| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
a year now) but quite a number of vulnerabilities.
Ok'd by agc.
|
|
|
|
correct libraries to link with db3 and db4.
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|
|
|
|
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
|
|
testing it.
|
|
|
|
|
|
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
|
|
mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION.
|
|
|
|
|
|
|
|
USE_PKGSRC_GCC as appropriate, as this is handled by compiler.mk now.
|
|
|
|
This version of Apache is principally a security and bug fix release.
Of particular note is that 1.3.28 addresses and fixes the following
issues: CAN-2003-0460 (cve.mitre.org) (rotatelogs bug), VU#379828
(infinite loop potential), and file descriptor leakage .
|
|
|
|
|
|
${LINK_ALL_LIBGCC_HACK}
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
-Wl,--whole-archive.
|
|
|
|
can resolve the required symbols.
|
|
|
|
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
|
|
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
present, rather than installing databases/db (affects NetBSD, Linux,
Darwin and possibly others).
As suggested by Kimmo Suominen.
|
|
- Add libmm support as per apache pkg.
Bump PKGREVISION.
|
|
|
|
the precedence of the contents of this file changes depending on whether
it's started at boot time or started manually, and it's not really
necessary to add the extra complexity since it's valid (and easier) to just
set apache_start in /etc/rc.conf.
|
|
Use "${NONBINMODE}" instead of mode "0" so that "pkg_admin check" still
works for a normal user. Also invoke "chmod" only once because fork()
and exec() is expensive on certain platforms.
|
|
|
|
chmod 0 libexec/cgi-bin/{printenv,test-cgi} (to make nessus happy).
|
|
|
|
Previously, if apache_start was set in /etc/rc.conf and /etc/rc.d/apache was
loaded as part of the /etc/rc start sequence, apache_start's value would
be overridden by "apache_start=start" in this script, because /etc/rc.conf
would have already been loaded and load_rc_config() would not reload it again.
This problem would not have been seen if /etc/rc.d/apache was started
manually, or /etc/rc.conf.d/apache or @PKG_SYSCONFDIR@/apache_start.conf
was used to set apache_start.
(I am using /etc/rc.conf, and was wondering why apache wasn't starting
with ssl support at boot, but worked after a manual restart...)
|
|
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
|
|
problems when it is not enabled, notably mod_perl. Fixes pkg/18070
from myself, ok'd by wiz.
Bump PKGREVISION.
|
|
script handling and using @RCD_SCRIPTS_SHELL@.
as discussed with jlam.
|
|
|
|
have been converted to USE_BUILDLINK2.
|
|
|
|
Give Apache a user and group by default, not only with suexec.
The variables for this have changed from APACHE_SUEXEC_USER and
APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP.
Mention 'Apache' in COMMENT.
Use variables for the version number instead of copying it around.
Bump PKGREVISION.
For apache{,6}:
Change paths to /var/httpd instead of /var/spool/httpd.
Honour STRIPFLAG.
Add --without-confadjust as configure argument.
Enable the 'define' module.
For apache:
Enable proxy module on NOPIC platforms.
Some of these changes are based on pkg/17469 by Greg A. Woods, some on
comments by Johnny Lam.
Reviewed by Johnny Lam.
|
|
which reloads the server without killing transfers in progress.
|
|
From: Dawid Szymanski <dawszy@tgr.lubin.edu.pl>
|
|
|
