Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Mar 2010 14:46:13 -0000
From:      "Chris" <chris@chrysalisnet.org>
To:        "'Philip M. Gollucci'" <pgollucci@p6m7g8.com>
Cc:        apache@freebsd.org
Subject:   RE: FreeBSD Port: www/apache22
Message-ID:  <028701cac6a9$c22cd090$468671b0$@org>
In-Reply-To: <4BA01A20.4070804@p6m7g8.com>
References:  <020701cac555$9f1c3b40$dd54b1c0$@org> <4BA01237.30500@p6m7g8.com> <4BA01288.8090206@p6m7g8.com> <020c01cac55f$ef4a0110$cdde0330$@org> <4BA01526.30809@p6m7g8.com> <020e01cac562$6d84b140$488e13c0$@org> <4BA01A20.4070804@p6m7g8.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
hi again.

is it not possible to bump apache without updating apr? using the same apr
as in 2.2.14?  I see 4 security notices against 2.2.14 which makes me
worried.  I thought freebsd ports allowed commits for security reasons
during a freeze/slush.

-----Original Message-----
From: Philip M. Gollucci [mailto:pgollucci@p6m7g8.com] 
Sent: 16 March 2010 23:54
To: Chris
Cc: apache@freebsd.org
Subject: Re: FreeBSD Port: www/apache22

On 03/16/10 23:43, Chris wrote:
> ok thanks for the info, am I right then that the security announcements
are
> not a concern if I have openssl up to date?

All of the ssl stuff is moot unless you actually do client side 
renegotiation.

And then you need to have openssl at 0.9.8m and www/apache22 compiled 
against it not the one in base unless you're on stable/8, head.  I don't 
recall if releng/7 or stable/7 have it in base.

http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

is 'sufficient' until 2.2.15 is in the tree.




-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4950 (20100316) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028701cac6a9$c22cd090$468671b0$>