- support for oasis and findlib
- added blowfish and MAC support along with bugfixes
- plist is removed in favor of generation via findlib
- remove META from FILESDIR, as it is now distributed
- maintainer address update
PR: ports/164661
Submitted by: maintainer, Jaap.Boender at pps.jussieu.fr
Approved by: crees (mentor)
Apologies for the noise here; I'm getting used to the consequences of
slaving ports like this-- postgresql has an unusual arrangement here.
Submitted by: Neil Darlow (neil@darlow.co.uk)
Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.
* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
value.
* SECURITY: CVE-2012-0031 (cve.mitre.org)
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local
users to cause a denial of service (daemon crash during shutdown) or possibly
have unspecified other impact by modifying a certain type field within a
scoreboard shared memory segment, leading to an invalid call to the free
function.
* SECURITY: CVE-2011-4317 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in
place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.
* SECURITY: CVE-2012-0053 (cve.mitre.org)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly
restrict header information during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the values of HTTPOnly
cookies via vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.
* SECURITY: CVE-2011-3368 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet
servers via a malformed URI containing an initial @ (at sign) character.
PR: ports/164675
Reviewed by: pgollucci
Approved by: pgollucci, crees, rene (mentors, implicit)
With Hat: apache@
- Add my LOCAL as MASTER_SITES
- Take maintainership
Changes: http://bazaar.launchpad.net/~python-memcached-team/python-memcached/trunk/view/head:/ChangeLog
- Bug #745633: Values of maximum size are not stored API inconsistency, max
value length was tested for <= while max KEY length was <. So I picked that
keys and values *LONGER* than the specified max value are what is used, and
added documentation and tests to that effect. The test for max value tested
that length plus 4, so I've changed that to be that value plus 1. Issue found
by matt-quru.
- Bug #713488: Issues Invalid "delete" command. Protocol has changed so that the
"delete" operation no longer takes a "time" argument. It seems that some
servers will refuse a "delete key 0" while others will accept it, but the
official server will NOT accept "delete key 1". So I've changed it so that if
no "time" argument is specified, no time argument is sent to the server.
- Bug #713451: server.expect("END") needs to be in a finally block Expect an
"END" when the _recv_value() raises an exception. Patch by Jay Farrimond.
- Bug: #741090: cas cache can grow unbounded. Default now is that the cache is
not used, unless the "Client()" object is created with "cache_cas=True". In
that case, you need to have your own cas clearing code, a simple one would be
to use Client().reset_cas() to completely clear the cas_ids cache. Problem
pointed out by Shaun Cutts.
- Bug #728359: Make python-memcache work on memcache restarts. Patch by Tarek
Ziade', reviewed and further patches submitted by Hugo Beauze'e-Luysse and
Neganov Alexandr.
- Bug #798342: If memcached server sends unknown flag in response for "get",
results in: "UnboundLocalError: local variable 'val' referenced before
assignment" Now returns "None" instead. Patch by Sharoon Thomas
Changes:
* better handling of strerror_r support.
* corrected copyright. Since cc libs were moved to bayonne and commoncpp
had been added, ALL of ucommon (including commoncpp2) are L-GPL, not just
the "core" library.
* more standardized manpages
* improved shell::detach support and new pdetach utility
* fsys generic basic file operations
* commoncpp file and dso compatibility support added
- Add LICENSE (LGPL3)
- Move binaries to ${PREFIX}/bin/ucommon to avoid clashes (ucommon binaries
have pretty standard names)
- Update tomcat dependency logic
- Drop TOMCATOWN/TOMCATGRP in favor of defaults WWWOWN/WWWGRP
- Drop war installation. Expand war and install as individual files to account for proper cleanup
- Application installs into its own directory now (safer) -- update pkg-message to reflect this
Approved by: wen (maintainer), crees (mentor)
- Update tomcat dependency logic
- Drop TOMCATOWN/TOMCATGRP in favor of defaults WWWOWN/WWWGRP
- Drop war installation. Expand war and install as individual files to account for proper cleanup
Approved by: wen (maintainer), crees (mentor)
- Update tomcat dependency logic
- Drop TOMCATOWN/TOMCATGRP in favor of defaults WWWOWN/WWWGRP
- Drop war installation. Expand war and install as individual files to account for proper cleanup.
- Application installs into its own directory now (safer) -- update pkg-message to reflect this
Approved by: wen (maintainer), crees (mentor)
