From 827c135cc9b0b187a61a2d9e0f64592cce7418ff Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 22 Oct 2022 14:13:36 +0200
Subject: [PATCH 1/4] [ticket/security/274] Reset login keys/session when
 resetting password

SECURITY-274
---
 phpBB/phpbb/ucp/controller/reset_password.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php
index 9919100a6c..fd256ef30d 100644
--- a/phpBB/phpbb/ucp/controller/reset_password.php
+++ b/phpBB/phpbb/ucp/controller/reset_password.php
@@ -415,6 +415,7 @@ class reset_password
 							SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
 							WHERE user_id = ' . (int) $user_row['user_id'];
 				$this->db->sql_query($sql);
+				$this->user->reset_login_keys();
 				$this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [
 					'reportee_id' => $user_row['user_id'],
 					$user_row['username']

From 1c407e8049f8aae2273c2a34c5bf001ab7a1e967 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 23 Nov 2022 20:53:53 +0100
Subject: [PATCH 2/4] [prep-release-3.3.9] Update version numbers to 3.3.9

---
 build/build.xml                       | 4 ++--
 phpBB/includes/constants.php          | 2 +-
 phpBB/install/phpbbcli.php            | 2 +-
 phpBB/install/schemas/schema_data.sql | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/build/build.xml b/build/build.xml
index 0c57eb90f2..7269a2c5f0 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.9-RC1" />
+	<property name="newversion" value="3.3.9" />
 	<property name="prevversion" value="3.3.8" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.9-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 736a6b8533..de040839da 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.9-RC1');
+@define('PHPBB_VERSION', '3.3.9');
 
 // QA-related
 // define('PHPBB_QA', 1);
diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php
index ea79888c42..95b8f127f8 100755
--- a/phpBB/install/phpbbcli.php
+++ b/phpBB/install/phpbbcli.php
@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.9-RC1');
+define('PHPBB_VERSION', '3.3.9');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 35fca74c03..b743e686dd 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.9-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.9');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

From 744009882bdae1c481e93f52af8c3ca14928c6ec Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 23 Nov 2022 20:53:56 +0100
Subject: [PATCH 3/4] [prep-release-3.3.9] Add migration for 3.3.9

---
 phpBB/phpbb/db/migration/data/v33x/v339.php | 36 +++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v33x/v339.php

diff --git a/phpBB/phpbb/db/migration/data/v33x/v339.php b/phpBB/phpbb/db/migration/data/v33x/v339.php
new file mode 100644
index 0000000000..a2757343a7
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v33x/v339.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v339 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.9', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v339rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.9']],
+		];
+	}
+}

From b3d593b62637c744243ffefbb608af1ef93fa531 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 23 Nov 2022 20:54:42 +0100
Subject: [PATCH 4/4] [prep-release-3.3.9] Update changelog for 3.3.9

---
 phpBB/docs/CHANGELOG.html | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 6566212e43..ab65c70d1f 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -50,6 +50,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v339rc1">Changes since 3.3.9-RC1</a></li>
 		<li><a href="#v338">Changes since 3.3.8</a></li>
 		<li><a href="#v337">Changes since 3.3.7</a></li>
 		<li><a href="#v336">Changes since 3.3.6</a></li>
@@ -163,6 +164,16 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v339rc1"></a><h3>Changes since 3.3.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17058">PHPBB3-17058</a>] - Special character issue in emails from PHP 8.0 and higher</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-274">SECURITY-274</a>] - Reset login keys/session when resetting password</li>
+			</ul>
+
 			<a name="v338"></a><h3>Changes since 3.3.8</h3>
 			<h4>Bug</h4>
 			<ul>