Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Jul 2005 15:56:21 +0900 (JST)
From:      Fumihiko Kimura <jfkimura@yahoo.co.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/83828: update ports: www/tdiary-devel
Message-ID:  <200507210656.j6L6uLGp065945@sh0.radio.gr.jp>
Resent-Message-ID: <200507210700.j6L70Xru053013@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         83828
>Category:       ports
>Synopsis:       update ports: www/tdiary-devel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 21 07:00:33 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Fumihiko Kimura
>Release:        FreeBSD 4.11-RELEASE i386
>Organization:
>Environment:
>Description:

- Security (against CSRF attack) update to 2.1.2

(JP Vendor Status Notes) JVN#60776919
(http://jvn.jp/jp/JVN%2360776919/index.html
 http://www.ipa.go.jp/security/vuln/documents/2005/JVN_60776919_tdiary.html)

Cross-site request forgery (CSRF) vulnerability in tDiary versions 2.1.1, 2.0.1 and before.

>How-To-Repeat:
>Fix:

=== begin  cut here ===
diff -urN tdiary-devel.orig/Makefile tdiary-devel/Makefile
--- tdiary-devel.orig/Makefile	Sat Jun 11 20:23:37 2005
+++ tdiary-devel/Makefile	Thu Jul 21 13:56:26 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	tdiary
-PORTVERSION=	2.1.1
+PORTVERSION=	2.1.2
 CATEGORIES?=	www ruby
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
 		http://www.tdiary.org/download/
@@ -22,6 +22,7 @@
 PKGMESSAGE=	${WRKDIR}/pkg-message
 USE_RUBY=	yes
 RUBY_VER=	1.8
+#TDIARY_LANG	ja:Japanese en:English zh:Traditional-Chinese
 
 RUBY_SHEBANG_FILES=	index.rb update.rb misc/convert2.rb misc/plugin/squeeze.rb \
 			misc/plugin/windex.rb misc/plugin/rast-register.rb \
@@ -33,7 +34,7 @@
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 
 .if  !defined(TDIARY_LANG)
-TDIARY_LANG=	tdiary.conf-en
+TDIARY_LANG=	en
 .endif
 .if defined(WITH_TDIARY_UCONV)
 RUN_DEPENDS+=	${RUBY_SITEARCHLIBDIR}/uconv.so:${PORTSDIR}/japanese/ruby-uconv
@@ -54,15 +55,7 @@
 		-e 's,@@@@LANG@@@@,${TDIARY_LANG},g' \
 		${FILESDIR}/tdiaryinst.rb.in > ${TDIARYDIR}/tdiaryinst.rb
 	@${CP} -pR ${WRKSRC}/ ${TDIARYDIR}
-.if ${TDIARY_LANG} == tdiary.conf-en
-	@${ECHO_MSG} "===>  TDIARY : English Language messages support"
 	@${RUBY} -i -pe 'sub(/%Y-%m-%d/, "%Y-%m-%d [%a]")' ${TDIARYDIR}/misc/i18n/tdiary.conf.sample-en
-.else
-	@${ECHO_MSG} "===>  TDIARY : Japanese Language messages support"
-	@${RUBY} -i -pe 'sub(/%Y-%m-%d/, "%Y-%m-%d [%J]")' ${TDIARYDIR}/tdiary.conf.sample
-	@${ECHO_MSG}
-	@${ECHO_MSG} "===>  When you install in home directory, let's choose plugin of 'jdate.rb' to just display 'YOUBI'."
-.endif
 	@${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${TDIARYDIR}
 
 post-install:
diff -urN tdiary-devel.orig/distinfo tdiary-devel/distinfo
--- tdiary-devel.orig/distinfo	Thu Jun  9 16:42:46 2005
+++ tdiary-devel/distinfo	Thu Jul 21 10:28:15 2005
@@ -1,2 +1,2 @@
-MD5 (tdiary-full-2.1.1.tar.gz) = 74bf1819643c512c6f0af1bc6599c1c5
-SIZE (tdiary-full-2.1.1.tar.gz) = 2138225
+MD5 (tdiary-full-2.1.2.tar.gz) = 9fed458ba325b771d89e582c6ad28a84
+SIZE (tdiary-full-2.1.2.tar.gz) = 2924123
diff -urN tdiary-devel.orig/files/tdiaryinst.rb.in tdiary-devel/files/tdiaryinst.rb.in
--- tdiary-devel.orig/files/tdiaryinst.rb.in	Sat Jun 11 20:23:37 2005
+++ tdiary-devel/files/tdiaryinst.rb.in	Thu Jul 21 15:12:30 2005
@@ -85,7 +85,7 @@
   STDERR.print "    --name=<author_name>      Specify author name\n"
   STDERR.print "    --mail=<author_mail>      Specify author mail address\n"
   STDERR.print "    --tdiarymaster=<dir>      Specify tDiary master directory default: @@@@PREFIX@@@@/share/examples/tdiary\n"
-  STDERR.print "    --lang=<language>         Specify your language ('en' or 'ja') default: @@@@LANG@@@@\n"
+  STDERR.print "    --lang=<language>         Specify your language ('en' or 'ja' or 'zh') default: @@@@LANG@@@@\n"
   STDERR.print "    --suexec                  Use suExec for CGI execution\n"
   STDERR.print "    --symlink                 Use symbolic link for tDiary master files\n"
   STDERR.print "    --quiet                   Do not display any information\n"
@@ -158,6 +158,9 @@
     when 'tdiary.conf-ja' , 'ja'
       @lang = 'ja'
       @tdconfig = 'tdiary.conf-ja'
+    when 'zh'
+      @lang = 'zh'
+      @tdconfig = 'tdiary.conf-en'
     else
       raise "Unknown Language : #{value}"
     end
@@ -215,7 +218,6 @@
 
   def copyBaseFile
     FileUtils16.cp_r("#{@tdiarymaster}/doc", "#{@passwd.dir}/#{@httpdir}/#{@diarydir}", :preserve, *@fileutilOptions)
-#   FileUtils16.cp_r("#{@tdiarymaster}/erb", "#{@passwd.dir}/#{@httpdir}/#{@diarydir}", :preserve, *@fileutilOptions)
     FileUtils16.cp_r("#{@tdiarymaster}/misc", "#{@passwd.dir}/#{@httpdir}/#{@diarydir}", :preserve, *@fileutilOptions)
     FileUtils16.cp_r("#{@tdiarymaster}/plugin", "#{@passwd.dir}/#{@httpdir}/#{@diarydir}", :preserve, *@fileutilOptions)
     FileUtils16.cp_r("#{@tdiarymaster}/skel", "#{@passwd.dir}/#{@httpdir}/#{@diarydir}", :preserve, *@fileutilOptions)
@@ -281,6 +283,7 @@
         line = "@author_mail = '#{@author_mail}'\n" if line =~ /^\@author_mail\s/
         line = "@html_title = '#{@author_name} diary'\n" if line =~ /^\@html_title\s/
         line = "@index_page = 'http://#{@author_host}/~#{@username}\/'" if line =~ /^\@index_page\s/
+	line = "@lang = '#{@lang}'\n" if line =~ /^\@lang\s/
         s += line
       }
     }
diff -urN tdiary-devel.orig/pkg-descr tdiary-devel/pkg-descr
--- tdiary-devel.orig/pkg-descr	Thu Jun  9 19:01:23 2005
+++ tdiary-devel/pkg-descr	Thu Jul 21 13:59:25 2005
@@ -2,7 +2,7 @@
 It is possible for diary readers to add comments to your diary.
 
      -  require Ruby 1.8.2 or later
-     -  currently supported: Japanese, English
+     -  currently supported: Japanese, English, Traditional-Chinese
     tDiary is developed on http://sourceforge.net/projects/tdiary/ .
     See URL for more information.
 
=== ended  cut here ===

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507210656.j6L6uLGp065945>