From crees@bayofrum.net  Sat Jan  5 12:02:16 2013
Return-Path: <crees@bayofrum.net>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
	by hub.freebsd.org (Postfix) with ESMTP id 18BA0BD8
	for <freebsd-gnats-submit@freebsd.org>; Sat,  5 Jan 2013 12:02:16 +0000 (UTC)
	(envelope-from crees@bayofrum.net)
Received: from mk-outboundfilter-2.mail.uk.tiscali.com (mk-outboundfilter-2.mail.uk.tiscali.com [212.74.114.38])
	by mx1.freebsd.org (Postfix) with ESMTP id AF043B09
	for <freebsd-gnats-submit@freebsd.org>; Sat,  5 Jan 2013 12:02:15 +0000 (UTC)
Received: from 79-75-91-162.dynamic.dsl.as9105.com (HELO pegasus.bayofrum.net) ([79.75.91.162])
  by smtp.pipex.tiscali.co.uk with ESMTP; 05 Jan 2013 12:01:03 +0000
Received: by pegasus.bayofrum.net (Postfix, from userid 1001)
	id D22E31B519; Sat,  5 Jan 2013 11:59:41 +0000 (GMT)
Message-Id: <20130105115941.D22E31B519@pegasus.bayofrum.net>
Date: Sat,  5 Jan 2013 11:59:41 +0000 (GMT)
From: Chris Rees <crees@FreeBSD.org>
Reply-To: Chris Rees <crees@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] [SECURITY] www/moinmoin: update to 1.9.6
X-Send-Pr-Version: 3.113
X-GNATS-Notify: khsing.cn@gmail.com, secteam@FreeBSD.org

>Number:         175004
>Category:       ports
>Synopsis:       [PATCH] [SECURITY] www/moinmoin: update to 1.9.6
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    crees
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 05 12:10:00 UTC 2013
>Closed-Date:    Sat Jan 05 13:04:54 UTC 2013
>Last-Modified:  Sat Jan  5 13:10:01 UTC 2013
>Originator:     Chris Rees
>Release:        FreeBSD 9.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD pegasus.bayofrum.net 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Sun Apr 29 12:29:02 BST 2012 root@pegasus.bayofrum.net:/usr/obj/usr/src/sys/PEGASUS amd64


	
>Description:
	Moinmoin has a critical vulnerability that has been successfully expoited on the Debian wiki, and our wiki has been taken down as a precaution.  This update fixes the issue.

	(while here, use %%PREFIX%% rather than hardcoding /usr/local in pkg-message)

	http://permalink.gmane.org/gmane.linux.debian.devel.announce/1754
>How-To-Repeat:
	
>Fix:

	

--- patch.txt begins here ---
Index: Makefile
===================================================================
--- Makefile	(revision 309954)
+++ Makefile	(working copy)
@@ -1,12 +1,8 @@
-# New ports collection makefile for:	moinmoin
-# Date created:				18 September 2001
-# Whom:					Hye-Shik Chang <perky@python.or.kr>
-#
+# Created by: Hye-Shik Chang <perky@python.or.kr>
 # $FreeBSD$
-#
 
 PORTNAME=	moinmoin
-PORTVERSION=	1.9.5
+PORTVERSION=	1.9.6
 CATEGORIES=	www python
 MASTER_SITES=	http://static.moinmo.in/files/
 DISTNAME=	moin-${PORTVERSION}
Index: distinfo
===================================================================
--- distinfo	(revision 309954)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c
-SIZE (moin-1.9.5.tar.gz) = 36740561
+SHA256 (moin-1.9.6.tar.gz) = 816f0454808e8abdc44e9839ed08802bea78c174bdbd72b9644c72fce891f6f6
+SIZE (moin-1.9.6.tar.gz) = 36754215
Index: files/pkg-install.in
===================================================================
--- files/pkg-install.in	(revision 309954)
+++ files/pkg-install.in	(working copy)
@@ -92,7 +92,7 @@
 	echo ""
 	echo "If you want to install additional wiki instances"
 	echo "call 'make instance' with appriopriate arguments."
-	echo "E.g.: make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance"
+	echo "E.g.: make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance"
 	echo "************************************************************"
 
 	;;
@@ -104,7 +104,7 @@
 	echo ""
 	echo "If you're installing from ports, just run 'make instance'"
 	echo "with appriopriate arguments."
-	echo "eg. make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance"
+	echo "eg. make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance"
 	echo ""
 	echo "If you're installing from package, run these commands."
 	echo ""
Index: pkg-plist
===================================================================
--- pkg-plist	(revision 309954)
+++ pkg-plist	(working copy)
@@ -871,6 +871,9 @@
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo
--- patch.txt ends here ---



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Sat Jan 5 12:10:14 UTC 2013 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175004 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: khsing.cn@gmail.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/175004: [PATCH] [SECURITY] www/moinmoin: update to 1.9.6
Date: Sat, 5 Jan 2013 12:10:13 UT

 Maintainer of www/moinmoin,
 
 Please note that PR ports/175004 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/175004
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
Responsible-Changed-From-To: freebsd-ports-bugs->crees 
Responsible-Changed-By: crees 
Responsible-Changed-When: Sat Jan 5 12:56:28 UTC 2013 
Responsible-Changed-Why:  
Hm, apparently the auto-assigner doesn't recognise @FreeBSD.org any more 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175004 
State-Changed-From-To: feedback->closed 
State-Changed-By: crees 
State-Changed-When: Sat Jan 5 13:04:53 UTC 2013 
State-Changed-Why:  
Committed.  Guixing, if you would like to discuss any of this please 
feel free to contact me.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175004 

From: "Simon L. B. Nielsen" <simon@FreeBSD.org>
To: Chris Rees <crees@freebsd.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: ports/175004: [PATCH] [SECURITY] www/moinmoin: update to 1.9.6
Date: Sat, 5 Jan 2013 13:02:31 +0000

 On 5 January 2013 11:59, Chris Rees <crees@freebsd.org> wrote:
 >
 >>Number:         175004
 >>Synopsis:       [PATCH] [SECURITY] www/moinmoin: update to 1.9.6
 
 Thanks!
 
 If someone could commit this ASAP that would be great. This fixes a
 very serious security issue.
 
 Approved by: so (simon)
 
 -- 
 Simon L. B. Nielsen

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/175004: commit references a PR
Date: Sat,  5 Jan 2013 13:04:06 +0000 (UTC)

 Author: crees
 Date: Sat Jan  5 13:03:58 2013
 New Revision: 309959
 URL: http://svnweb.freebsd.org/changeset/ports/309959
 
 Log:
   Update to 1.9.6, fixing security issue.
   
   All problems here are my responsiblity.
   
   PR:		ports/175004
   Submitted by:	crees
   Approved by:	so (simon)
 
 Modified:
   head/www/moinmoin/Makefile
   head/www/moinmoin/distinfo
   head/www/moinmoin/files/pkg-install.in
   head/www/moinmoin/pkg-plist
 
 Modified: head/www/moinmoin/Makefile
 ==============================================================================
 --- head/www/moinmoin/Makefile	Sat Jan  5 12:54:28 2013	(r309958)
 +++ head/www/moinmoin/Makefile	Sat Jan  5 13:03:58 2013	(r309959)
 @@ -1,12 +1,8 @@
 -# New ports collection makefile for:	moinmoin
 -# Date created:				18 September 2001
 -# Whom:					Hye-Shik Chang <perky@python.or.kr>
 -#
 +# Created by: Hye-Shik Chang <perky@python.or.kr>
  # $FreeBSD$
 -#
  
  PORTNAME=	moinmoin
 -PORTVERSION=	1.9.5
 +PORTVERSION=	1.9.6
  CATEGORIES=	www python
  MASTER_SITES=	http://static.moinmo.in/files/
  DISTNAME=	moin-${PORTVERSION}
 
 Modified: head/www/moinmoin/distinfo
 ==============================================================================
 --- head/www/moinmoin/distinfo	Sat Jan  5 12:54:28 2013	(r309958)
 +++ head/www/moinmoin/distinfo	Sat Jan  5 13:03:58 2013	(r309959)
 @@ -1,2 +1,2 @@
 -SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c
 -SIZE (moin-1.9.5.tar.gz) = 36740561
 +SHA256 (moin-1.9.6.tar.gz) = 816f0454808e8abdc44e9839ed08802bea78c174bdbd72b9644c72fce891f6f6
 +SIZE (moin-1.9.6.tar.gz) = 36754215
 
 Modified: head/www/moinmoin/files/pkg-install.in
 ==============================================================================
 --- head/www/moinmoin/files/pkg-install.in	Sat Jan  5 12:54:28 2013	(r309958)
 +++ head/www/moinmoin/files/pkg-install.in	Sat Jan  5 13:03:58 2013	(r309959)
 @@ -92,7 +92,7 @@ case "x$2" in
  	echo ""
  	echo "If you want to install additional wiki instances"
  	echo "call 'make instance' with appriopriate arguments."
 -	echo "E.g.: make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance"
 +	echo "E.g.: make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance"
  	echo "************************************************************"
  
  	;;
 @@ -104,7 +104,7 @@ case "x$2" in
  	echo ""
  	echo "If you're installing from ports, just run 'make instance'"
  	echo "with appriopriate arguments."
 -	echo "eg. make MOINTYPE=FCGI MOINDEST=/usr/local/www/wiki instance"
 +	echo "eg. make MOINTYPE=FCGI MOINDEST=%%PREFIX%%/www/wiki instance"
  	echo ""
  	echo "If you're installing from package, run these commands."
  	echo ""
 
 Modified: head/www/moinmoin/pkg-plist
 ==============================================================================
 --- head/www/moinmoin/pkg-plist	Sat Jan  5 12:54:28 2013	(r309958)
 +++ head/www/moinmoin/pkg-plist	Sat Jan  5 13:03:58 2013	(r309959)
 @@ -871,6 +871,9 @@ bin/moin
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo
 +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.py
 +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyc
 +%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090600.pyo
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc
  %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
