summaryrefslogtreecommitdiff
path: root/www
AgeCommit message (Collapse)AuthorFilesLines
2003-11-02Update PLIST for apache6-1.3.29.cube1-2/+5
2003-11-02Update apache6 to 1.3.29 + ipv6 patch.cube6-125/+9
Major changes since 1.3.28: Security vulnerabilities * CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. Bugs fixed The following noteworthy bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29: * Within ap_bclose(), ap_pclosesocket() is now called * consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistenly to close socket fd's. The previous confusion between socket and file fd's would cause problems with some applications now that we proactively close fd's to prevent leakage. * Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. * Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap.
2003-11-02Updated ap-ssl to 2.8.16.grant2-7/+7
Major changes since 2.8.15: *) Upgraded to Apache 1.3.29 *) Avoid memory corruption in certificate handling caused by a heap memory double-freeing situation. *) Allow "HTTPS" variable to be passed through by suEXEC. *) Clear the OpenSSL error code in pass phrase reading code to workaround the following situation: multiple keys, all with different passphrases -- entering the correct pass phrase at each prompt leads to an OpenSSL error message after the last prompt. *) Reverted the recent change where ap_cleanup_for_exec() called ap_kill_alloc_shared(). This caused nasty side-effects in other processes and is not necessary at all (because shared memory segments are not inherited across exec). *) mod_ssl was checking the OpenSSL error reason code against SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since OpenSSL reason codes are not unique, this isn't always the case. It now additionally checks that the library is the SSL library.
2003-11-02Updated apache to 1.3.29.grant7-128/+15
Major changes since 1.3.28: Security vulnerabilities * CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. Bugs fixed The following noteworthy bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29: * Within ap_bclose(), ap_pclosesocket() is now called * consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistenly to close socket fd's. The previous confusion between socket and file fd's would cause problems with some applications now that we proactively close fd's to prevent leakage. * Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. * Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap.
2003-10-29The symlink shouldt be ${LN} -s ${PLUGIN_SOURCE} not ${LN} -s ↵xtraeme1-2/+3
${PLUGIN_SOURCE}/rpnp.so, so MozillaFirebird can found the plugin. Bump PKGREVISION and closes PR pkg/23187
2003-10-29Import security fix from 1.3.29 distribution for a buffer overflow incube12-6/+238
mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION.
2003-10-28Forgotten patch needed by tidy update in previous commit.cube1-0/+72
2003-10-28Update tidy to 20031002, and docs to 20030610. No ChangeLog available,cube6-66/+141
unfortunately. Tidy now comes with a (static) library, thus a buildlink2.mk file is now provided. There's no need to set PRESERVE_FILE_TIMES in CFLAGS anymore, thus PR pkg/20489 is fixed.
2003-10-28upgrade to 2.0.48itojun5-18/+32
Changes with Apache 2.0.48 *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of the AF_UNIX socket used to communicate with the cgid daemon and the CGI script. [Jeff Trawick] *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. [André Malo] *) mod_include: fix segfault which occured if the filename was not set, for example, when processing some error conditions. PR 23836. [Brian Akins <bakins@web.turner.com>, André Malo] *) fix the config parser to support <Foo>..</Foo> containers (no arguments in the opening tag) supported by httpd 1.3. Without this change mod_perl 2.0's <Perl> sections are broken. ["Philippe M. Chiasson" <gozer@cpan.org>] *) mod_cgid: fix a hash table corruption problem which could result in the wrong script being cleaned up at the end of a request. [Jeff Trawick] *) Update httpd-*.conf to be clearer in describing the connection between AddType and AddEncoding for defining the meaning of compressed file extensions. [Roy Fielding] *) mod_rewrite: Don't die silently when failing to open RewriteLogs. PR 23416. [André Malo] *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send rewritten request using "proxy:". The code was adding multiple "proxy:" fields in the rewritten URI. PR: 13946. [Eider Oliveira <eider@bol.com.br>] *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and expires as directed in RFC 2616. [Thomas Castelle tcastelle@generali.fr] *) Ensure that ssl-std.conf is generated at configure time, and switch to using the expanded config variables to work the same as httpd-std.conf PR: 19611 [Thom May] *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370 [Hartmut Keil <Hartmut.Keil@adnovum.ch>] *) mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. [David Shane Holden <dpejesh@yahoo.com>] *) Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. PR 16661. [Manni Wood <manniwood@planet-save.com>] *) mod_cache: Fix the cache code so that responses can be cached if they have an Expires header but no Etag or Last-Modified headers. PR 23130. [bjorn@exoweb.net] *) mod_log_config: Fix %b log format to write really "-" when 0 bytes were sent (e.g. with 304 or 204 response codes). [Astrid Keßler] *) Modify ap_get_client_block() to note if it has seen EOS. [Justin Erenkrantz] *) Fix a bug, where mod_deflate sometimes unconditionally compressed the content if the Accept-Encoding header contained only other tokens than "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo] *) Avoid an infinite recursion, which occured if the name of an included config file or directory contained a wildcard character. PR 22194. [André Malo] *) mod_ssl: Fix a problem setting variables that represent the client certificate chain. PR 21371 [Jeff Trawick] *) Unix: Handle permissions settings for flock-based mutexes in unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. PR 20312 [Jeff Trawick] *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick] *) Fix a misleading message from the some of the threaded MPMs when MaxClients has to be lowered due to the setting of ServerLimit. [Jeff Trawick] *) Lower the severity of the "listener thread didn't exit" message to debug, as it is of interest only to developers. PR 9011 [Jeff Trawick] *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting. [Cliff Woolley, Jean-Jacques Clar] *) Install config.nice into the build/ directory to make minor version upgrades easier. [Joshua Slive] *) Fix mod_deflate so that it does not call deflate() without checking first whether it has something to deflate. (Currently this causes deflate to generate a fatal error according to the zlib spec.) PR 22259. [Stas Bekman] *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an identity spoof is encountered. [Sander Striker] *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR 20195. [André Malo] *) ab: Overlong credentials given via command line no longer clobber the buffer. [André Malo] *) mod_deflate: Don't attempt to hold all of the response until we're done. [Justin Erenkrantz] *) Assure that we block properly when reading input bodies with SSL. PR 19242. [David Deaves <David.Deaves@dd.id.au>, William Rowe] *) Update mime.types to include latest IANA and W3C types. [Roy Fielding] *) mod_ext_filter: Set additional environment variables for use by the external filter. PR 20944. [Andrew Ho, Jeff Trawick] *) Fix buildconf errors when libtool version changes. [Jeff Trawick] *) Remember an authenticated user during internal redirects if the redirection target is not access protected and pass it to scripts using the REDIRECT_REMOTE_USER environment variable. PR 10678, 11602. [André Malo] *) mod_include: Fix a trio of bugs that would cause various unusual sequences of parsed bytes to omit portions of the output stream. PR 21095. [Ron Park <ronald.park@cnet.com>, André Malo, Cliff Woolley] *) Update the header token parsing code to allow LWS between the token word and the ':' seperator. [PR 16520] [Kris Verbeeck <kris.verbeeck@advalvas.be>, Nicel KM <mnicel@yahoo.com>] *) Eliminate creation of a temporary table in ap_get_mime_headers_core() [Joe Schaefer <joe+gmane@sunstarsys.com>] *) Added FreeBSD directory layout. PR 21100. [Sander Holthaus <info@orangexl.com>, André Malo] *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP response. PR 21085. [Glenn Nielsen <glenn@apache.org>, André Malo] *) mod_rewrite: Perform child initialization on the rewrite log lock. This fixes a log corruption issue when flock-based serialization is used (e.g., FreeBSD). [Jeff Trawick] *) Don't respect the Server header field as set by modules and CGIs. As with 1.3, for proxy requests any such field is from the origin server; otherwise it will have our server info as controlled by the ServerTokens directive. [Jeff Trawick]
2003-10-27Update to 2.24. Closes PR pkg/22198 (fix was integratedin that version).cube4-23/+7
New in version 2.24: * Added a bunch of MIME types. * Fix minor problem with returning unknown protocol on some errors. * Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer. * Allow blank lines in the config file. * Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory). * Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan). * Added optional minimum rate to throttles. * Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO. * Use unsigned short consistently for port number. * Prohibit slashes in the Host: header (Marcus Breiing). * Added a -dd data_dir flag and corresponding config-file option. * Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler. * Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections. * Correction to missing-slash directory redirect with query string. * Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long. * Don't send Content-Length header on 304 Not Modified responses. * Allow user-agent log entries to be up to 200 characters long, instead only of 80. * Fixed buffer overflow bug in defang(). * Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings. * Some fixes for the syslogtocern script (paul fox). * Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth). * Changed most uses of \r and \n to \015 and \012 (Jens Bauer). * In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips). * Some improvements to fdwatch (David Burgess).
2003-10-27improve/sync with other firebird pkgs.grant1-3/+9
2003-10-24update opera7 to newest 7.21jdolecek3-15/+12
Changes are mainly rendering performance improvements, LOTS of miscellaneous fixes, and various feature improvements. For details, see: http://www.opera.com/linux/changelogs/720b7/ http://www.opera.com/linux/changelogs/721/
2003-10-22This is MozillaFirebird-bin-realplayer, so package name changed fromreed2-4/+7
phoenix-bin-realplayer. (Okay'd by grant.)
2003-10-19Use PKG_SYSCONFDIR instead of PKG_SYSCONFDIR.squidguard (the later not usuallyjmmv1-3/+3
defined). Bump PKGREVISION to 2. From Ron Roskens in PR pkg/23189.
2003-10-19fix installation on Linux:grant3-12/+18
- s/LOCALBASE/PREFIX/ - s/X11BASE/X11PREFIX/ - install symlink for libgmodule - depend on gtk
2003-10-19fix installation on Linux:grant3-12/+19
- s/LOCALBASE/PREFIX/ - s/X11BASE/X11PREFIX/ - install symlink for libgmodule - depend on gtk
2003-10-19fix installation on Linux:grant6-24/+38
- s/LOCALBASE/PREFIX/ - s/X11BASE/X11PREFIX/ - install symlink for libgmodule - depend on gtk
2003-10-18Update to adzap-20031018; change summary: more patterns.kleink3-8/+7
Changes since adzap-20030811: * 2003-10-18 cameron: scripts/squid_redirect: Turn off the 302: redirection mode. It crashed Andre Kajita's squid farm:-( More research needed. * 2003-10-13 cameron: rc/patterns: greenpeace.org PRINT rule www.sundayherald.com PRINT rule * 2003-10-06 cameron: scripts/squid_redirect: Add NOZAP class for the NOZAP rule. rc/patterns: more generous miami.com PRINT rule http://noads/ prefix bypass rule rename NOADS to NOZAP and move the Nimda defense towards the bottom of the pattern space adjust NOZAP prefix from http://noads/ to http://nozap/ turn NOZAP into a suffix make NOZAP suffix a ? instead of a / doh! push NOZAP to the front .sears.com exception from Neal Macklin * 2003-10-05 cameron: rc/patterns: sltrib.com PRINT rule * 2003-10-04 cameron: rc/patterns: newsforge.com PRINT rule allafrica.com PRINT rule * 2003-10-01 cameron: rc/patterns: broaden news.com.com PRINT rule * 2003-09-30 cameron: rc/patterns: wfmynews2.com PRINT rule generalise .boston.com PRINT rule * 2003-09-29 cameron: rc/patterns: oreillynet.com PRINT rule * 2003-09-22 cameron: rc/patterns: .hitbox.com web bugs siliconvalley.com PRINT rule tweak zdnet.com.com PRINT rule another canoe.ca ad pattern * 2003-09-15 cameron: rc/patterns: exception for www.supergo.com from Kath Knight widen www.supergo.com exception * 2003-09-14 cameron: rc/patterns: exception for ibm.com/common/stats/stats.js ads.i2as.ulimit.com popup geocities ad prefix another geocities ad js * 2003-09-12 cameron: rc/patterns: .targetnet.com popup * 2003-09-05 cameron: rc/patterns: another barnesandnoble.com popup * 2003-09-04 cameron: rc/patterns: turn osnews.com PRINT back on disable osnews.com again * 2003-09-03 cameron: rc/patterns: wider news.com.com PRINT rule tweak nytimes.com PRINT rule disable nytimes.com - referred based? informationweek.com PRINT rule * 2003-09-01 cameron: rc/patterns: exception for salon click-thru ad access reported by Neal Macklin cache.ultramercial.com exception as part of salon.com fix more ultramercial exception further cache.ultramercial.com exception for cache.ultramercial.com salon clikcthru stuff * 2003-08-31 cameron: rc/patterns: technologyreview.com PRINT rule widen technologyreview.com PRINT rule * 2003-08-30 cameron: rc/patterns: techcentralstation.com PRINT rule * 2003-08-28 cameron: rc/patterns: exception for http://psi.affinix.com/forums/html/emoticons/blink.gif from Lance Conry * 2003-08-27 cameron: rc/patterns: another zdnet.com.com PRINT rule another sfgate.com PRINT rule * 2003-08-26 cameron: rc/patterns: dfw.com PRINT rule orlando.bizjournals.com PRINT rule nightscapecreations.com popups * 2003-08-25 cameron: rc/patterns: broaden .boston.com PRINT rule tweak broader boston.com PRINT rule * 2003-08-22 cameron: rc/patterns: straitstimes.asia1.com.sg PRINT rule another theglobeandmail.com PRINT rule widen .adbureau.net ADJS pattern newmediazero.com PRINT rule * 2003-08-21 cameron: rc/patterns: local6.com PRINT rule improve local6.com PRINT rule upi.com PRINT rule bizreport.com PRINT rule fix bizreport rule another nytimes.com PRINT rule xml.com PRINT rule widen news.independent.co.uk PRINT rule - may break another ad * 2003-08-20 cameron: rc/patterns: newsfactor.com PRINT rule ad.openfind.com.tw AD fpeng.peopledaily.com.cn PRINT rule europemedia.net PRINT rule voanews.com PRINT rule washingtonpost.com PRINT rule cbronline.com PRINT rule * 2003-08-19 cameron: rc/patterns: admech ad .googlesyndication.com javascript .googlesyndication.com ADHTML focusin.ads.targetnet.com IFRAME differentiate focusin.ads.targetnet.com HTML from IMGs newsmax.com PRINT rule docguide.com PRINT rule popularmechanics.com PRINT rule enterpriseitplanet.com PRINT rule nzherald.co.nz PRINT rule rockymountainnews.com PRINT rule * 2003-08-18 cameron: rc/patterns: ads.specificclick.com HTML eweek.com/dropdown images another .zdnet.com PRINT rule * 2003-08-16 cameron: rc/patterns: .realtracker.com/netpoll javascript .realtracker.com ADHTML another counter another securityfocus.com PRINT rule index.html: Add description of the everyupdate list to the updates webpage section. * 2003-08-15 cameron: rc/patterns: af.mil PRINT rule aftenposten.no PRINT rule * 2003-08-14 cameron: rc/patterns: worldnetdaily.com PRINT rule wasabisystems.com exception from Simon Burge news.independent.co.uk PRINT rule typo in news.independent.co.uk rule ads.zedo.com/ads2 AD pattern .zedo.com web bug behind AD ADHTML web bug from ads.specificpop.com .googlesyndication.com web bug javascript ad code from .zedo.com business.boston.com PRINT rule vnunet.com PRINT rule dailytimes.com.pk PRINT rule * 2003-08-13 cameron: rc/patterns: blink.gif exception for dpreview.com from Simon Burge edinburghnews.com PRINT rule eet.com PRINT rule * 2003-08-12 cameron: rc/patterns: tweak rss.com.com PRINT rule zdnet.com.com PRINT rule scotlandonsunday.com PRINT rule chron.com PRINT rule enn.com PRINT rule gulfnews.com PRINT rule nj.com/newsflash PRINT rule Approved by: agc
2003-10-18Whitespace fixescjep1-2/+2
2003-10-18Trailing slashcjep1-2/+2
2003-10-18s/phoenix/MozillaFirebird/ in COMMENT.grant3-6/+6
2003-10-14Make sure to USE_RUBY not USE_RUBY_RD.taca1-2/+2
This should fix the bulk build problem.
2003-10-12Use libnbcompat in favor of libgetopt if necessary.jschauma1-4/+6
Also add buildlink for pthread support. (From PR pkg/23099 by Hiramatsu Yoshifumi)
2003-10-11bump PKGREVISIONs after bump of expat BUILDLINK_DEPENDS.grant6-8/+12
2003-10-11whitespace fixgrant1-2/+2
2003-10-11provide both http and ftp fetch methods, whitespace cleanup.grant1-4/+5
2003-10-08wrap an #ifdef __NeXT__ around some crufty old code that was breakingdanw2-4/+20
the darwin build. PR 20507.
2003-10-06update to bozohttpd 20031005. changes include:mrg1-36/+0
o fixes for basic authorisation. from <ecu@ipv42.net> o always display file size in directory index mode o add .xbel, .xml & .xsl -> text/xml mappings. from <wiz@danbala.ifoer.tuwien.ac.at>
2003-10-06update to bozohttpd 20031005. changes include:mrg2-7/+7
o fixes for basic authorisation. from <ecu@ipv42.net> o always display file size in directory index mode o add .xbel, .xml & .xsl -> text/xml mappings. from <wiz@danbala.ifoer.tuwien.ac.at>
2003-10-05Updated bins to 1.1.23martti3-13/+15
* new parameter 'deExifyImages' * bug fixes * translation updates
2003-10-05Update to 2.1.0.12 (2.1pre12):wiz4-9/+9
Fixed memory leak with Content-Type at http.c:37 Workaround broken cfmakeraw on AIX Users can enter own shell command for executing external programs. Commands in X are executed in xterm, not on console. Do not send Range on refresh More information on image files in Info menu. Allow opening of a link in a new window (target="_blank"). Serbian translation Added "id" attribute to the <img> tag. Serbian Cyrillic letters Updated Hungarian translation Table frame and rules when no border attribute present Fixed spelling errors found by Francois Gouget's program Fixed crash in frames introduced in Tue Jun 17 23:15:46 MET DST 2003 Add slash after URLs like ftp://host:1234 Anchors allowed in frame locations No char with code 13 when pasting in OS/2 Aggressive cache is in cache dialog, not in HTTP bugs dialog 302 redirects are not cached Fixed redirect left after reloading cached document Do not send "Range" when cache expires Fixed some languages (removed name ELinks) Updated Russian localization Fixed \001 in bookmarks and window title when title contained 0xa0 Fixed bug that can't happen in select_mainmenu Fixed numbers on links not consistent with internal order. Still not perfect but better than it used to be.
2003-10-03Add and enable p5-Template-Generate.wiz1-1/+2
2003-10-03This module generates TT2 templates. It can take datawiz4-0/+36
structures and rendered documents together, and deduce templates that could have performed the transformation. It is a companion to Template and Template::Extract; their relationship is shown below: Template: ($template + $data) ==> $document # normal Template::Extract: ($document + $template) ==> $data # tricky Template::Generate: ($data + $document) ==> $template # very tricky This module is considered experimental.
2003-10-03Add and enable p5-Template-Extract.wiz1-1/+2
2003-10-03This module is a subclass of the Template toolkit, with addedwiz4-0/+32
template extraction functionality. It can take a rendered document and its template together, and get the original data structure back, effectively reversing the "process" function. This module is considered experimental. If you just wish to extract RSS-type information out of a HTML document, WWW::SherlockSearch may be a more robust solution.
2003-10-03Update to 2.10; wildcard dependency on tex.wiz3-7/+19
Version 2.10 provides a few trivial new features and applies fixes to some small bugs. For example, you can now use IN instead of = in a loop, e.g. FOREACH item IN list. The WRAPPER configuration option is new, and Template::Context and Template::Stash now both implement define_vmethod() methods which make it easier to define new virtual methods. Version 2.09 contained mostly bug fixes and minor enhancements. Version 2.08 added compile time constant folding which can result in a significant performance boost when processing templates. It also offered several other minor enhancements and bug fixes.
2003-10-02Sort.wiz1-9/+9
2003-10-01Use DEPENDS instead of buildlink2.mk for dependancy on ImageMagick.simonb1-3/+3
Thanks to Grant Beattie for sorting out DEPENDS line.
2003-10-01fix install.dent1-2/+2
2003-09-30Fix ruby-htmlsplit package.taca4-23/+5
Since htmlsplit.rb isn't really contain RD document, stop try to generate HTML from it. (It was my fault.) Bump PKGREVISION.
2003-09-30only pull in ../../emulators/suse_linux/Makefile.application if we aredmcmahill2-3/+17
actually using a Linux version of netscape. Fixes build on alpha under compat_osf1 and probably sparc under compat_svr4.
2003-09-29use explicit number here rather than ${PHP_BASE_VERS}, so that packagesjdolecek1-2/+2
using the buildlink would get proper version dependency even when not using php4/Makefile.common
2003-09-29fix include of ncurses/buildlink2.mk againgrant1-2/+2
2003-09-28Back out last change related to moving ncurses/buildlink2.mk tojlam3-6/+6
curses.buildlink2.mk. This was wrong because we _really_ do want to express that we want _n_curses when we include the buildlink2.mk file. We should have a better way to say that the NetBSD curses doesn't quite work well enough. In fact, it's far better to depend on ncurses by default, and exceptionally note when it's okay to use NetBSD curses for specific packages. We will look into this again in the future.
2003-09-27move ncurses/buildlink2.mk to mk/curses.buildlink2.mk, as it providesgrant3-7/+7
support for base system curses/ncurses as well as ncurses itself. suggested by wiz.
2003-09-27Fix build with gcc3 (hi mrg! :) ).wiz2-4/+26
2003-09-27rename phoenix-bin-* to MozillaFirebird-bin-*.grant46-141/+161
2003-09-27The extra libraries for SunOS are only built/needed for sparc.markd1-2/+2
2003-09-27whitespace nitgrant1-2/+2
2003-09-27fix MASTER_SITES.grant2-4/+4