Tue Jun 24 12:50:15 2008 UTC ()
Pullup ticket #2432 - requested by taca
Security patch for geeklog

Revisions pulled:
- www/geeklog/Makefile		1.17-1.18
- www/geeklog/Makefile.common	1.6
- www/geeklog/distinfo		1.7
- www/geeklog/patches/patch-ah	1.1
---
    Module Name:    pkgsrc
    Committed By:   joerg
    Date:           Mon May 26 00:40:24 UTC 2008

    Modified Files:
        pkgsrc/www/geeklog: Makefile

    Log Message:
    Needs full pax dependency. Bump revision.
---
    Module Name:    pkgsrc
    Committed By:   taca
    Date:           Thu Jun 19 14:08:42 UTC 2008

    Modified Files:
        pkgsrc/www/geeklog: Makefile Makefile.common distinfo
    Added Files:
        pkgsrc/www/geeklog/patches: patch-ah

    Log Message:
    Add a security fix for kses, HTML filter which isn't used with default
    configuration: http://www.geeklog.net/article.php/kses.

    Also fix one pkglint warning.

    Bump PKGREVISION.


(tron)
diff -r1.16 -r1.16.6.1 pkgsrc/www/geeklog/Makefile
diff -r1.4 -r1.4.8.1 pkgsrc/www/geeklog/Makefile.common
diff -r1.6 -r1.6.8.1 pkgsrc/www/geeklog/distinfo
diff -r0 -r1.1.2.2 pkgsrc/www/geeklog/patches/patch-ah
cvs diff -r1.16 -r1.16.6.1 pkgsrc/www/geeklog/Makefile (switch to unified diff)

--- pkgsrc/www/geeklog/Makefile 2007/07/04 20:55:04 1.16
+++ pkgsrc/www/geeklog/Makefile 2008/06/24 12:50:15 1.16.6.1
@@ -1,127 +1,130 @@ @@ -1,127 +1,130 @@
1# $NetBSD: Makefile,v 1.16 2007/07/04 20:55:04 jlam Exp $ 1# $NetBSD: Makefile,v 1.16.6.1 2008/06/24 12:50:15 tron Exp $
2# 2#
3 3
4DISTNAME= geeklog-${VER} 4DISTNAME= geeklog-${VER}
5PKGNAME= geeklog-${VER:C/(sr|-)/./g} 5PKGNAME= geeklog-${VER:C/(sr|-)/./g}
 6PKGREVISION= 2
6CATEGORIES= www 7CATEGORIES= www
7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ 8MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
8 9
9MAINTAINER= taca@NetBSD.org 10MAINTAINER= taca@NetBSD.org
10HOMEPAGE= http://www.geeklog.net/ 11HOMEPAGE= http://www.geeklog.net/
11COMMENT= PHP/MySQL based application for managing dynamic web content 12COMMENT= PHP/MySQL based application for managing dynamic web content
12 13
13DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php 14DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php
14DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql 15DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql
15 16
 17USE_TOOLS+= pax:run
 18
16VER= 1.4.1 19VER= 1.4.1
17NO_BUILD= YES 20NO_BUILD= YES
18 21
19PKG_GROUPS_VARS+= APACHE_GROUP 22PKG_GROUPS_VARS+= APACHE_GROUP
20BUILD_DEFS+= GEEKLOG_SITEBASE 23BUILD_DEFS+= GEEKLOG_SITEBASE
21 24
22GEEKLOG_SYS= emailgeeklogstories language plugins readme sql system 25GEEKLOG_SYS= emailgeeklogstories language plugins readme sql system
23GEEKLOG_TMPL_SUB= backend images/articles images/library \ 26GEEKLOG_TMPL_SUB= backend images/articles images/library \
24 images/topics images/userphotos 27 images/topics images/userphotos
25 28
26GEEKLOG_CONF_FILES= config.php plugins/calendar/config.php \ 29GEEKLOG_CONF_FILES= config.php plugins/calendar/config.php \
27 plugins/links/config.php plugins/polls/config.php \ 30 plugins/links/config.php plugins/polls/config.php \
28 plugins/spamx/config.php \ 31 plugins/spamx/config.php \
29 plugins/staticpages/config.php \ 32 plugins/staticpages/config.php \
30 system/lib-custom.php 33 system/lib-custom.php
31 34
32CONF_FILES+= ${GEEKLOG_EXAMPLESDIR}/geeklog.conf \ 35CONF_FILES+= ${GEEKLOG_EXAMPLESDIR}/geeklog.conf \
33 ${PKG_SYSCONFDIR}/geeklog.conf 36 ${PKG_SYSCONFDIR}/geeklog.conf
34 37
35.for f in ${GEEKLOG_CONF_FILES} 38.for f in ${GEEKLOG_CONF_FILES}
36CONF_FILES_PERMS+= ${GEEKLOG_EXAMPLESDIR}/${f} \ 39CONF_FILES_PERMS+= ${GEEKLOG_EXAMPLESDIR}/${f} \
37 ${GEEKLOG_DIR}/${f} \ 40 ${GEEKLOG_DIR}/${f} \
38 ${BINOWN} ${APACHE_GROUP} 0640 41 ${BINOWN} ${APACHE_GROUP} 0640
39.endfor 42.endfor
40 43
41OWN_DIRS_PERMS+= ${GEEKLOG_DIR}/backups ${BINOWN} ${APACHE_GROUP} 0770 \ 44OWN_DIRS_PERMS+= ${GEEKLOG_DIR}/backups ${BINOWN} ${APACHE_GROUP} 0770 \
42 ${GEEKLOG_DIR}/data ${BINOWN} ${APACHE_GROUP} 0770 \ 45 ${GEEKLOG_DIR}/data ${BINOWN} ${APACHE_GROUP} 0770 \
43 ${GEEKLOG_DIR}/logs ${BINOWN} ${APACHE_GROUP} 0775 46 ${GEEKLOG_DIR}/logs ${BINOWN} ${APACHE_GROUP} 0775
44OWN_DIRS+= ${GEEKLOG_PUB} 47OWN_DIRS+= ${GEEKLOG_PUB}
45 48
46FILES_SUBST+= APACHE_GROUP=${APACHE_GROUP:Q} \ 49FILES_SUBST+= APACHE_GROUP=${APACHE_GROUP:Q} \
47 GEEKLOG_DIR=${GEEKLOG_DIR:Q} \ 50 GEEKLOG_DIR=${GEEKLOG_DIR:Q} \
48 GEEKLOG_EXAMPLESDIR=${GEEKLOG_EXAMPLESDIR:Q} \ 51 GEEKLOG_EXAMPLESDIR=${GEEKLOG_EXAMPLESDIR:Q} \
49 GEEKLOG_PUBDIR=${GEEKLOG_PUBDIR:Q} \ 52 GEEKLOG_PUBDIR=${GEEKLOG_PUBDIR:Q} \
50 GEEKLOG_ADMIN_DIR=${GEEKLOG_ADMIN_DIR:Q} \ 53 GEEKLOG_ADMIN_DIR=${GEEKLOG_ADMIN_DIR:Q} \
51 GEEKLOG_TMPL_SUB=${GEEKLOG_TMPL_SUB:Q} \ 54 GEEKLOG_TMPL_SUB=${GEEKLOG_TMPL_SUB:Q} \
52 GEEKLOG_TMPL_DIR=${GEEKLOG_TMPL_DIR:Q} \ 55 GEEKLOG_TMPL_DIR=${GEEKLOG_TMPL_DIR:Q} \
53 PAX=${PAX:Q} 56 PAX=${PAX:Q}
54 57
55PLIST_SUBST+= GEEKLOG_BASE=${GEEKLOG_BASE:Q} \ 58PLIST_SUBST+= GEEKLOG_BASE=${GEEKLOG_BASE:Q} \
56 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \ 59 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \
57 GEEKLOG_ADMIN=${GEEKLOG_ADMIN:Q} \ 60 GEEKLOG_ADMIN=${GEEKLOG_ADMIN:Q} \
58 GEEKLOG_TMPL=${GEEKLOG_TMPL:Q} 61 GEEKLOG_TMPL=${GEEKLOG_TMPL:Q}
59 62
60.include "../../www/geeklog/Makefile.common" 63.include "../../www/geeklog/Makefile.common"
61 64
62PKG_SYSCONFSUBDIR?= geeklog 65PKG_SYSCONFSUBDIR?= geeklog
63 66
64SUBST_CLASSES+= paths 67SUBST_CLASSES+= paths
65SUBST_FILES.paths+= ${WRKDIR}/README ${WRKDIR}/createdb.php 68SUBST_FILES.paths+= ${WRKDIR}/README ${WRKDIR}/createdb.php
66SUBST_FILES.paths+= ${WRKSRC}/config.php ${WRKSRC}/emailgeeklogstories 69SUBST_FILES.paths+= ${WRKSRC}/config.php ${WRKSRC}/emailgeeklogstories
67SUBST_FILES.paths+= ${WRKSRC}/public_html/lib-common.php 70SUBST_FILES.paths+= ${WRKSRC}/public_html/lib-common.php
68SUBST_SED.paths+= -e 's,@GEEKLOG_DIR@,${GEEKLOG_DIR:Q},g' 71SUBST_SED.paths+= -e 's,@GEEKLOG_DIR@,${GEEKLOG_DIR:Q},g'
69SUBST_SED.paths+= -e 's,@GEEKLOG_EXAMPLESDIR@,${GEEKLOG_EXAMPLESDIR:Q},g' 72SUBST_SED.paths+= -e 's,@GEEKLOG_EXAMPLESDIR@,${GEEKLOG_EXAMPLESDIR:Q},g'
70SUBST_SED.paths+= -e 's,@GEEKLOG_PUBDIR@,${GEEKLOG_PUBDIR:Q},g' 73SUBST_SED.paths+= -e 's,@GEEKLOG_PUBDIR@,${GEEKLOG_PUBDIR:Q},g'
71SUBST_SED.paths+= -e 's,@GEEKLOG_SITESUBDIR@,${GEEKLOG_SITESUBDIR:Q},g' 74SUBST_SED.paths+= -e 's,@GEEKLOG_SITESUBDIR@,${GEEKLOG_SITESUBDIR:Q},g'
72SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR:Q},g' 75SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR:Q},g'
73SUBST_SED.paths+= -e 's,@PREFIX@,${PREFIX:Q},g' 76SUBST_SED.paths+= -e 's,@PREFIX@,${PREFIX:Q},g'
74SUBST_STAGE.paths= post-configure 77SUBST_STAGE.paths= post-configure
75 78
76SUBST_CLASSES+= conf 79SUBST_CLASSES+= conf
77SUBST_FILES.conf+= ${WRKDIR}/geeklog.conf 80SUBST_FILES.conf+= ${WRKDIR}/geeklog.conf
78SUBST_SED.conf+= -e 's,@GEEKLOG_DIR@,${GEEKLOG_DIR:Q},g' 81SUBST_SED.conf+= -e 's,@GEEKLOG_DIR@,${GEEKLOG_DIR:Q},g'
79SUBST_SED.conf+= -e 's,@GEEKLOG_PUBDIR@,${GEEKLOG_PUBDIR:Q},g' 82SUBST_SED.conf+= -e 's,@GEEKLOG_PUBDIR@,${GEEKLOG_PUBDIR:Q},g'
80.if empty(GEEKLOG_SITEBASE) 83.if empty(GEEKLOG_SITEBASE)
81SUBST_SED.conf+= -e '/^Alias/s,^,\#,' 84SUBST_SED.conf+= -e '/^Alias/s,^,\#,'
82.endif 85.endif
83SUBST_STAGE.conf= post-configure 86SUBST_STAGE.conf= post-configure
84 87
85INSTALLATION_DIRS= ${GEEKLOG_BASE} ${GEEKLOG_PUB} ${GEEKLOG_TMPL}/images \ 88INSTALLATION_DIRS= ${GEEKLOG_BASE} ${GEEKLOG_PUB} ${GEEKLOG_TMPL}/images \
86 share/examples/geeklog 89 share/examples/geeklog
87 90
88post-extract: 91post-extract:
89 ${CP} ${FILESDIR}/README ${FILESDIR}/createdb.php \ 92 ${CP} ${FILESDIR}/README ${FILESDIR}/createdb.php \
90 ${FILESDIR}/geeklog.conf ${WRKDIR} 93 ${FILESDIR}/geeklog.conf ${WRKDIR}
91 94
92pre-install: 95pre-install:
93 ${FIND} ${WRKSRC:Q} -name "*.orig*" -exec ${RM} -f {} \; 96 ${FIND} ${WRKSRC:Q} -name "*.orig*" -exec ${RM} -f {} \;
94 cd ${WRKSRC}/public_html; \ 97 cd ${WRKSRC}/public_html; \
95 ${FIND} ${GEEKLOG_TMPL_SUB} -type f -exec ${CHMOD} -x {} \; 98 ${FIND} ${GEEKLOG_TMPL_SUB} -type f -exec ${CHMOD} -x {} \;
96 ${CHMOD} 0664 ${WRKSRC}/public_html/backend/geeklog.rss 99 ${CHMOD} 0664 ${WRKSRC}/public_html/backend/geeklog.rss
97 cd ${WRKSRC}/system; \ 100 cd ${WRKSRC}/system; \
98 ${FIND} pear -type f -exec ${CHMOD} 0644 {} \; 101 ${FIND} pear -type f -exec ${CHMOD} 0644 {} \;
99 102
100do-install: 103do-install:
101 ${INSTALL_DATA_DIR} ${GEEKLOG_DOCDIR} 104 ${INSTALL_DATA_DIR} ${GEEKLOG_DOCDIR}
102 ${INSTALL_DATA} ${WRKDIR}/README ${GEEKLOG_DOCDIR} 105 ${INSTALL_DATA} ${WRKDIR}/README ${GEEKLOG_DOCDIR}
103.for f in ${GEEKLOG_CONF_FILES} 106.for f in ${GEEKLOG_CONF_FILES}
104 ${INSTALL_DATA_DIR} ${GEEKLOG_EXAMPLESDIR}/${f:H} 107 ${INSTALL_DATA_DIR} ${GEEKLOG_EXAMPLESDIR}/${f:H}
105 ${INSTALL_DATA} ${WRKSRC}/${f} ${GEEKLOG_EXAMPLESDIR}/${f} 108 ${INSTALL_DATA} ${WRKSRC}/${f} ${GEEKLOG_EXAMPLESDIR}/${f}
106 ${RM} ${WRKSRC}/${f} 109 ${RM} ${WRKSRC}/${f}
107.endfor 110.endfor
108 ${INSTALL_SCRIPT} ${WRKDIR}/createdb.php ${GEEKLOG_DIR} 111 ${INSTALL_SCRIPT} ${WRKDIR}/createdb.php ${GEEKLOG_DIR}
109 ${INSTALL_DATA} ${WRKDIR}/geeklog.conf ${GEEKLOG_EXAMPLESDIR} 112 ${INSTALL_DATA} ${WRKDIR}/geeklog.conf ${GEEKLOG_EXAMPLESDIR}
110.for f in ${GEEKLOG_SYS} 113.for f in ${GEEKLOG_SYS}
111 cd ${WRKSRC}; ${PAX} -rw ${f} ${GEEKLOG_DIR} 114 cd ${WRKSRC}; pax -rw ${f} ${GEEKLOG_DIR}
112.endfor 115.endfor
113 cd ${WRKSRC}/public_html; \ 116 cd ${WRKSRC}/public_html; \
114 ${PAX} -rw admin ${GEEKLOG_DIR}; \ 117 pax -rw admin ${GEEKLOG_DIR}; \
115 ${RM} -rf admin 118 ${RM} -rf admin
116.for d in ${GEEKLOG_TMPL_SUB} 119.for d in ${GEEKLOG_TMPL_SUB}
117 cd ${WRKSRC}/public_html; \ 120 cd ${WRKSRC}/public_html; \
118 if [ -d ${d} ]; then \ 121 if [ -d ${d} ]; then \
119 ${PAX} -rw ${d} ${GEEKLOG_TMPL_DIR}; \ 122 pax -rw ${d} ${GEEKLOG_TMPL_DIR}; \
120 ${RM} -rf ${d}; \ 123 ${RM} -rf ${d}; \
121 fi 124 fi
122.endfor 125.endfor
123 cd ${WRKSRC}/public_html; ${PAX} -rw . ${GEEKLOG_PUBDIR} 126 cd ${WRKSRC}/public_html; pax -rw . ${GEEKLOG_PUBDIR}
124 127
125.include "../../mk/apache.mk" 128.include "../../mk/apache.mk"
126.include "../../lang/php/phpversion.mk" 129.include "../../lang/php/phpversion.mk"
127.include "../../mk/bsd.pkg.mk" 130.include "../../mk/bsd.pkg.mk"
cvs diff -r1.4 -r1.4.8.1 pkgsrc/www/geeklog/Makefile.common (switch to unified diff)

--- pkgsrc/www/geeklog/Makefile.common 2007/05/20 15:56:44 1.4
+++ pkgsrc/www/geeklog/Makefile.common 2008/06/24 12:50:15 1.4.8.1
@@ -1,29 +1,30 @@ @@ -1,29 +1,30 @@
1# $NetBSD: Makefile.common,v 1.4 2007/05/20 15:56:44 taca Exp $ 1# $NetBSD: Makefile.common,v 1.4.8.1 2008/06/24 12:50:15 tron Exp $
2# 2#
 3# used by www/geeklog/Makefile
3 4
4GEEKLOG_BASE= share/geeklog 5GEEKLOG_BASE= share/geeklog
5GEEKLOG_PUB= share/httpd/geeklog 6GEEKLOG_PUB= share/httpd/geeklog
6GEEKLOG_ADMIN= ${GEEKLOG_BASE}/admin 7GEEKLOG_ADMIN= ${GEEKLOG_BASE}/admin
7GEEKLOG_TMPL= ${GEEKLOG_BASE}/default 8GEEKLOG_TMPL= ${GEEKLOG_BASE}/default
8 9
9# Geeklog system 10# Geeklog system
10GEEKLOG_DIR= ${PREFIX}/${GEEKLOG_BASE} 11GEEKLOG_DIR= ${PREFIX}/${GEEKLOG_BASE}
11 12
12# Geeklog public area 13# Geeklog public area
13GEEKLOG_PUBDIR= ${PREFIX}/${GEEKLOG_PUB} 14GEEKLOG_PUBDIR= ${PREFIX}/${GEEKLOG_PUB}
14GEEKLOG_ADMIN_DIR= ${PREFIX}/${GEEKLOG_ADMIN} 15GEEKLOG_ADMIN_DIR= ${PREFIX}/${GEEKLOG_ADMIN}
15GEEKLOG_TMPL_DIR= ${PREFIX}/${GEEKLOG_TMPL} 16GEEKLOG_TMPL_DIR= ${PREFIX}/${GEEKLOG_TMPL}
16 17
17GEEKLOG_DOCDIR= ${PREFIX}/share/doc/geeklog 18GEEKLOG_DOCDIR= ${PREFIX}/share/doc/geeklog
18GEEKLOG_EXAMPLESDIR= ${PREFIX}/share/examples/geeklog 19GEEKLOG_EXAMPLESDIR= ${PREFIX}/share/examples/geeklog
19 20
20.include "../../mk/bsd.prefs.mk" 21.include "../../mk/bsd.prefs.mk"
21 22
22# access Geeklog as its own directory? 23# access Geeklog as its own directory?
23GEEKLOG_SITEBASE?= geeklog 24GEEKLOG_SITEBASE?= geeklog
24 25
25BUILD_DEFS+= GEEKLOG_SITEBASE 26BUILD_DEFS+= GEEKLOG_SITEBASE
26 27
27.if !empty(GEEKLOG_SITEBASE) 28.if !empty(GEEKLOG_SITEBASE)
28GEEKLOG_SITESUBDIR= /${GEEKLOG_SITEBASE} 29GEEKLOG_SITESUBDIR= /${GEEKLOG_SITEBASE}
29.endif 30.endif
cvs diff -r1.6 -r1.6.8.1 pkgsrc/www/geeklog/distinfo (switch to unified diff)

--- pkgsrc/www/geeklog/distinfo 2007/05/20 15:56:44 1.6
+++ pkgsrc/www/geeklog/distinfo 2008/06/24 12:50:15 1.6.8.1
@@ -1,9 +1,10 @@ @@ -1,9 +1,10 @@
1$NetBSD: distinfo,v 1.6 2007/05/20 15:56:44 taca Exp $ 1$NetBSD: distinfo,v 1.6.8.1 2008/06/24 12:50:15 tron Exp $
2 2
3SHA1 (geeklog-1.4.1.tar.gz) = c323c29b523598b97d7e0957435c0ec0c31cb290 3SHA1 (geeklog-1.4.1.tar.gz) = c323c29b523598b97d7e0957435c0ec0c31cb290
4RMD160 (geeklog-1.4.1.tar.gz) = bfac9946b34d0254fedd3a54cf742b044d347a3c 4RMD160 (geeklog-1.4.1.tar.gz) = bfac9946b34d0254fedd3a54cf742b044d347a3c
5Size (geeklog-1.4.1.tar.gz) = 3631405 bytes 5Size (geeklog-1.4.1.tar.gz) = 3631405 bytes
6SHA1 (patch-aa) = f96a2391925ae66c9629ee4480053b71dc33d587 6SHA1 (patch-aa) = f96a2391925ae66c9629ee4480053b71dc33d587
7SHA1 (patch-ab) = 3cbc5f3845eaaf78c349e1bc82e8e792627a12db 7SHA1 (patch-ab) = 3cbc5f3845eaaf78c349e1bc82e8e792627a12db
8SHA1 (patch-ac) = e5523aab7a13f014ecb961a53f8d962115c4d7b4 8SHA1 (patch-ac) = e5523aab7a13f014ecb961a53f8d962115c4d7b4
9SHA1 (patch-ag) = 207ef0801d865ff16d2a99f0732ea0cb49ce2ad5 9SHA1 (patch-ag) = 207ef0801d865ff16d2a99f0732ea0cb49ce2ad5
 10SHA1 (patch-ah) = 376e1208f0ec332e9da243a9a475d5569158d6d3
File Added: pkgsrc/www/geeklog/patches/Attic/patch-ah
$NetBSD: patch-ah,v 1.1.2.2 2008/06/24 12:50:15 tron Exp $

A security fix for HTML filter: http://www.geeklog.net/article.php/kses.
This problem will be fixed in Geeklog 1.5.0.

--- system/classes/kses.class.php.orig	2006-05-15 14:49:44.000000000 +0900
+++ system/classes/kses.class.php
@@ -941,12 +941,12 @@
 			 */
 			function _bad_protocol_once($string)
 			{
-				return preg_replace(
-					'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-					'(:|:|&#[Xx]3[Aa];)\s*/e',
-					'\$this->_bad_protocol_once2("\\1")',
-					$string
-				);
+                 $string2 = preg_split('/:|:|:/i', $string, 2);
+                 if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
+                 {
+                   $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
+                 }
+                 return $string;
 			}
 
 			/**