Added security patch. Closes #29198.

5 files changed, 139 insertions, 4 deletions

diff --git a/net-www/phpBB/ChangeLog b/net-www/phpBB/ChangeLog
index eae1fc975855..85a640e49670 100644
--- a/net-www/phpBB/ChangeLog
+++ b/net-www/phpBB/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-www/phpBB
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/phpBB/ChangeLog,v 1.4 2003/08/11 17:04:09 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/phpBB/ChangeLog,v 1.5 2003/09/22 22:24:36 mholzer Exp $
+
+*phpBB-2.0.6-r1 (24 Sep 2003)
+
+  24 Sep 2003; Martin Holzer <mholzer@gentoo.org> phpBB-2.0.6-r1.ebuild,
+  files/phpBB-2.0.6-security.patch:
+  Added security patch. Closes #29198.
 
 *phpBB-2.0.6 (11 Aug 2003)
 
diff --git a/net-www/phpBB/Manifest b/net-www/phpBB/Manifest
index 545f65cc7fc6..33903926792a 100644
--- a/net-www/phpBB/Manifest
+++ b/net-www/phpBB/Manifest
@@ -1,6 +1,6 @@
-MD5 17ee618bb24b1c8d2838fe24bb17c3e6 ChangeLog 645
-MD5 3dc5479f41f63151f95dfc8c476920c2 phpBB-2.0.6-r1.ebuild 1404
+MD5 b1fdec28fe8f3080afa1152992f0f567 ChangeLog 825
+MD5 18056c4744dd6d52b4f79424d9c5a722 phpBB-2.0.6-r1.ebuild 1397
 MD5 11faf79a85f5c4dab07936eee4afa1f8 phpBB-2.0.6.ebuild 1333
-MD5 4539885d206181df53c6e0db1ff33217 files/phpBB-2.0.6-security.patch 3985
+MD5 dd352cf51cdca8cd8b7275b2bad5a427 files/phpBB-2.0.6-security.patch 4003
 MD5 d8c04c96ab7db9b65effac516a92b8ae files/digest-phpBB-2.0.6-r1 63
 MD5 d8c04c96ab7db9b65effac516a92b8ae files/digest-phpBB-2.0.6 63
diff --git a/net-www/phpBB/files/digest-phpBB-2.0.6-r1 b/net-www/phpBB/files/digest-phpBB-2.0.6-r1
new file mode 100644
index 000000000000..686427c8dabf
--- /dev/null
+++ b/net-www/phpBB/files/digest-phpBB-2.0.6-r1
@@ -0,0 +1 @@
+MD5 9fcaa3148203159db03947998a3cba9d phpBB-2.0.6.tar.gz 544080
diff --git a/net-www/phpBB/files/phpBB-2.0.6-security.patch b/net-www/phpBB/files/phpBB-2.0.6-security.patch
new file mode 100644
index 000000000000..4f98d0c46958
--- /dev/null
+++ b/net-www/phpBB/files/phpBB-2.0.6-security.patch
@@ -0,0 +1,80 @@
+--- includes/bbcode.php.org	2003-09-24 00:15:41.000000000 +0000
++++ includes/bbcode.php	2003-09-24 00:22:05.000000000 +0000
+@@ -105,7 +105,7 @@
+ 	$bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']);
+ 
+ 	$bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']);
+-	$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\5', $bbcode_tpl['url4']);
++	$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']);
+ 
+ 	$bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']);
+ 
+@@ -197,21 +197,21 @@
+ 	$patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";
+ 	$replacements[] = $bbcode_tpl['img'];
+ 
+-	// matches a [url]xxxx://www.phpbb.com[/url] code..
+-	$patterns[] = "#\[url\]([\w]+?://.*?[^ \"\n\r\t<]*?)\[/url\]#is";
+-	$replacements[] = $bbcode_tpl['url1'];
+-
+-	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
+-	$patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\[/url\]#is";
+-	$replacements[] = $bbcode_tpl['url2'];
+-
+-	// [url=xxxx://www.phpbb.com]phpBB[/url] code..
+-	$patterns[] = "#\[url=([\w]+?://.*?[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
+-	$replacements[] = $bbcode_tpl['url3'];
+-
+-	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
+-	$patterns[] = "#\[url=((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\](.*?)\[/url\]#is";
+-	$replacements[] = $bbcode_tpl['url4'];
++	// matches a [url]xxxx://www.phpbb.com[/url] code.. 
++	$patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is"; 
++	$replacements[] = $bbcode_tpl['url1']; 
++
++	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). 
++	$patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is"; 
++	$replacements[] = $bbcode_tpl['url2']; 
++
++	// [url=xxxx://www.phpbb.com]phpBB[/url] code.. 
++	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; 
++	$replacements[] = $bbcode_tpl['url3']; 
++
++	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). 
++	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; 
++	$replacements[] = $bbcode_tpl['url4']; 
+ 
+ 	// [email]user@domain.tld[/email] code..
+ 	$patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si";
+@@ -618,16 +618,16 @@
+ 	// pad it with a space so we can match things at the start of the 1st line.
+ 	$ret = ' ' . $text;
+ 
+-	// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
+-	// xxxx can only be alpha characters.
+-	// yyyy is anything up to the first space, newline, comma, double quote or <
+-	$ret = preg_replace("#(^|[\n ])([\w]+?://.*?[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
++	//matches an "xxxx://yyyy" URL at the start of a line, or after a space. 
++	// xxxx can only be alpha characters. 
++	// yyyy is anything up to the first space, newline, comma, double quote or < 
++	$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret); 
+ 
+-	// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
+-	// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
++	// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing 
++	// Must contain at least 2 dots. xxxx contains either alphanum, or "-" 
+ 	// zzzz is optional.. will contain everything up to the first space, newline, 
+-	// comma, double quote or <.
+-	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t\n\r<]*)?)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);
++	// comma, double quote or <. 
++	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);
+ 
+ 	// matches an email@domain type address at the start of a line, or after a space.
+ 	// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
+@@ -782,4 +782,4 @@
+ 	return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1;
+ }
+ 
+-?>
+\ No newline at end of file
++?>
diff --git a/net-www/phpBB/phpBB-2.0.6-r1.ebuild b/net-www/phpBB/phpBB-2.0.6-r1.ebuild
new file mode 100644
index 000000000000..ecf6258b4523
--- /dev/null
+++ b/net-www/phpBB/phpBB-2.0.6-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# Maintainer: Tim Raedisch <tim.raedisch@udo.edu>
+# $Header: /var/cvsroot/gentoo-x86/net-www/phpBB/phpBB-2.0.6-r1.ebuild,v 1.1 2003/09/22 22:24:36 mholzer Exp $
+
+S=${WORKDIR}/${PN}2
+DESCRIPTION="phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package."
+HOMEPAGE="http://www.phpbb.com/"
+SRC_URI="http://belnet.dl.sourceforge.net/sourceforge/phpbb/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha"
+
+DEPEND="virtual/php"
+
+inherit webapp-apache
+webapp-detect || NO_WEBSERVER=1
+
+pkg_setup() {
+	webapp-pkg_setup "${NO_WEBSERVER}"
+
+	if [ -d ${HTTPD_ROOT}/phpbb ] ; then
+		ewarn "You need to unmerge your old phpBB version first."
+		ewarn "phpBB will be installed into ${HTTPD_ROOT}/phpbb"
+		ewarn "directly instead of a version-dependant directory."
+		die "need to unmerge old version first"
+	fi
+
+	einfo "Installing for ${WEBAPP_SERVER}"
+}
+
+src_compile() {
+	epatch ${FILESDIR}/${P}-security.patch || die "Security patch failed"
+	#we need to have this empty function ... default compile hangs
+	echo "Nothing to compile"
+}
+
+src_install() {
+	dodir "${HTTPD_ROOT}/phpbb"
+	cp -a * "${D}/${HTTPD_ROOT}/phpbb"
+	dodoc ${S}/docs/*
+
+	cd "${D}/${HTTPD_ROOT}"
+	chown -R "${HTTPD_USER}.${HTTPD_GROUP}" "${D}/${HTTPD_ROOT}/phpbb"
+}
+
+