Re: Apache 2.039

2002-08-10 Thread R. DuFresne

On Sat, 10 Aug 2002, Mads Toftum wrote:

> On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote:
> > Any word on if this compiles on those older linux kernels as the previous
> > release was a total dud in that realm?
> 
> I've compiled Apache2 on a 2.0 linux kernel several times without problems.

yes, but, on an older linux kernel?  Pre 2.2.x?

Thanks,

Ron DuFresne
-- 
~~
admin & senior security consultant:  sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-10 Thread Mads Toftum

On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote:
> Any word on if this compiles on those older linux kernels as the previous
> release was a total dud in that realm?

I've compiled Apache2 on a 2.0 linux kernel several times without problems.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread Cliff Woolley

On Fri, 9 Aug 2002, R. DuFresne wrote:

> Any word on if this compiles on those older linux kernels as the previous
> release was a total dud in that realm?

Probably no change.  But FWIW, I believe one of our developers tried it on
an older kernel and it worked fine for him... if you could provide
access to a box it fails on to one of the core dev team, that might help.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread R. DuFresne


This is a security fix release for those using apache in Cygwin
environments!



Date: Fri, 9 Aug 2002 22:07:52 +0100 (BST)
From: Mark J Cox <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],
 Full Disclosure <[EMAIL PROTECTED]>,
 Vuln-Dev <[EMAIL PROTECTED]>
Subject: [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix
platforms

-BEGIN PGP SIGNED MESSAGE-

For Immediate Disclosure

=== SUMMARY 

Title: Apache 2.0 vulnerability affects non-Unix platforms
 Date: 9th August 2002
 Revision: 2
 Product Name: Apache HTTP server 2.0
  OS/Platform: Windows, OS2, Netware
Permanent URL:
http://httpd.apache.org/info/security_bulletin_20020809a.txt
  Vendor Name: Apache Software Foundation
   Vendor URL: http://httpd.apache.org/
  Affects: All Released versions of 2.0 through 2.0.39
 Fixed in: 2.0.40
  Identifiers: CAN-2002-0661

=== DESCRIPTION 
Apache is a powerful, full-featured, efficient, and freely-available Web
server.  On the 7th August 2002, The Apache Software Foundation was
notified of the discovery of a significant vulnerability, identified by
Auriemma Luigi <[EMAIL PROTECTED]>.

This vulnerability has the potential to allow an attacker to inflict
serious damage to a server, and reveal sensitive data.  This vulnerability
affects default installations of the Apache web server.

Unix and other variant platforms appear unaffected.  Cygwin users are
likely to be affected.

=== SOLUTION 

A simple one line workaround in the httpd.conf file will close the
vulnerability.  Prior to the first 'Alias' or 'Redirect' directive, add
the following directive to the global server configuration:

   RedirectMatch 400 "\\\.\."

Fixes for this vulnerability are also included in Apache HTTP server
version 2.0.40.  The 2.0.40 release also contains fixes for two minor
path-revealing exposures.  This release of Apache is available at
http://www.apache.org/dist/httpd/



Thanks,

Ron DuFresne

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> On Fri, 9 Aug 2002, Cliff Woolley wrote:
> 
> > That's what I get for not reading all of my email before responding to
> > any of it.  0.9.6g was also released today.  Sigh.  :)
> 
> I guess today was the day for releases.  Apache 2.0.40 is now out as well.
> 
> --Cliff
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 

-- 
~~
admin & senior security consultant:  sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread R. DuFresne

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> On Fri, 9 Aug 2002, Cliff Woolley wrote:
> 
> > That's what I get for not reading all of my email before responding to
> > any of it.  0.9.6g was also released today.  Sigh.  :)
> 
> I guess today was the day for releases.  Apache 2.0.40 is now out as well.

Any word on if this compiles on those older linux kernels as the previous
release was a total dud in that realm?

Thanks,

Ron DuFresne
-- 
~~
admin & senior security consultant:  sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread Cliff Woolley

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> That's what I get for not reading all of my email before responding to
> any of it.  0.9.6g was also released today.  Sigh.  :)

I guess today was the day for releases.  Apache 2.0.40 is now out as well.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



RE: Apache 2.039

2002-08-09 Thread Xiao, Wei
Title: RE: Apache 2.039





Followed your instruction, finally got every configuration done. But server won't start with following message in error_log,

[Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still contains not sufficient entropy!
[Fri Aug 09 11:49:32 2002] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed


Thanks.


-Original Message-
From: Daniel Lopez [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 08, 2002 2:09 PM
To: [EMAIL PROTECTED]
Subject: Re: Apache 2.039




Have a look at http://www.apacheworld.org/ty24/site.chapter17.html
That is a chapter I have online that explains step by step how to build
Apache 2 with SSL support. 


> When I run configure --with-ssl=$directory_of_open_ssl, it complained that
> it can't find ssl toolkit library. Did I do anything wrong?
> 
> Thanks.
> 
> Wei
> 
> -Original Message-
> From: Cliff Woolley [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 08, 2002 1:50 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Apache 2.039
> 
> 
> On Thu, 8 Aug 2002, Tony Jarriault wrote:
> 
> > I'm search openssl for Apache 2.039, where can i find it, please ?
> 
> I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
> 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
> there (caveat: we do not distribute binaries of mod_ssl, only source
> code).
> 
> OpenSSL is the same regardless of what mod_ssl you use and is available at
> www.openssl.org.
> 
> --Cliff
> 
> PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager    [EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager    [EMAIL PROTECTED]





Re: Apache 2.039

2002-08-09 Thread Maurizio Marini

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday 09 August 2002 04:27 pm, Cliff Woolley wrote:
 >On Thu, 8 Aug 2002, Cliff Woolley wrote:
 >> Upgrade to 0.9.6e.
 >
 >Make that 0.9.6f, released today.  :)
 >
 g, just a few minutes ago..
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9U9M/4Q/49nIJTlwRAgh9AJ9RVLUm+8WXtqAkgDNTij/fJnTvdQCfVRko
S0+auy1Me02md2SuHyvmDA4=
=gl4i
-END PGP SIGNATURE-
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread Cliff Woolley

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> Make that 0.9.6f, released today.  :)

That's what I get for not reading all of my email before responding to
any of it.  0.9.6g was also released today.  Sigh.  :)

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-09 Thread Cliff Woolley

On Thu, 8 Aug 2002, Cliff Woolley wrote:

> Upgrade to 0.9.6e.

Make that 0.9.6f, released today.  :)

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-08 Thread EdwardSPL

Cliff Woolley wrote:

> On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote:
>
> > Do you know what different between 0.9.6b and 0.9.6e
>
> Among other things, there are important security fixes in 0.9.6e (for
> remotely exploitable bugs in 0.9.6d and earlier versions).
>
> Upgrade to 0.9.6e.

So, do you agree compile and install apache 1.3.26, php 4.2.2, MySQL
3.23.51, OpenSSL 0.9.6e and mod_ssl 2.8.10-1.3.26 good for working
together under Linux / Unix / other OS System ?

Thank for your help !


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-08 Thread Cliff Woolley

On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote:

> Do you know what different between 0.9.6b and 0.9.6e

Among other things, there are important security fixes in 0.9.6e (for
remotely exploitable bugs in 0.9.6d and earlier versions).

Upgrade to 0.9.6e.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Apache 2.039

2002-08-08 Thread EdwardSPL



Gregg Andrew wrote:


Openssl.org
version 0.9.6e



Do you know what different between 0.9.6b and 0.9.6e, Because I
knew there are some of users they are using 0.9.6b, I think 0.9.6b is an
older version... But if I use the new version of Apache ( eg : 1.3.26 ),
so... use 0.9.6e is good ? I was fail to install 0.9.6d !