From announce-return-47-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Sun Dec 30 02:27:16 2001 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 75359 invoked by uid 500); 30 Dec 2001 02:27:15 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 74242 invoked from network); 30 Dec 2001 02:22:30 -0000 Date: Sat, 29 Dec 2001 18:22:48 -0800 (PST) From: Brian Behlendorf X-X-Sender: brian@localhost To: announce@httpd.apache.org Subject: list admin change - now at httpd.apache.org Message-ID: <20011229181040.G289-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Long before the Apache Project (a loosely affiliated group of developers) became the Apache Software Foundation (an incorporated non-profit organization), we were about much more than just an HTTP daemon. Recently we split out the work focused primarily with HTTP and the original web server to httpd.apache.org - and in keeping with that, we've now renamed the announce@apache.org mailing list to announce@httpd.apache.org, since up to this point that list has only been for announcements about the web server. At the same time, a new mailing list has been created, announce@apache.org, for announcements of new releases that encompass all ASF software releases, as well as for announcements related to the ASF as an organization. It will still be a moderated, low-volume list. We did not assume that everyone who signed up for announcements about the web server wanted to get announcements for everything else. To subscribe to this new list, please send an email to announce-subscribe@apache.org To remove yourself from this list for any reason, email announce-unsubscribe@httpd.apache.org Happy holidays, Brian From announce-return-48-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Fri Jan 25 03:51:51 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 49612 invoked by uid 500); 25 Jan 2002 03:51:50 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 44744 invoked from network); 25 Jan 2002 03:41:08 -0000 Mime-Version: 1.0 X-Sender: (Unverified) Message-Id: Date: Thu, 24 Jan 2002 22:41:15 -0500 To: announce@httpd.apache.org From: Jim Jagielski Subject: [ANNOUNCEMENT] Apache 1.3.23 Released. Content-Type: text/plain; charset="us-ascii" X-OriginalArrivalTime: 25 Jan 2002 03:40:26.0671 (UTC) FILETIME=[070453F0:01C1A552] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Apache 1.3.23 Released The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.23 of the Apache HTTP server. This Announcement notes the significant changes in 1.3.23. This version of Apache is principally a bug fix and mod_proxy improvement release. A summary of the bug fixes and major new features is given at the end of this document. We consider Apache 1.3.23 to be the best version of Apache available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. Apache 1.3.23 is available for download from http://httpd.apache.org/dist/httpd/ Please see the CHANGES_1.3 file in the same directory for a full list of changes. Binary distributions are available from http://httpd.apache.org/dist/httpd/binaries/ The source and binary distributions are also available via any of the mirrors listed at http://www.apache.org/mirrors/ As of Apache 1.3.17, Win32 binary distributions are now based on the Microsoft Installer (.MSI) technology. This change occurred in order to resolve the many problems WinME and Win2K users experienced with the older InstallShield-based installer.exe file. While development continues to make this new installation method more robust, questions should be directed at the news:comp.infosystems.www.servers.ms-windows newsgroup. As of Apache 1.3.12 binary distributions contain all standard Apache modules as shared objects (if supported by the platform) and include full source code. Installation is easily done by executing the included install script. See the README.bindist and INSTALL.bindist files for a complete explanation. Please note that the binary distributions are only provided for your convenience and current distributions for specific platforms are not always available. For an overview of new features introduced after 1.2 please see http://httpd.apache.org/docs/new_features_1_3.html In general, Apache 1.3 offers several substantial improvements over version 1.2, including better performance, reliability and a wider range of supported platforms, including Windows NT and 2000 (which fall under the "Win32" label), OS2, Netware, and TPE threaded platforms. Apache is the most popular web server in the known universe; over half of the servers on the Internet are running Apache or one of its variants. IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come to trust Apache as a secure and stable server. It must be realized that the current Win32 code has not yet reached the levels of the Unix version, but is of acceptable quality. Win32 stability or security problems do not reflect on the Unix version. Apache 1.3.23 Major changes Security vulnerabilities * None addressed. New features The main new features in 1.3.23 (compared to 1.3.22) are: * HTTP/1.1 support for mod_proxy. * Other mod_proxy improvements. * The new 'FileETag' directive to allow one to build the format of the ETag via runtime directives. * Addition of a 'filter callback' function to enable modules to intercept the output byte stream for dynamic page caching. New features that relate to specific platforms: * Use "httpready" accept filter rather than "dataready" on post 4.1.1-RELEASE versions of FreeBSD. Bugs fixed The following bugs were found in Apache 1.3.22 and have been fixed in Apache 1.3.23: * Fix incorrect "Content-Length" header in the 416 response. * Revert mod_negotation's handling of path_info and query_args to the 1.3.20 behavior (PRs: 8628, 8582, 8538). * Prevent an Apache module from being loaded or added twice due to duplicate LoadModule or AddModule directives. The following bugs relate to specific platforms: * Fixed the access forbidden problem when requesting an empty directory on Netware. * Do not kill the child process when accept() returns ENOBUFS on HPUX 11.* * A default locking mechanism has been defined for Unixware 7.0 and later. -- =========================================================================== Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" From announce-return-49-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Thu Feb 14 22:17:45 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 23409 invoked by uid 500); 14 Feb 2002 22:17:43 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 22465 invoked from network); 14 Feb 2002 22:15:07 -0000 Message-ID: <3C6C38B9.BDA253DA@Golux.Com> Date: Thu, 14 Feb 2002 17:22:49 -0500 From: Ken Coar Organization: The Apache Software Foundation X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: announce@httpd.apache.org Subject: ApacheCon news Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Greetings! This message is being sent to several of the Apache mailing lists in order to reach the broadest possible audience of people interested in the Apache packages. Future messages will be almost entirely confined to the (low-volume) ApacheCon announcement list, though, so if you want to *stay* informed, subscribe to it by sending an empty message to . Please read BOTH of the following paragraphs.. I have good news! The Apache Software Foundation has completed the search for a conference management company for the ApacheCon shows, and we are getting back on track right now. More information will be forthcoming, but here's a quick point that may be of interest : Registration for the next ApacheCon will be well under US$1,000! We need some feedback from you: If we hold the next ApacheCon at the beginning of August 2002, in Las Vegas, Nevada, do you think you'll attend? We're asking because we're looking at the first full week of August, which would allow us to have ApacheCon right after the BlackHat and Def Con computer security conferences ( and ), also in Las Vegas around the same time. However, the USENIX Security conference in San Francisco is also happening then, the O'Reilly open-source convention is in San Diego in July, and LinuxWorld is in San Francisco in the middle of August. No matter where you look, the event schedule is crowded. So, with all those conferences so close together, would you come to ApacheCon? We don't want to pick a date and venue and then not have enough people able to attend! Please let us know by replying to . Stay tuned, and thanks for your support and patience! -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" From announce-return-50-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Sun Feb 17 20:19:31 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 69658 invoked by uid 500); 17 Feb 2002 20:19:30 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 47636 invoked from network); 17 Feb 2002 19:07:05 -0000 Date: Sun, 17 Feb 2002 11:07:07 -0800 From: Justin Erenkrantz To: announce@httpd.apache.org Cc: announce@apache.org, users@httpd.apache.org, current-testers@apache.org Subject: Apache 2.0.32 beta is available Message-ID: <20020217190707.GC26092@ebuilt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.0i X-AntiVirus: scanned for viruses by AMaViS 0.2.1-pre3 (http://amavis.org/) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Apache 2.0.32 Released as Beta ------------------------------ The Apache HTTP Server Project is proud to announce the thirty-second release of Apache 2.0. The Apache HTTP Server Project has determined that this release is of beta quality. This makes 2.0.32 the third public beta of Apache 2.0. This release has been tested thoroughly and has been running the apache.org web site since Feb. 7, 2002. Design and implementation of Apache 2.0 is nearing completion. Module authors are encouraged to review the Apache 2.0 API and share any concerns with the Apache development team at dev@httpd.apache.org. This is your best opportunity to ensure that your issues are addressed prior to an Apache 2.0 General Availability release. While Apache is continuously undergoing improvement, major new features are now being deferred into the 2.1 version in order to expedite a General Availability release. If you have postponed testing Apache 2.0 due to its experimental nature, please download and test this Apache 2.0.32 release to help ensure that any forthcoming 2.0 releases are the best versions available. Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has been shown to improve the scalability of the Apache HTTPD server significantly on some versions of Unix in our testing. Apache 2.0 also includes support for filtered I/O. This allows modules to modify the output of other modules before it is sent to the client. Finally, we have included support for IPv6 on any platform that supports IPv6. This version of Apache is known to work on many versions of Unix, BeOS, OS/2, and Windows. Because of many of the advancements in Apache 2.0, this release of Apache is expected to perform equally well on all supported platforms. There are new snapshots of the Apache httpd source available every six hours from http://cvs.apache.org/snapshots/httpd-2.0/ - please download and test if you feel brave. We don't guarantee anything except that it will take up disk space, but if you have the time and skills, please give it a spin on your platforms. Apache has been the most popular web server on the Internet since April of 1996. The January 2002 WWW server site survey by Netcraft (http://www.netcraft.com/survey/) found that more web servers were using Apache than any other software running on more than 56% of the Internet web servers. You may download this release from an apache.org mirror listed at http://www.apache.org/dyn/closer.cgi or you may download it from the apache.org web site at: http://www.apache.org/dist/httpd/. For more information, please check out http://httpd.apache.org/. Changes since the last public release ------------------------------------- There have been over 100 major changes and many more minor changes since the Apache 2.0.28 beta release. These include numerous performance and functional enhancements, as well as bug fixes. For a list of the major changes, please see http://www.apache.org/dist/httpd/CHANGES_2.0 Known issues with this release ------------------------------ *) When using LogLevel debug, you may see spurious log entries reporting failures in read_request_line() or get_mime_headers(). This is usually a harmless error. You may ignore this message or increase your LogLevel setting. A proper patch for this problem has already been committed to CVS and will be included in the next release. The patch is available at: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c.diff?r1=1.83&r2=1.84 *) When using the SSLMutex directive with an invalid path, children may segfault without an error message. A patch for this problem has already been committed to CVS and will be included in the next release. The patch is available at: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.24&r2=1.25 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_mutex.c.diff?r1=1.9&r2=1.10 These issues will be addressed in a future release. Please refer to the Apache bug database at http://bugs.apache.org/ for information about problems not addressed in this document. From announce-return-51-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Mon Feb 18 05:44:29 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 9069 invoked by uid 500); 18 Feb 2002 05:44:27 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 24860 invoked from network); 18 Feb 2002 01:21:03 -0000 Date: Sun, 17 Feb 2002 17:21:07 -0800 (PST) From: Ask Bjoern Hansen X-X-Sender: To: Subject: Open Source Convention, Apache Httpd, Call for Participation (due March 1st) Message-ID: <20020217171919.N76502-100000@onion.valueclick.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Call for Participation - Proposals Due March 1, 2002 O'Reilly & Associates is pleased to announce the 4th annual Open Source Convention. The Open Source Convention is a five-day event designed for programmers, developers, strategists, and technical staff involved in Open Source technology and its applications. This event is the central gathering place for the Open Source community to exchange ideas, share techniques, push the technical boundaries, and maximize the benefits of open source software. The convention takes place at the Sheraton San Diego Hotel and Marina, San Diego, California, July 22-26, 2002. The theme this year is "Doing More With Less." This has several aspects: how business can do more with less money (by adopting open source software), how developers do more with less time and financial support, how to make the most of what you've got (performance tuning and little-known-of features), and how open source software manages to avoid the bloat that characterizes closed-source software. Suggestions for things that would be great to see in the Apache httpd track, * Apache 2.0's new features, why it took so long, and what the future holds * Strategies to get better performance (mod_backend, Squid, ...) * 5 coolest modules shipping with Apache that most people never use * Writing Apache 2.0 handlers * Success story about BigCorp, Inc using Apache and being proud of it ("how we replaced umpteen NT boxes with a handful of Apache servers") * Security Individuals and companies interested in making presentations, giving a tutorial, or participating in panel discussions are invited to submit proposals. Proposals will be considered in two classes: tutorials and convention presentations (sessions). Presentations should be aimed at a 45- or 90-minute time slot, though full day and half day tutorials are another option. Presentations by marketing staff or with marketing focus will be rejected. All presenters whose talks are accepted will receive free registration at the conference. For each half-day tutorial, the presenter receives one night's accommodation, a travel allowance, and an honorarium. Registration will open April 1, 2002. If you would like an email notification when registration opens, please use the form on http://conferences.oreillynet.com/os2002/#notify For more information see http://conferences.oreillynet.com/cs/os2002/create/e_sess -- ask bjoern hansen, http://ask.netcetera.dk/ !try; do(); From announce-return-52-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Fri Mar 22 20:25:35 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 59051 invoked by uid 500); 22 Mar 2002 20:25:34 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 54190 invoked from network); 22 Mar 2002 20:19:51 -0000 Mime-Version: 1.0 X-Sender: apache@devsys.jagunet.com Message-Id: Date: Fri, 22 Mar 2002 15:19:52 -0500 To: announce@apache.org, announce@httpd.apache.org, users@httpd.apache.org, ml-apache@unix-ag.org From: Jim Jagielski Subject: Apache 1.3.24 Released! Content-Type: text/plain; charset="us-ascii" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 1.3.24 Released The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.24 of the Apache HTTP server. This Announcement notes the significant changes in 1.3.24. This version of Apache is principally a security and bug fix release. A summary of the bug fixes and major new features is given at the end of this document. Of particular note is that 1.3.24 addresses and fixes the issues noted in CAN-2002-0061 (mitre.org) regarding escaping of command line args on Win32. We would like to thank Ory Segal for discovering and reporting the vulnerability. We consider Apache 1.3.24 to be the best version of Apache available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. Apache 1.3.24 is available for download from http://httpd.apache.org/dist/httpd/ Please see the CHANGES_1.3 file in the same directory for a full list of changes. Binary distributions are available from http://httpd.apache.org/dist/httpd/binaries/ The source and binary distributions are also available via any of the mirrors listed at http://www.apache.org/mirrors/ As of Apache 1.3.17, Win32 binary distributions are now based on the Microsoft Installer (.MSI) technology. This change occurred in order to resolve the many problems WinME and Win2K users experienced with the older InstallShield-based installer.exe file. While development continues to make this new installation method more robust, questions should be directed at the news:comp.infosystems.www.servers.ms-windows newsgroup. As of Apache 1.3.12 binary distributions contain all standard Apache modules as shared objects (if supported by the platform) and include full source code. Installation is easily done by executing the included install script. See the README.bindist and INSTALL.bindist files for a complete explanation. Please note that the binary distributions are only provided for your convenience and current distributions for specific platforms are not always available. For an overview of new features introduced after 1.2 please see http://httpd.apache.org/docs/new_features_1_3.html In general, Apache 1.3 offers several substantial improvements over version 1.2, including better performance, reliability and a wider range of supported platforms, including Windows NT and 2000 (which fall under the "Win32" label), OS2, Netware, and TPE threaded platforms. Apache is the most popular web server in the known universe; over half of the servers on the Internet are running Apache or one of its variants. IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come to trust Apache as a secure and stable server. It must be realized that the current Win32 code has not yet reached the levels of the Unix version, but is of acceptable quality. Win32 stability or security problems do not reflect on the Unix version. Apache 1.3.24 Major changes Security vulnerabilities * Fix the security vulnerability noted in CAN-2002-0061 (mitre.org) regarding the escaping of command line args on Win32. * Prevent invalid client hostnames from appearing in the log file. New features The main new features in 1.3.24 (compared to 1.3.23) are: * Various mod_proxy improvements, such as the new ProxyIOBufferSize directive. * The new ''IgnoreCase' keyword to the IndexOptions directive. New features that relate to specific platforms: * Added the module mod_log_nw to handle log rotation under NetWare. Bugs fixed The following bugs were found in Apache 1.3.23 (or earlier) and have been fixed in Apache 1.3.24: * mod_rewrite's 'rnd' was broken and has been fixed. * The '-S' option of 'apxs' was not able to handle quotes; also 'apxs' is now rebuilt when options are changed. * proxy now correctly handles Cookies and X-Cache headers. The following bugs relate to specific platforms: * Fixed a problem in TPF when we were using the wrong subpool when opening the error log. * pthread accept() mutexes on Solaris were broken (since we were not linking against pthread) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBPJuR2Is6YB8IyXXlEQIgAACfXT/rfRh/+E7TiVUPLsec7KQffg4An34q DLsL9sK26QWneCxmPeAY7wNA =7Jww -----END PGP SIGNATURE----- -- =========================================================================== Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson From announce-return-53-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Sat Apr 06 15:33:46 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 40190 invoked by uid 500); 6 Apr 2002 15:33:45 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 84781 invoked from network); 6 Apr 2002 06:33:20 -0000 Reply-To: From: "Ryan Bloom" To: , , , Subject: Official Release: Apache 2.0.35 is now GA Date: Fri, 5 Apr 2002 22:33:12 -0800 Organization: Covalent Technologies Message-ID: <00d001c1dd34$ecfc2530$0a01230a@KOJ> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N It's my pleasure to announce that the Apache Software Foundation's Apache HTTP Server, version 2.0.35, has now been released for General Availability. The Apache 2.0 project has been in-the-works for nearly three years. It has been a long and sometimes arduous process to reach this point. Many, many people have contributed their time and effort to bring us to this point. The HTTPD Project signed off today on the 2.0.35 release, and recommends it for use on production websites. 2.0.35 is now considered our best release and should be used in preference to all older versions (including the 1.3 series). The Apache 2.0 series brings new features to the ASF's HTTP server: - higher performance over 1.3 - multiple operational models: threaded, hybrid processes/threads, and specific request processing for Windows, Netware, BeOS, and OS/2 - integrated SSL and WebDAV support - improved HTTP proxy support - I/O layering and filtering You can find more information, and download the server, from our website: http://httpd.apache.org/ On behalf of all the current and past developers, we'd like to thank all those involved with the project, and the millions(!) of users out there. The Apache HTTP server wouldn't enjoy its popularity without all of you! Sincerely, Greg Stein Director of the ASF From announce-return-54-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Wed May 08 00:00:21 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 77591 invoked by uid 500); 8 May 2002 00:00:20 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 54278 invoked from network); 7 May 2002 23:13:08 -0000 From: "Sander Striker" To: Subject: Apache 2.0.36 released Date: Wed, 8 May 2002 01:21:01 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Rcpt-To: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N It's a pleasure to announce the second public release of the Apache Software Foundation's Apache HTTP Server. The Apache HTTP Server Project signed off on the 2.0.35 release one month ago. Since then we have received a lot of feedback from our users which led to lots of improvements in the codebase. We feel that this version, 2.0.36, is now to be considered our best release and should be used in preference to all older versions. In case you missed it earlier, the Apache 2.0 series brings new features to the ASF's HTTP server: - higher performance over 1.3 - multiple operational models: threaded, hybrid processes/threads, and specific request processing for Windows, Netware, BeOS, and OS/2 - integrated SSL and WebDAV support - improved HTTP proxy support - I/O layering and filtering You can find more information, and download the server, from our website: http://httpd.apache.org/ Please see the CHANGES_2.0 file on http://httpd.apache.org/dist/httpd/ for a full list of changes. Thanks for using Apache, Sander Striker From announce-return-55-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Tue May 28 17:05:13 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 35886 invoked by uid 500); 28 May 2002 17:05:12 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 26615 invoked from network); 28 May 2002 16:59:34 -0000 Message-ID: <3CF3B9C1.142044FC@Golux.Com> Date: Tue, 28 May 2002 13:09:21 -0400 From: Rodent of Unusual Size Organization: The Apache Software Foundation X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: announce@apachecon.com, announce@httpd.apache.org, announce@apache.org, Apache Opportunities Subject: ApacheCon session submissions: deadline is this Friday! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Greetings! Just a reminder: this Friday is the deadline for presentation proposals for the ApacheCon 2002 US conference in Las Vegas in November 2002.. To submit a proposal, visit . If you're not sure about a topic, or how well it might be received, you can ask other ApacheCon attendees by posting a message on the conference discussion list (see the Web page with the list details at ). Similarly, if you plan (or want) to attend the conference and want to request a particular topic, join the discussion list and say so. Not only will the planners then know, but you might trigger someone into proposing your ideal session! - -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQCVAwUBPPO5sprNPMCpn3XdAQEsDAP/QCP8kv5WtiKCj+5Maof2qkwrJ8/LBkVi 4gJvuEgZQda2m2HzUfcAr7+mtSEEV3p8aispEes/bDCVLKWyPbnbc5PCTeLhN99c SXbjtTNzZf7lQeb36M/QLlrHgnP8ovUqln3w2P3AGETnl1gbiPnpA52cXW/L3vRH tZr55PXOY3I= =kib0 -----END PGP SIGNATURE----- From announce-return-56-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Thu May 30 14:35:19 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 67603 invoked by uid 500); 30 May 2002 14:35:18 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 59157 invoked from network); 30 May 2002 14:27:09 -0000 Message-ID: <3CF6390C.B054C3DB@Golux.Com> Date: Thu, 30 May 2002 10:37:00 -0400 From: Rodent of Unusual Size Organization: The Apache Software Foundation X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: announce@ApacheCon.Com, announce@httpd.apache.org, users@httpd.apache.org, Apache Modules Subject: ApacheCon 2002 US: Deadline for submissions is TO-MORROW! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Greetings! One last reminder: the deadline for submitting proposals for sessions to be presented at ApacheCon 2002 in Las Vegas this November is *to-morrow*, Friday 31 May 2002. If your submission isn't in the system by the close of business EDT, it won't be considered. Another reminder, in case you weren't aware and have travel restrictions: speakers have reasonable travel and lodging expenses paid, their conference registration waived, and receive a speaking fee as well. See for the submission form. And a final reminder: Even if you're not interested in speaking, but *are* interested in attending, you can help us select the best content by joining the open discussion list and letting us know what topics *you'd* like to see scheduled! Thanks! - -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQCVAwUBPPYuMJrNPMCpn3XdAQHgPQQAgZ84sfpoaEGUhj7dB5dsRxVEBEl7SMra oadCkjjPkOuo10beeV2pwfFF3zTeVudFg1vVbS8azm96dif97hcXBIxL0GdaSSuW P1NsMa9QX7h38LiZs1irt4VsEuWrdDwXn8Iu2S2BKoIHeNn4iV3PmlyuuiqfD4J4 4KoHU1hwOSY= =Yzip -----END PGP SIGNATURE----- From announce-return-57-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Thu May 30 16:59:27 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 29106 invoked by uid 500); 30 May 2002 16:59:26 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 19056 invoked from network); 30 May 2002 13:41:00 -0000 Message-ID: <3CF62E39.41BCF497@Apache.Org> Date: Thu, 30 May 2002 09:50:49 -0400 From: Rodent of Unusual Size Organization: The Apache Software Foundation X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: announce@ApacheCon.Com, announce@Apache.Org, announce@httpd.apache.org, users@httpd.apache.org, Apache Modules Subject: ApacheCon 2002 US: Deadline for submissions is TO-MORROW! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Greetings! One last reminder: the deadline for submitting proposals for sessions to be presented at ApacheCon 2002 in Las Vegas this November is *to-morrow*, Friday 31 May 2002. If your submission isn't in the system by the close of business EDT, it won't be considered. Another reminder, in case you weren't aware and have travel restrictions: speakers have reasonable travel and lodging expenses paid, their conference registration waived, and receive a speaking fee as well. See for the submission form. And a final reminder: Even if you're not interested in speaking, but *are* interested in attending, you can help us select the best content by joining the open discussion list and letting us know what topics *you'd* like to see scheduled! Thanks! - -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQCVAwUBPPYuMJrNPMCpn3XdAQHgPQQAgZ84sfpoaEGUhj7dB5dsRxVEBEl7SMra oadCkjjPkOuo10beeV2pwfFF3zTeVudFg1vVbS8azm96dif97hcXBIxL0GdaSSuW P1NsMa9QX7h38LiZs1irt4VsEuWrdDwXn8Iu2S2BKoIHeNn4iV3PmlyuuiqfD4J4 4KoHU1hwOSY= =Yzip -----END PGP SIGNATURE----- From announce-return-58-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Wed Jun 19 01:01:09 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 22157 invoked by uid 500); 19 Jun 2002 01:01:06 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 95382 invoked by uid 1134); 18 Jun 2002 23:53:46 -0000 Date: 18 Jun 2002 23:53:46 -0000 Message-ID: <20020618235346.95379.qmail@apache.org> From: wrowe@apache.org To: announce@httpd.apache.org Subject: [ANNOUNCE] Apache 1.3.26 Released The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.26 of the Apache HTTP Server. This Announcement notes the significant changes in 1.3.26. This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 1.3.26 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. We would like to thank Mark Litchfield of ngssoftware.com for discovering and reporting the vulnerability. We consider Apache 1.3.26 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. Users should also consider upgrading to Apache 2.0 as soon as all of the modules they need become available for 2.0. Apache 1.3.26 is available for download from http://www.apache.org/dist/httpd/ Please see the CHANGES_1.3 file in the same directory for a full list of changes. Binary distributions are available from http://www.apache.org/dist/httpd/binaries/ The source and binary distributions are also available via any of the mirrors listed at http://www.apache.org/mirrors/ As of Apache 1.3.17, Win32 binary distributions are now based on the Microsoft Installer (.MSI) technology. This change occurred in order to resolve the many problems WinME and Win2K users experienced with the older InstallShield-based installer.exe file. While development continues to make this new installation method more robust, questions should be directed at the news:comp.infosystems.www.servers.ms-windows newsgroup. As of Apache 1.3.12 binary distributions contain all standard Apache modules as shared objects (if supported by the platform) and include full source code. Installation is easily done by executing the included install script. See the README.bindist and INSTALL.bindist files for a complete explanation. Please note that the binary distributions are only provided for your convenience and current distributions for specific platforms are not always available. For an overview of new features introduced after 1.2 please see http://httpd.apache.org/docs/new_features_1_3.html In general, Apache 1.3 offers several substantial improvements over version 1.2, including better performance, reliability and a wider range of supported platforms, including Windows NT and 2000 (which fall under the "Win32" label), OS2, Netware, and TPE threaded platforms. Apache is the most popular web server in the known universe; over half of the servers on the Internet are running Apache or one of its variants. IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come to trust Apache as a secure and stable server. It must be realized that the current Win32 code has not yet reached the levels of the Unix version, but is of acceptable quality. Win32 stability or security problems do not reflect on the Unix version. Apache 1.3.26 Major changes Security vulnerabilities * Fix the security vulnerability noted in CAN-2002-0392 (mitre.org) regarding the handling of chunked transfer encoding. New features The main new features in 1.3.26 (compared to 1.3.24) are: * Add some popular types to the mime types magic file. New features that relate to specific platforms: * Unix: Added a '-F' flag which causes the supervisor process to no longer fork down and detach and instead stay attached to the tty - thus making live for automatic restart and exit checking code easier. Bugs fixed The following bugs were found in Apache 1.3.24 (or earlier) and have been fixed in Apache 1.3.26: * Allow child processes sufficient time for cleanups but making ap_select in reclaim_child_processes more "resistant" to signal interupts. * Fix for a problem in mod_rewrite which would lead to 400 Bad Request responses for rewriting rules which resulted in a local path. Note: This will also reject invalid requests as issued by Netscape-4.x Roaming Profiles (on a DAV-enabled server) * Recognize platform-specific root directories (other than leading slash) in mod_rewrite for filename rewrite rules. * Disallow anything but whitespace on the request line after the HTTP/x.y protocol string to prevent arbitrary user input from ending up in the access_log and error_log. Also control characters are now escaped. * A large number of fixes in mod_proxy including: adding support for dechunking chunked responses, correcting a timeout problem which would force long or slow POST requests to close after 300 seconds, adding "X-Forwarded" headers, dealing correctly with the multiple-cookie header bug, ability to handle unexpected 100-continue responses sent during PUT or POST commands, and a change to tighten up the Server header overwrite bugfix. From announce-return-59-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org Wed Jun 19 02:25:24 2002 Return-Path: Delivered-To: apmail-httpd-announce-archive@httpd.apache.org Received: (qmail 74341 invoked by uid 500); 19 Jun 2002 02:25:23 -0000 Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list announce@httpd.apache.org Delivered-To: moderator for announce@httpd.apache.org Received: (qmail 74138 invoked from network); 19 Jun 2002 02:23:43 -0000 Date: Tue, 18 Jun 2002 22:19:03 -0400 (EDT) From: jwoolley@apache.org X-X-Sender: root@deepthought.cs.virginia.edu To: announce@apache.org, Subject: [ANNOUNCE] Apache 2.0.39 Released Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: 8BIT X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Apache 2.0.39 Released --------------------------------------------- The Apache HTTP Server Project is proud to announce the third public release of Apache 2.0. Apache 2.0 has been running on the Apache.org website since December of 2000 and has proven to be very reliable. This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.39 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. We would like to thank Mark Litchfield of ngssoftware.com for discovering and reporting the vulnerability. Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has shown to improve the scalability of the Apache HTTP Server significantly in our testing. Apache 2.0 also includes support for filtered I/O. This allows modules to modify the output of other modules before it is sent to the client. We have also included support for IPv6 on any platform that supports IPv6. This version of Apache is known to work on many versions of Unix, BeOS, OS/2, Windows, and Netware. Because of many of the advancements in Apache 2.0, the initial release of Apache is expected to perform equally well on all supported platforms. There are new snapshots of the Apache httpd source available every 6 hours from http://cvs.apache.org/snapshots/ - please download and test if you feel brave. We don't guarantee anything except that it will take up disk space, but if you have the time and skills, please give it a spin on your platforms. Apache has been the most popular web server on the Internet since April of 1996. The March 2002 WWW server site survey by Netcraft (see http://www.netcraft.com/survey/) found that more web servers were using Apache than any other software; Apache runs on more than 54% of the web servers on the Internet. For more information and to download the release tarballs, please visit http://httpd.apache.org/ Changes since 2.0.36 --------------------------------------------- Changes with Apache 2.0.39 *) Fixed a build problem in htpasswd.c on Win32. [Guenter Knauf , Cliff Woolley] Changes with Apache 2.0.38 *) Rewrite htpasswd to use APR. The removes the annoying warning about tmpnam being unsafe. [Ryan Bloom] *) We must set the MIME-type for .shtml files to text/html if we want them to be parsed for SSI tags. Add the config for that to the default config file so that it is easier to enable .shtml parsing. [Dave Dyer ] *) Fixed a problem with 'make install' on ReliantUnix. [Jean-frederic Clere ] *) Make the default_handler catch all requests that aren't served by another handler. This also gets us to return a 404 if a directory is requested, there is no DirectoryIndex, and mod_autoindex isn't loaded. [Justin Erenkrantz] *) Fixed the handling of nested if-statements in shtml files. PR 9866 [Brian Pane] *) Allow 'make install DESTDIR=/path'. This allows packagers to install into a directory different from the one that was configured. This also mirrors the root= feature from 1.3. We cannot use prefix=, because both APR and APR-util resolve their installation paths at configuration time. This means that there is no variable prefix to replace. [Andreas Hasenack ] *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT. These levels of AIX don't have a thundering herd problem with accept(). [Jeff Trawick] *) prefork MPM: Ignore mutex errors during graceful restart. For certain types of mutexes (particularly SysV semaphores), we should expect to occasionally fail to obtain or release the mutex during restart processing. [Jeff Trawick] *) Fix install-bindist.sh so that it finds any perl instead of just early perl 5.x versions. This is consistent with a build/install from source, and it allows the perl scripts installed by a bindist to work on systems with perl 5.6. [Jeff Trawick] *) Fix apxs so that the makefile created by "apxs -g" works on AIX and Tru64 (and probably some other platforms). [Jeff Trawick] *) Allow CGI scripts to return their Content-Length. This also fixes a hang on HEAD requests seen on certain platforms (such as FreeBSD). [Justin Erenkrantz] *) Added log rotation based on file size to the RotateLog support utility. [Brad Nicholes] *) Fix some casting in mod_rewrite which broke random maps. PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick] Changes with Apache 2.0.37 *) allow POST method over SSL when per-directory client cert authentication is used with 'SSLOptions +OptRenegotiate' enabled and a client cert was found in the ssl session cache. *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl session cache when there is no cert chain in the cache. prior to the fix this situation would result in a FORBIDDEN response and error message "Cannot find peer certificate chain" [Doug MacEachern] *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if one was already sent. PR 9644 [Jeff Trawick] *) Fix the display of the default name for the mime types config file. PR 9729 [Matthew Brecknell ] *) Fix the working directory *for WinNT/2K/XP services only* to change to the Apache directory (one level above the location of Apache.exe, in the case that Apache.exe resides in bin/.) Solves the case of ServerRoot /foo paths where /foo was not on the same drive as /winnt/system32. [William Rowe] *) Make 2.0's "AcceptMutex" startup message now "completely" match how 1.3 does it. [Jim Jagielski] *) Implement a fixed size memory cache using a priority queue [Ian Holsman] *) Fix apxs to allow "apxs -q installbuilddir" and to allow querying certain other variables from config_vars.mk. PR 9316 [Jeff Trawick] *) Added the "detached" attribute to the cgi_exec_info_t internals so that Win32 and Netware won't create a new window or console for each CGI invoked. PR 8387 [Brad Nicholes, William Rowe] *) Consolidated the command line parameters and attributes that are manipulated by the optional function ap_cgi_build_command() in mod_cgi into a single structure. [Brad Nicholes] *) Get rid of uninitialized value errors with "apxs -q" on certain variables. [Stas Bekman ] *) Fix apxs to allow it to work when the build directory is somewhere besides server-root/build. PR 8453 [Jeff Trawick and a host of others] *) Allow ap_discard_request_body to be called multiple times in the same request. Essentially, ap_http_filter keeps track of whether it has sent an EOS bucket up the stack, if so, it will only ever send an EOS bucket for this request. [Ryan Bloom, Justin Erenkrantz, Greg Stein] *) Remove all special mod_ssl URIs. This also fixes the bug where redirecting (.*) will allow an SSL protected page to be viewed without SSL. [Ryan Bloom] *) Fix the binary build install script so that the build logic created by "apxs -g" will work when the user has a binary build. [Jeff Trawick] *) Allow instdso.sh to work with full paths to the shared module. [Justin Erenkrantz] *) NetWare: Enabled CGI functionality and added mod_cgi as a built in module for NetWare [Brad Nicholes] *) Changed cgi and piped log behavior to accept 65536 characters on Win32 (matching Linux) before deadlocking between outputing client stdin, slurping the output from stdout and then the stderr stream. PR 8179 [William Rowe] *) Fixed Win32 wintty.exe support to assure the window title is valid. Elimiates possible gpfault or garbage title without the -t option. [William Rowe] *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use brigades and input filters. [Justin Erenkrantz] *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request body. [Justin Erenkrantz] *) NetWare: Piping log entries through RotateLogs using the CustomLogs directive is finally supported now that we have the pipes and spawning functionality working. [Brad Nicholes] *) Detect overflow when reading the hex bytes forming a chunk line. [Aaron Bannert] *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464. [James Tait ] *) Correctly return 413 when an invalid chunk size is given on input. Also modify ap_discard_request_body to not do anything on sub-requests or when the connection will be dropped. [Justin Erenkrantz] *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469. [Cliff Woolley] *) Ensure that apr_brigade_write() flushes in all of the cases that it should to avoid conditions in some modules that could cause large amounts of data to be buffered. [Cliff Woolley] *) Fix problem where mod_cache/mod_disk_cache was incorrectly stripping the content_type from cached responses. [Bill Stoddard] *) apachectl passes through any httpd options. Note: apachectl should be used in preference to httpd since it ensures that any appropriate environment variables have been set up. [Jeff Trawick] *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir. PR 7810 [Colm MacCarthaigh ] *) Fix suexec execution of CGI scripts from mod_include. PR 7791, 8291 [Colm MacCarthaigh ] *) Fix segfaults at startup on some platforms when mod_auth_digest, mod_suexec, or mod_ssl were used as DSO's due to the way they were tracking the current init phase since DSO's get completely unloaded and reloaded between phases. PR 9413. [Tsuyoshi Sasamoto , Brad Nicholes] *) Fix mod_include's handling of regular expressions in "