apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r791611 - in /apr/site/trunk: dist/Announcement1.3.html dist/Announcement1.3.txt dist/HEADER.html dist/README.html doap.rdf xdocs/download.xml xdocs/index.xml
Date Mon, 06 Jul 2009 20:55:19 GMT
Author: wrowe
Date: Mon Jul  6 20:55:19 2009
New Revision: 791611

URL: http://svn.apache.org/viewvc?rev=791611&view=rev
Log:
Begin phasing release

Modified:
    apr/site/trunk/dist/Announcement1.3.html
    apr/site/trunk/dist/Announcement1.3.txt
    apr/site/trunk/dist/HEADER.html
    apr/site/trunk/dist/README.html
    apr/site/trunk/doap.rdf
    apr/site/trunk/xdocs/download.xml
    apr/site/trunk/xdocs/index.xml

Modified: apr/site/trunk/dist/Announcement1.3.html
URL: http://svn.apache.org/viewvc/apr/site/trunk/dist/Announcement1.3.html?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/dist/Announcement1.3.html (original)
+++ apr/site/trunk/dist/Announcement1.3.html Mon Jul  6 20:55:19 2009
@@ -3,17 +3,17 @@
  <head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
        <meta name="author" content="APR" /><meta name="email" content="dev@apr.apache.org"
/>
-    <title>Apache Portable Runtime 1.3.3 Released</title>
+    <title>Apache Portable Runtime 1.3.6 and APR-Utility 1.3.8 Released</title>
  </head>
  <body bgcolor="#ffffff" text="#000000" link="#525D76">
 <p><a href="http://apr.apache.org/"><img src="http://apr.apache.org/images/apr_logo_wide.png"
alt="The Apache Portable Runtime Project" border="0"/></a></p>
 
-<h1>Apache Portable Runtime 1.3.5 and APR-Utility 1.3.7 Released</h1>
+<h1>Apache Portable Runtime 1.3.6 and APR-Utility 1.3.8 Released</h1>
 
 <p>The Apache Software Foundation and the Apache Portable Runtime
    Project are proud to announce the General Availability of
-   version 1.3.5 of the APR Apache Portable Runtime library, and
-   version 1.3.7 of the companion APR-util Apache Portable Utility
+   version 1.3.6 of the APR Apache Portable Runtime library, and
+   version 1.3.8 of the companion APR-util Apache Portable Utility
    library.</p>
 
 <p>The corresponding version 1.2.1 of the companion APR-iconv library,
@@ -27,33 +27,15 @@
     >http://apr.apache.org/download.cgi</a></dd>
 </dl>
 
-<p>This version of APR is a security and bug fix release, including
+<p>This version of APR is primarily a bug fix release, including
    fixes for specific platforms' configuration, feature detection,
    and run time behavior.  Most developers and users are encouraged
    to adopt the latest APR 1.x version to ensure the most comprehensive 
    support and access to the latest features and enhancements.</p>
 
-<p>The security fixes in the APR-util library release 1.3.7 must be
-   evaluated  in the context of how APR-consuming applications use them
-   to determine if the application provides untrusted input to these
-   specific functions, to determine if they represent vulnerabilities
-   to the specific application.  Refer questions to such APR-consuming
-   projects for further guidance.  These fixes (which are similarly
-   corrected in the concurrent APR-util 0.9.17 release) include;</p>
-
-<ul>
-  <li>Fixed a denial of service attack against the apr_xml_* interface
-      using the "billion laughs" entity expansion technique.
-      [Joe Orton]
-  </li>
-  <li>CVE-2009-0023 (cve.mitre.org);
-      Fixed an underflow from the match pattern to apr_strmatch_precompile.
-      [Matthew Palmer <mpalmer debian.org>]
-  </li>
-  <li>Fixed an off by one overflow in apr_brigade_vprintf.
-      [C. Michael Pilato <cmpilato collab.net>]
-  </li>
-</ul>
+<p>Note that the APR-util library release 1.3.7 introduced security fixes,
+   users of prior versions are strongly cautioned to upgrade to a later
+   release.</p>
 
 <p>The mission of the Apache Portable Runtime Project is to create
    and maintain software libraries that provide a predictable and

Modified: apr/site/trunk/dist/Announcement1.3.txt
URL: http://svn.apache.org/viewvc/apr/site/trunk/dist/Announcement1.3.txt?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/dist/Announcement1.3.txt (original)
+++ apr/site/trunk/dist/Announcement1.3.txt Mon Jul  6 20:55:19 2009
@@ -1,9 +1,9 @@
-   Apache Portable Runtime 1.3.5 and APR-Utility 1.3.7 Released
+   Apache Portable Runtime 1.3.6 and APR-Utility 1.3.8 Released
 
    The Apache Software Foundation and the Apache Portable Runtime
    Project are proud to announce the General Availability of
-   version 1.3.5 of the APR Apache Portable Runtime library, and
-   version 1.3.7 of the companion APR-util Apache Portable Utility
+   version 1.3.6 of the APR Apache Portable Runtime library, and
+   version 1.3.8 of the companion APR-util Apache Portable Utility
    library.
 
    The corresponding version 1.2.1 of the companion APR-iconv library,
@@ -14,30 +14,15 @@
 
      http://apr.apache.org/download.cgi
 
-   This version of APR is a security and bug fix release, including
+   This version of APR is a primarily a bug fix release, including
    fixes for specific platforms' configuration, feature detection,
    and run time behavior.  Most developers and users are encouraged
    to adopt the latest APR 1.x version to ensure the most comprehensive 
    support and access to the latest features and enhancements.
 
-   The security fixes in the APR-util library release 1.3.7 must be
-   evaluated  in the context of how APR-consuming applications use them
-   to determine if the application provides untrusted input to these
-   specific functions, to determine if they represent vulnerabilities
-   to the specific application.  Refer questions to such APR-consuming
-   projects for further guidance.  These fixes (which are similarly
-   corrected in the concurrent APR-util 0.9.17 release) include;
-
-    * Fixed a denial of service attack against the apr_xml_* interface
-      using the "billion laughs" entity expansion technique.
-      [Joe Orton]
-
-    * CVE-2009-0023 (cve.mitre.org);
-      Fixed an underflow from the match pattern to apr_strmatch_precompile.
-      [Matthew Palmer <mpalmer debian.org>]
-
-    * Fixed an off by one overflow in apr_brigade_vprintf.
-      [C. Michael Pilato <cmpilato collab.net>]
+   Note that the APR-util library release 1.3.7 introduced security fixes,
+   users of prior versions are strongly cautioned to upgrade to a later
+   release.
 
    The mission of the Apache Portable Runtime Project is to create
    and maintain software libraries that provide a predictable and

Modified: apr/site/trunk/dist/HEADER.html
URL: http://svn.apache.org/viewvc/apr/site/trunk/dist/HEADER.html?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/dist/HEADER.html (original)
+++ apr/site/trunk/dist/HEADER.html Mon Jul  6 20:55:19 2009
@@ -12,8 +12,8 @@
 
 <ul>
 <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
-<li><a href="#apr">APR 1.3.5 is the latest available version</a></li>
-<li><a href="#aprutil">APR-util 1.3.7 is the latest available version</a></li>
+<li><a href="#apr">APR 1.3.6 is the latest available version</a></li>
+<li><a href="#aprutil">APR-util 1.3.8 is the latest available version</a></li>
 <li><a href="#apriconv">APR-iconv 1.2.1 is the latest available version</a></li>
 <li><a href="#apr09">APR 0.9.18 is also available</a></li>
 <li><a href="#aprutil09">APR-util 0.9.17 is also available</a></li>

Modified: apr/site/trunk/dist/README.html
URL: http://svn.apache.org/viewvc/apr/site/trunk/dist/README.html?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/dist/README.html (original)
+++ apr/site/trunk/dist/README.html Mon Jul  6 20:55:19 2009
@@ -9,20 +9,25 @@
 </p>
 
 
-<h2><a name="apr">APR 1.3.5 is the latest available version</a></h2>
+<h2><a name="apr">APR 1.3.6 is the latest available version</a></h2>
 
 <p>
-    APR 1.3.5 has been released, and should be considered
+    APR 1.3.6 has been released, and should be considered
     "general availability".
 </p>
 
-<h2><a name="aprutil">APR-util 1.3.7 is the latest available version</a></h2>
+<h2><a name="aprutil">APR-util 1.3.8 is the latest available version</a></h2>
 
 <p>
-    APR-util 1.3.7 has been released, and should be considered 
+    APR-util 1.3.8 has been released, and should be considered 
     "general availability".
 </p>
 
+<p>
+    Note that APR-util 1.3.7 corrected a number of potential security issues,
+    users of all previous versions are cautioned to upgrade.
+</p>
+
 <h2><a name="apriconv">APR-iconv 1.2.1 is the latest available version</a></h2>
 
 <p>
@@ -45,6 +50,11 @@
     a bug-fix release for users requiring API or binary compatibility
     with previous APR-util 0.9 releases.
 </p>
+<p>
+    Note that APR-util 0.9.17 corrected a number of potential security issues,
+    users of all previous versions are cautioned to upgrade to this release,
+    or version 1.3.7 or later.
+</p>
 
 <h2><a name="apriconv09">APR-iconv 0.9.7 is also available</a></h2>
 

Modified: apr/site/trunk/doap.rdf
URL: http://svn.apache.org/viewvc/apr/site/trunk/doap.rdf?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/doap.rdf (original)
+++ apr/site/trunk/doap.rdf Mon Jul  6 20:55:19 2009
@@ -43,16 +43,16 @@
 
     <release>
       <Version>
-        <name>APR current release 1.3.5</name>
-        <created>2009-06-05</created>
-        <revision>1.3.5</revision>
+        <name>APR current release 1.3.6</name>
+        <created>2009-07-06</created>
+        <revision>1.3.6</revision>
       </Version>
     </release>
     <release>
       <Version>
-        <name>APR-util current release 1.3.7</name>
-        <created>2009-06-05</created>
-        <revision>1.3.7</revision>
+        <name>APR-util current release 1.3.8</name>
+        <created>2009-07-06</created>
+        <revision>1.3.8</revision>
       </Version>
     </release>
     <release>

Modified: apr/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewvc/apr/site/trunk/xdocs/download.xml?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/xdocs/download.xml (original)
+++ apr/site/trunk/xdocs/download.xml Mon Jul  6 20:55:19 2009
@@ -50,26 +50,26 @@
 
 <section id="apr1">
 
-<title>APR 1.3.5 is the best available version</title>
+<title>APR 1.3.6 is the best available version</title>
 
 <p>APR is the base portability library.</p>
 
 <ul>
 
 <li>Unix Source: 
-<a href="[preferred]/apr/apr-1.3.5.tar.gz">apr-1.3.5.tar.gz</a> 
-[<a href="http://www.apache.org/dist/apr/apr-1.3.5.tar.gz.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-1.3.5.tar.gz.md5">MD5</a>]</li>
+<a href="[preferred]/apr/apr-1.3.6.tar.gz">apr-1.3.6.tar.gz</a> 
+[<a href="http://www.apache.org/dist/apr/apr-1.3.6.tar.gz.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/apr/apr-1.3.6.tar.gz.md5">MD5</a>]</li>
 
 <li>Unix Source: 
-<a href="[preferred]/apr/apr-1.3.5.tar.bz2">apr-1.3.5.tar.bz2</a> 
-[<a href="http://www.apache.org/dist/apr/apr-1.3.5.tar.bz2.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-1.3.5.tar.bz2.md5">MD5</a>]</li>
+<a href="[preferred]/apr/apr-1.3.6.tar.bz2">apr-1.3.6.tar.bz2</a> 
+[<a href="http://www.apache.org/dist/apr/apr-1.3.6.tar.bz2.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/apr/apr-1.3.6.tar.bz2.md5">MD5</a>]</li>
 
 <li>Win32 Source: 
-<a href="[preferred]/apr/apr-1.3.5-win32-src.zip">apr-1.3.5-win32-src.zip</a>

-[<a href="http://www.apache.org/dist/apr/apr-1.3.5-win32-src.zip.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-1.3.5-win32-src.zip.md5">MD5</a>]
+<a href="[preferred]/apr/apr-1.3.6-win32-src.zip">apr-1.3.6-win32-src.zip</a>

+[<a href="http://www.apache.org/dist/apr/apr-1.3.6-win32-src.zip.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/apr/apr-1.3.6-win32-src.zip.md5">MD5</a>]
 </li>
 
 <li><a href="[preferred]/apr/">Other files</a></li>
@@ -80,32 +80,32 @@
 
 <section id="aprutil1">
 
-<title>APR-util 1.3.7 is the best available version</title>
+<title>APR-util 1.3.8 is the best available version</title>
 
 <p>APR-util provides a number of helpful abstractions on top of APR.
-   The 1.3.7 release provides a number of security fixes to previous 
-   released versions, and all users are strongly cautioned to update.</p>
+   The 1.3.7 release provided a number of security fixes, and all users
+   of previous releases are strongly cautioned to update.</p>
 
 <ul>
 
 <li>Unix Source: 
-<a href="[preferred]/apr/apr-util-1.3.7.tar.gz">apr-util-1.3.7.tar.gz</a> 
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7.tar.gz.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7.tar.gz.md5">MD5</a>]
+<a href="[preferred]/apr/apr-util-1.3.8.tar.gz">apr-util-1.3.8.tar.gz</a> 
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8.tar.gz.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8.tar.gz.md5">MD5</a>]
 </li>
 
 <li>Unix Source: 
-<a href="[preferred]/apr/apr-util-1.3.7.tar.bz2">apr-util-1.3.7.tar.bz2</a> 
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7.tar.bz2.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7.tar.bz2.md5">MD5</a>]
+<a href="[preferred]/apr/apr-util-1.3.8.tar.bz2">apr-util-1.3.8.tar.bz2</a> 
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8.tar.bz2.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8.tar.bz2.md5">MD5</a>]
 </li>
 
 <li>Windows Source: 
-<a href="[preferred]/apr/apr-util-1.3.7-win32-src.zip"
-   >apr-util-1.3.7-win32-src.zip</a> 
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7-win32-src.zip.asc"
+<a href="[preferred]/apr/apr-util-1.3.8-win32-src.zip"
+   >apr-util-1.3.8-win32-src.zip</a> 
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8-win32-src.zip.asc"
     >PGP</a>]
-[<a href="http://www.apache.org/dist/apr/apr-util-1.3.7-win32-src.zip.md5"
+[<a href="http://www.apache.org/dist/apr/apr-util-1.3.8-win32-src.zip.md5"
     >MD5</a>]</li>
 
 <li><a href="[preferred]/apr/">Other files</a></li>

Modified: apr/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewvc/apr/site/trunk/xdocs/index.xml?rev=791611&r1=791610&r2=791611&view=diff
==============================================================================
--- apr/site/trunk/xdocs/index.xml (original)
+++ apr/site/trunk/xdocs/index.xml Mon Jul  6 20:55:19 2009
@@ -18,14 +18,17 @@
 </section>
 
 <section id="1.3">
-<title>Apache Portable Runtime 1.3.5 and APR Utility 1.3.7 Released</title>
+<title>Apache Portable Runtime 1.3.6 and APR Utility 1.3.8 Released</title>
 
 <p>The Apache Portable Runtime Project is proud to announce the release of 
-the APR core library version 1.3.5 and the APR-util library version 1.3.7.
+the APR core library version 1.3.6 and the APR-util library version 1.3.8.
 The APR-iconv library release version 1.2.1 remains current.</p>
+
 <p>Note that the APR-util 1.3.7 release corrected a number of potential
-security issues and all users are strongly cautioned to update to this version. 
-For further details of this release, see the 
+security issues and users of previous versions are strongly cautioned 
+to update to the most recent release.</p>
+
+<p>For further details of this release, see the 
 <a href="http://www.apache.org/dist/apr/Announcement1.3.html"
  >official announcement</a> as well as the  
 <a href="http://www.apache.org/dist/apr/CHANGES-APR-1.3" >CHANGES-APR-1.3</a>,

@@ -54,7 +57,7 @@
 current.</p>
 <p>Note that the APR-util 0.9.17 release corrected a number of potential
 security issues and all users are strongly cautioned to update older APR-util
-components to this version, or to the APR-util release 1.3.7.
+components to this version, or to the APR-util release 1.3.7 or later.
 For further details of this legacy release, see the 
 <a href="http://www.apache.org/dist/apr/Announcement0.9.html"
  >official announcement</a>, as well as the 



Mime
View raw message