diff options
| author | tron <tron> | 2011-03-09 20:01:47 +0000 |
|---|---|---|
| committer | tron <tron> | 2011-03-09 20:01:47 +0000 |
| commit | 3c598646ce963dd4c0d2ef4c767509696db412da (patch) | |
| tree | 6dc7f9041cc553f2da4cb84b95e049e459c1880d | |
| parent | 8ac1f6edf29498d83b28e5047f807f0b4c36f396 (diff) | |
| download | pkgsrc-3c598646ce963dd4c0d2ef4c767509696db412da.tar.gz | |
Pullup ticket #3386 - requested by gls
www/py-moin: security patch
Revisions pulled up:
- www/py-moin/Makefile 1.16
- www/py-moin/distinfo 1.7
- www/py-moin/patches/patch-MoinMoin_parser_text__rst.py 1.1
---
Module Name: pkgsrc
Committed By: gls
Date: Mon Mar 7 20:51:41 UTC 2011
Modified Files:
pkgsrc/www/py-moin: Makefile distinfo
Added Files:
pkgsrc/www/py-moin/patches: patch-MoinMoin_parser_text__rst.py
Log Message:
Add a fix for CVE CVE 2011-1058.
Taken from http://moinmo.in/SecurityFixes
| -rw-r--r-- | www/py-moin/Makefile | 3 | ||||
| -rw-r--r-- | www/py-moin/distinfo | 3 | ||||
| -rw-r--r-- | www/py-moin/patches/patch-MoinMoin_parser_text__rst.py | 17 |
3 files changed, 21 insertions, 2 deletions
diff --git a/www/py-moin/Makefile b/www/py-moin/Makefile index 62363c2fdc0..f95fbc1f21c 100644 --- a/www/py-moin/Makefile +++ b/www/py-moin/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.14 2010/07/09 11:38:36 obache Exp $ +# $NetBSD: Makefile,v 1.14.4.1 2011/03/09 20:01:47 tron Exp $ # VER= 1.9.3 DISTNAME= moin-${VER} PKGNAME= ${PYPKGPREFIX}-moin-${VER} +PKGREVISION= 1 CATEGORIES= www python MASTER_SITES= http://static.moinmo.in/files/ diff --git a/www/py-moin/distinfo b/www/py-moin/distinfo index 148a692a808..4c6b6ea0fb5 100644 --- a/www/py-moin/distinfo +++ b/www/py-moin/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.6 2010/07/09 11:38:36 obache Exp $ +$NetBSD: distinfo,v 1.6.4.1 2011/03/09 20:01:47 tron Exp $ SHA1 (moin-1.9.3.tar.gz) = e019c2742f42d4d1f32b0f86f985ce938b821f1b RMD160 (moin-1.9.3.tar.gz) = c8679c9440768906c47048f2544a26b77b1ca061 Size (moin-1.9.3.tar.gz) = 30514897 bytes +SHA1 (patch-MoinMoin_parser_text__rst.py) = 21876302d8ecef85295cc6c24ef4e3823f578556 diff --git a/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py b/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py new file mode 100644 index 00000000000..f8f8829c68a --- /dev/null +++ b/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py @@ -0,0 +1,17 @@ +$NetBSD: patch-MoinMoin_parser_text__rst.py,v 1.1.2.2 2011/03/09 20:01:48 tron Exp $ + +Security fix: XSS issue in rst parser CVE-2011-1058 +http://hg.moinmo.in/moin/1.9/rev/97208f67798f + +--- MoinMoin/parser/text_rst.py.orig 2010-06-26 21:46:42.000000000 +0000 ++++ MoinMoin/parser/text_rst.py +@@ -391,6 +391,9 @@ class MoinTranslator(html4css1.HTMLTrans + # for images with targets). + if not [i for i in node.children if i.__class__ == docutils.nodes.image]: + node['classes'].append('interwiki') ++ elif prefix == 'javascript': ++ # is someone trying to do XSS with javascript? ++ node['refuri'] = 'javascript:alert("it does not work")' + elif prefix != '': + # Some link scheme (http, file, https, mailto, etc.), add class + # information if the reference doesn't have a child image (don't |