following problems:
- An attacker who can upload attachments to the wiki can use this to
achieve remote code execution.
- An attacker with write permissions can upload an SVG file that
contains malicious javascript. This javascript will be executed in a
user's browser when the user is viewing that SVG file on the wiki.
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
(which is not) throughout the ports Makefiles.
* Replace find|xargs with find -exec {} +
* Replace -exec {} \; with -exec {} + if applicable.
* Use the -delete operator to remove files and empty directories.
* Combine and tweak some find(1) invocations while here.
ok kn@ rsadowski@ espie@
This release has various changes made to reduce wiki spam; upstream says
"please read the changelog below carefully before upgrading to 1.9.10.
This release has some fundamental changes you (and your wiki users)
should be aware of beforehands."
https://github.com/moinwiki/moin-1.9/blob/1.9.10/docs/CHANGES
MoinMoin "refuri" Cross-Site Scripting Vulnerability
Note that 'rst' is not the default parser, but available if docutils are installed. For more information see http://moinmo.in/SecurityFixes
While here, update PLISTs, some WANTLIBs, some license
markers and use MODPY_EGG_VERSION where it may help to
keep future PLIST diffs smaller.
help, nitpicking and ok jasper@, ok wcmaier@
note that print/py-reportlab/reportlab needs some more
love.
