Apache httpd 1.3.35 Released

R

rpan

Verified User
Joined
Nov 8, 2004
Messages
24
cd /usr/local/directadmin/customapache
wget http://apache.mirrors.pair.com/httpd/apache_1.3.35.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.26-1.3.35.tar.gz
change the versions in build
./build clean
./build apache_mod_ssl
service httpd restart

Changes with Apache 1.3.35

*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]

*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]

*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>. [Mark Cox]

*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
 
Last edited:
Hi,
Update 1.3.34 to 1.3.35
Code: 
cd /usr/local/directadmin/customapache
rm -fr build
wget [url]http://files.directadmin.com/services/customapache/build[/url]
chmod 755 build
./build update

edit (build) nano -w build and set 1.3.35 in place 1.3.34 after apache

./build clean
wget [url]http://www.devlib.org/apache/httpd/apache_1.3.35.tar.gz[/url]
./build all y
./build zend
/sbin/service httpd restart


Wael
 
Last edited:
Setting up mod_ssl...
*** Cannot find /usr/local/directadmin/customapache/mod_ssl-2.8.25-1.3.35.tar.gz. Aborting ***

there is no such file but only /usr/local/directadmin/customapache/mod_ssl-2.8.25-1.3.34.tar.gz

How to correct and build ?
 
There is no current modssl for version 1.3.35 .... pretty slack if you ask me ... but nothing you can do until its released i'm affraid.
 
took them long enough that security hole remain unpatched for ages and yeah careless on the mod_ssl.
 
xemaps said:
Setting up mod_ssl...
*** Cannot find /usr/local/directadmin/customapache/mod_ssl-2.8.25-1.3.35.tar.gz. Aborting ***

there is no such file but only /usr/local/directadmin/customapache/mod_ssl-2.8.25-1.3.34.tar.gz

How to correct and build ?
Click to expand...


did you get an answer on how to build if mod_ssl isnt working?
 
the answer is to build without ssl support, to do you would have to edit the build script.

I have emailed the mod_ssl author just incase he wasnt even aware of 1.3.35 been released.
 
Do we need to
#./build all

or Just
#./build update
#./build apache_ssl

Is this enaugh ?
Or php have to recompiled because it use apxs ?
 
@how@ said:
Code: 
cd /usr/local/directadmin/customapache
rm -fr build
wget [url]http://files.directadmin.com/services/customapache/build[/url]
chmod 755 build
./build update
Click to expand...

What's you want to do with these command?

#./build update
will do get latest build script from where you just wget it manually isn't it?
 
kke said:
What's you want to do with these command?

#./build update
will do get latest build script from where you just wget it manually isn't it?
Click to expand...
If I remember correctly it gets the version of the different software specified in the build file. They may or may not be the latest, as some of the newer stuff has issues or isn't completely compatible.

So no, it doesn't get the latest scripts, but gets the latest/compatible software that's listed in the build script.

This brings us to the the post that @how@ posted. If you notice he has you remove and then downloaded a new build file, which then has the latest software versions that DA believes are the best at this time. So if you do that, when you run ./build update, it will download all the software contained in the build file.

You can also modify the build file yourself and change the versions yourself if you want, but you run the chance of running into problems if you deviate from what DA recommends. So do that at your own risk.

Hope that helps.
 
Last edited:
kke said:
Do we need to
#./build all

or Just
#./build update
#./build apache_ssl

Is this enaugh ?
Or php have to recompiled because it use apxs ?
Click to expand...
I did a ./build update, then a ./build all

It really depends on if you want to update more then just apache_ssl. If you want to get current on everything, the ./build all will build everything.

Personally, I did the build all, just in case I had any software versions that were not the suggested (by the build file) versions.
 
jw00dy said:
If I remember correctly it gets the version of the different software specified in the build file. They may or may not be the latest, as some of the newer stuff has issues or isn't completely compatible.

So no, it doesn't get the latest scripts, but gets the latest/compatible software that's listed in the build script.

Hope that helps.
Click to expand...

I see :D

so I do click update DirectAdmin from cp first
then ./build update should get the latest build version
then ./build clean and then ./build apache_mod_ssl

All Done. :)
 
hmm, I'm not completely sure if updating DA from the control panel updated the build file or not????

Just smoke the old build file and wget the new one, then do as you mentioned and you will know for sure you are good to go.
 
You must log in or register to reply here.
Back
Top