This commit should largele be a NOOP as it only adds support
for DESTDIR undefined. This does allow us to start testing
ports with DESTDIR set, but this is as of yet not supported.
Although this has been extensively tested on pointyhat, this
is a very intrusive change and some cases may have been
overlooked. Please contact Gabor and me if you find any.
PR: 100555
Submitted by: gabor
Sponsored by: Google Summer of Code 2006
All people using mod_rewrite are strongly encouraged to update.
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
Updates to latest versions will follow soon.
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
- bump HARD_SERVER_LIMIT to 2048
- drop broken WITH*_EXPAT support.
we always depend on expat from ports (based on [1])
PR: ports/81183 [1]
Submitted by: Martin Nilsson <martin@svenskabutiker.se>
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
base rcorder, hard coded variable values in these scripts
are overriding the values in /etc/rc.conf[.local] (due to
the way that variables from the latter are read at boot time).
Therefore, change the boot scripts to set default values only
if the variable is unset in /etc/rc.conf[.local]. This will
allow the service to start at boot time if it's been enabled
as the user would expect.
This change will be a noop for users who have systems that
have not yet been upgraded to the new rc.d code in the base.
In many cases there are other variables in the scripts that
should get similar treatment, however I did not change
anything other than the _enable lines. I'll leave the rest
up to the maintainers to do as they see fit.
Bump PORTREVISION to make sure that users and packages
pick up this change.
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
Reported by: simon