www/moinmoin: update to 1.9.5

Fixes:
   * Security fix: fix virtual group bug in ACL evaluation.
     [was already backported to FreeBSD's 1.9.4_1].
   * Avoid crash if #refresh processing instruction is used
     without arguments.
   * Fix issue with non-ASCII textchas.
   * Xapian indexing: remove copy.copy() that crashed on
     Windows/IIS/isapi-wsgi after page save.
   * Fix dictionary file reading crash under Windows.
   * Work around crash of AdvancedSearch macro rendering caused by
     non-ascii mimetypes.types_map entries.
   * Added migration script for moin 1.8.9.
   * rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond
     to item listed in feed and not just last page diffs). Links
     generated with ddiffs=1 also fixed.
   * rss_rc: fix double escaping issue.
   * rss_rc: respect show_names configuration option.
   * rss_rc: proper support of rename, revert, page creation.
   * modern/modernized theme: fix padding/width for
     editor preview
   * group/pagelinks formatters: avoid to create
     unnecessary output, redirect output of send_page call with the
     groups formatter, it must not be written to the output stream
   * rst parser: fix include and macro directives
   * wikisync: fix unicode pagename sending for python 2.7 httplib

  New features:
   * add a require_comment config option (default: False) to require
     a non-empty comment when saving a page
   * when a save error happens, show the editor again and highlight
   * the error rss_rc: several new options added: lines parameter
     gives ability to set maximum size of diffs showed in RSS.
     show_att parameter gives ability to show information aboout
     attachment-related items in RSS. page parameter gives ability to
     specify set of pages for which changes RSS feed should be
     generated. Configuration of defaults and limits can now be done
     via wiki configuration mechanism.
   * As soon as it is now possible to provide RSS for page change
     history, appropriate alternate link is now added for every page
     (controlled by rss_show_page_history_link configuration
     parameter).
   * Search: "no_highlight:" search query option provided for
     suppressing highlighting search results.
   * Search macros: new options for FullSearch, FullSearchCached and
     PageList available:
     * highlight_titles option controls highlighting of matches in
       search results provided by these macros. Default value is set
       in search_macro_highlight_titles configuration option)
     * highlight_pages option controls adding of highlight URL
       parameter to page links (so search term is highlighted when
       user goes to one of these pages via provided link) in search
       results. Default value is set in search_macro_highlight_pages
       configuration option.
     Usage of these options is disabled (via search_macro_parse_args
     configuration option) by default due to behavioural changes
     introduced in macro parameter parsing mechanism to support them.
     Related to
     http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight
       .

  Other changes:
   * Remove 4suite dependency for docbook formatter, use minidom
     (included in Python).
   * Upgraded FCKeditor to 2.6.8.

Feature safe:	yes
PR:		172832
QA page:	http://codelabs.ru/fbsd/ports/qa/www/moinmoin/1.9.5
Approved by:	maintainer timeout (2 weeks)
This commit is contained in:
Eygene Ryabinkin 2012-11-05 19:01:08 +00:00
parent 50c2ab6d9e
commit 65f61237e6
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=307023
4 changed files with 9 additions and 141 deletions

View file

@ -6,8 +6,7 @@
#
PORTNAME= moinmoin
PORTVERSION= 1.9.4
PORTREVISION= 1
PORTVERSION= 1.9.5
CATEGORIES= www python
MASTER_SITES= http://static.moinmo.in/files/
DISTNAME= moin-${PORTVERSION}

View file

@ -1,2 +1,2 @@
SHA256 (moin-1.9.4.tar.gz) = a11502c31ce617a51d2f96be0d71a5fb3e7736c748ddd957aacfc23f9babe395
SIZE (moin-1.9.4.tar.gz) = 36718571
SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c
SIZE (moin-1.9.5.tar.gz) = 36740561

View file

@ -1,137 +0,0 @@
Obtained-from: http://hg.moinmo.in/moin/1.9/raw-rev/7b9f39289e16
# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1346679035 -7200
# Node ID 7b9f39289e16b37344480025f191d8b64480c834
# Parent 0e58d9bcd3bd8ab3a89506d66bc0c8df85c16d2c
security fix: fix virtual group bug in ACL evaluation, add a test for it
affected moin releases: all 1.9 releases up to and including 1.9.4
moin releases < 1.9 are NOT affected.
You can find out the moin version by looking at SystemInfo page or at the
output of <<SystemInfo>> macro.
Issue description:
We have code that checks whether a group has special members "All" or "Known"
or "Trusted", but there was a bug that checked whether these are present in
the group NAME (not, as intended, in the group MEMBERS).
a) If you have group MEMBERS like "All" or "Known" or "Trusted", they did not
work until now, but will start working with this changeset.
E.g. SomeGroup:
* JoeDoe
* Trusted
SomeGroup will now (correctly) include JoeDoe and also all trusted users.
It (erroneously) contained only "JoeDoe" and "Trusted" (as a username, not
as a virtual group) before.
b) If you have group NAMES containing "All" or "Known" or "Trusted", they behaved
wrong until now (they erroneously included All/Known/Trusted users even if
you did not list them as members), but will start working correctly with this
changeset.
E.g. AllFriendsGroup:
* JoeDoe
AllFriendsGroup will now (correctly) include only JoeDoe.
It (erroneously) contained all users (including JoeDoe) before.
E.g. MyTrustedFriendsGroup:
* JoeDoe
MyTrustedFriendsGroup will now (correctly) include only JoeDoe.
It (erroneously) contained all trusted users and JoeDoe before.
diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/__init__.py
--- MoinMoin/security/__init__.py Fri Aug 03 17:36:02 2012 +0200
+++ MoinMoin/security/__init__.py Mon Sep 03 15:30:35 2012 +0200
@@ -320,11 +320,12 @@
handler = getattr(self, "_special_"+entry, None)
allowed = handler(request, name, dowhat, rightsdict)
elif entry in groups:
- if name in groups[entry]:
+ this_group = groups[entry]
+ if name in this_group:
allowed = rightsdict.get(dowhat)
else:
for special in self.special_users:
- if special in entry:
+ if special in this_group:
handler = getattr(self, "_special_" + special, None)
allowed = handler(request, name, dowhat, rightsdict)
break # order of self.special_users is important
diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/_tests/test_security.py
--- MoinMoin/security/_tests/test_security.py Fri Aug 03 17:36:02 2012 +0200
+++ MoinMoin/security/_tests/test_security.py Mon Sep 03 15:30:35 2012 +0200
@@ -16,10 +16,11 @@
acliter = security.ACLStringIterator
AccessControlList = security.AccessControlList
+from MoinMoin.datastruct import ConfigGroups
from MoinMoin.PageEditor import PageEditor
from MoinMoin.user import User
-from MoinMoin._tests import become_trusted, create_page, nuke_page
+from MoinMoin._tests import wikiconfig, become_trusted, create_page, nuke_page
class TestACLStringIterator(object):
@@ -248,6 +249,50 @@
assert not acl.may(self.request, user, right)
+class TestGroupACL(object):
+
+ class Config(wikiconfig.Config):
+ def groups(self, request):
+ groups = {
+ u'PGroup': frozenset([u'Antony', u'Beatrice', ]),
+ u'AGroup': frozenset([u'All', ]),
+ # note: the next line is a INTENDED misnomer, there is "All" in
+ # the group NAME, but not in the group members. This makes
+ # sure that a bug that erroneously checked "in groupname" (instead
+ # of "in groupmembers") does not reappear.
+ u'AllGroup': frozenset([]), # note: intended misnomer
+ }
+ return ConfigGroups(request, groups)
+
+ def testApplyACLByGroup(self):
+ """ security: applying acl by group name"""
+ # This acl string...
+ acl_rights = [
+ "PGroup,AllGroup:read,write,admin "
+ "AGroup:read "
+ ]
+ acl = security.AccessControlList(self.request.cfg, acl_rights)
+
+ # Should apply these rights:
+ users = (
+ # user, rights
+ ('Antony', ('read', 'write', 'admin', )), # in PGroup
+ ('Beatrice', ('read', 'write', 'admin', )), # in PGroup
+ ('Charles', ('read', )), # virtually in AGroup
+ )
+
+ # Check rights
+ for user, may in users:
+ mayNot = [right for right in self.request.cfg.acl_rights_valid
+ if right not in may]
+ # User should have these rights...
+ for right in may:
+ assert acl.may(self.request, user, right)
+ # But NOT these:
+ for right in mayNot:
+ assert not acl.may(self.request, user, right)
+
+
class TestPageAcls(object):
""" security: real-life access control list on pages testing
"""

View file

@ -847,6 +847,9 @@ bin/moin
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.pyo
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.pyo
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.pyo
@ -865,6 +868,9 @@ bin/moin
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.pyo
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc
%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo