logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Apache 2.4.9 available :: Updated with OpenSSL 1.0.1g
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Sun 16 Mar '14 21:45    Post subject: Apache 2.4.9 available :: Updated with OpenSSL 1.0.1g Reply with quote

Apache 2.4.9 GA is now available here at the download pages.

8 April 2014: Updated OpenSSL to 1.0.1g from 1.0.1f (see below)

Notes VC11:
* Is build with Visual Studio update 4, advised is to use the Visual C++ Redistributable Update 4 at http://www.microsoft.com/en-us/download/details.aspx?id=30679 .

* VC11 versions do not run with XP and 2003, use the VC10 or VC9 version.

Changelog http://www.apachelounge.com/Changelog-2.4.html

Documentation: http://httpd.apache.org/docs/2.4/ attention there when you want to Upgrade to 2.4 from 2.2

When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

Enjoy,

Steffen


Last edited by Steffen on Thu 05 Jun '14 20:22; edited 2 times in total
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 677

PostPosted: Tue 08 Apr '14 11:34    Post subject: The Heartbleed Bug Reply with quote

Updated the builds with 1.0.1g OpenSSL from 1.0.1f.

Be sure you not download a cached former one, empty your browser cache.
Check the ReadMe.txt in the .zip.


The update fixes the serious vulnerability The Heartbleed Bug.

More info at: www.apachelounge.com/viewtopic.php?p=27305

Steffen


Changes between 1.0.1f and 1.0.1g

*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server (The Heartbleed Bug).

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley for preparing the fix (CVE-2014-0160)

*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]

*) TLS pad extension: draft-agl-tls-padding-03

Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long. [Adam Langley, Steve Henson]


Last edited by admin on Fri 11 Apr '14 12:00; edited 4 times in total
Back to top
Tina



Joined: 23 Jan 2014
Posts: 5

PostPosted: Tue 08 Apr '14 15:41    Post subject: Reply with quote

When will VC10 32 BIT follow? I would urgently need this Smile

Thanks a lot!
Back to top
lambacck



Joined: 18 Dec 2008
Posts: 3
Location: Burlington, Ontario, Canada

PostPosted: Tue 08 Apr '14 18:20    Post subject: Reply with quote

Will only Apache 2.4 builds be updated? There was a post about 2.2.27 being the last build for Apache 2.2.

Thanks,
Chris
Back to top
sowen



Joined: 08 Apr 2014
Posts: 1

PostPosted: Tue 08 Apr '14 18:36    Post subject: Reply with quote

Thanks very much Steffen for the quick fix to this problem.
Back to top
TPL



Joined: 25 Mar 2014
Posts: 24
Location: Germany, Hamburg

PostPosted: Tue 08 Apr '14 19:40    Post subject: Reply with quote

Thanks a lot! Apache 2.4.9 VC11 with OpenSSL 1.0.1g works fine.
Back to top
sratrerier



Joined: 19 Mar 2009
Posts: 4

PostPosted: Wed 09 Apr '14 14:43    Post subject: Reply with quote

Yes thank you. Apache 2.4.9 VC10 Windows 32 bit with OpenSSL 1.0.1g works fine too.
Back to top


Reply to topic   Topic: Apache 2.4.9 available :: Updated with OpenSSL 1.0.1g View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout