Commit graph

30 commits

Author SHA1 Message Date
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
wiz
c1b44346cd Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.
2014-05-09 07:36:53 +00:00
wiz
790a0d6941 Update to 1.9.7:
Version 1.9.7:
  SECURITY HINT: make sure you have allow_xslt = False (or just do not use
  allow_xslt at all in your wiki configs, False is the internal default).
  Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.

  HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.

  New features:
  * passlib support - enhanced password hash security. Special thanks go to
    the Python Software Foundation (PSF) for sponsoring development of this!

    Docs for passlib: http://packages.python.org/passlib/

    If cfg.passlib_support is True (default), we try to import passlib and set
    it up using the configuration given in cfg.passlib_crypt_context (default
    is to use sha512_crypt with default configuration from passlib).

    The passlib docs recommend 3 hashing schemes that have good security, but
    some of them have additional requirements:
    sha512_crypt needs passlib >= 1.3.0, no other requirements.
    pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
    bcrypt has additional binary/compiled package requirements, please refer to
    the passlib docs.

    cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
    wanted for new password hash creation and also for upgrading existing
    password hashes.

    For the moin code as distributed in our download release archive, passlib
    support should just work, as we have passlib 1.6.1 bundled with MoinMoin
    as MoinMoin/support/passlib. If you use some other moin package, please
    first check if you have moin AND passlib installed (and also find out the
    passlib version you have installed).

    If you do NOT want to (not recommended!) or can't use (still using python
    2.4?) passlib, you can disable it your wiki config:

        passlib_support = False  # do not import passlib
        password_scheme = '{SSHA}'  # use best builtin hash (like moin < 1.9.7)

    Please note that after you have used moin with passlib support and have user
    profiles with passlib hashes, you can't just switch off passlib support,
    because if you did, moin would not be able to log in users with passlib
    password hashes. Password recovery would still work, though.

    password_scheme always gives the password scheme that is wanted for new or
    recomputed password hashes. The code is able to upgrade and downgrade hashes
    at login time and also when setting / resetting passwords for one or all
    users (via the wiki web interface or via moin account resetpw script
    command).

    So, if you want that everybody uses strong, passlib-created hashes,
    resetting the passwords for all users is strongly recommended:
    First have passlib support switched on (it is on by default), use
    password_scheme = '{PASSLIB}' (also default), then reset all passwords.

    Same procedure can be used to go back to weaker builtin hashes (not
    recommended): First switch off passlib support, use password_scheme =
    '{SSHA}', then reset all passwords.

    Wiki farm admins sharing the same user_dir between multiple wikis must use
    consistent password hashing / passlib configuration settings for all wikis
    sharing the same user_dir. Using the builtin defaults or doing the
    configuration in farmconfig.py is recommended.

    Admins are advised to read the passlib docs (especially when experiencing
    too slow logins or when running old passlib versions which may not have
    appropriate defaults for nowadays):
    http://packages.python.org/passlib/new_app_quickstart.html#choosing-a-hash
    http://packages.python.org/passlib/password_hash_api.html#choosing-the-right-rounds-value

  * Password mass reset/invalidation support, see docs/resetpw/.
    This is useful to make sure everybody sets a new password and moin computes
    the password hash using the current configuration.

  * Customizable default password checker:
    Moin's default password checker used and still uses min_length=6 (minimum pw
    length) and min_different=4 (minimum count of different chars in the password).
    If you feel that you need to require better passwords from your users, you
    can customize it now like that in your wiki config:

    password_checker = lambda cfg, request, name, pw: multiconfig._default_password_checker(cfg, request, name, pw, min_length=10, min_different=7)

  * Removing/disabling inactive users (moin ... account inactive)
    Many wikis have a lot of inactive users, that never ever made a single edit.
    See help of the command for more details, be careful.
  * SystemAdmin user browser: show disabled user accounts at the bottom of
    the list
  * At startup, announce moin version and code path in log output (makes
    support and debugging easier).
  * AttachList: introduced search_term parameter (optional) for listing
    attachments filtered by a regular expression on their name.
  * sign release archive using GnuPG with the key of tw@waldmann-edv.de
    ID 31A6CB60 (main key ID FAF7B393)

  Fixes:
  * logging: if the logging config file can't be read, give a helpful error msg
  * logging: use info loglevel (not warning) for telling about using the builtin
    default logging config
  * moin script commands: warn if someone gave ... to the moin script, avoids a
    strange and unhelpful 'empty module name' error message
  * reorder html input fields in recoverpass form, to help browsers remember
    the user name and password (not erroneously the recovery token and password)
  * don't try to send password recovery email to user if email address in
    user profile is empty
  * cache action: fix 304 http status
  * rst parser: fix safe_import for level param in __import__ call of docutils 0.10
  * moin maint cleancache: also kill the i18n cache 'meta' pickle file
  * sendmail: catch unicode errors when E-Mail addr has non-ascii chars
  * redirect last visited: if last visited page is on same wiki, use a local
    redirect, do not compute via interwiki map (fixes https: usage)
2014-01-20 20:17:05 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
gls
2b7d117387 Pkgsrc changes:
---------------

- /usr/bin/env police

Upstream Changes:
-----------------

Version 1.9.6:

  SECURITY HINT: make sure you have allow_xslt = False (or just do not use
  allow_xslt at all in your wiki configs, False is the internal default).
  Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.

  HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.

  Fixes:
  * fix remote code execution vulnerability in twikidraw/anywikidraw action
  * fix path traversal vulnerability in AttachFile action
  * fix XSS issue, escape page name in rss link
  * escape user- or admin-defined css url
  * make taintfilename more secure
  * use a constant time str comparison function to prevent timing attacks
  * Attachment handler: catch all Zip-related errors

Version 1.9.5:

  Fixes:
   * Security fix: fix virtual group bug in ACL evaluation.
   * Avoid crash if #refresh processing instruction is used without arguments.
   * Fix issue with non-ASCII textchas.
   * Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
     after page save.
   * Fix dictionary file reading crash under Windows.
   * Work around crash of AdvancedSearch macro rendering caused by non-ascii
     mimetypes.types_map entries.
   * Added migration script for moin 1.8.9.
   * rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
     listed in feed and not just last page diffs). Links generated with ddiffs=1
     also fixed.
   * rss_rc: fix double escaping issue.
   * rss_rc: respect show_names configuration option.
   * rss_rc: proper support of rename, revert, page creation.
   * modern/modernized theme: fix padding/width for editor preview
   * group/pagelinks formatters: avoid to create unnecessary output, redirect
     output of send_page call with the groups formatter, it must not be written
     to the output stream
   * rst parser: fix include and macro directives
   * wikisync: fix unicode pagename sending for python 2.7 httplib

  New features:
   * add a comment_required config option (default: False) to require a
     non-empty comment when saving a page
   * when a save error happens, show the editor again and highlight the error
   * rss_rc: several new options added: lines parameter gives ability to set
     maximum size of diffs showed in RSS. show_att parameter gives ability
     to show information aboout attachment-related items in RSS. page parameter
     gives ability to specify set of pages for which changes RSS feed should be
     generated. Configuration of defaults and limits can now be done via wiki
     configuration mechanism.
   * As soon as it is now possible to provide RSS for page change history,
     appropriate alternate link is now added for every page (controlled by
     rss_show_page_history_link configuration parameter).
   * Search: "no_highlight:" search query option provided for suppressing
     highlighting search results.
   * Search macros: new options for FullSearch, FullSearchCached and PageList
     available:
     * highlight_titles option controls highlighting of matches in search
       results provided by these macros. Default value is set in
       search_macro_highlight_titles configuration option)
     * highlight_pages option controls adding of highlight URL parameter to
       page links (so search term is highlighted when user goes to one of
       these pages via provided link) in search results. Default value is set
       in search_macro_highlight_pages configuration option.
     Usage of these options is disabled (via search_macro_parse_args
     configuration option) by default due to behavioural changes introduced
     in macro parameter parsing mechanism to support them. Related to
     http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight .

  Other changes:
   * Remove 4suite dependency for docbook formatter, use minidom (included in
     Python).
   * Upgraded FCKeditor to 2.6.8.
2013-01-03 18:54:38 +00:00
asau
5eae6a18a3 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-28 06:30:00 +00:00
cheusov
4b97be0632 Bump revision for packages with changed CONFLICTS (PYTHON_SELF_CONFLICT) 2012-10-04 00:21:58 +00:00
cheusov
11c7685b77 CONFLICTS between python modules 2012-10-03 23:40:35 +00:00
wiz
63e125ab27 Remove patches that are not needed after 1.9.4 update. 2012-06-03 22:49:50 +00:00
wiz
264862a6c9 Update to 1.9.4:
This release ist mostly about security and bug fixes and a few
minor changes (including Python 2.7 compatibility).
2012-06-03 22:49:25 +00:00
wiz
c595076396 All supported python versions in pkgsrc support eggs, so remove
${PLIST.eggfile} from PLISTs and support code from lang/python.
2012-04-08 20:21:41 +00:00
wiz
aada88e659 Remove python24 and all traces of it from pkgsrc.
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
2012-04-08 19:08:44 +00:00
obache
26e6c1bc34 * no need to buildlink with zlib, just require python built with zlib support.
* no compiler languages is required to build.
* `/usr/bin/env python' shebang are also be handled with REPLACE_PYTHON.
* distutils pkg, register egg-info.
* add an patch for python27, from upstream repo.

Bump PKGREVISION.
2012-01-27 05:52:40 +00:00
gls
b690ad66e6 Add a fix for CVE CVE 2011-1058.
Taken from http://moinmo.in/SecurityFixes
2011-03-07 20:51:40 +00:00
wiz
f09b8dbca6 Let's assume for now that everything that worked with python-2.6 also
works with python-2.7.
2011-02-25 09:47:18 +00:00
obache
22b2f4f81a Update py-moin to 1.9.3.
PR#43524 by Wen Heping.

Known main issues:

  * The GUI WYSIWYG editor has still some issues and limitations.
    If you can't live with those, you can simply switch it off by using:
    editor_force = True
    editor_default = 'text'  # internal default, just for completeness

Version 1.9.3:
  Fixes:
  * Fix XSS in Despam action (CVE-2010-0828).
  * Fix XSS issues (see MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg):
    * by escaping template name in messages
    * by fixing other places that had similar issues
  * Make moin compatible to werkzeug 0.5 .. 0.6.2 (1.9.2 had issues
    with xmlrpc when used with werkzeug 0.6.x).
  * MoinMoin.util.filesys: disable usage of dircache, deprecate dc* functions,
    because the dircache stdlib module can't work correctly for fast updates of
    directories.
  * rss_rc and sisterpages actions: fix Content-Type header (mimetype)
  * Fix associating OpenID identity with user, wasn't adapted to werkzeug yet.
  * openidrp auth: fix undefined _ (gettext)
  * Fix auth.cas and userprefs.oidserv request object usage.
  * highlight parser: fixed MoinMoinBugs/LineNumberSpansForProcessInstructionsMissed
  * Pygments syntax highlighting: add missing code files
  * Notifications: use same email subject format for every notification
  * Fix docbook formatter crashing, see MoinMoinPatch/IncludeMacroWithDocBookFormatter
  * Fix regex content search for xapian search.
  * Get rid of the empty line at the end of code highlights.
  * GUI editor: compute editor height like the text editor does.
  * Added help texts for: standalone server and moin migration.
  * script.maint.cleancache: clean also i18n cache files
  * Improved formatter.text_plain, see FeatureRequests/TextPlainFormatterRewrite
    (fixes many issues of this formatter).
  * text_html_text_moin_wiki: fixed index error for width="", see also:
    MoinMoinBugs/GUI_convertor_list_index_out_of_range
  * xmlrpc: disable editor backup for putPage, renamePage and revertPage
    because if pages get uploaded by xmlrpc then the draft cache file can
    rapidly increase in size, causing high memory usage because it needs to
    get loaded into memory for updating/processing.
  * Emit Content-Type header (with charset) for SlideShow action and many other
    actions that just call send_title().
  * ActionBase: better compatibility to moin 1.8, use request.values by
    default, optionally use request.form data only

  New features:
  * RenamePage action: added ability to create redirect pages when renaming
    (turned off by default, see show_rename_redirect config option).
  * formatter/text_html: Added line number links to code blocks.
  * diff action:
    * Fixed whitespace in generated (html) diff view table so white-space: pre
      can be used (and whitespace in diffs preserved).
    * Added links to first/last revision.
  * MoinMoin.widget.browser: introduced feature for sorting tables, see:
    http://moinmo.in/FeatureRequests/SortableTables
  * SystemAdmin user and attachment browsers: sorting feature used there now
  * Scrolling the text editor to the double clicked line.
  * Enable double-click-editing by default.
  * WikiConfigHelp macro: make heading and description display optional,
    heading level as a parameter (default 2)
  * If edit ticket check fails, send the editor with the current content.
  * moin import wikipage - use this script to import local files as a wiki page

  Other changes:
  * upgraded pygments from 1.2.2 to 1.3.1
  * upgraded FCKeditor from 2.6.4.1 to 2.6.6
  * added configuration snippet for ldap authentication against 2 servers
  * improved script help output
2010-07-09 11:38:36 +00:00
pettai
a78b4a6657 Major features/improvements (1.9):
* New modular group and dict data access, you can use group and dict
  backend modules to access group and dict data stored anywhere you like.
* Improved Xapian indexing / search
* Improved drawing support
* Themes / static files related
* Syntax highlighting is based on the pygments library now
* Authentication improvements
* Sessions / cookies improvements
* Macros fuctions improved
* More Actions added/improved
* Improved logging / debugging / developer support
* GUI editor: improved attachment dialog
* "moin ... account homepage" script to create user homepages

A bunch of bugfixes!

For the full Changelog, see: http://moinmo.in/MoinMoinRelease1.9

ok'ed during the freeze by agc@
2010-03-20 21:12:03 +00:00
wiz
d9e31b7cfb DEPENDS should be right after MAINTAINER block, reorder. 2010-01-27 08:46:23 +00:00
joerg
e031855e4a Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 22:00:14 +00:00
joerg
6c81f199f6 Uses list comprehension. 2008-10-02 12:18:27 +00:00
joerg
90f0529aec Update MoinMoin to 1.7.1:
- Fix a Cross Site Scripting attack
- changes in caching API

Changes in 1.7.0:
- new event/notification/authentication/session framework
- OpenID support
- improvements for LDAP auth, attachment performance, logging etc
2008-07-24 08:38:03 +00:00
tnn
78f5c45ebf Mention MoinMoin in the COMMENT to make the package easier to find, given
the non-obvious PKGNAME.
2008-07-22 20:17:24 +00:00
joerg
d28f16282a Update to moin 1.6.3. This fixes bugs in the ACL parser for all entries
but Known: and All:, hierarchical ACL processing and the use of include
in rst files. Many other updates included as well.
2008-05-07 10:02:44 +00:00
joerg
a77e7015fe Update PYTHON_VERSIONS_COMPATIBLE
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
2008-04-25 20:39:06 +00:00
joerg
588cbf7568 Update py-moin to 1.6.1.
Major new features:
* quickly working standalone mode (similar to DesktopEdition)
* xapian index search (including attachments of supported mimetypes)
* WikiSynchronisation
* moin can receive email now
* wiki parser: easier link and transclusion markup (and new macro
  markup)
* new parsers for: creole wiki markup, html (safe), diffs
* discussion pages
* inline comments
* hierarchical ACLs (see HelpOnAccessControlLists)
* new anti-spam feature: TextChas
* SisterSites support
* new xmlrpc methods, easier auth, multicall support
* Improved params for [[target|label|params]]:
* AdvancedSearch: make multiple categories/languages/mimetype selections
  possible
* Added a configuration directive to only do one bind to the LDAP
  server.

+ many bugfixes, including at least one XSS fix.
2008-03-15 18:16:51 +00:00
obache
03e9d4affd HOMEPAGE moved. 2008-03-11 04:19:04 +00:00
reed
d37c87558b Fix (or update?) HOMEPAGE. 2006-12-20 04:56:53 +00:00
joerg
b971f467d9 Explicitly depend on py-expat, as it is needed for the GUI editor.
Fixes PR 34912. Bump revision.
2006-10-25 18:57:34 +00:00
joerg
c42effebcd Make pkglint happy. 2006-07-31 17:06:50 +00:00
joerg
47a1c24f7b Import www/py-moin. From DESCR:
A WikiWikiWeb is a collaborative hypertext environment, with an
emphasis on easy access to and modification of information. MoinMoin
is a Python WikiClone that allows you to easily set up your own wiki,
only requiring a Python installation.
2006-07-31 17:04:59 +00:00