We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
Reported by: simon
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.
Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.
Preliminary documentation can be found at:
http://people.FreeBSD.org/~ade/autotools.txt
which is in the process of being SGMLized before introduction into the
Porters Handbook.
Light blue touch-paper. Run.
From Changelog:
*) SECURITY: CAN-2005-2088
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
- Rename previous patch to CVE ID
- bump PORTREVISION
Security: CAN-2005-2088
Obtained From: Apache repository
I blindly committed a change from my dev tree. Since USE_APACHE design
is flacky, it had a very annoying impact.
PR: ports/77391 [1]
Also reported by: pointyhat via kris,
Scot Hetzel <swhetzel@gmail.com> [1]
Pointy hat to: clement
- Download bz2'd tarball [1]
- Add print-closest-mirrors target.
It allows you to find the 6 (3 http/3 ftp) closest mirror,
base on http://www.apache.org/dyn/closer.cgi/httpd/
make print-closest-mirrors >> /etc/make.conf automatically add
the six closest mirror to the head of ${MASTER_SITE_APACHE_HTTPD}.
Requested by: delphij
o Major change(s)
- in some cases, modules are still built as static modules, making
modules selection useless and generate a non-desired httpd
o Minor change(s)
- apxs detection is done only if port isn't a server one.
- Mark modules ports as IGNORED if apaxhe is built statically
- fix make show-modules when when WITH_ALL_STATIC_MODULES is defined
Most issues discovered by: Jason Mealins <jason_mealins@bigfix.com>
- Use apache{2,21}flags variable in apache{2,21}_checkconfig().
It fixes restart when apache2ssl_enable is set to YES in rc.conf
and httpd.conf is "old" (i.e. non -DSSL safe) [1]
o Makefile
- split post-install target to add install-startup-script:
User can now upgrade startup script without reinstalling apache2.
NOTE: this is NOT package-safe and NOT supported, even if in most of
cases they're no risk.
Noticed by: many [1]
- Add support for modular sbin/envvars
You can now put your own scripts you want to execute at envvars
stage in ${PREFIX}/etc/apache2/envvars.d
Only script ending by *.env are run.
Example:
/usr/local/etc/apache2/envvars.d/mod_python3.env
Discussed with: perky on -apache@