diff options
| author | taca <taca@pkgsrc.org> | 2009-09-15 10:48:46 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2009-09-15 10:48:46 +0000 |
| commit | 91676e780c70319dd255f569866ae31b4ee9e15d (patch) | |
| tree | 7ec3db61a533a48e91570e9b8a3ed7a51d352356 /www/geeklog | |
| parent | a01214bcd5a166ded1d9f81b4846be5ffeb29fb9 (diff) | |
| download | pkgsrc-91676e780c70319dd255f569866ae31b4ee9e15d.tar.gz | |
Update Geeklog to 1.6.0sr2 (security release 2).
o Add some pkgsrc patches to improve Content-Type header output.
Geeklog 1.6.0sr2
This release addresses the following security issue:
* Unauthorized file uploads were possible through FCKeditor.
Uploaded files still had to go through FCKeditor's filter, so it was not
possible to upload scripts (and the integrity of the Geeklog site as such
was not in danger). There were, however, reports that this was used to host
malware.
This update prevents use of the upload feature when FCKeditor is disabled
and disables it for anonymous users. It also doesn't allow uploading of
archive files any more. Furthermore, you need some sort of "edit"
permission now to be able to upload files through FCKeditor (this is meant
as an interim measure - we will probably introduce a separate "upload"
permission in future Geeklog versions).
Other fixes:
* Fixed installation using InnoDB tables.
* Fixed a (non-exploitable) SQL error when auto-updating a story's
commentcode field.
* Fixed a wrong function name in the Links plugin.
Geeklog 1.6.0sr1
This release addresses the following security issues:
1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
email a story to a friend.
2. The "Mail Story to a Friend" function didn't check story permissions, so
that it was possible to email a story even if you didn't have the
permissions to view it on the site.
Other fixes:
* Fixed an SQL error when submitting a story and the story submission queue
was off.
* Fixed calls to a nonexistent function COM_outputMessageAndAbort.
Geeklog 1.6.0
Results from the Summer of Code
This release incorporates the following projects implemented during the the
2008 Google Summer of Code:
* Site migration support and easier plugin installation, by Matt West
* Improved search, by Sami Barakat
* Comment moderation and editable comments, by Jared Wenerd
Other changes
* The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
the PHP team ended support for PHP 4 in August 2008, you should be looking
into upgrading to PHP 5 anyway.
* Includes FCKeditor 2.6.4.1
* Includes a new plugin, XMLSitemap, that automatically generates a XML
sitemap file, as supported by all major search engines. Plugin written and
provided by mystral-kk.
* Several new plugin API functions have been added and existing functions
have been extended.
* The included documentation has been moved to docs/english to allow for
translations. Links to the documentation from within Geeklog will link to
existing translations for the current language automatically (or fall back
to the English documentation if no suitable translation can be found).
* There were a variety of theme changes to support new functionality and fix
inconsistencies in the layout.
This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!
Diffstat (limited to 'www/geeklog')
| -rw-r--r-- | www/geeklog/Makefile | 13 | ||||
| -rw-r--r-- | www/geeklog/PLIST | 112 | ||||
| -rw-r--r-- | www/geeklog/distinfo | 25 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-aj | 60 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-ak | 8 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-al | 8 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-am | 14 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-an | 14 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-ao | 24 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-ap | 14 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-ba | 26 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-bb | 24 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-bc | 54 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-bd | 17 |
14 files changed, 174 insertions, 239 deletions
diff --git a/www/geeklog/Makefile b/www/geeklog/Makefile index ce408867682..ef6b3b2e4c2 100644 --- a/www/geeklog/Makefile +++ b/www/geeklog/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.23 2009/09/13 01:15:10 taca Exp $ +# $NetBSD: Makefile,v 1.24 2009/09/15 10:48:46 taca Exp $ # DISTNAME= geeklog-${VER} -PKGNAME= geeklog-${VER:C/(sr|-)4/.5/g} +PKGNAME= geeklog-${VER:C/(sr|-)/./g} CATEGORIES= www MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ -DISTFILES= ${DEFAULT_DISTFILES} ${FCKEDITOR_UPDATE} MAINTAINER= taca@NetBSD.org HOMEPAGE= http://www.geeklog.net/ @@ -14,15 +13,13 @@ LICENSE= gnu-gpl-v2 PKG_DESTDIR_SUPPORT= user-destdir PRIVILEGED_STAGES+= clean -EXTRACT_ONLY= ${DEFAULT_DISTFILES} -FCKEDITOR_UPDATE= fckeditor-2.6.4.1-updated.tar.gz DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql USE_TOOLS+= pax -VER= 1.5.2sr4 +VER= 1.6.0sr2 NO_BUILD= YES PKG_GROUPS_VARS+= APACHE_GROUP @@ -94,10 +91,6 @@ INSTALLATION_DIRS= ${GEEKLOG_BASE} ${GEEKLOG_PUB} ${GL_TMPL}/images \ share/examples/geeklog ${GL_DOC} ${GL_EG} post-extract: - ${RUN} extract_file=${_DISTDIR:Q}/${FCKEDITOR_UPDATE:Q}; \ - export extract_file; cd ${WRKSRC}/public_html && ${EXTRACT_CMD} - cd ${WRKSRC}/public_html && ${RM} -f README.txt \ - fckeditor/editor/filemanager/browser/default/images/icons/default.icon.gif0000644 ${CP} ${FILESDIR}/README ${FILESDIR}/geeklog.conf ${WRKDIR} pre-install: diff --git a/www/geeklog/PLIST b/www/geeklog/PLIST index 5153a88ca82..ba1c575eadf 100644 --- a/www/geeklog/PLIST +++ b/www/geeklog/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.10 2009/09/13 01:15:10 taca Exp $ +@comment $NetBSD: PLIST,v 1.11 2009/09/15 10:48:46 taca Exp $ ${GEEKLOG_BASE}/emailgeeklogstories ${GEEKLOG_BASE}/language/afrikaans.php ${GEEKLOG_BASE}/language/afrikaans_utf-8.php @@ -55,6 +55,8 @@ ${GEEKLOG_BASE}/language/romanian.php ${GEEKLOG_BASE}/language/romanian_utf-8.php ${GEEKLOG_BASE}/language/russian.php ${GEEKLOG_BASE}/language/russian_utf-8.php +${GEEKLOG_BASE}/language/serbian.php +${GEEKLOG_BASE}/language/serbian_utf-8.php ${GEEKLOG_BASE}/language/slovak.php ${GEEKLOG_BASE}/language/slovak_utf-8.php ${GEEKLOG_BASE}/language/slovenian.php @@ -70,6 +72,7 @@ ${GEEKLOG_BASE}/language/turkish_utf-8.php ${GEEKLOG_BASE}/language/ukrainian.php ${GEEKLOG_BASE}/language/ukrainian_koi8-u.php ${GEEKLOG_BASE}/language/ukrainian_utf-8.php +${GEEKLOG_BASE}/plugins/calendar/autoinstall.php ${GEEKLOG_BASE}/plugins/calendar/functions.inc ${GEEKLOG_BASE}/plugins/calendar/install_defaults.php ${GEEKLOG_BASE}/plugins/calendar/language/README @@ -126,6 +129,7 @@ ${GEEKLOG_BASE}/plugins/calendar/templates/submitevent.thtml ${GEEKLOG_BASE}/plugins/calendar/templates/weekview/events.thtml ${GEEKLOG_BASE}/plugins/calendar/templates/weekview/weekview.thtml ${GEEKLOG_BASE}/plugins/links/README +${GEEKLOG_BASE}/plugins/links/autoinstall.php ${GEEKLOG_BASE}/plugins/links/functions.inc ${GEEKLOG_BASE}/plugins/links/install_defaults.php ${GEEKLOG_BASE}/plugins/links/language/README @@ -176,6 +180,7 @@ ${GEEKLOG_BASE}/plugins/links/templates/linkdetails.thtml ${GEEKLOG_BASE}/plugins/links/templates/links.thtml ${GEEKLOG_BASE}/plugins/links/templates/pagenavigation.thtml ${GEEKLOG_BASE}/plugins/links/templates/submitlink.thtml +${GEEKLOG_BASE}/plugins/polls/autoinstall.php ${GEEKLOG_BASE}/plugins/polls/functions.inc ${GEEKLOG_BASE}/plugins/polls/install_defaults.php ${GEEKLOG_BASE}/plugins/polls/language/README @@ -207,7 +212,9 @@ ${GEEKLOG_BASE}/plugins/polls/language/ukrainian.php ${GEEKLOG_BASE}/plugins/polls/language/ukrainian_koi8-u.php ${GEEKLOG_BASE}/plugins/polls/language/ukrainian_utf-8.php ${GEEKLOG_BASE}/plugins/polls/sql/mssql_install.php +${GEEKLOG_BASE}/plugins/polls/sql/mssql_updates.php ${GEEKLOG_BASE}/plugins/polls/sql/mysql_install.php +${GEEKLOG_BASE}/plugins/polls/sql/mysql_updates.php ${GEEKLOG_BASE}/plugins/polls/templates/admin/pollansweroption.thtml ${GEEKLOG_BASE}/plugins/polls/templates/admin/polleditor.thtml ${GEEKLOG_BASE}/plugins/polls/templates/admin/pollquestions.thtml @@ -224,7 +231,6 @@ ${GEEKLOG_BASE}/plugins/spamx/BaseAdmin.class.php ${GEEKLOG_BASE}/plugins/spamx/BaseCommand.class.php ${GEEKLOG_BASE}/plugins/spamx/BlackList.Examine.class.php ${GEEKLOG_BASE}/plugins/spamx/DeleteComment.Action.class.php -${GEEKLOG_BASE}/plugins/spamx/Developer.txt ${GEEKLOG_BASE}/plugins/spamx/EditBlackList.Admin.class.php ${GEEKLOG_BASE}/plugins/spamx/EditHeader.Admin.class.php ${GEEKLOG_BASE}/plugins/spamx/EditIP.Admin.class.php @@ -240,6 +246,7 @@ ${GEEKLOG_BASE}/plugins/spamx/SLV.Examine.class.php ${GEEKLOG_BASE}/plugins/spamx/SLVbase.class.php ${GEEKLOG_BASE}/plugins/spamx/SLVreport.Action.class.php ${GEEKLOG_BASE}/plugins/spamx/SLVwhitelist.Admin.class.php +${GEEKLOG_BASE}/plugins/spamx/autoinstall.php ${GEEKLOG_BASE}/plugins/spamx/functions.inc ${GEEKLOG_BASE}/plugins/spamx/install_defaults.php ${GEEKLOG_BASE}/plugins/spamx/language/english.php @@ -264,11 +271,11 @@ ${GEEKLOG_BASE}/plugins/spamx/language/spanish_utf-8.php ${GEEKLOG_BASE}/plugins/spamx/language/ukrainian.php ${GEEKLOG_BASE}/plugins/spamx/language/ukrainian_koi8-u.php ${GEEKLOG_BASE}/plugins/spamx/language/ukrainian_utf-8.php -${GEEKLOG_BASE}/plugins/spamx/rss.inc.php ${GEEKLOG_BASE}/plugins/spamx/sql/mssql_install.php ${GEEKLOG_BASE}/plugins/spamx/sql/mysql_install.php ${GEEKLOG_BASE}/plugins/spamx/templates/admin.thtml ${GEEKLOG_BASE}/plugins/spamx/templates/install.thtml +${GEEKLOG_BASE}/plugins/staticpages/autoinstall.php ${GEEKLOG_BASE}/plugins/staticpages/functions.inc ${GEEKLOG_BASE}/plugins/staticpages/install_defaults.php ${GEEKLOG_BASE}/plugins/staticpages/language/README @@ -321,22 +328,25 @@ ${GEEKLOG_BASE}/plugins/staticpages/templates/centerblock.thtml ${GEEKLOG_BASE}/plugins/staticpages/templates/printable.thtml ${GEEKLOG_BASE}/plugins/staticpages/templates/spcomments.thtml ${GEEKLOG_BASE}/plugins/staticpages/templates/staticpage.thtml +${GEEKLOG_BASE}/plugins/xmlsitemap/autoinstall.php +${GEEKLOG_BASE}/plugins/xmlsitemap/functions.inc +${GEEKLOG_BASE}/plugins/xmlsitemap/install_defaults.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/english.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/english_utf-8.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/estonian.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/estonian_utf-8.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/hebrew_utf-8.php +${GEEKLOG_BASE}/plugins/xmlsitemap/language/japanese_utf-8.php +${GEEKLOG_BASE}/plugins/xmlsitemap/sql/mssql_install.php +${GEEKLOG_BASE}/plugins/xmlsitemap/sql/mysql_install.php +${GEEKLOG_BASE}/plugins/xmlsitemap/xmlsitemap.class.php ${GEEKLOG_BASE}/readme ${GEEKLOG_BASE}/sql/mssql_tableanddata.php ${GEEKLOG_BASE}/sql/mysql_tableanddata.php -${GEEKLOG_BASE}/sql/updates/0.1_to_0.2.sql -${GEEKLOG_BASE}/sql/updates/0.2_to_0.3.sql -${GEEKLOG_BASE}/sql/updates/0.3_to_0.4.sql -${GEEKLOG_BASE}/sql/updates/0.4_to_0.5.sql -${GEEKLOG_BASE}/sql/updates/0.5_to_1.0.sql -${GEEKLOG_BASE}/sql/updates/1.0_to_1.1.sql -${GEEKLOG_BASE}/sql/updates/1.1_to_1.2.sql -${GEEKLOG_BASE}/sql/updates/1.2.5-1_to_1.3.NOTES -${GEEKLOG_BASE}/sql/updates/1.2.5-1_to_1.3.sql -${GEEKLOG_BASE}/sql/updates/1.2_to_1.2.2.sql ${GEEKLOG_BASE}/sql/updates/mssql_1.4.1_to_1.5.0.php ${GEEKLOG_BASE}/sql/updates/mssql_1.5.0_to_1.5.1.php ${GEEKLOG_BASE}/sql/updates/mssql_1.5.1_to_1.5.2.php +${GEEKLOG_BASE}/sql/updates/mssql_1.5.2_to_1.6.0.php ${GEEKLOG_BASE}/sql/updates/mysql_1.2.5-1_to_1.3.php ${GEEKLOG_BASE}/sql/updates/mysql_1.3.10_to_1.3.11.php ${GEEKLOG_BASE}/sql/updates/mysql_1.3.11_to_1.4.0.php @@ -353,14 +363,15 @@ ${GEEKLOG_BASE}/sql/updates/mysql_1.4.0_to_1.4.1.php ${GEEKLOG_BASE}/sql/updates/mysql_1.4.1_to_1.5.0.php ${GEEKLOG_BASE}/sql/updates/mysql_1.5.0_to_1.5.1.php ${GEEKLOG_BASE}/sql/updates/mysql_1.5.1_to_1.5.2.php +${GEEKLOG_BASE}/sql/updates/mysql_1.5.2_to_1.6.0.php ${GEEKLOG_BASE}/system/classes/authentication/LDAP.auth.class.php ${GEEKLOG_BASE}/system/classes/authentication/LiveJournal.auth.class.php ${GEEKLOG_BASE}/system/classes/authentication/ldap/config.php ${GEEKLOG_BASE}/system/classes/calendar.class.php ${GEEKLOG_BASE}/system/classes/config.class.php -${GEEKLOG_BASE}/system/classes/conversion.class.php ${GEEKLOG_BASE}/system/classes/downloader.class.php ${GEEKLOG_BASE}/system/classes/kses.class.php +${GEEKLOG_BASE}/system/classes/listfactory.class.php ${GEEKLOG_BASE}/system/classes/navbar.class.php ${GEEKLOG_BASE}/system/classes/openid/COPYING ${GEEKLOG_BASE}/system/classes/openid/LICENSE @@ -376,6 +387,7 @@ ${GEEKLOG_BASE}/system/classes/openidhelper.class.php ${GEEKLOG_BASE}/system/classes/plugin.class.php ${GEEKLOG_BASE}/system/classes/sanitize.class.php ${GEEKLOG_BASE}/system/classes/search.class.php +${GEEKLOG_BASE}/system/classes/searchcriteria.class.php ${GEEKLOG_BASE}/system/classes/story.class.php ${GEEKLOG_BASE}/system/classes/syndication/atom.feed.class.php ${GEEKLOG_BASE}/system/classes/syndication/feedparserbase.class.php @@ -384,6 +396,7 @@ ${GEEKLOG_BASE}/system/classes/syndication/rdf.feed.class.php ${GEEKLOG_BASE}/system/classes/syndication/rss.feed.class.php ${GEEKLOG_BASE}/system/classes/template.class.php ${GEEKLOG_BASE}/system/classes/timer.class.php +${GEEKLOG_BASE}/system/classes/unpacker.class.php ${GEEKLOG_BASE}/system/classes/upload.class.php ${GEEKLOG_BASE}/system/classes/url.class.php ${GEEKLOG_BASE}/system/databases/mssql.class.php @@ -771,19 +784,19 @@ ${GL_TMPL}/images/topics/topic_gl.gif ${GL_TMPL}/images/topics/topic_news.gif ${GL_TMPL}/images/userphotos/index.html ${GEEKLOG_PUB}/404.php -${GEEKLOG_PUB}/article.php ${GL_ADMIN}/auth.inc.php ${GL_ADMIN}/block.php ${GL_ADMIN}/configuration.php ${GL_ADMIN}/database.php ${GL_ADMIN}/group.php ${GL_ADMIN}/index.php +${GL_ADMIN}/install/bigdump.php ${GL_ADMIN}/install/config-install.php ${GL_ADMIN}/install/configinfo.php ${GL_ADMIN}/install/help.php ${GL_ADMIN}/install/index.php ${GL_ADMIN}/install/info.php -${GL_ADMIN}/install/install.php +${GL_ADMIN}/install/install-plugins.php ${GL_ADMIN}/install/language/chinese_simplified_utf-8.php ${GL_ADMIN}/install/language/chinese_traditional_utf-8.php ${GL_ADMIN}/install/language/english.php @@ -794,29 +807,28 @@ ${GL_ADMIN}/install/language/polish.php ${GL_ADMIN}/install/layout/header-bg.png ${GL_ADMIN}/install/layout/logo.png ${GL_ADMIN}/install/layout/style.css +${GL_ADMIN}/install/lib-install.php +${GL_ADMIN}/install/lib-upgrade.php +${GL_ADMIN}/install/migrate.php ${GL_ADMIN}/install/success.php ${GL_ADMIN}/install/toinnodb.php ${GL_ADMIN}/mail.php ${GL_ADMIN}/moderation.php ${GL_ADMIN}/plugins.php ${GL_ADMIN}/plugins/calendar/index.php -${GL_ADMIN}/plugins/calendar/install.php ${GL_ADMIN}/plugins/links/category.php ${GL_ADMIN}/plugins/links/index.php -${GL_ADMIN}/plugins/links/install.php ${GL_ADMIN}/plugins/polls/index.php -${GL_ADMIN}/plugins/polls/install.php ${GL_ADMIN}/plugins/spamx/images/spamx.png ${GL_ADMIN}/plugins/spamx/index.php -${GL_ADMIN}/plugins/spamx/install.php ${GL_ADMIN}/plugins/staticpages/index.php -${GL_ADMIN}/plugins/staticpages/install.php ${GL_ADMIN}/sectest.php ${GL_ADMIN}/story.php ${GL_ADMIN}/syndication.php ${GL_ADMIN}/topic.php ${GL_ADMIN}/trackback.php ${GL_ADMIN}/user.php +${GEEKLOG_PUB}/article.php ${GEEKLOG_PUB}/calendar/event.php ${GEEKLOG_PUB}/calendar/images/calendar.png ${GEEKLOG_PUB}/calendar/images/delete_event.gif @@ -825,29 +837,43 @@ ${GEEKLOG_PUB}/calendar/index.php ${GEEKLOG_PUB}/calendar/style.css ${GEEKLOG_PUB}/comment.php ${GEEKLOG_PUB}/directory.php -${GEEKLOG_PUB}/docs/calendar.html ${GEEKLOG_PUB}/docs/changed-files -${GEEKLOG_PUB}/docs/changes.html -${GEEKLOG_PUB}/docs/config.html ${GEEKLOG_PUB}/docs/docstyle.css +${GEEKLOG_PUB}/docs/english/calendar.html +${GEEKLOG_PUB}/docs/english/changes.html +${GEEKLOG_PUB}/docs/english/config.html +${GEEKLOG_PUB}/docs/english/index.html +${GEEKLOG_PUB}/docs/english/install.html +${GEEKLOG_PUB}/docs/english/links.html +${GEEKLOG_PUB}/docs/english/polls.html +${GEEKLOG_PUB}/docs/english/spamx.html +${GEEKLOG_PUB}/docs/english/staticpages.html +${GEEKLOG_PUB}/docs/english/support.html +${GEEKLOG_PUB}/docs/english/theme.html +${GEEKLOG_PUB}/docs/english/themevars.html +${GEEKLOG_PUB}/docs/english/trackback.html ${GEEKLOG_PUB}/docs/history ${GEEKLOG_PUB}/docs/images/de.png ${GEEKLOG_PUB}/docs/images/fr.png ${GEEKLOG_PUB}/docs/images/jp.png ${GEEKLOG_PUB}/docs/images/newlogo.gif ${GEEKLOG_PUB}/docs/images/pl.png -${GEEKLOG_PUB}/docs/index.html -${GEEKLOG_PUB}/docs/install.html +${GEEKLOG_PUB}/docs/japanese/calendar.html +${GEEKLOG_PUB}/docs/japanese/changes.html +${GEEKLOG_PUB}/docs/japanese/config.html +${GEEKLOG_PUB}/docs/japanese/docstyle.css +${GEEKLOG_PUB}/docs/japanese/history.html +${GEEKLOG_PUB}/docs/japanese/index.html +${GEEKLOG_PUB}/docs/japanese/install.html +${GEEKLOG_PUB}/docs/japanese/links.html +${GEEKLOG_PUB}/docs/japanese/polls.html +${GEEKLOG_PUB}/docs/japanese/spamx.html +${GEEKLOG_PUB}/docs/japanese/staticpages.html +${GEEKLOG_PUB}/docs/japanese/support.html +${GEEKLOG_PUB}/docs/japanese/theme.html +${GEEKLOG_PUB}/docs/japanese/themevars.html +${GEEKLOG_PUB}/docs/japanese/trackback.html ${GEEKLOG_PUB}/docs/license -${GEEKLOG_PUB}/docs/links.html -${GEEKLOG_PUB}/docs/plugin.html -${GEEKLOG_PUB}/docs/polls.html -${GEEKLOG_PUB}/docs/spamx.html -${GEEKLOG_PUB}/docs/staticpages.html -${GEEKLOG_PUB}/docs/support.html -${GEEKLOG_PUB}/docs/theme.html -${GEEKLOG_PUB}/docs/themevars.html -${GEEKLOG_PUB}/docs/trackback.html ${GEEKLOG_PUB}/fckeditor/_documentation.html ${GEEKLOG_PUB}/fckeditor/_upgrade.html ${GEEKLOG_PUB}/fckeditor/_whatsnew.html @@ -1350,6 +1376,7 @@ ${GEEKLOG_PUB}/layout/professional/admin/index.html ${GEEKLOG_PUB}/layout/professional/admin/lists/field.thtml ${GEEKLOG_PUB}/layout/professional/admin/lists/header.thtml ${GEEKLOG_PUB}/layout/professional/admin/lists/index.html +${GEEKLOG_PUB}/layout/professional/admin/lists/inline.thtml ${GEEKLOG_PUB}/layout/professional/admin/lists/list.thtml ${GEEKLOG_PUB}/layout/professional/admin/lists/listitem.thtml ${GEEKLOG_PUB}/layout/professional/admin/lists/searchmenu.thtml @@ -1463,7 +1490,6 @@ ${GEEKLOG_PUB}/layout/professional/images/index.html ${GEEKLOG_PUB}/layout/professional/images/list.png ${GEEKLOG_PUB}/layout/professional/images/logo.png ${GEEKLOG_PUB}/layout/professional/images/mail.png -${GEEKLOG_PUB}/layout/professional/images/pdf.png ${GEEKLOG_PUB}/layout/professional/images/person.png ${GEEKLOG_PUB}/layout/professional/images/print.png ${GEEKLOG_PUB}/layout/professional/images/sendping.png @@ -1472,6 +1498,19 @@ ${GEEKLOG_PUB}/layout/professional/images/sysmessage.png ${GEEKLOG_PUB}/layout/professional/leftblocks.thtml ${GEEKLOG_PUB}/layout/professional/list.thtml ${GEEKLOG_PUB}/layout/professional/listitem.thtml +${GEEKLOG_PUB}/layout/professional/lists/index.html +${GEEKLOG_PUB}/layout/professional/lists/inline/index.html +${GEEKLOG_PUB}/layout/professional/lists/inline/item_field.thtml +${GEEKLOG_PUB}/layout/professional/lists/inline/item_row.thtml +${GEEKLOG_PUB}/layout/professional/lists/inline/list.thtml +${GEEKLOG_PUB}/layout/professional/lists/inline/page_limit.thtml +${GEEKLOG_PUB}/layout/professional/lists/inline/page_sort.thtml +${GEEKLOG_PUB}/layout/professional/lists/table/index.html +${GEEKLOG_PUB}/layout/professional/lists/table/item_field.thtml +${GEEKLOG_PUB}/layout/professional/lists/table/item_row.thtml +${GEEKLOG_PUB}/layout/professional/lists/table/list.thtml +${GEEKLOG_PUB}/layout/professional/lists/table/page_limit.thtml +${GEEKLOG_PUB}/layout/professional/lists/table/page_sort.thtml ${GEEKLOG_PUB}/layout/professional/loginform.thtml ${GEEKLOG_PUB}/layout/professional/loginform_openid.thtml ${GEEKLOG_PUB}/layout/professional/menuitem.thtml @@ -1503,6 +1542,7 @@ ${GEEKLOG_PUB}/layout/professional/preferences/profile.thtml ${GEEKLOG_PUB}/layout/professional/preferences/theme.thtml ${GEEKLOG_PUB}/layout/professional/preferences/username.thtml ${GEEKLOG_PUB}/layout/professional/preferences/userphoto.thtml +${GEEKLOG_PUB}/layout/professional/print.css ${GEEKLOG_PUB}/layout/professional/profiles/contactauthorform.thtml ${GEEKLOG_PUB}/layout/professional/profiles/contactuserform.thtml ${GEEKLOG_PUB}/layout/professional/profiles/index.html diff --git a/www/geeklog/distinfo b/www/geeklog/distinfo index 9fe3f28065b..e463b67988f 100644 --- a/www/geeklog/distinfo +++ b/www/geeklog/distinfo @@ -1,16 +1,13 @@ -$NetBSD: distinfo,v 1.10 2009/09/13 01:15:10 taca Exp $ +$NetBSD: distinfo,v 1.11 2009/09/15 10:48:46 taca Exp $ -SHA1 (fckeditor-2.6.4.1-updated.tar.gz) = 60008ea4ee12a9951b7e05cb76922afe5d103fb6 -RMD160 (fckeditor-2.6.4.1-updated.tar.gz) = 75ee469a39508085e5360e6d53168f01d1faa65d -Size (fckeditor-2.6.4.1-updated.tar.gz) = 832636 bytes -SHA1 (geeklog-1.5.2sr4.tar.gz) = fa0e1e97a8d3fa7ccdff0835eb0bd0e963d5bc24 -RMD160 (geeklog-1.5.2sr4.tar.gz) = a218749173c0c4e1aba322759f7ee32d20ec166d -Size (geeklog-1.5.2sr4.tar.gz) = 4499082 bytes +SHA1 (geeklog-1.6.0sr2.tar.gz) = d952972544d944f0227679edb8b210b7918aae9c +RMD160 (geeklog-1.6.0sr2.tar.gz) = 31894548a2e5c61031dd4c6ae64a27e7efdd1199 +Size (geeklog-1.6.0sr2.tar.gz) = 4935165 bytes SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368 -SHA1 (patch-aj) = a7ff9d20a1313ace5f4ea4c46f5e8b087748e4e3 -SHA1 (patch-ak) = 5d49a7fd449b3905fe7a2177a636be3db7b45e33 -SHA1 (patch-al) = 6ebcfe407ad8b84a41130f6f7c2a26cf5b96f6c1 -SHA1 (patch-ba) = 74850e68510f37e4da762b247e5b68992acd7c18 -SHA1 (patch-bb) = cd6586fd10747231aa92efbdc59944f61d1cb7be -SHA1 (patch-bc) = fab4ff8b9fa00b40d96bb580055b6773d0774abb -SHA1 (patch-bd) = d09def0a09c9cbfc846e630acd1208beebfc2224 +SHA1 (patch-aj) = 2a98edcd7120778227137d6e642c10951ec74c88 +SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78 +SHA1 (patch-al) = d6af94edcc576b9977f4ee67ae621922a51d4c94 +SHA1 (patch-am) = 782fb7b541fd3212cb909bfbea774e62e86584f6 +SHA1 (patch-an) = 127173971cd95a08c1d7e2e3c93873592fa94300 +SHA1 (patch-ao) = 1207692e32a4355be686eddba050372519184e59 +SHA1 (patch-ap) = ffce2ef3702aab1a444f7493db5498a2f7365244 diff --git a/www/geeklog/patches/patch-aj b/www/geeklog/patches/patch-aj index 1bc6c0198ad..f4ec87d8243 100644 --- a/www/geeklog/patches/patch-aj +++ b/www/geeklog/patches/patch-aj @@ -1,52 +1,11 @@ -$NetBSD: patch-aj,v 1.2 2009/09/13 01:15:11 taca Exp $ +$NetBSD: patch-aj,v 1.3 2009/09/15 10:48:46 taca Exp $ -* make it geeklog 1.5.2sr5. -* Add missing charset parameter. -* Add missing utf8 select button. -* Send correct charset parameter. +* Change for pkgsrc. +* Output Content-Type header explicitly. ---- public_html/admin/install/index.php.orig 2009-04-18 16:55:00.000000000 +0900 +--- public_html/admin/install/index.php.orig 2009-08-30 18:08:41.000000000 +0900 +++ public_html/admin/install/index.php -@@ -48,7 +48,7 @@ if (!defined("LB")) { - define("LB", "\n"); - } - if (!defined('VERSION')) { -- define('VERSION', '1.5.2sr4'); -+ define('VERSION', '1.5.2sr5'); - } - if (!defined('XHTML')) { - define('XHTML', ' /'); -@@ -178,7 +178,8 @@ function get_SPX_Ver() - */ - function INST_checkPost150Upgrade($dbconfig_path, $siteconfig_path) - { -- global $_CONF, $_TABLES, $_DB, $_DB_dbms, $_DB_host, $_DB_user, $_DB_pass; -+ global $_CONF, $_TABLES, $_DB, $_DB_dbms, $_DB_host, $_DB_user, $_DB_pass, -+ $language; - - require $dbconfig_path; - require $siteconfig_path; -@@ -227,6 +228,7 @@ function INST_checkPost150Upgrade($dbcon - // this is a 1.5.x version, so upgrade directly - $req_string = 'index.php?mode=upgrade&step=3' - . '&dbconfig_path=' . $dbconfig_path -+ . '&language=' . $language - . '&version=' . $version; - - header('Location: ' . $req_string); -@@ -407,6 +409,11 @@ function INST_installEngine($install_typ - if ($install_type == 'install') { - $display .= ' - <p><label class="' . $label_dir . '">' . $LANG_INSTALL[92] . ' ' . INST_helpLink('utf8') . '</label> <input type="checkbox" name="utf8"' . ($utf8 ? ' checked="checked"' : '') . XHTML . '></p>'; -+ } else { -+ if ($utf8) { -+ $display .= ' -+ <input type="hidden" name="utf8" value="on"'. XHTML .'>'; -+ } - } - - $display .= ' -@@ -1793,16 +1800,8 @@ function INST_setDefaultCharset($sitecon +@@ -867,16 +867,8 @@ function INST_defaultPluginInstall() // | Main | // +---------------------------------------------------------------------------+ @@ -63,12 +22,13 @@ $NetBSD: patch-aj,v 1.2 2009/09/13 01:15:11 taca Exp $ +// pkgsrc default. +$gl_path = '@PREFIX@/@GEEKLOG_BASE@'; - $html_path = str_replace('admin/install/index.php', '', str_replace('admin\install\index.php', '', str_replace('\\', '/', __FILE__))); + $html_path = INST_getHtmlPath(); $siteconfig_path = '../../siteconfig.php'; -@@ -2228,5 +2227,6 @@ $display .= ' - </body> - </html>' . LB; +@@ -1242,6 +1234,7 @@ $display .= '<br' . XHTML . '><br' . XHT + . '</body>' . LB + . '</html>'; +header('Content-Type: text/html; charset=' . $LANG_CHARSET); echo $display; + ?> diff --git a/www/geeklog/patches/patch-ak b/www/geeklog/patches/patch-ak index a3757819cd9..c8a80d347b2 100644 --- a/www/geeklog/patches/patch-ak +++ b/www/geeklog/patches/patch-ak @@ -1,10 +1,10 @@ -$NetBSD: patch-ak,v 1.1 2009/09/13 01:15:11 taca Exp $ +$NetBSD: patch-ak,v 1.2 2009/09/15 10:48:46 taca Exp $ -* Send correct charset parameter. +* Output Content-Type header explicitly. ---- public_html/admin/install/configinfo.php.orig 2008-05-11 16:25:08.000000000 +0900 +--- public_html/admin/install/configinfo.php.orig 2009-07-29 20:41:47.000000000 +0900 +++ public_html/admin/install/configinfo.php -@@ -92,6 +92,7 @@ foreach ($_CONF as $option => $value) { +@@ -90,6 +90,7 @@ foreach ($_CONF as $option => $value) { } $display .= "</table>\n</body>\n</html>"; diff --git a/www/geeklog/patches/patch-al b/www/geeklog/patches/patch-al index 831acec24aa..56ab284e4cf 100644 --- a/www/geeklog/patches/patch-al +++ b/www/geeklog/patches/patch-al @@ -1,10 +1,10 @@ -$NetBSD: patch-al,v 1.1 2009/09/13 01:15:11 taca Exp $ +$NetBSD: patch-al,v 1.2 2009/09/15 10:48:46 taca Exp $ -* Send correct charset parameter. +* Output Content-Type header explicitly. ---- public_html/admin/install/help.php.orig 2009-01-23 04:19:55.000000000 +0900 +--- public_html/admin/install/help.php.orig 2009-07-29 20:41:47.000000000 +0900 +++ public_html/admin/install/help.php -@@ -141,6 +141,7 @@ $display .= '<head> +@@ -109,6 +109,7 @@ $display .= ' </body> </html>' . LB; diff --git a/www/geeklog/patches/patch-am b/www/geeklog/patches/patch-am new file mode 100644 index 00000000000..d6080256c01 --- /dev/null +++ b/www/geeklog/patches/patch-am @@ -0,0 +1,14 @@ +$NetBSD: patch-am,v 1.1 2009/09/15 10:48:46 taca Exp $ + +* Output Content-Type header explicitly. + +--- public_html/admin/install/bigdump.php.orig 2009-07-29 20:41:47.000000000 +0900 ++++ public_html/admin/install/bigdump.php +@@ -88,6 +88,7 @@ define ('TESTMODE',false); // + @ini_set('auto_detect_line_endings', true); + @set_time_limit(0); + ++header('Content-Type: text/html; charset=' . $LANG_CHARSET); + echo INST_getHeader($LANG_MIGRATE[17]); + + $error = false; diff --git a/www/geeklog/patches/patch-an b/www/geeklog/patches/patch-an new file mode 100644 index 00000000000..28d0208e326 --- /dev/null +++ b/www/geeklog/patches/patch-an @@ -0,0 +1,14 @@ +$NetBSD: patch-an,v 1.1 2009/09/15 10:48:46 taca Exp $ + +* Output Content-Type header explicitly. + +--- public_html/admin/install/install-plugins.php.orig 2009-07-29 20:41:47.000000000 +0900 ++++ public_html/admin/install/install-plugins.php +@@ -527,6 +527,7 @@ if (INST_phpOutOfDate()) { + } // End switch ($step) + } // end if (php_v()) + ++header('Content-Type: text/html; charset=' . COM_getCharset()); + $display .= INST_getFooter(); + + echo $display; diff --git a/www/geeklog/patches/patch-ao b/www/geeklog/patches/patch-ao new file mode 100644 index 00000000000..8fb34494b14 --- /dev/null +++ b/www/geeklog/patches/patch-ao @@ -0,0 +1,24 @@ +$NetBSD: patch-ao,v 1.1 2009/09/15 10:48:46 taca Exp $ + +* Inherit proper language parameter. + +--- public_html/admin/install/lib-install.php.orig 2009-08-30 22:39:19.000000000 +0900 ++++ public_html/admin/install/lib-install.php +@@ -609,7 +609,8 @@ function INST_getAlertMsg($mMessage, $mT + */ + function INST_checkPost150Upgrade($dbconfig_path, $siteconfig_path) + { +- global $_CONF, $_TABLES, $_DB, $_DB_dbms, $_DB_host, $_DB_user, $_DB_pass; ++ global $_CONF, $_TABLES, $_DB, $_DB_dbms, $_DB_host, $_DB_user, $_DB_pass, ++ $language; + + require $dbconfig_path; + require $siteconfig_path; +@@ -658,6 +659,7 @@ function INST_checkPost150Upgrade($dbcon + // current version is at least 1.5.0, so upgrade directly + $req_string = 'index.php?mode=upgrade&step=3' + . '&dbconfig_path=' . $dbconfig_path ++ . '&language=' . $language + . '&version=' . $version; + + header('Location: ' . $req_string); diff --git a/www/geeklog/patches/patch-ap b/www/geeklog/patches/patch-ap new file mode 100644 index 00000000000..b1c92a226b7 --- /dev/null +++ b/www/geeklog/patches/patch-ap @@ -0,0 +1,14 @@ +$NetBSD: patch-ap,v 1.1 2009/09/15 10:48:46 taca Exp $ + +* Output Content-Type header explicitly. + +--- public_html/admin/install/migrate.php.orig 2009-07-29 20:41:47.000000000 +0900 ++++ public_html/admin/install/migrate.php +@@ -1011,6 +1011,7 @@ if (INST_phpOutOfDate()) { + + $display .= INST_getFooter(); + ++header('Content-Type: text/html; charset=' . $LANG_CHARSET); + echo $display; + + ?> diff --git a/www/geeklog/patches/patch-ba b/www/geeklog/patches/patch-ba deleted file mode 100644 index cd0860c1c88..00000000000 --- a/www/geeklog/patches/patch-ba +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2009/09/13 01:15:11 taca Exp $ - -* Documentation update for Geeklog 1.5.2sr5 which isn't contained in - geeklog-1.5.2sr4-upgrade.tar.gz. - ---- public_html/docs/changes.html.orig 2009-04-18 16:56:05.000000000 +0900 -+++ public_html/docs/changes.html -@@ -16,6 +16,18 @@ and / or obvious changes. For a detailed - <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list - of files that have been changed since the last release.</p> - -+<h2><a name="changes152sr5">Geeklog 1.5.2sr5</a></h2> -+ -+<p>This release addresses the following security issues:</p> -+<ol> -+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to -+ email a story to a friend.</li> -+<li>The "Mail Story to a Friend" function didn't check story permissions, so -+ that it was possible to email a story even if you didn't have the -+ permissions to view it on the site.</li> -+</ol> -+ -+ - <h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2> - - <p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p> diff --git a/www/geeklog/patches/patch-bb b/www/geeklog/patches/patch-bb deleted file mode 100644 index a89da300958..00000000000 --- a/www/geeklog/patches/patch-bb +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2009/09/13 01:15:11 taca Exp $ - -* Documentation update for Geeklog 1.5.2sr5 which isn't contained in - geeklog-1.5.2sr4-upgrade.tar.gz. - ---- public_html/docs/history.orig 2009-04-18 16:47:32.000000000 +0900 -+++ public_html/docs/history -@@ -1,5 +1,16 @@ - Geeklog History/Changes: - -+Jul 30, 2009 (1.5.2sr5) -+------------ -+ -+This release addresses the following security issues: -+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to -+ email a story to a friend. -+- The "Mail Story to a Friend" function didn't check story permissions, so that -+ it was possible to email a story even if you didn't have the permissions to -+ view it on the site. -+ -+ - Apr 18, 2009 (1.5.2sr4) - ------------ - diff --git a/www/geeklog/patches/patch-bc b/www/geeklog/patches/patch-bc deleted file mode 100644 index 889cc2f208f..00000000000 --- a/www/geeklog/patches/patch-bc +++ /dev/null @@ -1,54 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2009/09/13 01:15:11 taca Exp $ - -* An update to Geeklog 1.5.2sr5. - ---- public_html/profiles.php.orig 2009-01-19 02:27:58.000000000 +0900 -+++ public_html/profiles.php -@@ -231,7 +231,7 @@ function contactform ($uid, $subject = ' - $mail_template->set_var ('lang_subject', $LANG08[13]); - $mail_template->set_var ('subject', $subject); - $mail_template->set_var ('lang_message', $LANG08[14]); -- $mail_template->set_var ('message', $message); -+ $mail_template->set_var ('message', htmlspecialchars($message)); - $mail_template->set_var ('lang_nohtml', $LANG08[15]); - $mail_template->set_var ('lang_submit', $LANG08[16]); - $mail_template->set_var ('uid', $uid); -@@ -300,9 +300,13 @@ function mailstory($sid, $to, $toemail, - return $retval; - } - -- $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'"; -- $result = DB_query ($sql); -- $A = DB_fetchArray ($result); -+ $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); -+ $result = DB_query($sql); -+ if (DB_numRows($result) == 0) { -+ return COM_refresh($_CONF['site_url'] . '/index.php'); -+ } -+ $A = DB_fetchArray($result); -+ - $shortmsg = COM_stripslashes ($shortmsg); - $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB; - if (strlen ($shortmsg) > 0) { -@@ -392,6 +396,12 @@ function mailstoryform ($sid, $to = '', - return $retval; - } - -+ $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND')); -+ $A = DB_fetchArray($result); -+ if ($A['count'] == 0) { -+ return COM_refresh($_CONF['site_url'] . '/index.php'); -+ } -+ - if ($msg > 0) { - $retval .= COM_showMessage ($msg); - } -@@ -421,7 +431,7 @@ function mailstoryform ($sid, $to = '', - $mail_template->set_var('lang_toemailaddress', $LANG08[19]); - $mail_template->set_var('toemail', $toemail); - $mail_template->set_var('lang_shortmessage', $LANG08[27]); -- $mail_template->set_var('shortmsg', $shortmsg); -+ $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg)); - $mail_template->set_var('lang_warning', $LANG08[22]); - $mail_template->set_var('lang_sendmessage', $LANG08[16]); - $mail_template->set_var('story_id',$sid); diff --git a/www/geeklog/patches/patch-bd b/www/geeklog/patches/patch-bd deleted file mode 100644 index bad29e3c74e..00000000000 --- a/www/geeklog/patches/patch-bd +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-bd,v 1.1 2009/09/13 01:15:11 taca Exp $ - -* An update of Geeklog 1.5.2sr5 which isn't contained in - geeklog-1.5.2sr4-upgrade.tar.gz. This is configuration file and - it will be updated during upgrade from 1.5.2sr4. - ---- public_html/siteconfig.php.orig 2009-04-18 16:54:50.000000000 +0900 -+++ public_html/siteconfig.php -@@ -38,7 +38,7 @@ if (!defined('LB')) { - define('LB',"\n"); - } - if (!defined('VERSION')) { -- define('VERSION', '1.5.2sr4'); -+ define('VERSION', '1.5.2sr5'); - } - - ?> |