Mon Feb 25 16:12:48 2013 UTC ()
Pullup ticket #4079 - requested by taca
www/geeklog: security update

Revisions pulled up:
- www/geeklog/Makefile                                          1.37
- www/geeklog/distinfo                                          1.21

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Feb 21 13:01:24 UTC 2013

   Modified Files:
   	pkgsrc/www/geeklog: Makefile distinfo

   Log Message:
   Update geeklog to 1.8.2.1 (Geeklog 1.8.2sr1).

   Geeklog History/Changes:

   Feb 19, 2013 (1.8.2sr1)
   ------------

   This release addresses the following security issues:
   - High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
     parameter in the Calendar plugin (HTB23143).
   - Trustwave Spiderlabs reported XSS in the install script, the Configuration,
     as well as in the Admin interfaces for the Polls plugin and the Topic editor
     (TWSL2013-001).

   Not security-related:
   - Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
     (feature request #0001506).


(tron)
diff -r1.36 -r1.36.2.1 pkgsrc/www/geeklog/Makefile
diff -r1.20 -r1.20.2.1 pkgsrc/www/geeklog/distinfo
cvs diff -r1.36 -r1.36.2.1 pkgsrc/www/geeklog/Makefile (switch to unified diff)

--- pkgsrc/www/geeklog/Makefile 2012/12/31 02:27:22 1.36
+++ pkgsrc/www/geeklog/Makefile 2013/02/25 16:12:48 1.36.2.1
@@ -1,125 +1,125 @@ @@ -1,125 +1,125 @@
1# $NetBSD: Makefile,v 1.36 2012/12/31 02:27:22 taca Exp $ 1# $NetBSD: Makefile,v 1.36.2.1 2013/02/25 16:12:48 tron Exp $
2# 2#
3 3
4DISTNAME= geeklog-${VER} 4DISTNAME= geeklog-${VER}
5PKGNAME= geeklog-${VER:C/(sr|-)/./g} 5PKGNAME= geeklog-${VER:C/(sr|-)/./g}
6CATEGORIES= www 6CATEGORIES= www
7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ 7MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
8 8
9MAINTAINER= taca@NetBSD.org 9MAINTAINER= taca@NetBSD.org
10HOMEPAGE= http://www.geeklog.net/ 10HOMEPAGE= http://www.geeklog.net/
11COMMENT= PHP/MySQL based application for managing dynamic web content 11COMMENT= PHP/MySQL based application for managing dynamic web content
12LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
13 13
14DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php 14DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.3.3:../../www/ap-php
15DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql 15DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.0:../../databases/php-mysql
16 16
17USE_TOOLS+= pax 17USE_TOOLS+= pax
18 18
19VER= 1.8.2 19VER= 1.8.2sr1
20NO_BUILD= YES 20NO_BUILD= YES
21 21
22PKG_GROUPS_VARS+= APACHE_GROUP 22PKG_GROUPS_VARS+= APACHE_GROUP
23BUILD_DEFS+= GEEKLOG_SITEBASE 23BUILD_DEFS+= GEEKLOG_SITEBASE
24 24
25CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/* 25CHECK_PERMS_SKIP= ${GEEKLOG_PUB}/backend ${GEEKLOG_PUB}/images/*
26 26
27GL_SYS= emailgeeklogstories language plugins readme sql system 27GL_SYS= emailgeeklogstories language plugins readme sql system
28GL_TMPL_SUB= backend images/articles images/library images/topics \ 28GL_TMPL_SUB= backend images/articles images/library images/topics \
29 images/userphotos 29 images/userphotos
30 30
31GL_CONF_FILES= db-config.php system/lib-custom.php 31GL_CONF_FILES= db-config.php system/lib-custom.php
32GL_CONF_PUB_FILES= public_html/siteconfig.php 32GL_CONF_PUB_FILES= public_html/siteconfig.php
33 33
34CONF_FILES+= ${GL_EG}/geeklog.conf \ 34CONF_FILES+= ${GL_EG}/geeklog.conf \
35 ${PKG_SYSCONFDIR}/geeklog.conf 35 ${PKG_SYSCONFDIR}/geeklog.conf
36 36
37.for f in ${GL_CONF_FILES} 37.for f in ${GL_CONF_FILES}
38CONF_FILES_PERMS+= ${GL_EG}/${f:T} ${GEEKLOG_BASE}/${f} \ 38CONF_FILES_PERMS+= ${GL_EG}/${f:T} ${GEEKLOG_BASE}/${f} \
39 ${REAL_ROOT_USER} ${APACHE_GROUP} 0660 39 ${REAL_ROOT_USER} ${APACHE_GROUP} 0660
40.endfor 40.endfor
41 41
42.for f in ${GL_CONF_PUB_FILES} 42.for f in ${GL_CONF_PUB_FILES}
43CONF_FILES_PERMS+= ${GL_EG}/${f:T} ${GEEKLOG_PUB}/${f:T} \ 43CONF_FILES_PERMS+= ${GL_EG}/${f:T} ${GEEKLOG_PUB}/${f:T} \
44 ${REAL_ROOT_USER} ${APACHE_GROUP} 0660 44 ${REAL_ROOT_USER} ${APACHE_GROUP} 0660
45.endfor 45.endfor
46 46
47OWN_DIRS_PERMS+= ${GEEKLOG_BASE}/backups ${REAL_ROOT_USER} ${APACHE_GROUP} 0770 \ 47OWN_DIRS_PERMS+= ${GEEKLOG_BASE}/backups ${REAL_ROOT_USER} ${APACHE_GROUP} 0770 \
48 ${GEEKLOG_BASE}/data ${REAL_ROOT_USER} ${APACHE_GROUP} 0770 \ 48 ${GEEKLOG_BASE}/data ${REAL_ROOT_USER} ${APACHE_GROUP} 0770 \
49 ${GEEKLOG_BASE}/logs ${REAL_ROOT_USER} ${APACHE_GROUP} 0775 49 ${GEEKLOG_BASE}/logs ${REAL_ROOT_USER} ${APACHE_GROUP} 0775
50OWN_DIRS+= ${GEEKLOG_PUB} 50OWN_DIRS+= ${GEEKLOG_PUB}
51 51
52FILES_SUBST+= APACHE_GROUP=${APACHE_GROUP:Q} \ 52FILES_SUBST+= APACHE_GROUP=${APACHE_GROUP:Q} \
53 GEEKLOG_BASE=${GEEKLOG_BASE:Q} \ 53 GEEKLOG_BASE=${GEEKLOG_BASE:Q} \
54 GL_EG=${GL_EG:Q} \ 54 GL_EG=${GL_EG:Q} \
55 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \ 55 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \
56 GL_ADMIN=${GL_ADMIN:Q} \ 56 GL_ADMIN=${GL_ADMIN:Q} \
57 GL_TMPL_SUB=${GL_TMPL_SUB:Q} \ 57 GL_TMPL_SUB=${GL_TMPL_SUB:Q} \
58 GL_TMPL=${GL_TMPL:Q} \ 58 GL_TMPL=${GL_TMPL:Q} \
59 PAX=${PAX:Q} 59 PAX=${PAX:Q}
60 60
61PLIST_SUBST+= GEEKLOG_BASE=${GEEKLOG_BASE:Q} \ 61PLIST_SUBST+= GEEKLOG_BASE=${GEEKLOG_BASE:Q} \
62 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \ 62 GEEKLOG_PUB=${GEEKLOG_PUB:Q} \
63 GL_ADMIN=${GL_ADMIN:Q} \ 63 GL_ADMIN=${GL_ADMIN:Q} \
64 GL_TMPL=${GL_TMPL:Q} \ 64 GL_TMPL=${GL_TMPL:Q} \
65 GL_DOC=${GL_DOC:Q} \ 65 GL_DOC=${GL_DOC:Q} \
66 GL_EG=${GL_EG:Q} 66 GL_EG=${GL_EG:Q}
67 67
68.include "../../www/geeklog/Makefile.common" 68.include "../../www/geeklog/Makefile.common"
69 69
70PKG_SYSCONFSUBDIR?= geeklog 70PKG_SYSCONFSUBDIR?= geeklog
71 71
72SUBST_CLASSES+= paths 72SUBST_CLASSES+= paths
73SUBST_FILES.paths+= ${WRKDIR}/README 73SUBST_FILES.paths+= ${WRKDIR}/README
74SUBST_FILES.paths+= ${WRKSRC}/emailgeeklogstories 74SUBST_FILES.paths+= ${WRKSRC}/emailgeeklogstories
75SUBST_FILES.paths+= ${WRKSRC}/public_html/admin/install/index.php 75SUBST_FILES.paths+= ${WRKSRC}/public_html/admin/install/index.php
76SUBST_FILES.paths+= ${WRKDIR}/geeklog.conf 76SUBST_FILES.paths+= ${WRKDIR}/geeklog.conf
77SUBST_SED.paths+= -e 's,@GEEKLOG_BASE@,${GEEKLOG_BASE:Q},g' 77SUBST_SED.paths+= -e 's,@GEEKLOG_BASE@,${GEEKLOG_BASE:Q},g'
78SUBST_SED.paths+= -e 's,@GEEKLOG_PUB@,${GEEKLOG_PUB:Q},g' 78SUBST_SED.paths+= -e 's,@GEEKLOG_PUB@,${GEEKLOG_PUB:Q},g'
79SUBST_SED.paths+= -e 's,@GEEKLOG_SITESUBDIR@,${GEEKLOG_SITESUBDIR:Q},g' 79SUBST_SED.paths+= -e 's,@GEEKLOG_SITESUBDIR@,${GEEKLOG_SITESUBDIR:Q},g'
80SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR:Q},g' 80SUBST_SED.paths+= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR:Q},g'
81SUBST_SED.paths+= -e 's,@PREFIX@,${PREFIX:Q},g' 81SUBST_SED.paths+= -e 's,@PREFIX@,${PREFIX:Q},g'
82.if empty(GEEKLOG_SITEBASE) 82.if empty(GEEKLOG_SITEBASE)
83SUBST_SED.conf+= -e '/^Alias/s,^,\#,' 83SUBST_SED.conf+= -e '/^Alias/s,^,\#,'
84.endif 84.endif
85SUBST_STAGE.paths= post-configure 85SUBST_STAGE.paths= post-configure
86 86
87INSTALLATION_DIRS= ${GEEKLOG_BASE} ${GEEKLOG_PUB} ${GL_TMPL}/images \ 87INSTALLATION_DIRS= ${GEEKLOG_BASE} ${GEEKLOG_PUB} ${GL_TMPL}/images \
88 share/examples/geeklog ${GL_DOC} ${GL_EG} 88 share/examples/geeklog ${GL_DOC} ${GL_EG}
89 89
90post-extract: 90post-extract:
91 ${CP} ${FILESDIR}/README ${FILESDIR}/geeklog.conf ${WRKDIR} 91 ${CP} ${FILESDIR}/README ${FILESDIR}/geeklog.conf ${WRKDIR}
92 92
93pre-install: 93pre-install:
94 ${FIND} ${WRKSRC} -type f -name "*.orig" -exec ${RM} -f {} \; 94 ${FIND} ${WRKSRC} -type f -name "*.orig" -exec ${RM} -f {} \;
95 cd ${WRKSRC}/public_html; \ 95 cd ${WRKSRC}/public_html; \
96 ${FIND} ${GL_TMPL_SUB} -type f -exec ${CHMOD} -x {} \; 96 ${FIND} ${GL_TMPL_SUB} -type f -exec ${CHMOD} -x {} \;
97 ${CHMOD} 0664 ${WRKSRC}/public_html/backend/geeklog.rss 97 ${CHMOD} 0664 ${WRKSRC}/public_html/backend/geeklog.rss
98 cd ${WRKSRC}/system; \ 98 cd ${WRKSRC}/system; \
99 ${FIND} pear -type f -exec ${CHMOD} 0644 {} \; 99 ${FIND} pear -type f -exec ${CHMOD} 0644 {} \;
100 100
101do-install: 101do-install:
102 ${INSTALL_DATA} ${WRKDIR}/README ${DESTDIR}${PREFIX}/${GL_DOC} 102 ${INSTALL_DATA} ${WRKDIR}/README ${DESTDIR}${PREFIX}/${GL_DOC}
103.for f in ${GL_CONF_FILES} ${GL_CONF_PUB_FILES} 103.for f in ${GL_CONF_FILES} ${GL_CONF_PUB_FILES}
104 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${GL_EG} 104 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${GL_EG}
105 ${RM} ${WRKSRC}/${f} 105 ${RM} ${WRKSRC}/${f}
106.endfor 106.endfor
107 ${INSTALL_DATA} ${WRKDIR}/geeklog.conf ${DESTDIR}${PREFIX}/${GL_EG} 107 ${INSTALL_DATA} ${WRKDIR}/geeklog.conf ${DESTDIR}${PREFIX}/${GL_EG}
108.for f in ${GL_SYS} 108.for f in ${GL_SYS}
109 cd ${WRKSRC}; pax -rw ${f} ${DESTDIR}${PREFIX}/${GEEKLOG_BASE} 109 cd ${WRKSRC}; pax -rw ${f} ${DESTDIR}${PREFIX}/${GEEKLOG_BASE}
110.endfor 110.endfor
111 cd ${WRKSRC}/public_html; \ 111 cd ${WRKSRC}/public_html; \
112 pax -rw admin ${DESTDIR}${PREFIX}/${GEEKLOG_BASE}; \ 112 pax -rw admin ${DESTDIR}${PREFIX}/${GEEKLOG_BASE}; \
113 ${RM} -rf admin 113 ${RM} -rf admin
114.for d in ${GL_TMPL_SUB} 114.for d in ${GL_TMPL_SUB}
115 cd ${WRKSRC}/public_html; \ 115 cd ${WRKSRC}/public_html; \
116 if [ -d ${d} ]; then \ 116 if [ -d ${d} ]; then \
117 pax -rw ${d} ${DESTDIR}${PREFIX}/${GL_TMPL}; \ 117 pax -rw ${d} ${DESTDIR}${PREFIX}/${GL_TMPL}; \
118 ${RM} -rf ${d}; \ 118 ${RM} -rf ${d}; \
119 fi 119 fi
120.endfor 120.endfor
121 cd ${WRKSRC}/public_html; pax -rw . ${DESTDIR}${PREFIX}/${GEEKLOG_PUB} 121 cd ${WRKSRC}/public_html; pax -rw . ${DESTDIR}${PREFIX}/${GEEKLOG_PUB}
122 122
123.include "../../mk/apache.mk" 123.include "../../mk/apache.mk"
124.include "../../lang/php/phpversion.mk" 124.include "../../lang/php/phpversion.mk"
125.include "../../mk/bsd.pkg.mk" 125.include "../../mk/bsd.pkg.mk"
cvs diff -r1.20 -r1.20.2.1 pkgsrc/www/geeklog/distinfo (switch to unified diff)

--- pkgsrc/www/geeklog/distinfo 2012/12/31 02:27:22 1.20
+++ pkgsrc/www/geeklog/distinfo 2013/02/25 16:12:48 1.20.2.1
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.20 2012/12/31 02:27:22 taca Exp $ 1$NetBSD: distinfo,v 1.20.2.1 2013/02/25 16:12:48 tron Exp $
2 2
3SHA1 (geeklog-1.8.2.tar.gz) = 45acb15e39b5a92a264ab742f97e8975cd0de279 3SHA1 (geeklog-1.8.2sr1.tar.gz) = c2b1b1e529a8627d7aef6d3ec9adee30887fc250
4RMD160 (geeklog-1.8.2.tar.gz) = 1a880e13ba7751692528c541c4d3ed40f9702a11 4RMD160 (geeklog-1.8.2sr1.tar.gz) = 53a96d4e4573d1526988b140b02d1bf90c05fbf3
5Size (geeklog-1.8.2.tar.gz) = 5608108 bytes 5Size (geeklog-1.8.2sr1.tar.gz) = 5610013 bytes
6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368 6SHA1 (patch-aa) = 61cc381e4c3def555806ed4589446f466f6f8368
7SHA1 (patch-aj) = 1152a6f8478373d40125ae311c4030f6e2ef4bd7 7SHA1 (patch-aj) = 1152a6f8478373d40125ae311c4030f6e2ef4bd7
8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78 8SHA1 (patch-ak) = 387f14ace88c0390a2647453a08491500b099c78