A security issue fixed upstream in ikiwiki has been announced on February 28: https://www.openwall.com/lists/oss-security/2019/02/28/1 The issue is fixed upstream in 3.20190228. Mageia 6 is also affected by this issue, as well as several others, as I apparently never realized that we had this software packaged. CVE-2017-0356: https://www.openwall.com/lists/oss-security/2017/01/12/2 CVE-2016-10026: https://www.openwall.com/lists/oss-security/2016/12/20/7 https://www.openwall.com/lists/oss-security/2016/12/21/3 CVE-2016-9645, CVE-2016-9646, CVE-2016-10026: https://www.openwall.com/lists/oss-security/2016/12/29/3 CVE-2016-4561: https://www.openwall.com/lists/oss-security/2016/05/06/8 https://www.openwall.com/lists/oss-security/2016/05/06/9
Whiteboard: (none) => MGA6TOOStatus comment: (none) => Fixed upstream in 3.20190228Version: 6 => Cauldron
ikiwiki-3.20190228-1.mga7 uploaded for Cauldron by Shlomi.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
ikiwiki-3.20190228-1.mga6 ikiwiki-w3m-3.20190228-1.mga6 from ikiwiki-3.20190228-1.mga6.src.rpm uploaded by Shlomi. Advisory to come later.
CC: (none) => shlomifAssignee: shlomif => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e Installing this draws in 93 more packages, but I guess there are more missing. Ref https://ikiwiki.info/setup/ for a test I get: $ ikiwiki --setup /etc/ikiwiki/auto.setup Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. What will the wiki be named? ikiwikitest Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. What revision control system to use? git Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. Which user (wiki account, openid, or email) will be admin? tester6 Setting up ikiwikitest ... Importing /home/tester6/ikiwikitest into git Initialized empty shared Git repository in /home/tester6/ikiwikitest.git/ Initialized empty Git repository in /home/tester6/ikiwikitest/.git/ [master (root-commit) ae634b6] initial commit 1 file changed, 1 insertion(+) create mode 100644 .gitignore Counting objects: 3, done. Writing objects: 100% (3/3), 216 bytes | 216.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To /home/tester6/ikiwikitest.git * [new branch] master -> master Directory /home/tester6/ikiwikitest is now a clone of git repository /home/tester6/ikiwikitest.git /etc/ikiwiki/auto.setup: Can't locate YAML/XS.pm in @INC (you may need to install the YAML::XS module) (@INC contains: /home/tester6/.ikiwiki /usr/lib/perl5/site_perl/5.22.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.22.3 /usr/lib/perl5/vendor_perl/5.22.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.22.3 /usr/lib/perl5/5.22.3/i386-linux-thread-multi /usr/lib/perl5/5.22.3 /usr/lib/perl5/site_perl/5.22.3 /usr/lib/perl5/site_perl/5.22.3/i386-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.22.3 /usr/lib/perl5/vendor_perl/5.22.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.22.2 /usr/lib/perl5/vendor_perl/5.22.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.22.0 /usr/lib/perl5/vendor_perl) at (eval 889) line 2. BEGIN failed--compilation aborted at (eval 889) line 2. usage: ikiwiki [options] source dest ikiwiki --setup my.setup [options]
CC: (none) => herman.viaene
Updated packages from Shlomi to fix the perl errors. ikiwiki-3.20190228-1.1.mga6 ikiwiki-w3m-3.20190228-1.1.mga6 from ikiwiki-3.20190228-1.1.mga6.src.rpm
Getting better, but still not OK. First uninstalled older version and removed all ikiwiki stuff from my home, then install new version, then $ ikiwiki --setup /etc/ikiwiki/auto.setup Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. What will the wiki be named? ikiwiktest Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. What revision control system to use? git Cannot find termcap: Can't find a valid termcap file at /usr/lib/perl5/5.22.3/Term/ReadLine.pm line 373. Which user (wiki account, openid, or email) will be admin? tester6 Setting up ikiwiktest ... Importing /home/tester6/ikiwiktest into git Initialized empty shared Git repository in /home/tester6/ikiwiktest.git/ Initialized empty Git repository in /home/tester6/ikiwiktest/.git/ [master (root-commit) c84ae4d] initial commit 1 file changed, 1 insertion(+) create mode 100644 .gitignore Counting objects: 3, done. Writing objects: 100% (3/3), 216 bytes | 216.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To /home/tester6/ikiwiktest.git * [new branch] master -> master Directory /home/tester6/ikiwiktest is now a clone of git repository /home/tester6/ikiwiktest.git warning: installing LWPx::ParanoidAgent is recommended Creating wiki admin tester6 ... Choose a password: Confirm password: Can't exec "cc": Bestand of map bestaat niet at /usr/lib/perl5/vendor_perl/5.22.3/IkiWiki/Wrapper.pm line 302. failed to compile /home/tester6/public_html/ikiwiktest/ikiwiki.cgi.c /etc/ikiwiki/auto.setup: ikiwiki --wrappers --setup /home/tester6/ikiwiktest.setup failed at /usr/lib/perl5/vendor_perl/5.22.3/IkiWiki/Setup/Automator.pm line 189, <STDIN> line 2. usage: ikiwiki [options] source dest ikiwiki --setup my.setup [options]
Debian has issued an advisory for the newest issue on February 28: https://www.debian.org/security/2019/dsa-4399
Keywords: (none) => feedback
Testing on Mageia 6 x86_64 Installed the old version. Installed the update, which also pulled in perl-YAML-LibYAML from core release. [root@x6v ~]# ikiwiki --setup /etc/ikiwiki/auto.setup What will the wiki be named? qatestwiki What revision control system to use? git Which user (wiki account, openid, or email) will be admin? dave@x6v.hodgins.homeip.net Setting up qatestwiki ... Importing /root/2qatestwiki into git Initialized empty shared Git repository in /root/2qatestwiki.git/ Initialized empty Git repository in /root/2qatestwiki/.git/ [master (root-commit) a220042] initial commit 1 file changed, 1 insertion(+) create mode 100644 .gitignore Counting objects: 3, done. Writing objects: 100% (3/3), 216 bytes | 216.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To /root/2qatestwiki.git * [new branch] master -> master Directory /root/2qatestwiki is now a clone of git repository /root/2qatestwiki.git warning: installing LWPx::ParanoidAgent is recommended ikiwiki-update-wikilist: added user root to /etc/ikiwiki/wikilist Successfully set up qatestwiki: url: http://x6v.hodgins.homeip.net/~root/qatestwiki srcdir: ~/2qatestwiki destdir: ~/public_html/qatestwiki repository: ~/2qatestwiki.git To modify settings, edit ~/qatestwiki.setup and then run: ikiwiki --setup ~/qatestwiki.setup Viewed several pages starting with ... # w3m /root/public_html/qatestwiki/index.html No regressions found. Advisory committed to svn. Validating the update.
Whiteboard: (none) => MGA6-64-OKKeywords: feedback => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0113.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED