cvs commit: ports/www/yaws Makefile distinfo pkg-plist
ports/www/yaws/files patch-man_yaws.conf.5 patch-scripts__gen-yaws
Jimmy Olgeni
olgeni at FreeBSD.org
Mon Jun 25 01:10:44 UTC 2012
olgeni 2012-06-25 01:10:44 UTC
FreeBSD ports repository
Modified files:
www/yaws Makefile distinfo pkg-plist
www/yaws/files patch-man_yaws.conf.5
Added files:
www/yaws/files patch-scripts__gen-yaws
Log:
Upgrade to version 1.93, which contains a security fix among other changes.
From Erlyaws-list:
"Use crypto:rand_bytes() instead of the cryptographically weak random
module. Swedish security consultant and cryptographer Kalle
Zetterlund discovered a way to - given a sequence of cookies produced
by yaws_session_server - predict the next session id. Thus providing
a gaping security hole into yaws servers that use the yaws_session_server
to maintain cookie based HTTP sessions (klacke/kallez)"
PR: ports/169363
Submitted by: Kenji Rikitake <kenji.rikitake at acm.org>
Revision Changes Path
1.60 +11 -3 ports/www/yaws/Makefile
1.40 +2 -2 ports/www/yaws/distinfo
1.5 +4 -4 ports/www/yaws/files/patch-man_yaws.conf.5
1.1 +20 -0 ports/www/yaws/files/patch-scripts__gen-yaws (new)
1.37 +24 -4 ports/www/yaws/pkg-plist
More information about the cvs-all
mailing list