Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 99647 invoked from network); 18 Oct 2005 12:20:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Oct 2005 12:20:48 -0000 Received: (qmail 27721 invoked by uid 500); 18 Oct 2005 12:20:41 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 27703 invoked by uid 500); 18 Oct 2005 12:20:40 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 27692 invoked by uid 99); 18 Oct 2005 12:20:40 -0000 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 18 Oct 2005 05:20:39 -0700 Received: (qmail 98592 invoked by uid 65534); 18 Oct 2005 12:20:19 -0000 Message-ID: <20051018122019.98577.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r326094 - in /httpd/site/trunk: docs/download.html docs/index.html xdocs/download.xml Date: Tue, 18 Oct 2005 12:20:18 -0000 To: cvs@httpd.apache.org From: jim@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: jim Date: Tue Oct 18 05:20:13 2005 New Revision: 326094 URL: http://svn.apache.org/viewcvs?rev=326094&view=rev Log: Now that tarballs are mirrored, update site in prep for announcement Modified: httpd/site/trunk/docs/download.html httpd/site/trunk/docs/index.html httpd/site/trunk/xdocs/download.xml Modified: httpd/site/trunk/docs/download.html URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/download.html?rev=326094&r1=326093&r2=326094&view=diff ============================================================================== --- httpd/site/trunk/docs/download.html (original) +++ httpd/site/trunk/docs/download.html Tue Oct 18 05:20:13 2005 @@ -191,12 +191,12 @@

- Apache 1.3.33 is also available + Apache 1.3.34 is also available

-
Apache 1.3.33 is the best available version of the 1.3 series, and +
Apache 1.3.34 is the best available version of the 1.3 series, and is recommended over all previous 1.3 releases. This release adds several enhancements, fixes a number of bugs and addresses 2 security issues described in CAN-2004-0940 (cve.mitre.org) and @@ -209,18 +209,18 @@ Significantly new features will more than likely not be added to 1.3 in preference to 2.0, although important new features and enhancements will be seriously considered for inclusion in 1.3.
-
Use the Apache 1.3.33 version if you need to use third party +
Use the Apache 1.3.34 version if you need to use third party modules that are not yet available as an Apache 2.0 module. Apache 1.3 is not compatibile with Apache 2.0 modules.

-
Unix Source: apache_1.3.33.tar.gz -[PGP] [MD5]
+
Unix Source: apache_1.3.34.tar.gz +[PGP] [MD5]
-
Unix Source: apache_1.3.33.tar.Z -[PGP] [MD5]
+
Unix Source: apache_1.3.34.tar.Z +[PGP] [MD5]
-
Win32 Binary (Self extracting): apache_1.3.33-win32-x86-no_src.exe [PGP] -[MD5]
+
Win32 Binary (Self extracting): apache_1.3.34-win32-x86-no_src.exe [PGP] +[MD5]

Other files

@@ -260,7 +260,7 @@

httpd-2.0.55.tar.gz is signed by William Rowe 10FDE075
-
httpd-1.3.33.tar.gz is signed by Jim Jagielski 08C975E5
+
httpd-1.3.34.tar.gz is signed by Jim Jagielski 08C975E5

Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is Modified: httpd/site/trunk/docs/index.html URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/index.html?rev=326094&r1=326093&r2=326094&view=diff ============================================================================== --- httpd/site/trunk/docs/index.html (original) +++ httpd/site/trunk/docs/index.html Tue Oct 18 05:20:13 2005 @@ -143,28 +143,28 @@ Modified: httpd/site/trunk/xdocs/download.xml URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/download.xml?rev=326094&r1=326093&r2=326094&view=diff ============================================================================== --- httpd/site/trunk/xdocs/download.xml (original) +++ httpd/site/trunk/xdocs/download.xml Tue Oct 18 05:20:13 2005 @@ -211,7 +211,7 @@

httpd-2.0.55.tar.gz is signed by William Rowe 10FDE075
-
httpd-1.3.33.tar.gz is signed by Jim Jagielski 08C975E5
+
httpd-1.3.34.tar.gz is signed by Jim Jagielski 08C975E5

- Apache 1.3.33 Released + Apache 1.3.34 Released

The Apache Group is pleased to announce the - legacy release of the 1.3.33 version of the Apache HTTP Server. + legacy release of the 1.3.34 version of the Apache HTTP Server.
-
This version of Apache is principally a security and bug fix -release. Of particular note is that 1.3.33 addresses and fixes the -following 2 security related issues:
-
Fix potential buffer overflow with escaped characters in SSI tag string. - [CAN-2004-0940 (cve.mitre.org)]
-
Reject responses from a remote server if sent an invalid (negative) Content-Length. - [CAN-2004-0492 (cve.mitre.org)]
+
This version of Apache is principally a security and bug fix release. + Of particular note is that 1.3.34 addresses the following security issue:
+
+
If a request contains both Transfer-Encoding and Content-Length headers, + remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing + attacks.
+

For further details, see the announcement.

Download | Apache for Win32 | New Features in Apache 1.3 | -ChangeLog for 1.3.33 +ChangeLog for 1.3.34