httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olli hauer <oha...@gmx.de>
Subject Re: Apache 2.2.28 release timing.
Date Tue, 05 Aug 2014 20:04:16 GMT
On 2014-08-05 15:21, Mark Blackman wrote:
> Hi,
> 
> This might be more of user than dev question, but as the discussions about 
> timing were here, I’ll go with here.
> 
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201407.mbox/<20140721075315.ec908e91c20de17e6e448089a4bc3ed2.f963b4ea46.wbe%40email11.secureserver.net>
> 
> suggested the 2.2.28 tagging and presumably release is imminent,  
> however, http://svn.apache.org/repos/asf/httpd/httpd/tags/2.2.28 is still a 404.
> 
> I understand the mechanics of open source projects, so this is not a “hurry-up”,

> it’s just a "can I get Apache 2.2.28 into my next hosting platform release or not”,

> the contents of which will be frozen on Aug. 15.
> 
> I’m mostly interested in the CVE updates, so I can tell users we’re clear of them.

> If the 2.2.28 release is not likely before Aug. 15, that’s fine, I just wanted to be
sure.
> 
> Cheers,
> Mark

Hi Mark,

I suspect almost all distributions ship already patched the Apache 2.2 packages/ports.

In case you build Apache yourself just use the patches from the upstream SVN,

http://svn.apache.org/viewvc?view=revision&revision=1611185
http://svn.apache.org/viewvc?view=revision&revision=1610515
http://svn.apache.org/viewvc?view=revision&revision=1611185

Or from the FreeBSD svn as set of three patch files:

http://svnweb.freebsd.org/ports/head/www/apache22/files/patch-CVE-2014-0118__mod_deflate.c?revision=362845&view=co
http://svnweb.freebsd.org/ports/head/www/apache22/files/patch-CVE-2014-0226__scoreboard.c?revision=362845&view=co
http://svnweb.freebsd.org/ports/head/www/apache22/files/patch-CVE-2014-0231__mod_cgid.c?revision=362845&view=co

I hope the list of CVE patches is complete, else I'm happy to get additional hints from the
Apache devs to integrate missing fixes.

-- 
olli

Mime
View raw message