diff options
| author | asau <asau> | 2012-03-22 22:40:18 +0000 |
|---|---|---|
| committer | asau <asau> | 2012-03-22 22:40:18 +0000 |
| commit | 8291c4b685f2e9174217dc83e1f2eb29cdce2f84 (patch) | |
| tree | ca21f71c766dfa15ded3003bc25955507dee7dec /www/cherokee/distinfo | |
| parent | d2808cbcd349f81ff084a54078222f087e02567d (diff) | |
| download | pkgsrc-8291c4b685f2e9174217dc83e1f2eb29cdce2f84.tar.gz | |
Update to Cherokee 1.2.105
Requested by Moritz Wilhelmy on IRC.
Vulnerabilities fixed:
* CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee
before 1.2.99 allows remote attackers to hijack the authentication of
administrators for requests that insert cross-site scripting (XSS) sequences,
as demonstrated by a crafted nickname field to vserver/apply.
* CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and
PID values for seeding of a random number generator, which makes it easier
for local users to determine admin passwords via a brute-force attack.
New features (excerpt):
* Caching policies support
* Custom header can be defined inside rules
* Improved Index Page
* Kqueue is now used by default on MacOS X and *BSD
* New option to disable the use of SSLv2
* Wild cards are now supported in dirlist fields
* Redirection entries can be reordered
* ${vserver_name_req} in logger 'Custom'
* Cherokee-admin can be shut down from within
* TLS/SSL supports the 'IP per VServer' workaround now
* Virtual Server complex match support (OR rules)
* Redirection error handler has a 'default' option now
* New ${root_domain} macro in Advanced Virtual Hosting
* Failover load balancing plug-in
* cherokee-admin-launcher tool
* Information Source name resolution pre-caching
* Gzip and Default is configurable now (#1054)
* ${http_host}, ${http_referrer}, and ${http_user_agent} (#896)
* Much better OPTIONS support
* Documentation improvements
* Information Sources can be reordered now (*CGI handlers)
* X-Sendfile and X-Accel-Redirect support in the proxy
* Shared memory implementation (no longer SysV) (#537)
* Logger custom. New macro: ${http_cookie}
* Virtual Host regex group replacement (^ parameters)
* --with-cgiroot in configure
* -i / --disable-iocache param in cherokee-admin
* 'Server Info' extended to support accepts and timeouts
* cherokee-admin-launcher accepts SIGHUP now
* CTK_COOKIE security enhancement
* Enhanced pre-saving validations
* Interpreter env. vars can embedded $VARs evaluation
* QA bench can be run without installing Cherokee first
* OS tuning documentation
* Regex against full header match
* Nick name match is optional on VServers (#1075)
* Front-Line Cache (beta)
* Cherokee Distribution (beta)
* CHEROKEE_TRACE special "from=<ip>" support
* SSL/TLS Wizard
* SSI recursive includes
* "UNIX socket in a abstract namespace" support
* Adds SHA512 support to the MySQL validator
* HSTS (HTTP Strict Transport Security) support
Diffstat (limited to 'www/cherokee/distinfo')
| -rw-r--r-- | www/cherokee/distinfo | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/www/cherokee/distinfo b/www/cherokee/distinfo index 36e62dfd05b..004bb39b220 100644 --- a/www/cherokee/distinfo +++ b/www/cherokee/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.4 2010/07/11 12:18:55 obache Exp $ +$NetBSD: distinfo,v 1.5 2012/03/22 22:40:18 asau Exp $ -SHA1 (cherokee-1.0.5.tar.gz) = 61902974f839adbb0459c4df709b4d57f08b7ac2 -RMD160 (cherokee-1.0.5.tar.gz) = 00e64a63d861838c6df83b86ce25a518f3331bbb -Size (cherokee-1.0.5.tar.gz) = 5364282 bytes +SHA1 (cherokee-1.2.101.tar.gz) = b27f149c7d7111207ac8c3cd8a4856c05490d136 +RMD160 (cherokee-1.2.101.tar.gz) = dd3dedc352ba17bdcefd8e200143b8ffa19ad035 +Size (cherokee-1.2.101.tar.gz) = 6320209 bytes +SHA1 (patch-cherokee_common-internal.h) = 730b67aa0cdf4990686e9529cec3a7fc1ddd90a5 |