Moinmoin has a critical vulnerability that has been successfully expoited on the Debian wiki, and our wiki has been taken down as a precaution. This update fixes the issue. (while here, use %%PREFIX%% rather than hardcoding /usr/local in pkg-message) http://permalink.gmane.org/gmane.linux.debian.devel.announce/1754 Fix: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.--ZyFzIXL6qrh4ahAdxcW5Irk3yNyYqO08yTzIOhrWEmuQZjfW Content-Type: text/plain; name="patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch.txt" Index: Makefile =================================================================== --- Makefile (revision 309954) +++ Makefile (working copy) @@ -1,12 +1,8 @@ -# New ports collection makefile for: moinmoin -# Date created: 18 September 2001 -# Whom: Hye-Shik Chang <perky@python.or.kr> -# +# Created by: Hye-Shik Chang <perky@python.or.kr> # $FreeBSD$ -# PORTNAME= moinmoin -PORTVERSION= 1.9.5 +PORTVERSION= 1.9.6 CATEGORIES= www python MASTER_SITES= http://static.moinmo.in/files/ DISTNAME= moin-${PORTVERSION} Index: distinfo =================================================================== --- distinfo (revision 309954) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c -SIZE (moin-1.9.5.tar.gz) = 36740561 +SHA256 (moin-1.9.6.tar.gz) = 816f0454808e8abdc44e9839ed08802bea78c174bdbd72b9644c72fce891f6f6 +SIZE (moin-1.9.6.tar.gz) = 36754215 Index: files/pkg-install.in =================================================================== --- files/pkg-install.in (revision 309954) +++ files/pkg-install.in (working copy) @@ -92,7 +92,7 @@ echo "" echo "If you want to install additional wiki instances" echo "call 'make instance' with appriopriate arguments." - echo "E.g.: make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance" + echo "E.g.: make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance" echo "************************************************************" ;; @@ -104,7 +104,7 @@ echo "" echo "If you're installing from ports, just run 'make instance'" echo "with appriopriate arguments." - echo "eg. make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance" + echo "eg. make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance" echo "" echo "If you're installing from package, run these commands." echo "" Index: pkg-plist =================================================================== --- pkg-plist (revision 309954) +++ pkg-plist (working copy) @@ -871,6 +871,9 @@ %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.py +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyc +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyo %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo
Maintainer of www/moinmoin, Please note that PR ports/175004 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/175004 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->crees Hm, apparently the auto-assigner doesn't recognise @FreeBSD.org any more
On 5 January 2013 11:59, Chris Rees <crees@freebsd.org> wrote: > >>Number: 175004 >>Synopsis: [PATCH] [SECURITY] www/moinmoin: update to 1.9.6 Thanks! If someone could commit this ASAP that would be great. This fixes a very serious security issue. Approved by: so (simon) -- Simon L. B. Nielsen
Author: crees Date: Sat Jan 5 13:03:58 2013 New Revision: 309959 URL: http://svnweb.freebsd.org/changeset/ports/309959 Log: Update to 1.9.6, fixing security issue. All problems here are my responsiblity. PR: ports/175004 Submitted by: crees Approved by: so (simon) Modified: head/www/moinmoin/Makefile head/www/moinmoin/distinfo head/www/moinmoin/files/pkg-install.in head/www/moinmoin/pkg-plist Modified: head/www/moinmoin/Makefile ============================================================================== --- head/www/moinmoin/Makefile Sat Jan 5 12:54:28 2013 (r309958) +++ head/www/moinmoin/Makefile Sat Jan 5 13:03:58 2013 (r309959) @@ -1,12 +1,8 @@ -# New ports collection makefile for: moinmoin -# Date created: 18 September 2001 -# Whom: Hye-Shik Chang <perky@python.or.kr> -# +# Created by: Hye-Shik Chang <perky@python.or.kr> # $FreeBSD$ -# PORTNAME= moinmoin -PORTVERSION= 1.9.5 +PORTVERSION= 1.9.6 CATEGORIES= www python MASTER_SITES= http://static.moinmo.in/files/ DISTNAME= moin-${PORTVERSION} Modified: head/www/moinmoin/distinfo ============================================================================== --- head/www/moinmoin/distinfo Sat Jan 5 12:54:28 2013 (r309958) +++ head/www/moinmoin/distinfo Sat Jan 5 13:03:58 2013 (r309959) @@ -1,2 +1,2 @@ -SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c -SIZE (moin-1.9.5.tar.gz) = 36740561 +SHA256 (moin-1.9.6.tar.gz) = 816f0454808e8abdc44e9839ed08802bea78c174bdbd72b9644c72fce891f6f6 +SIZE (moin-1.9.6.tar.gz) = 36754215 Modified: head/www/moinmoin/files/pkg-install.in ============================================================================== --- head/www/moinmoin/files/pkg-install.in Sat Jan 5 12:54:28 2013 (r309958) +++ head/www/moinmoin/files/pkg-install.in Sat Jan 5 13:03:58 2013 (r309959) @@ -92,7 +92,7 @@ case "x$2" in echo "" echo "If you want to install additional wiki instances" echo "call 'make instance' with appriopriate arguments." - echo "E.g.: make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance" + echo "E.g.: make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance" echo "************************************************************" ;; @@ -104,7 +104,7 @@ case "x$2" in echo "" echo "If you're installing from ports, just run 'make instance'" echo "with appriopriate arguments." - echo "eg. make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance" + echo "eg. make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance" echo "" echo "If you're installing from package, run these commands." echo "" Modified: head/www/moinmoin/pkg-plist ============================================================================== --- head/www/moinmoin/pkg-plist Sat Jan 5 12:54:28 2013 (r309958) +++ head/www/moinmoin/pkg-plist Sat Jan 5 13:03:58 2013 (r309959) @@ -871,6 +871,9 @@ bin/moin %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.py +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyc +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyo %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed. Guixing, if you would like to discuss any of this please feel free to contact me. Thanks!