httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-dist/binaries/win32 README.html
Date Wed, 03 Apr 2002 20:48:09 GMT
wrowe       02/04/03 12:48:08

  Modified:    binaries/win32 README.html
  Log:
    New places to look for existing bug reports, new place to report bugs,
    and the afd.sys kb article is finally published.
  
  Revision  Changes    Path
  1.16      +31 -23    httpd-dist/binaries/win32/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /home/cvs/httpd-dist/binaries/win32/README.html,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- README.html	21 Mar 2002 22:15:40 -0000	1.15
  +++ README.html	3 Apr 2002 20:48:08 -0000	1.16
  @@ -17,25 +17,28 @@
   
   <p>If you will install Apache on Windows XP, be warned.  There is a known bug
      our users have identified; you may or may not encounter it yourself.  It
  -   is mitigated but possibly not eliminated with the Apache 1.3.24 release.  
  -   The effects of this bug within Apache 2.0 Beta are not yet observed.</p>
  +   is mitigated, but possibly not eliminated, with the Apache 1.3.24 release.  
  +   The effects of this bug within Apache 2.0 Beta have only been observed
  +   in conjunction with https SSL/TLS connections, but could occur in other
  +   contexts.</p>
   
   <p>It appears the combination of duplicating file handles between and parent
  -   and child process, in conjunction with blocking sends to the http client,
  -   may result in corrupted output.  You may not see this in MSIE, which tends
  -   to throw any error in the 'Cannot find server or DNS Error' category, rather
  -   than display the corruption.  You will only see this corruption over slower
  -   links, testing the local loopback generally reveals no corruption.  This is
  -   a potential security risk, since the random, corrupt data served may come
  -   from anywhere, such as the cache of buffered file pages, and these may
  -   include sensitive contents.</p>
  +   and child process, in conjunction with blocking sends to the http client
  +   may result in corrupted output.  You may not see corruption in MSIE, which 
  +   tends to throw any error in the 'Cannot find server or DNS Error' category, 
  +   rather than explaining the real error or display the corruption.  You will 
  +   only see this corruption over slower links, testing the local loopback 
  +   generally reveals no corruption.  This is a potential security risk, since 
  +   the random, corrupt data served may come from anywhere, such as the cache 
  +   of buffered file pages containing sensitive data.</p>
   
   <p>If you receive such errors on Windows XP using SSI scripting or PHP scripts,
      but not static pages, you are probably a victim of this bug.  It has been 
  -   reported to Microsoft, we understand they are preparing a hotfix for afd.sys
  -   that addresses this bug.  MSKB article Q317949 has been reserved for this 
  -   issue, you should be able to obtain this hotfix citing this [yet unpublished]
  -   Knowledge Base article.</p>
  +   reported to Microsoft, they have prepared a hotfix for afd.sys that 
  +   should resolve this bug.  MSKB article 
  +   <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q317949"
  +    >Q317949</a> addresses this bug, you should be able to obtain the hotfix 
  +   directly from Microsoft by citing this Knowledge Base article.</p>
   
   <h2><a name="stable">The current stable release is Apache 1.3.24</a></h2>
   
  @@ -87,16 +90,21 @@
      old Win32 packages we do not recommend.</p>
   
   <p>If you discover a bug, first research carefully if it has been already
  +   reported against version 2.0.32 in 
      <a href="http://bugs.apache.org/index.cgi/quick?PR=&quickfmt=regular&Category=any&Severity=any&Responsible=any&Class=any&State=any&search=text&qstring=2.0.32"
  -   >reported against version 2.0.32</a>.  This will save everyone much grief.
  -   If it was not reported <a href="http://bugs.apache.org/">report it 
  -   yourself</a>, but <em>please</em> note the Apache release -exactly-
as 2.0.32 
  -   so others can find your report.  <strong>Do not report configuration or install
  -   problems as bugs!</strong></p>
  -
  -<p>The <a href="http://httpd.apache.org/userslist.html">Apache users Mailing

  -   List</a> and the <a href="news:comp.infosystems.www.servers.ms-windows"
  -   >comp.infosystems.www.servers.ms-windows</a> newsgroup both provide peer support,
  +    >the old bugs database</a> or in
  +   <a href="http://nagoya.apache.org/bugzilla/buglist.cgi?product=Apache+httpd-2.0&version=2.0.32&cmdtype=doit"
  +    >the new bugzilla database</a>.  This will save everyone much grief.
  +   If it was not reported yet, please
  +   <a href="http://nagoya.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2.0"
  +    >report it yourself</a>, but <em>please</em> note the Apache release
-exactly- 
  +   as 2.0.32 so others can find your report.</p>
  +
  +<p><strong>Do not report configuration or installation questions as 
  +   bugs!</strong>  The <a href="http://httpd.apache.org/userslist.html">Apache

  +   User Support Mailing List</a> and the 
  +   <a href="news:comp.infosystems.www.servers.ms-windows"
  +    >comp.infosystems.www.servers.ms-windows</a> newsgroup both provide peer support,
      pose your question or problem on only one forum at a time.  If you do not follow 
      these guidelines, your reports and pleas for assistance will go unanswered.</p>
   
  
  
  

Mime
View raw message