CVS commit: [pkgsrc-2009Q2] pkgsrc/www/geeklog

[Matthias Scheler <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Sep 13 14:57:36 UTC 2009

Modified Files:
        pkgsrc/www/geeklog [pkgsrc-2009Q2]: Makefile PLIST distinfo
        pkgsrc/www/geeklog/patches [pkgsrc-2009Q2]: patch-aa patch-aj
Added Files:
        pkgsrc/www/geeklog/patches [pkgsrc-2009Q2]: patch-ak patch-al patch-ba
            patch-bb patch-bc patch-bd

Log Message:
Pullup ticket #2889 - requested by taca
geeklog: security update

Revisions pulled up:
- www/geeklog/Makefile                          1.23
- www/geeklog/PLIST                             1.10
- www/geeklog/distinfo                          1.10
- www/geeklog/patches/patch-aa                  1.4
- www/geeklog/patches/patch-aj                  1.2
- www/geeklog/patches/patch-ak                  1.1
- www/geeklog/patches/patch-al                  1.1
- www/geeklog/patches/patch-ba                  1.1
- www/geeklog/patches/patch-bb                  1.1
- www/geeklog/patches/patch-bc                  1.1
- www/geeklog/patches/patch-bd                  1.1
---
Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Sep 13 01:15:11 UTC 2009

Modified Files:
        pkgsrc/www/geeklog: Makefile PLIST distinfo
        pkgsrc/www/geeklog/patches: patch-aa patch-aj
Added Files:
        pkgsrc/www/geeklog/patches: patch-ak patch-al patch-ba patch-bb
            patch-bc patch-bd

Log Message:
Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.

And add updated fckeditor for Geeklog.

These updates should fix known security problems, Secunia SA36372.

Jul 30, 2009 (1.5.2sr5)
------------

This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
  email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
  it was possible to email a story even if you didn't have the permissions to
  view it on the site.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.22.2.1 pkgsrc/www/geeklog/Makefile
cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/www/geeklog/PLIST \
    pkgsrc/www/geeklog/distinfo
cvs rdiff -u -r1.3 -r1.3.2.1 pkgsrc/www/geeklog/patches/patch-aa
cvs rdiff -u -r1.1 -r1.1.4.1 pkgsrc/www/geeklog/patches/patch-aj
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/www/geeklog/patches/patch-ak \
    pkgsrc/www/geeklog/patches/patch-al pkgsrc/www/geeklog/patches/patch-ba \
    pkgsrc/www/geeklog/patches/patch-bb pkgsrc/www/geeklog/patches/patch-bc \
    pkgsrc/www/geeklog/patches/patch-bd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.