source-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <source-changes@netbsd.org>
From: Johnny C. Lam <jlam@netbsd.org>
List: source-changes
Date: 09/12/2000 17:05:17
Module Name:	pkgsrc
Committed By:	jlam
Date:		Tue Sep 12 14:05:17 UTC 2000

Modified Files:
	pkgsrc/www/ap-ssl: Makefile
	pkgsrc/www/ap-ssl/files: md5 patch-sum
	pkgsrc/www/ap-ssl/patches: patch-aa
	pkgsrc/www/ap-ssl/pkg: MESSAGE PLIST
Added Files:
	pkgsrc/www/ap-ssl/files: README.mkcert
	pkgsrc/www/ap-ssl/patches: patch-ab

Log Message:
Update ap-ssl to 2.6.6.  Important fixes for memory leaks and segfaults.
Also make me the maintainer.  Relevant changes from version 2.6.3:

   -) Install ${sbindir}/mkcert.sh to ease generation of SSL certificates.

   *) Fixed server restarts: Under non-DSO run-time situation, the
      OpenSSL library was shutdown (and never re-initialized) and this
      way caused segfaults on server restarts. This affected only
      installations where mod_ssl+OpenSSL were built as a static module
      instead of a DSO. This nasty bug was unfortunately introduced in
      2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix.

   *) Various typo fixes in user manual.

   *) Removed more memory leaks by freeing even more stuff
      from the OpenSSL toolkit on module shutdown.

   *) Added missing TLSv1, EXP40 and EXP56 keywords to
      ssl_reference's documentation of SSLCipherSuite.

   *) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.)
      to the FAQ entry about MSIE errors.

   *) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid
      MSIE5.x problems in advance.

   *) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments
      which is especially important for the Win32 environment.

   *) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all"

   *) Removed a left-over ssl_scache_expire() call in ssl_scache_init()
      which made the life of vendors complicated.

   *) Allow more fine-tuned overriding of ap_server_root_relative calls
      by providing the context of the call.

   *) Added Equifax Secure CA certificates to ca-bundle.crt.

   *) Let the pass phrase dialog force the prompt to occur only once
      (no verification step), because mod_ssl uses the dialog only for
      pass phrases which are required for reading private keys. This as a
      side-effect should fix a problem under Win32 where a second prompt
      occured for unknown reasons.

   *) Added more compatibility to Stronghold v2's SSL_SessionCache.

   *) Added two more EAPI hools under SSL_VENDOR: one for overriding
      ap_server_root_relative calls and one for hooking into the server
      configuration step.

   *) Fixed SSL display for mod_status in `short report' situation.

   *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
      support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL.


To generate a diff of this commit:
cvs rdiff -r1.20 -r1.21 pkgsrc/www/ap-ssl/Makefile
cvs rdiff -r0 -r1.1 pkgsrc/www/ap-ssl/files/README.mkcert
cvs rdiff -r1.6 -r1.7 pkgsrc/www/ap-ssl/files/md5
cvs rdiff -r1.4 -r1.5 pkgsrc/www/ap-ssl/files/patch-sum
cvs rdiff -r1.4 -r1.5 pkgsrc/www/ap-ssl/patches/patch-aa
cvs rdiff -r0 -r1.1 pkgsrc/www/ap-ssl/patches/patch-ab
cvs rdiff -r1.3 -r1.4 pkgsrc/www/ap-ssl/pkg/MESSAGE
cvs rdiff -r1.4 -r1.5 pkgsrc/www/ap-ssl/pkg/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.