Commit graph

51 commits

Author SHA1 Message Date
rillig
c7ff05f63e all: replace SUBST_SED with the simpler SUBST_VARS
pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
2019-05-23 19:22:54 +00:00
taca
635c585fec Update geeklog to 2.1.1.
pkgsrc change:

* Prefix PKGNAME with ${PHP_PKG_PREFIX}.
* Now depends on php-mysqli instead of php-mysql.
* Now allow all pkgsrc's PHP versions.

December 9, 2015 (2.1.1)
------------

- [Security] Log parameters for 404 errors & make filtering in 404.log work like in error.log [Dirk]
- [Security] Removed the code used for File Manager demos and tests shipped with WideImage to prevent an XSS [Mystralkk]
- [Security] Updated File Manager to version 2.2.0 (fixed security issue with file upload check) [Mystralkk]
- [Security] Configuration string input sanitizing overhaul. Now can be config option specific by
  adding sanitize rule in config validation file. Default is now all strings are stripped of tags [Tom]
- [Update] CKEditor to version 4.5.4 [Dengen]
- [Update] jQuery to version 1.11.3 and jQuery UI to version 1.11.4. jQuery Timepicker Addon updated [Tom] [Dengen]
- [Update] OAuth class to version 1.141 [Tom]
- [Feature] Integrated the UIkit framework version 2.24.0 into Geeklog [Dengen]
- [Feature] Denim theme now uses UIkit [Dengen]
- [Feature] Added first part of developer mode which adds extra error logging for any template errors
- [Feature] Plugins can now include default templates and css files along with ones for different themes
  Plugins template and css files can be included with themes. Plugins template files can now have
  a function.php file to control what javascript is loaded [Tom]
- [Feature] Schema.org article, author, and Breadcrumb markup added to Denim and Modern Curve themes [Tom]
- [Feature] Poll plugin bar graphs now based on percentage and supports responsive themes [Tom]
- [Feature] Useful feature template class [Tom]
- [Feature] Allow xmlSiteMap Plugin to Ping Search Engines when new content is Added [Mystralkk]
- [Feature] XMLSitemap Plugin - Add dedicated API [Mystralkk]
- [Feature] Change default admin page to index.php from moderation.php [Dengen]
- [Feature] Search form part of the theme is not accessible. [Dengen]
- [Feature] Localization of message "Unfortunately, an error has occurred rendering this page." [Mystralkk]
- [Feature] Add Pagination with rel=“next” and rel=“prev” [Tom]
- [Bug] Added email check to Com_mail to prevent plugins from sending email to users who don't have an address (Oauth users) [Tom]
- [Bug] Cached Articles Sometimes do not Display on website [Tom]
- [Bug] Current LDAP module doesn't work properly - new Simple_LDAP Authentication provided [Mystralkk]
- [Bug] Duplicate Blocks [Mystralkk]
- [Bug] Remove hardcoded checks for TLD in domain names [Mystralkk]
- [Bug] Geeklog Does Not Accept .website TLD [Mystralkk]
- [Bug] Install script Migrate option needs to handle cookiesecure config value [Dirk]
- [Bug] Hidden config option 'search_use_fulltext' can be found using search in Configuration [Dengen]
- [Bug] Errors while editing blocks reset all options [Dengen]
- [Bug] The administrator is forced to be an input of the user password in the Edit User screen [Dengen]
- [Bug] Wrong permissions with articles submitted by guest users [Dengen]
- [Bug] Declaration of dc: namespace missing from RSS and RDF feeds [Mystralkk]
- [Bug] Missing blank in feed headers [Dirk]
2015-12-13 14:55:35 +00:00
taca
c4d7c37e80 Explicitly restrict PHP_VERSIONS_ACCEPTED to 55 and 56 for packages which
use php-mysql package.
2015-12-06 12:13:12 +00:00
taca
af9018fc50 Reset MAINTAINER. 2015-11-29 03:05:15 +00:00
agc
b9b754e081 Add SHA512 digests for distfiles for www category
Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 02:46:46 +00:00
taca
79b6c5935a Tweak geeklog.conf to support mod_authz_core as well as mod_authz_core. 2015-09-27 07:17:58 +00:00
taca
9a1dff5a36 Remove test and demo from wideimage library which is used by filemanger
since these files contains XSS problem.

Bump PKGREVISION.
2015-07-06 11:49:54 +00:00
taca
12f1e2da5f Update geeklog to 2.1.0.
- Integrated Caching Template Library original developed by Joe Mucchiello [Tom]
- Support for themes to specify a default theme. Default themes template and css
  files will be used unless they are included in the new theme directory [Tom]
- Added configruable caching support for blocks (regular and gldefault),
  staticpages and articles [Tom]
- Speed increases by caching topic tree structure [Tom]
- What's Related article block now includes all Topics. Can set length of titles
  [Tom]
- Articles now list what Topics they are filed under. [Tom]
- New related_topics autotag. It displays all topics an item belongs too. [Tom]
- New related_items autotag. It displays all other related items based on what
  topics the defined item belongs too [Tom]
- Updated Command & Control layout. Plugins can now organized into groups. [Tom]
- New OAuth login methods supported (Google, Microsoft, Yahoo). OAuth supported
  now includes 1.0, 1.0a, and 2.0 (depends on what the provider supports) [Tom]
- Javascript and css can now be loaded in a specified order. [Tom]
- Numerous fixes for multi-language support [Tom]
- Added CKEditor 4.3.2 as the default advanced editor for Geeklog [Dengen]
- New article render which fixes entities etc... from showing up where they
  shouldn't [Dengen]
- New Advanced Editor System that allows developers to easily to add new
  javascript editors [Dengen]
- Article, Staticpages Poll and Topic IDs can now be 128 characters long [Tom]
- User Login page now can be accessed directly without first displaying a login
  error message [Tom]
- Fixed deadlock issues with the session table [Tom]
- Updated Hebrew language files, provided by LWC
- jQuery can now be included in the header [Tom]
- Updated to jQuery 1.10.2 and jQuery UI to 1.10.3 [Tom]
- Added a Filemanager [Kenji ITO]
- Added timepicker jQuery control [Dengen]
2014-07-19 05:19:39 +00:00
taca
66d4281269 Update geeklog to 2.0.0.
Here is summary from release announce.  Full changes are available in
docs/history file.  (XSS problem was already fixed by geeklog-1.8.2sr1.)

* Improved strength of password hashing
* Allow Topics to have child Topics
* Allow Articles, Blocks and other Plugin objects to be associated with more
  than one Topic
* Topic Breadcrumb support
* Emergency Rescue Tool is included with the Geeklog Install
* Added support for MySQLi
* Add Stop Forum Spam and Spam Number of Links Modules to Spam-X
* A new theme called Denim which is based on Responsive Web Design
* A new theme called Modern Curve
* Comments Form on same page as Articles and plugin other Plugin objects
* Comments RSS Feed Plugin now integrated into Geeklog
* Includes updated versions of jQuery to 1.9.1 and jQuery UI to 1.10.1
* Updated FCKeditor version to 2.6.9
* XSS fixes for the Install, Configuration, Topic Editor, Polls Plugin and
  Calendar Plugin
* Twitter OAuth API updated
* HTML 5 DOCTYPE
2013-04-02 15:46:36 +00:00
obache
778bed8bfb Bump PKGREVISION from default PHP version change to 5.4. 2013-03-16 07:21:18 +00:00
taca
148ef46ba5 Update geeklog to 1.8.2.1 (Geeklog 1.8.2sr1).
Geeklog History/Changes:

Feb 19, 2013 (1.8.2sr1)
------------

This release addresses the following security issues:
- High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
  parameter in the Calendar plugin (HTB23143).
- Trustwave Spiderlabs reported XSS in the install script, the Configuration,
  as well as in the Admin interfaces for the Polls plugin and the Topic editor
  (TWSL2013-001).

Not security-related:
- Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
  (feature request #0001506).
2013-02-21 13:01:24 +00:00
taca
343dad7433 Update geeklog to 1.8.2. (This is leaf package.)
Geeklog History/Changes:

Dec 30, 2012 (1.8.2)
------------

- A remote service user now bypasses current password check when account is
  deleted (bug #0001417) [Tom]
- Fixed Twitter OAuth login error after Twitter deactived some old URLs (bug
  #0001497) [Tom]
- $dbconfig_path was not escaped in the install script (bug #0001457, patch
  provided by mystral-kk)
- COM_stripslashes will now handle arrays; this was a problem during
  re-authentication after a security token expired (bug #0001413) [suprsidr]
- The comment count for a story could be wrong if there was a different object
  with the same id and a comment (bug #0001414) [Tom]
- Feeds with the full story text still had a '...' at the end (bug #0001431)
  [Jeff Rivett, Tom]
- Allow MIME type application/x-gzip-compressed when uploading a plugin for
  installation (bug #0001405) [Dirk]
- Fixed compatibility with MySQL 5.5 (bugs #0001410, #0001456). This also
  raises the minimum supported MySQL version to 4.1.2 [Dirk, Tom]
2012-12-31 02:27:22 +00:00
asau
5eae6a18a3 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-28 06:30:00 +00:00
taca
d51dfef918 Update geeklog package to 1.8.1. Remove PRIVILEGED_STAGES setting, too.
Oct 9, 2011 (1.8.1)
-----------

- Fixed exact match censoring option (bug #0001392) [Tom]
- Fixed adding elements to empty Configuration arrays (bug #0001396) [Tom]
- Blank out OAuth consumer key and secret in rootdebug dumps [Dirk]
- Fixed deleting elements from Configuration arrays (bug #0001394, patch
  provided by dengen)
- Avoid censoring in What's Related block (bug #0001393) [Tom, Dirk]
- Fixed error message display in admin's user editor when renaming the
  userphoto failed [Dirk]
- Don't display details of a failed MS SQL query by default [Dirk]

- Updated Japanese language file, provided by the Geeklog.jp group
2011-11-13 15:52:24 +00:00
obache
dca078f299 Bump PKGREVISION from PHP_VERSION_DEFAULT changes. 2011-09-16 05:46:22 +00:00
taca
5f4affa7f7 Update geeklog to 1.8.0.
Quote from release announce:

With Geeklog 1.8.0 we have raised the minimum system requirement for PHP.
PHP version 5.2.0 or greater is now required.

There are a number of new features with this version of Geeklog. These
include:

- Improved Configuration, which was the Google Summer of Code project of
  Akeda Bagus from 2010. Improvements include the ability to search for
  configuration attributes, tabs, input validation as well as an updated
  look.
- OAuth Support, allowing users to log into a Geeklog site with their
  Facebook, Twitter, or LinkedIn account, developed by Hiroshi Sakuramoto of
  Geeklog Japan.
- Includes jQuery 1.5.2 and jQuery UI 1.8.11
- Updated Professional theme with new icons and tooltips.
- Reworked Plugin Admin interface that now checks for dependencies when a
  plugin is installed.
2011-06-15 15:22:41 +00:00
taca
59eb59a1f2 Update geeklog to 1.7.2.
Feb 20, 2011 (1.7.2)
------------

Note: This will be the last Geeklog version to work on PHP 4. We will provide
security fixes for this version until 2012. Future versions of Geeklog will
require PHP 5.2.0 or later. For details, please see
http://www.geeklog.net/article.php/end-of-php4-support

- PostgreSQL fixes:
  * It wasn't possible for several Geeklog instances to share a Postgres
    database (bug #0001251) [Rouslan]
  * Fixed dbSave [Dirk]
  * Fixed error reporting [Dirk]
  * Fixed compatibility with PHP 4 [Dirk]
- Fixed replacing the [imageX] tags when changing a story's id (bug #0001256)
  [Dirk]
- Fixed Static Pages plugin to work with PHP 4 (bug #0001239) [Tom]
2011-02-24 14:05:31 +00:00
taca
53b855e02b Update geeklog package to 1.7.1.1 (1.7.1sr1), security fix.
Jan 2, 2011 (1.7.1sr1)
------------

This release addresses the following security issue:

Aung Khant of the YGN Ethical Hacker Group reported an XSS in the admin's
configuration panel.
2011-01-03 01:57:24 +00:00
taca
641d84609f Update www/geeklog package to 1.7.1.
Geeklog History/Changes:

Oct 31, 2010 (1.7.1)
------------

- Fixed description of $index parameter for STORY_renderArticle (bug #0001203)
  [Dirk]
- The number of successfully imported users was always reported as 0 for the
  "Batch Add" option in the User Manager (bug #0001211) [Ivy, Dirk]
- Fixed a bug in the MS SQL changeDESCRIBE method to properly prefix the proper
  sql query string [Randy]

- Updated Hebrew language files, provided by LWC
- New Italian language files for the Links plugin, provided by Rouslan Placella
- Updated Italian language files for the Static Pages plugin, provided by
  Rouslan Placella

Calendar Plugin
---------------
- Fixed an SQL error when returning search results for the Personal Calendar
  (bug #0001195) [Dirk]


Oct 10, 2010 (1.7.1rc1)
------------

- If content from an Autotag produces another Autotag it will be executed (to a
  maximum of 5 times) [Tom]
- Themes can now have their own display functions for the start and end of
  Blocks. (Feature #0001188) [Tom]
- Reverted a change in 1.7.0 that would send a Content-Type header when calling
  COM_refresh since this conflicts with some plugins (e.g. the Forum) [Dirk]
- Fixed wrong view after posting a comment on a poll (bug #0001080, patch
  provided by Wojtek Szkutnik)
- Fixed language in the dropdown for the permanent cookie in the Configuration
  (bug #0001117, patch provided by Eric Brisco)
- Added cancel and delete buttons to comment edit and submission forms when
  needed. (Feature #0000981) [Tom]
- Reverted parts of the changes for bug #0001057: Do _not_ escape curly braces
  when displaying a block's content (bug #0001156). If you run into the problem
  that words in curly braces inside blocks are interpreted as template
  variables, simply add a space after the opening and/or the closing brace
  [Dirk]
- Autotags can now be inserted directly into template files.
  (Feature #0001181) [Tom]
- Plugins are able to control moderation and return a string to be displayed.
  (Feature #0000619 patch provided by jmucchiello)
- Admin lists can now display a 0 in a column instead of being blank
  (bug #0001060 patch provided by jmucchiello)
- Fixed "Show & Hide Boxes" option in My Account (reported by Pushkar) [Dirk]
- Display the topic name (instead of the topic id) in the list of draft stories
  (bug #0001171) [Dirk]
- Fixed COM_formatTimeString to correctly handle intervals bigger than 4 weeks
  (bug #0001158) [Dirk]
- Call PLG_templateSetVars for the Advanced Search form [Dirk]
- Make sure we keep the current status of the user's Advanced Editor option
  even when Advanced Editor is disabled for the site (Thanks, Markus) [Dirk]
- Comment submissions for plugins were missing the type [Dirk]
- In the Group Editor, hide the 'Apply "Default Group" change' option until the
  state of the "Default Group" checkbox changes (feature request #0001116,
  patch provided by Dushyant Tiwari)
- Fixed handling of $LANG_DIRECTION in the install script (cf. bug #0000871)
- Fixed query highlighting in articles - didn't work for queries that contained
  characters filtered by COM_applyFilter [Dirk]

- Updated Japanese language file, provided by the Geeklog.jp group
- New and updated French (France) language files, provided by Ben
- Updated Hebrew language file for the Links plugin, provided by LWC

Static Pages Plugin
-------------------
- Call up the Advanced Editor when enabled (bug #0001147, patch provided by
  Samuel Leathers)
- A Static Page can now be marked as a template and used by other Static Pages.
  (Feature #0001085) [Tom]
2010-11-04 15:52:10 +00:00
taca
0ec3631f6a Update geeklog package to 1.7.0.
Quote from release announce:

This release adds support for PostgreSQL (in addition to MySQL and MS
SQL), developed by Stan Palatnik during the Google Summer of Code
2009. It also adds a re-authentication option in case the CSRF token
expires, thus preventing loss of data. For other improvements, please
see the list of changes. Of course, it also addresses the latest
security issue.

We would also like to thank all those students again who applied for
the Google Summer of Code 2010 and submitted patches for Geeklog. Some
of them already made it into 1.7.0, the rest is scheduled for
inclusion into Geeklog 1.7.1. We will also be looking into adding more
of our successful GSoC projects from 2009 into that release.
2010-08-10 16:00:42 +00:00
taca
09d7db63cc Update geeklog package to 1.6.1.1 (1.6.1sr1).
May 9, 2010 (1.6.1sr1)
------------

This release addresses the following security issue:

The autologin (using the long-term session cookie) is vulnerable to dictionary
attacks. This issue was originally reported by Bookoo of the Nine Situations
Group in one of his reports in April 2009 but apparently overlooked by the
Geeklog Team. Thanks to geeklog.net user Jack for pointing this out.
2010-05-17 15:46:38 +00:00
joerg
6652f0f655 Fix ownership. Bump revision. 2010-02-19 19:58:38 +00:00
taca
3f9aca5855 Update www/geeklog package to 1.6.1.
Geeklog 1.6.1

New Features and Improvements

  * Geeklog now lets you enter meta descriptions and meta keywords for the main
    page, for stories, topics, static pages, and polls. Please note that these
    meta tags may not be used by some search engines.
  * You can now have one featured story per topic (for stories set to "Show
    only in Topic").
  * New autotags now allow you to embed polls in stories and everywhere else
    where autotags are allowed.
  * The Migrate option in the install script can now also be applied to an
    existing database (i.e. you don't need to import a database dump to update
    your URLs and paths).
  * The Database Backup admin panel now includes options to optimize the
    database and convert tables to InnoDB (MySQL only).
  * Improved timezone support and let users actually set their own timezone.
  * Minor security enhancements:
      + "Important" cookies (like the session cookies) are now created with the
        HttpOnly flag set. This will help avoid some XSS attacks, provided your
        browser supports this flag.
      + Template errors will now trigger the standard error handler instead of
        exposing the template path.
      + Fixed inclusion protection for some of the Spam-X class files.

Please also see the list of theme changes.

Bugfixes

  * Fixed automatic closing of stories for comments after a certain amount of
    days. If you need to re-open comments on stories that were closed due to
    this bug, you can use this SQL request:
    UPDATE gl_stories SET commentcode = 0, comment_expire = 0 WHERE commentcode
    = 1;
  * The comment speed limit was being ignored.
  * Fixed a bug in the Group Editor that didn't let you add groups to other
    groups (this problem was only introduced in Geeklog 1.6.0).
  * The admin group for the Static Pages plugin was created with a wrong name
    in Geeklog 1.6.0 (fresh installs only).
  * Several tweaks and minor fixes (e.g. compatibility with PHP 4) in the
    search.
2009-11-30 15:44:45 +00:00
taca
b84ef6c9eb Update Geeklog to 1.6.0sr2 (security release 2).
o Add some pkgsrc patches to improve Content-Type header output.


Geeklog 1.6.0sr2

This release addresses the following security issue:

  * Unauthorized file uploads were possible through FCKeditor.
    Uploaded files still had to go through FCKeditor's filter, so it was not
    possible to upload scripts (and the integrity of the Geeklog site as such
    was not in danger). There were, however, reports that this was used to host
    malware.
    This update prevents use of the upload feature when FCKeditor is disabled
    and disables it for anonymous users. It also doesn't allow uploading of
    archive files any more. Furthermore, you need some sort of "edit"
    permission now to be able to upload files through FCKeditor (this is meant
    as an interim measure - we will probably introduce a separate "upload"
    permission in future Geeklog versions).

Other fixes:

  * Fixed installation using InnoDB tables.
  * Fixed a (non-exploitable) SQL error when auto-updating a story's
    commentcode field.
  * Fixed a wrong function name in the Links plugin.

Geeklog 1.6.0sr1

This release addresses the following security issues:

 1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
    email a story to a friend.
 2. The "Mail Story to a Friend" function didn't check story permissions, so
    that it was possible to email a story even if you didn't have the
    permissions to view it on the site.

Other fixes:

  * Fixed an SQL error when submitting a story and the story submission queue
    was off.
  * Fixed calls to a nonexistent function COM_outputMessageAndAbort.

Geeklog 1.6.0

Results from the Summer of Code

This release incorporates the following projects implemented during the the
2008 Google Summer of Code:

  * Site migration support and easier plugin installation, by Matt West
  * Improved search, by Sami Barakat
  * Comment moderation and editable comments, by Jared Wenerd

Other changes

  * The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
    the PHP team ended support for PHP 4 in August 2008, you should be looking
    into upgrading to PHP 5 anyway.
  * Includes FCKeditor 2.6.4.1
  * Includes a new plugin, XMLSitemap, that automatically generates a XML
    sitemap file, as supported by all major search engines. Plugin written and
    provided by mystral-kk.
  * Several new plugin API functions have been added and existing functions
    have been extended.
  * The included documentation has been moved to docs/english to allow for
    translations. Links to the documentation from within Geeklog will link to
    existing translations for the current language automatically (or fall back
    to the English documentation if no suitable translation can be found).
  * There were a variety of theme changes to support new functionality and fix
    inconsistencies in the layout.

This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!
2009-09-15 10:48:46 +00:00
taca
6d51cee4c7 Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.

And add updated fckeditor for Geeklog.

These updates should fix known security problems, Secunia SA36372.



Jul 30, 2009 (1.5.2sr5)
------------

This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
  email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
  it was possible to email a story even if you didn't have the permissions to
  view it on the site.
2009-09-13 01:15:10 +00:00
joerg
76039544d1 Remove @dirrm related logic. 2009-06-14 22:57:58 +00:00
joerg
e031855e4a Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 22:00:14 +00:00
taca
6d2698e886 Update geeklog package from 1.4.1nb4 to 1.5.2.4 (1.5.2sr4).
pkgsrc changes: overhaul this package.

	* Add LICENSE.
	* Clean up bmake's macros, such as addition of PRINT_PLIST_AWK.

Geeklog changes: too many chagnes to write here.

	* New user-friendly installation.
	* New Configuration GUI.
	* New Webservice GUI.
	* And more.

	Please refer http://www.geeklog.net/docs/english/changes.html
	for more information.

Fixed some security problems about SQL injection vulnerability.
2009-05-26 14:19:29 +00:00
taca
b0fbb9da30 Remove dependency to www/ap-php and prevent hardcoded dependency to apache.
Bump PKGREVISION.
2008-09-28 02:25:26 +00:00
taca
87755c333b Add security fix of FCKeditor.
http://www.geeklog.net/article.php/file-uploads

Bump PKGREVISION.
2008-09-09 14:34:13 +00:00
joerg
3b0d97b0de Add DESTDIR support. 2008-06-20 01:09:05 +00:00
taca
4d81c56bf5 Add a security fix for kses, HTML filter which isn't used with default
configuration: http://www.geeklog.net/article.php/kses.

Also fix one pkglint warning.

Bump PKGREVISION.
2008-06-19 14:08:42 +00:00
taca
dfaba9b34b make GEEKLOG_BASE and GEEKLOG_PUB settable. 2008-06-19 12:38:45 +00:00
joerg
7f7f5ce917 Needs full pax dependency. Bump revision. 2008-05-26 00:40:24 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
taca
0d71c3b8fb Update geeklog to 1.4.1.
pkgsrc's change: improving our README file.


Geeklog 1.4.1

New Features

  * Support for Microsoft SQL Server. Starting with this release, Geeklog can
    now also be installed on Microsoft SQL Server, so it's no longer restricted
    to just MySQL. The MS SQL support was developed by Randy Kolenko. Thanks,
    Randy!
    Please note that any third-party plugins will have to offer support for MS
    SQL before they can be installed on Microsoft SQL Server. The bundled
    plugins (Calendar, Links, Polls, Spam-X, Static Pages) have already been
    updated accordingly.
  * Calendar plugin. The formerly built-in calendar and events have now been
    moved into a separate plugin. This complements the move of the polls and
    links sections into plugins in Geeklog 1.4.0 and makes Geeklog more modular
    as you can now easily disable or replace functionality that you don't need
    for your site.
  * Multi-language support. It is now possible to build truly multi-linugal
    sites with Geeklog where not only the navigation but also the content of
    the site changes with the language.
  * Ships with FCKeditor 2.3.1, which once again includes a file manager for
    uploading images.
  * A function for mass-deletion of old or inactive users. The list
    automatically searches for users that have never logged in, only used the
    site for a very short time or have not been online since a very long time.
    The time span can be varied, and found users can be selectively deleted.

Security

In the light of the security issues discovered in Geeklog 1.4.0 and earlier
versions, the Geeklog source code has undergone a code review. We have
identified and addressed several minor issues and introduced new measures to
enhance security in this release. As a welcome side effect, the code reviews
have also uncovered a few bugs and inconsistencies that we also fixed in this
release.

Spam Protection

With this release we are finally removing support for the discontinued
MT-Blacklist. In its place, we are now using a system called Spam Link
Verification (SLV) run by Russ Jones at www.linksleeve.org. SLV could be
described as a community-driven, automatically updated blacklist. See the
documentation of the Spam-X plugin for details.
2007-05-20 15:56:44 +00:00
wiz
601583c320 Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.
2007-02-22 19:26:05 +00:00
rillig
111b194ecd apachever.mk is deprecated. 2007-02-15 15:00:44 +00:00
taca
5f3ccf88e6 - Reduce pkglint warning.
- Add GEEKLOG_SITEBASE to BUILD_DEFS.

No functional changes.
2006-08-17 14:16:56 +00:00
taca
8c73d1412a Update geeklog package to 1.4.0.5.1 (1.4.0sr5-1).
- Fix display problem with comment preview.
- Add afrikaans language support.
2006-07-24 16:13:55 +00:00
taca
ac8071c50c - Fix bad handling of some cofiguration files noted by ghen@ behalf of
pkgsrc release engineering team.
- Keep current directory with DEINSTALL and INSTALL script.
- remove extra processing with POST-DEINSTALL action from DEINSTALL script.
- Suggest use of additional graphic package.
- Add APACHE_GROUP to BUILD_DEFS.
- install ${GEEKLOG_EXAMPLESDIR}/createdb.php with INSTALL_SCRIPT.

Bump PKGREVISION.
2006-07-23 13:21:09 +00:00
taca
255f11cc76 Update www/geeklog package to 1.4.0.5 (1.4.0sr5).
It fixes cross-site-scripting security problem.

Geeklog 1.4.0sr5

JPCERT/CC informed us about a possible XSS in the comment handling that we're
fixing with this release.
2006-07-17 02:03:30 +00:00
taca
71ae50421e Oops, fix PKGREVISION's speeling. 2006-07-09 13:31:02 +00:00
taca
51cf68d030 - Set files' permission; a bundled PEAR library is too restricted
permisson.
- Remove logs directory from PLIST.

Bump PKGREVISION.
2006-07-09 13:29:24 +00:00
taca
20dfdbfd6d Update geeklog-1.4.0.4 (1.4.0sr3).
----------------------------------------------------------------------------

Two exploits have been released by "rgod" for insecure Geeklog installations
and for a bug in the "mcpuk" file manager that we've been shipping as part of
FCKeditor in all previous 1.4.0 releases.

 o  Some of the files outside of the public_html directory were not protected
    against direct execution. If Geeklog was installed such that those files
    were accessible from a URL (which has always been strongly discouraged in
    the installation instructions) then those files could be used to load and
    execute malicious code from a remote server.

    More information: So-called Geeklog "exploit" posted

    In this release, we've added the missing execution prevention for all files
    outside of public_html. We would still, however, suggest that you fix your
    Geeklog install if the files outside of public_html are accessible from a
    URL (see our FAQ for details).
 o  The "mcpuk" file manager that we've integrated into FCKeditor allowed the
    upload of arbitrary PHP code (even if FCKeditor was disabled in Geeklog's
    config.php). Depending on your webserver's configuration, it was then
    possible to execute that uploaded code.

    More information: Exploit for FCKeditor's mcpuk file manager

    The file manager has been removed from this release. You will therefore no
    longer be able to upload files, e.g. images, through FCKeditor. Future
    versions of Geeklog will ship with an updated version of FCKeditor and its
    included file manager.

Note: This release also includes the updated lib-trackback.php for better
protection against Trackback spam.

----------------------------------------------------------------------------

First problem dosen't related to pkgsrc.
2006-07-01 00:22:38 +00:00
taca
52e0dbeecc Add a temporary fix to handle security problem of fckeditor; disabling
file upload functions.

Bump PKGREVISION.
2006-06-30 17:16:27 +00:00
taca
1728544658 Fix files/README about initial database creation noted
by PR pkg/33762 from S. Kitagawa, thanks much.
2006-06-19 02:27:04 +00:00
taca
195adf58c0 - Split MESSAGE's content to separate document file.
- Handle system/lib-custom.php as one of modifiable files.

Bump PKGREVISION.
2006-06-18 08:34:05 +00:00
taca
9ed74b2e9e No need to set APACHE_USER here. 2006-06-17 01:48:23 +00:00
taca
5dbf827826 Oops, forgot to correct include path of Makefile.common. 2006-06-16 08:41:12 +00:00