Hi all,
I've prepared a new package for a v2.0.1 release. Please take a look at
the artifacts, check the STATUS/README/CHANGES files, and do builds and
tests. Remember that 2.0.x releases only builds on some limited number
of Linux distribution, and no other Unix flavors are supported.
After finishing your examination of the release candidate, please cast
your +/-/0 votes, I will call the vote on 8/30. The src tar-ball and
signatures are available in
http://people.apache.org/~zwoop/rel-candidates/
The relevant files are:
-rw-r--r-- 1 zwoop zwoop 2857437 Aug 26 23:55 trafficserver-2.0.1.tar.bz2
-rw-r--r-- 1 zwoop zwoop 836 Aug 26 23:55
trafficserver-2.0.1.tar.bz2.asc
-rw-r--r-- 1 zwoop zwoop 62 Aug 26 23:55
trafficserver-2.0.1.tar.bz2.md5
-rw-r--r-- 1 zwoop zwoop 70 Aug 26 23:55
trafficserver-2.0.1.tar.bz2.sha1
Checksums are:
SHA1: 2a5fdc36665585908b6ab8d5f063570d8ba4cd02 trafficserver-2.0.1.tar.bz2
MD5: 94fc8b032eea873a1a4838249c0408a2 trafficserver-2.0.1.tar.bz2
This is primarily a release to address CVE-2010-2952, but a couple of
approved backported patches are also applied. A patch for v2.0.0 is also
available on the dist mirrors, which only addresses the CVE-2010-2952
incident.
Special thanks to Tim Brown for reporting the DNS vulnerabilities, and
for giving us ample time to address the deficiencies.
-- Leif
