You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2013/11/13 17:58:21 UTC

svn commit: r3508 [1/3] - /dev/httpd/

Author: jim
Date: Wed Nov 13 16:58:17 2013
New Revision: 3508

Log:
prerelease tarballs of 2.2.26

Added:
    dev/httpd/CHANGES_2.2
    dev/httpd/CHANGES_2.2.26
    dev/httpd/httpd-2.2.26.tar.bz2   (with props)
    dev/httpd/httpd-2.2.26.tar.bz2.asc   (with props)
    dev/httpd/httpd-2.2.26.tar.bz2.md5
    dev/httpd/httpd-2.2.26.tar.bz2.sha1
    dev/httpd/httpd-2.2.26.tar.gz   (with props)
    dev/httpd/httpd-2.2.26.tar.gz.asc   (with props)
    dev/httpd/httpd-2.2.26.tar.gz.md5
    dev/httpd/httpd-2.2.26.tar.gz.sha1
Removed:
    dev/httpd/httpd-2.4.6-deps.tar.bz2
    dev/httpd/httpd-2.4.6-deps.tar.bz2.asc
    dev/httpd/httpd-2.4.6-deps.tar.bz2.md5
    dev/httpd/httpd-2.4.6-deps.tar.bz2.sha1
    dev/httpd/httpd-2.4.6-deps.tar.gz
    dev/httpd/httpd-2.4.6-deps.tar.gz.asc
    dev/httpd/httpd-2.4.6-deps.tar.gz.md5
    dev/httpd/httpd-2.4.6-deps.tar.gz.sha1
    dev/httpd/httpd-2.4.6.tar.bz2
    dev/httpd/httpd-2.4.6.tar.bz2.asc
    dev/httpd/httpd-2.4.6.tar.bz2.md5
    dev/httpd/httpd-2.4.6.tar.bz2.sha1
    dev/httpd/httpd-2.4.6.tar.gz
    dev/httpd/httpd-2.4.6.tar.gz.asc
    dev/httpd/httpd-2.4.6.tar.gz.md5
    dev/httpd/httpd-2.4.6.tar.gz.sha1
Modified:
    dev/httpd/Announcement2.2.html
    dev/httpd/Announcement2.2.txt

Modified: dev/httpd/Announcement2.2.html
==============================================================================
--- dev/httpd/Announcement2.2.html (original)
+++ dev/httpd/Announcement2.2.html Wed Nov 13 16:58:17 2013
@@ -15,38 +15,13 @@
 <img src="../../images/apache_sub.gif" alt="" />
 
 <h1>
-                       Apache HTTP Server 2.2.25 Released
+                       Apache HTTP Server 2.2.26 Released
 </h1>
 <p>
    The Apache Software Foundation and the Apache HTTP Server Project are
-   pleased to announce the release of version 2.2.25 of the Apache HTTP
-   Server ("Apache").  This version of Apache is principally a security
-   and bug fix maintenance release, including the following security fixes:
-</p>
-<ul>
-  <li>SECURITY: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896">CVE-2013-1896</a> (cve.mitre.org)
-     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
-     with the source href (sent as part of the request body as XML) pointing
-     to a URI that is not configured for DAV will trigger a segfault.
-  </li>
-  <li>SECURITY: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862">CVE-2013-1862</a> (cve.mitre.org)
-     mod_rewrite: Ensure that client data written to the RewriteLog is
-     escaped to prevent terminal escape sequences from entering the
-     log file.
-  </li>
-</ul>
-<p>
-   The Apache HTTP Project thanks Ben Riser and Ramiro Molina for bringing
-   these issues to the attention of the project security team.
-</p>
-<p>
-   Erratta; the build is known to fail against OpenSSL when that library
-   is built to provide no SSLv2 support whatsoever.  The following patch
-   will successfully build httpd 2.2.25 against such OpenSSL installations:
-<dl>
-  <dd><a href="http://svn.apache.org/viewvc?view=revision&revision=1500108"
-              >http://svn.apache.org/viewvc?view=revision&revision=1500108</a></dd>
-</dl>
+   pleased to announce the release of version 2.2.26 of the Apache HTTP
+   Server ("Apache").  This version of Apache is principally a bug fix
+   maintenance release.
 </p>
 <p>
    We consider the Apache HTTP Server 2.4 release to be the best version
@@ -59,7 +34,7 @@
 </dl>
 </p>
 <p>
-   Apache HTTP Server 2.4 and 2.2.25 are available for download from:
+   Apache HTTP Server 2.4 and 2.2.26 are available for download from:
 </p>
 <dl>
   <dd><a href="http://httpd.apache.org/download.cgi"
@@ -67,7 +42,7 @@
 </dl>
 <p>
    Please see the CHANGES_2.2 file, linked from the download page, for a
-   full list of changes.  A condensed list, CHANGES_2.2.25 includes only
+   full list of changes.  A condensed list, CHANGES_2.2.26 includes only
    those changes introduced since the prior 2.2 release.  A summary of all 
    of the security vulnerabilities addressed in this and earlier releases 
    is available:

Modified: dev/httpd/Announcement2.2.txt
==============================================================================
--- dev/httpd/Announcement2.2.txt (original)
+++ dev/httpd/Announcement2.2.txt Wed Nov 13 16:58:17 2013
@@ -1,28 +1,9 @@
-                       Apache HTTP Server 2.2.25 Released
+                       Apache HTTP Server 2.2.26 Released
 
    The Apache Software Foundation and the Apache HTTP Server Project are
-   pleased to announce the release of version 2.2.25 of the Apache HTTP
-   Server ("Apache").  This version of Apache is principally a security
-   and bug fix maintenance release, including the following security fixes:
-
-   * SECURITY: CVE-2013-1896 (cve.mitre.org)
-     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
-     with the source href (sent as part of the request body as XML) pointing
-     to a URI that is not configured for DAV will trigger a segfault.
-
-   * SECURITY: CVE-2013-1862 (cve.mitre.org)
-     mod_rewrite: Ensure that client data written to the RewriteLog is
-     escaped to prevent terminal escape sequences from entering the
-     log file.
-
-   The Apache HTTP Project thanks Ben Riser and Ramiro Molina for bringing
-   these issues to the attention of the project security team.
-
-   Erratta; the build is known to fail against OpenSSL when that library
-   is built to provide no SSLv2 support whatsoever.  The following patch
-   will successfully build httpd 2.2.25 against such OpenSSL installations:
-
-     http://svn.apache.org/viewvc?view=revision&revision=1500108
+   pleased to announce the release of version 2.2.26 of the Apache HTTP
+   Server ("Apache").  This version of Apache is principally a bug fix
+   maintenance release.
 
    We consider the Apache HTTP Server 2.4 release to be the best version
    of Apache available, and encourage users of 2.2 and all prior versions
@@ -31,12 +12,12 @@
 
      http://www.apache.org/dist/httpd/Announcement2.4.txt
 
-   Apache HTTP Server 2.4 and 2.2.25 are available for download from:
+   Apache HTTP Server 2.4 and 2.2.26 are available for download from:
 
      http://httpd.apache.org/download.cgi
 
    Please see the CHANGES_2.2 file, linked from the download page, for a
-   full list of changes.  A condensed list, CHANGES_2.2.25 includes only
+   full list of changes.  A condensed list, CHANGES_2.2.26 includes only
    those changes introduced since the prior 2.2 release.  A summary of all 
    of the security vulnerabilities addressed in this and earlier releases 
    is available: