Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jul 2004 10:15:00 +0800 (CST)
From:      Xin LI <delphij@frontfree.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        liukang@bjut.edu.cn
Subject:   ports/69042: [PATCH] Update www/phpbb to 2.0.9
Message-ID:  <20040714021500.D9CFA115F0@beastie.frontfree.net>
Resent-Message-ID: <200407140230.i6E2UNV7092356@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         69042
>Category:       ports
>Synopsis:       [PATCH] Update www/phpbb to 2.0.9
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 14 02:30:22 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Xin LI
>Release:        FreeBSD 5.2-delphij i386
>Organization:
The FreeBSD Simplified Chinese Project
>Environment:
System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #80: Thu Jun 24 17:30:33 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386


>Description:
	Update phpbb to latest released version, 2.0.9. This version contains important security updates.
	For detailed information, please check out here:
		http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=209797

	This (non-maintainer) update also make the following changes:
	  - Automatically removed patch generated .orig files.
	  - Use more flexible PHPBB_VER variable to ease future updates.
	  - Removed the IP spoof patch, which is contained in this release.

	Please review the patch and consider approving it.

>How-To-Repeat:
	N/A
>Fix:

	Apply the following patch against www/phpbb

--- patch-phpbb begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/Makefile,v
retrieving revision 1.24
diff -u -r1.24 Makefile
--- Makefile	6 May 2004 13:49:19 -0000	1.24
+++ Makefile	14 Jul 2004 02:07:09 -0000
@@ -6,12 +6,11 @@
 #
 
 PORTNAME=	phpbb
-PORTVERSION=	2.0.8
-PORTREVISION=	3
+PORTVERSION=	2.0.9
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
-DISTNAME=	phpBB-${PORTVERSION}a
+DISTNAME=	phpBB-${PORTVERSION}
 
 MAINTAINER=	liukang@bjpu.edu.cn
 COMMENT=	A PHP-based bulletin board / discussion forum system
@@ -37,6 +36,7 @@
 USE_REINPLACE=	yes
 PKGMESSAGE=	${WRKDIR}/pkg-message
 PLIST_SUB+=	PHPBBDIR=${PHPBBDIR} WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
+PLIST_SUB+=	PHPBB_VER=${PORTVERSION:S/.//g}
 
 # Set custom variables:
 #
@@ -61,6 +61,7 @@
 post-patch:
 	@ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \
 	  ${WRKSRC}/docs/*.html
+	@${RM} -f `${FIND} ${WRKSRC} -name '*.orig'`
 
 post-configure:
 	@ ${SED} \
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/distinfo,v
retrieving revision 1.13
diff -u -r1.13 distinfo
--- distinfo	30 Mar 2004 21:33:25 -0000	1.13
+++ distinfo	14 Jul 2004 02:07:09 -0000
@@ -1,2 +1,2 @@
-MD5 (phpBB-2.0.8a.tar.bz2) = 44d33a5851800f8f278d3c100fb2fcb3
-SIZE (phpBB-2.0.8a.tar.bz2) = 457308
+MD5 (phpBB-2.0.9.tar.bz2) = 2b6b5814c62acea8078d99378a0a11b4
+SIZE (phpBB-2.0.9.tar.bz2) = 452079
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/pkg-plist,v
retrieving revision 1.10
diff -u -r1.10 pkg-plist
--- pkg-plist	26 Mar 2004 17:06:30 -0000	1.10
+++ pkg-plist	14 Jul 2004 02:07:09 -0000
@@ -11,9 +11,9 @@
 share/phpbb/contrib/fixfiles.sh
 share/phpbb/contrib/template_db_cache.php
 share/phpbb/contrib/template_file_cache.php
-share/phpbb/contrib/visual_confirmation.zip
+share/phpbb/contrib/visual_confirmation.tar.bz2
 share/phpbb/install.php
-share/phpbb/update_to_208.php
+share/phpbb/update_to_%%PHPBB_VER%%.php
 share/phpbb/upgrade.php
 %%PHPBBDIR%%/admin/admin_board.php
 %%PHPBBDIR%%/admin/admin_db_utilities.php
@@ -113,7 +113,7 @@
 %%PHPBBDIR%%/install/schemas/mysql_schema.sql
 %%PHPBBDIR%%/install/schemas/postgres_basic.sql
 %%PHPBBDIR%%/install/schemas/postgres_schema.sql
-%%PHPBBDIR%%/install/update_to_208.php
+%%PHPBBDIR%%/install/update_to_%%PHPBB_VER%%.php
 %%PHPBBDIR%%/install/upgrade.php
 %%PHPBBDIR%%/language/index.htm
 %%PHPBBDIR%%/language/lang_english/email/admin_activate.tpl
Index: files/patch-common.php
===================================================================
RCS file: files/patch-common.php
diff -N files/patch-common.php
--- files/patch-common.php	6 May 2004 13:49:19 -0000	1.2
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,104 +0,0 @@
---- common.php:1.74.2.10	Wed Jun  4 10:41:39 2003
-+++ common.php	Wed Apr 21 05:18:02 2004
-@@ -6,8 +6,7 @@
-  *   copyright            : (C) 2001 The phpBB Group
-  *   email                : support@phpbb.com
-  *
-- *   $Id: common.php,v 1.74.2.10 2003/06/04 17:41:39 acydburn Exp $
-- *
-+ *   $Id: common.php,v 1.74.2.11 2004/04/21 12:18:02 psotfx Exp $
-  *
-  ***************************************************************************/
- 
-@@ -25,9 +24,44 @@
- 	die("Hacking attempt");
- }
- 
-+//
-+function unset_vars(&$var)
-+{
-+	while (list($var_name, $null) = @each($var))
-+	{
-+		unset($GLOBALS[$var_name]);
-+	}
-+	return;
-+}
-+
-+//
- error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
- set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
- 
-+$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
-+
-+// Unset globally registered vars - PHP5 ... hhmmm
-+if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
-+{
-+	$var_prefix = (phpversion() >= '4.3.0') ? '' : 'HTTP';
-+	$var_suffix = (phpversion() >= '4.3.0') ? '' : '_VARS';
-+
-+	if(is_array(${$var_prefix . '_GET' . $var_suffix}))
-+	{
-+		unset_vars(${$var_prefix . '_GET' . $var_suffix});
-+	}
-+
-+	if(is_array(${$var_prefix . '_POST' . $var_suffix}))
-+	{
-+		unset_vars(${$var_prefix . '_POST' . $var_suffix});
-+	}
-+
-+	if(is_array(${$var_prefix . '_COOKIE' . $var_suffix}))
-+	{
-+		unset_vars(${$var_prefix . '_COOKIE' . $var_suffix});
-+	}
-+}
-+
- //
- // addslashes to vars if magic_quotes_gpc is off
- // this is a security precaution to prevent someone
-@@ -106,6 +140,7 @@
- $theme = array();
- $images = array();
- $lang = array();
-+$nav_links = array();
- $gen_simple_header = FALSE;
- 
- include($phpbb_root_path . 'config.'.$phpEx);
-@@ -126,32 +161,12 @@
- //
- // Obtain and encode users IP
- //
--if( getenv('HTTP_X_FORWARDED_FOR') != '' )
--{
--	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
--
--	$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
--	reset($entries);
--	while (list(, $entry) = each($entries)) 
--	{
--		$entry = trim($entry);
--		if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
--		{
--			$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
--			$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
--
--			if ($client_ip != $found_ip)
--			{
--				$client_ip = $found_ip;
--				break;
--			}
--		}
--	}
--}
--else
--{
--	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
--}
-+// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
-+// private range IP's appearing instead of the guilty routable IP, tough, don't
-+// even bother complaining ... go scream and shout at the idiots out there who feel
-+// "clever" is doing harm rather than good ... karma is a great thing ... :)
-+//
-+$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
- $user_ip = encode_ip($client_ip);
- 
- //
--- patch-phpbb ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040714021500.D9CFA115F0>