Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.45 Released

Posted by michael on from the better-than-okra dept.

thx2001r writes "Well, it's no longer April 1st across the contiguous United States, so the coast is clear to say Apache 2.0.45 is released. This version contains two important security fixes and a number of bug fixes. The security fixes affect all platforms and versions of Apache 2.0.x up until this update with some special caveats for the 2.0.45 OS/2 release. It looks like the first security vulnerability addressed in this eighth public release of the Apache 2.0.x series is having its details witheld until April 8th. This is being called "a significant Denial of Service vulnerability" for Apache 2.0.x by the ASF."

35 comments

  1. Too Bad by Anonymous Coward · · Score: -1, Troll

    That it is another April 2nd joke.

  2. OK by Anonymous Coward · · Score: -1, Offtopic

    ok

  3. Soo... When can NT users use this? by Eneff · · Score: 2, Interesting

    I mean, when will SSL support be ported for Apache 2?

    Last time I tried to compile SSL support from scratch it was a nightmare of errors...

    1. Re:Soo... When can NT users use this? by rdieter · · Score: 5, Informative
      when will SSL support be ported for Apache 2?
      FYI, SSL support is builtin (apache.org) now.
    2. Re:Soo... When can NT users use this? by thx2001r · · Score: 5, Informative

      Well, I've been using Apache 2.0.x Mod_SSL OpenSSL since, Apache 2.0.35, on Windows NT 5 (Win2k). Get a compiler the instructions are available publicly.

      The only reason it is not pre-compiled for binary release (win32) with OpenSSL by Apache Group is legal concerns over strong encryption:

      "This version is only available at present in a -no_ssl flavor, due to ongoing questions of strong crypto redistribution. When a binary build with mod_ssl compiled in is made available, the -no_ssl flavor will remain as an option for those in jurisdictions that restrict ssl encryption, as well as those T8 prohibited from downloading from the ASF's US-based servers." Source:

      Apache 2.0.44 and the latest OpenSSL 0.9.7a were, well, a bit of a challenge to compile, but it's done (and that was mostly to do with OpenSSL 0.9.7a). Now on to 2.0.45!

      --

      -Joe
      If we're all god's children, what's so special about Jesus? - Jimmy Carr

    3. Re:Soo... When can NT users use this? by thx2001r · · Score: 2, Interesting

      Update: In Win32, the compiled 2.0.44 mod_ssl.so (DSO) works just fine with the Apache Group 2.0.45 MSI installer package. Just add the DSO, your conf file(s), OpenSSL keys, and you're good to go!

      Looks like the API is actually remaining stable (as advertised) at least in Win32, in mod_ssl! Way to go Apache Group!!!

      --

      -Joe
      If we're all god's children, what's so special about Jesus? - Jimmy Carr

  4. You know... by Anonymous Coward · · Score: -1, Flamebait

    If places like slashdot didn't waste their time looking like a bunch of unfunny cunts on april 1, we could post shit like this yesterday.

    nice work fucktards.

  5. fuck the french! by Anonymous Coward · · Score: -1, Troll
    A Recent Le Monde poll showed 30% of French people hope that Iraq leader Saddam hussein is victorious.

    All i can say is France: Go Fuck Yourself.

    1. Re:fuck the french! by Anonymous Coward · · Score: -1, Troll

      Hell yeah! Those French bastards. Oh and some small percent of people in the USA hope that Iraq leader Saddam Hussein is victorious too.

      So I'll add, USA: Go Fuck Yourself. Damn Arab lovers.

    2. Re:fuck the french! by Anonymous Coward · · Score: -1, Flamebait

      Troll? Oh umm... I forgot to mention that contributions from moderators with sub-human intelligence including baboons and thin skinned americans are not welcome.

  6. PHP4 with Apache2? by shagymoe · · Score: 2, Interesting

    Anyone know if it is safe to stick my php4 toe in the Apache2 water? I've heard some bad stories about php4 with Apache2 so I'm sticking with 1.3.27 right now with php4.3.1.

    1. Re:PHP4 with Apache2? by bodgit · · Score: 4, Informative

      I've been running PHP 4.2.3 with Apache 2.0.43+ and there haven't been any problems so far. I've kept the PHP options to a minimum to get Horde/Imp working, so there may be some adventurous settings that will still cause problems.

    2. Re:PHP4 with Apache2? by Malcolm+Scott · · Score: 4, Informative

      I've been using Apache 2.0.44 with PHP 4.3.1 for a while on a Gentoo-based server, and I've had no problem at all. Works like a treat.

      The PHP team needed to do a bit of code tweaking to make PHP fit into the Apache 2 module format (APXS2) - so initially, as you say, PHP support for Apache 2 was very bad/nonexistant. But that work has been completed AFAIK, so any recent PHP version should work fine with Apache 2.

    3. Re:PHP4 with Apache2? by Anonymous Coward · · Score: 0

      Apache 2.0.44 with PHP 4.3.0 running great on my OpenBSD 3.2 box. I'm sure this new release will fix any problems that most people had with PHP with Apache. Goodluck! :)

    4. Re:PHP4 with Apache2? by Bobulusman · · Score: 1

      I'm running Apache 2.0.44 w/ PHP 4.3.0 on Windows XP Pro and have not had any problems. with it. When I first set it up, I had some random crashes, but that turned out to be my software firewall. Since I've uninstalled it, no problems.

      --
      Cogito ergo sum in Slashdot.
    5. Re:PHP4 with Apache2? by Mitchell+Mebane · · Score: 1

      Actually, yes. mod_php even works quite well. Been running our company web server on Apache2/PHP4/mod_php for a little over a year now, with _zero_ problems. Current setup is Apache 2.0.44/PHP4.3.1/mod_php.

      --

      The roots of education are bitter, but the fruit is sweet.
      --Aristotle
    6. Re:PHP4 with Apache2? by Gambit-x7x · · Score: 1

      It's fine... i have been using php4.x(aip) and Apache2.x for half a year now on multiple OS(RH8, winXP(home), win2k(Server))... works like a charm.... ocazinal problem if you like me DLing the lates versions... the configuration use to be triky but now they got it worked out...

      --
      Who controls the information, controls the world...
  7. PHP4 with Apache2: YES! by dananderson · · Score: 3, Informative
    Most problems seem to be caused by those who use the Apache MT model with thread-unsafe libraries that PHP may link in.

    Stick with the classic (Apache 1.x) prefork MPM model and you'll be a lot safer. YMMV.

    I have a writeup on using PHP with Apache 2 at http://dan.drydog.com/apache2php.html

  8. Last Post by Anonymous Coward · · Score: -1, Offtopic

    Please don't post here so that will remain true.

    1. Re:Last Post by Anonymous Coward · · Score: -1, Offtopic

      Last Post
      Please don't post here so that will remain true.

      Ok, I won't. Oops! Sorry...
      Woohoo! I got the last post! I won!

    2. Re:Last Post by Anonymous Coward · · Score: -1, Offtopic

      I got the last post! I won!

      No you did not, my friend.

  9. This is a troll by Anonymous Coward · · Score: -1, Troll

    I post only to have a thread after the previous thread.
    BTW, I too dislike the French. Not because of the current disagreement over the war, just because the women need to shave and the men shower.

  10. Last Post by Anonymous Coward · · Score: -1, Offtopic

    Nice try, my friend.

  11. When they bring it down by milosoftware · · Score: 1

    Hmm, just a DOS vulnerability.

    To upgrade my 2.0.44 box, I'll have to bring it down... So it's better to wait for the first attack and when it stops, upgrade it. It will be down only once then.

    Maybe i'll compile the 45 version, and install it automatically when the current httpd exits...

    --
    Musicians don't die. They just decompose.
  12. Last Post Here by Anonymous Coward · · Score: -1, Troll

    Shut up!

    Thanks.

  13. Damnit! by Anonymous Coward · · Score: 0

    Damnit, are there API changes again? My mod_ssl from 2.0.44 doesn't work, do I have to compile the damn thing all over again? It was SUCH a bitch last time, I'm will not be happy if I have to do it again.

    Init: Session Cache is not configured [hint: SSLSessionCache]

    What? I have the same config and SSL libs as I did on 2.0.44, everything else is 2.0.45, ARGHHHH!

    1. Re:Damnit! by thx2001r · · Score: 1

      Actually (and an update from previous post),

      I used the compiled mod_ssl from 2.0.44 on 2.0.45... this is on the Win2k Apache. In this case, mod_ssl 2.0.44 openssl 0.9.7a win32.

      It looks like the modules really DON'T have to be recompiled all the time... hopefully, the vulnerabilities don't extend to the mod_ssl 2.0.44 code as well... sigh.

      --

      -Joe
      If we're all god's children, what's so special about Jesus? - Jimmy Carr

    2. Re:Damnit! by Anonymous Coward · · Score: 0

      Of course mod_ssl needs upgrading... you've
      paid attention the security bulletins at http://www.openssl.org/ ... right???

    3. Re:Damnit! by thx2001r · · Score: 1

      OpenSSL does not create Mod_SSL... they are not affiliated, as far as I know... ASF creates Mod_SSL for Apache 2.0.x (while www.modssl.org creates the Apache 1.3.x ones).

      I assume you are referring to the new versions of OpenSSL released? I do not know for a fact that the OpenSSL release affects Mod_SSL releases, particularly since Mod_SSL for 2.0.x is related to ASF releases of Apache 2.0.x.

      Someone please correct me if I'm drastically wrong here regarding Apache 2.0.x and Mod_SSL 2.0.x (and point me to the documentation that proves otherwise).

      --

      -Joe
      If we're all god's children, what's so special about Jesus? - Jimmy Carr

  14. lllast post by Anonymous Coward · · Score: -1, Offtopic
  15. PHP4 & Apache 2.0.43 not accepting tags by rorya · · Score: 1

    Last I tried, PHP4 (4.3.0 i think it was) on Apache 2.0.43 did not support the XML compliant way of jumping into the PHP interpreter (ie. "", rather than the more common way "?php". Has anyone else noticed this issue?

  16. Apache 2.0.43 & php 4.3.0 not accepting SCRIPT by rorya · · Score: 1

    Last I tried, PHP4 (4.3.0 i think it was) on Apache 2.0.43 did not support the XML compliant way of jumping into the PHP interpreter (ie. "SCRIPT LANGUAGE="PHP", rather than the more common way "?php". Has anyone else noticed this issue?

  17. Apache 2.0.46 is now out! by Anonymous Coward · · Score: 0

    Get it here!

    Oh, and last post.

  18. 1.3.27 by packethead · · Score: 0

    Does this DOS affect 1.3.27?

    --
    .sig
  19. No. You're fine. (last post) by Anonymous Coward · · Score: 0