From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Sep 11 09:00:45 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D340D16A4BF for ; Thu, 11 Sep 2003 09:00:45 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34D7E43FF3 for ; Thu, 11 Sep 2003 09:00:33 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8BG0XUp007093 for ; Thu, 11 Sep 2003 09:00:33 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8BG0X0A007092; Thu, 11 Sep 2003 09:00:33 -0700 (PDT) Resent-Date: Thu, 11 Sep 2003 09:00:33 -0700 (PDT) Resent-Message-Id: <200309111600.h8BG0X0A007092@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Kang Liu" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 910D416A4BF for ; Thu, 11 Sep 2003 08:51:04 -0700 (PDT) Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3697E43FB1 for ; Thu, 11 Sep 2003 08:51:03 -0700 (PDT) (envelope-from liukang@bjpu.edu.cn) Received: (eyou gateway send program); Thu, 11 Sep 2003 23:53:08 +0800 Received: from unknown (HELO ssc) (unknown@61.51.124.52) by 202.112.78.77 with ; Thu, 11 Sep 2003 23:53:08 +0800 Message-Id: <000601c3787d$50b23fd0$0501a8c0@ssc> Date: Thu, 11 Sep 2003 23:56:49 +0800 From: "Kang Liu" To: Subject: ports/56706: [maintainer]fix BBCode vulnerability & pgsql problem in phpbb X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Sep 2003 16:00:46 -0000 >Number: 56706 >Category: ports >Synopsis: [maintainer]fix BBCode vulnerability & pgsql problem in phpbb >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Sep 11 09:00:32 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Kang Liu >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: Beijing University of Technology >Environment: System: FreeBSD ftp.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #54: Sun Aug 31 15:09:39 CST 2003 delphij @ftp.bjpu.edu.cn:/usr/obj/usr/src/sys/FTP i386 >Description: Ivanchenko V. I. [webmaster@asiamusic.ru] and send me a patch that can fix BBCode vulnerability & pgsql problem in phpbb. Reference: Vulnerability in BBCode - serious http://www.phpbb.com/phpBB/viewtopic.php?t=135116 When I try to fetch "the latest phpbb2.0.6" from sourceforge, . it seems that the developers have updated their files but didn't change the version number. >How-To-Repeat: n/a >Fix: Thank Ivanchenko V. I. for sending me the patch, as the phpbb developers have applied that patch, What I should do now is just dump the PORTREVISION and update the distinfo. Here is my patch: Index: distinfo =================================================================== RCS file: /home/ncvs/ports/www/phpbb/distinfo,v retrieving revision 1.5 diff -u -r1.5 distinfo --- distinfo 24 Aug 2003 11:37:24 -0000 1.5 +++ distinfo 11 Sep 2003 15:39:11 -0000 @@ -1 +1 @@ -MD5 (phpBB-2.0.6.tar.bz2) = 28f20c82fce9ad6329b937c967eb1c72 +MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 Index: Makefile =================================================================== RCS file: /home/ncvs/ports/www/phpbb/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 30 Aug 2003 17:24:14 -0000 1.12 +++ Makefile 11 Sep 2003 15:39:11 -0000 @@ -7,7 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} >Release-Note: >Audit-Trail: >Unformatted: