Date: Thu, 25 Jan 2007 11:49:43 +0800 From: LI Xin <delphij@delphij.net> To: gareth <bsd@lordcow.org> Cc: ports@freebsd.org Subject: Re: phpBB patch? Message-ID: <45B828D7.3060305@delphij.net> In-Reply-To: <20070125032857.GA5686@lordcow.org> References: <20070125032857.GA5686@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig17C9D90CDE6D104E8E54C2E2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable gareth wrote: > hi, portupgrade just upgraded phpbb-2.0.22 to phpbb-2.0.22_1. > it used phpBB-2.0.22.tar.bz2 from www.phpbb.com (same as before), > and as far as i can tell the .php files are the same (and naturally > the database is untouched). does anyone know what this upgrade > was meant to achieve? This update has removed a patch which is previously used to protect users against session exhaustion problem that hurts when heap session table is used, which is common and is suggested by phpBB developers in the MySQL 3.x age. Unfortunately, the continued phpBB development has more and more (ab)use of the session table and simply rejecting anonymous session is no longer feasible, as it causes problem for many places in phpBB especially for its new features. Instead of using the patch, users have to re-create session table if they used heap session table in the past, to prevent the DoS problem. This would not cause serious performance penalty for newer MySQL versions. Cheers, --=20 Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig17C9D90CDE6D104E8E54C2E2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFuCjXOfuToMruuMARAyVkAJ9Rbzh26jia/m2kqjLoT53JsH0A8wCfT4tv RHs17recZ13T98mDlDi1wfk= =ETem -----END PGP SIGNATURE----- --------------enig17C9D90CDE6D104E8E54C2E2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45B828D7.3060305>