You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2013/11/13 17:58:21 UTC
svn commit: r3508 [1/3] - /dev/httpd/
Author: jim
Date: Wed Nov 13 16:58:17 2013
New Revision: 3508
Log:
prerelease tarballs of 2.2.26
Added:
dev/httpd/CHANGES_2.2
dev/httpd/CHANGES_2.2.26
dev/httpd/httpd-2.2.26.tar.bz2 (with props)
dev/httpd/httpd-2.2.26.tar.bz2.asc (with props)
dev/httpd/httpd-2.2.26.tar.bz2.md5
dev/httpd/httpd-2.2.26.tar.bz2.sha1
dev/httpd/httpd-2.2.26.tar.gz (with props)
dev/httpd/httpd-2.2.26.tar.gz.asc (with props)
dev/httpd/httpd-2.2.26.tar.gz.md5
dev/httpd/httpd-2.2.26.tar.gz.sha1
Removed:
dev/httpd/httpd-2.4.6-deps.tar.bz2
dev/httpd/httpd-2.4.6-deps.tar.bz2.asc
dev/httpd/httpd-2.4.6-deps.tar.bz2.md5
dev/httpd/httpd-2.4.6-deps.tar.bz2.sha1
dev/httpd/httpd-2.4.6-deps.tar.gz
dev/httpd/httpd-2.4.6-deps.tar.gz.asc
dev/httpd/httpd-2.4.6-deps.tar.gz.md5
dev/httpd/httpd-2.4.6-deps.tar.gz.sha1
dev/httpd/httpd-2.4.6.tar.bz2
dev/httpd/httpd-2.4.6.tar.bz2.asc
dev/httpd/httpd-2.4.6.tar.bz2.md5
dev/httpd/httpd-2.4.6.tar.bz2.sha1
dev/httpd/httpd-2.4.6.tar.gz
dev/httpd/httpd-2.4.6.tar.gz.asc
dev/httpd/httpd-2.4.6.tar.gz.md5
dev/httpd/httpd-2.4.6.tar.gz.sha1
Modified:
dev/httpd/Announcement2.2.html
dev/httpd/Announcement2.2.txt
Modified: dev/httpd/Announcement2.2.html
==============================================================================
--- dev/httpd/Announcement2.2.html (original)
+++ dev/httpd/Announcement2.2.html Wed Nov 13 16:58:17 2013
@@ -15,38 +15,13 @@
<img src="../../images/apache_sub.gif" alt="" />
<h1>
- Apache HTTP Server 2.2.25 Released
+ Apache HTTP Server 2.2.26 Released
</h1>
<p>
The Apache Software Foundation and the Apache HTTP Server Project are
- pleased to announce the release of version 2.2.25 of the Apache HTTP
- Server ("Apache"). This version of Apache is principally a security
- and bug fix maintenance release, including the following security fixes:
-</p>
-<ul>
- <li>SECURITY: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a> (cve.mitre.org)
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
- with the source href (sent as part of the request body as XML) pointing
- to a URI that is not configured for DAV will trigger a segfault.
- </li>
- <li>SECURITY: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a> (cve.mitre.org)
- mod_rewrite: Ensure that client data written to the RewriteLog is
- escaped to prevent terminal escape sequences from entering the
- log file.
- </li>
-</ul>
-<p>
- The Apache HTTP Project thanks Ben Riser and Ramiro Molina for bringing
- these issues to the attention of the project security team.
-</p>
-<p>
- Erratta; the build is known to fail against OpenSSL when that library
- is built to provide no SSLv2 support whatsoever. The following patch
- will successfully build httpd 2.2.25 against such OpenSSL installations:
-<dl>
- <dd><a href="http://svn.apache.org/viewvc?view=revision&revision=1500108"
- >http://svn.apache.org/viewvc?view=revision&revision=1500108</a></dd>
-</dl>
+ pleased to announce the release of version 2.2.26 of the Apache HTTP
+ Server ("Apache"). This version of Apache is principally a bug fix
+ maintenance release.
</p>
<p>
We consider the Apache HTTP Server 2.4 release to be the best version
@@ -59,7 +34,7 @@
</dl>
</p>
<p>
- Apache HTTP Server 2.4 and 2.2.25 are available for download from:
+ Apache HTTP Server 2.4 and 2.2.26 are available for download from:
</p>
<dl>
<dd><a href="http://httpd.apache.org/download.cgi"
@@ -67,7 +42,7 @@
</dl>
<p>
Please see the CHANGES_2.2 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.2.25 includes only
+ full list of changes. A condensed list, CHANGES_2.2.26 includes only
those changes introduced since the prior 2.2 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
Modified: dev/httpd/Announcement2.2.txt
==============================================================================
--- dev/httpd/Announcement2.2.txt (original)
+++ dev/httpd/Announcement2.2.txt Wed Nov 13 16:58:17 2013
@@ -1,28 +1,9 @@
- Apache HTTP Server 2.2.25 Released
+ Apache HTTP Server 2.2.26 Released
The Apache Software Foundation and the Apache HTTP Server Project are
- pleased to announce the release of version 2.2.25 of the Apache HTTP
- Server ("Apache"). This version of Apache is principally a security
- and bug fix maintenance release, including the following security fixes:
-
- * SECURITY: CVE-2013-1896 (cve.mitre.org)
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
- with the source href (sent as part of the request body as XML) pointing
- to a URI that is not configured for DAV will trigger a segfault.
-
- * SECURITY: CVE-2013-1862 (cve.mitre.org)
- mod_rewrite: Ensure that client data written to the RewriteLog is
- escaped to prevent terminal escape sequences from entering the
- log file.
-
- The Apache HTTP Project thanks Ben Riser and Ramiro Molina for bringing
- these issues to the attention of the project security team.
-
- Erratta; the build is known to fail against OpenSSL when that library
- is built to provide no SSLv2 support whatsoever. The following patch
- will successfully build httpd 2.2.25 against such OpenSSL installations:
-
- http://svn.apache.org/viewvc?view=revision&revision=1500108
+ pleased to announce the release of version 2.2.26 of the Apache HTTP
+ Server ("Apache"). This version of Apache is principally a bug fix
+ maintenance release.
We consider the Apache HTTP Server 2.4 release to be the best version
of Apache available, and encourage users of 2.2 and all prior versions
@@ -31,12 +12,12 @@
http://www.apache.org/dist/httpd/Announcement2.4.txt
- Apache HTTP Server 2.4 and 2.2.25 are available for download from:
+ Apache HTTP Server 2.4 and 2.2.26 are available for download from:
http://httpd.apache.org/download.cgi
Please see the CHANGES_2.2 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.2.25 includes only
+ full list of changes. A condensed list, CHANGES_2.2.26 includes only
those changes introduced since the prior 2.2 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available: