Security Pullup - requested by Matthias Scheler
security fix for ap-ssl
Modified Files:
pkgsrc/www/ap-ssl: Makefile distinfo
Log Message:
Update "ap-ssl" package to version 2.8.20. Changes since version 2.8.19:
- With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).
- Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
To generate a diff of this commit:
cvs rdiff -r1.83 -r1.84 pkgsrc/www/ap-ssl/Makefile
cvs rdiff -r1.22 -r1.23 pkgsrc/www/ap-ssl/distinfo