- Update to 3.5.8 (including XSS problem fix).

Submitted by:	Toshiya SAITOH <toshiya@saitoh.nu>
PR:		ports/81520

security/vuxml/vuln.xml

@@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="84479a62-ca5f-11d9-b772-000c29b00e99">
+    <topic>fswiki - XSS problem in file upload form</topic>
+    <affects>
+      <package>
+	<name>fswiki</name>
+	<range><le>3.5.6</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>A JP Vendor Status Notes</p>
+	<blockquote cite="http://jvn.jp/jp/JVN%23465742E4/index.html">
+	  <p>There is a problem in fswiki (and other Wiki clones) which
+	    may cause XSS vulnerability.
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <freebsdpr>ports/81520</freebsdpr>
+      <url>http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D5%2D19</url>
+      <url>http://jvn.jp/jp/JVN%23465742E4/index.html</url>
+    </references>
+    <dates>
+      <discovery>2005-05-19</discovery>
+      <entry>2005-05-29</entry>
+    </dates>
+  </vuln>
   <vuln vid="2fbe16c2-cab6-11d9-9aed-000e0c2e438a">
     <topic>freeradius -- sql injection and denial of service vulnerability</topic>
     <affects>

www/fswiki/Makefile

@@ -6,10 +6,10 @@
 #
 
 PORTNAME=	fswiki
-PORTVERSION=	3.5.6
+PORTVERSION=	3.5.8
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE_JP}
-MASTER_SITE_SUBDIR=	fswiki/10997
+MASTER_SITE_SUBDIR=	fswiki/14798
 DISTNAME=	wiki${PORTVERSION:S|.|_|g}
 
 MAINTAINER=	kuriyama@FreeBSD.org

www/fswiki/distinfo

@@ -1,2 +1,2 @@
-MD5 (wiki3_5_6.zip) = eb457832bba33342338813ec9d57b708
-SIZE (wiki3_5_6.zip) = 890151
+MD5 (wiki3_5_8.zip) = e20274ca6b34f4d055cfc58aca834650
+SIZE (wiki3_5_8.zip) = 876214

www/fswiki/files/patch-CGI2.pm

@@ -1,20 +0,0 @@
---- lib/CGI2.pm.orig	Sun Aug 22 13:49:49 2004
-+++ lib/CGI2.pm	Mon Nov  8 12:55:21 2004
-@@ -30,7 +30,7 @@
- 	my $dir   = $wiki->config('session_dir');
- 	my $limit = $wiki->config('session_limit');
- 	
--	opendir(SESSION_DIR,$dir) or die $!;
-+	opendir(SESSION_DIR,$dir) or die "$!: $dir";
- 	my $timeout = time() - (60 * $limit);
- 	while(my $entry = readdir(SESSION_DIR)){
- 		if($entry =~ /^cgisess_/){
-@@ -54,7 +54,7 @@
- 	# セッション開始フラグが立っておらず、CookieにセッションIDが
- 	# 存在しない場合はセッションを生成しない
- 	if(!defined($self->{session_cache})){
--		if($start!=1 && $self->cookie(-name=>'CGISESSID') eq ""){
-+		if((not defined $start or $start!=1) && $self->cookie(-name=>'CGISESSID') eq ""){
- 			return undef;
- 		}
- 		my $dir   = $wiki->config('session_dir');

www/fswiki/files/patch-DefaultStorage.pm

@@ -1,17 +0,0 @@
---- lib/Wiki/DefaultStorage.pm.orig	Sun Aug 22 13:49:52 2004
-+++ lib/Wiki/DefaultStorage.pm	Mon Nov  8 12:56:44 2004
-@@ -324,12 +324,12 @@
- 	my $page = shift;
- 	my $path = shift;
- 	
--	if(defined($self->{exists_cache}->{"$path:$page"})){
-+	if($self->{exists_cache} and defined($self->{exists_cache}->{"$path:$page"})){
- 		return $self->{exists_cache}->{"$path:$page"};
- 	}
- 	
- 	my $dir = $self->{wiki}->config('data_dir');
--	if($path ne ""){
-+	if(defined $path and $path ne ""){
- 		$dir = "$dir/$path";
- 	}
- 	

www/fswiki/files/patch-Wiki.pm

@@ -1,20 +0,0 @@
---- lib/Wiki.pm.orig	Sun Aug 22 13:49:50 2004
-+++ lib/Wiki.pm	Mon Nov  8 12:56:01 2004
-@@ -41,7 +41,7 @@
- 	# ÀßÄê¤òÆɤ߹þ¤ß
- 	my $setupfile = shift || 'setup.dat';
- 	$self->{"config"} = &Util::load_config_hash(undef,$setupfile);
--	die "setup file ${setupfile} not found" if scalar(%{$self->{"config"}}) == 0;
-+	die "setup file ${setupfile} not found" if (keys %{$self->{"config"}} == 0);
- 	$self->{"config"}->{"plugin_dir"} = "."         unless exists($self->{"config"}->{"plugin_dir"});
- 	$self->{"config"}->{"frontpage"}  = "FrontPage" unless exists($self->{"config"}->{"frontpage"});
- 	unshift(@INC, $self->{"config"}->{"plugin_dir"});
-@@ -1444,7 +1444,7 @@
- sub farm_is_enable {
- 	my $self = shift;
- 	my $farm_config = &Util::load_config_hash($self,$self->config('farmconf_file'));
--	if($farm_config->{usefarm}==1){
-+	if(defined $farm_config->{usefarm} and $farm_config->{usefarm}==1){
- 		return 1;
- 	} else {
- 		return 0;

www/fswiki/pkg-plist

@@ -12,17 +12,16 @@
 %%DATADIR%%/docs/API/Parser.pm.html
 %%DATADIR%%/docs/API/Util.pm.html
 %%DATADIR%%/docs/API/Wiki.pm.html
+%%DATADIR%%/docs/API/makedoc.bat
 %%DATADIR%%/docs/API/makedoc.pl
 %%DATADIR%%/docs/API/makedoc.sh
 %%DATADIR%%/docs/changes.html
 %%DATADIR%%/docs/default.css
 %%DATADIR%%/docs/gpl.txt
+%%DATADIR%%/docs/makedoc.bat
 %%DATADIR%%/docs/makedoc.sh
 %%DATADIR%%/docs/readme.html
 %%DATADIR%%/lib/Algorithm/Diff.pm
-%%DATADIR%%/lib/Archive/Tar.pm
-%%DATADIR%%/lib/Archive/Tar/Constant.pm
-%%DATADIR%%/lib/Archive/Tar/File.pm
 %%DATADIR%%/lib/Bundle/LWP.pm
 %%DATADIR%%/lib/CGI/Session.pm
 %%DATADIR%%/lib/CGI/Session/BluePrint.pm
@@ -181,12 +180,12 @@
 %%DATADIR%%/plugin/access/AccessDays.pm
 %%DATADIR%%/plugin/access/Install.pm
 %%DATADIR%%/plugin/admin/AccountHandler.pm
-%%DATADIR%%/plugin/admin/AdminBackupHandler.pm
 %%DATADIR%%/plugin/admin/AdminCacheHandler.pm
 %%DATADIR%%/plugin/admin/AdminConfigHandler.pm
 %%DATADIR%%/plugin/admin/AdminLogHandler.pm
 %%DATADIR%%/plugin/admin/AdminPageHandler.pm
 %%DATADIR%%/plugin/admin/AdminPluginHandler.pm
+%%DATADIR%%/plugin/admin/AdminSpamHandler.pm
 %%DATADIR%%/plugin/admin/AdminStyleHandler.pm
 %%DATADIR%%/plugin/admin/AdminUserHandler.pm
 %%DATADIR%%/plugin/admin/Install.pm
@@ -248,6 +247,7 @@
 %%DATADIR%%/plugin/core/RemoveWikiHandler.pm
 %%DATADIR%%/plugin/core/SendMail.pm
 %%DATADIR%%/plugin/core/ShowPage.pm
+%%DATADIR%%/plugin/core/SpamFilter.pm
 %%DATADIR%%/plugin/core/Source.pm
 %%DATADIR%%/plugin/core/Template.pm
 %%DATADIR%%/plugin/core/WikiList.pm
@@ -306,6 +306,7 @@
 %%DATADIR%%/theme/default/default.css
 %%DATADIR%%/tmpl/admin_cache.tmpl
 %%DATADIR%%/tmpl/admin_config.tmpl
+%%DATADIR%%/tmpl/admin_spam.tmpl
 %%DATADIR%%/tmpl/admin_style.tmpl
 %%DATADIR%%/tmpl/bbs.tmpl
 %%DATADIR%%/tmpl/bugtrack.tmpl
@@ -329,12 +330,10 @@
 @dirrm %%DATADIR%%/plugin/rename
 @dirrm %%DATADIR%%/plugin/recent
 @dirrm %%DATADIR%%/plugin/pdf
-@dirrm %%DATADIR%%/plugin/partedit
 @dirrm %%DATADIR%%/plugin/info
 @dirrm %%DATADIR%%/plugin/google
 @dirrm %%DATADIR%%/plugin/format
 @dirrm %%DATADIR%%/plugin/footnote
-@dirrm %%DATADIR%%/plugin/farm
 @dirrm %%DATADIR%%/plugin/editlog
 @dirrm %%DATADIR%%/plugin/core
 @dirrm %%DATADIR%%/plugin/comment
@@ -379,9 +378,6 @@
 @dirrm %%DATADIR%%/lib/CGI/Session
 @dirrm %%DATADIR%%/lib/CGI
 @dirrm %%DATADIR%%/lib/Bundle
-@dirrm %%DATADIR%%/lib/Archive/Zip
-@dirrm %%DATADIR%%/lib/Archive/Tar
-@dirrm %%DATADIR%%/lib/Archive
 @dirrm %%DATADIR%%/lib/Algorithm
 @dirrm %%DATADIR%%/lib
 @dirrm %%DATADIR%%/docs/API