From f332778f6a6584338b1742027a0973421dfdccf3 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea@FreeBSD.org>
Date: Wed, 17 Oct 2012 10:54:01 +0400
Subject: [PATCH] www/moinmoin: update to 1.9.5

  Fixes:
   * Security fix: fix virtual group bug in ACL evaluation.
     [was already backported to FreeBSD's 1.9.4_1].
   * Avoid crash if #refresh processing instruction is used
     without arguments.
   * Fix issue with non-ASCII textchas.
   * Xapian indexing: remove copy.copy() that crashed on
     Windows/IIS/isapi-wsgi after page save.
   * Fix dictionary file reading crash under Windows.
   * Work around crash of AdvancedSearch macro rendering caused by
     non-ascii mimetypes.types_map entries.
   * Added migration script for moin 1.8.9.
   * rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond
     to item listed in feed and not just last page diffs). Links
     generated with ddiffs=1 also fixed.
   * rss_rc: fix double escaping issue.
   * rss_rc: respect show_names configuration option.
   * rss_rc: proper support of rename, revert, page creation.
   * modern/modernized theme: fix padding/width for
     editor preview
   * group/pagelinks formatters: avoid to create
     unnecessary output, redirect output of send_page call with the
     groups formatter, it must not be written to the output stream
   * rst parser: fix include and macro directives
   * wikisync: fix unicode pagename sending for python 2.7 httplib

  New features:
   * add a require_comment config option (default: False) to require
     a non-empty comment when saving a page
   * when a save error happens, show the editor again and highlight
   * the error rss_rc: several new options added: lines parameter
     gives ability to set maximum size of diffs showed in RSS.
     show_att parameter gives ability to show information aboout
     attachment-related items in RSS. page parameter gives ability to
     specify set of pages for which changes RSS feed should be
     generated. Configuration of defaults and limits can now be done
     via wiki configuration mechanism.
   * As soon as it is now possible to provide RSS for page change
     history, appropriate alternate link is now added for every page
     (controlled by rss_show_page_history_link configuration
     parameter).
   * Search: "no_highlight:" search query option provided for
     suppressing highlighting search results.
   * Search macros: new options for FullSearch, FullSearchCached and
     PageList available:
     * highlight_titles option controls highlighting of matches in
       search results provided by these macros. Default value is set
       in search_macro_highlight_titles configuration option)
     * highlight_pages option controls adding of highlight URL
       parameter to page links (so search term is highlighted when
       user goes to one of these pages via provided link) in search
       results. Default value is set in search_macro_highlight_pages
       configuration option.
     Usage of these options is disabled (via search_macro_parse_args
     configuration option) by default due to behavioural changes
     introduced in macro parameter parsing mechanism to support them.
     Related to
     http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight
       .

  Other changes:
   * Remove 4suite dependency for docbook formatter, use minidom
     (included in Python).
   * Upgraded FCKeditor to 2.6.8.

Signed-off-by: Eygene Ryabinkin <rea@FreeBSD.org>
---
 www/moinmoin/Makefile                  |   3 +-
 www/moinmoin/distinfo                  |   4 +-
 www/moinmoin/files/patch-cve-2012-4404 | 137 ---------------------------------
 www/moinmoin/pkg-plist                 |   6 ++
 4 files changed, 9 insertions(+), 141 deletions(-)
 delete mode 100644 www/moinmoin/files/patch-cve-2012-4404

diff --git a/www/moinmoin/Makefile b/www/moinmoin/Makefile
index e216dc5..b080cab 100644
--- a/www/moinmoin/Makefile
+++ b/www/moinmoin/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	moinmoin
-PORTVERSION=	1.9.4
-PORTREVISION=	1
+PORTVERSION=	1.9.5
 CATEGORIES=	www python
 MASTER_SITES=	http://static.moinmo.in/files/
 DISTNAME=	moin-${PORTVERSION}
diff --git a/www/moinmoin/distinfo b/www/moinmoin/distinfo
index a34c927..51cd2fa 100644
--- a/www/moinmoin/distinfo
+++ b/www/moinmoin/distinfo
@@ -1,2 +1,2 @@
-SHA256 (moin-1.9.4.tar.gz) = a11502c31ce617a51d2f96be0d71a5fb3e7736c748ddd957aacfc23f9babe395
-SIZE (moin-1.9.4.tar.gz) = 36718571
+SHA256 (moin-1.9.5.tar.gz) = 74e1d1420723aaf202f46082540524987f47c40a444f8444d58d57c66324811c
+SIZE (moin-1.9.5.tar.gz) = 36740561
diff --git a/www/moinmoin/files/patch-cve-2012-4404 b/www/moinmoin/files/patch-cve-2012-4404
deleted file mode 100644
index b8f7ea6..0000000
--- a/www/moinmoin/files/patch-cve-2012-4404
+++ /dev/null
@@ -1,137 +0,0 @@
-Obtained-from: http://hg.moinmo.in/moin/1.9/raw-rev/7b9f39289e16
-
-# HG changeset patch
-# User Thomas Waldmann <tw AT waldmann-edv DOT de>
-# Date 1346679035 -7200
-# Node ID 7b9f39289e16b37344480025f191d8b64480c834
-# Parent  0e58d9bcd3bd8ab3a89506d66bc0c8df85c16d2c
-security fix: fix virtual group bug in ACL evaluation, add a test for it
-
-affected moin releases: all 1.9 releases up to and including 1.9.4
-
-moin releases < 1.9 are NOT affected.
-
-You can find out the moin version by looking at SystemInfo page or at the
-output of <<SystemInfo>> macro.
-
-Issue description:
-
-We have code that checks whether a group has special members "All" or "Known"
-or "Trusted", but there was a bug that checked whether these are present in
-the group NAME (not, as intended, in the group MEMBERS).
-
-a) If you have group MEMBERS like "All" or "Known" or "Trusted", they did not
-work until now, but will start working with this changeset.
-
-E.g. SomeGroup:
- * JoeDoe
- * Trusted
-
-SomeGroup will now (correctly) include JoeDoe and also all trusted users.
-
-It (erroneously) contained only "JoeDoe" and "Trusted" (as a username, not
-as a virtual group) before.
-
-b) If you have group NAMES containing "All" or "Known" or "Trusted", they behaved
-wrong until now (they erroneously included All/Known/Trusted users even if
-you did not list them as members), but will start working correctly with this
-changeset.
-
-E.g. AllFriendsGroup:
- * JoeDoe
-
-AllFriendsGroup will now (correctly) include only JoeDoe.
-It (erroneously) contained all users (including JoeDoe) before.
-
-E.g. MyTrustedFriendsGroup:
- * JoeDoe
-
-MyTrustedFriendsGroup will now (correctly) include only JoeDoe.
-It (erroneously) contained all trusted users and JoeDoe before.
-
-diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/__init__.py
---- MoinMoin/security/__init__.py	Fri Aug 03 17:36:02 2012 +0200
-+++ MoinMoin/security/__init__.py	Mon Sep 03 15:30:35 2012 +0200
-@@ -320,11 +320,12 @@
-                 handler = getattr(self, "_special_"+entry, None)
-                 allowed = handler(request, name, dowhat, rightsdict)
-             elif entry in groups:
--                if name in groups[entry]:
-+                this_group = groups[entry]
-+                if name in this_group:
-                     allowed = rightsdict.get(dowhat)
-                 else:
-                     for special in self.special_users:
--                        if special in entry:
-+                        if special in this_group:
-                             handler = getattr(self, "_special_" + special, None)
-                             allowed = handler(request, name, dowhat, rightsdict)
-                             break # order of self.special_users is important
-diff -r 0e58d9bcd3bd -r 7b9f39289e16 MoinMoin/security/_tests/test_security.py
---- MoinMoin/security/_tests/test_security.py	Fri Aug 03 17:36:02 2012 +0200
-+++ MoinMoin/security/_tests/test_security.py	Mon Sep 03 15:30:35 2012 +0200
-@@ -16,10 +16,11 @@
- acliter = security.ACLStringIterator
- AccessControlList = security.AccessControlList
- 
-+from MoinMoin.datastruct import ConfigGroups
- from MoinMoin.PageEditor import PageEditor
- from MoinMoin.user import User
- 
--from MoinMoin._tests import become_trusted, create_page, nuke_page
-+from MoinMoin._tests import wikiconfig, become_trusted, create_page, nuke_page
- 
- class TestACLStringIterator(object):
- 
-@@ -248,6 +249,50 @@
-                 assert not acl.may(self.request, user, right)
- 
- 
-+class TestGroupACL(object):
-+
-+    class Config(wikiconfig.Config):
-+        def groups(self, request):
-+            groups = {
-+                u'PGroup': frozenset([u'Antony', u'Beatrice', ]),
-+                u'AGroup': frozenset([u'All', ]),
-+                # note: the next line is a INTENDED misnomer, there is "All" in
-+                # the group NAME, but not in the group members. This makes
-+                # sure that a bug that erroneously checked "in groupname" (instead
-+                # of "in groupmembers") does not reappear.
-+                u'AllGroup': frozenset([]), # note: intended misnomer
-+            }
-+            return ConfigGroups(request, groups)
-+
-+    def testApplyACLByGroup(self):
-+        """ security: applying acl by group name"""
-+        # This acl string...
-+        acl_rights = [
-+            "PGroup,AllGroup:read,write,admin "
-+            "AGroup:read "
-+            ]
-+        acl = security.AccessControlList(self.request.cfg, acl_rights)
-+
-+        # Should apply these rights:
-+        users = (
-+            # user, rights
-+            ('Antony', ('read', 'write', 'admin', )),  # in PGroup
-+            ('Beatrice', ('read', 'write', 'admin', )),  # in PGroup
-+            ('Charles', ('read', )),  # virtually in AGroup
-+            )
-+
-+        # Check rights
-+        for user, may in users:
-+            mayNot = [right for right in self.request.cfg.acl_rights_valid
-+                      if right not in may]
-+            # User should have these rights...
-+            for right in may:
-+                assert acl.may(self.request, user, right)
-+            # But NOT these:
-+            for right in mayNot:
-+                assert not acl.may(self.request, user, right)
-+
-+
- class TestPageAcls(object):
-     """ security: real-life access control list on pages testing
-     """
-
diff --git a/www/moinmoin/pkg-plist b/www/moinmoin/pkg-plist
index e00e1ca..d483284 100644
--- a/www/moinmoin/pkg-plist
+++ b/www/moinmoin/pkg-plist
@@ -847,6 +847,9 @@ bin/moin
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080800.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1080900.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1089999.pyo
@@ -865,6 +868,9 @@ bin/moin
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090400.pyo
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.py
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyc
+%%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/1090500.pyo
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.py
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyc
 %%PYTHON_SITELIBDIR%%/MoinMoin/script/migration/__init__.pyo
-- 
1.7.11.3