Security Fix Installation

Overview

This page describes how to use the information released on the SecurityFixes page. This is particularly targeted at sites running the latest stable version.

I created this page out of frustration that moinmoin would notify me when SecurityFixes are released but not instruct me about what to do with this information. Nor is a new, secure, stable version released that I may implement my upgrade procedure. So I'm left in limbo of knowing my system is insecure but not having anything to do about it. Also, the SecurityFixes pages does not provide a risk assessment so there is no obvious way to know how great the threat. I don't run "stone-age software" - I really like that quote - but I would like a secure system. I hope some knowledgeable folk can help fill in the details below. -- HarmsCon 2009-04-22 00:40:24

How to download the patch

For each security fix announcement list on the SecurityFixes page for your version of moinmoin:

How to apply the patch

For each downloaded patch:

For me the command line above was too short. So, I will try to explain it more detailed, in order to make it more easy to apply the patches. Therefore I will use a security fix of moin 1.9.5 as an example.

$ patch --verbose --dry-run  -b -p1 < m195_security_fix1.diff

# explanation of the options
  --verbose  # tell me more
  --dry-run  # just test the patch
  -b         # make a backup of the original file
  -p1        # reduce one level of the path in the diff file (a/)

$ patch --verbose  -b -p1 < m195_security_fix1.diff

-- RudolfReuter 2012-12-09 09:48:15

How to compile the patched code

To compile the patched code into pre-compiled bytecode, do this:

Sleep easy

Another security risk eliminated.

MoinMoin: SecurityFixes/Installation (last edited 2012-12-09 09:48:16 by RudolfReuter)