For those updating from 2.0.X.
cd /usr/local/directadmin/customapache
wget http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.58.tar.gz
edit the httpd version in build
./build clean
./build apache_2
Changes with Apache 2.0.58
*) Legal: Restored original years in copyright notices.
[Colm MacCarthaigh]
Changes with Apache 2.0.57
*) mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. PR 36410. [Colm MacCarthaigh]
*) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
[Davi Arnaut <davi haxent.com.br>]
*) mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. PR 11971. [Martin Kraemer]
*) mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix. [William Wrowe]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>. [Mark Cox]
Changes with Apache 2.0.56
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
PR 37791. [Rüdiger Plüm, Joe Orton]
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'. [William Rowe]
*) Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
[Jeff Trawick]
*) Default handler: Don't return output filter apr_status_t values.
PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
*) mod_speling: Stop crashing with certain non-file requests.
[Jeff Trawick]
*) keep the Content-Length header for a HEAD with no response body.
PR 18757 [Greg Ames]
*) Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
[William Rowe]
*) Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. PR 38070. [Nick Kew]
*) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. PR 27787. [André Malo]
*) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
[Justin Erenkrantz]
*) mod_cache: Correctly handle responses with a 301 status. PR 37347.
[Paul Querna]
*) mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. PR 37145.
[Ruediger Pluem, William Rowe]
*) Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
[William Rowe]
*) mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
*) Document the ReceiveBufferSize change done in r157583.
[Murray Nesbitt <murray cpan.org>]
*) mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. PR 37559.
[Paul Querna]
*) mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL. [Ghassan Misherghi <ghassanm ucdavis.edu>]
*) mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows. [Jeff Trawick]
*) Write message to error log if AuthGroupFile cannot be opened.
PR 37566. [Rüdiger Plüm]
*) Add ReceiveBufferSize directive to control the TCP receive buffer.
[Eric Covener <covener gmail.com>]
*) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
[Paul Querna]
*) Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header. [Graham Leggett,
Jon Snow <jsnow27 gatesec.net>]
*) http_request.c: Add missing va_end call. [André Malo]
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna]
*) support/check_forensic: Fix temp file usage
[Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
*) Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets. [Ruediger Pluem]
*) mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
*) Added new module mod_version, which provides version dependent
configuration containers. [André Malo]
*) Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
[André Malo]
cd /usr/local/directadmin/customapache
wget http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.58.tar.gz
edit the httpd version in build
./build clean
./build apache_2
Changes with Apache 2.0.58
*) Legal: Restored original years in copyright notices.
[Colm MacCarthaigh]
Changes with Apache 2.0.57
*) mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. PR 36410. [Colm MacCarthaigh]
*) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
[Davi Arnaut <davi haxent.com.br>]
*) mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. PR 11971. [Martin Kraemer]
*) mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix. [William Wrowe]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>. [Mark Cox]
Changes with Apache 2.0.56
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
PR 37791. [Rüdiger Plüm, Joe Orton]
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'. [William Rowe]
*) Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
[Jeff Trawick]
*) Default handler: Don't return output filter apr_status_t values.
PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
*) mod_speling: Stop crashing with certain non-file requests.
[Jeff Trawick]
*) keep the Content-Length header for a HEAD with no response body.
PR 18757 [Greg Ames]
*) Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
[William Rowe]
*) Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. PR 38070. [Nick Kew]
*) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. PR 27787. [André Malo]
*) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
[Justin Erenkrantz]
*) mod_cache: Correctly handle responses with a 301 status. PR 37347.
[Paul Querna]
*) mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. PR 37145.
[Ruediger Pluem, William Rowe]
*) Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
[William Rowe]
*) mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
*) Document the ReceiveBufferSize change done in r157583.
[Murray Nesbitt <murray cpan.org>]
*) mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. PR 37559.
[Paul Querna]
*) mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL. [Ghassan Misherghi <ghassanm ucdavis.edu>]
*) mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows. [Jeff Trawick]
*) Write message to error log if AuthGroupFile cannot be opened.
PR 37566. [Rüdiger Plüm]
*) Add ReceiveBufferSize directive to control the TCP receive buffer.
[Eric Covener <covener gmail.com>]
*) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
[Paul Querna]
*) Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header. [Graham Leggett,
Jon Snow <jsnow27 gatesec.net>]
*) http_request.c: Add missing va_end call. [André Malo]
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna]
*) support/check_forensic: Fix temp file usage
[Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
*) Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets. [Ruediger Pluem]
*) mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
*) Added new module mod_version, which provides version dependent
configuration containers. [André Malo]
*) Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
[André Malo]
Last edited:
