From 22a5bf86bc323b11d47fbebe09a17545f0a20583 Mon Sep 17 00:00:00 2001 From: Henrik Brix Andersen Date: Sun, 1 Jun 2008 21:13:54 +0000 Subject: Update to version 2.48 (security update). If password based logins is enabled in ikiwiki, those passwords were until this release stored in cleartext in the userdb. To guard against exposing users' passwords, ikiwiki now use strong (blowfish) hashes for storing passwords. To hash existing passwords, update to this version and run the following command for each of your ikiwiki src dirs: ikiwiki-transition hashpassword /path/to/your/wiki/srcdir Approved by: erwin (mentor, implicit) Security: http://www.vuxml.org/freebsd/90db9983-2f53-11dd-a0d8-0016d325a0ed.html --- www/ikiwiki/Makefile | 10 +++++----- www/ikiwiki/distinfo | 6 +++--- www/ikiwiki/files/patch-IkiWiki-Plugin-passwordauth.pm | 10 ---------- 3 files changed, 8 insertions(+), 18 deletions(-) delete mode 100644 www/ikiwiki/files/patch-IkiWiki-Plugin-passwordauth.pm diff --git a/www/ikiwiki/Makefile b/www/ikiwiki/Makefile index 5715157fc9d7..f7e42416e620 100644 --- a/www/ikiwiki/Makefile +++ b/www/ikiwiki/Makefile @@ -5,10 +5,10 @@ # $FreeBSD$ PORTNAME= ikiwiki -PORTVERSION= 2.47 -PORTREVISION= 1 +PORTVERSION= 2.48 CATEGORIES= www -MASTER_SITES= ${MASTER_SITE_DEBIAN_POOL} +MASTER_SITES= ${MASTER_SITE_DEBIAN_POOL} \ + http://kitenet.net/~joey/debian/unstable/ DISTNAME= ${PORTNAME}_${PORTVERSION} MAINTAINER= brix@FreeBSD.org @@ -28,7 +28,8 @@ BUILD_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/HTML/Parser.pm:${PORTSDIR}/www/p5-HTML- RUN_DEPENDS= ${BUILD_DEPENDS} \ ${SITE_PERL}/File/MimeInfo.pm:${PORTSDIR}/devel/p5-File-MimeInfo \ ${SITE_PERL}/RPC/XML.pm:${PORTSDIR}/net/p5-RPC-XML \ - ${SITE_PERL}/XML/Feed.pm:${PORTSDIR}/textproc/p5-XML-Feed + ${SITE_PERL}/XML/Feed.pm:${PORTSDIR}/textproc/p5-XML-Feed \ + ${SITE_PERL}/Authen/Passphrase.pm:${PORTSDIR}/security/p5-Authen-Passphrase WRKSRC= ${WRKDIR}/${PORTNAME} @@ -52,7 +53,6 @@ PLIST_SUB= W3M="@comment " .endif post-patch: - @${RM} ${WRKSRC}/IkiWiki/Plugin/passwordauth.pm.orig @${REINPLACE_CMD} -e "s|/usr/bin/markdown|${LOCALBASE}/bin/markdown|" \ ${WRKSRC}/IkiWiki/Plugin/mdwn.pm @${RM} ${WRKSRC}/IkiWiki/Plugin/mdwn.pm.bak diff --git a/www/ikiwiki/distinfo b/www/ikiwiki/distinfo index 2ac14eb00c52..333e61ebd5f0 100644 --- a/www/ikiwiki/distinfo +++ b/www/ikiwiki/distinfo @@ -1,3 +1,3 @@ -MD5 (ikiwiki_2.47.tar.gz) = 1e0e43d9ebac01286ff69e76fcc28bcc -SHA256 (ikiwiki_2.47.tar.gz) = 91323868dfe2c214473aa7a68d73463cc7f6d7781e5b47458a87f91ceb616123 -SIZE (ikiwiki_2.47.tar.gz) = 724457 +MD5 (ikiwiki_2.48.tar.gz) = 6b293f6e8a08578533d0268b25dae5b3 +SHA256 (ikiwiki_2.48.tar.gz) = 5c728a3d175f28e80fde4049c1f93b6805f79f5caaa00cb6a2279f2723bef778 +SIZE (ikiwiki_2.48.tar.gz) = 729477 diff --git a/www/ikiwiki/files/patch-IkiWiki-Plugin-passwordauth.pm b/www/ikiwiki/files/patch-IkiWiki-Plugin-passwordauth.pm deleted file mode 100644 index b582e2e94c3c..000000000000 --- a/www/ikiwiki/files/patch-IkiWiki-Plugin-passwordauth.pm +++ /dev/null @@ -1,10 +0,0 @@ ---- IkiWiki/Plugin/passwordauth.pm.orig 2008-05-06 20:14:05.000000000 +0200 -+++ IkiWiki/Plugin/passwordauth.pm 2008-05-31 10:50:03.000000000 +0200 -@@ -76,6 +76,7 @@ sub formbuilder_setup (@) { #{{{ - name => "password", - validate => sub { - length $form->field("name") && -+ length $_[0] && - shift eq IkiWiki::userinfo_get($form->field("name"), 'password'); - }, - ); -- cgit v1.2.3