rpms/moin/F-9 hierarchical_acl_fix_897cdbe9e8f2.patch, NONE, 1.1 moin.spec, 1.23, 1.24
Ville-Pekka Vainio
vpv at fedoraproject.org
Sat Jun 13 20:53:21 UTC 2009
- Previous message (by thread): rpms/purple-facebookchat/F-9 .cvsignore, 1.5, 1.6 import.log, 1.1, 1.2 purple-facebookchat-Makefile, 1.2, 1.3 purple-facebookchat.spec, 1.9, 1.10 sources, 1.8, 1.9
- Next message (by thread): rpms/cone/F-10 cone.spec,1.26,1.27 sources,1.12,1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: vpv
Update of /cvs/pkgs/rpms/moin/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3145
Modified Files:
moin.spec
Added Files:
hierarchical_acl_fix_897cdbe9e8f2.patch
Log Message:
* Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-2
- Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2
- Details at http://moinmo.in/SecurityFixes#moin_1.8.3
- Convert CHANGES to UTF-8
hierarchical_acl_fix_897cdbe9e8f2.patch:
--- NEW FILE hierarchical_acl_fix_897cdbe9e8f2.patch ---
# HG changeset patch
# User Christopher Denter <moin GUESSWHAT the DASH space DASH station ROUNDTHING com>
# Date 1244501152 -7200
# Node ID 897cdbe9e8f24cd43cd53129ce6a6467d8c7685a
# Parent 47c0ada5c1a26b2e7d995a99547d8a970037396a
Provide fix for recently added failing security tests.
--- a/MoinMoin/security/__init__.py Tue Jun 09 00:44:00 2009 +0200
+++ b/MoinMoin/security/__init__.py Tue Jun 09 00:45:52 2009 +0200
@@ -69,6 +69,10 @@
allowed = acl.may(request, username, right)
if allowed is not None:
return allowed
+ # If the item has an acl (even one that doesn't match) we *do not*
+ # check the parents. We only check the parents if there's no acl on
+ # the item at all.
+ break
if not some_acl:
allowed = cache.acl_rights_default.may(request, username, right)
if allowed is not None:
Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-9/moin.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- moin.spec 20 Apr 2009 15:23:41 -0000 1.23
+++ moin.spec 13 Jun 2009 20:52:51 -0000 1.24
@@ -3,7 +3,7 @@
Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
Name: moin
Version: 1.6.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: Applications/Internet
URL: http://moinmo.in/
@@ -27,6 +27,8 @@ Patch4: CVE-2009-0312_XSS_antispam.patch
# likely no XSS", still marked as a security patch. Needs to be done after
# 022_CVE-2009-0260_attach_file_XSS.patch, thus the numbering.
Patch5: 999_attachfile_fix_escaping_problems.patch
+# Hierarchical ACL fix released in 1.8.4
+Patch6: hierarchical_acl_fix_897cdbe9e8f2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel
BuildArch: noarch
@@ -45,6 +47,9 @@ editable web pages.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+# convert to UTF-8
+iconv -f iso8859-1 -t utf-8 docs/CHANGES -o docs/CHANGES.conv && mv -f docs/CHANGES.conv docs/CHANGES
%build
@@ -74,6 +79,11 @@ editable web pages.
%changelog
+* Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-2
+- Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2
+- Details at http://moinmo.in/SecurityFixes#moin_1.8.3
+- Convert CHANGES to UTF-8
+
* Mon Apr 20 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-1
- Update to 1.6.4
- CVE-2008-3381 fixed upstream
- Previous message (by thread): rpms/purple-facebookchat/F-9 .cvsignore, 1.5, 1.6 import.log, 1.1, 1.2 purple-facebookchat-Makefile, 1.2, 1.3 purple-facebookchat.spec, 1.9, 1.10 sources, 1.8, 1.9
- Next message (by thread): rpms/cone/F-10 cone.spec,1.26,1.27 sources,1.12,1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list