Apache 2.2.10 is released

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,628
Location
LT, EU
http://archive.apache.org/dist/httpd/httpd-2.2.10.tar.gz

httpd.apache.org said:
Changes with Apache 2.2.10

*) SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]

*) Allow for smax to be 0 for balancer members so that all idle
connections are able to be dropped should they exceed ttl.
PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
Jim Jagielski]

*) mod_proxy_http: Don't trigger a retry by the client if a failure to
read the response line was the result of a timeout.
[Adam Woodworth <mirkperl gmail.com>]

*) Support chroot on Unix-family platforms
PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]

*) mod_ssl: implement dynamic mutex callbacks for the benefit of
OpenSSL. [Sander Temme]

*) mod_proxy_balancer: Add 'bybusyness' load balance method.
[Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]

*) mod_authn_alias: Detect during startup when AuthDigestProvider
is configured to use an incompatible provider via AuthnProviderAlias.
PR 45196 [Eric Covener]

*) mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
used as a session path separator/delim PR 45158. [Jim Jagielski]

*) mod_charset_lite: Avoid dropping error responses by handling meta buckets
correctly. PR 45687 [Dan Poirier <poirier pobox.com>]

*) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
avoid reusing pooled connections if the client connection is an initial
connection. PR 37770. [Ruediger Pluem]

*) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
PR 44799 [Christian Wenz <christian wenz.org>]

*) mod_ssl: Rewrite shmcb to avoid memory alignment issues. PR 42101.
[Geoff Thorpe]

*) mod_proxy: Add connectiontimeout parameter for proxy workers in order to
be able to set the timeout for connecting to the backend separately.
PR 45445. [Ruediger Pluem, rahul <rahul sun.com>]

*) mod_dav_fs: Retrieve minimal system information about directory
entries when walking a DAV fs, resolving a performance degradation on
Windows. PR 45464. [Joe Orton, Jeff Trawick]

*) mod_cgid: Pass along empty command line arguments from an ISINDEX
query that has consecutive '+' characters in the QUERY_STRING,
matching the behavior of mod_cgi.
[Eric Covener]

*) mod_headers: Prevent Header edit from processing only the first header
of possibly multiple headers with the same name and deleting the
remaining ones. PR 45333. [Ruediger Pluem]

*) mod_proxy_balancer: Move nonce field in the balancer manager page inside
the html form where it belongs. PR 45578. [Ruediger Pluem]

*) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
[Ruediger Pluem]

*) mod_rewrite: Preserve the query string when [proxy,noescape]. PR 45247.
[Tom Donovan]
 
when upgrading apache with custombuild is it sufficient to just upgrade with ./build update_versions or does other stuff need to be rebuilt as well?
 
Hi guys,

now I have a problem with Apache at the moment. I must upgrade it from 2.2.0 to 2.2.10. Seems simple. But it isnt :(.

It seemed that I need APR.

checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for library containing strerror... none required
checking for APR version 1.2.0 or later... no
configure: error: APR version 1.2.0 or later is required

*** There was an error while trying to configure Apache 2. Check the configure.apache_2 file

Now I searched on this forum. But I coul'nt find the awnser. So I just did this;

./build mod_perl_ap2

Then I did agian ./build apache_2. But still I get the same error. Could someome help me?

EDIT: configure.apache_2


#!/bin/sh
OPTIM="-DHARD_SERVER_LIMIT=32768 -DFD_SETSIZE=32768 " \
./configure \
--enable-ssl \
--prefix=/etc/httpd \
--exec-prefix=/etc/httpd \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc/httpd/conf \
--enable-module=all \
--enable-rewrite \
--enable-suexec \
--with-suexec-docroot=/ \
--with-suexec-caller=apache \
--with-suexec-userdir=public_html \
--with-suexec-logfile=/var/log/httpd/suexec_log \
--with-suexec-bin=/usr/sbin/suexec \
--includedir=/usr/include/apache \
--libexecdir=/usr/lib/apache \
--datadir=/var/www \
--localstatedir=/var \
--disable-auth-dbm --disable-auth-db
 
Last edited:
Thanks, I tried it. But it isn't working :( probarly because I am on FreeBSD. So I tried to get "with-apr=.. /apr-1.2.7" in configuration.php. But unlucky it dint sorted out. Any tips?
 
Back
Top