Thanks for the explanation and sorry about the wrong alarm!

Best regards,

Rainer

Am 06.08.2020 um 00:31 schrieb Daniel Ruggeri:
Hi, Rainer;
Right - this file gets rewritten by the announce.sh script just before the notification goes out. This is done to ensure that the date is correct and to ensure the type of release (bug, security, enhancement) is correct. It appears as though the file was just changed, but really it's just because the text was bumped as-is from the 'dev' location to the 'dist' location.
--
Daniel Ruggeri

On August 5, 2020 7:23:33 AM CDT, Rainer Jung <rainer.j...@kippdata.de> wrote:

    Could you fix the date (September 21, 2018 sems wrong).

    Thanks!

    Rainer

    Am 05.08.2020 um 13:32 schrieb drugg...@apache.org:

        Author: druggeri
        Date: Wed Aug 5 11:32:51 2020
        New Revision: 40863

        Log:
        Push 2.4.46 up to the release directory

        Added:
        release/httpd/CHANGES_2.4.46
        - copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
        release/httpd/httpd-2.4.46.tar.bz2
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
        release/httpd/httpd-2.4.46.tar.bz2.asc
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
        release/httpd/httpd-2.4.46.tar.bz2.md5
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
        release/httpd/httpd-2.4.46.tar.bz2.sha1
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
        release/httpd/httpd-2.4.46.tar.bz2.sha256
        - copied unchanged from r40862,
        dev/httpd/httpd-2.4.46.tar.bz2.sha256
        release/httpd/httpd-2.4.46.tar.bz2.sha512
        - copied unchanged from r40862,
        dev/httpd/httpd-2.4.46.tar.bz2.sha512
        release/httpd/httpd-2.4.46.tar.gz
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
        release/httpd/httpd-2.4.46.tar.gz.asc
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
        release/httpd/httpd-2.4.46.tar.gz.md5
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
        release/httpd/httpd-2.4.46.tar.gz.sha1
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
        release/httpd/httpd-2.4.46.tar.gz.sha256
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
        release/httpd/httpd-2.4.46.tar.gz.sha512
        - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
        Removed:
        dev/httpd/CHANGES_2.4
        dev/httpd/CHANGES_2.4.46
        dev/httpd/httpd-2.4.46-deps.tar.bz2
        dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
        dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
        dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
        dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
        dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
        dev/httpd/httpd-2.4.46-deps.tar.gz
        dev/httpd/httpd-2.4.46-deps.tar.gz.asc
        dev/httpd/httpd-2.4.46-deps.tar.gz.md5
        dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
        dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
        dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
        dev/httpd/httpd-2.4.46.tar.bz2
        dev/httpd/httpd-2.4.46.tar.bz2.asc
        dev/httpd/httpd-2.4.46.tar.bz2.md5
        dev/httpd/httpd-2.4.46.tar.bz2.sha1
        dev/httpd/httpd-2.4.46.tar.bz2.sha256
        dev/httpd/httpd-2.4.46.tar.bz2.sha512
        dev/httpd/httpd-2.4.46.tar.gz
        dev/httpd/httpd-2.4.46.tar.gz.asc
        dev/httpd/httpd-2.4.46.tar.gz.md5
        dev/httpd/httpd-2.4.46.tar.gz.sha1
        dev/httpd/httpd-2.4.46.tar.gz.sha256
        dev/httpd/httpd-2.4.46.tar.gz.sha512
        Modified:
        release/httpd/Announcement2.4.html
        release/httpd/Announcement2.4.txt
        release/httpd/CHANGES_2.4

        Modified: release/httpd/Announcement2.4.html
        ------------------------------------------------------------------------
        --- release/httpd/Announcement2.4.html (original)
        +++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
        @@ -49,27 +49,27 @@
        <div class="banner"></div>

        <h1>
        - Apache HTTP Server 2.4.43 Released
        + Apache HTTP Server 2.4.46 Released
        </h1>
        <p>
        - April 01, 2020
        + September 21, 2018
        </p>
        <p>
        The Apache Software Foundation and the Apache HTTP Server
        Project are
        pleased to <a
        
href="https://www.apache.org/dist/httpd/Announcement2.4.html";>announce</a>
        - the release of version 2.4.43 of the Apache
        + the release of version 2.4.46 of the Apache
        HTTP Server ("Apache"). This version of Apache is our latest GA
        release of the new generation 2.4.x branch of Apache HTTPD and
        represents fifteen years of innovation by the project, and is
        recommended over all previous releases. This release of Apache is
        - a security, feature and bug fix release.
        + a feature and bug fix release.
        </p>
        <p>
        We consider this release to be the best version of Apache
        available, and
        encourage users of all prior versions to upgrade.
        </p>
        <p>
        - Apache HTTP Server 2.4.43 is available for download from:
        + Apache HTTP Server 2.4.46 is available for download from:
        </p>
        <dl>
        <dd><a href="https://httpd.apache.org/download.cgi";
        @@ -77,7 +77,7 @@
        </dl>
        <p>
        Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file,
        linked from the download page, for a
        - full list of changes. A condensed list, <a
        href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
        + full list of changes. A condensed list, <a
        href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
        those changes introduced since the prior 2.4 release. A summary
        of all
        of the security vulnerabilities addressed in this and earlier
        releases
        is available:

        Modified: release/httpd/Announcement2.4.txt
        ------------------------------------------------------------------------
        --- release/httpd/Announcement2.4.txt (original)
        +++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
        @@ -1,19 +1,19 @@
        - Apache HTTP Server 2.4.43 Released
        + Apache HTTP Server 2.4.46 Released

        - April 01, 2020
        + September 21, 2018

        The Apache Software Foundation and the Apache HTTP Server Project
        - are pleased to announce the release of version 2.4.43 of the
        Apache
        + are pleased to announce the release of version 2.4.46 of the
        Apache
        HTTP Server ("Apache"). This version of Apache is our latest GA
        release of the new generation 2.4.x branch of Apache HTTPD and
        represents fifteen years of innovation by the project, and is
        recommended over all previous releases. This release of Apache is
        - a security, feature and bug fix release.
        + a feature and bug fix release.

        We consider this release to be the best version of Apache
        available, and
        encourage users of all prior versions to upgrade.

        - Apache HTTP Server 2.4.43 is available for download from:
        + Apache HTTP Server 2.4.46 is available for download from:

        https://httpd.apache.org/download.cgi

        @@ -24,7 +24,7 @@
        https://httpd.apache.org/docs/trunk/new_features_2_4.html

        Please see the CHANGES_2.4 file, linked from the download page,
        for a
        - full list of changes. A condensed list, CHANGES_2.4.43
        includes only
        + full list of changes. A condensed list, CHANGES_2.4.46
        includes only
        those changes introduced since the prior 2.4 release. A summary
        of all
        of the security vulnerabilities addressed in this and earlier
        releases
        is available:

        Modified: release/httpd/CHANGES_2.4
        ------------------------------------------------------------------------
        --- release/httpd/CHANGES_2.4 (original)
        +++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
        @@ -1,6 +1,78 @@
        -*- coding: utf-8 -*-
        +Changes with Apache 2.4.46
        + *) mod_proxy_fcgi: Fix build warnings for Windows platform
        + [Eric Covener, Christophe Jaillet]
        +
        +Changes with Apache 2.4.45
        +
        + *) mod_http2: remove support for abandoned http-wg draft
        + <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
        + [Stefan Eissing]
        +
        +Changes with Apache 2.4.44
        +
        + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
        + protocol limit). [Yann Ylavic]
        +
        + *) mod_http2:
        + Fixes <https://github.com/icing/mod_h2/issues/200>:
        + "LimitRequestFields 0" now disables the limit, as documented.
        + Fixes <https://github.com/icing/mod_h2/issues/201>:
        + Do not count repeated headers with same name against the field
        + count limit. The are merged internally, as if sent in a single
        HTTP/1 line.
        + [Stefan Eissing]
        +
        + *) mod_http2: Avoid segfaults in case of handling certain
        responses for
        + already aborted connections. [Stefan Eissing, Ruediger Pluem]
        +
        + *) mod_http2: The module now handles master/secondary
        connections and has marked
        + methods according to use. [Stefan Eissing]
        +
        + *) core: Drop an invalid Last-Modified header value coming
        + from a FCGI/CGI script instead of replacing it with Unix epoch.
        + [Yann Ylavic, Luca Toscano]
        +
        + *) Add support for strict content-length parsing through
        addition of
        + ap_parse_strict_length() [Yann Ylavic]
        +
        + *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when
        expression
        + evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
        +
        + *) mod_proxy_http: flush spooled request body in one go to avoid
        + leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
        +
        + *) mod_ssl: Fix a race condition and possible crash when using
        a proxy client
        + certificate (SSLProxyMachineCertificateFile).
        + [Armin Abfalterer <a.abfalterer gmail.com>]
        +
        + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan
        Eissing]
        +
        + *) mod_http2: Fixed regression that no longer set H2_STREAM_ID
        and H2_STREAM_TAG.
        + PR64330 [Stefan Eissing]
        +
        + *) mod_http2: Fixed regression that caused connections to
        close when mod_reqtimeout
        + was configured with a handshake timeout. Fixes gitub issue #196.
        + [Stefan Eissing]
        +
        + *) mod_proxy_http2: the "ping" proxy parameter
        + (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>)
        is now used
        + when checking the liveliness of a new or reused h2 connection
        to the backend.
        + With short durations, this makes load-balancing more
        responsive. The module
        + will hold back requests until ping conditions are met, using
        features of the
        + HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
        +
        + *) core: httpd is no longer linked against -lsystemd if
        mod_systemd
        + is enabled (and built as a DSO). [Rainer Jung]
        +
        + *) mod_proxy_http2: respect ProxyTimeout settings on backend
        connections
        + while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
        +
        Changes with Apache 2.4.43

        + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
        Ylavic]
        +
        +Changes with Apache 2.4.42
        +
        *) SECURITY: CVE-2020-1934 (cve.mitre.org)
        mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
        server. [Eric Covener]
        @@ -10,10 +82,6 @@ Changes with Apache 2.4.43
        matches and substitutions with encoded line break characters.
        The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]

        - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
        Ylavic]
        -
        -Changes with Apache 2.4.42
        -
        *) mod_proxy_http: Fix the forwarding of requests with content
        body when a
        balancer member is unavailable; the retry on the next member was
        issued
        with an empty body (regression introduced in 2.4.41). PR63891.

Reply via email to