Date: Mon, 28 Feb 2005 11:55:55 GMT From: Kang Liu <liukang@bjut.edu.cn> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/78189: [maintainer] update www/phpbb to 2.0.13 to fix privilege elevation and path disclosure Message-ID: <200502281155.j1SBtthP047014@www.freebsd.org> Resent-Message-ID: <200502281200.j1SC0e1G023808@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 78189
>Category: ports
>Synopsis: [maintainer] update www/phpbb to 2.0.13 to fix privilege elevation and path disclosure
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 28 12:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Kang Liu
>Release: 5.3
>Organization:
Beijing University of Technology
>Environment:
FreeBSD 5.3-STABLE #0: Thu Jan 6 17:37:44 CST 2005
>Description:
The phpbb developer group announces there are 2 security problems in phpbb 2.0.12, privilege elevation and path disclosure. (VuXML ID: 53e711ed-8972-11d9-9ff8-00306e01dda2)
In my patch:
1. update www/phpbb to 2.0.13
2. use DATADIR in pkg-plist
>How-To-Repeat:
2. portlint
>Fix:
--- Makefile.orig Wed Feb 23 15:00:51 2005
+++ Makefile Mon Feb 28 19:30:32 2005
@@ -6,7 +6,7 @@
#
PORTNAME= phpbb
-PORTVERSION= 2.0.12
+PORTVERSION= 2.0.13
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
--- distinfo.orig Wed Feb 23 15:00:51 2005
+++ distinfo Mon Feb 28 19:30:39 2005
@@ -1,2 +1,2 @@
-MD5 (phpBB-2.0.12.tar.bz2) = 5b77c23c22147c5d9719922b2f64d8fa
-SIZE (phpBB-2.0.12.tar.bz2) = 436885
+MD5 (phpBB-2.0.13.tar.bz2) = a8a286d3855b969e1e8757464accf095
+SIZE (phpBB-2.0.13.tar.bz2) = 436886
--- pkg-plist.orig Wed Feb 23 15:00:51 2005
+++ pkg-plist Mon Feb 28 19:30:44 2005
@@ -6,14 +6,14 @@
%%PORTDOCS%%%%DOCSDIR%%/README.html
%%PORTDOCS%%%%DOCSDIR%%/coding-guidelines.txt
%%PORTDOCS%%%%DOCSDIR%%/codingstandards.htm
-share/phpbb/contrib/README.html
-share/phpbb/contrib/dbinformer.php
-share/phpbb/contrib/fixfiles.sh
-share/phpbb/contrib/template_db_cache.php
-share/phpbb/contrib/template_file_cache.php
-share/phpbb/install.php
-share/phpbb/update_to_latest.php
-share/phpbb/upgrade.php
+%%DATADIR%%/contrib/README.html
+%%DATADIR%%/contrib/dbinformer.php
+%%DATADIR%%/contrib/fixfiles.sh
+%%DATADIR%%/contrib/template_db_cache.php
+%%DATADIR%%/contrib/template_file_cache.php
+%%DATADIR%%/install.php
+%%DATADIR%%/update_to_latest.php
+%%DATADIR%%/upgrade.php
%%PHPBBDIR%%/admin/admin_board.php
%%PHPBBDIR%%/admin/admin_db_utilities.php
%%PHPBBDIR%%/admin/admin_disallow.php
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502281155.j1SBtthP047014>