request.server.addheader('Content-Length', content_length) + if content_type: + request.server.header(content_type) + else: +@@ -2699,7 +2703,6 @@ + raise debug.ViewVCException('Static file "%s" not available (%s)' + % (document, str(v)), '404 Not Found') + +- request.server.addheader('Content-Length', content_length) + if document[-3:] == 'png': + mime_type = 'image/png' + elif document[-3:] == 'jpg': +@@ -2710,7 +2713,7 @@ + mime_type = 'text/css' + else: # assume HTML: + mime_type = None +- copy_stream(fp, get_writeready_server_file(request, mime_type)) ++ copy_stream(fp, get_writeready_server_file(request, mime_type, content_length)) + fp.close() + + def rcsdiff_date_reformat(date_str, cfg): --- viewvc-1.1.5.orig/debian/patches/rev2369 +++ viewvc-1.1.5/debian/patches/rev2369 @@ -0,0 +1,10 @@ +--- a/lib/sapi.py ++++ b/lib/sapi.py +@@ -33,6 +33,7 @@ server = None + # that character as-is, and sometimes needs to embed escaped values + # into HTML attributes. + def escape(s): ++ s = str(s) + s = string.replace(s, '&', '&') + s = string.replace(s, '>', '>') + s = string.replace(s, '<', '<') --- viewvc-1.1.5.orig/debian/patches/rev2547 +++ viewvc-1.1.5/debian/patches/rev2547 @@ -0,0 +1,175 @@ +------------------------------------------------------------------------ +r2547 | cmpilato | 2011-04-19 21:40:04 +0100 (Tue, 19 Apr 2011) | 30 lines + +Try to make some sense of the various CVSdb-related limitation +mechanisms, namely by removing the largely redundant "global" limit +and allowing the per-query row limit (which already exist, too) to do +its work. + +While here, remove a poorly conceived (but thankfully unhighlighted) +mechanism for overriding the administrative limit on database rows +which was accessible via URL CGI params. + +* lib/viewvc.py + (_legal_params): Remove 'limit' as a legal parameter. + (view_query): No longer allow an undocumented URL parameter to + override the admin-declared SQL row limit. That should have never + been allowed! + +* lib/cvsdb.py + (CheckinDatabase.__init__): Remove 'row_limit' parameter and + associated self._row_limit member. + (CheckinDatabase.CreateSQLQueryString): No longer fuss with + self._row_limit. Let the individual query carry the row limit. + (ConnectDatabase): Update call to CheckinDatabase(). + +* lib/query.py + (form_to_cvsdb_query): Now accept 'cfg' parameter, and set the + query's row limit from the configured defaults. + (run_query): Update call to form_to_cvsdb_query(). + +* docs/url-reference.html + Remove reference to the 'limit' parameter. + +------------------------------------------------------------------------ +--- viewvc-1.1.5.orig/docs/url-reference.html ++++ viewvc-1.1.5/docs/url-reference.html +@@ -1193,13 +1193,6 @@ + page + + +- limit=LIMIT +- optional +- maximum number of file-revisions to process during a +- query. Default is value of row_limit configuration +- option +- +- + limit_changes=LIMIT_CHANGES + optional + maximum number of files to list per commit in query +--- viewvc-1.1.5.orig/lib/cvsdb.py ++++ viewvc-1.1.5/lib/cvsdb.py +@@ -38,13 +38,12 @@ + ## complient database interface + + class CheckinDatabase: +- def __init__(self, host, port, user, passwd, database, row_limit): ++ def __init__(self, host, port, user, passwd, database): + self._host = host + self._port = port + self._user = user + self._passwd = passwd + self._database = database +- self._row_limit = row_limit + self._version = None + + ## database lookup caches +@@ -444,13 +443,11 @@ + conditions = string.join(joinConds + condList, " AND ") + conditions = conditions and "WHERE %s" % conditions + +- ## limit the number of rows requested or we could really slam +- ## a server with a large database ++ ## apply the query's row limit, if any (so we avoid really ++ ## slamming a server with a large database) + limit = "" + if query.limit: + limit = "LIMIT %s" % (str(query.limit)) +- elif self._row_limit: +- limit = "LIMIT %s" % (str(self._row_limit)) + + sql = "SELECT %s.* FROM %s %s %s %s" \ + % (commits_table, tables, conditions, order_by, limit) +@@ -769,8 +766,8 @@ + self.data = data + self.match = match + +-## CheckinDatabaseQueryData is a object which contains the search parameters +-## for a query to the CheckinDatabase ++## CheckinDatabaseQuery is an object which contains the search ++## parameters for a query to the Checkin Database + class CheckinDatabaseQuery: + def __init__(self): + ## sorting +@@ -861,7 +858,7 @@ + user = cfg.cvsdb.user + passwd = cfg.cvsdb.passwd + db = CheckinDatabase(cfg.cvsdb.host, cfg.cvsdb.port, user, passwd, +- cfg.cvsdb.database_name, cfg.cvsdb.row_limit) ++ cfg.cvsdb.database_name) + db.Connect() + return db + +--- viewvc-1.1.5.orig/lib/viewvc.py ++++ viewvc-1.1.5/lib/viewvc.py +@@ -706,7 +706,6 @@ + 'mindate' : _re_validate_datetime, + 'maxdate' : _re_validate_datetime, + 'format' : _re_validate_alpha, +- 'limit' : _re_validate_number, + + # for redirect_pathrev + 'orig_path' : None, +@@ -3959,7 +3958,6 @@ + mindate = request.query_dict.get('mindate', '') + maxdate = request.query_dict.get('maxdate', '') + format = request.query_dict.get('format') +- limit = int(request.query_dict.get('limit', 0)) + limit_changes = int(request.query_dict.get('limit_changes', + cfg.options.limit_changes)) + +@@ -4029,16 +4027,17 @@ + query.SetFromDateObject(mindate) + if maxdate is not None: + query.SetToDateObject(maxdate) +- if limit: +- query.SetLimit(limit) +- elif format == 'rss': ++ ++ # Set the admin-defined (via configuration) row limits. This is to avoid ++ # slamming the database server with a monster query. ++ if format == 'rss': + query.SetLimit(cfg.cvsdb.rss_row_limit) ++ else: ++ query.SetLimit(cfg.cvsdb.row_limit) + + # run the query + db.RunQuery(query) + +- sql = request.server.escape(db.CreateSQLQueryString(query)) +- + # gather commits + commits = [] + plus_count = 0 +@@ -4120,7 +4119,7 @@ + + data = common_template_data(request) + data.merge(ezt.TemplateData({ +- 'sql': sql, ++ 'sql': request.server.escape(db.CreateSQLQueryString(query)), + 'english_query': english_query(request), + 'queryform_href': request.get_url(view_func=view_queryform, escape=1), + 'backout_href': backout_href, +--- viewvc-1.1.5.orig/lib/query.py ++++ viewvc-1.1.5/lib/query.py +@@ -217,8 +217,9 @@ + else: + return "exact" + +-def form_to_cvsdb_query(form_data): ++def form_to_cvsdb_query(cfg, form_data): + query = cvsdb.CreateCheckinQuery() ++ query.SetLimit(cfg.cvsdb.row_limit) + + if form_data.repository: + for cmd, str in listparse_string(form_data.repository): +@@ -380,7 +381,7 @@ + return ob + + def run_query(server, cfg, form_data, viewvc_link): +- query = form_to_cvsdb_query(form_data) ++ query = form_to_cvsdb_query(cfg, form_data) + db = cvsdb.ConnectDatabaseReadOnly(cfg) + db.RunQuery(query) + --- viewvc-1.1.5.orig/debian/patches/rev2551 +++ viewvc-1.1.5/debian/patches/rev2551 @@ -0,0 +1,308 @@ +------------------------------------------------------------------------ +r2551 | cmpilato | 2011-04-20 15:50:40 +0100 (Wed, 20 Apr 2011) | 41 lines + +Fix (to the degree that I believe is reasonable at this time) issue +#433 ("queries return only partial results"). When a database query +is artificially limited by the 'row_limit' setting, inform the user +that the returned data is incomplete. + +* lib/cvsdb.py + (CheckinDatabase.CreateSQLQueryString): Add 'detect_leftover' + parameter, used internally to check for a reached query limit. + (CheckinDatabase.RunQuery): Update call to CreateSQLQueryString(), + and check for leftover query response rows. If any are found, set + the appropriate flag on the query object. + (CheckinDatabaseQuery.__init__): Set initial values for new + 'executed' and 'limit_reached' members. + (CheckinDatabaseQuery.SetExecuted, + CheckinDatabaseQuery.SetLimitReached, + CheckinDatabaseQuery.GetLimitReached, + CheckinDatabaseQuery.GetCommitList): New functions. + +* lib/viewvc.py + (view_query): Use query.GetCommitList() now instead of poking into + the query object directly. Also, check query.GetLimitReached(), + reporting the findings through the data dictionary (via a new + 'row_limit_reached' item) to the templates. + +* lib/query.py + (run_query): Use query.GetCommitList() now instead of poking into + the query object directly. Now return a 2-tuple of commits and a + limit-reached flag. + (main): Update expectations of run_query() call. Populate + 'row_limit_reached' data dictionary item. + +* templates/query_results.ezt, +* templates/query.ezt + Display a warning if the query results are incomplete. + +* templates/docroot/styles.css + (.vc_warning): New style definition. + +* docs/template-authoring-guide.html + Document the new 'row_limit_reached' template item. + +------------------------------------------------------------------------ +--- viewvc-1.1.5.orig/docs/template-authoring-guide.html ++++ viewvc-1.1.5/docs/template-authoring-guide.html +@@ -1822,6 +1822,14 @@ + date, author, and file. + + ++ row_limit_reached ++ Boolean ++ Indicates whether the internal database row limit threshold (set ++ via the cvsdb.row_limit ++ and cvsdb.rss_row_limit configuration options) was ++ reached by the query. ++ ++ + show_branch + Boolean + Indicates whether or not to list branch names in the results. True +--- viewvc-1.1.5.orig/templates/query_results.ezt ++++ viewvc-1.1.5/templates/query_results.ezt +@@ -7,6 +7,15 @@ + +

[english_query]

+ [# ] ++[if-any row_limit_reached] ++

WARNING: These query results have been ++ artificially limited by an administrative threshold value and do ++ not represent the entirety of the data set which matches ++ the query. Consider modifying your ++ query to be more specific, using your version control tool's ++ query capabilities, or asking your adminstrator to raise the ++ database response size threshold.

++[end] +

Modify query

+

Show commands which could be used to back out these changes

+ +--- viewvc-1.1.5.orig/templates/query.ezt ++++ viewvc-1.1.5/templates/query.ezt +@@ -158,7 +158,15 @@ + [is query "skipped"] + [else] +

[num_commits] matches found.

+- ++[if-any row_limit_reached] ++

WARNING: These query results have been ++ artificially limited by an administrative threshold value and do ++ not represent the entirety of the data set which matches ++ the query. Consider modifying your query to be more specific, ++ using your version control tool's query capabilities, or asking ++ your adminstrator to raise the database response size ++ threshold.

++[end] + [if-any commits] + + +--- viewvc-1.1.5.orig/templates/docroot/styles.css ++++ viewvc-1.1.5/templates/docroot/styles.css +@@ -272,3 +272,14 @@ + .vc_query_form { + background-color: #e6e6e6; + } ++ ++ ++/*** Warning! ***/ ++.vc_warning { ++ border-width: 1px 2px 2px 2px; ++ border-color: black; ++ border-style: solid; ++ background-color: red; ++ color: white; ++ padding: 0.5em; ++} +--- viewvc-1.1.5.orig/lib/cvsdb.py ++++ viewvc-1.1.5/lib/cvsdb.py +@@ -362,7 +362,7 @@ + + return "(%s)" % (string.join(sqlList, " OR ")) + +- def CreateSQLQueryString(self, query): ++ def CreateSQLQueryString(self, query, detect_leftover=0): + commits_table = self._version >= 1 and 'commits' or 'checkins' + tableList = [(commits_table, None)] + condList = [] +@@ -447,7 +447,10 @@ + ## slamming a server with a large database) + limit = "" + if query.limit: +- limit = "LIMIT %s" % (str(query.limit)) ++ if detect_leftover: ++ limit = "LIMIT %s" % (str(query.limit + 1)) ++ else: ++ limit = "LIMIT %s" % (str(query.limit)) + + sql = "SELECT %s.* FROM %s %s %s %s" \ + % (commits_table, tables, conditions, order_by, limit) +@@ -455,14 +458,20 @@ + return sql + + def RunQuery(self, query): +- sql = self.CreateSQLQueryString(query) ++ sql = self.CreateSQLQueryString(query, 1) + cursor = self.db.cursor() + cursor.execute(sql) ++ query.SetExecuted() ++ row_count = 0 + + while 1: + row = cursor.fetchone() + if not row: + break ++ row_count = row_count + 1 ++ if query.limit and (row_count > query.limit): ++ query.SetLimitReached() ++ break + + (dbType, dbCI_When, dbAuthorID, dbRepositoryID, dbDirID, + dbFileID, dbRevision, dbStickyTag, dbBranchID, dbAddedLines, +@@ -767,7 +776,8 @@ + self.match = match + + ## CheckinDatabaseQuery is an object which contains the search +-## parameters for a query to the Checkin Database ++## parameters for a query to the Checkin Database and -- after the ++## query is executed -- the data returned by the query. + class CheckinDatabaseQuery: + def __init__(self): + ## sorting +@@ -787,7 +797,8 @@ + + ## limit on number of rows to return + self.limit = None +- ++ self.limit_reached = 0 ++ + ## list of commits -- filled in by CVS query + self.commit_list = [] + +@@ -795,6 +806,9 @@ + ## are added + self.commit_cb = None + ++ ## has this query been run? ++ self.executed = 0 ++ + def SetRepository(self, repository, match = "exact"): + self.repository_list.append(QueryEntry(repository, match)) + +@@ -840,6 +854,20 @@ + def AddCommit(self, commit): + self.commit_list.append(commit) + ++ def SetExecuted(self): ++ self.executed = 1 ++ ++ def SetLimitReached(self): ++ self.limit_reached = 1 ++ ++ def GetLimitReached(self): ++ assert self.executed ++ return self.limit_reached ++ ++ def GetCommitList(self): ++ assert self.executed ++ return self.commit_list ++ + + ## + ## entrypoints +--- viewvc-1.1.5.orig/lib/viewvc.py ++++ viewvc-1.1.5/lib/viewvc.py +@@ -4037,20 +4037,22 @@ + + # run the query + db.RunQuery(query) +- ++ commit_list = query.GetCommitList() ++ row_limit_reached = query.GetLimitReached() ++ + # gather commits + commits = [] + plus_count = 0 + minus_count = 0 + mod_time = -1 +- if query.commit_list: ++ if commit_list: + files = [] + limited_files = 0 +- current_desc = query.commit_list[0].GetDescriptionID() +- current_rev = query.commit_list[0].GetRevision() ++ current_desc = commit_list[0].GetDescriptionID() ++ current_rev = commit_list[0].GetRevision() + dir_strip = _path_join(repos_dir) + +- for commit in query.commit_list: ++ for commit in commit_list: + commit_desc = commit.GetDescriptionID() + commit_rev = commit.GetRevision() + +@@ -4128,6 +4130,7 @@ + 'show_branch': show_branch, + 'querysort': querysort, + 'commits': commits, ++ 'row_limit_reached' : ezt.boolean(row_limit_reached), + 'limit_changes': limit_changes, + 'limit_changes_href': limit_changes_href, + 'rss_link_href': request.get_url(view_func=view_query, +--- viewvc-1.1.5.orig/lib/query.py ++++ viewvc-1.1.5/lib/query.py +@@ -385,8 +385,11 @@ + db = cvsdb.ConnectDatabaseReadOnly(cfg) + db.RunQuery(query) + +- if not query.commit_list: +- return [ ] ++ commit_list = query.GetCommitList() ++ if not commit_list: ++ return [ ], 0 ++ ++ row_limit_reached = query.GetLimitReached() + + commits = [ ] + files = [ ] +@@ -397,8 +400,8 @@ + for key, value in rootitems: + cvsroots[cvsdb.CleanRepository(value)] = key + +- current_desc = query.commit_list[0].GetDescription() +- for commit in query.commit_list: ++ current_desc = commit_list[0].GetDescription() ++ for commit in commit_list: + desc = commit.GetDescription() + if current_desc == desc: + files.append(commit) +@@ -421,7 +424,7 @@ + return len(commit.files) > 0 + commits = filter(_only_with_files, commits) + +- return commits ++ return commits, row_limit_reached + + def main(server, cfg, viewvc_link): + try: +@@ -430,10 +433,12 @@ + form_data = FormData(form) + + if form_data.valid: +- commits = run_query(server, cfg, form_data, viewvc_link) ++ commits, row_limit_reached = run_query(server, cfg, ++ form_data, viewvc_link) + query = None + else: + commits = [ ] ++ row_limit_reached = 0 + query = 'skipped' + + data = ezt.TemplateData({ +@@ -453,6 +458,7 @@ + 'date' : form_data.date, + + 'query' : query, ++ 'row_limit_reached' : ezt.boolean(row_limit_reached), + 'commits' : commits, + 'num_commits' : len(commits), + 'rss_href' : None, --- viewvc-1.1.5.orig/debian/patches/series +++ viewvc-1.1.5/debian/patches/series @@ -0,0 +1,12 @@ +01-robots-support +90-viewvc-install-debian-paths +91-viewvc-conf-debian-custom +92-no_strings_in_raise +rev2369 +rev2547 +rev2551 +compression-content-length +CVE-2012-3357 +CVE-2012-3356 +CVE-2012-4533 +CVE-2017-5938.patch --- viewvc-1.1.5.orig/debian/pycompat +++ viewvc-1.1.5/debian/pycompat @@ -0,0 +1 @@ +2 --- viewvc-1.1.5.orig/debian/rules +++ viewvc-1.1.5/debian/rules @@ -0,0 +1,65 @@ +#!/usr/bin/make -f + +# debian/rules: Create the Debian packages for the ViewVC project +# Copyright (C) 2006-10, David Martínez Moreno and John Zaitseff + + +# Uncomment the following line for verbose Debhelper mode +#export DH_VERBOSE=1 + +STAMP_PATCH ?= debian/stamp-patch +STAMP_BUILD ?= debian/stamp-build + + +default: binary + + +# Include the quilt targets "patch" and "unpatch" +include /usr/share/quilt/quilt.make + + +build: $(STAMP_BUILD) +$(STAMP_BUILD): patch + dh_testdir + touch $(STAMP_BUILD) + +clean: unpatch + dh_testdir + dh_testroot + find lib -name '*.pyc' -exec rm {} \; + rm -f $(STAMP_BUILD) + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + ./viewvc-install --prefix=/usr/lib/viewvc --destdir=debian/tmp + find debian/tmp -name '*.pyc' -exec rm {} \; + rm -fr debian/tmp/usr/lib/viewvc/lib/vclib/ccvs/rcsparse/test-data + mv debian/tmp/usr/lib/viewvc/templates/docroot debian/viewvc/usr/share/viewvc/docroot + dh_install --sourcedir=debian/tmp --list-missing + +binary: binary-arch binary-indep +binary-arch: build install +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs -pviewvc CHANGES + dh_installdocs -pviewvc INSTALL docs + dh_installexamples + dh_installman -pviewvc debian/viewvc-standalone.1 + dh_pysupport + dh_link + dh_strip + dh_compress -X/templates-contrib/ + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + + +.PHONY: default build clean install binary binary-arch binary-indep --- viewvc-1.1.5.orig/debian/viewvc-query.dirs +++ viewvc-1.1.5/debian/viewvc-query.dirs @@ -0,0 +1,3 @@ +/usr/lib/cgi-bin +/usr/lib/viewvc +/usr/sbin --- viewvc-1.1.5.orig/debian/viewvc-query.install +++ viewvc-1.1.5/debian/viewvc-query.install @@ -0,0 +1,6 @@ +usr/lib/viewvc/bin/cvsdbadmin /usr/lib/viewvc/bin +usr/lib/viewvc/bin/loginfo-handler /usr/lib/viewvc/bin +usr/lib/viewvc/bin/make-database /usr/lib/viewvc/bin +usr/lib/viewvc/bin/svndbadmin /usr/lib/viewvc/bin +usr/lib/viewvc/bin/cgi/query.cgi /usr/lib/viewvc/cgi-bin +usr/lib/viewvc/bin/mod_python/query.py /usr/lib/viewvc/mod-python --- viewvc-1.1.5.orig/debian/viewvc-query.links +++ viewvc-1.1.5/debian/viewvc-query.links @@ -0,0 +1,6 @@ +/usr/lib/viewvc/bin/cvsdbadmin /usr/sbin/viewvc-cvsdbadmin +/usr/lib/viewvc/bin/loginfo-handler /usr/sbin/viewvc-loginfo-handler +/usr/lib/viewvc/bin/make-database /usr/sbin/viewvc-make-database +/usr/lib/viewvc/bin/svndbadmin /usr/sbin/viewvc-svndbadmin +/usr/lib/viewvc/cgi-bin/query.cgi /usr/lib/cgi-bin/query.cgi +/usr/share/doc/viewvc /usr/share/doc/viewvc-query --- viewvc-1.1.5.orig/debian/viewvc-standalone.1 +++ viewvc-1.1.5/debian/viewvc-standalone.1 @@ -0,0 +1,61 @@ +.\" Manual page for viewvc-standalone(1) +.\" Copyright (C) 2010, John Zaitseff +.\" +.\" This page is released under the GNU General Public License, version 2 +.\" or later. +.\" +.TH VIEWVC-STANDALONE 1 2010-04-01 +.SH NAME +viewvc-standalone \- run a simple stand-alone HTTP server for ViewVC +.SH SYNOPSIS +.B viewvc-standalone +.RI [ options ] +.SH DESCRIPTION +Run a simple, standalone HTTP server configured to serve up ViewVC +requests. +.SH OPTIONS +.TP +\fB\-c\fR, \fB\-\-config\-file\fR=\fIPATH\fR +Use the file at \fIPATH\fR as the ViewVC configuration file. If not +specified, ViewVC will try to use the configuration file in its +installation tree; otherwise, built-in default values are used. This +option is not valid in GUI mode. +.TP +\fB\-d\fR, \fB\-\-daemon\fR +Background the server process. +.TP +\fB\-h\fR, \fB\-\-host\fR=\fIHOST\fR +Start the server listening on \fIHOST\fR. You need to provide the +hostname if you want to access the standalone server from a remote +machine. The default is \fIlocalhost\fR. +.TP +\fB\-p\fR, \fB\-\-port\fR=\fIPORT\fR +Start the server on the given \fIPORT\fR. The default is \fI49152\fR. +.TP +\fB\-r\fR, \fB\-\-repository\fR=\fIPATH\fR +Serve up the Subversion or CVS repository located at \fIPATH\fR. This +option may be used more than once. +.TP +\fB\-s\fR, \fB\-\-script\-alias\fR=\fIPATH\fR +Specify the ScriptAlias, the artificial path location that at which +ViewVC appears to be located. For example, if your ScriptAlias is +\fIcgi-bin/viewvc\fR, then ViewVC will be accessible at +\fIhttp://localhost:49152/cgi-bin/viewvc\fR. The default is +\fIviewvc\fR. +.TP +\fB\-g\fR, \fB\-\-gui +Pop up a graphical interface for serving and testing ViewVC. Note: this +requires a valid X11 display connection. +.SH FILES +.I /etc/viewvc/viewvc.conf +.SH SEE ALSO +ViewVC web site, http://www.viewvc.org/. +.SH AUTHORS +.B viewvc-standalone +was written by the ViewVC Group. A complete list of authors may be +obtained at http://www.viewvc.org/. +.PP +This manual page was written by John Zaitseff for +the Debian project. It is distributed under the GNU General Public +License, version 2 or later, and may be used under that licence by +others. --- viewvc-1.1.5.orig/debian/viewvc.dirs +++ viewvc-1.1.5/debian/viewvc.dirs @@ -0,0 +1,5 @@ +/etc/viewvc +/usr/bin +/usr/lib/cgi-bin +/usr/lib/viewvc +/usr/share/viewvc --- viewvc-1.1.5.orig/debian/viewvc.install +++ viewvc-1.1.5/debian/viewvc.install @@ -0,0 +1,10 @@ +usr/lib/viewvc/*.conf /etc/viewvc +usr/lib/viewvc/*.conf.dist /usr/share/doc/viewvc/examples +usr/lib/viewvc/bin/standalone.py /usr/lib/viewvc/bin +usr/lib/viewvc/bin/cgi/viewvc.cgi /usr/lib/viewvc/cgi-bin +usr/lib/viewvc/bin/mod_python/.htaccess /usr/lib/viewvc/mod-python +usr/lib/viewvc/bin/mod_python/handler.py /usr/lib/viewvc/mod-python +usr/lib/viewvc/bin/mod_python/viewvc.py /usr/lib/viewvc/mod-python +usr/lib/viewvc/lib/ /usr/lib/viewvc +usr/lib/viewvc/templates/ /etc/viewvc +usr/lib/viewvc/templates-contrib/ /usr/share/doc/viewvc/examples --- viewvc-1.1.5.orig/debian/viewvc.links +++ viewvc-1.1.5/debian/viewvc.links @@ -0,0 +1,3 @@ +/usr/lib/viewvc/bin/standalone.py /usr/bin/viewvc-standalone +/usr/lib/viewvc/cgi-bin/viewvc.cgi /usr/lib/cgi-bin/viewvc.cgi +/usr/share/viewvc/docroot /etc/viewvc/templates/docroot