Log message:
Update geeklog package to 1.7.1.1 (1.7.1sr1), security fix.

Jan 2, 2011 (1.7.1sr1)
------------

This release addresses the following security issue:

Aung Khant of the YGN Ethical Hacker Group reported an XSS in the admin's
configuration panel.

Log message:
Update www/geeklog package to 1.7.1.

Geeklog History/Changes:

Oct 31, 2010 (1.7.1)
------------

- Fixed description of $index parameter for STORY_renderArticle (bug #0001203)
  [Dirk]
- The number of successfully imported users was always reported as 0 for the
  "Batch Add" option in the User Manager (bug #0001211) [Ivy, Dirk]
- Fixed a bug in the MS SQL changeDESCRIBE method to properly prefix the proper
  sql query string [Randy]

- Updated Hebrew language files, provided by LWC
- New Italian language files for the Links plugin, provided by Rouslan Placella
- Updated Italian language files for the Static Pages plugin, provided by
  Rouslan Placella

Calendar Plugin
---------------
- Fixed an SQL error when returning search results for the Personal Calendar
  (bug #0001195) [Dirk]

Oct 10, 2010 (1.7.1rc1)
------------

- If content from an Autotag produces another Autotag it will be executed (to a
  maximum of 5 times) [Tom]
- Themes can now have their own display functions for the start and end of
  Blocks. (Feature #0001188) [Tom]
- Reverted a change in 1.7.0 that would send a Content-Type header when calling
  COM_refresh since this conflicts with some plugins (e.g. the Forum) [Dirk]
- Fixed wrong view after posting a comment on a poll (bug #0001080, patch
  provided by Wojtek Szkutnik)
- Fixed language in the dropdown for the permanent cookie in the Configuration
  (bug #0001117, patch provided by Eric Brisco)
- Added cancel and delete buttons to comment edit and submission forms when
  needed. (Feature #0000981) [Tom]
- Reverted parts of the changes for bug #0001057: Do _not_ escape curly braces
  when displaying a block's content (bug #0001156). If you run into the problem
  that words in curly braces inside blocks are interpreted as template
  variables, simply add a space after the opening and/or the closing brace
  [Dirk]
- Autotags can now be inserted directly into template files.
  (Feature #0001181) [Tom]
- Plugins are able to control moderation and return a string to be displayed.
  (Feature #0000619 patch provided by jmucchiello)
- Admin lists can now display a 0 in a column instead of being blank
  (bug #0001060 patch provided by jmucchiello)
- Fixed "Show & Hide Boxes" option in My Account (reported by \ 
Pushkar) [Dirk]
- Display the topic name (instead of the topic id) in the list of draft stories
  (bug #0001171) [Dirk]
- Fixed COM_formatTimeString to correctly handle intervals bigger than 4 weeks
  (bug #0001158) [Dirk]
- Call PLG_templateSetVars for the Advanced Search form [Dirk]
- Make sure we keep the current status of the user's Advanced Editor option
  even when Advanced Editor is disabled for the site (Thanks, Markus) [Dirk]
- Comment submissions for plugins were missing the type [Dirk]
- In the Group Editor, hide the 'Apply "Default Group" change' option \ 
until the
  state of the "Default Group" checkbox changes (feature request #0001116,
  patch provided by Dushyant Tiwari)
- Fixed handling of $LANG_DIRECTION in the install script (cf. bug #0000871)
- Fixed query highlighting in articles - didn't work for queries that contained
  characters filtered by COM_applyFilter [Dirk]

- Updated Japanese language file, provided by the Geeklog.jp group
- New and updated French (France) language files, provided by Ben
- Updated Hebrew language file for the Links plugin, provided by LWC

Static Pages Plugin
-------------------
- Call up the Advanced Editor when enabled (bug #0001147, patch provided by
  Samuel Leathers)
- A Static Page can now be marked as a template and used by other Static Pages.
  (Feature #0001085) [Tom]

Log message:
Update geeklog package to 1.7.0.

Quote from release announce:

This release adds support for PostgreSQL (in addition to MySQL and MS
SQL), developed by Stan Palatnik during the Google Summer of Code
2009. It also adds a re-authentication option in case the CSRF token
expires, thus preventing loss of data. For other improvements, please
see the list of changes. Of course, it also addresses the latest
security issue.

We would also like to thank all those students again who applied for
the Google Summer of Code 2010 and submitted patches for Geeklog. Some
of them already made it into 1.7.0, the rest is scheduled for
inclusion into Geeklog 1.7.1. We will also be looking into adding more
of our successful GSoC projects from 2009 into that release.

Log message:
Update geeklog package to 1.6.1.1 (1.6.1sr1).

May 9, 2010 (1.6.1sr1)
------------

This release addresses the following security issue:

The autologin (using the long-term session cookie) is vulnerable to dictionary
attacks. This issue was originally reported by Bookoo of the Nine Situations
Group in one of his reports in April 2009 but apparently overlooked by the
Geeklog Team. Thanks to geeklog.net user Jack for pointing this out.

Log message:
Fix ownership. Bump revision.

Log message:
Update www/geeklog package to 1.6.1.

Geeklog 1.6.1

New Features and Improvements

  * Geeklog now lets you enter meta descriptions and meta keywords for the main
    page, for stories, topics, static pages, and polls. Please note that these
    meta tags may not be used by some search engines.
  * You can now have one featured story per topic (for stories set to "Show
    only in Topic").
  * New autotags now allow you to embed polls in stories and everywhere else
    where autotags are allowed.
  * The Migrate option in the install script can now also be applied to an
    existing database (i.e. you don't need to import a database dump to update
    your URLs and paths).
  * The Database Backup admin panel now includes options to optimize the
    database and convert tables to InnoDB (MySQL only).
  * Improved timezone support and let users actually set their own timezone.
  * Minor security enhancements:
      + "Important" cookies (like the session cookies) are now created \ 
with the
        HttpOnly flag set. This will help avoid some XSS attacks, provided your
        browser supports this flag.
      + Template errors will now trigger the standard error handler instead of
        exposing the template path.
      + Fixed inclusion protection for some of the Spam-X class files.

Please also see the list of theme changes.

Bugfixes

  * Fixed automatic closing of stories for comments after a certain amount of
    days. If you need to re-open comments on stories that were closed due to
    this bug, you can use this SQL request:
    UPDATE gl_stories SET commentcode = 0, comment_expire = 0 WHERE commentcode
    = 1;
  * The comment speed limit was being ignored.
  * Fixed a bug in the Group Editor that didn't let you add groups to other
    groups (this problem was only introduced in Geeklog 1.6.0).
  * The admin group for the Static Pages plugin was created with a wrong name
    in Geeklog 1.6.0 (fresh installs only).
  * Several tweaks and minor fixes (e.g. compatibility with PHP 4) in the
    search.

Log message:
Update Geeklog to 1.6.0sr2 (security release 2).

o Add some pkgsrc patches to improve Content-Type header output.

Geeklog 1.6.0sr2

This release addresses the following security issue:

  * Unauthorized file uploads were possible through FCKeditor.
    Uploaded files still had to go through FCKeditor's filter, so it was not
    possible to upload scripts (and the integrity of the Geeklog site as such
    was not in danger). There were, however, reports that this was used to host
    malware.
    This update prevents use of the upload feature when FCKeditor is disabled
    and disables it for anonymous users. It also doesn't allow uploading of
    archive files any more. Furthermore, you need some sort of "edit"
    permission now to be able to upload files through FCKeditor (this is meant
    as an interim measure - we will probably introduce a separate "upload"
    permission in future Geeklog versions).

Other fixes:

  * Fixed installation using InnoDB tables.
  * Fixed a (non-exploitable) SQL error when auto-updating a story's
    commentcode field.
  * Fixed a wrong function name in the Links plugin.

Geeklog 1.6.0sr1

This release addresses the following security issues:

 1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to
    email a story to a friend.
 2. The "Mail Story to a Friend" function didn't check story \ 
permissions, so
    that it was possible to email a story even if you didn't have the
    permissions to view it on the site.

Other fixes:

  * Fixed an SQL error when submitting a story and the story submission queue
    was off.
  * Fixed calls to a nonexistent function COM_outputMessageAndAbort.

Geeklog 1.6.0

Results from the Summer of Code

This release incorporates the following projects implemented during the the
2008 Google Summer of Code:

  * Site migration support and easier plugin installation, by Matt West
  * Improved search, by Sami Barakat
  * Comment moderation and editable comments, by Jared Wenerd

Other changes

  * The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that
    the PHP team ended support for PHP 4 in August 2008, you should be looking
    into upgrading to PHP 5 anyway.
  * Includes FCKeditor 2.6.4.1
  * Includes a new plugin, XMLSitemap, that automatically generates a XML
    sitemap file, as supported by all major search engines. Plugin written and
    provided by mystral-kk.
  * Several new plugin API functions have been added and existing functions
    have been extended.
  * The included documentation has been moved to docs/english to allow for
    translations. Links to the documentation from within Geeklog will link to
    existing translations for the current language automatically (or fall back
    to the English documentation if no suitable translation can be found).
  * There were a variety of theme changes to support new functionality and fix
    inconsistencies in the layout.

This release also includes a number of patches and improvements made by
students applying for participation in the Google Summer of Code 2009. Thank
you!

Log message:
Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.

And add updated fckeditor for Geeklog.

These updates should fix known security problems, Secunia SA36372.

Jul 30, 2009 (1.5.2sr5)
------------

This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
  email a story to a friend.
- The "Mail Story to a Friend" function didn't check story \ 
permissions, so that
  it was possible to email a story even if you didn't have the permissions to
  view it on the site.

Log message:
Remove @dirrm related logic.

Log message:
Convert @exec/@unexec to @pkgdir or drop it.