Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 58375 - app-misc/gallery updated for webapp.eclass
Summary: app-misc/gallery updated for webapp.eclass
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Gentoo Web Application Packages Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-26 03:57 UTC by Renat Lumpau (RETIRED)
Modified: 2004-08-20 09:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
gallery-1.4.4_rc2.ebuild (gallery-1.4.4_rc2.ebuild,1.27 KB, text/plain)
2004-07-26 03:58 UTC, Renat Lumpau (RETIRED)
Details
files/postinstall-en.txt (postinstall-en.txt,195 bytes, text/plain)
2004-07-26 03:58 UTC, Renat Lumpau (RETIRED)
Details
gallery-1.4.4-r1.ebuild (gallery-1.4.4-r1.ebuild,1.01 KB, text/plain)
2004-08-03 06:30 UTC, Renat Lumpau (RETIRED)
Details
files/postinstall-en.txt (postinstall-en.txt,253 bytes, text/plain)
2004-08-03 06:30 UTC, Renat Lumpau (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Renat Lumpau (RETIRED) gentoo-dev 2004-07-26 03:57:30 UTC
app-misc/gallery updated for webapp.eclass
Comment 1 Renat Lumpau (RETIRED) gentoo-dev 2004-07-26 03:58:01 UTC
Created attachment 36175 [details]
gallery-1.4.4_rc2.ebuild
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2004-07-26 03:58:16 UTC
Created attachment 36176 [details]
files/postinstall-en.txt
Comment 3 Chris Kelly 2004-07-30 15:51:40 UTC
see http://bugs.gentoo.org/show_bug.cgi?id=51008 perhaps..


Also, As of 1.4.4, Gallery no longer requires the use of configure.sh and secure.sh.  The configuration wizard is run via a logged in administrator for upgrades and without running the script on a new install.
Comment 4 Mike Nerone 2004-08-02 14:03:42 UTC
Three issues about that ebuild. Only one is major:

1. In the dodoc line, Changelog should be Changlog.archive.gz (don't know why they have it that way).
2. After the dodoc, you should rm -f the dodoc files or else they're duplicated into the master-copy installation.
3. *** The major one ***: Don't "touch config.php". Packaging config.php makes it overwrite the user's config.php with no backup.
Comment 5 Mike Nerone 2004-08-02 14:05:47 UTC
Doh, typo: I meant "ChangeLog.archive.gz"
Comment 6 Mike Nerone 2004-08-02 14:07:47 UTC
Oh, and ditto item 3 for .htaccess!
Comment 7 Renat Lumpau (RETIRED) gentoo-dev 2004-08-02 15:45:11 UTC
Mike,

Thanks for your comments, I did not think about overwriting existing configfiles. Will fix shortly.
Comment 8 Chris Kelly 2004-08-02 16:03:15 UTC
FYI there is a ChangeLog and a ChangeLog.archive.gz because the raw changelog is about ~300K when uncompressed.  the non-compressed one is the most recent changes, usually since the last point release.
Comment 9 Mike Nerone 2004-08-02 16:50:33 UTC
Ah, you're absolutely right, Chris. I missed that.
Comment 10 Renat Lumpau (RETIRED) gentoo-dev 2004-08-03 06:30:15 UTC
Created attachment 36698 [details]
gallery-1.4.4-r1.ebuild

- version bump (all arches dropped to ~)
- incorporated suggestions
Comment 11 Renat Lumpau (RETIRED) gentoo-dev 2004-08-03 06:30:38 UTC
Created attachment 36699 [details]
files/postinstall-en.txt
Comment 12 Mike Nerone 2004-08-03 14:20:44 UTC
That one seems to work well here. One thought, though: I agree with you not doing "rm -rf html" after the dohtml, since the docs are linked from within gallery when logged in. But the dohtml redundantly duplicates the whole html documentation tree in /usr/share/doc/gallery-*. I'm not sure the right thing to do is *not* to do the dohtml so as to avoid this duplication since, typically, those docs are supposed to be there. I'm just mentioning it for consideration.
Comment 13 Kurt Lieber (RETIRED) gentoo-dev 2004-08-18 13:51:57 UTC
If/when we get ready to draft a GLSA:

20:42 <@Stuart> klieber: by default, we ship php w/ allow_fopen_url=off, which (from reading the code) should be enough to prevent the attack from working
Comment 14 Renat Lumpau (RETIRED) gentoo-dev 2004-08-18 23:37:52 UTC
In CVS, also see bug #60742
Comment 15 Mike Nerone 2004-08-19 10:41:35 UTC
# emerge -av gallery

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] www-apps/gallery-1.4.4-r1   0 kB

Total size of downloads: 0 kB

Do you want me to merge these packages? [Yes/No]
>>> emerge (1 of 1) www-apps/gallery-1.4.4-r1 to /
>>> md5 src_uri ;-) gallery-1.4.4.tar.gz
vhosts
>>> Unpacking source...
>>> Unpacking gallery-1.4.4.tar.gz to /var/tmp/portage/gallery-1.4.4-r1/work
 * Applying vuln-20040817.diff...                                                                                 [ ok ]
>>> Source unpacked.

>>> Install gallery-1.4.4-r1 into /var/tmp/portage/gallery-1.4.4-r1/image/ category www-apps
gzip: /var/tmp/portage/gallery-1.4.4-r1/image/usr/share/doc/gallery-1.4.4-r1/ChangeLog.archive.gz already has .gz suffix -- unchanged
 * (server owned) htdocs/albums
 * ebuild fault: file '/usr/portage/www-apps/gallery/files/postinstall-en.txt' not found
 * Please report this as a bug at http://bugs.gentoo.org/

!!! ERROR: www-apps/gallery-1.4.4-r1 failed.
!!! Function webapp_checkfileexists, Line 59, Exitcode 0
!!! ebuild fault: file '/usr/portage/www-apps/gallery/files/postinstall-en.txt' not found
Comment 16 Renat Lumpau (RETIRED) gentoo-dev 2004-08-19 11:05:57 UTC
Thanks for reporting. Missing file in CVS now, will hit your mirrors in about an hour.
Comment 17 Mike Nerone 2004-08-20 09:33:15 UTC
Works for me now. :)