Apache 1.3.34 Released

[NukLeoN]

Apache HTTP Server 1.3.34 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.34 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.34 as compared to 1.3.33. This Announcement1.3 document may also be available in multiple languages at:
http://www.apache.org/dist/httpd/

This version of Apache is principally a bug and security fix release. A partial summary of the bug fixes is given at the end of this document. A full listing of changes can be found in the CHANGES file. Of particular note is that 1.3.34 addresses and fixes 2 potential security issues:
If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.

We consider Apache 1.3.34 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family.

Apache 1.3.34 is available for download from
http://httpd.apache.org/download.cgi

Binary distributions are available from
http://www.apache.org/dist/httpd/binaries/

This service utilizes the network of mirrors listed at:
http://www.apache.org/mirrors/

 

[hackerpitbull]

Updated !

cd /usr/local/directadmin/cus*
nano build

change:
APACHE_VER=1.3.34
MODSSL_VER=2.8.25

nano configure.apache_ssl

change:
--with-apache=../apache_1.3.34 \

wget http://www.apache.org/dist/httpd/apache_1.3.34.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.25-1.3.34.tar.gz
tar xzfv apache_1.3.34.tar.gz
tar xzfv mod_ssl-2.8.25-1.3.34.tar.gz

./build apache_mod_ssl

 

[ju5t]

Thanks.

Updated.

 

[Chrysalis]

does anyone know the correct mailing list to get the apache updates, I signed up to one but it seems its for security patches only and not new apache versions.

Thanks for the update.

 

[vandal]

thank you, updated.

 

[DirectAdmin Support]

Hello,

Build script updated. To update:

cd /usr/local/directadmin/customapache
./build clean
./build update
./build all d

John

 

[dannygoh]

new version do not support below with php!

# Libxml2
# Expat
# Sablotron

How can i downgrade to V1.3.33

 

[DirectAdmin Support]

Hello,

To downgrade:

perl -pi -e 's/1.3.34/1.3.33/' build
perl -pi -e 's/1.3.34/1.3.33/' configure.apache_ssl
./build clean
./build all d

John

 

[Chrysalis]

john while you here add php 4.4.0 to the build script it has been outdated for weeks.

 

[DirectAdmin Support]

Waiting on zend to work with it. If I'm incorrect, and 2.5.10a version of zend does in fact work, then let me know and I'll change the script. But from what I'm reading, it doesn't appear so.

The 4.4.0 version is on our files.directadmin.com, so you can edit the PHP_VER in the build script, and run:

./build clean
./build update_data
./build all d

to update to 4.4.0

John

 

[Chrysalis]

I can also confirm 2.5.10a works with 4.4.0 and have been using it for weeks.

 

[dan35]

Me too. 2.5.10a works with 4.4.0.

 

[DirectAdmin Support]

Alright, Ill update php in the build script.

John

 

[hostpc.com]

Just a pointer here to direct John & crew to a follow up question here: previous post

Thanks

 

[@how@]

thank you, updated.