pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2018Q4]: pkgsrc/www/ikiwiki Pullup ticket #5922 - requested by...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7a6eef4f118d
branches:  pkgsrc-2018Q4
changeset: 320649:7a6eef4f118d
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Mar 06 15:06:57 2019 +0000

description:
Pullup ticket #5922 - requested by schmonz
www/ikiwiki: security fix

Revisions pulled up:
- www/ikiwiki/Makefile                                          1.161-1.162
- www/ikiwiki/distinfo                                          1.132

---
   Module Name:    pkgsrc
   Committed By:   schmonz
   Date:           Thu Feb 28 22:00:49 UTC 2019

   Modified Files:
           pkgsrc/www/ikiwiki: Makefile distinfo

   Log Message:
   Update to ikiwiki. From the changelog:

   * aggregate: Use LWPx::ParanoidAgent if available.
     Previously blogspam, openid and pinger used this module if available,
     but aggregate did not. This prevents server-side request forgery or
     local file disclosure, and mitigates denial of service when slow
     "tarpit" URLs are accessed.
     (CVE-2019-9187)
   * blogspam, openid, pinger: Use a HTTP proxy if configured, even if
     LWPx::ParanoidAgent is installed.
     Previously, only aggregate would obey proxy configuration. If a proxy
     is used, the proxy (not ikiwiki) is responsible for preventing attacks
     like CVE-2019-9187.
   * aggregate, blogspam, openid, pinger: Do not access non-http, non-https
     URLs.
     Previously, these plugins would have allowed non-HTTP-based requests if
     LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
     file disclosure, and preventing other rarely-used URI schemes like
     gopher mitigates request forgery attacks.
   * aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
     recommended.
     These plugins can request attacker-controlled URLs in some site
     configurations.
   * blogspam: Document LWPx::ParanoidAgent as desirable.
     This plugin doesn't request attacker-controlled URLs, so it's
     non-critical here.
   * blogspam, openid, pinger: Consistently use cookiejar if configured.
     Previously, these plugins would only obey this configuration if
     LWPx::ParanoidAgent was not installed, but this appears to have been
     unintended.
   * po: Always filter .po files.
     The po plugin in previous ikiwiki releases made the second and
     subsequent filter call per (page, destpage) pair into a no-op,
     apparently in an attempt to prevent *recursive* filtering (which as
     far as we can tell can't happen anyway), with the undesired effect
     of interpreting the raw .po file as page content (e.g. Markdown)
     if it was inlined into the same page twice, which is apparently
     something that tails.org does. Simplify this by deleting the code
     that prevented repeated filtering. Thanks, intrigeri
     (Closes: #911356)

---
   Module Name: pkgsrc
   Committed By:        schmonz
   Date:                Thu Feb 28 22:20:01 UTC 2019

   Modified Files:
        pkgsrc/www/ikiwiki: Makefile

   Log Message:
   Add dependency on p5-LWPx-ParanoidAgent. Ride recent version bump.

diffstat:

 www/ikiwiki/Makefile |   6 +++---
 www/ikiwiki/distinfo |  13 +++++--------
 2 files changed, 8 insertions(+), 11 deletions(-)

diffs (42 lines):

diff -r e3dcf110e857 -r 7a6eef4f118d www/ikiwiki/Makefile
--- a/www/ikiwiki/Makefile      Wed Mar 06 13:43:24 2019 +0000
+++ b/www/ikiwiki/Makefile      Wed Mar 06 15:06:57 2019 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.159 2018/10/22 04:33:25 schmonz Exp $
+# $NetBSD: Makefile,v 1.159.2.1 2019/03/06 15:06:57 bsiegert Exp $
 #
 
-DISTNAME=              ikiwiki_3.20180311.orig
+DISTNAME=              ikiwiki_3.20190228.orig
 PKGNAME=               ${DISTNAME:S/_/-/:S/.orig//}
-PKGREVISION=           4
 CATEGORIES=            www textproc
 MASTER_SITES=          ${MASTER_SITE_DEBIAN:=pool/main/i/ikiwiki/}
 EXTRACT_SUFX=          .tar.xz
@@ -31,6 +30,7 @@
 DEPENDS+=              p5-File-MimeInfo-[0-9]*:../../devel/p5-File-MimeInfo
 DEPENDS+=              p5-gettext-[0-9]*:../../devel/p5-gettext
 DEPENDS+=              p5-YAML-LibYAML-[0-9]*:../../textproc/p5-YAML-LibYAML
+DEPENDS+=              p5-LWPx-ParanoidAgent-[0-9]*:../../www/p5-LWPx-ParanoidAgent
 
 WRKSRC=                        ${WRKDIR}/${PKGNAME_NOREV:S/ikiwiki-/IkiWiki-/}
 PERL5_PACKLIST=                auto/IkiWiki/.packlist
diff -r e3dcf110e857 -r 7a6eef4f118d www/ikiwiki/distinfo
--- a/www/ikiwiki/distinfo      Wed Mar 06 13:43:24 2019 +0000
+++ b/www/ikiwiki/distinfo      Wed Mar 06 15:06:57 2019 +0000
@@ -1,10 +1,7 @@
-$NetBSD: distinfo,v 1.130 2018/10/22 04:33:25 schmonz Exp $
+$NetBSD: distinfo,v 1.130.2.1 2019/03/06 15:06:57 bsiegert Exp $
 
-SHA1 (ikiwiki_3.20180311.orig.tar.xz) = 9c567bb9f46e8a86a41ddc2358d0426248934e33
-RMD160 (ikiwiki_3.20180311.orig.tar.xz) = 22a2f1963e73fae82a7a6a29c84488c898c7c4fa
-SHA512 (ikiwiki_3.20180311.orig.tar.xz) = 12042d90217995eb43d47df1e81cbced825fc2b2262893680447448abac88ef5279bcddd6c438613b41c4f35308a4f1e8d23157e018bb99d883bc0941af1d469
-Size (ikiwiki_3.20180311.orig.tar.xz) = 2639052 bytes
-SHA1 (patch-IkiWiki_Plugin_graphviz.pm) = 7fb033dfa46a3cdffd591fcf6af338399107572b
-SHA1 (patch-IkiWiki_Wrapper.pm) = 68a9c4c64b5e95bbb6dec721ea95dc27cecb1bc9
-SHA1 (patch-doc_ikiwiki_directive_graph.mdwn) = 78e3a7e2151ab122fe770b3a0d75759a00e978a2
+SHA1 (ikiwiki_3.20190228.orig.tar.xz) = 46f5b0a1498c1e098fe248eae1f2e3f56b25dc2f
+RMD160 (ikiwiki_3.20190228.orig.tar.xz) = f47968a69528aea864ad412c8508a8c5063edb9d
+SHA512 (ikiwiki_3.20190228.orig.tar.xz) = 125147d83dae6166b45541ed9176398ba4bd22ef3389d3efb3f442e558e326e0b004583d29aa32ed4bfca489c9d55b4232f074aab5fa649e51d9edd103685172
+Size (ikiwiki_3.20190228.orig.tar.xz) = 2672244 bytes
 SHA1 (patch-ikiwiki-mass-rebuild) = b8d5785d77736508de9cfc0f059cc36e0e607bce



Home | Main Index | Thread Index | Old Index