pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2018Q4] pkgsrc/www/ikiwiki
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Mar 6 15:06:57 UTC 2019
Modified Files:
pkgsrc/www/ikiwiki [pkgsrc-2018Q4]: Makefile distinfo
Log Message:
Pullup ticket #5922 - requested by schmonz
www/ikiwiki: security fix
Revisions pulled up:
- www/ikiwiki/Makefile 1.161-1.162
- www/ikiwiki/distinfo 1.132
---
Module Name: pkgsrc
Committed By: schmonz
Date: Thu Feb 28 22:00:49 UTC 2019
Modified Files:
pkgsrc/www/ikiwiki: Makefile distinfo
Log Message:
Update to ikiwiki. From the changelog:
* aggregate: Use LWPx::ParanoidAgent if available.
Previously blogspam, openid and pinger used this module if available,
but aggregate did not. This prevents server-side request forgery or
local file disclosure, and mitigates denial of service when slow
"tarpit" URLs are accessed.
(CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if
LWPx::ParanoidAgent is installed.
Previously, only aggregate would obey proxy configuration. If a proxy
is used, the proxy (not ikiwiki) is responsible for preventing attacks
like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https
URLs.
Previously, these plugins would have allowed non-HTTP-based requests if
LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
file disclosure, and preventing other rarely-used URI schemes like
gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
recommended.
These plugins can request attacker-controlled URLs in some site
configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable.
This plugin doesn't request attacker-controlled URLs, so it's
non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured.
Previously, these plugins would only obey this configuration if
LWPx::ParanoidAgent was not installed, but this appears to have been
unintended.
* po: Always filter .po files.
The po plugin in previous ikiwiki releases made the second and
subsequent filter call per (page, destpage) pair into a no-op,
apparently in an attempt to prevent *recursive* filtering (which as
far as we can tell can't happen anyway), with the undesired effect
of interpreting the raw .po file as page content (e.g. Markdown)
if it was inlined into the same page twice, which is apparently
something that tails.org does. Simplify this by deleting the code
that prevented repeated filtering. Thanks, intrigeri
(Closes: #911356)
---
Module Name: pkgsrc
Committed By: schmonz
Date: Thu Feb 28 22:20:01 UTC 2019
Modified Files:
pkgsrc/www/ikiwiki: Makefile
Log Message:
Add dependency on p5-LWPx-ParanoidAgent. Ride recent version bump.
To generate a diff of this commit:
cvs rdiff -u -r1.159 -r1.159.2.1 pkgsrc/www/ikiwiki/Makefile
cvs rdiff -u -r1.130 -r1.130.2.1 pkgsrc/www/ikiwiki/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/ikiwiki/Makefile
diff -u pkgsrc/www/ikiwiki/Makefile:1.159 pkgsrc/www/ikiwiki/Makefile:1.159.2.1
--- pkgsrc/www/ikiwiki/Makefile:1.159 Mon Oct 22 04:33:25 2018
+++ pkgsrc/www/ikiwiki/Makefile Wed Mar 6 15:06:57 2019
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.159 2018/10/22 04:33:25 schmonz Exp $
+# $NetBSD: Makefile,v 1.159.2.1 2019/03/06 15:06:57 bsiegert Exp $
#
-DISTNAME= ikiwiki_3.20180311.orig
+DISTNAME= ikiwiki_3.20190228.orig
PKGNAME= ${DISTNAME:S/_/-/:S/.orig//}
-PKGREVISION= 4
CATEGORIES= www textproc
MASTER_SITES= ${MASTER_SITE_DEBIAN:=pool/main/i/ikiwiki/}
EXTRACT_SUFX= .tar.xz
@@ -31,6 +30,7 @@ DEPENDS+= p5-XML-RSS-[0-9]*:../../textp
DEPENDS+= p5-File-MimeInfo-[0-9]*:../../devel/p5-File-MimeInfo
DEPENDS+= p5-gettext-[0-9]*:../../devel/p5-gettext
DEPENDS+= p5-YAML-LibYAML-[0-9]*:../../textproc/p5-YAML-LibYAML
+DEPENDS+= p5-LWPx-ParanoidAgent-[0-9]*:../../www/p5-LWPx-ParanoidAgent
WRKSRC= ${WRKDIR}/${PKGNAME_NOREV:S/ikiwiki-/IkiWiki-/}
PERL5_PACKLIST= auto/IkiWiki/.packlist
Index: pkgsrc/www/ikiwiki/distinfo
diff -u pkgsrc/www/ikiwiki/distinfo:1.130 pkgsrc/www/ikiwiki/distinfo:1.130.2.1
--- pkgsrc/www/ikiwiki/distinfo:1.130 Mon Oct 22 04:33:25 2018
+++ pkgsrc/www/ikiwiki/distinfo Wed Mar 6 15:06:57 2019
@@ -1,10 +1,7 @@
-$NetBSD: distinfo,v 1.130 2018/10/22 04:33:25 schmonz Exp $
+$NetBSD: distinfo,v 1.130.2.1 2019/03/06 15:06:57 bsiegert Exp $
-SHA1 (ikiwiki_3.20180311.orig.tar.xz) = 9c567bb9f46e8a86a41ddc2358d0426248934e33
-RMD160 (ikiwiki_3.20180311.orig.tar.xz) = 22a2f1963e73fae82a7a6a29c84488c898c7c4fa
-SHA512 (ikiwiki_3.20180311.orig.tar.xz) = 12042d90217995eb43d47df1e81cbced825fc2b2262893680447448abac88ef5279bcddd6c438613b41c4f35308a4f1e8d23157e018bb99d883bc0941af1d469
-Size (ikiwiki_3.20180311.orig.tar.xz) = 2639052 bytes
-SHA1 (patch-IkiWiki_Plugin_graphviz.pm) = 7fb033dfa46a3cdffd591fcf6af338399107572b
-SHA1 (patch-IkiWiki_Wrapper.pm) = 68a9c4c64b5e95bbb6dec721ea95dc27cecb1bc9
-SHA1 (patch-doc_ikiwiki_directive_graph.mdwn) = 78e3a7e2151ab122fe770b3a0d75759a00e978a2
+SHA1 (ikiwiki_3.20190228.orig.tar.xz) = 46f5b0a1498c1e098fe248eae1f2e3f56b25dc2f
+RMD160 (ikiwiki_3.20190228.orig.tar.xz) = f47968a69528aea864ad412c8508a8c5063edb9d
+SHA512 (ikiwiki_3.20190228.orig.tar.xz) = 125147d83dae6166b45541ed9176398ba4bd22ef3389d3efb3f442e558e326e0b004583d29aa32ed4bfca489c9d55b4232f074aab5fa649e51d9edd103685172
+Size (ikiwiki_3.20190228.orig.tar.xz) = 2672244 bytes
SHA1 (patch-ikiwiki-mass-rebuild) = b8d5785d77736508de9cfc0f059cc36e0e607bce
Home |
Main Index |
Thread Index |
Old Index