The local version of Apache is a forked version of 1.3.29.. security vulnerabilities are backported from newer versions and are made available in the -STABLE branches, and on the errata pages respectfully.
It is a fork because the OpenBSD developers have preformed their own audits and changes to the code, it is not a vanilla copy of Apache 1.3.29.
As had been reiterated countless times on this forum, OpenBSD requires a certain level of user maintenance.. it is your responsibly to monitor the errata page for bug fixes and to update your copy of the source manually, there is no automatic update functionality, nor should there be one either.
Hope that helps.
|