httpd-2.0.43-alpha candidates available...

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

for testing from http://httpd.apache.org/dev/dist/ in your preferred
.tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
the msvc makefiles.)

We expect to release this image due to two minor security
exposures sometime around noon PDT today, Oct 3rd.

Your participation in testing this release candidate is appreciated,
as always.  Thanks for your ongoing subscription to current or
stable testers.

Bill

Re: httpd-2.0.43-alpha candidates available...

[Jeff Trawick <tr...@attglobal.net>]

"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:

> For this release, will you write a one-liner (much like I'm writing for
> the present logio docs and missing logio module), recommending
> that change and documenting the option?
> 
> We can get this into Announcement, presuming the majority goes
> with 'release as is' which seems to be the current tide.

Try this:

Users of this release of Apache on Darwin 6.1 (including Mac OS X
10.2, a.k.a. "Jaguar") must add --disable-ipv6 to the configure
invocation to avoid a potential security exposure related to the IPv6
support in current versions of Darwin.

-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...

Re: httpd-2.0.43-alpha candidates available...

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

For this release, will you write a one-liner (much like I'm writing for
the present logio docs and missing logio module), recommending
that change and documenting the option?

We can get this into Announcement, presuming the majority goes
with 'release as is' which seems to be the current tide.

Bill

At 08:43 AM 10/3/2002, Jeff Trawick wrote:
>"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
>
>> for testing from http://httpd.apache.org/dev/dist/ in your preferred
>> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
>> the msvc makefiles.)
>> 
>> We expect to release this image due to two minor security
>> exposures sometime around noon PDT today, Oct 3rd.
>
>IMHO, IPv6 support needs to be disabled in Darwin for the next release
>(see thread "Deny from hostname broken in 2.0 on MacOSX 10.2").
>
>I'm about to post an APR patch to the other thread.
>
>-- 
>Jeff Trawick | trawick@attglobal.net
>Born in Roswell... married an alien...

Re: httpd-2.0.43-alpha candidates available...

[Henning Brauer <hb...@bsws.de>]

On Thu, Oct 03, 2002 at 07:59:19AM -0500, William A. Rowe, Jr. wrote:
>  [x]  release 2.0.43 GA as is

Re: httpd-2.0.43-alpha candidates available...

["Paul J. Reder" <re...@remulak.net>]

I vote with Thom. Test and release it. Better to have secure tested
code with confusing docs.

Thom May wrote:

> * William A. Rowe, Jr. (wrowe@rowe-clan.net) wrote :
> 
>>You are right.
>>
>>Folks, please vote (for the next hour or so) for one of the following
>>(everyone is welcome to vote here...)
>>
>> [x]  release 2.0.43 GA as is
>> [ ]  roll 2.0.44 again, plus mod_logio.c
>> [ ]  roll 2.0.44 again, minus mod_logio docs
>>
>>I'll tally within a few hours so we can stay on some sort of schedule,
>>since the cross site vulnerability was announced yesterday, we are
>>trying to announce the GA release 7 hours from now.
>>
>>
> I don't see this as a huge problem, to be honest. I think it's probably more
> important to get a .43 release out which has had at least some testing
> rather than reroll with changes...
> -Thom
> 
> 
> 


-- 
Paul J. Reder
-----------------------------------------------------------
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it.  Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure."
-- Albert Einstein

Re: httpd-2.0.43-alpha candidates available...

[Thom May <th...@planetarytramp.net>]

* William A. Rowe, Jr. (wrowe@rowe-clan.net) wrote :
> You are right.
> 
> Folks, please vote (for the next hour or so) for one of the following
> (everyone is welcome to vote here...)
> 
>  [x]  release 2.0.43 GA as is
>  [ ]  roll 2.0.44 again, plus mod_logio.c
>  [ ]  roll 2.0.44 again, minus mod_logio docs
> 
> I'll tally within a few hours so we can stay on some sort of schedule,
> since the cross site vulnerability was announced yesterday, we are
> trying to announce the GA release 7 hours from now.
> 
I don't see this as a huge problem, to be honest. I think it's probably more
important to get a .43 release out which has had at least some testing
rather than reroll with changes...
-Thom

Re: httpd-2.0.43-alpha candidates available...

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

You are right.

Folks, please vote (for the next hour or so) for one of the following
(everyone is welcome to vote here...)

 [ ]  release 2.0.43 GA as is
 [ ]  roll 2.0.44 again, plus mod_logio.c
 [ ]  roll 2.0.44 again, minus mod_logio docs

I'll tally within a few hours so we can stay on some sort of schedule,
since the cross site vulnerability was announced yesterday, we are
trying to announce the GA release 7 hours from now.

Bill

At 02:47 AM 10/3/2002, Bojan Smojver wrote:
>Somehow the mod_logio.xml and mod_logio.html.en files have gone in but the
>actual module didn't. That might confuse a few people...
>
>Bojan
>
>Quoting "William A. Rowe, Jr." <wr...@rowe-clan.net>:
>
>> for testing from http://httpd.apache.org/dev/dist/ in your preferred
>> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
>> the msvc makefiles.)
>> 
>> We expect to release this image due to two minor security
>> exposures sometime around noon PDT today, Oct 3rd.
>> 
>> Your participation in testing this release candidate is appreciated,
>> as always.  Thanks for your ongoing subscription to current or
>> stable testers.
>> 
>> Bill

Re: httpd-2.0.43-alpha candidates available...

[Jeff Trawick <tr...@attglobal.net>]

"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:

> for testing from http://httpd.apache.org/dev/dist/ in your preferred
> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
> the msvc makefiles.)
> 
> We expect to release this image due to two minor security
> exposures sometime around noon PDT today, Oct 3rd.

IMHO, IPv6 support needs to be disabled in Darwin for the next release
(see thread "Deny from hostname broken in 2.0 on MacOSX 10.2").

I'm about to post an APR patch to the other thread.

-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...

Re: httpd-2.0.43-alpha candidates available...

[gr...@apache.org]

"William A. Rowe, Jr." wrote:
> 
> for testing from http://httpd.apache.org/dev/dist/ in your preferred
> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
> the msvc makefiles.)

It's been running for about 20 minutes on daedalus - looks fine.

Greg

Re: httpd-2.0.43-alpha candidates available...

[Bojan Smojver <bo...@rexursive.com>]

Somehow the mod_logio.xml and mod_logio.html.en files have gone in but the
actual module didn't. That might confuse a few people...

Bojan

Quoting "William A. Rowe, Jr." <wr...@rowe-clan.net>:

> for testing from http://httpd.apache.org/dev/dist/ in your preferred
> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
> the msvc makefiles.)
> 
> We expect to release this image due to two minor security
> exposures sometime around noon PDT today, Oct 3rd.
> 
> Your participation in testing this release candidate is appreciated,
> as always.  Thanks for your ongoing subscription to current or
> stable testers.
> 
> Bill