head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q1:1.1.0.14 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.12 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.10 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.8 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.6 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.4 pkgsrc-2008Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.05.26.14.19.29; author taca; state dead; branches; next 1.1; 1.1 date 2008.06.19.14.08.42; author taca; state Exp; branches 1.1.2.1 1.1.14.1; next ; 1.1.2.1 date 2008.06.19.14.08.42; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.06.24.12.50.15; author tron; state Exp; branches; next ; 1.1.14.1 date 2009.05.30.21.14.02; author tron; state dead; branches; next ; desc @@ 1.2 log @Update geeklog package from 1.4.1nb4 to 1.5.2.4 (1.5.2sr4). pkgsrc changes: overhaul this package. * Add LICENSE. * Clean up bmake's macros, such as addition of PRINT_PLIST_AWK. Geeklog changes: too many chagnes to write here. * New user-friendly installation. * New Configuration GUI. * New Webservice GUI. * And more. Please refer http://www.geeklog.net/docs/english/changes.html for more information. Fixed some security problems about SQL injection vulnerability. @ text @$NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $ A security fix for HTML filter: http://www.geeklog.net/article.php/kses. This problem will be fixed in Geeklog 1.5.0. --- system/classes/kses.class.php.orig 2006-05-15 14:49:44.000000000 +0900 +++ system/classes/kses.class.php @@@@ -941,12 +941,12 @@@@ */ function _bad_protocol_once($string) { - return preg_replace( - '/^((&[^;]*;|[\sA-Za-z0-9])*)'. - '(:|:|&#[Xx]3[Aa];)\s*/e', - '\$this->_bad_protocol_once2("\\1")', - $string - ); + $string2 = preg_split('/:|:|:/i', $string, 2); + if(isset($string2[1]) && !preg_match('%/\?%',$string2[0])) + { + $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]); + } + return $string; } /** @ 1.1 log @Add a security fix for kses, HTML filter which isn't used with default configuration: http://www.geeklog.net/article.php/kses. Also fix one pkglint warning. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.14.1 log @Pullup ticket #2782 - requested by taca geeklog: security update Revisions pulled up: - www/geeklog/DEINSTALL 1.5 - www/geeklog/INSTALL 1.4 - www/geeklog/Makefile 1.22 - www/geeklog/Makefile.common 1.7 - www/geeklog/PLIST 1.8 - www/geeklog/distinfo 1.9 - www/geeklog/files/README 1.4 - www/geeklog/files/createdb.php delete - www/geeklog/files/geeklog.conf 1.2 - www/geeklog/patches/patch-aa 1.3 - www/geeklog/patches/patch-ab delete - www/geeklog/patches/patch-ac delete - www/geeklog/patches/patch-ag delete - www/geeklog/patches/patch-ah delete - www/geeklog/patches/patch-ai delete - www/geeklog/patches/patch-aj 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue May 26 14:19:29 UTC 2009 Modified Files: pkgsrc/www/geeklog: DEINSTALL INSTALL Makefile Makefile.common PLIST distinfo pkgsrc/www/geeklog/files: README geeklog.conf pkgsrc/www/geeklog/patches: patch-aa Added Files: pkgsrc/www/geeklog/patches: patch-aj Removed Files: pkgsrc/www/geeklog/files: createdb.php pkgsrc/www/geeklog/patches: patch-ab patch-ac patch-ag patch-ah patch-ai Log Message: Update geeklog package from 1.4.1nb4 to 1.5.2.4 (1.5.2sr4). pkgsrc changes: overhaul this package. * Add LICENSE. * Clean up bmake's macros, such as addition of PRINT_PLIST_AWK. Geeklog changes: too many chagnes to write here. * New user-friendly installation. * New Configuration GUI. * New Webservice GUI. * And more. Please refer http://www.geeklog.net/docs/english/changes.html for more information. Fixed some security problems about SQL injection vulnerability. @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $ @ 1.1.2.1 log @file patch-ah was added on branch pkgsrc-2008Q1 on 2008-06-24 12:50:15 +0000 @ text @d1 26 @ 1.1.2.2 log @Pullup ticket #2432 - requested by taca Security patch for geeklog Revisions pulled: - www/geeklog/Makefile 1.17-1.18 - www/geeklog/Makefile.common 1.6 - www/geeklog/distinfo 1.7 - www/geeklog/patches/patch-ah 1.1 --- Module Name: pkgsrc Committed By: joerg Date: Mon May 26 00:40:24 UTC 2008 Modified Files: pkgsrc/www/geeklog: Makefile Log Message: Needs full pax dependency. Bump revision. --- Module Name: pkgsrc Committed By: taca Date: Thu Jun 19 14:08:42 UTC 2008 Modified Files: pkgsrc/www/geeklog: Makefile Makefile.common distinfo Added Files: pkgsrc/www/geeklog/patches: patch-ah Log Message: Add a security fix for kses, HTML filter which isn't used with default configuration: http://www.geeklog.net/article.php/kses. Also fix one pkglint warning. Bump PKGREVISION. @ text @a0 26 $NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $ A security fix for HTML filter: http://www.geeklog.net/article.php/kses. This problem will be fixed in Geeklog 1.5.0. --- system/classes/kses.class.php.orig 2006-05-15 14:49:44.000000000 +0900 +++ system/classes/kses.class.php @@@@ -941,12 +941,12 @@@@ */ function _bad_protocol_once($string) { - return preg_replace( - '/^((&[^;]*;|[\sA-Za-z0-9])*)'. - '(:|:|&#[Xx]3[Aa];)\s*/e', - '\$this->_bad_protocol_once2("\\1")', - $string - ); + $string2 = preg_split('/:|:|:/i', $string, 2); + if(isset($string2[1]) && !preg_match('%/\?%',$string2[0])) + { + $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]); + } + return $string; } /** @