httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stri...@apache.org
Subject cvs commit: httpd-site/xdocs download.xml index.xml
Date Tue, 29 Jun 2004 01:38:18 GMT
striker     2004/06/28 18:38:18

  Modified:    docs     download.html index.html
               xdocs    download.xml index.xml
  Log:
  Update site (not live) in preparation of 2.0.50.
  
  Revision  Changes    Path
  1.56      +20 -21    httpd-site/docs/download.html
  
  Index: download.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/download.html,v
  retrieving revision 1.55
  retrieving revision 1.56
  diff -u -r1.55 -r1.56
  --- download.html	29 May 2004 22:55:44 -0000	1.55
  +++ download.html	29 Jun 2004 01:38:17 -0000	1.56
  @@ -108,18 +108,16 @@
    <tr><td bgcolor="#828DA6">
     <font color="#ffffff" face="arial,helvetica,sanserif">
      <a name="apache20"><strong>Apache
  -2.0.49 is the best available version</strong></a>
  +2.0.50 is the best available version</strong></a>
     </font>
    </td></tr>
    <tr><td>
     <blockquote>
   <p>This release fixes security problems described in
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">
  -   CAN-2004-0174</a>,
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">
  -   CAN-2003-0020</a> and
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">
  -   CAN-2004-0113</a>.  It also contains bug fixes and some new features.
  +   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">
  +   CAN-2004-0493</a> and
  +   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">
  +   CAN-2004-0488</a>.  It also contains bug fixes and some new features.
      For details see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">Official
      Announcement</a> and the <a href="[preferred]/httpd/CHANGES_2.0">CHANGES_2.0</a>
list.</p>
   <p>Apache 2.0 add-in modules are not compatible with Apache 1.3 modules.
  @@ -129,27 +127,28 @@
   <ul>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.49.tar.gz">httpd-2.0.49.tar.gz</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.gz.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.gz.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.50.tar.gz">httpd-2.0.50.tar.gz</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.md5">MD5</a>]</li>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.49.tar.Z">httpd-2.0.49.tar.Z</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.Z.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.Z.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.50.tar.Z">httpd-2.0.50.tar.Z</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
   
  +<!--
   <li>Win32 Source:
  -<a href="[preferred]/httpd/httpd-2.0.49-win32-src.zip">httpd-2.0.49-win32-src.zip</a>

  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49-win32-src.zip.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49-win32-src.zip.md5">MD5</a>]
  +<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>

  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.md5">MD5</a>]
   </li>
   
   <li>Win32 Binary (MSI Installer): 
  -<a href="[preferred]/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi">apache_2.0.49-win32-x86-no_ssl.msi</a>
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi.md5">MD5</a>]
  +<a href="[preferred]/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi">apache_2.0.50-win32-x86-no_ssl.msi</a>
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
   </li>
  -
  +-->
   
   <li><a href="[preferred]/httpd/">Other files</a></li>
   
  @@ -229,7 +228,7 @@
   % gpg --verify apache_1.3.24.tar.gz.asc
   </code></p>
   <ul>
  -<li>httpd-2.0.49.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
  +<li>httpd-2.0.50.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
   <li>httpd-1.3.31.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
   </ul>
   <p>Alternatively, you can verify the MD5 signature on the files.  A
  
  
  
  1.78      +5 -37     httpd-site/docs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/index.html,v
  retrieving revision 1.77
  retrieving revision 1.78
  diff -u -r1.77 -r1.78
  --- index.html	29 Jun 2004 00:03:08 -0000	1.77
  +++ index.html	29 Jun 2004 01:38:17 -0000	1.78
  @@ -94,29 +94,6 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="bugnotice"><strong>Important Security Patch for 2.0</strong></a>
  -  </font>
  - </td></tr>
  - <tr><td>
  -  <blockquote>
  -<p>Vulnerability <a
  -href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>
  -has been announced by its discoverer, before 2.0.50 could be
  -released.  It is a remote exploit which allows an
  -attacker to cause the server to allocate increasing amounts of memory
  -until system memory is exhausted or until process limits are reached,
  -depending on the platform and configuration.</p>
  -<p>This problem will be resolved in 2.0.50.  To resolve this problem
  -with 2.0.47, 2.0.48 or 2.0.49, apply the patch at <a
  -href="http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch">
  -http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch</a>.</p>
  -<p>The patch has not been tested with earlier releases.</p>
  -  </blockquote>
  - </td></tr>
  -</table>
  -           <table border="0" cellspacing="0" cellpadding="2" width="100%">
  - <tr><td bgcolor="#525D76">
  -  <font color="#ffffff" face="arial,helvetica,sanserif">
      <a name="bugnotice"><strong>Important Bug Workaround for 2.0.48 and 1.3.29</strong></a>
     </font>
    </td></tr>
  @@ -150,7 +127,7 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="2.0.49"><strong>Apache 2.0.49 Released</strong></a>
  +   <a name="2.0.50"><strong>Apache 2.0.50 Released</strong></a>
     </font>
    </td></tr>
    <tr><td>
  @@ -160,19 +137,10 @@
   <a href="http://www.apache.org/dist/httpd/Announcement2.html.de">here</a>)
   </p>
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.49 addresses three security vulnerabilities:</p>
  -<p>When using multiple listening sockets, a denial of service attack
  -   is possible on some platforms due to a race condition in the
  -   handling of short-lived connections.  This issue is known to affect
  -   some versions of AIX, Solaris, and Tru64; it is known to not affect
  -   FreeBSD or Linux.<br />
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>]</code></p>
  -<p>Arbitrary client-supplied strings can be written to the error log
  -   which can allow exploits of certain terminal emulators.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>]</code></p>
  -<p>A remotely triggered memory leak in mod_ssl can allow a denial
  -   of service attack due to excessive memory consumption.<br />
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">CAN-2004-0113</a>]</code></p>
  +   note is that 2.0.50 addresses one security vulnerability:</p>
  +<p>A remotely triggered memory leak in http header parsing can allow a
  +   denial of service attack due to excessive memory consumption.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
   <p>For further details, see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
   <p align="center">
   <a href="download.cgi">Download</a> | 
  
  
  
  1.50      +20 -21    httpd-site/xdocs/download.xml
  
  Index: download.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/download.xml,v
  retrieving revision 1.49
  retrieving revision 1.50
  diff -u -r1.49 -r1.50
  --- download.xml	11 May 2004 19:40:57 -0000	1.49
  +++ download.xml	29 Jun 2004 01:38:17 -0000	1.50
  @@ -55,15 +55,13 @@
   
   
   <section id="apache20"><title>Apache
  -2.0.49 is the best available version</title>
  +2.0.50 is the best available version</title>
   
   <p>This release fixes security problems described in
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">
  -   CAN-2004-0174</a>,
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">
  -   CAN-2003-0020</a> and
  -   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">
  -   CAN-2004-0113</a>.  It also contains bug fixes and some new features.
  +   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">
  +   CAN-2004-0493</a> and
  +   <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">
  +   CAN-2004-0488</a>.  It also contains bug fixes and some new features.
      For details see the <a
      href="http://www.apache.org/dist/httpd/Announcement2.html">Official
      Announcement</a> and the <a
  @@ -77,27 +75,28 @@
   <ul>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.49.tar.gz">httpd-2.0.49.tar.gz</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.gz.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.gz.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.50.tar.gz">httpd-2.0.50.tar.gz</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.gz.md5">MD5</a>]</li>
   
   <li>Unix Source: 
  -<a href="[preferred]/httpd/httpd-2.0.49.tar.Z">httpd-2.0.49.tar.Z</a> 
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.Z.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49.tar.Z.md5">MD5</a>]</li>
  +<a href="[preferred]/httpd/httpd-2.0.50.tar.Z">httpd-2.0.50.tar.Z</a> 
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50.tar.Z.md5">MD5</a>]</li>
   
  +<!--
   <li>Win32 Source:
  -<a href="[preferred]/httpd/httpd-2.0.49-win32-src.zip">httpd-2.0.49-win32-src.zip</a>

  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49-win32-src.zip.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/httpd-2.0.49-win32-src.zip.md5">MD5</a>]
  +<a href="[preferred]/httpd/httpd-2.0.50-win32-src.zip">httpd-2.0.50-win32-src.zip</a>

  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/httpd-2.0.50-win32-src.zip.md5">MD5</a>]
   </li>
   
   <li>Win32 Binary (MSI Installer): 
  -<a href="[preferred]/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi">apache_2.0.49-win32-x86-no_ssl.msi</a>
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi.asc">PGP</a>]
  -[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.49-win32-x86-no_ssl.msi.md5">MD5</a>]
  +<a href="[preferred]/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi">apache_2.0.50-win32-x86-no_ssl.msi</a>
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.asc">PGP</a>]
  +[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.50-win32-x86-no_ssl.msi.md5">MD5</a>]
   </li>
  -
  +-->
   
   <li><a href="[preferred]/httpd/">Other files</a></li>
   
  @@ -185,7 +184,7 @@
   </code></p>
   
   <ul>
  -<li>httpd-2.0.49.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
  +<li>httpd-2.0.50.tar.gz is signed by Sander Striker <code>DE885DD3</code></li>
   <li>httpd-1.3.31.tar.gz is signed by Jim Jagielski <code>08C975E5</code></li>
   </ul>
   
  
  
  
  1.56      +6 -17     httpd-site/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
  retrieving revision 1.55
  retrieving revision 1.56
  diff -u -r1.55 -r1.56
  --- index.xml	12 May 2004 21:00:17 -0000	1.55
  +++ index.xml	29 Jun 2004 01:38:18 -0000	1.56
  @@ -69,8 +69,8 @@
   </p>
   </section>
   
  -<section id="2.0.49">
  -<title>Apache 2.0.49 Released</title>
  +<section id="2.0.50">
  +<title>Apache 2.0.50 Released</title>
   
   <p>The Apache HTTP Server Project is proud to <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> the
  @@ -79,22 +79,11 @@
   </p>
   
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.49 addresses three security vulnerabilities:</p>
  +   note is that 2.0.50 addresses one security vulnerability:</p>
   
  -<p>When using multiple listening sockets, a denial of service attack
  -   is possible on some platforms due to a race condition in the
  -   handling of short-lived connections.  This issue is known to affect
  -   some versions of AIX, Solaris, and Tru64; it is known to not affect
  -   FreeBSD or Linux.<br/>
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>]</code></p>
  -                                                                                      
                                                                                         
                    
  -<p>Arbitrary client-supplied strings can be written to the error log
  -   which can allow exploits of certain terminal emulators.<br/>
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>]</code></p>
  -                                                                                      
                                                                                         
                    
  -<p>A remotely triggered memory leak in mod_ssl can allow a denial
  -   of service attack due to excessive memory consumption.<br/>
  -   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">CAN-2004-0113</a>]</code></p>
  +<p>A remotely triggered memory leak in http header parsing can allow a
  +   denial of service attack due to excessive memory consumption.<br/>
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</a>]</code></p>
   
   <p>For further details, see the <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
  
  
  

Mime
View raw message