On 8/29/2011 7:17 PM, Jim Jagielski wrote: > Are available on httpd.apache.org/dev > > http://httpd.apache.org/dev/dist/ > > Vote on release as 2.2.20-GA
Autoconf bumped from 2.63 to 2.68, libtool from 1.5.26 to 2.4 between httpd-2.2.19 and 2.2.20 packages. -1 as "the security release" as this defies the "minimal changes" principal which had obtained consensus. I recognize that this is beyond the minimum 24 hour window for voting (that you apparently ignored). But I would strongly oppose announcing this as /the/ solution to the CVE, without also pointing to the security patch for 2.2 and 2.0 for those users who might encounter trouble building this package due to the upgrade. Also the special exception of libtool licensed files changed from; # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. to; # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. which I presume we are fine with? Although the text changed, the spirit of this exception remains constant. It does point out a need to remain vigilant on these GNU generated files, however.
