Apache 1.3总算出新版本了。1.3.31.离1.3.29(去年10月30号)过了半年多。跳过了1.3.30直接出的1.3.31.修正了4个主要的安全漏洞。还加入了两个模块跟踪子进程的崩溃。 http://apache.linuxforum.net/dist/httpd/apache_1.3.31.tar.gz
下面是完全改进:Apache 1.3.31 Major changes
Security vulnerabilities
The main security vulnerabilities addressed in 1.3.31 are:
o CAN-2003-0987 (cve.mitre.org)
In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest.
CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog.
CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket.
CAN-2003-0993 (cve.mitre.org)
Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms
New features
New features that relate to specific platforms:
Linux 2.4+: If Apache is started as root and you codeCoreDumpDirectory, coredumps are enabled via the prctl() syscall.
New features that relate to specific platforms:
Add mod_whatkilledus and mod_backtrace (experimental) for reporting diagnostic information after a child process crash.
Add fatal exception hook for running diagnostic code after a crash.
Forensic logging module added (mod_log_forensic)
'%X' is now accepted as an alias for '%c' in the LogFormat directive. This allows you to configure logging to still log the connection status even with mod_ssl
Bugs fixed
The following bugs were found in Apache 1.3.29 (or earlier) and have been fixed in Apache 1.3.31:
Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests.
mod_usertrack no longer inspects the Cookie2 header for the cookie name. It also no longer overwrites other cookies.
Fix bug causing core dump when using CookieTracking without specifying a CookieName directly.
UseCanonicalName off was ignoring the client provided port information.
置顶卡
喧嚣卡
变色卡
千斤顶
显身卡