8933941b31
From Erlyaws-list: "Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)" PR: ports/169363 Submitted by: Kenji Rikitake <kenji.rikitake@acm.org>
20 lines
645 B
Text
20 lines
645 B
Text
--- scripts/gen-yaws.ORIG 2012-06-24 15:27:11.000000000 +0900
|
|
+++ scripts/gen-yaws 2012-06-24 15:33:26.000000000 +0900
|
|
@@ -1,13 +1,15 @@
|
|
#!/bin/sh
|
|
|
|
+# CAUTION: Modified for FreeBSD Port installation
|
|
+# referring yawsdir in the installed yaws library
|
|
+
|
|
# Used by scripts/Makefile and scripts/rebar-pre-script to generate
|
|
# the yaws execution script
|
|
|
|
set -e
|
|
|
|
-topdir=`cd .. && pwd`
|
|
cat yaws.template | \
|
|
- ./Subst %yawsdir% "${topdir}" | \
|
|
+ ./Subst %yawsdir% "/usr/local/lib/erlang/lib/yaws" | \
|
|
./Subst %vardir% "${VARDIR}" | \
|
|
./Subst %run_erl% "${ERLBINDIR}/run_erl" | \
|
|
./Subst %to_erl% "${ERLBINDIR}/to_erl" | \
|