FreeBSD Port: www/apache22
Chris
chris at chrysalisnet.org
Thu Mar 18 14:46:30 UTC 2010
hi again.
is it not possible to bump apache without updating apr? using the same apr
as in 2.2.14? I see 4 security notices against 2.2.14 which makes me
worried. I thought freebsd ports allowed commits for security reasons
during a freeze/slush.
-----Original Message-----
From: Philip M. Gollucci [mailto:pgollucci at p6m7g8.com]
Sent: 16 March 2010 23:54
To: Chris
Cc: apache at freebsd.org
Subject: Re: FreeBSD Port: www/apache22
On 03/16/10 23:43, Chris wrote:
> ok thanks for the info, am I right then that the security announcements
are
> not a concern if I have openssl up to date?
All of the ssl stuff is moot unless you actually do client side
renegotiation.
And then you need to have openssl at 0.9.8m and www/apache22 compiled
against it not the one in base unless you're on stable/8, head. I don't
recall if releng/7 or stable/7 have it in base.
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
is 'sufficient' until 2.2.15 is in the tree.
--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer, FreeBSD Foundation
Consultant, P6M7G8 Inc.
Sr. System Admin, Ridecharge Inc.
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4950 (20100316) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
More information about the freebsd-apache
mailing list