From owner-freebsd-apache@FreeBSD.ORG  Wed Aug 18 19:41:05 2004
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
Delivered-To: freebsd-apache@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5759B16A4CE
	for <apache@FreeBSD.org>; Wed, 18 Aug 2004 19:41:05 +0000 (GMT)
Received: from goofy.cultdeadsheep.org (charon.cultdeadsheep.org
	[80.65.226.72])	by mx1.FreeBSD.org (Postfix) with SMTP id C1DBE43D2D
	for <apache@FreeBSD.org>; Wed, 18 Aug 2004 19:41:03 +0000 (GMT)
	(envelope-from sheepkiller@cultdeadsheep.org)
Received: (qmail 66976 invoked by uid 89); 18 Aug 2004 21:41:03 +0200
Received: from sheepkiller@cultdeadsheep.org by goofy.cultdeadsheep.org by uid
	89 with qmail-scanner-1.22 
	(clamdscan: 0.74. spamassassin: 2.63.   Clear:RC:1(192.168.0.8):. 
	Processed in 0.094763 secs); 18 Aug 2004 19:41:03 -0000
X-Qmail-Scanner-Mail-From: sheepkiller@cultdeadsheep.org via
	goofy.cultdeadsheep.org
X-Qmail-Scanner: 1.22 (Clear:RC:1(192.168.0.8):. Processed in 0.094763 secs)
Received: from unknown (HELO persephone.cultdeadsheep.org) (192.168.0.8)
  by goofy.cultdeadsheep.org with SMTP; 18 Aug 2004 21:41:02 +0200
Received: (qmail 77596 invoked from network); 18 Aug 2004 21:39:26 +0200
Received: from unknown (HELO satan.cultdeadsheep.org) (192.168.0.4)
  by persephone.cultdeadsheep.org with SMTP; 18 Aug 2004 21:39:26 +0200
Date: Wed, 18 Aug 2004 21:40:42 +0200
From: Clement Laforet <sheepkiller@cultdeadsheep.org>
To: apache@FreeBSD.org
Message-Id: <20040818214042.29ce32c0.sheepkiller@cultdeadsheep.org>
Organization: tH3 cUlt 0f tH3 d3@d sH33p
X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha1";
 boundary="Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W"
Subject: Fw: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files
 patch-secfix-modules:ssl:ssl_engine_io.c
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
	<mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
	<mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2004 19:41:05 -0000

--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

FYI,

Begin forwarded message:

Date: Wed, 18 Aug 2004 19:40:07 +0000 (UTC)
From: Clement Laforet <clement@FreeBSD.org>
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c


clement     2004-08-18 19:40:07 UTC

  FreeBSD ports repository

  Modified files:
    www/apache2          Makefile 
  Added files:
    www/apache2/files    patch-secfix-modules:ssl:ssl_engine_io.c 
  Log:
  - Backport security fixes in ssl_engine_io.c
  
  * [SECURITY] mod_ssl: Fix potential input filter segfaults in
    SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
    "This issue has possible security implications; it's been assigned CVE
    CAN-2004-0751 (cve.mitre.org)."
    http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
  
  * [SECURITY] mod_ssl: Fix potential infinite loop.
    (potential infinite loop in ssl_io_input_getline if connection is
    aborted without inctx->rc being set.)
    http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
    http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
  
  Obtained from:  Apache CVS (httpd-2.0 HEAD)
  
  Revision  Changes    Path
  1.197     +1 -1      ports/www/apache2/Makefile
  1.1       +34 -0     ports/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c (new)



--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBI7C9sRhfjwcjuh0RAr0fAKC8nWsagSlVJD/wAOpHnOIp48ai+gCgiBAa
60mi7PsehwRphKH5nxglCGc=
=889w
-----END PGP SIGNATURE-----

--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W--