Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 16 reacties
Bron: Apache.org

De meest gebruikte webserver op het internet is weer een versie ouder. De update komt niet helemaal uit de lucht vallen gezien het eerdere nieuws van vandaag. De 1.3.xx serie is de oude branch van Apache, 2.0.xx is de laatste branch, beide zijn stable.

De veranderingen in apache 1.3.26 en 1.3.25 zijn de volgende:

1.3.26
  • Potential NULL referencing fixed in the CGI module. It had been there for 5 years. [Justin Erenkrantz]
  • Ensure that we set the result value in ap_strtol before we return it. [The whole gang again]

1.3.25
  • Code changes required to address and close the security issues in CAN-2002-0392 (mitre.org) [CERT VU#944335]. To support this, we utilize the ANSI functionality of strtol, and provide ap_strtol for completeness. [The whole gang]
  • PORT: With OpenBSD 3.1 and up, allow modules to work on their ELF-based architectures. [Brad ]
  • Add X-Forwarded-Host and X-Forwarded-Server to X-Forwarded-For to the proxy. [Thomas Eibner ]
  • Fix a problem in mod_proxy: it would not set the number of bytes transferred, so other modules could not access the value from the request_rec->bytes_sent field. [Anthony Howe ] PR#6841
  • Fix a problem in mod_rewrite which would lead to 400 Bad Request responses for rewriting rules which resulted in a local path. Note: This will also reject invalid requests like "HEAD /roaming/martin/IMAP localhost HTTP/1.0" as issued by Netscape-4.x Roaming Profiles (on a DAV-enabled server) [Martin Kraemer]
  • Disallow anything but whitespace on the request line after the HTTP/x.y protocol string. That prevents arbitrary user input from ending up in the access_log and error_log. Also, special characters (especially control characters) are escaped in the log file now, to make a clear distinction between client-supplied strings (with special characters) and server-side strings. Martin Kraemer]
  • Get rid of DEFAULT_XFERLOG as it is not used anywhere. It was preserved by the build system, printed with "httpd -V", but apart from that completely ignored: the default transfer log is to not produce any transfer log. [Martin Kraemer]
  • Fixed sending of binary files under Cygwin. PR 9185. [Cliff Woolley]
  • Added Cygwin directory layout to config.layout file. [Stipe Tolj, ]
  • Added a '-F' flag; which causes the mother/supervisor process to no longer fork down and detach. But instead stays attached to the tty - thus making live for automatic restart and exit checking code easier. [ Contributed by Michael Handler , Jos Backus [ Dirk-Willem van Gulik ]].
  • Make apxs.pl more flexible (file extensions like .so or .dll are no longer hardcoded). [Stipe Tolj ]
  • Add an intelligent error message should no proxy submodules be valid to handle a request. PR 8407 [Graham Leggett]
  • Allow child processes sufficient time for cleanups but making ap_select in reclaim_child_processes more "resistant" to signal interupts. Bugz# 8176 [David Winterbourne , Jim Jagielski]
  • Recognize platform specific root directories (other than leading slash) in mod_rewrite for filename rewrite rules. Bugz# 7492 [William Rowe]
  • For supported versions of Darwin, place dynamically loaded Apache extensions' public symbols into the global symbol table. This allows dynamically loaded PHP extensions. [Marko Karppinen ]
  • Correct proxy to be able to handle the unexpected 100-continue reponses sent during PUT or POST requests. [Graham Leggett]
  • Correct a timeout problem within proxy which would force long or slow POST requests to close after 300 seconds. [Martin Lichtin , Brian Bothwell ]
  • Add support for dechunking chunked responses in proxy. [Graham Leggett]
  • Made AB's use of the Host: header rfc2616 compliant by Taisuke Yamada [Dirl-Willem van Gulik].
  • Update the Red Hat Layout to match Red Hat Linux version 7. PR BZ-7422 [Joe Orton]
  • Add some popular types to the mime magic file. PR 7730. [Linus Walleij , Justin Erenkrantz]
  • Tighten up the overridden-Server-header bugfix in the proxy, by only overriding if the request is a proxy request. It has been pointed out that the previous fix allows CGIs and modules to override the Server header, which is change to previous behavior. [Graham Leggett, Joshua Slive]
  • Another fix for the multiple-cookie header bug in proxy. With some luck this bug is actually now dead. [Graham Leggett]
[break]Ook 2.0.39 heeft een paar versienummers overgeslagen. De changelogs van 2.0.38, 2.0.39 en 2.0.37 zijn de volgende:[/break]2.0.39
  • Fixed a build problem in htpasswd.c on Win32. [Guenter Knauf , Cliff Woolley]
2.0.38
  • Rewrite htpasswd to use APR. The removes the annoying warning about tmpnam being unsafe. [Ryan Bloom]
  • We must set the MIME-type for .shtml files to text/html if we want them to be parsed for SSI tags. Add the config for that to the default config file so that it is easier to enable .shtml parsing. [Dave Dyer ]
  • Fixed a problem with 'make install' on ReliantUnix. [Jean-frederic Clere ]
  • Make the default_handler catch all requests that aren't served by another handler. This also gets us to return a 404 if a directory is requested, there is no DirectoryIndex, and mod_autoindex isn't loaded. [Justin Erenkrantz]
  • Fixed the handling of nested if-statements in shtml files. PR 9866 [Brian Pane]
  • Allow 'make install DESTDIR=/path'. This allows packagers to install into a directory different from the one that was configured. This also mirrors the root= feature from 1.3. We cannot use prefix=, because both APR and APR-util resolve their installation paths at configuration time. This means that there is no variable prefix to replace. [Andreas Hasenack ]
  • AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT. These levels of AIX don't have a thundering herd problem with accept(). [Jeff Trawick]
  • prefork MPM: Ignore mutex errors during graceful restart. For certain types of mutexes (particularly SysV semaphores), we should expect to occasionally fail to obtain or release the mutex during restart processing. [Jeff Trawick]
  • Fix install-bindist.sh so that it finds any perl instead of just early perl 5.x versions. This is consistent with a build/install from source, and it allows the perl scripts installed by a bindist to work on systems with perl 5.6. [Jeff Trawick]
  • Fix apxs so that the makefile created by "apxs -g" works on AIX and Tru64 (and probably some other platforms). [Jeff Trawick]
  • Allow CGI scripts to return their Content-Length. This also fixes a hang on HEAD requests seen on certain platforms (such as FreeBSD). [Justin Erenkrantz]
  • Added log rotation based on file size to the RotateLog support utility. [Brad Nicholes]
  • Fix some casting in mod_rewrite which broke random maps. PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
2.0.37
  • allow POST method over SSL when per-directory client cert authentication is used with 'SSLOptions +OptRenegotiate' enabled and a client cert was found in the ssl session cache.
  • 'SSLOptions +OptRengotiate' will use client cert in from the ssl session cache when there is no cert chain in the cache. prior to the fix this situation would result in a FORBIDDEN response and error message "Cannot find peer certificate chain" [Doug MacEachern]
  • ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if one was already sent. PR 9644 [Jeff Trawick]
  • Fix the display of the default name for the mime types config file. PR 9729 [Matthew Brecknell ]
  • Fix the working directory *for WinNT/2K/XP services only* to change to the Apache directory (one level above the location of Apache.exe, in the case that Apache.exe resides in bin/.) Solves the case of ServerRoot /foo paths where /foo was not on the same drive as /winnt/system32. [William Rowe]
  • Make 2.0's "AcceptMutex" startup message now "completely" match how 1.3 does it. [Jim Jagielski]
  • Implement a fixed size memory cache using a priority queue [Ian Holsman]
  • Fix apxs to allow "apxs -q installbuilddir" and to allow querying certain other variables from config_vars.mk. PR 9316 [Jeff Trawick]
  • Added the "detached" attribute to the cgi_exec_info_t internals so that Win32 and Netware won't create a new window or console for each CGI invoked. PR 8387 [Brad Nicholes, William Rowe]
  • Consolidated the command line parameters and attributes that are manipulated by the optional function ap_cgi_build_command() in mod_cgi into a single structure. [Brad Nicholes]
  • Get rid of uninitialized value errors with "apxs -q" on certain variables. [Stas Bekman ]
  • Fix apxs to allow it to work when the build directory is somewhere besides server-root/build. PR 8453 [Jeff Trawick and a host of others]
  • Allow ap_discard_request_body to be called multiple times in the same request. Essentially, ap_http_filter keeps track of whether it has sent an EOS bucket up the stack, if so, it will only ever send an EOS bucket for this request. [Ryan Bloom, Justin Erenkrantz, Greg Stein]
  • Remove all special mod_ssl URIs. This also fixes the bug where redirecting (.*) will allow an SSL protected page to be viewed without SSL. [Ryan Bloom]
  • Fix the binary build install script so that the build logic created by "apxs -g" will work when the user has a binary build. [Jeff Trawick]
  • Allow instdso.sh to work with full paths to the shared module. [Justin Erenkrantz]
  • NetWare: Enabled CGI functionality and added mod_cgi as a built in module for NetWare [Brad Nicholes]
  • Changed cgi and piped log behavior to accept 65536 characters on Win32 (matching Linux) before deadlocking between outputing client stdin, slurping the output from stdout and then the stderr stream. PR 8179 [William Rowe]
  • Fixed Win32 wintty.exe support to assure the window title is valid. Elimiates possible gpfault or garbage title without the -t option. [William Rowe]
  • Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use brigades and input filters. [Justin Erenkrantz]
  • Allow ap_http_filter (HTTP_IN) to return EOS when there is no request body. [Justin Erenkrantz]
  • NetWare: Piping log entries through RotateLogs using the CustomLogs directive is finally supported now that we have the pipes and spawning functionality working. [Brad Nicholes]
  • Detect overflow when reading the hex bytes forming a chunk line. [Aaron Bannert]
  • Allow RewriteMap prg:'s to take command-line arguments. PR 8464. [James Tait ]
  • Correctly return 413 when an invalid chunk size is given on input. Also modify ap_discard_request_body to not do anything on sub-requests or when the connection will be dropped. [Justin Erenkrantz]
  • Fix the TIME_* SSL var lookups to be threadsafe. PR 9469. [Cliff Woolley]
  • Ensure that apr_brigade_write() flushes in all of the cases that it should to avoid conditions in some modules that could cause large amounts of data to be buffered. [Cliff Woolley]
  • Fix problem where mod_cache/mod_disk_cache was incorrectly stripping the content_type from cached responses. [Bill Stoddard]
  • apachectl passes through any httpd options. Note: apachectl should be used in preference to httpd since it ensures that any appropriate environment variables have been set up. [Jeff Trawick]
  • Fix the combination of mod_cgid, mod_setuexec, and mod_userdir. PR 7810 [Colm MacCarthaigh ]
  • Fix suexec execution of CGI scripts from mod_include. PR 7791, 8291 [Colm MacCarthaigh ]
  • Fix segfaults at startup on some platforms when mod_auth_digest, mod_suexec, or mod_ssl were used as DSO's due to the way they were tracking the current init phase since DSO's get completely unloaded and reloaded between phases. PR 9413. [Tsuyoshi Sasamoto , Brad Nicholes]
  • Fix mod_include's handling of regular expressions in "

    Weergave:






Reacties (16)

$ HEAD www.tweakers.net
200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 19 Jun 2002 08:54:20 GMT
Pragma: no-cache
Server: Apache/1.3.23 (Unix) PHP/4.1.2

hum. :)
nu ook nog zelf ff installen ?
ja, ben nu weer wakker dus nu ga ik het ook maar eens op een stuk of 8 webservers installen ;(

ach, 1 keer een scriptje schrijven en dan is het :z
Cool.. dus tot kees echt wakker is kunnen we lekker h4x0r3n }>

Ik begrijp alleen dat die bug alleen op 64bits gedoe is?

naja, up-to-date houden is altijd wel zo handig imho
Op 64bit machines is de bug mogelijk als Worst-Case, namelijk dat een hacker/cracker/whatever controle krijgt over de machine. De 32bit machines hebben de bug ook wel, alleen daar kan het worst-case scenario geen werkelijkheid worden
Het is al worst case genoeg als je server over belast wordt door een grapjas die processes spawned en dood etc .. maarja .. tweakers heeft dikke bakken staan.
2.0.xx beta ?

als het goed is zijn die al stable verklaart hoor ! :?
je hebt gelijk, ik zit niet op te letten ;)
Ok, Win32 installed

Ik mis alleen (tot nu toe) een upgrade mogelijkheid..
je mag nu de oude win32 de-installeren, en dan nieuwe installeren.
Je kan m niet gewoon ff upgraden "on-the-fly"
Kun je niet gewoon de .dll's vervangen als hij even offline is?
Inderdaad, gewoon ff apache offline halen, de nieuwe bestanden (behalve natuurlijk je configs) er overheen kopieren en weer online gooien.

Alleen een upgrade mogelijkheid in de install zou inderdaar wel handiger zijn ja.
Het is niet veel werk en je oude config blijft geheel behouden (al maak ik natuurlijk altijd wel eerst ff een backup!)
Potential NULL referencing fixed in the CGI module. It had been there for 5 years. [Justin Erenkrantz]
omg 5 jaar? en nu pas ontdekt... hoeveel lijntjes code is apache wel niet :)

wel een grappige changelog, beetje Nullsoft stijl :)
Lekker nuttig die changelog hier plaatsen, was een linkje niet slimmer?
Nou, nee... Lijkt me niet... wat moet je hier anders neerzetten?

Het gaat om softwareupdates en daar wil men meestal van weten wat er dan veranderd is.... Anders wordt het zo leeg :+
Toch maar voor de zekerheid erop gezet :)
Allow mod_rewrite's set of "int:" internal RewriteMap functions to be extended by third-party modules via an optional function. [Tahiry Ramanamampanoharana , Cliff Woolley]
uhh.... hoe? :P

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True