Bug 59741
| Summary: | [maintainer update]Fix Potential security issue with search in phpbb | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Kang Liu <liukang> | ||||
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Kang Liu
2003-11-28 00:20:13 UTC
On Fri, 28 Nov 2003 08:11:46 +0800 "Kang Liu" <liukang@bjpu.edu.cn> wrote: > >Fix: > --- distinfo.orig Thu Sep 18 02:14:52 2003 > +++ distinfo Fri Nov 28 07:54:56 2003 > @@ -1 +1 @@ > -MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 > +MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 You should bump PORTREVISION too ;-) clem Yes, you are right.
I'm sorry for my careless. :-(
Here is patch again.
--- Makefile.orig Mon Jul 7 16:04:49 2003
+++ Makefile Fri Nov 28 08:24:37 2003
@@ -7,7 +7,7 @@
PORTNAME= phpbb
PORTVERSION= 2.0.5
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
--- distinfo.orig Thu Sep 18 02:14:52 2003
+++ distinfo Fri Nov 28 07:54:56 2003
@@ -1 +1 @@
-MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07
+MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48
patch again.
The portversion should be 2.0.6, not 2.0.5
--- Makefile.orig Fri Nov 28 08:30:42 2003
+++ Makefile Fri Nov 28 08:30:48 2003
@@ -7,7 +7,7 @@
PORTNAME= phpbb
PORTVERSION= 2.0.6
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
--- distinfo.orig Thu Sep 18 02:14:52 2003
+++ distinfo Fri Nov 28 07:54:56 2003
@@ -1 +1 @@
-MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07
+MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48
Hi, portmgr Could you approve and commit this PR? Thanks very much. The details of this vulnerability: http://www.securityfocus.com/archive/1/345872 The exploit: http://www.securityfocus.com/archive/1/345937 Kang State Changed From-To: open->closed committed, thanks! HI. This ports becomes checksum error. The contents of distfiles put in freebsd.org feel old. How-To-Repeat: #cd /usr/ports/www/phpbb #make fetch ------------------------------------------------------------------------ - Perform a "make options" to see a list of available installation options. ------------------------------------------------------------------------ - >> phpBB-2.0.6.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. >> Attempting to fetch from ftp://ftp2.jp.freebsd.org/pub/FreeBSD/ports/ distfiles/. Receiving phpBB-2.0.6.tar.bz2 (447777 bytes): 100% (ETA 00:00) 447777 bytes transferred in 36.3 seconds (12.03 kBps) #md5 phpBB-2.0.6.tar.bz2 MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 #fetch http://keihanna.dl.sourceforge.net/sourceforge/phpbb/phpBB-2.0.6. tar.bz2 #md5 phpBB-2.0.6.tar.bz2 MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 #cat /usr/ports/www/phpbb/distinfo MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 --- Fumihiko Kimura <jfkimura@yahoo.co.jp> __________________________________________________ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ |
