Mon Feb 25 16:12:48 2013 UTC ()
Pullup ticket #4079 - requested by taca
www/geeklog: security update

Revisions pulled up:
- www/geeklog/Makefile                                          1.37
- www/geeklog/distinfo                                          1.21

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Feb 21 13:01:24 UTC 2013

   Modified Files:
   	pkgsrc/www/geeklog: Makefile distinfo

   Log Message:
   Update geeklog to 1.8.2.1 (Geeklog 1.8.2sr1).

   Geeklog History/Changes:

   Feb 19, 2013 (1.8.2sr1)
   ------------

   This release addresses the following security issues:
   - High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
     parameter in the Calendar plugin (HTB23143).
   - Trustwave Spiderlabs reported XSS in the install script, the Configuration,
     as well as in the Admin interfaces for the Polls plugin and the Topic editor
     (TWSL2013-001).

   Not security-related:
   - Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
     (feature request #0001506).


(tron)
diff -r1.36 -r1.36.2.1 pkgsrc/www/geeklog/Makefile
diff -r1.20 -r1.20.2.1 pkgsrc/www/geeklog/distinfo
cvs diff -r1.36 -r1.36.2.1 pkgsrc/www/geeklog/Makefile (expand / switch to unified diff)

--- pkgsrc/www/geeklog/Makefile 2012/12/31 02:27:22 1.36
+++ pkgsrc/www/geeklog/Makefile 2013/02/25 16:12:48 1.36.2.1
@@ -1,32 +1,32 @@ @@ -1,32 +1,32 @@
1# $NetBSD: Makefile,v 1.36 2012/12/31 02:27:22 taca Exp $ 1# $NetBSD: Makefile,v 1.36.2.1 2013/02/25 16:12:48 tron Exp $
2# 2#
3 3
4DISTNAME= geeklog-${VER} 4DISTNAME= geeklog-${VER}
5PKGNAME= geeklog-${VER:C/(sr|-)/./g} 5PKGNAME= geeklog-${VER:C/(sr|-)/./g}
6CATEGORIES= www 6CATEGORIES= www
7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ 7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
8 8
9MAINTAINER= taca@NetBSD.org 9MAINTAINER= taca@NetBSD.org
10HOMEPAGE= http://www.geeklog.net/ 10HOMEPAGE= http://www.geeklog.net/
11COMMENT= PHP/MySQL based application for managing dynamic web content 11COMMENT= PHP/MySQL based application for managing dynamic web content
12LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
13 13
14DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php 14DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php
15DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql 15DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql
16 16
17USE_TOOLS+= pax 17USE_TOOLS+= pax
18 18
19VER= 1.8.2 19VER= 1.8.2sr1
20NO_BUILD= YES 20NO_BUILD= YES
21 21
22PKG_GROUPS_VARS+= APACHE_GROUP 22PKG_GROUPS_VARS+= APACHE_GROUP
23BUILD_DEFS+= GEEKLOG_SITEBASE 23BUILD_DEFS+= GEEKLOG_SITEBASE
24 24
25CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/* 25CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/*
26 26
27GL_SYS= emailgeeklogstories language plugins readme sql system 27GL_SYS= emailgeeklogstories language plugins readme sql system
28GL_TMPL_SUB= backend images/articles images/library images/topics \ 28GL_TMPL_SUB= backend images/articles images/library images/topics \
29 images/userphotos 29 images/userphotos
30 30
31GL_CONF_FILES= db-config.php system/lib-custom.php 31GL_CONF_FILES= db-config.php system/lib-custom.php
32GL_CONF_PUB_FILES= public_html/siteconfig.php 32GL_CONF_PUB_FILES= public_html/siteconfig.php
cvs diff -r1.20 -r1.20.2.1 pkgsrc/www/geeklog/distinfo (expand / switch to unified diff)

--- pkgsrc/www/geeklog/distinfo 2012/12/31 02:27:22 1.20
+++ pkgsrc/www/geeklog/distinfo 2013/02/25 16:12:48 1.20.2.1
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.20 2012/12/31 02:27:22 taca Exp $ 1$NetBSD: distinfo,v 1.20.2.1 2013/02/25 16:12:48 tron Exp $
2 2
3SHA1 (geeklog-1.8.2.tar.gz) = 45acb15e39b5a92a264ab742f97e8975cd0de279 3SHA1 (geeklog-1.8.2sr1.tar.gz) = c2b1b1e529a8627d7aef6d3ec9adee30887fc250
4RMD160 (geeklog-1.8.2.tar.gz) = 1a880e13ba7751692528c541c4d3ed40f9702a11 4RMD160 (geeklog-1.8.2sr1.tar.gz) = 53a96d4e4573d1526988b140b02d1bf90c05fbf3
5Size (geeklog-1.8.2.tar.gz) = 5608108 bytes 5Size (geeklog-1.8.2sr1.tar.gz) = 5610013 bytes
6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368 6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368
7SHA1 (patch-aj) = 1152a6f8478373d40125ae311c4030f6e2ef4bd7 7SHA1 (patch-aj) = 1152a6f8478373d40125ae311c4030f6e2ef4bd7
8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78 8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78