From owner-cvs-ports@FreeBSD.ORG  Wed Oct 13 09:17:39 2004
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 18A5016A4CE; Wed, 13 Oct 2004 09:17:39 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 0807B43D1F; Wed, 13 Oct 2004 09:17:39 +0000 (GMT)
	(envelope-from clement@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i9D9Hc0Q091153;
	Wed, 13 Oct 2004 09:17:38 GMT
	(envelope-from clement@repoman.freebsd.org)
Received: (from clement@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i9D9HcIi091152;
	Wed, 13 Oct 2004 09:17:38 GMT
	(envelope-from clement)
Message-Id: <200410130917.i9D9HcIi091152@repoman.freebsd.org>
From: Clement Laforet <clement@FreeBSD.org>
Date: Wed, 13 Oct 2004 09:17:38 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files
 patch-secfix-CAN-2004-0885
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Oct 2004 09:17:39 -0000

clement     2004-10-13 09:17:38 UTC

  FreeBSD ports repository

  Modified files:
    www/apache2          Makefile 
  Added files:
    www/apache2/files    patch-secfix-CAN-2004-0885 
  Log:
  - Yet Another Security Fix
    Fix CAN-2004-0885:
  
    * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
    correct cipher suite has been negotiated, else deny access.
  
    * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
    0.9.7, prevent session resumption during a renegotiation to force the
    client to negotiate a new (and acceptable) cipher suite.
  
  Credits:        Hartmut Keil, Joe Orton
  
  Revision  Changes    Path
  1.202     +1 -0      ports/www/apache2/Makefile
  1.1       +56 -0     ports/www/apache2/files/patch-secfix-CAN-2004-0885 (new)