have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)
*) Fixed potential Cross-Site-Scripting bug.
*) Allow also 8192 bytes of shared memory data size.
- Upgraded to Apache 1.3.27.
- Fixed internal error handling for CRL verification.
- Initialize OpenSSL ENGINE before initializing OpenSSL
to workaround problems with the PRNG.
- Also find "openssl" executable in "sbin" directories.
- Honor specified number of maximum bytes on SSLRandomSeed
if reading from EGD.
- Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)
*) Fixed off-by-one buffer overflow bug in the compatibility
functionality (mapping of old directives to new ones).
*) Fixed memory leak in processing of CA certificates.
*) In case there is actually a certificate chain in the session cache,
we now use the value of SSL_get_peer_certificate(ssl) to verify as
it will have been removed from the chain before it was put in the
cache.
*) Seed the PRNG with a maximum of 1K from the internal scoreboard.
*) Upgraded to Apache 1.3.24
*) Support leading whitespaces in commands of SSLLog "|..." directives.
*) Fixed timeout handling on connection establishment by correctly
resetting the timeout on errors.
*) Fixed two memory leaks related to CA certificate configuration.
*) Fixed memory leak related to temporary DH key handling.
*) Fixed memory leak on shutdown if CRLs are used.
*) Fixed remaining SIGBUS problems on SPARC inside SHMCB session
cache implementation.
Relevant changes from version 2.8.6 include:
*) Fixed potential buffer overflow in DBM and SHMHT session
cache if very very large certificate chains are used.
*) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
"head -1" and "tail -1" constructs with sed variants in scripts.
*) Upgraded to Apache 1.3.23
*) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an
indexing structure that (correctly) used index values (and ranges)
as "unsigned int", but the meta-structure in the header had these
ranged as "unsigned char".
*) Perform the SHMCB remove operation under mutual exclusion
to prevent a inter-process synchronization problem.
*) Made sure that mod_ssl does not segfault in case of
SCOREBOARD_SIZE < 1024.
*) Merged in the SDBM patch from Uwe Ohse which fixes a problem with
sdbms .dir file, which arrises when a second .dir block is needed
for the first time. read() returns 0 in that case, and the library
forgot to initialize that new block. A related problem is that the
calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ
bits, which is not enough except for small databases (.dir
basically doubles everytime it's too small).
This value may be customized in various ways:
PKG_SYSCONFBASE is the main config directory under which all package
configuration files are to be found.
PKG_SYSCONFSUBDIR is the subdirectory of PKG_SYSCONFBASE under which the
configuration files for a particular package may be found.
PKG_SYSCONFDIR.${PKGBASE} overrides the value of ${PKG_SYSCONFDIR} for a
particular package.
Users will typically want to set PKG_SYSCONFBASE to /etc, or accept the
default location of ${PREFIX}/etc.
This obsoletes the use of CONFDIR, which was active for only 6 days, so no
need to have a workaround to still accept old CONFDIR settings.
bsd.pkg.install.mk:
* Remove old DEINSTALL/INSTALL scripts.
* Move some text printed at POST-INSTALL time into the MESSAGE file.
* Adjust rc.d scripts to respect rc.conf settings, so that the
script may be directly copied into /etc/rc.d.
Changes from version 2.8.4 include:
*) Upgraded to Apache 1.3.22
*) Fixed check whether server certificate wildcard CommonName (CN)
matches the configured server name.
*) Fixed buffer overflow.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
from version 2.8.3 is upgrading the mod_ssl sources to patch against Apache
1.3.20. The pkgsrc changes include unifying repeated SED replacement info
for various files into one location, FILES_SUBST.
*) Allow loadcacert.cgi script to work inside mod_perl.
*) Fixed typo in the directive descriptions in mod_ssl.c
*) Fixed ENGINE support: the engine support is are now already
loaded at configure time. Else mod_ssl fails to find them.
*) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache
variant from "experimental" state to "production" by removing the
`#ifdef SSL_EXPERIMENTAL_SHMCB ...#endif' wrappers. This means
that now `SSLSessionCache shmcb:...' is unconditionally available.
*) Made the mutex handling more robust by retrying the
semaphore-based operations in interrupt situations
(errno == EINTR).
*) Also log the OpenSSL error message if the RSA temporary
key(s) cannot be generated.
*) Fixed mod_ssl Auth handler: it now returns DECLINED instead of
OK if authentication is passed successfully to allow other modules
(usually mod_auth) to still deny the request.
*) Fixed certificate DN handling under EBCDIC platforms.
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
-) Rename mod_ssl.conf to apache_start.conf.
*) Upgraded to Apache 1.3.17 as base version.
*) Allow %{ENV:variable} in SSLRequire expressions, too.
*) Make sure the user is not able to fake the client certificate
based authentication by just entering an X.509 Subject DN
("/XX=YYY/XX=YYY/..") as the username and "password" as the
password if "SSLVerifyClient optional" is used in combination
with "SSLOptions +FakeBasicAuth".
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @VARIABLE@, nor @@VARIABLE@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.
1.3.14.1, adding a superminor version number to indicate possible EAPI
update.
*) Fixed the parsing of SSLSessionCache directives. The prefixes were
incorrectly skipped and leaded to "unable to open semaphore file"
errors.
