From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Sep 11 09:00:45 2003
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D340D16A4BF
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 11 Sep 2003 09:00:45 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 34D7E43FF3
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 11 Sep 2003 09:00:33 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8BG0XUp007093
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 11 Sep 2003 09:00:33 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8BG0X0A007092;
	Thu, 11 Sep 2003 09:00:33 -0700 (PDT)
Resent-Date: Thu, 11 Sep 2003 09:00:33 -0700 (PDT)
Resent-Message-Id: <200309111600.h8BG0X0A007092@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Kang Liu" <liukang@bjpu.edu.cn>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 910D416A4BF
	for <freebsd-gnats-submit@freebsd.org>;
	Thu, 11 Sep 2003 08:51:04 -0700 (PDT)
Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3697E43FB1
	for <freebsd-gnats-submit@freebsd.org>;
	Thu, 11 Sep 2003 08:51:03 -0700 (PDT)
	(envelope-from liukang@bjpu.edu.cn)
Received: (eyou gateway send program); Thu, 11 Sep 2003 23:53:08 +0800
Received: from unknown (HELO ssc) (unknown@61.51.124.52)
 by 202.112.78.77 with ; Thu, 11 Sep 2003 23:53:08 +0800
Message-Id: <000601c3787d$50b23fd0$0501a8c0@ssc>
Date: Thu, 11 Sep 2003 23:56:49 +0800
From: "Kang Liu" <liukang@bjpu.edu.cn>
To: <FreeBSD-gnats-submit@FreeBSD.org>
Subject: ports/56706: [maintainer]fix BBCode vulnerability & pgsql problem
	in phpbb
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2003 16:00:46 -0000


>Number:         56706
>Category:       ports
>Synopsis:       [maintainer]fix BBCode vulnerability & pgsql problem in phpbb
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 11 09:00:32 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Kang Liu
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
Beijing University of Technology
>Environment:
System: FreeBSD ftp.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #54: Sun Aug 31 15:09:39 CST 2003 delphij
@ftp.bjpu.edu.cn:/usr/obj/usr/src/sys/FTP i386
>Description:
Ivanchenko V. I. [webmaster@asiamusic.ru] and  send me a patch that can fix BBCode vulnerability & pgsql problem in phpbb.
Reference: Vulnerability in BBCode - serious http://www.phpbb.com/phpBB/viewtopic.php?t=135116

When I try to fetch "the latest phpbb2.0.6" from sourceforge, .
it seems that the developers have updated their files but didn't change the version number.
>How-To-Repeat:
n/a
>Fix:
Thank Ivanchenko V. I. for sending me the patch, as the phpbb developers have applied that patch,
What I should do now is just dump the PORTREVISION and update the distinfo.
Here is my patch:

Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/distinfo,v
retrieving revision 1.5
diff -u -r1.5 distinfo
--- distinfo	24 Aug 2003 11:37:24 -0000	1.5
+++ distinfo	11 Sep 2003 15:39:11 -0000
@@ -1 +1 @@
-MD5 (phpBB-2.0.6.tar.bz2) = 28f20c82fce9ad6329b937c967eb1c72
+MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile	30 Aug 2003 17:24:14 -0000	1.12
+++ Makefile	11 Sep 2003 15:39:11 -0000
@@ -7,7 +7,7 @@

 PORTNAME=	phpbb
 PORTVERSION=	2.0.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}


>Release-Note:
>Audit-Trail:
>Unformatted: