>-----Original Message-----
>From: Mads Toftum [mailto:[EMAIL PROTECTED]]
>Sent: 14 October 2001 17:05
>To: [EMAIL PROTECTED]
>Subject: Re: apache 1.3.22 and modssl
>
>
>On Sun, Oct 14, 2001 at 05:36:59PM +0200, Ralf S. Engelschall wrote:
>>
>> In article <[EMAIL PROTECTED]> you wrote:
>> > Ralf is usually pretty quick to release new versions of mod_ssl.
>>
>> I plan to provide an upgraded mod_ssl version for 1.3.22 on Monday or
>> Tuesday.
>
>Cool. I was right then :)
>The major changes in 1.3.22 are winblows related anyway, so no need to
>hurry :)
>
Specifically, The changes listed at
http://httpd.apache.org/dist/httpd/CHANGES_1.3 are:
Changes with Apache 1.3.22
*) Recognize AIX 5.1. [Jeff Trawick]
*) PORT: Support AtheOS (see www.atheos.cx)
[Rodrigo Parra Novo <[EMAIL PROTECTED]>]
*) The manual directory is still configurable (as enabled by
the 1.3.21 change), but its default setting was reverted to
the pre-1.3.21 default as a subdirectory of the DocumentRoot.
You can adapt your path in config.layout or with the
"configure --manualdir=" switch. [Martin Kraemer]
*) Additional correction for the mutex changes on the TPF platform.
[David McCreedy <[EMAIL PROTECTED]>]
*) mod_proxy - remove Explain*; replace with ap_log_*
[Chuck Murcko <[EMAIL PROTECTED]>]
Changes with Apache 1.3.21
*) Enable mod_mime_magic (experimental) for Win32. [William Rowe]
*) Use an installed Expat library rather than the bundled Expat. This
fixes a problem where multiple copies of Expat could be loaded
into the process space, thus conflicting and causing strange
segfaults. Most notably with mod_perl and XML::Parsers::Expat.
[Greg Stein]
*) Handle user modification of WinNT/2K service display names. Prior
versions of Apache only accepted identical internal and display names
(where internal service names were space-stripped.) [William Rowe]
*) Introduce Win32 -W option for -k install/config to set up service
dependencies on the workstation, snmp and other services that given
modules or configurations might depend upon. [William Rowe]
*) Update the mime.types file to map video/vnd.mpegurl to mxu
and add commonly used audio/x-mpegurl for m3u extensions.
[Heiko Recktenwald <[EMAIL PROTECTED]>, Lars Eilebrecht]
*) Modified mod_mime and mod_negotiation to prevent mod_negotiation
from serving any multiview variant containing one or more
'unknown' filename extensions. In PR #8130, mod_negotiation was
incorrectly serving index.html.zh.Big5 when better variants were
available. The httpd.conf file on the failing server did not have
an AddLanguage directive for .zh, which caused mod_mime to loose
the file_type information it gleened from parsing the .html
extension. The absence of any language preferences, either in
the browser or configured on the server, caused mod_negotiation
to consider all the variants equivalent. When that occurs,
mod_negotiation picks the 'smallest' variant available, which
just happened to be index.html.zh.Big5.
[Bill Stoddard, Bill Rowe] PR #8130
*) Security: Close autoindex /?M=D directory listing hole reported
in bugtraq id 3009. In some configurations where multiviews and
indexes are enabled for a directory, requesting URI /?M=D could
result in a directory listing being returned to the client rather
than the negotiated index.html variant that was configured and
expected. The work around for this problem (for pre 1.3.21
releases) is to disable Indexes or Multiviews in the affected
directories. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2001-0731 to this issue.
[Bill Stoddard, Bill Rowe]
*) Enabled Win32/OS2/Netware file paths (not / rooted, but c:/ rooted)
as arguments for mod_vhost_alias'es directives. [William Rowe]
*) Changes for Win32 to assure mod_unique_id's UNIQUE_ID strings really
are unique between threads. [William Rowe]
*) mod_proxy - fix for Pragma: nocache (HTTP/1.0 only)
[Kim Bisgaard <[EMAIL PROTECTED]>] PR #5668
*) PORT: Some Cygwin changes, esp. improvements for dynamic loading,
and cleanups. [Stipe Tolj <[EMAIL PROTECTED]>]
*) Win32 SECURITY: The default installation could lead to mod_negotiation
and mod_dir/mod_autoindex displaying a directory listing instead of
the index.html.* files, if a very long path was created artificially
by using many slashes. Now a 403 FORBIDDEN is returned. This
problem was similar to and in the same area as the problem
reported and fixed by Martin Kraemer in 1.3.1
17 in all, mostly Windoze. I don't think I'll be losing any sleep over these
(I lose enough as it is!)
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.
RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
