Changes with Apache 2.2.20


*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]

*) mod_authnz_ldap: If the LDAP server returns constraint violation,
don't treat this as an error but as "auth denied". [Stefan Fritsch]

*) mod_filter: Fix FilterProvider conditions of type "resp=" (response
headers) for CGI. [Joe Orton, Rainer Jung]

*) mod_reqtimeout: Fix a timed out connection going into the keep-alive
state after a timeout when discarding a request body. PR 51103.
[Stefan Fritsch]

*) core: Do the hook sorting earlier so that the hooks are properly sorted
for the pre_config hook and during parsing the config. [Stefan Fritsch]


It was just released so we will have to wait for it to sync :)

Hello,

It's now available in custombuild, from files1.
Please allow 24 hours for the other DA files mirrors to be synced from files1, if you're using a files server other than files1.

Don't forget to recompile php after updating apache!
cd /usr/local/directadmin/custombuild
./build update
./build versions #ensure you see 2.2.20
./build apache
./build php nJohn

Thanks John, everything seems to have run fine for me:)

./build apache
./build php nJohn

What is the impact of just updating apache without recompiling php?

Hello
I will now do the update?
I had been of security?
It is better to use these resources
I'm currently using the Apache 2.2.19
I suggest you to upgrade?
Language is not so good ;)
Thanks

Hello,
What is the impact of just updating apache without recompiling php?You may run into linking issues or segfaults if there are any changes to the apache api. It may work fine, but for production servers, I don't recommend skipping the php recompile.

@abolfazl201358: Yes, I recommend you upgrade. It's a security release for a fix regarding a "Range" header attack. (http://www.apache.org/dist/httpd/CHANGES_2.2.20)

John

Hello
I did update successfully finished
Apache 2.2.19 is the same but
Did not upgrade to Apache 2.2.20
Please please help
Thank you



[root@server custombuild]# httpd -v
Server version: Apache/2.2.19 (Unix)
Server built: Sep 1 2011 15:32:56

Hello
I did update successfully finished
Apache 2.2.19 is the same but
Did not upgrade to Apache 2.2.20
Please please help
Thank you



[root@server custombuild]# httpd -v
Server version: Apache/2.2.19 (Unix)
Server built: Sep 1 2011 15:32:56


What are the exact commands you used to update?

run ./build update before build apache.

Regards

What are the exact commands you used to update?
Hello
I've used the instructions at the bottom
Thanks


cd /usr/local/directadmin/custombuild
./build update
./build versions #ensure you see 2.2.20
./build apache
./build php n

run ./build update before build apache.

Regards

Use the same method, but the result is the same
Thank you


Server version: Apache/2.2.19 (Unix)

And on ./build versions you had apache as avaible for update as requested in those steps?

If ./build version give you no update for apache so the mirror is checking is yet no updated.

You should edit options.conf and change the line


downloadserver=whatever.directadmin.com

to


downloadserver=files11.directadmin.com


that is for sure up2date cause i use that and ive update successfully.

once edited re-run that sequence

Regards

If ./build version give you no update for apache so the mirror is checking is yet no updated.

You should edit options.conf and change the line


downloadserver=whatever.directadmin.com

to


downloadserver=files11.directadmin.com


that is for sure up2date cause i use that and ive update successfully.

once edited re-run that sequence

Regards

Hello
Your Success At The Eternity
Only DirectAdmin Support
Thanks



[root@server custombuild]# httpd -v
Server version: Apache/2.2.20 (Unix)
Server built: Sep 1 2011 17:06:55

This is in the log system messages after update?


Sep 2 09:34:32 suhosin[20383]: ALERT - script tried to disable memory_limit by setting it to a negative value -1 bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '/usr/local/directadmin/custombuild/php-5.3.8/pear/install-pear-nozlib.phar', line 1128)
Sep 2 09:34:32 suhosin[20383]: ALERT - Include filename ('phar://install-pear-nozlib.phar/index.php') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '/usr/local/directadmin/custombuild/php-5.3.8/pear/install-pear-nozlib.phar', line 1236)

Not related in any way.

Trolling.

CentOS 5.5. No issues.

Working fine here too, CentOS 5