- Change default WWW root from ${PREFIX}/www/data to more expected (and
standard) ${WWWDIR} (${PREFIX}/www/thttpd) and default CGI pattern to
"/cgi-bin/*" since this goes better in line with default installation
- Enable IPREAL option by default (do not convert it to unconditional
patch as it could lead to privacy violation, which might be unwanted)
- Change served data default MIME type to "application/octet-stream"
- Rename thttpdpasswd(1) and its manpage to thtpasswd(1); this not just
makes it shorter, but is more consistent with what popular GNU/Linux
distributions do
- Stop generating index pages for directories by default for security
reasons, provide an option for that
- Properly stagify port by patching upstream makefiles instead of doing
entire installation by hand (and thus retire `do-install' target)
- Adjust and sort pkg-plist in accordance with the the above changes
upcoming 2.26):
- Fix potential buffer overflow in expand_symlinks() function of libhttpd.c
- Better handling of tempfile and additional input validation in htpasswd(1)
- Make sure that the logfile is created or reopened as read/write by thttpd
(www) user only (modified to allow group read access as well so web admin
won't have to su(1) to super-user or "www" to be able to read logs) [1]
Bump port revision to account for these and previous changes.
Gentoo bug: 458896 [1]
Security: CVE-2013-0348 [1]
