diff options
| author | gls <gls> | 2011-03-07 20:51:40 +0000 |
|---|---|---|
| committer | gls <gls> | 2011-03-07 20:51:40 +0000 |
| commit | 96b9aadeb70a1b6db403a9a007fd6925d625795c (patch) | |
| tree | 64e6716d7b5de8b1d2656a04c1d0bf0b14524226 /www | |
| parent | a21bc8db0070e362e0f9c2042fafb521362476ef (diff) | |
| download | pkgsrc-96b9aadeb70a1b6db403a9a007fd6925d625795c.tar.gz | |
Add a fix for CVE CVE 2011-1058.
Taken from http://moinmo.in/SecurityFixes
Diffstat (limited to 'www')
| -rw-r--r-- | www/py-moin/Makefile | 3 | ||||
| -rw-r--r-- | www/py-moin/distinfo | 3 | ||||
| -rw-r--r-- | www/py-moin/patches/patch-MoinMoin_parser_text__rst.py | 17 |
3 files changed, 21 insertions, 2 deletions
diff --git a/www/py-moin/Makefile b/www/py-moin/Makefile index fdd0478ee72..ce93c92369d 100644 --- a/www/py-moin/Makefile +++ b/www/py-moin/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.15 2011/02/25 09:47:29 wiz Exp $ +# $NetBSD: Makefile,v 1.16 2011/03/07 20:51:40 gls Exp $ # VER= 1.9.3 DISTNAME= moin-${VER} PKGNAME= ${PYPKGPREFIX}-moin-${VER} +PKGREVISION= 1 CATEGORIES= www python MASTER_SITES= http://static.moinmo.in/files/ diff --git a/www/py-moin/distinfo b/www/py-moin/distinfo index 148a692a808..7a41bbce010 100644 --- a/www/py-moin/distinfo +++ b/www/py-moin/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.6 2010/07/09 11:38:36 obache Exp $ +$NetBSD: distinfo,v 1.7 2011/03/07 20:51:40 gls Exp $ SHA1 (moin-1.9.3.tar.gz) = e019c2742f42d4d1f32b0f86f985ce938b821f1b RMD160 (moin-1.9.3.tar.gz) = c8679c9440768906c47048f2544a26b77b1ca061 Size (moin-1.9.3.tar.gz) = 30514897 bytes +SHA1 (patch-MoinMoin_parser_text__rst.py) = 21876302d8ecef85295cc6c24ef4e3823f578556 diff --git a/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py b/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py new file mode 100644 index 00000000000..695af4db8d5 --- /dev/null +++ b/www/py-moin/patches/patch-MoinMoin_parser_text__rst.py @@ -0,0 +1,17 @@ +$NetBSD: patch-MoinMoin_parser_text__rst.py,v 1.1 2011/03/07 20:51:41 gls Exp $ + +Security fix: XSS issue in rst parser CVE-2011-1058 +http://hg.moinmo.in/moin/1.9/rev/97208f67798f + +--- MoinMoin/parser/text_rst.py.orig 2010-06-26 21:46:42.000000000 +0000 ++++ MoinMoin/parser/text_rst.py +@@ -391,6 +391,9 @@ class MoinTranslator(html4css1.HTMLTrans + # for images with targets). + if not [i for i in node.children if i.__class__ == docutils.nodes.image]: + node['classes'].append('interwiki') ++ elif prefix == 'javascript': ++ # is someone trying to do XSS with javascript? ++ node['refuri'] = 'javascript:alert("it does not work")' + elif prefix != '': + # Some link scheme (http, file, https, mailto, etc.), add class + # information if the reference doesn't have a child image (don't |