That would be I, and I simply routed it straight through the normal means
(sending it from [EMAIL PROTECTED], if I remember right.)
Any odditity appears to be header munging from apmail on our side. This list
is perhaps a good place for the stripping the reply-to munging.
Bill
----- Original Message -----
From: "Brian Behlendorf" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 25, 2001 9:36 AM
Subject: [Announce] Apache 1.3.20 Released (fwd)
>
> Who sent this announcement out? IMHO, the "From:" address should not read
> the same as the "To:" address; not only does it somewhat remove the human
> element of the project, it also increases the odds of a porrly written MTA
> to attempt to start a mail loop (though ezmlm *should* guard against
> that).
>
> Brian
>
> ---------- Forwarded message ----------
> Date: Tue, 22 May 2001 10:49:39 -0400 (EDT)
> From: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Announce] Apache 1.3.20 Released
>
> Apache 1.3.20 Released
>
> The Apache Software Foundation and The Apache Server Project are
> pleased to announce the release of version 1.3.20 of the Apache HTTP
> server.
>
> This version of Apache is principally a security fix release which
> closes a problem under the Windows and OS2 ports that would segfault
> the server in response to a carefully constructed URL. It also fixes
> some potential configuration quirks present in the 1.3.19 release.
> A summary of the new features is given at the end of this document.
>
> We consider Apache 1.3.20 to be the best version of Apache available
> and we strongly recommend that users of older versions, especially of
> the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
> releases will be made in the 1.2.x family.
>
> Apache 1.3.20 is available for download from
>
> http://httpd.apache.org/dist/httpd/
>
> Please see the CHANGES_1.3 file in the same directory for a full list
> of changes.
>
> Binary distributions are available from
>
> http://httpd.apache.org/dist/httpd/binaries/
>
> The source and binary distributions are also available via any of the
> mirrors listed at
>
> http://www.apache.org/mirrors/
>
> Apache 1.3.20 for Win32 and OS2 corrects a serious denial of service
> vulnerability, and users are strongly discouraged from using any
> previous versions on those platforms.
>
> As of Apache 1.3.17, Win32 binary distributions are now based on the
> Microsoft Installer (.MSI) technology. This change occured in order
> to resolve the many problems WinME and Win2K users experienced with
> the older InstallShield-based installer .exe file. While development
> continues to make this new installation method more robust, questions
> should be directed at the news:comp.infosystems.www.servers.ms-windows
> newsgroup.
>
> As of Apache 1.3.12 binary distributions contain all standard Apache
> modules as shared objects (if supported by the platform) and include
> full source code. Installation is easily done by executing the
> included install script. See the README.bindist and INSTALL.bindist
> files for a complete explanation. Please note that the binary
> distributions are only provided for your convenience and current
> distributions for specific platforms are not always available.
>
> For an overview of new features introduced after 1.2 please see
>
> http://httpd.apache.org/docs/new_features_1_3.html
>
> In general, Apache 1.3 offers several substantial improvements over
> version 1.2, including better performance, reliability and a wider
> range of supported platforms, including Windows 95/98 and NT (which
> fall under the "Win32" label), OS2, Netware, and TPE threaded platforms.
>
> Apache is the most popular web server in the known universe; over half
> of the servers on the Internet are running Apache or one of its
> variants.
>
> IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come
> to trust Apache as a secure and stable server. It must be realized
> that the current Win32 code has not yet reached the levels of the Unix
> version, but is of acceptable quality. Win32 stability or security
> problems do not reflect on the Unix version.
>
> Apache 1.3.20 Major changes
>
> The primary security fix is:
> * A carefully constructed URI could cause the server to segfault on
> Win32 and OS2, denying access to users until the error was cleared.
> This is resolved on both platforms, no server data vulnerability
> was identified for this denial of service exploit.
>
> The general bug fixes:
> * Eliminate a potential segfault if an invalid floating point value
> is passed to the ap_snprintf() function, on platforms supporting
> isnan() and isinf().
> * Fix a possible segfault at startup in the detection of a default
> ServerName or IP string when no ServerName was specified.
> * Fixed mod_proxy to retain empty headers, as allowed by RFC2068.
> * Properly resolve the location of ndbm on Linux and some glibc2
> builds, where ndbm.h is in the nonstandard db1/ subdir.
>
> Win32 bug fixes:
> * Win32 now properly handles the SSI exec cmd tag. Due to argument
> parsing issues with spaces and slashes, cmd is interpreted as an
> executable file, not a long command line string.
> * Resolved a threading problem with WinNT/2K services, allowing
> modules such as mod_jserv and mod_perl to shut down cleanly.
> * Resolved stdin and stdout pipes for the parent Win32 service
> process, solving bugs such as "dup2(stdin) failed" when trying
> to use piped logs.
>
> Netware specific bug fixes:
> * Netware initial screen allows the -s parameter to switch to the
> system console screen, warning messages during startup are now
> displayed.
> * Netware added '.' and '..' to the directory listing so mod_autoindex
> will now display the parent directory.
> * NetWare now shuts down cleanly in error conditions, such as a failure
> while reading the httpd.conf file.
>
> The main new features include:
> * Enhanced rotatelogs to allow a UTC offset to be specified, and
> the format logfile names with human-readable date/time stamps.
> * Added the NOESCAPE (NS) flag to RewriteRule, to disable *all*
> normal URI escaping. Note incautious use can give unexpected
> results or introduce security risks.
> * Added the '\' character to RewriteRule to allow escaping of
> special characters. Allows embedding of both the '$' and '%'
> characters in the results, so 'foo\$1' translates to 'foo$1'
> rather than 'foo\<value of $1>'.
> * Added the -V flag to suexec, to display the compile-time settings
> with which it was built. (Only valid for root or the HTTPD_USER
> username.)
> * Introduced EBCDIC conversion configuration options, controlling the
> conversion based on MIME type or file suffix.
> * Support for the Cygwin 1.x platform (a POSIX emulation layer for
> Win32 systems, see http://www.cygwin.com). Note this is an entirely
> different implementation than the native calls in the win32 port.
> * Support for building modules with apxs under Win32. cygwin builders
> must use a cygwin build of perl to avoid MSVC handling.
>
> ---------------------------------------------------------------------
> You have received this mail because you are subscribed to the
> [EMAIL PROTECTED] mailing list.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> You have received this mail because you are subscribed to the
> [EMAIL PROTECTED] mailing list.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
