head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.10
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.8
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.6
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.4
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2009.09.15.10.48.46;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2009.09.13.01.15.11;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2009.09.13.01.15.11;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2009.09.13.14.57.36;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update Geeklog to 1.6.0sr2 (security release 2).

o Add some pkgsrc patches to improve Content-Type header output.


Geeklog 1.6.0sr2

This release addresses the following security issue:

  * Unauthorized file uploads were possible through FCKeditor.
    Uploaded files still had to go through FCKeditor's filter, so it was not
    possible to upload scripts (and the integrity of the Geeklog site as such
    was not in danger). There were, however, reports that this was used to host
    malware.
    This update prevents use of the upload feature when FCKeditor is disabled
    and disables it for anonymous users. It also doesn't allow uploading of
    archive files any more. Furthermore, you need some sort of "edit"
    permission now to be able to upload files through FCKeditor (this is meant
    as an interim measure - we will probably introduce a separate "upload"
    permission in future Geeklog versions).

Other fixes:

  * Fixed installation using InnoDB tables.
  * Fixed a (non-exploitable) SQL error when auto-updating a story's
    commentcode field.
  * Fixed a wrong function name in the Links plugin.

Geeklog 1.6.0sr1

This release addresses the following security issues:

 1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
    email a story to a friend.
 2. The "Mail Story to a Friend" function didn't check story permissions, so
    that it was possible to email a story even if you didn't have the
    permissions to view it on the site.

Other fixes:

  * Fixed an SQL error when submitting a story and the story submission queue
    was off.
  * Fixed calls to a nonexistent function COM_outputMessageAndAbort.

Geeklog 1.6.0

Results from the Summer of Code

This release incorporates the following projects implemented during the the
2008 Google Summer of Code:

  * Site migration support and easier plugin installation, by Matt West
  * Improved search, by Sami Barakat
  * Comment moderation and editable comments, by Jared Wenerd

Other changes

  * The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
    the PHP team ended support for PHP 4 in August 2008, you should be looking
    into upgrading to PHP 5 anyway.
  * Includes FCKeditor 2.6.4.1
  * Includes a new plugin, XMLSitemap, that automatically generates a XML
    sitemap file, as supported by all major search engines. Plugin written and
    provided by mystral-kk.
  * Several new plugin API functions have been added and existing functions
    have been extended.
  * The included documentation has been moved to docs/english to allow for
    translations. Links to the documentation from within Geeklog will link to
    existing translations for the current language automatically (or fall back
    to the English documentation if no suitable translation can be found).
  * There were a variety of theme changes to support new functionality and fix
    inconsistencies in the layout.

This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!
@
text
@$NetBSD: patch-bd,v 1.1 2009/09/13 01:15:11 taca Exp $

* An update of Geeklog 1.5.2sr5 which isn't contained in
  geeklog-1.5.2sr4-upgrade.tar.gz.  This is configuration file and
  it will be updated during upgrade from 1.5.2sr4.

--- public_html/siteconfig.php.orig	2009-04-18 16:54:50.000000000 +0900
+++ public_html/siteconfig.php
@@@@ -38,7 +38,7 @@@@ if (!defined('LB')) {
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr4');
+  define('VERSION', '1.5.2sr5');
 }
 
 ?>
@


1.1
log
@Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.

And add updated fckeditor for Geeklog.

These updates should fix known security problems, Secunia SA36372.



Jul 30, 2009 (1.5.2sr5)
------------

This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
  email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
  it was possible to email a story even if you didn't have the permissions to
  view it on the site.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-bd was added on branch pkgsrc-2009Q2 on 2009-09-13 14:57:36 +0000
@
text
@d1 17
@


1.1.2.2
log
@Pullup ticket #2889 - requested by taca
geeklog: security update

Revisions pulled up:
- www/geeklog/Makefile				1.23
- www/geeklog/PLIST				1.10
- www/geeklog/distinfo				1.10
- www/geeklog/patches/patch-aa			1.4
- www/geeklog/patches/patch-aj			1.2
- www/geeklog/patches/patch-ak			1.1
- www/geeklog/patches/patch-al			1.1
- www/geeklog/patches/patch-ba			1.1
- www/geeklog/patches/patch-bb			1.1
- www/geeklog/patches/patch-bc			1.1
- www/geeklog/patches/patch-bd			1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Sun Sep 13 01:15:11 UTC 2009

Modified Files:
	pkgsrc/www/geeklog: Makefile PLIST distinfo
	pkgsrc/www/geeklog/patches: patch-aa patch-aj
Added Files:
	pkgsrc/www/geeklog/patches: patch-ak patch-al patch-ba patch-bb
	    patch-bc patch-bd

Log Message:
Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.

And add updated fckeditor for Geeklog.

These updates should fix known security problems, Secunia SA36372.

Jul 30, 2009 (1.5.2sr5)
------------

This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
  email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
  it was possible to email a story even if you didn't have the permissions to
  view it on the site.
@
text
@a0 17
$NetBSD: patch-bd,v 1.1 2009/09/13 01:15:11 taca Exp $

* An update of Geeklog 1.5.2sr5 which isn't contained in
  geeklog-1.5.2sr4-upgrade.tar.gz.  This is configuration file and
  it will be updated during upgrade from 1.5.2sr4.

--- public_html/siteconfig.php.orig	2009-04-18 16:54:50.000000000 +0900
+++ public_html/siteconfig.php
@@@@ -38,7 +38,7 @@@@ if (!defined('LB')) {
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr4');
+  define('VERSION', '1.5.2sr5');
 }
 
 ?>
@