Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Jul 2006 11:02:38 GMT
From:      Adrian Penisoara <ady@freebsd.ady.ro>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/100081: upgrade for port www/trac
Message-ID:  <200607111102.k6BB2c9k035052@www.freebsd.org>
Resent-Message-ID: <200607111110.k6BBAFl9061798@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         100081
>Category:       ports
>Synopsis:       upgrade for port www/trac
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 11 11:10:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Adrian Penisoara
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
ROFUG
>Environment:
FreeBSD motoko.cdo-partners.ro 6.1-STABLE FreeBSD 6.1-STABLE #2: Mon May 15 11:29:21 EEST 2006     root-motoko.cdo-partners.ro:/usr/obj/usr/src/sys/MOTOKO-SMP  i386
>Description:
 Port www/trac, at version 0.9.5, is affected by a security vulnerability
registered in VuXML:

http://www.freebsd.org/ports/portaudit/b0d61f73-0e11-11db-a47b-000c2957fdf1.html

 The Trac project already made available version 0.9.6 which fixes the above
problem -- quoting from http://trac.edgewall.org/wiki/ChangeLog :

0.9.6
   * Fixed reStructuredText breach of privacy and denial of service vulnerability
     found by Felix Wiemann.
>How-To-Repeat:

>Fix:
 No extensive testing, but I already use it in production at a customer site.

diff -ruN trac.orig/Makefile trac/Makefile
--- trac.orig/Makefile  Wed Apr 26 21:10:39 2006
+++ trac/Makefile       Tue Jul 11 10:48:54 2006
@@ -6,7 +6,7 @@
 #

 PORTNAME=      trac
-PORTVERSION=   0.9.5
+PORTVERSION=   0.9.6
 CATEGORIES=    www devel python
 MASTER_SITES=  http://ftp.edgewall.com/pub/trac/ \
                ftp://ftp.edgewall.com/pub/trac/
diff -ruN trac.orig/distinfo trac/distinfo
--- trac.orig/distinfo  Wed Apr 26 21:10:39 2006
+++ trac/distinfo       Tue Jul 11 10:49:00 2006
@@ -1,3 +1,3 @@
-MD5 (trac-0.9.5.tar.gz) = 3b7d708eaf905cc6ba2b6b10a09a8cf4
-SHA256 (trac-0.9.5.tar.gz) = b4a6ef89e74932d78ac1e2ea5f15099bff1fbe8b46c8be63d43e8163c88e70a5
-SIZE (trac-0.9.5.tar.gz) = 339170
+MD5 (trac-0.9.6.tar.gz) = 1f6bb25107612b7d0566e21ea133f266
+SHA256 (trac-0.9.6.tar.gz) = 67862c30c2dd0852ba4778a23bba79ab2387e9b40a85b40865cb76c4fa878dfc
+SIZE (trac-0.9.6.tar.gz) = 339647

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607111102.k6BB2c9k035052>