From nobody@FreeBSD.org  Tue Feb 16 19:21:22 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C037910656D3
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 16 Feb 2010 19:21:22 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id ACA858FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 16 Feb 2010 19:21:22 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o1GJLMtU028533
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 16 Feb 2010 19:21:22 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o1GJLMiP028532;
	Tue, 16 Feb 2010 19:21:22 GMT
	(envelope-from nobody)
Message-Id: <201002161921.o1GJLMiP028532@www.freebsd.org>
Date: Tue, 16 Feb 2010 19:21:22 GMT
From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [UPDATE] www/moinmoin to 1.8.7 [security fix]
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: bg1tpt@gmail.com

>Number:         144012
>Category:       ports
>Synopsis:       [UPDATE] www/moinmoin to 1.8.7 [security fix]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 16 19:30:09 UTC 2010
>Closed-Date:    Wed Mar 10 17:45:44 UTC 2010
>Last-Modified:  Wed Mar 10 17:45:44 UTC 2010
>Originator:     Ruslan Mahmatkhanov
>Release:        8.0-STABLE
>Organization:
>Environment:
FreeBSD 8.0-STABLE i386
>Description:
- update to 1.8.7

This release resolves some major security issues in past versions in 1.8 branch of moinmoin. All the users are encouraged to update asap (but workaround is available). This definetelly deserves vuxml record but i don't now know how to do it. 

please close ports/143188 - it's nomore actual. 
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruNa moinmoin.orig/Makefile moinmoin/Makefile
--- moinmoin.orig/Makefile	2009-07-08 06:24:43.000000000 +0400
+++ moinmoin/Makefile	2010-02-16 20:41:26.000000000 +0300
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	moinmoin
-PORTVERSION=	1.8.4
+PORTVERSION=	1.8.7
 CATEGORIES=	www python
 MASTER_SITES=	http://static.moinmo.in/files/
 DISTNAME=	moin-${PORTVERSION}
diff -ruNa moinmoin.orig/distinfo moinmoin/distinfo
--- moinmoin.orig/distinfo	2009-07-08 06:24:43.000000000 +0400
+++ moinmoin/distinfo	2010-02-16 20:43:18.000000000 +0300
@@ -1,3 +1,3 @@
-MD5 (moin-1.8.4.tar.gz) = 6a91a62f5c0dd5379f3c2411c6629496
-SHA256 (moin-1.8.4.tar.gz) = 7e664d96cde9eb5b8d01fddcab58b903760a55e56e7959dd97f2711a5fc3b48c
-SIZE (moin-1.8.4.tar.gz) = 5959517
+MD5 (moin-1.8.7.tar.gz) = f2355474080c475997f2f8109911d7d4
+SHA256 (moin-1.8.7.tar.gz) = ddb8af5dae934bdd7beddf1463176612eff615465a72d566433100a4de1fcf61
+SIZE (moin-1.8.7.tar.gz) = 6698609
diff -ruNa moinmoin.orig/pkg-plist moinmoin/pkg-plist
--- moinmoin.orig/pkg-plist	2009-07-08 06:24:43.000000000 +0400
+++ moinmoin/pkg-plist	2010-02-16 21:37:44.000000000 +0300
@@ -170,6 +170,9 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/botbouncer.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/botbouncer.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/botbouncer.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/auth/cas.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/auth/cas.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/auth/cas.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/http.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/http.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/auth/http.pyo
@@ -257,6 +260,9 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_excel.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_excel.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_excel.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_powerpoint.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_powerpoint.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_ms_powerpoint.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_oasis_opendocument.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_oasis_opendocument.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/filter/application_vnd_oasis_opendocument.pyo
@@ -334,8 +340,6 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/formatter/text_xml.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/i18n/Makefile
 %%PYTHON_SITELIBDIR%%/MoinMoin/i18n/MoinMoin.pot
-%%PYTHON_SITELIBDIR%%/MoinMoin/i18n/POTFILES
-%%PYTHON_SITELIBDIR%%/MoinMoin/i18n/POTFILES.in
 %%PYTHON_SITELIBDIR%%/MoinMoin/i18n/README
 %%PYTHON_SITELIBDIR%%/MoinMoin/i18n/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/i18n/__init__.pyc
@@ -798,6 +802,15 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080400.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080400.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080400.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080500.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080500.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080500.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080600.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080600.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080600.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080700.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080700.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080700.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo
@@ -885,18 +898,9 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/UpdateGroupTest.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/UpdateGroupTest.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/UpdateGroupTest.pyo
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/WhoAmI.py
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/WhoAmI.pyc
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/WhoAmI.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/__init__.pyo
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikibackup.py
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikibackup.pyc
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikibackup.pyo
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikirestore.py
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikirestore.pyc
-%%PYTHON_SITELIBDIR%%/MoinMoin/script/old/xmlrpc-tools/wikirestore.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/server/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/server/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/server/__init__.pyo
@@ -1089,6 +1093,9 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/userprefs/suid.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/userprefs/suid.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/userprefs/suid.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/util/SubProcess.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/util/SubProcess.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/util/SubProcess.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/util/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/util/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/util/__init__.pyo
@@ -1251,8 +1258,6 @@
 %%DATADIR%%/config/wikifarm/mywiki.py
 %%DATADIR%%/data/cache/README
 %%DATADIR%%/data/dict/dummy_dict
-%%DATADIR%%/data/edit-log
-%%DATADIR%%/data/event-log
 %%DATADIR%%/data/intermap.txt
 %%DATADIR%%/data/meta
 %%DATADIR%%/data/pages/BadContent/current
@@ -1551,6 +1556,7 @@
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/basexml.pl
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/commands.pl
+%%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/config.pl
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/connector.cgi
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/io.pl
 %%DATADIR%%/htdocs/applets/FCKeditor/editor/filemanager/connectors/perl/upload.cgi
@@ -2185,6 +2191,15 @@
 %%DATADIR%%/underlay/pages/HelpOnGraphicalEditor/revisions/00000001
 %%DATADIR%%/underlay/pages/HelpOnHeadlines/current
 %%DATADIR%%/underlay/pages/HelpOnHeadlines/revisions/00000001
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/Grand_Tetons.jpg
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/button.png
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/chair.jpg
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/clock.jpg
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/duckie.png
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/fish.jpg
+%%DATADIR%%/underlay/pages/HelpOnImages/attachments/pineapple.jpg
+%%DATADIR%%/underlay/pages/HelpOnImages/current
+%%DATADIR%%/underlay/pages/HelpOnImages/revisions/00000001
 %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)AolServer/current
 %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)AolServer/revisions/00000001
 %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheOnLinux/current
@@ -2398,12 +2413,12 @@
 %%DATADIR%%/underlay/pages/SystemPagesGroup/revisions/00000001
 %%DATADIR%%/underlay/pages/SystemPagesInEnglishGroup/current
 %%DATADIR%%/underlay/pages/SystemPagesInEnglishGroup/revisions/00000001
+%%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/BrazilianPortuguese.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Bulgarian.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Croatian.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Czech.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Danish.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Dutch.zip
-%%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/BrazilianPortuguese.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/Finnish.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/French.zip
 %%DATADIR%%/underlay/pages/SystemPagesSetup/attachments/German.zip
@@ -2771,8 +2786,8 @@
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)WikiInstanceCreation
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)WebLogic/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)WebLogic
-@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TwistedWeb/attachments
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TwistedWeb/revisions
+@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TwistedWeb/attachments
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TwistedWeb
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TroubleShooting/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)TroubleShooting/attachments
@@ -2788,12 +2803,12 @@
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)BasicInstallation/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)BasicInstallation/attachments
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)BasicInstallation
-@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithCherryPy/revisions
-@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithCherryPy
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithModWSGI/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithModWSGI
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithModPython/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithModPython
+@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithCherryPy/revisions
+@dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheWithCherryPy
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheOnWin32withFastCgi/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheOnWin32withFastCgi
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)ApacheOnWin32withDomainAuthentication/revisions
@@ -2810,6 +2825,9 @@
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)AolServer/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling(2f)AolServer
 @dirrm %%DATADIR%%/underlay/pages/HelpOnInstalling
+@dirrm %%DATADIR%%/underlay/pages/HelpOnImages/revisions
+@dirrm %%DATADIR%%/underlay/pages/HelpOnImages/attachments
+@dirrm %%DATADIR%%/underlay/pages/HelpOnImages
 @dirrm %%DATADIR%%/underlay/pages/HelpOnHeadlines/revisions
 @dirrm %%DATADIR%%/underlay/pages/HelpOnHeadlines
 @dirrm %%DATADIR%%/underlay/pages/HelpOnGraphicalEditor/revisions


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Tue Feb 16 19:30:25 UTC 2010 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144012 
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Tue Feb 16 19:31:09 UTC 2010 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144012 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: bg1tpt@gmail.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/144012: [UPDATE] www/moinmoin to 1.8.7 [security fix]
Date: Tue, 16 Feb 2010 19:30:22 UT

 Maintainer of www/moinmoin,
 
 Please note that PR ports/144012 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/144012
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Wed Mar 10 17:45:43 UTC 2010 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144012 
>Unformatted:
