summaryrefslogtreecommitdiff
path: root/www/geeklog
AgeCommit message (Collapse)AuthorFilesLines
2006-08-17- Reduce pkglint warning.taca1-10/+9
- Add GEEKLOG_SITEBASE to BUILD_DEFS. No functional changes.
2006-07-24Update geeklog package to 1.4.0.5.1 (1.4.0sr5-1).taca3-9/+10
- Fix display problem with comment preview. - Add afrikaans language support.
2006-07-23- Fix bad handling of some cofiguration files noted by ghen@ behalf oftaca5-25/+16
pkgsrc release engineering team. - Keep current directory with DEINSTALL and INSTALL script. - remove extra processing with POST-DEINSTALL action from DEINSTALL script. - Suggest use of additional graphic package. - Add APACHE_GROUP to BUILD_DEFS. - install ${GEEKLOG_EXAMPLESDIR}/createdb.php with INSTALL_SCRIPT. Bump PKGREVISION.
2006-07-17Update www/geeklog package to 1.4.0.5 (1.4.0sr5).taca2-7/+6
It fixes cross-site-scripting security problem. Geeklog 1.4.0sr5 JPCERT/CC informed us about a possible XSS in the comment handling that we're fixing with this release.
2006-07-09Oops, fix PKGREVISION's speeling.taca1-2/+2
2006-07-09- Set files' permission; a bundled PEAR library is too restrictedtaca2-3/+5
permisson. - Remove logs directory from PLIST. Bump PKGREVISION.
2006-07-01Update geeklog-1.4.0.4 (1.4.0sr3).taca4-185/+7
---------------------------------------------------------------------------- Two exploits have been released by "rgod" for insecure Geeklog installations and for a bug in the "mcpuk" file manager that we've been shipping as part of FCKeditor in all previous 1.4.0 releases. o Some of the files outside of the public_html directory were not protected against direct execution. If Geeklog was installed such that those files were accessible from a URL (which has always been strongly discouraged in the installation instructions) then those files could be used to load and execute malicious code from a remote server. More information: So-called Geeklog "exploit" posted In this release, we've added the missing execution prevention for all files outside of public_html. We would still, however, suggest that you fix your Geeklog install if the files outside of public_html are accessible from a URL (see our FAQ for details). o The "mcpuk" file manager that we've integrated into FCKeditor allowed the upload of arbitrary PHP code (even if FCKeditor was disabled in Geeklog's config.php). Depending on your webserver's configuration, it was then possible to execute that uploaded code. More information: Exploit for FCKeditor's mcpuk file manager The file manager has been removed from this release. You will therefore no longer be able to upload files, e.g. images, through FCKeditor. Future versions of Geeklog will ship with an updated version of FCKeditor and its included file manager. Note: This release also includes the updated lib-trackback.php for better protection against Trackback spam. ---------------------------------------------------------------------------- First problem dosen't related to pkgsrc.
2006-06-30Add a temporary fix to handle security problem of fckeditor; disablingtaca3-3/+38
file upload functions. Bump PKGREVISION.
2006-06-19Fix files/README about initial database creation notedtaca1-2/+2
by PR pkg/33762 from S. Kitagawa, thanks much.
2006-06-18- Split MESSAGE's content to separate document file.taca6-45/+72
- Handle system/lib-custom.php as one of modifiable files. Bump PKGREVISION.
2006-06-17No need to set APACHE_USER here.taca1-2/+1
2006-06-16Oops, forgot to correct include path of Makefile.common.taca1-2/+2
2006-06-15Importing www/geeklog-1.4.0.3 (geeklog-1.4.0sr3).taca16-0/+2298
Geeklog is a PHP/MySQL based application for managing dynamic web content. "Out of the box", it is a blog engine, or a CMS with support for comments, trackbacks, multiple syndication formats, spam protection, and all the other vital features of such a system.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-16 19:33:04 +0000