summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2007-01-11 08:31:07 +0000
committerXin LI <delphij@FreeBSD.org>2007-01-11 08:31:07 +0000
commit541f0a28be5914e2dc7ac335b5c9877a1b338572 (patch)
tree9113f549d110c82af3a77591081afbdf631e1e6e
parent* Migrate to gfortran. (diff)
Remove previously added security patch against session table
exhaustion, as it causes more problems in the latest phpbb version. Users are advised to drop and re-create their session tables (phpbb_sessions, phpbb_sessions_keys) without using "HEAP" tables. Approved by: maintainer (via e-mail)
Notes
Notes: svn path=/head/; revision=182077
-rw-r--r--www/phpbb/Makefile8
-rw-r--r--www/phpbb/files/security-patch-includes-sessions.php11
2 files changed, 1 insertions, 18 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile
index d4a07b676c28..f57d06e2e22c 100644
--- a/www/phpbb/Makefile
+++ b/www/phpbb/Makefile
@@ -7,6 +7,7 @@
PORTNAME= phpbb
PORTVERSION= 2.0.22
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -31,13 +32,6 @@ WWWGRP?= www
#
# End of user-configurable variables.
-# XXX The phpBB folks does not seem to care about the session table DoS
-# issue. You can disable the patch at your own risk to make the
-# visual authentication work.
-.if !defined(WITHOUT_ANTI_SESSIONTAB_DOS_PATCH)
-EXTRA_PATCHES= ${FILESDIR}/security-patch-includes-sessions.php
-.endif
-
# Set/override/append to variables from bsd.port.mk:
#
WRKSRC= ${WRKDIR}/phpBB2
diff --git a/www/phpbb/files/security-patch-includes-sessions.php b/www/phpbb/files/security-patch-includes-sessions.php
deleted file mode 100644
index a84aa2f04322..000000000000
--- a/www/phpbb/files/security-patch-includes-sessions.php
+++ /dev/null
@@ -1,11 +0,0 @@
---- includes/sessions.php.orig Sat May 14 05:04:00 2005
-+++ includes/sessions.php Sun May 15 18:53:48 2005
-@@ -167,7 +167,7 @@
- $sql = "INSERT INTO " . SESSIONS_TABLE . "
- (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
- VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
-- if ( !$db->sql_query($sql) )
-+ if ( $user_id != ANONYMOUS && !$db->sql_query($sql) )
- {
- message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
- }