From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Mar 30 06:00:31 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 630EE16A4CF
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 30 Mar 2004 06:00:31 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 45A7443D31
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 30 Mar 2004 06:00:31 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i2UE0Vbv058750	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 30 Mar 2004 06:00:31 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2UE0VEi058744;
	Tue, 30 Mar 2004 06:00:31 -0800 (PST)
	(envelope-from gnats)
Resent-Date: Tue, 30 Mar 2004 06:00:31 -0800 (PST)
Resent-Message-Id: <200403301400.i2UE0VEi058744@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Kang Liu <liukang@bjpu.edu.cn>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0232616A4CE
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 30 Mar 2004 05:55:56 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D786E43D2D
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 30 Mar 2004 05:55:55 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i2UDtt72032076
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 30 Mar 2004 05:55:55 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i2UDttEs032075;
	Tue, 30 Mar 2004 05:55:55 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200403301355.i2UDttEs032075@www.freebsd.org>
Date: Tue, 30 Mar 2004 05:55:55 -0800 (PST)
From: Kang Liu <liukang@bjpu.edu.cn>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Subject: ports/64939: [maintainer] update www/phpbb to 2.0.8a
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2004 14:00:31 -0000


>Number:         64939
>Category:       ports
>Synopsis:       [maintainer] update www/phpbb to 2.0.8a
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 30 06:00:30 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Kang Liu
>Release:        4.9
>Organization:
Beijing University of Technology
>Environment:
4.9-STABLE
>Description:
1. Update phpbb to 2.0.8a
2. Remove temporary patch for SQL injection in privmsg.php. The new release has fixed this vulnerability.
3. Bump PORTREVISION
>How-To-Repeat:
n/a
>Fix:
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/distinfo,v
retrieving revision 1.12
diff -u -r1.12 distinfo
--- distinfo	26 Mar 2004 17:06:30 -0000	1.12
+++ distinfo	30 Mar 2004 13:32:42 -0000
@@ -1,2 +1,2 @@
-MD5 (phpBB-2.0.8.tar.bz2) = 20d9e163e3f3b575639c2a1fbd9e8690
-SIZE (phpBB-2.0.8.tar.bz2) = 456585
+MD5 (phpBB-2.0.8a.tar.bz2) = 44d33a5851800f8f278d3c100fb2fcb3
+SIZE (phpBB-2.0.8a.tar.bz2) = 457308
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/Makefile,v
retrieving revision 1.21
diff -u -r1.21 Makefile
--- Makefile	27 Mar 2004 15:07:16 -0000	1.21
+++ Makefile	30 Mar 2004 13:48:59 -0000
@@ -7,11 +7,11 @@
 
 PORTNAME=	phpbb
 PORTVERSION=	2.0.8
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
-DISTNAME=	phpBB-${PORTVERSION}
+DISTNAME=	phpBB-${PORTVERSION}a
 
 MAINTAINER=	liukang@bjpu.edu.cn
 COMMENT=	A PHP-based bulletin board / discussion forum system
@@ -61,7 +61,6 @@
 post-patch:
 	@ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \
 	  ${WRKSRC}/docs/*.html
-	@ ${RM} ${WRKSRC}/*.orig
 
 post-configure:
 	@ ${SED} \

--- files/patch-privmsg.php	Sat Mar 27 23:07:16 2004
+++ /dev/null	Tue Mar 30 21:33:27 2004
@@ -1,21 +0,0 @@
---- privmsg.php	2004-03-18 19:51:32.000000000 +0000
-+++ privmsg.1.php	2004-03-26 19:51:07.000000000 +0000
-@@ -212,7 +212,17 @@
- 			break;
- 		case 'savebox':
- 			$l_box_name = $lang['Savebox'];
--			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
-+			
-+			//
-+			// For some obscure reason, the assignment 
-+			// concatenation operator was coded below, which 
-+			// allowed an attacker to append arbitrary SQL code
-+			// to the end of the $pm_sql_user variable.
-+			// This is fixed below.
-+			//
-+			// -shaun2k2
-+			//
-+			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
- 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
- 				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
- 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) 

>Release-Note:
>Audit-Trail:
>Unformatted: