From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jul 14 02:30:23 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB38716A4CE for ; Wed, 14 Jul 2004 02:30:23 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD11D43D58 for ; Wed, 14 Jul 2004 02:30:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i6E2UNs8092357 for ; Wed, 14 Jul 2004 02:30:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6E2UNV7092356; Wed, 14 Jul 2004 02:30:23 GMT (envelope-from gnats) Resent-Date: Wed, 14 Jul 2004 02:30:23 GMT Resent-Message-Id: <200407140230.i6E2UNV7092356@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Xin LI Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B8B216A4CE for ; Wed, 14 Jul 2004 02:27:47 +0000 (GMT) Received: from mail.FreeBSD.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A07643D3F for ; Wed, 14 Jul 2004 02:27:45 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 53052 invoked by uid 0); 14 Jul 2004 02:26:02 -0000 Received: from unknown (HELO beastie.frontfree.net) (218.107.145.7) by mail.FreeBSD.org.cn with AES256-SHA encrypted SMTP; 14 Jul 2004 02:26:02 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id A02E01194D; Wed, 14 Jul 2004 10:15:03 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02446-01; Wed, 14 Jul 2004 10:15:02 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id D9CFA115F0; Wed, 14 Jul 2004 10:15:00 +0800 (CST) Message-Id: <20040714021500.D9CFA115F0@beastie.frontfree.net> Date: Wed, 14 Jul 2004 10:15:00 +0800 (CST) From: Xin LI To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: liukang@bjut.edu.cn Subject: ports/69042: [PATCH] Update www/phpbb to 2.0.9 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Xin LI List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2004 02:30:23 -0000 >Number: 69042 >Category: ports >Synopsis: [PATCH] Update www/phpbb to 2.0.9 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jul 14 02:30:22 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Xin LI >Release: FreeBSD 5.2-delphij i386 >Organization: The FreeBSD Simplified Chinese Project >Environment: System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #80: Thu Jun 24 17:30:33 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 >Description: Update phpbb to latest released version, 2.0.9. This version contains important security updates. For detailed information, please check out here: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=209797 This (non-maintainer) update also make the following changes: - Automatically removed patch generated .orig files. - Use more flexible PHPBB_VER variable to ease future updates. - Removed the IP spoof patch, which is contained in this release. Please review the patch and consider approving it. >How-To-Repeat: N/A >Fix: Apply the following patch against www/phpbb --- patch-phpbb begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/www/phpbb/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- Makefile 6 May 2004 13:49:19 -0000 1.24 +++ Makefile 14 Jul 2004 02:07:09 -0000 @@ -6,12 +6,11 @@ # PORTNAME= phpbb -PORTVERSION= 2.0.8 -PORTREVISION= 3 +PORTVERSION= 2.0.9 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -DISTNAME= phpBB-${PORTVERSION}a +DISTNAME= phpBB-${PORTVERSION} MAINTAINER= liukang@bjpu.edu.cn COMMENT= A PHP-based bulletin board / discussion forum system @@ -37,6 +36,7 @@ USE_REINPLACE= yes PKGMESSAGE= ${WRKDIR}/pkg-message PLIST_SUB+= PHPBBDIR=${PHPBBDIR} WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} +PLIST_SUB+= PHPBB_VER=${PORTVERSION:S/.//g} # Set custom variables: # @@ -61,6 +61,7 @@ post-patch: @ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \ ${WRKSRC}/docs/*.html + @${RM} -f `${FIND} ${WRKSRC} -name '*.orig'` post-configure: @ ${SED} \ Index: distinfo =================================================================== RCS file: /home/ncvs/ports/www/phpbb/distinfo,v retrieving revision 1.13 diff -u -r1.13 distinfo --- distinfo 30 Mar 2004 21:33:25 -0000 1.13 +++ distinfo 14 Jul 2004 02:07:09 -0000 @@ -1,2 +1,2 @@ -MD5 (phpBB-2.0.8a.tar.bz2) = 44d33a5851800f8f278d3c100fb2fcb3 -SIZE (phpBB-2.0.8a.tar.bz2) = 457308 +MD5 (phpBB-2.0.9.tar.bz2) = 2b6b5814c62acea8078d99378a0a11b4 +SIZE (phpBB-2.0.9.tar.bz2) = 452079 Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/www/phpbb/pkg-plist,v retrieving revision 1.10 diff -u -r1.10 pkg-plist --- pkg-plist 26 Mar 2004 17:06:30 -0000 1.10 +++ pkg-plist 14 Jul 2004 02:07:09 -0000 @@ -11,9 +11,9 @@ share/phpbb/contrib/fixfiles.sh share/phpbb/contrib/template_db_cache.php share/phpbb/contrib/template_file_cache.php -share/phpbb/contrib/visual_confirmation.zip +share/phpbb/contrib/visual_confirmation.tar.bz2 share/phpbb/install.php -share/phpbb/update_to_208.php +share/phpbb/update_to_%%PHPBB_VER%%.php share/phpbb/upgrade.php %%PHPBBDIR%%/admin/admin_board.php %%PHPBBDIR%%/admin/admin_db_utilities.php @@ -113,7 +113,7 @@ %%PHPBBDIR%%/install/schemas/mysql_schema.sql %%PHPBBDIR%%/install/schemas/postgres_basic.sql %%PHPBBDIR%%/install/schemas/postgres_schema.sql -%%PHPBBDIR%%/install/update_to_208.php +%%PHPBBDIR%%/install/update_to_%%PHPBB_VER%%.php %%PHPBBDIR%%/install/upgrade.php %%PHPBBDIR%%/language/index.htm %%PHPBBDIR%%/language/lang_english/email/admin_activate.tpl Index: files/patch-common.php =================================================================== RCS file: files/patch-common.php diff -N files/patch-common.php --- files/patch-common.php 6 May 2004 13:49:19 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,104 +0,0 @@ ---- common.php:1.74.2.10 Wed Jun 4 10:41:39 2003 -+++ common.php Wed Apr 21 05:18:02 2004 -@@ -6,8 +6,7 @@ - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * -- * $Id: common.php,v 1.74.2.10 2003/06/04 17:41:39 acydburn Exp $ -- * -+ * $Id: common.php,v 1.74.2.11 2004/04/21 12:18:02 psotfx Exp $ - * - ***************************************************************************/ - -@@ -25,9 +24,44 @@ - die("Hacking attempt"); - } - -+// -+function unset_vars(&$var) -+{ -+ while (list($var_name, $null) = @each($var)) -+ { -+ unset($GLOBALS[$var_name]); -+ } -+ return; -+} -+ -+// - error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables - set_magic_quotes_runtime(0); // Disable magic_quotes_runtime - -+$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; -+ -+// Unset globally registered vars - PHP5 ... hhmmm -+if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') -+{ -+ $var_prefix = (phpversion() >= '4.3.0') ? '' : 'HTTP'; -+ $var_suffix = (phpversion() >= '4.3.0') ? '' : '_VARS'; -+ -+ if(is_array(${$var_prefix . '_GET' . $var_suffix})) -+ { -+ unset_vars(${$var_prefix . '_GET' . $var_suffix}); -+ } -+ -+ if(is_array(${$var_prefix . '_POST' . $var_suffix})) -+ { -+ unset_vars(${$var_prefix . '_POST' . $var_suffix}); -+ } -+ -+ if(is_array(${$var_prefix . '_COOKIE' . $var_suffix})) -+ { -+ unset_vars(${$var_prefix . '_COOKIE' . $var_suffix}); -+ } -+} -+ - // - // addslashes to vars if magic_quotes_gpc is off - // this is a security precaution to prevent someone -@@ -106,6 +140,7 @@ - $theme = array(); - $images = array(); - $lang = array(); -+$nav_links = array(); - $gen_simple_header = FALSE; - - include($phpbb_root_path . 'config.'.$phpEx); -@@ -126,32 +161,12 @@ - // - // Obtain and encode users IP - // --if( getenv('HTTP_X_FORWARDED_FOR') != '' ) --{ -- $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); -- -- $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR')); -- reset($entries); -- while (list(, $entry) = each($entries)) -- { -- $entry = trim($entry); -- if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) ) -- { -- $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); -- $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); -- -- if ($client_ip != $found_ip) -- { -- $client_ip = $found_ip; -- break; -- } -- } -- } --} --else --{ -- $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); --} -+// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as -+// private range IP's appearing instead of the guilty routable IP, tough, don't -+// even bother complaining ... go scream and shout at the idiots out there who feel -+// "clever" is doing harm rather than good ... karma is a great thing ... :) -+// -+$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); - $user_ip = encode_ip($client_ip); - - // --- patch-phpbb ends here --- >Release-Note: >Audit-Trail: >Unformatted: