From owner-freebsd-apache@FreeBSD.ORG Thu Mar 18 14:46:30 2010 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE77F1065672 for ; Thu, 18 Mar 2010 14:46:30 +0000 (UTC) (envelope-from chris@chrysalisnet.org) Received: from web5.hostingfreak.net (web5.hostingfreak.net [85.10.221.5]) by mx1.freebsd.org (Postfix) with ESMTP id 8F6AD8FC12 for ; Thu, 18 Mar 2010 14:46:30 +0000 (UTC) Received: from localhost ([127.0.0.1]:64725 helo=CORE2DUO) by with esmtpa (Exim) }; Thu, 18 Mar 2010 14:46:50 +0000 From: "Chris" To: "'Philip M. Gollucci'" References: <020701cac555$9f1c3b40$dd54b1c0$@org> <4BA01237.30500@p6m7g8.com> <4BA01288.8090206@p6m7g8.com> <020c01cac55f$ef4a0110$cdde0330$@org> <4BA01526.30809@p6m7g8.com> <020e01cac562$6d84b140$488e13c0$@org> <4BA01A20.4070804@p6m7g8.com> In-Reply-To: <4BA01A20.4070804@p6m7g8.com> Date: Thu, 18 Mar 2010 14:46:13 -0000 Message-ID: <028701cac6a9$c22cd090$468671b0$@org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcrFZBTP4HTkh1/qTWOTHIpopQVYvgBRUVZQ Content-Language: en-gb X-Antivirus-Scanner: Scanned with Exiscan. Clean mail though you should still use an Antivirus X-bounce-key: hostingfreak.net-1;chris@chrysalisnet.org;1268923612;1f44e264; Cc: apache@freebsd.org Subject: RE: FreeBSD Port: www/apache22 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2010 14:46:30 -0000 hi again. is it not possible to bump apache without updating apr? using the same apr as in 2.2.14? I see 4 security notices against 2.2.14 which makes me worried. I thought freebsd ports allowed commits for security reasons during a freeze/slush. -----Original Message----- From: Philip M. Gollucci [mailto:pgollucci@p6m7g8.com] Sent: 16 March 2010 23:54 To: Chris Cc: apache@freebsd.org Subject: Re: FreeBSD Port: www/apache22 On 03/16/10 23:43, Chris wrote: > ok thanks for the info, am I right then that the security announcements are > not a concern if I have openssl up to date? All of the ssl stuff is moot unless you actually do client side renegotiation. And then you need to have openssl at 0.9.8m and www/apache22 compiled against it not the one in base unless you're on stable/8, head. I don't recall if releng/7 or stable/7 have it in base. http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 is 'sufficient' until 2.2.15 is in the tree. -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 VP Apache Infrastructure; Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. System Admin, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4950 (20100316) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com