From liukang@bjpu.edu.cn  Thu Sep 11 08:51:04 2003
Return-Path: <liukang@bjpu.edu.cn>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 910D416A4BF
	for <freebsd-gnats-submit@freebsd.org>; Thu, 11 Sep 2003 08:51:04 -0700 (PDT)
Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3697E43FB1
	for <freebsd-gnats-submit@freebsd.org>; Thu, 11 Sep 2003 08:51:03 -0700 (PDT)
	(envelope-from liukang@bjpu.edu.cn)
Received: (eyou gateway send program); Thu, 11 Sep 2003 23:53:08 +0800
Received: from unknown (HELO ssc) (unknown@61.51.124.52)
 by 202.112.78.77 with ; Thu, 11 Sep 2003 23:53:08 +0800
Message-Id: <000601c3787d$50b23fd0$0501a8c0@ssc>
Date: Thu, 11 Sep 2003 23:56:49 +0800
From: "Kang Liu" <liukang@bjpu.edu.cn>
To: <FreeBSD-gnats-submit@freebsd.org>
Subject: [maintainer]fix BBCode vulnerability & pgsql problem in phpbb

>Number:         56706
>Category:       ports
>Synopsis:       [maintainer]fix BBCode vulnerability & pgsql problem in phpbb
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 11 09:00:32 PDT 2003
>Closed-Date:    Wed Sep 17 11:20:41 PDT 2003
>Last-Modified:  Wed Sep 17 11:20:41 PDT 2003
>Originator:     Kang Liu
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
Beijing University of Technology
>Environment:
System: FreeBSD ftp.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #54: Sun Aug 31 15:09:39 CST 2003 delphij
@ftp.bjpu.edu.cn:/usr/obj/usr/src/sys/FTP i386
>Description:
Ivanchenko V. I. [webmaster@asiamusic.ru] and  send me a patch that can fix BBCode vulnerability & pgsql problem in phpbb.
Reference: Vulnerability in BBCode - serious http://www.phpbb.com/phpBB/viewtopic.php?t=135116

When I try to fetch "the latest phpbb2.0.6" from sourceforge, .
it seems that the developers have updated their files but didn't change the version number.
>How-To-Repeat:
n/a
>Fix:
Thank Ivanchenko V. I. for sending me the patch, as the phpbb developers have applied that patch,
What I should do now is just dump the PORTREVISION and update the distinfo.
Here is my patch:

Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/distinfo,v
retrieving revision 1.5
diff -u -r1.5 distinfo
--- distinfo	24 Aug 2003 11:37:24 -0000	1.5
+++ distinfo	11 Sep 2003 15:39:11 -0000
@@ -1 +1 @@
-MD5 (phpBB-2.0.6.tar.bz2) = 28f20c82fce9ad6329b937c967eb1c72
+MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/phpbb/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile	30 Aug 2003 17:24:14 -0000	1.12
+++ Makefile	11 Sep 2003 15:39:11 -0000
@@ -7,7 +7,7 @@

 PORTNAME=	phpbb
 PORTVERSION=	2.0.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}


>Release-Note:
>Audit-Trail:

From: "Kang Liu" <liukang@bjpu.edu.cn>
To: <freebsd-gnats-submit@FreeBSD.org>, <liukang@bjpu.edu.cn>
Cc: <portmgr@freebsd.org>
Subject: Re: ports/56706: [maintainer]fix BBCode vulnerability & pgsql problem in phpbb
Date: Mon, 15 Sep 2003 18:37:52 +0800

 It is a security update. 
 In addition the phpbb is broken(checksum) now.
 

From: Joe Marcus Clarke <marcus@marcuscom.com>
To: Kang Liu <liukang@bjpu.edu.cn>
Cc: freebsd-gnats-submit@FreeBSD.org, portmgr@FreeBSD.org
Subject: Re: ports/56706: [maintainer]fix BBCode vulnerability & pgsql problem
 in phpbb
Date: Mon, 15 Sep 2003 15:17:28 -0400 (EDT)

 On Mon, 15 Sep 2003, Kang Liu wrote:
 
 > It is a security update.
 > In addition the phpbb is broken(checksum) now.
 >
 
 All build fixes do not need portmgr approval.
 
 Joe
 
 
 >
 >
 
 PGP Key : http://www.marcuscom.com/pgp.asc
State-Changed-From-To: open->closed 
State-Changed-By: krion 
State-Changed-When: Wed Sep 17 11:20:35 PDT 2003 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56706 
>Unformatted:
