pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/geeklog Update Geeklog to 1.6.0sr2 (security relea...
details: https://anonhg.NetBSD.org/pkgsrc/rev/cd2d31c91a7f
branches: trunk
changeset: 399225:cd2d31c91a7f
user: taca <taca%pkgsrc.org@localhost>
date: Tue Sep 15 10:48:46 2009 +0000
description:
Update Geeklog to 1.6.0sr2 (security release 2).
o Add some pkgsrc patches to improve Content-Type header output.
Geeklog 1.6.0sr2
This release addresses the following security issue:
* Unauthorized file uploads were possible through FCKeditor.
Uploaded files still had to go through FCKeditor's filter, so it was not
possible to upload scripts (and the integrity of the Geeklog site as such
was not in danger). There were, however, reports that this was used to host
malware.
This update prevents use of the upload feature when FCKeditor is disabled
and disables it for anonymous users. It also doesn't allow uploading of
archive files any more. Furthermore, you need some sort of "edit"
permission now to be able to upload files through FCKeditor (this is meant
as an interim measure - we will probably introduce a separate "upload"
permission in future Geeklog versions).
Other fixes:
* Fixed installation using InnoDB tables.
* Fixed a (non-exploitable) SQL error when auto-updating a story's
commentcode field.
* Fixed a wrong function name in the Links plugin.
Geeklog 1.6.0sr1
This release addresses the following security issues:
1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
email a story to a friend.
2. The "Mail Story to a Friend" function didn't check story permissions, so
that it was possible to email a story even if you didn't have the
permissions to view it on the site.
Other fixes:
* Fixed an SQL error when submitting a story and the story submission queue
was off.
* Fixed calls to a nonexistent function COM_outputMessageAndAbort.
Geeklog 1.6.0
Results from the Summer of Code
This release incorporates the following projects implemented during the the
2008 Google Summer of Code:
* Site migration support and easier plugin installation, by Matt West
* Improved search, by Sami Barakat
* Comment moderation and editable comments, by Jared Wenerd
Other changes
* The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
the PHP team ended support for PHP 4 in August 2008, you should be looking
into upgrading to PHP 5 anyway.
* Includes FCKeditor 2.6.4.1
* Includes a new plugin, XMLSitemap, that automatically generates a XML
sitemap file, as supported by all major search engines. Plugin written and
provided by mystral-kk.
* Several new plugin API functions have been added and existing functions
have been extended.
* The included documentation has been moved to docs/english to allow for
translations. Links to the documentation from within Geeklog will link to
existing translations for the current language automatically (or fall back
to the English documentation if no suitable translation can be found).
* There were a variety of theme changes to support new functionality and fix
inconsistencies in the layout.
This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!
diffstat:
www/geeklog/Makefile | 13 +---
www/geeklog/PLIST | 112 +++++++++++++++++++++++++++++-------------
www/geeklog/distinfo | 25 ++++-----
www/geeklog/patches/patch-aj | 60 +++-------------------
www/geeklog/patches/patch-ak | 8 +-
www/geeklog/patches/patch-al | 8 +-
www/geeklog/patches/patch-am | 14 +++++
www/geeklog/patches/patch-an | 14 +++++
www/geeklog/patches/patch-ao | 24 +++++++++
www/geeklog/patches/patch-ap | 14 +++++
www/geeklog/patches/patch-ba | 26 ---------
www/geeklog/patches/patch-bb | 24 ---------
www/geeklog/patches/patch-bc | 54 --------------------
www/geeklog/patches/patch-bd | 17 ------
14 files changed, 174 insertions(+), 239 deletions(-)
diffs (truncated from 718 to 300 lines):
diff -r 23788c695360 -r cd2d31c91a7f www/geeklog/Makefile
--- a/www/geeklog/Makefile Tue Sep 15 10:46:10 2009 +0000
+++ b/www/geeklog/Makefile Tue Sep 15 10:48:46 2009 +0000
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.23 2009/09/13 01:15:10 taca Exp $
+# $NetBSD: Makefile,v 1.24 2009/09/15 10:48:46 taca Exp $
#
DISTNAME= geeklog-${VER}
-PKGNAME= geeklog-${VER:C/(sr|-)4/.5/g}
+PKGNAME= geeklog-${VER:C/(sr|-)/./g}
CATEGORIES= www
MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
-DISTFILES= ${DEFAULT_DISTFILES} ${FCKEDITOR_UPDATE}
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= http://www.geeklog.net/
@@ -14,15 +13,13 @@
PKG_DESTDIR_SUPPORT= user-destdir
PRIVILEGED_STAGES+= clean
-EXTRACT_ONLY= ${DEFAULT_DISTFILES}
-FCKEDITOR_UPDATE= fckeditor-2.6.4.1-updated.tar.gz
DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php
DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql
USE_TOOLS+= pax
-VER= 1.5.2sr4
+VER= 1.6.0sr2
NO_BUILD= YES
PKG_GROUPS_VARS+= APACHE_GROUP
@@ -94,10 +91,6 @@
share/examples/geeklog ${GL_DOC} ${GL_EG}
post-extract:
- ${RUN} extract_file=${_DISTDIR:Q}/${FCKEDITOR_UPDATE:Q}; \
- export extract_file; cd ${WRKSRC}/public_html && ${EXTRACT_CMD}
- cd ${WRKSRC}/public_html && ${RM} -f README.txt \
- fckeditor/editor/filemanager/browser/default/images/icons/default.icon.gif0000644
${CP} ${FILESDIR}/README ${FILESDIR}/geeklog.conf ${WRKDIR}
pre-install:
diff -r 23788c695360 -r cd2d31c91a7f www/geeklog/PLIST
--- a/www/geeklog/PLIST Tue Sep 15 10:46:10 2009 +0000
+++ b/www/geeklog/PLIST Tue Sep 15 10:48:46 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2009/09/13 01:15:10 taca Exp $
+@comment $NetBSD: PLIST,v 1.11 2009/09/15 10:48:46 taca Exp $
${GEEKLOG_BASE}/emailgeeklogstories
${GEEKLOG_BASE}/language/afrikaans.php
${GEEKLOG_BASE}/language/afrikaans_utf-8.php
@@ -55,6 +55,8 @@
${GEEKLOG_BASE}/language/romanian_utf-8.php
${GEEKLOG_BASE}/language/russian.php
${GEEKLOG_BASE}/language/russian_utf-8.php
+${GEEKLOG_BASE}/language/serbian.php
+${GEEKLOG_BASE}/language/serbian_utf-8.php
${GEEKLOG_BASE}/language/slovak.php
${GEEKLOG_BASE}/language/slovak_utf-8.php
${GEEKLOG_BASE}/language/slovenian.php
@@ -70,6 +72,7 @@
${GEEKLOG_BASE}/language/ukrainian.php
${GEEKLOG_BASE}/language/ukrainian_koi8-u.php
${GEEKLOG_BASE}/language/ukrainian_utf-8.php
+${GEEKLOG_BASE}/plugins/calendar/autoinstall.php
${GEEKLOG_BASE}/plugins/calendar/functions.inc
${GEEKLOG_BASE}/plugins/calendar/install_defaults.php
${GEEKLOG_BASE}/plugins/calendar/language/README
@@ -126,6 +129,7 @@
${GEEKLOG_BASE}/plugins/calendar/templates/weekview/events.thtml
${GEEKLOG_BASE}/plugins/calendar/templates/weekview/weekview.thtml
${GEEKLOG_BASE}/plugins/links/README
+${GEEKLOG_BASE}/plugins/links/autoinstall.php
${GEEKLOG_BASE}/plugins/links/functions.inc
${GEEKLOG_BASE}/plugins/links/install_defaults.php
${GEEKLOG_BASE}/plugins/links/language/README
@@ -176,6 +180,7 @@
${GEEKLOG_BASE}/plugins/links/templates/links.thtml
${GEEKLOG_BASE}/plugins/links/templates/pagenavigation.thtml
${GEEKLOG_BASE}/plugins/links/templates/submitlink.thtml
+${GEEKLOG_BASE}/plugins/polls/autoinstall.php
${GEEKLOG_BASE}/plugins/polls/functions.inc
${GEEKLOG_BASE}/plugins/polls/install_defaults.php
${GEEKLOG_BASE}/plugins/polls/language/README
@@ -207,7 +212,9 @@
${GEEKLOG_BASE}/plugins/polls/language/ukrainian_koi8-u.php
${GEEKLOG_BASE}/plugins/polls/language/ukrainian_utf-8.php
${GEEKLOG_BASE}/plugins/polls/sql/mssql_install.php
+${GEEKLOG_BASE}/plugins/polls/sql/mssql_updates.php
${GEEKLOG_BASE}/plugins/polls/sql/mysql_install.php
+${GEEKLOG_BASE}/plugins/polls/sql/mysql_updates.php
${GEEKLOG_BASE}/plugins/polls/templates/admin/pollansweroption.thtml
${GEEKLOG_BASE}/plugins/polls/templates/admin/polleditor.thtml
${GEEKLOG_BASE}/plugins/polls/templates/admin/pollquestions.thtml
@@ -224,7 +231,6 @@
${GEEKLOG_BASE}/plugins/spamx/BaseCommand.class.php
${GEEKLOG_BASE}/plugins/spamx/BlackList.Examine.class.php
${GEEKLOG_BASE}/plugins/spamx/DeleteComment.Action.class.php
-${GEEKLOG_BASE}/plugins/spamx/Developer.txt
${GEEKLOG_BASE}/plugins/spamx/EditBlackList.Admin.class.php
${GEEKLOG_BASE}/plugins/spamx/EditHeader.Admin.class.php
${GEEKLOG_BASE}/plugins/spamx/EditIP.Admin.class.php
@@ -240,6 +246,7 @@
${GEEKLOG_BASE}/plugins/spamx/SLVbase.class.php
${GEEKLOG_BASE}/plugins/spamx/SLVreport.Action.class.php
${GEEKLOG_BASE}/plugins/spamx/SLVwhitelist.Admin.class.php
+${GEEKLOG_BASE}/plugins/spamx/autoinstall.php
${GEEKLOG_BASE}/plugins/spamx/functions.inc
${GEEKLOG_BASE}/plugins/spamx/install_defaults.php
${GEEKLOG_BASE}/plugins/spamx/language/english.php
@@ -264,11 +271,11 @@
${GEEKLOG_BASE}/plugins/spamx/language/ukrainian.php
${GEEKLOG_BASE}/plugins/spamx/language/ukrainian_koi8-u.php
${GEEKLOG_BASE}/plugins/spamx/language/ukrainian_utf-8.php
-${GEEKLOG_BASE}/plugins/spamx/rss.inc.php
${GEEKLOG_BASE}/plugins/spamx/sql/mssql_install.php
${GEEKLOG_BASE}/plugins/spamx/sql/mysql_install.php
${GEEKLOG_BASE}/plugins/spamx/templates/admin.thtml
${GEEKLOG_BASE}/plugins/spamx/templates/install.thtml
+${GEEKLOG_BASE}/plugins/staticpages/autoinstall.php
${GEEKLOG_BASE}/plugins/staticpages/functions.inc
${GEEKLOG_BASE}/plugins/staticpages/install_defaults.php
${GEEKLOG_BASE}/plugins/staticpages/language/README
@@ -321,22 +328,25 @@
${GEEKLOG_BASE}/plugins/staticpages/templates/printable.thtml
${GEEKLOG_BASE}/plugins/staticpages/templates/spcomments.thtml
${GEEKLOG_BASE}/plugins/staticpages/templates/staticpage.thtml
+${GEEKLOG_BASE}/plugins/xmlsitemap/autoinstall.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/functions.inc
+${GEEKLOG_BASE}/plugins/xmlsitemap/install_defaults.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/english.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/english_utf-8.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/estonian.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/estonian_utf-8.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/hebrew_utf-8.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/language/japanese_utf-8.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/sql/mssql_install.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/sql/mysql_install.php
+${GEEKLOG_BASE}/plugins/xmlsitemap/xmlsitemap.class.php
${GEEKLOG_BASE}/readme
${GEEKLOG_BASE}/sql/mssql_tableanddata.php
${GEEKLOG_BASE}/sql/mysql_tableanddata.php
-${GEEKLOG_BASE}/sql/updates/0.1_to_0.2.sql
-${GEEKLOG_BASE}/sql/updates/0.2_to_0.3.sql
-${GEEKLOG_BASE}/sql/updates/0.3_to_0.4.sql
-${GEEKLOG_BASE}/sql/updates/0.4_to_0.5.sql
-${GEEKLOG_BASE}/sql/updates/0.5_to_1.0.sql
-${GEEKLOG_BASE}/sql/updates/1.0_to_1.1.sql
-${GEEKLOG_BASE}/sql/updates/1.1_to_1.2.sql
-${GEEKLOG_BASE}/sql/updates/1.2.5-1_to_1.3.NOTES
-${GEEKLOG_BASE}/sql/updates/1.2.5-1_to_1.3.sql
-${GEEKLOG_BASE}/sql/updates/1.2_to_1.2.2.sql
${GEEKLOG_BASE}/sql/updates/mssql_1.4.1_to_1.5.0.php
${GEEKLOG_BASE}/sql/updates/mssql_1.5.0_to_1.5.1.php
${GEEKLOG_BASE}/sql/updates/mssql_1.5.1_to_1.5.2.php
+${GEEKLOG_BASE}/sql/updates/mssql_1.5.2_to_1.6.0.php
${GEEKLOG_BASE}/sql/updates/mysql_1.2.5-1_to_1.3.php
${GEEKLOG_BASE}/sql/updates/mysql_1.3.10_to_1.3.11.php
${GEEKLOG_BASE}/sql/updates/mysql_1.3.11_to_1.4.0.php
@@ -353,14 +363,15 @@
${GEEKLOG_BASE}/sql/updates/mysql_1.4.1_to_1.5.0.php
${GEEKLOG_BASE}/sql/updates/mysql_1.5.0_to_1.5.1.php
${GEEKLOG_BASE}/sql/updates/mysql_1.5.1_to_1.5.2.php
+${GEEKLOG_BASE}/sql/updates/mysql_1.5.2_to_1.6.0.php
${GEEKLOG_BASE}/system/classes/authentication/LDAP.auth.class.php
${GEEKLOG_BASE}/system/classes/authentication/LiveJournal.auth.class.php
${GEEKLOG_BASE}/system/classes/authentication/ldap/config.php
${GEEKLOG_BASE}/system/classes/calendar.class.php
${GEEKLOG_BASE}/system/classes/config.class.php
-${GEEKLOG_BASE}/system/classes/conversion.class.php
${GEEKLOG_BASE}/system/classes/downloader.class.php
${GEEKLOG_BASE}/system/classes/kses.class.php
+${GEEKLOG_BASE}/system/classes/listfactory.class.php
${GEEKLOG_BASE}/system/classes/navbar.class.php
${GEEKLOG_BASE}/system/classes/openid/COPYING
${GEEKLOG_BASE}/system/classes/openid/LICENSE
@@ -376,6 +387,7 @@
${GEEKLOG_BASE}/system/classes/plugin.class.php
${GEEKLOG_BASE}/system/classes/sanitize.class.php
${GEEKLOG_BASE}/system/classes/search.class.php
+${GEEKLOG_BASE}/system/classes/searchcriteria.class.php
${GEEKLOG_BASE}/system/classes/story.class.php
${GEEKLOG_BASE}/system/classes/syndication/atom.feed.class.php
${GEEKLOG_BASE}/system/classes/syndication/feedparserbase.class.php
@@ -384,6 +396,7 @@
${GEEKLOG_BASE}/system/classes/syndication/rss.feed.class.php
${GEEKLOG_BASE}/system/classes/template.class.php
${GEEKLOG_BASE}/system/classes/timer.class.php
+${GEEKLOG_BASE}/system/classes/unpacker.class.php
${GEEKLOG_BASE}/system/classes/upload.class.php
${GEEKLOG_BASE}/system/classes/url.class.php
${GEEKLOG_BASE}/system/databases/mssql.class.php
@@ -771,19 +784,19 @@
${GL_TMPL}/images/topics/topic_news.gif
${GL_TMPL}/images/userphotos/index.html
${GEEKLOG_PUB}/404.php
-${GEEKLOG_PUB}/article.php
${GL_ADMIN}/auth.inc.php
${GL_ADMIN}/block.php
${GL_ADMIN}/configuration.php
${GL_ADMIN}/database.php
${GL_ADMIN}/group.php
${GL_ADMIN}/index.php
+${GL_ADMIN}/install/bigdump.php
${GL_ADMIN}/install/config-install.php
${GL_ADMIN}/install/configinfo.php
${GL_ADMIN}/install/help.php
${GL_ADMIN}/install/index.php
${GL_ADMIN}/install/info.php
-${GL_ADMIN}/install/install.php
+${GL_ADMIN}/install/install-plugins.php
${GL_ADMIN}/install/language/chinese_simplified_utf-8.php
${GL_ADMIN}/install/language/chinese_traditional_utf-8.php
${GL_ADMIN}/install/language/english.php
@@ -794,29 +807,28 @@
${GL_ADMIN}/install/layout/header-bg.png
${GL_ADMIN}/install/layout/logo.png
${GL_ADMIN}/install/layout/style.css
+${GL_ADMIN}/install/lib-install.php
+${GL_ADMIN}/install/lib-upgrade.php
+${GL_ADMIN}/install/migrate.php
${GL_ADMIN}/install/success.php
${GL_ADMIN}/install/toinnodb.php
${GL_ADMIN}/mail.php
${GL_ADMIN}/moderation.php
${GL_ADMIN}/plugins.php
${GL_ADMIN}/plugins/calendar/index.php
-${GL_ADMIN}/plugins/calendar/install.php
${GL_ADMIN}/plugins/links/category.php
${GL_ADMIN}/plugins/links/index.php
-${GL_ADMIN}/plugins/links/install.php
${GL_ADMIN}/plugins/polls/index.php
-${GL_ADMIN}/plugins/polls/install.php
${GL_ADMIN}/plugins/spamx/images/spamx.png
${GL_ADMIN}/plugins/spamx/index.php
-${GL_ADMIN}/plugins/spamx/install.php
${GL_ADMIN}/plugins/staticpages/index.php
-${GL_ADMIN}/plugins/staticpages/install.php
${GL_ADMIN}/sectest.php
${GL_ADMIN}/story.php
${GL_ADMIN}/syndication.php
${GL_ADMIN}/topic.php
${GL_ADMIN}/trackback.php
${GL_ADMIN}/user.php
+${GEEKLOG_PUB}/article.php
${GEEKLOG_PUB}/calendar/event.php
${GEEKLOG_PUB}/calendar/images/calendar.png
${GEEKLOG_PUB}/calendar/images/delete_event.gif
@@ -825,29 +837,43 @@
${GEEKLOG_PUB}/calendar/style.css
${GEEKLOG_PUB}/comment.php
${GEEKLOG_PUB}/directory.php
-${GEEKLOG_PUB}/docs/calendar.html
${GEEKLOG_PUB}/docs/changed-files
-${GEEKLOG_PUB}/docs/changes.html
-${GEEKLOG_PUB}/docs/config.html
${GEEKLOG_PUB}/docs/docstyle.css
+${GEEKLOG_PUB}/docs/english/calendar.html
+${GEEKLOG_PUB}/docs/english/changes.html
+${GEEKLOG_PUB}/docs/english/config.html
+${GEEKLOG_PUB}/docs/english/index.html
+${GEEKLOG_PUB}/docs/english/install.html
+${GEEKLOG_PUB}/docs/english/links.html
+${GEEKLOG_PUB}/docs/english/polls.html
+${GEEKLOG_PUB}/docs/english/spamx.html
+${GEEKLOG_PUB}/docs/english/staticpages.html
+${GEEKLOG_PUB}/docs/english/support.html
+${GEEKLOG_PUB}/docs/english/theme.html
+${GEEKLOG_PUB}/docs/english/themevars.html
+${GEEKLOG_PUB}/docs/english/trackback.html
${GEEKLOG_PUB}/docs/history
${GEEKLOG_PUB}/docs/images/de.png
${GEEKLOG_PUB}/docs/images/fr.png
${GEEKLOG_PUB}/docs/images/jp.png
${GEEKLOG_PUB}/docs/images/newlogo.gif
${GEEKLOG_PUB}/docs/images/pl.png
-${GEEKLOG_PUB}/docs/index.html
-${GEEKLOG_PUB}/docs/install.html
+${GEEKLOG_PUB}/docs/japanese/calendar.html
+${GEEKLOG_PUB}/docs/japanese/changes.html
+${GEEKLOG_PUB}/docs/japanese/config.html
+${GEEKLOG_PUB}/docs/japanese/docstyle.css
+${GEEKLOG_PUB}/docs/japanese/history.html
+${GEEKLOG_PUB}/docs/japanese/index.html
+${GEEKLOG_PUB}/docs/japanese/install.html
+${GEEKLOG_PUB}/docs/japanese/links.html
+${GEEKLOG_PUB}/docs/japanese/polls.html
+${GEEKLOG_PUB}/docs/japanese/spamx.html
+${GEEKLOG_PUB}/docs/japanese/staticpages.html
+${GEEKLOG_PUB}/docs/japanese/support.html
+${GEEKLOG_PUB}/docs/japanese/theme.html
+${GEEKLOG_PUB}/docs/japanese/themevars.html
+${GEEKLOG_PUB}/docs/japanese/trackback.html
${GEEKLOG_PUB}/docs/license
-${GEEKLOG_PUB}/docs/links.html
-${GEEKLOG_PUB}/docs/plugin.html
-${GEEKLOG_PUB}/docs/polls.html
Home |
Main Index |
Thread Index |
Old Index