[geeklog-hg] geeklog: Geeklog 1.8.2sr1

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Tue Feb 19 14:03:30 EST 2013 

changeset 8954:c86f028f8543
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c86f028f8543
user: Dirk Haun <dirk at haun-online.de>
date: Tue Feb 19 20:01:34 2013 +0100
description:
Geeklog 1.8.2sr1

diffstat:

 public_html/admin/install/lib-install.php |   2 +-
 public_html/docs/english/changes.html     |  14 ++++++++++++++
 public_html/docs/english/install.html     |  10 +++++-----
 public_html/docs/history                  |  15 +++++++++++++++
 4 files changed, 35 insertions(+), 6 deletions(-)

diffs (99 lines):

diff -r 26680fbf136b -r c86f028f8543 public_html/admin/install/lib-install.php
--- a/public_html/admin/install/lib-install.php	Tue Feb 19 15:32:14 2013 +0100
+++ b/public_html/admin/install/lib-install.php	Tue Feb 19 20:01:34 2013 +0100
@@ -56,7 +56,7 @@
     * This constant defines Geeklog's version number. It will be written to
     * siteconfig.php and the database (in the latter case minus any suffix).
     */
-    define('VERSION', '1.8.2');
+    define('VERSION', '1.8.2sr1');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r 26680fbf136b -r c86f028f8543 public_html/docs/english/changes.html
--- a/public_html/docs/english/changes.html	Tue Feb 19 15:32:14 2013 +0100
+++ b/public_html/docs/english/changes.html	Tue Feb 19 20:01:34 2013 +0100
@@ -16,6 +16,20 @@
 <a href="../history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a
 list of files that have been changed since the last release.</p>
 
+<h2><a name="changes182sr1">Geeklog 1.8.2sr1</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>High-Tech Bridge Security Research Lab reported an XSS in the calendar_type parameter in the Calendar plugin (HTB23143).</li>
+<li>Trustwave Spiderlabs reported XSS in the install script, the Configuration, as well as in the Admin interfaces for the Polls plugin and the Topic editor (TWSL2013-001).</li>
+</ul>
+
+<p>Other fixes:</p>
+<ul>
+<li>Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API.</li>
+</ul>
+
+
 <h2><a name="changes182">Geeklog 1.8.2</a></h2>
 
 <p>Geeklog 1.8.2 is a maintenance release. There were no changes in the database, the templates, or the language files in this release, so upgrades should be straightforward.</p>
diff -r 26680fbf136b -r c86f028f8543 public_html/docs/english/install.html
--- a/public_html/docs/english/install.html	Tue Feb 19 15:32:14 2013 +0100
+++ b/public_html/docs/english/install.html	Tue Feb 19 20:01:34 2013 +0100
@@ -60,7 +60,7 @@
         </li>
         <li>
             <p>Unpack the downloaded tarball file by running: </p>
-            <p><code>tar -zxvf geeklog-1.8.2.tar.gz</code> </p>
+            <p><code>tar -zxvf geeklog-1.8.2sr1.tar.gz</code> </p>
             
             <p><strong>Note:</strong> Some users have reported that WinZip corrupts certain Geeklog files during decompression. This will cause errors during the installation process. You are strongly urged not to use WinZip. Try <a href="http://www.7-zip.org/">7-Zip</a> or <a href="http://www.rarlab.com/">WinRAR</a> if you must decompress the file locally.</p>
         </li>
@@ -68,9 +68,9 @@
             <p>Create a blank MySQL, PostgreSQL, or Microsoft SQL database and a user account with privileges to modify it. Your hosting provider may have already set up a database and account for you, contact them if you need assistance with this step.</p>
         </li>
         <li>
-            <p>Place the contents of <code>geeklog-1.8.2/public_html/</code> into your web root directory on your web server. The web root directory is often named "public_html", "htdocs", or "www".</p>
+            <p>Place the contents of <code>geeklog-1.8.2sr1/public_html/</code> into your web root directory on your web server. The web root directory is often named "public_html", "htdocs", or "www".</p>
         
-            <p>Next, place the remaining contents of <code>geeklog-1.8.2/</code> into either the parent directory of your root web directory (recommended) or any other non public folder and the installation wizard will attempt to locate them automatically. If it cannot you will be asked to specify their paths during installation. This is done as a security measure to prevent access to Geeklog system files by Internet users. </p>
+            <p>Next, place the remaining contents of <code>geeklog-1.8.2sr1/</code> into either the parent directory of your root web directory (recommended) or any other non public folder and the installation wizard will attempt to locate them automatically. If it cannot you will be asked to specify their paths during installation. This is done as a security measure to prevent access to Geeklog system files by Internet users. </p>
             
             <p><strong>Note:</strong> If your hosting provider does not allow you to place files outside of your root web directory:</p>
             <ul>
@@ -108,12 +108,12 @@
         </li>
         <li>
             <p>Unpack the downloaded tarball file by running: </p>
-            <p><code>tar -zxvf geeklog-1.8.2.tar.gz</code> </p>
+            <p><code>tar -zxvf geeklog-1.8.2sr1.tar.gz</code> </p>
             
             <p><strong>Note:</strong> Some users have reported that WinZip corrupts certain Geeklog files during decompression. This will cause errors during the installation process. You are strongly urged not to use WinZip. Try <a href="http://www.7-zip.org/">7-Zip</a> or <a href="http://www.rarlab.com/">WinRAR</a> if you must decompress the file locally.</p>
         </li>
         <li>
-            <p>Place the contents of <code>geeklog-1.8.2/</code> into the same directory your old installation was located. For instance, if your old Geeklog was in <code>/usr/home/www/geeklog/</code>, then your new installation should also be in <code>/usr/home/www/geeklog/</code>.</p>
+            <p>Place the contents of <code>geeklog-1.8.2sr1/</code> into the same directory your old installation was located. For instance, if your old Geeklog was in <code>/usr/home/www/geeklog/</code>, then your new installation should also be in <code>/usr/home/www/geeklog/</code>.</p>
         </li>
         <li>Depending on the version you're upgrading from:
             <ul>
diff -r 26680fbf136b -r c86f028f8543 public_html/docs/history
--- a/public_html/docs/history	Tue Feb 19 15:32:14 2013 +0100
+++ b/public_html/docs/history	Tue Feb 19 20:01:34 2013 +0100
@@ -1,5 +1,20 @@
 Geeklog History/Changes:
 
+Feb 19, 2013 (1.8.2sr1)
+------------
+
+This release addresses the following security issues:
+- High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
+  parameter in the Calendar plugin (HTB23143).
+- Trustwave Spiderlabs reported XSS in the install script, the Configuration,
+  as well as in the Admin interfaces for the Polls plugin and the Topic editor
+  (TWSL2013-001).
+
+Not security-related:
+- Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
+  (feature request #0001506).
+
+
 Dec 30, 2012 (1.8.2)
 ------------

More information about the geeklog-cvs mailing list