Apache Upgrade Fixes Windows Bugs - Apache Week. Apache 1.3.20 released - hzgn.com

HZGN.COM
welcome to my space

HOME

Homepage

Add to favorites

Search:

HOME

Apache Upgrade Fixes Windows Bugs

Published by: rose 2009-01-06

Apache Week. Apache 1.3.20 released::
This is a bug fix and minor upgrade release, with a few new features. On Windows fix a bug which could cause messages such as dup2(stdin) failed
http://www.apacheweek.com/issues/01-05-25HOME

One of the world's most widely used server software programs Monday got an upgrade to fix some serious problems found in three versions of Microsoft Windows.

Techworld.com - Major upgrade for Apache::
our weekly update from Linux, Windows, Vista and more Apple fixes bugs with iPhone 2.0.1 software. Sony to launch Wii-style remote for mobile phone
http://www.techworld.com/opsys/news/index.cfm?NewsID=4916HOME

SECURITY ADVISORY: June 17, 2002::
On the Windows and Netware platforms, Apache runs one multithreaded child users of Apache 2.0 should upgrade to 2.0.39, which contain a fix for this issue.
http://httpd.apache.org/info/security_bulletin_20020617.txtHOME

Volunteers with the Apache Software Foundation and the Apache HTTP Server Project released Apache 2.0 HTTP Server version 2.0.44 primarily as a security and bug fix over its previous incarnation as version 2.0.43.

This is the seventh public release of the server operating system and is considered by the organization to be "the best version of Apache available." The software is now available for download from the Apache.org Web site.

Among the problems found by Apache-watchers Matthew Murphy and Lionel Brits:

* VU#979793 addresses versions of Windows 9x and Me, which could be crashed by a malicious request to Apache that contains a MS-DOS device name. The patch is available from Microsoft, but Apache 2.0.44 includes the correct filters even if the Microsoft update is not applied.

* VU#825177 builds on VU#979793, as a remote attacker can run arbitrary code on a server running Apache under Windows 9x and Me by sending a carefully crafted POST request containing a MS-DOS device name.

Page 6 - Getting Started with Apache::
known bug than to potentially introduce several unknown ones in order to fix it. you installed Apache from a package, you can upgrade it by performing
http://www.devshed.com/c/a/Apache/Getting-Started-with-Apache/5HOME

* On Windows platforms, Apache could be forced to serve unexpected files by appending illegal characters such as "<" to the request URL.

The Apache release team also says the 2.0.44 version marks a change in the Apache release process and, "a new level of stability in the 2.0 series."

Apache Patch Fixes Security Holes @ SYS-CON.TV::
the Apache 2.0.45 upgrade also fixes a bunch of bugs in the 2.0.44 version. Pete Manca, Allen Stewart, Group Manager, Windows Virtualization at Microsoft,
http://www.sys-con.tv/read/34943.htmHOME

"Beginning with this release, we will make every effort to retain forward compatibility in the configuration and module API, so that upgrading along the 2.0 series should be much easier," the team said in a statement. "This compatibility extends backwards to 2.0.42, so users of that version or later should be able to upgrade without changing configurations or updating DSO modules."

The Foundation says people using earlier releases will need to recompile all modules in order to upgrade to 2.0.44.

In all there are 51 bugs fixed and features added beyond 2.0.43. The Apache Group says 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase including some of the following:
* mod_autoindex: Bring forward the IndexOptions IgnoreCase option from Apache 1.3. PR 14276
* mod_mime: Workaround to prevent a segfault if r->filename=NULL
* Reorder the definitions for mod_ldap and mod_auth_ldap within config.m4 to make sure the parent mod_ldap is defined first. This ensures that mod_ldap comes before mod_auth_ldap in the httpd.conf file, which is necessary for mod_auth_ldap to load. PR 14256
* Fix the building of cgi command lines when the query string contains '='. PR 13914
* Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move implementation of MCacheMaxStreamingBuffer from mod_cache to mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should eliminate the need for explicitly coding McacheMaxStreamingBuffer in most configurations.
* Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL as set by apr-util in util_ldap.c. This should allow mod_ldap to work with the Netscape/Mozilla LDAP library.
* Fix critical bug in new --enable-v4-mapped configure option implementation which broke IPv4 listening sockets on some systems.

The Foundation says if you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe.

RealNetworks Concludes Helix Code Delivery
Wireless Firms Team up for 'T3G'