all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
* Fixed security bug that could allow attacker to execute arbitrary
commands as the apache user. [Digital Armaments, seregon at bughunter
dot net]
* Fixed bug that sometimes resulted in segfaults during periodic cache
cleanup. [Stefan Gaffga]
* Add AuthLDAPVersion option to specify which LDAP version to use on
LDAP server. [Hans Petter Selasky]
* Support ldaps:// urls automatically under OpenLDAP. No need to compile
with --with-ssl; this is just to enable SSL with the Netscape SDK.
[Andrew McAllister, Malcolm Locke]
* Fixed bug where auth_ldap didn't always rebind as the AuthLDAPBindDN
after doing an authorization. [Stephen Lombardo, Brent Putnam, Ace
Suares, Ted Cabeen, others].
* Fixed bug where we forgot to note a failed auth attempt which would
result in the browser never giving the user a second chance to enter a
password. [Thanks to many other people]
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
The automatic truncation in gensolpkg doesn't work for packages which
have the same package name for the first 5-6 chars.
e.g. amanda-server and amanda-client would be named amanda and amanda.
Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for
amanda-server.
All svr4 packages also have a vendor tag, so we have to reserve some chars
for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6
or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the
vendor tag enough room.
All p5-* packages and a few other packages have now a SVR4_PKGNAME.
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
Changes Between Major Revisions
Changes from 1.4 to 1.6
* All changes and bugfixes in the 1.4 releases.
* Completely rewrote the LDAP caching algorithms (see [1]the
documentation on caching for more information). Here are the
highlights of the changes:
+ All cache sizes are measured in terms of cache entries.
Warning!! This affects the AuthLDAPCacheSize directive!! In
version 1.4 and before, this directive specified the size in
megabytes. Now, it specifies the size in cache entri es. If
you currently have this directive in a config file, it is
probably set way too high, and will use a significant amount
of server memory.
+ Deprecated the AuthLDAPCacheCompareOps directive. Apache will
still accept the directive, but it has no effect, other than
to generate a warning in the Apache logs.
+ The cache no longer grows without bounds. For servers with a
very active cache, this should make a big difference with
memory usage.
+ No longer use the cache management routines from the LDAP
SDK. All LDAP operations are now cached, using a cache that's
specially designed for auth_ldap's authentication methods.
+ If Apache has been compiled with MM support and auth_ldap has
been compiled with -DWITH_SHARED_LDAP_CACHE then the cache is
shared across all server instances.
+ Added a content handler that can be used to display the cache
statistics. To use it, add the following directives:
<Location /server/auth-ldap-info>
SetHandler auth-ldap-info
</Location>
* Added support for a require dn directive, and a
AuthLDAPCompareDNOnServer directive. See the documentation for
more information.
* auth_ldap now allows the user to specify any attribute when
checking for group membership, by using the AuthLDAPGroupAttribute
directive. If this directive is not specified, the default
continues to be member and uniqueMember. Patch courtesy of
Graham Leggett.
* Added another directive, AuthLDAPGroupAttributeIsDN, which says
whether to use the DN that was retrieved from the LDAP search, or
to use the username passed by the client when doing group
authorization. This directive, in conjuction with the previous
one, allows us to use things like posixGroups for checks:
AuthLDAPGroupAttribute memberuid
AuthLDAPGroupAttributeIsDN off
* Ensure that auth_ldap will follow referrals under
OpenLDAP. This behavior was turned off in previous versions.
* Allow auth_ldap to dereference aliases, using the new
AuthLDAPDereferenceAliases directive. By default, this directive
is set to always.
* Now use ldap_init() when using OpenLDAP. Unless your OpenLDAP is
really old, this probably won't affect you.
