Update geeklog-1.4.0.4 (1.4.0sr3).

----------------------------------------------------------------------------

Two exploits have been released by "rgod" for insecure Geeklog installations
and for a bug in the "mcpuk" file manager that we've been shipping as part of
FCKeditor in all previous 1.4.0 releases.

 o  Some of the files outside of the public_html directory were not protected
    against direct execution. If Geeklog was installed such that those files
    were accessible from a URL (which has always been strongly discouraged in
    the installation instructions) then those files could be used to load and
    execute malicious code from a remote server.

    More information: So-called Geeklog "exploit" posted

    In this release, we've added the missing execution prevention for all files
    outside of public_html. We would still, however, suggest that you fix your
    Geeklog install if the files outside of public_html are accessible from a
    URL (see our FAQ for details).
 o  The "mcpuk" file manager that we've integrated into FCKeditor allowed the
    upload of arbitrary PHP code (even if FCKeditor was disabled in Geeklog's
    config.php). Depending on your webserver's configuration, it was then
    possible to execute that uploaded code.

    More information: Exploit for FCKeditor's mcpuk file manager

    The file manager has been removed from this release. You will therefore no
    longer be able to upload files, e.g. images, through FCKeditor. Future
    versions of Geeklog will ship with an updated version of FCKeditor and its
    included file manager.

Note: This release also includes the updated lib-trackback.php for better
protection against Trackback spam.

----------------------------------------------------------------------------

First problem dosen't related to pkgsrc.

1 files changed, 0 insertions, 34 deletions

diff --git a/www/geeklog/patches/patch-ag b/www/geeklog/patches/patch-ag
deleted file mode 100644
index bed50038dc4..00000000000
--- a/www/geeklog/patches/patch-ag
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-ag,v 1.1 2006/06/30 17:16:27 taca Exp $
-
-Give first aid to file uploader security problem.
-
---- public_html/fckeditor/fckconfig.js.orig	2006-05-28 18:41:40.000000000 +0900
-+++ public_html/fckeditor/fckconfig.js
-@@ -160,17 +160,17 @@ FCKConfig.ImageDlgHideAdvanced    = fals
- 
- FCKConfig.FlashDlgHideAdvanced    = false ;
- 
--FCKConfig.LinkBrowser = true ;
-+FCKConfig.LinkBrowser = false ;
- FCKConfig.LinkBrowserURL = FCKConfig.BasePath + 'filemanager/browser/mcpuk/browser.html?Connector=connectors/php/connector.php' ;
- FCKConfig.LinkBrowserWindowWidth    = screen.width * 0.7 ;    // 70%
- FCKConfig.LinkBrowserWindowHeight    = screen.height * 0.7 ;    // 70%
- 
--FCKConfig.ImageBrowser = true ;
-+FCKConfig.ImageBrowser = false ;
- FCKConfig.ImageBrowserURL = FCKConfig.BasePath + 'filemanager/browser/mcpuk/browser.html?Type=Image&Connector=connectors/php/connector.php' ;
- FCKConfig.ImageBrowserWindowWidth  = screen.width * 0.7 ;    // 70% ;
- FCKConfig.ImageBrowserWindowHeight = screen.height * 0.7 ;    // 70% ;
- 
--FCKConfig.FlashBrowser = true ;
-+FCKConfig.FlashBrowser = false ;
- FCKConfig.FlashBrowserURL = FCKConfig.BasePath + 'filemanager/browser/mcpuk/browser.html?Type=Flash&Connector=connectors/php/connector.php' ;
- FCKConfig.FlashBrowserWindowWidth  = screen.width * 0.7 ;    //70% ;
- FCKConfig.FlashBrowserWindowHeight = screen.height * 0.7 ;    //70% ;
-@@ -198,4 +198,4 @@ FCKConfig.SmileyColumns = 8 ;
- FCKConfig.SmileyWindowWidth        = 320 ;
- FCKConfig.SmileyWindowHeight    = 240 ;
- 
--if( window.console ) window.console.log( 'Config is loaded!' ) ;    // @Packager.Compactor.RemoveLine
-\ No newline at end of file
-+if( window.console ) window.console.log( 'Config is loaded!' ) ;    // @Packager.Compactor.RemoveLine