resend without attachments cause stupid mail server marked as virus ...
Hi Graham,
Graham Leggett schrieb:
> The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.
>
> This release contains fixes for the following security issues:
>
> *) SECURITY: CVE-2009-2699 (cve.mitre.org)
> Fixed in APR 1.3.9. Faulty error handling in the Solaris
> pollset support (Event Port backend) which could trigger
> hangs in the prefork and event MPMs on that platform.
> PR 47645. [Jeff Trawick]
>
> *) SECURITY: CVE-2009-3095 (cve.mitre.org)
> mod_proxy_ftp: sanity check authn credentials.
> [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>
> *) SECURITY: CVE-2009-3094 (cve.mitre.org)
> mod_proxy_ftp: NULL pointer dereference on error paths.
> [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>
> +/-1
> [ ] Release httpd-2.2.14 as GA
the checksums are in wrong format. We need to commonly agree how to
generate checksum files. The documented format what the user expects is:
# cat httpd-2.2.14.tar.bz2.md5
a5226203aaf97e5b941c41a71c112704 *httpd-2.2.14.tar.bz2
# cat httpd-2.2.14.tar.bz2.sha1
eacd04c87b489231ae708c84a77dc8e9ee176fd2 *httpd-2.2.14.tar.bz2
I create these on Linux and Win32 with a shell / batch script:
#!/bin/sh
test -z "$1" && echo "Usage: ${0##*/} <file>" && exit
md5sum -b ${1} > ${1}.md5
sha1sum -b ${1} > ${1}.sha1
@echo off
if (%1)==() goto END
md5sum -b %1 > %1.md5
sha1sum -b %1 > %1.sha1
:END
The huge benefit of this format is that the binaries can then be checked
with same tools (option -c).
Gün.
