Mon May 17 15:46:38 2010 UTC ()
Update geeklog package to 1.6.1.1 (1.6.1sr1).

May 9, 2010 (1.6.1sr1)
------------

This release addresses the following security issue:

The autologin (using the long-term session cookie) is vulnerable to dictionary
attacks. This issue was originally reported by Bookoo of the Nine Situations
Group in one of his reports in April 2009 but apparently overlooked by the
Geeklog Team. Thanks to geeklog.net user Jack for pointing this out.


(taca)
diff -r1.26 -r1.27 pkgsrc/www/geeklog/Makefile
diff -r1.12 -r1.13 pkgsrc/www/geeklog/distinfo
cvs diff -r1.26 -r1.27 pkgsrc/www/geeklog/Makefile (expand / switch to unified diff)

--- pkgsrc/www/geeklog/Makefile 2010/02/19 19:58:38 1.26
+++ pkgsrc/www/geeklog/Makefile 2010/05/17 15:46:38 1.27
@@ -1,36 +1,35 @@ @@ -1,36 +1,35 @@
1# $NetBSD: Makefile,v 1.26 2010/02/19 19:58:38 joerg Exp $ 1# $NetBSD: Makefile,v 1.27 2010/05/17 15:46:38 taca Exp $
2# 2#
3 3
4DISTNAME= geeklog-${VER} 4DISTNAME= geeklog-${VER}
5PKGNAME= geeklog-${VER:C/(sr|-)/./g} 5PKGNAME= geeklog-${VER:C/(sr|-)/./g}
6PKGREVISION= 1 
7CATEGORIES= www 6CATEGORIES= www
8MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ 7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
9 8
10MAINTAINER= taca@NetBSD.org 9MAINTAINER= taca@NetBSD.org
11HOMEPAGE= http://www.geeklog.net/ 10HOMEPAGE= http://www.geeklog.net/
12COMMENT= PHP/MySQL based application for managing dynamic web content 11COMMENT= PHP/MySQL based application for managing dynamic web content
13LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
14 13
15PKG_DESTDIR_SUPPORT= user-destdir 14PKG_DESTDIR_SUPPORT= user-destdir
16PRIVILEGED_STAGES+= clean 15PRIVILEGED_STAGES+= clean
17 16
18DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php 17DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php
19DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql 18DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql
20 19
21USE_TOOLS+= pax 20USE_TOOLS+= pax
22 21
23VER= 1.6.1 22VER= 1.6.1sr1
24NO_BUILD= YES 23NO_BUILD= YES
25 24
26PKG_GROUPS_VARS+= APACHE_GROUP 25PKG_GROUPS_VARS+= APACHE_GROUP
27BUILD_DEFS+= GEEKLOG_SITEBASE 26BUILD_DEFS+= GEEKLOG_SITEBASE
28 27
29CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/* 28CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/*
30 29
31GL_SYS= emailgeeklogstories language plugins readme sql system 30GL_SYS= emailgeeklogstories language plugins readme sql system
32GL_TMPL_SUB= backend images/articles images/library images/topics \ 31GL_TMPL_SUB= backend images/articles images/library images/topics \
33 images/userphotos 32 images/userphotos
34 33
35GL_CONF_FILES= db-config.php system/lib-custom.php 34GL_CONF_FILES= db-config.php system/lib-custom.php
36GL_CONF_PUB_FILES= public_html/siteconfig.php 35GL_CONF_PUB_FILES= public_html/siteconfig.php
cvs diff -r1.12 -r1.13 pkgsrc/www/geeklog/distinfo (expand / switch to unified diff)

--- pkgsrc/www/geeklog/distinfo 2009/11/30 15:44:45 1.12
+++ pkgsrc/www/geeklog/distinfo 2010/05/17 15:46:38 1.13
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.12 2009/11/30 15:44:45 taca Exp $ 1$NetBSD: distinfo,v 1.13 2010/05/17 15:46:38 taca Exp $
2 2
3SHA1 (geeklog-1.6.1.tar.gz) = f95e5d9d241e6b190ea0a50e759e825e9dc44f61 3SHA1 (geeklog-1.6.1sr1.tar.gz) = 1af1fc4244622fbe404c1a70fb5913c876dc5c4c
4RMD160 (geeklog-1.6.1.tar.gz) = 9e3c91caae7c293fc0ceaae6fa0a585cb7192a82 4RMD160 (geeklog-1.6.1sr1.tar.gz) = 61f36dc35aee656ac5bbc8092b1a405b3475ca2e
5Size (geeklog-1.6.1.tar.gz) = 5040246 bytes 5Size (geeklog-1.6.1sr1.tar.gz) = 5040323 bytes
6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368 6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368
7SHA1 (patch-aj) = 2960d225a690fe6af0819d69a27615425291b921 7SHA1 (patch-aj) = 2960d225a690fe6af0819d69a27615425291b921
8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78 8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78