propogated by copy and paste.
1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).
No PORTREVISION bumps because all of these changes are noops.
All people using mod_rewrite are strongly encouraged to update.
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
Updates to latest versions will follow soon.
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
- bump HARD_SERVER_LIMIT to 2048
- drop broken WITH*_EXPAT support.
we always depend on expat from ports (based on [1])
PR: ports/81183 [1]
Submitted by: Martin Nilsson <martin@svenskabutiker.se>
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
base rcorder, hard coded variable values in these scripts
are overriding the values in /etc/rc.conf[.local] (due to
the way that variables from the latter are read at boot time).
Therefore, change the boot scripts to set default values only
if the variable is unset in /etc/rc.conf[.local]. This will
allow the service to start at boot time if it's been enabled
as the user would expect.
This change will be a noop for users who have systems that
have not yet been upgraded to the new rc.d code in the base.
In many cases there are other variables in the scripts that
should get similar treatment, however I did not change
anything other than the _enable lines. I'll leave the rest
up to the maintainers to do as they see fit.
Bump PORTREVISION to make sure that users and packages
pick up this change.
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
Reported by: simon
