Package: moin / 1.9.3-1+squeeze5

Metadata

Package Version Patches format
moin 1.9.3-1+squeeze5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
hardcode_configdir.patch | (download)

setup.py | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 hardcode configdir /etc/moin for "moin" script
 only applicable on systems like Debian using a system-wide config area
disable_gui_editor_if_fckeditor_missing.patch | (download)

MoinMoin/config/multiconfig.py | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 disable gui editor if fckeditor missing
 only applicable on Debian systems where a system-wide FCKeditor is used
 from a static location and might in some cases be missing
htdocs_moved_to_usr_share_moin.patch | (download)

MoinMoin/web/static/__init__.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 folder with static web pages are moved to /usr/share/moin/htdocs
 only applicable on Debian systems storing web pages system-wide
use_systemwide_libs.patch | (download)

setup.py | 27 14 + 13 - 0 !
1 file changed, 14 insertions(+), 13 deletions(-)

 use system-wide support libraries
 only applicable in concert with other means of ensuring availability of
 the libraries (done in packaging meta hints for Debian)
CVE 2011 1058.patch | (download)

MoinMoin/parser/text_rst.py | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

---
CVE 2012 XXX virtual group ACL.patch | (download)

MoinMoin/security/__init__.py | 5 3 + 2 - 0 !
MoinMoin/security/_tests/test_security.py | 47 46 + 1 - 0 !
2 files changed, 49 insertions(+), 3 deletions(-)


We have code that checks whether a group has special members "All" or "Known"
or "Trusted", but there was a bug that checked whether these are present in
the group NAME (not, as intended, in the group MEMBERS).

a) If you have group MEMBERS like "All" or "Known" or "Trusted", they did not
work until now, but will start working with this changeset.

E.g. SomeGroup:
 * JoeDoe
 * Trusted

SomeGroup will now (correctly) include JoeDoe and also all trusted users.

It (erroneously) contained only "JoeDoe" and "Trusted" (as a username, not
as a virtual group) before.

b) If you have group NAMES containing "All" or "Known" or "Trusted", they behaved
wrong until now (they erroneously included All/Known/Trusted users even if
you did not list them as members), but will start working correctly with this
changeset.

E.g. AllFriendsGroup:
 * JoeDoe

AllFriendsGroup will now (correctly) include only JoeDoe.
It (erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup:
 * JoeDoe

MyTrustedFriendsGroup will now (correctly) include only JoeDoe.
It (erroneously) contained all trusted users and JoeDoe before.

escape_css_url.patch | (download)

MoinMoin/theme/__init__.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
secure_taintfile_name.patch | (download)

MoinMoin/wikiutil.py | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---
draw taintfile.patch | (download)

MoinMoin/action/AttachFile.py | 8 8 + 0 - 0 !
MoinMoin/action/anywikidraw.py | 2 2 + 0 - 0 !
MoinMoin/action/twikidraw.py | 2 2 + 0 - 0 !
3 files changed, 12 insertions(+)

---
attachfile path traversal.patch | (download)

MoinMoin/action/AttachFile.py | 16 16 + 0 - 0 !
1 file changed, 16 insertions(+)

---
avoid_empty_dir_creation.patch | (download)

MoinMoin/theme/__init__.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---