From tjs@CDPA.cc  Thu Mar  2 16:15:56 2006
Return-Path: <tjs@CDPA.cc>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA62516A422
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  2 Mar 2006 16:15:56 +0000 (GMT)
	(envelope-from tjs@CDPA.cc)
Received: from mail.CDPA.cc (mail.CDPA.cc [140.117.179.245])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 156E443D75
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  2 Mar 2006 16:15:50 +0000 (GMT)
	(envelope-from tjs@CDPA.cc)
Received: from CDPA.cc (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.CDPA.cc (Postfix) with ESMTP id C432922AFE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  3 Mar 2006 00:15:44 +0800 (CST)
Received: (from tjs@localhost)
	by CDPA.cc (8.13.4/8.13.3/Submit) id k22GFi5F025497;
	Fri, 3 Mar 2006 00:15:44 +0800 (CST)
	(envelope-from tjs)
Message-Id: <200603021615.k22GFi5F025497@CDPA.cc>
Date: Fri, 3 Mar 2006 00:15:44 +0800 (CST)
From: tjs <tjs@cdpa.nsysu.edu.tw>
Reply-To: tjs <tjs@cdpa.nsysu.edu.tw>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: www/gallery2: update to 2.0.3
X-Send-Pr-Version: 3.113
X-GNATS-Notify: freebsd-ports@varju.ca

>Number:         94027
>Category:       ports
>Synopsis:       www/gallery2: update to 2.0.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 02 16:20:09 GMT 2006
>Closed-Date:    Tue Apr 04 01:04:19 GMT 2006
>Last-Modified:  Tue Apr 04 01:04:19 GMT 2006
>Originator:     Jin-Shan Tseng
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
NCHC
>Environment:
System: FreeBSD CDPA.cc 5.4-STABLE FreeBSD 5.4-STABLE #0: Mon Jan 16 23:24:46 CST 2006 tjs@CDPA.cc:/usr/obj/usr/src/sys/CDPA i386


	
>Description:
	Gallery 2.0.3 Security Fix Release

	http://gallery.menalto.com/gallery_2.0.3_released

	This release adds no new features. It fixes a minor XSS exploit and an exploit in the session code that could allow users to remotely delete session files.

>How-To-Repeat:
	
>Fix:

	

--- patch begins here ---
--- Makefile.orig	Thu Mar  2 23:54:25 2006
+++ Makefile	Fri Mar  3 00:02:06 2006
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	gallery2
-PORTVERSION=	2.0.2
+PORTVERSION=	2.0.3
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	gallery
-DISTNAME=	gallery-2.0.2-full
+DISTNAME=	gallery-2.0.3-full
 DIST_SUBDIR=	gallery2
 
 MAINTAINER=	freebsd-ports@varju.ca
--- distinfo.orig	Thu Mar  2 23:54:29 2006
+++ distinfo	Fri Mar  3 00:02:12 2006
@@ -1,3 +1,3 @@
-MD5 (gallery2/gallery-2.0.2-full.tar.gz) = b833b195d1713745b97be0abfec221f6
-SHA256 (gallery2/gallery-2.0.2-full.tar.gz) = d18916b5300f47b69fb941da5591ab986a673f4ef1148a6a2aa0f922d1b6f564
-SIZE (gallery2/gallery-2.0.2-full.tar.gz) = 5426443
+MD5 (gallery2/gallery-2.0.3-full.tar.gz) = 6339132698e8cfae6328d365f3f7270c
+SHA256 (gallery2/gallery-2.0.3-full.tar.gz) = cb9687f54c268ac52659a07c848810b8729c001a8ac2216bbbac0db79c9099c1
+SIZE (gallery2/gallery-2.0.3-full.tar.gz) = 5429191
--- patch ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Mar 2 16:28:20 UTC 2006 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94027 

From: Alex Varju <alex@varju.ca>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/94027: www/gallery2: update to 2.0.3
Date: Thu, 02 Mar 2006 10:31:02 -0800

 This change looks good to me.

From: Alex Varju <alex@varju.ca>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/94027: www/gallery2: update to 2.0.3
Date: Sat, 11 Mar 2006 10:10:34 -0800

 This PR is now out of date.  Gallery 2.0.4 has been released, which
 contains security fixes.  Here is the diff to apply that version:
 
 --- gallery2-2.0.4.patch begins here ---
 Index: Makefile
 ===================================================================
 RCS file: /home/freebsd/cvsroot/ports/www/gallery2/Makefile,v
 retrieving revision 1.44
 diff -u -u -r1.44 Makefile
 --- Makefile	8 Feb 2006 16:03:05 -0000	1.44
 +++ Makefile	11 Mar 2006 18:00:38 -0000
 @@ -6,11 +6,11 @@
   #
 
   PORTNAME=	gallery2
 -PORTVERSION=	2.0.2
 +PORTVERSION=	2.0.4
   CATEGORIES=	www
   MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
   MASTER_SITE_SUBDIR=	gallery
 -DISTNAME=	gallery-2.0.2-full
 +DISTNAME=	gallery-2.0.4-full
   DIST_SUBDIR=	gallery2
 
   MAINTAINER=	freebsd-ports@varju.ca
 Index: distinfo
 ===================================================================
 RCS file: /home/freebsd/cvsroot/ports/www/gallery2/distinfo,v
 retrieving revision 1.33
 diff -u -u -r1.33 distinfo
 --- distinfo	24 Jan 2006 03:13:08 -0000	1.33
 +++ distinfo	11 Mar 2006 18:00:59 -0000
 @@ -1,3 +1,3 @@
 -MD5 (gallery2/gallery-2.0.2-full.tar.gz) = b833b195d1713745b97be0abfec221f6
 -SHA256 (gallery2/gallery-2.0.2-full.tar.gz) = d18916b5300f47b69fb941da5591ab986a673f4ef1148a6a2aa0f922d1b6f564
 -SIZE (gallery2/gallery-2.0.2-full.tar.gz) = 5426443
 +MD5 (gallery2/gallery-2.0.4-full.tar.gz) = 6e178785f0c35cb4d871241bb56740a8
 +SHA256 (gallery2/gallery-2.0.4-full.tar.gz) = a6ffc904c1cd0971e4eee1a0d298b533790047aa579f51b672c43224cfec34ba
 +SIZE (gallery2/gallery-2.0.4-full.tar.gz) = 5427163
 --- gallery2-2.0.4.patch ends here ---
 
 
State-Changed-From-To: feedback->closed 
State-Changed-By: kuriyama 
State-Changed-When: Tue Apr 4 01:03:38 UTC 2006 
State-Changed-Why:  
Upgraded to 2.1 (by ports/94971). 

Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94027 
>Unformatted:
