The phpbb developers just released a announcement about potential security issue with search: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=153818 They updated the src-pack but didn't change the version number. I know the port freeze has begun, but this problem seems serious, and all src-packs have been updated, phpbb is borken(checksum) now. As Joe Marcus Clarke said in PR:56706, All build fixes do not need portmgr approval. Can anyone commit it? How-To-Repeat: run make at ports/www/phpbb
On Fri, 28 Nov 2003 08:11:46 +0800 "Kang Liu" <liukang@bjpu.edu.cn> wrote: > >Fix: > --- distinfo.orig Thu Sep 18 02:14:52 2003 > +++ distinfo Fri Nov 28 07:54:56 2003 > @@ -1 +1 @@ > -MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 > +MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 You should bump PORTREVISION too ;-) clem
Yes, you are right. I'm sorry for my careless. :-( Here is patch again. --- Makefile.orig Mon Jul 7 16:04:49 2003 +++ Makefile Fri Nov 28 08:24:37 2003 @@ -7,7 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} --- distinfo.orig Thu Sep 18 02:14:52 2003 +++ distinfo Fri Nov 28 07:54:56 2003 @@ -1 +1 @@ -MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 +MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48
patch again. The portversion should be 2.0.6, not 2.0.5 --- Makefile.orig Fri Nov 28 08:30:42 2003 +++ Makefile Fri Nov 28 08:30:48 2003 @@ -7,7 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.6 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} --- distinfo.orig Thu Sep 18 02:14:52 2003 +++ distinfo Fri Nov 28 07:54:56 2003 @@ -1 +1 @@ -MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 +MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48
Hi, portmgr Could you approve and commit this PR? Thanks very much. The details of this vulnerability: http://www.securityfocus.com/archive/1/345872 The exploit: http://www.securityfocus.com/archive/1/345937 Kang
State Changed From-To: open->closed committed, thanks!
HI. This ports becomes checksum error. The contents of distfiles put in freebsd.org feel old. How-To-Repeat: #cd /usr/ports/www/phpbb #make fetch ------------------------------------------------------------------------ - Perform a "make options" to see a list of available installation options. ------------------------------------------------------------------------ - >> phpBB-2.0.6.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. >> Attempting to fetch from ftp://ftp2.jp.freebsd.org/pub/FreeBSD/ports/ distfiles/. Receiving phpBB-2.0.6.tar.bz2 (447777 bytes): 100% (ETA 00:00) 447777 bytes transferred in 36.3 seconds (12.03 kBps) #md5 phpBB-2.0.6.tar.bz2 MD5 (phpBB-2.0.6.tar.bz2) = ee73baaac8f2f72c2a1d879ea811bd07 #fetch http://keihanna.dl.sourceforge.net/sourceforge/phpbb/phpBB-2.0.6. tar.bz2 #md5 phpBB-2.0.6.tar.bz2 MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 #cat /usr/ports/www/phpbb/distinfo MD5 (phpBB-2.0.6.tar.bz2) = 6574f13e2c7b66fda4faf1b2ddacae48 --- Fumihiko Kimura <jfkimura@yahoo.co.jp> __________________________________________________ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/