Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Requested by Moritz Wilhelmy on IRC.
Vulnerabilities fixed:
* CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee
before 1.2.99 allows remote attackers to hijack the authentication of
administrators for requests that insert cross-site scripting (XSS) sequences,
as demonstrated by a crafted nickname field to vserver/apply.
* CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and
PID values for seeding of a random number generator, which makes it easier
for local users to determine admin passwords via a brute-force attack.
New features (excerpt):
* Caching policies support
* Custom header can be defined inside rules
* Improved Index Page
* Kqueue is now used by default on MacOS X and *BSD
* New option to disable the use of SSLv2
* Wild cards are now supported in dirlist fields
* Redirection entries can be reordered
* ${vserver_name_req} in logger 'Custom'
* Cherokee-admin can be shut down from within
* TLS/SSL supports the 'IP per VServer' workaround now
* Virtual Server complex match support (OR rules)
* Redirection error handler has a 'default' option now
* New ${root_domain} macro in Advanced Virtual Hosting
* Failover load balancing plug-in
* cherokee-admin-launcher tool
* Information Source name resolution pre-caching
* Gzip and Default is configurable now (#1054)
* ${http_host}, ${http_referrer}, and ${http_user_agent} (#896)
* Much better OPTIONS support
* Documentation improvements
* Information Sources can be reordered now (*CGI handlers)
* X-Sendfile and X-Accel-Redirect support in the proxy
* Shared memory implementation (no longer SysV) (#537)
* Logger custom. New macro: ${http_cookie}
* Virtual Host regex group replacement (^ parameters)
* --with-cgiroot in configure
* -i / --disable-iocache param in cherokee-admin
* 'Server Info' extended to support accepts and timeouts
* cherokee-admin-launcher accepts SIGHUP now
* CTK_COOKIE security enhancement
* Enhanced pre-saving validations
* Interpreter env. vars can embedded $VARs evaluation
* QA bench can be run without installing Cherokee first
* OS tuning documentation
* Regex against full header match
* Nick name match is optional on VServers (#1075)
* Front-Line Cache (beta)
* Cherokee Distribution (beta)
* CHEROKEE_TRACE special "from=<ip>" support
* SSL/TLS Wizard
* SSI recursive includes
* "UNIX socket in a abstract namespace" support
* Adds SHA512 support to the MySQL validator
* HSTS (HTTP Strict Transport Security) support
Cherokee is a very fast, flexible and easy to configure Web Server. It
supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI,
TLS and SSL encrypted connections, Virtual hosts, Authentication, on the
fly encoding, Apache compatible log files, and much more.
