Security Fix Installation
This page describes how to use the information released on the SecurityFixes page. This is particularly targeted at sites running the latest stable version.
I created this page out of frustration that moinmoin would notify me when SecurityFixes are released but not instruct me about what to do with this information. Nor is a new, secure, stable version released that I may implement my upgrade procedure. So I'm left in limbo of knowing my system is insecure but not having anything to do about it. Also, the SecurityFixes pages does not provide a risk assessment so there is no obvious way to know how great the threat. I don't run "stone-age software" - I really like that quote - but I would like a secure system. I hope some knowledgeable folk can help fill in the details below. -- HarmsCon 2009-04-22 00:40:24
How to download the patch
For each security fix announcement list on the SecurityFixes page for your version of moinmoin:
- Click on the link. You are now at the code diff (patch) page. This page lists changes needed to eliminate this vulnerability.
Click on the raw link to download the patch.
How to apply the patch
For each downloaded patch:
run patch patchfile
For me the command line above was too short. So, I will try to explain it more detailed, in order to make it more easy to apply the patches. Therefore I will use a security fix of moin 1.9.5 as an example.
Rename the downloaded file c98ec456e493 to a more readable name m195_security_fix1.diff
Copy the diff file to the moin folder, which contains the folder MoinMoin
cd to this folder
- Use the following command to try the diff:
$ patch --verbose --dry-run -b -p1 < m195_security_fix1.diff # explanation of the options --verbose # tell me more --dry-run # just test the patch -b # make a backup of the original file -p1 # reduce one level of the path in the diff file (a/)
- If that does not show any errors, do the patch with:
$ patch --verbose -b -p1 < m195_security_fix1.diff
-- RudolfReuter 2012-12-09 09:48:15
How to compile the patched code
To compile the patched code into pre-compiled bytecode, do this:
Another security risk eliminated.