Ivanchenko V. I. [webmaster@asiamusic.ru] and send me a patch that can fix BBCode vulnerability & pgsql problem in phpbb. Reference: Vulnerability in BBCode - serious http://www.phpbb.com/phpBB/viewtopic.php?t=135116 When I try to fetch "the latest phpbb2.0.6" from sourceforge, . it seems that the developers have updated their files but didn't change the version number. Fix: Thank Ivanchenko V. I. for sending me the patch, as the phpbb developers have applied that patch, What I should do now is just dump the PORTREVISION and update the distinfo. Here is my patch: PORTNAME= phpbb PORTVERSION= 2.0.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME}--xd8D1mrEdu0LRQ3B1jo0d0jdgogp0SlFzUvrwIzsv4mPVgsK Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" Index: distinfo =================================================================== RCS file: /home/ncvs/ports/www/phpbb/distinfo,v retrieving revision 1.5 diff -u -r1.5 distinfo --- distinfo 24 Aug 2003 11:37:24 -0000 1.5 +++ distinfo 11 Sep 2003 15:39:11 -0000 @@ -1 +1 @@ -MD5 (phpBB-2.0.6.tar.bz2) = 28f20c82fce9ad6329b937c967eb1c72 +MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 Index: Makefile =================================================================== RCS file: /home/ncvs/ports/www/phpbb/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 30 Aug 2003 17:24:14 -0000 1.12 +++ Makefile 11 Sep 2003 15:39:11 -0000 @@ -7,7 +7,7 @@ How-To-Repeat: n/a
It is a security update. In addition the phpbb is broken(checksum) now.
On Mon, 15 Sep 2003, Kang Liu wrote: > It is a security update. > In addition the phpbb is broken(checksum) now. > All build fixes do not need portmgr approval. Joe > > PGP Key : http://www.marcuscom.com/pgp.asc
State Changed From-To: open->closed Committed, thanks!