Summary: | www-apps/gallery-3.0.5 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Gustav Schaffter <gustav.schaffter> |
Component: | New packages | Assignee: | Gentoo Web Application Packages Maintainers <web-apps> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | evadim, gustav.schaffter, m.debruijne, manschwetus, mrueg, nerve, security, sven.koehler, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://galleryproject.org/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 411727 | ||
Attachments: |
files/postinstall-en.txt
gallery-3.0.4.ebuild gallery-3.0.5.ebuild postupgrade-en.txt gallery-3.0.5.ebuild gallery-3.0.5.ebuild gallery-3.0.5.ebuild gallery-3.0.5.ebuild files/postupgrade-en.txt |
Description
Gustav Schaffter
2012-06-18 13:00:26 UTC
Version 3.* isn't even in the tree yet. And there's a 2.3.2 bump for the version 2 branch. (In reply to comment #1) > Version 3.* isn't even in the tree yet. I'm aware of that. I believe version 3.x was first released about a year ago. Give or take some. On my community Web site we needed some features of the 3.x branch so an upgrade was necessary. It's just that now I'm responsible for a Web site with known vulnerabilities. I see rocks and hard places around me. ;-) Created attachment 316849 [details]
files/postinstall-en.txt
Created attachment 316851 [details]
gallery-3.0.4.ebuild
Hello, here my actual gallery 3.0.4 ebuild. (In reply to comment #1) > Version 3.* isn't even in the tree yet. And there's a 2.3.2 bump for the > version 2 branch. Exactly. The vulnerabilities here do not appear to affect our current or previous www-apps/gallery ebuilds. Passing over to web-apps. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1113 "Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2" The version in tree: www-apps/gallery 2.3.1 seems to be vulnerable. CCing security team wrt comment #7 (In reply to comment #5) > Hello, > > here my actual gallery 3.0.4 ebuild. Daniel, I should have told you long time ago. Got caught up in life. Anyway. Your ebuild is perfect, at least for my installation. I chose to do a new installation, parallel to the Gallery 2 installation, and migrate the data from G2 to G3. Everything is running perfectly well. Thanks a lot for the ebuild. Gustav + 23 Jan 2013; Sergey Popov <pinkbyte@gentoo.org> gallery-2.3.1.ebuild: + Change homepage, wrt bug #421761 Created attachment 341814 [details]
gallery-3.0.5.ebuild
Created attachment 341816 [details]
postupgrade-en.txt
Question: How long takes it to push this ebuild to the tree, at least as unstable ?? I submit ebuilds for gallery since a long time but never was one of the ebuilds pushed to the tree. @Gentoo Dev's: please review this simple ebuild and push it to the tree. (or is there a problem with it ?) Thank's Daniel (In reply to comment #13) > Question: > How long takes it to push this ebuild to the tree, > at least as unstable ?? > > I submit ebuilds for gallery since a long time > but never was one of the ebuilds pushed to the tree. > > @Gentoo Dev's: please review this simple ebuild > and push it to the tree. (or is there a problem with it ?) > > Thank's Daniel Okay let's get it into the tree, but there are a few problems: 1) don't rdepend on dev-db/mysql. Even though gallery needs mysql, it can be run on a different server. You may want to warn about. 2) move the ewarn's to pkg_postinst(), they don't belong in src_install(). 3) gallery-2 could use sqlite, and it had a few other options. were these dropped in gallery-3? (In reply to comment #14) > 3) gallery-2 could use sqlite, and it had a few other options. were these > dropped in gallery-3? Actually look at http://codex.galleryproject.org/Gallery3:User_guide:Gallery3:Installing_and_upgrading#Before_you_start_.2F_System_requirements You're missing some php dependencies. Also, I would avoid need_httpd_cgi and need_php_httpd. The reason is that those eclass functions use DEPEND when they should use RDEPEND. Its better to use the virtuals. Take a look at what I did for www-apps/moodle. Finally test at EAPI=5 since its approved. Thanks for your contribution! Created attachment 341868 [details]
gallery-3.0.5.ebuild
Created attachment 341870 [details]
gallery-3.0.5.ebuild
Created attachment 341872 [details]
gallery-3.0.5.ebuild
corrected some spell misstakes ;-)
Hello Anthony, First, thank you for your review. I have tried to update the ebuild. > 1) don't rdepend on dev-db/mysql. Even though gallery needs mysql, it can be run on a different server. You may want to warn about. rdepend to dev-db/mysql deleted ;-) >2) move the ewarn's to pkg_postinst(), they don't belong in src_install(). done. >3) gallery-2 could use sqlite, and it had a few other options. were these dropped in gallery-3? Yes, the only supported database at the moment is mysql or its clone mariadb >http://codex.galleryproject.org/Gallery3:User_guide:Gallery3:Installing_and_upgrading#Before_you_start_.2F_System_requirements >You're missing some php dependencies. Checked, only found mbstring, enabled with the useflag unicode (ebuild updated...) pcre,spl,reflection are enbled by php standard, no useflag aviable. >Also, I would avoid need_httpd_cgi and need_php_httpd. >The reason is that those eclass functions use DEPEND when they should use RDEPEND. >Its better to use the virtuals. >Take a look at what I did for www-apps/moodle. done. i have droped depend.php and euils eclass since now i dont use this functions ;-) >Finally test at EAPI=5 since its approved. done Thanks for your Help Created attachment 341874 [details]
gallery-3.0.5.ebuild
corrected some spell mistakes
Created attachment 341876 [details]
files/postupgrade-en.txt
corrected some misspells
Now it's done. If i can make some future corrections or improvements, please let me know. Thank you, Daniel (In reply to comment #22) > Now it's done. > > If i can make some future corrections > or improvements, please let me know. > > Thank you, Daniel Okay I did some cleanup and added it to the tree. |