Date: Mon, 25 Jun 2012 01:10:44 +0000 (UTC) From: Jimmy Olgeni <olgeni@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/yaws Makefile distinfo pkg-plist ports/www/yaws/files patch-man_yaws.conf.5 patch-scripts__gen-yaws Message-ID: <201206250110.q5P1AiYK081416@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
olgeni 2012-06-25 01:10:44 UTC
FreeBSD ports repository
Modified files:
www/yaws Makefile distinfo pkg-plist
www/yaws/files patch-man_yaws.conf.5
Added files:
www/yaws/files patch-scripts__gen-yaws
Log:
Upgrade to version 1.93, which contains a security fix among other changes.
From Erlyaws-list:
"Use crypto:rand_bytes() instead of the cryptographically weak random
module. Swedish security consultant and cryptographer Kalle
Zetterlund discovered a way to - given a sequence of cookies produced
by yaws_session_server - predict the next session id. Thus providing
a gaping security hole into yaws servers that use the yaws_session_server
to maintain cookie based HTTP sessions (klacke/kallez)"
PR: ports/169363
Submitted by: Kenji Rikitake <kenji.rikitake@acm.org>
Revision Changes Path
1.60 +11 -3 ports/www/yaws/Makefile
1.40 +2 -2 ports/www/yaws/distinfo
1.5 +4 -4 ports/www/yaws/files/patch-man_yaws.conf.5
1.1 +20 -0 ports/www/yaws/files/patch-scripts__gen-yaws (new)
1.37 +24 -4 ports/www/yaws/pkg-plist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206250110.q5P1AiYK081416>