View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
ubuntu/dapper-updates 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-security 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 37cf083701f3d38635c36b384e5c8e970ba8c2db

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 1d02b5d53c525117ffe6be70b2b615be1aa92ad0
Unapplied parent: 23e21140f7d367afcc848c0fb823761a6aa5955d

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/karmic-security 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

ubuntu/karmic-updates 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-updates 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

ubuntu/karmic-devel 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-devel 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-security 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

ubuntu/maverick 2010-09-08 13:05:06 UTC 2010-09-08
Import patches-unapplied version 2.2.16-1ubuntu3 to ubuntu/maverick

Author: Chuck Short
Author Date: 2010-09-08 12:33:17 UTC

Import patches-unapplied version 2.2.16-1ubuntu3 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: bf96f9f345f8eaead2197f8aa6f009f8e734616e

New changelog entries:
  * Revert "stty sane" to unbreak apache starting, this will have to be
    fixed a different way. (LP: #626723)

applied/ubuntu/maverick 2010-09-08 13:05:06 UTC 2010-09-08
Import patches-applied version 2.2.16-1ubuntu3 to applied/ubuntu/maverick

Author: Chuck Short
Author Date: 2010-09-08 12:33:17 UTC

Import patches-applied version 2.2.16-1ubuntu3 to applied/ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: bcac3a866040467a0173ad7e9bc34845f6cb8af7
Unapplied parent: 698beff61f7f53f5cc840b6e42f8411576a62476

New changelog entries:
  * Revert "stty sane" to unbreak apache starting, this will have to be
    fixed a different way. (LP: #626723)

ubuntu/jaunty-devel 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-devel 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/hardy-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.8-1ubuntu0.18 to applied/ubuntu/hardy-prop...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:39:40 UTC

Import patches-applied version 2.2.8-1ubuntu0.18 to applied/ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 86abb22bfb07bcbf7a27b20fc19b8b45d19314d4
Unapplied parent: a1c613e4d207fad0abec1313eded87fea53bd0f6

New changelog entries:
  * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/dapper-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.0.55-4ubuntu2.11 to ubuntu/dapper-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:44:28 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.11 to ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: 95df84831771120eff0091a6351b027d2cce933f

New changelog entries:
  * debian/patches/119_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/dapper-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.0.55-4ubuntu2.11 to applied/ubuntu/dapper-pr...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:44:28 UTC

Import patches-applied version 2.0.55-4ubuntu2.11 to applied/ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: ffb519603d1e2444f7eacc502535e97c43483b1f
Unapplied parent: 4e5592ed216a92217fbd2ce44714f66e3eac0635

New changelog entries:
  * debian/patches/119_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/hardy-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.8-1ubuntu0.18 to ubuntu/hardy-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:39:40 UTC

Import patches-unapplied version 2.2.8-1ubuntu0.18 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 8b3c081cadf968b86a70d8f2fbefadee514866a7

New changelog entries:
  * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/karmic-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.12-1ubuntu2.3 to applied/ubuntu/karmic-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:26:28 UTC

Import patches-applied version 2.2.12-1ubuntu2.3 to applied/ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: a0acbc26df3eb9043b5319aa7cf5049013433222
Unapplied parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-security 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-updates 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/karmic-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.12-1ubuntu2.3 to ubuntu/karmic-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:26:28 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.3 to ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: 13954a81aa335ad0d4b231e1e739f6e8de23c9c5

New changelog entries:
  * debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-security 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-updates 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/lucid 2010-04-13 20:04:43 UTC 2010-04-13
Import patches-unapplied version 2.2.14-5ubuntu8 to ubuntu/lucid

Author: Chuck Short
Author Date: 2010-04-13 19:09:57 UTC

Import patches-unapplied version 2.2.14-5ubuntu8 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: e88e7548956882dbd14a37178a89f8a3ca31d00c

New changelog entries:
  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
    (LP: #562370)

applied/ubuntu/lucid 2010-04-13 20:04:43 UTC 2010-04-13
Import patches-applied version 2.2.14-5ubuntu8 to applied/ubuntu/lucid

Author: Chuck Short
Author Date: 2010-04-13 19:09:57 UTC

Import patches-applied version 2.2.14-5ubuntu8 to applied/ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 0e0b74d6c696e7faa23df68b9461cf10722d7159
Unapplied parent: d4c5988222b32205a5ed099a75ebac9a5f2eff1f

New changelog entries:
  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
    (LP: #562370)

applied/ubuntu/intrepid-devel 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/intrepid-updates 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

applied/ubuntu/intrepid-updates 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

applied/ubuntu/intrepid-security 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/intrepid-security 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/intrepid-devel 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/karmic 2009-08-18 13:07:47 UTC 2009-08-18
Import patches-unapplied version 2.2.12-1ubuntu2 to ubuntu/karmic

Author: Marc Deslauriers
Author Date: 2009-08-17 19:38:47 UTC

Import patches-unapplied version 2.2.12-1ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 5ca210feb52a9e8bad5baf8a40bb945a89efffa3

New changelog entries:
  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
    - Fix potential segfaults with the use of the legacy ap_rputs() etc
      interfaces, in cases where an output filter fails. This happens
      frequently after CVE-2009-1891 got fixed. (LP: #409987)

applied/ubuntu/karmic 2009-08-18 13:07:47 UTC 2009-08-18
Import patches-applied version 2.2.12-1ubuntu2 to applied/ubuntu/karmic

Author: Marc Deslauriers
Author Date: 2009-08-17 19:38:47 UTC

Import patches-applied version 2.2.12-1ubuntu2 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: be4df96feb99f72efe9b7ac2e8cc0a0b66eec3b6
Unapplied parent: 9baa6feafe35bcabc50e3e34c81f474dec7e177f

New changelog entries:
  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
    - Fix potential segfaults with the use of the legacy ap_rputs() etc
      interfaces, in cases where an output filter fails. This happens
      frequently after CVE-2009-1891 got fixed. (LP: #409987)

ubuntu/jaunty 2009-04-01 16:05:05 UTC 2009-04-01
Import patches-unapplied version 2.2.11-2ubuntu2 to ubuntu/jaunty

Author: Chuck Short
Author Date: 2009-04-01 15:39:17 UTC

Import patches-unapplied version 2.2.11-2ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 668af5cd6f59b4f45e2edea67a8689a0162098dd

New changelog entries:
  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)

applied/ubuntu/jaunty 2009-04-01 16:05:05 UTC 2009-04-01
Import patches-applied version 2.2.11-2ubuntu2 to applied/ubuntu/jaunty

Author: Chuck Short
Author Date: 2009-04-01 15:39:17 UTC

Import patches-applied version 2.2.11-2ubuntu2 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 13ca37070e962a04d3e4a99523e70a314c1b3da3
Unapplied parent: 48b64ed4248d9ffabcf14bf039d885fb914d0fe5

New changelog entries:
  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)

applied/ubuntu/gutsy-devel 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/gutsy-security 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/gutsy-devel 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

applied/ubuntu/gutsy-updates 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

applied/ubuntu/gutsy-security 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/gutsy-updates 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/intrepid 2008-09-19 14:04:27 UTC 2008-09-19
Import patches-unapplied version 2.2.9-7ubuntu3 to ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-19 13:32:01 UTC

Import patches-unapplied version 2.2.9-7ubuntu3 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 4afa2bfdc6f4ba86beb9197b65a7efea65e77577

New changelog entries:
  * Revert logrotate change since it will break it for everyone.

applied/ubuntu/intrepid 2008-09-19 14:04:27 UTC 2008-09-19
Import patches-applied version 2.2.9-7ubuntu3 to applied/ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-19 13:32:01 UTC

Import patches-applied version 2.2.9-7ubuntu3 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 229131ec49ebc9173ac7d9c7256ba4a7e94ca7a2
Unapplied parent: 28aafa174cfe9e80d3b0c0c58721d7869a934020

New changelog entries:
  * Revert logrotate change since it will break it for everyone.

applied/ubuntu/edgy-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/feisty-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/feisty-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/feisty-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/edgy-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/edgy-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/edgy-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/edgy-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/feisty-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

applied/ubuntu/feisty-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

applied/ubuntu/feisty-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

applied/ubuntu/edgy-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/hardy 2008-02-02 03:04:02 UTC 2008-02-02
Import patches-unapplied version 2.2.8-1 to ubuntu/hardy

Author: Stefan Fritsch
Author Date: 2008-01-17 19:27:56 UTC

Import patches-unapplied version 2.2.8-1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 272a746d97189c54b5dadda77f4fec37a408e9bf

New changelog entries:
  * New upstream version:
    - Fixes cross-site scripting issues in
      o mod_imagemap (CVE-2007-5000)
      o mod_status (CVE-2007-6388)
      o mod_proxy_balancer's balancer manager (CVE-2007-6421)
    - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
      (CVE-2007-6422).
    - Fixes mod_proxy URL encoding in error messages (closes: #337325).
    - Adds explicit charset to the output of various modules to work around
      possible cross-site scripting flaws affecting web browsers that do not
      derive the response character set as required by RFC2616. For
      mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
      specify something else than ISO-8859-1 (CVE-2008-0005).
    - Adds mod_substitute which performs inline response content pattern
      matching (including regex) and substitution (like mod_line_edit).
    - Adds "DefaultType none" option.
    - Adds new "B" option to RewriteRule to suppress URL unescaping.
    - Adds an "if" directive for mod_include to test whether an URL is
      accessible, and if so, conditionally display content.
    - Adds support for mod_ssl to the event MPM.
  * Move the configuration of User, Group, and PidFile to
    /etc/apache2/envvars. This makes it easier to use these settings in
    scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
    (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
  * Make apache2ctl check the configuration syntax before trying to restart
    apache, to match the behaviour documented in the man page.
    (Closes: #459236)
  * Convert docs to be directly viewable with a browser (and not use content
    negotiation).
  * Add doc-base entry for the documentation. (closes: #311269)
  * Don't ship default files in /var/www, but copy a sample file to
    /var/www/index.html on new installs. Also remove the now unneeded
    RedirectMatch line from sites-available/default.
    (Closes: #411774, #458093)
  * Add some information to README.Debian (Apache wiki, default virtual host)
  * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
    dependencies, easing library transitions (closes: #458857).
  * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
    Patch by Nicolas Valcárcel. (Closes: #436441)
  * Add reportbug script to list enabled modules.
  * Fix some lintian warnings:
    - Pass --no-start to dh_installinit instead of omitting the debhelper token
      in various maintainer scripts. Also move the update-rc.d call to
      apache2.2-common.
    - Add Short-Description to init script.
  * Remove unused apache2-mpm-prefork.prerm from source package and clean up
    debian/rules a bit.
  * Don't ship NEWS.Debian with apache2-utils, as the contents are only
    relevant for the server.

applied/ubuntu/hardy 2008-02-02 03:04:02 UTC 2008-02-02
Import patches-applied version 2.2.8-1 to applied/ubuntu/hardy

Author: Stefan Fritsch
Author Date: 2008-01-17 19:27:56 UTC

Import patches-applied version 2.2.8-1 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: e98e9902ad1cb5eb6ca6d593b703aed2fe67f79d
Unapplied parent: 5504675a4ade3ec5a0ea8f0a0ca52a691eec2127

New changelog entries:
  * New upstream version:
    - Fixes cross-site scripting issues in
      o mod_imagemap (CVE-2007-5000)
      o mod_status (CVE-2007-6388)
      o mod_proxy_balancer's balancer manager (CVE-2007-6421)
    - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
      (CVE-2007-6422).
    - Fixes mod_proxy URL encoding in error messages (closes: #337325).
    - Adds explicit charset to the output of various modules to work around
      possible cross-site scripting flaws affecting web browsers that do not
      derive the response character set as required by RFC2616. For
      mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
      specify something else than ISO-8859-1 (CVE-2008-0005).
    - Adds mod_substitute which performs inline response content pattern
      matching (including regex) and substitution (like mod_line_edit).
    - Adds "DefaultType none" option.
    - Adds new "B" option to RewriteRule to suppress URL unescaping.
    - Adds an "if" directive for mod_include to test whether an URL is
      accessible, and if so, conditionally display content.
    - Adds support for mod_ssl to the event MPM.
  * Move the configuration of User, Group, and PidFile to
    /etc/apache2/envvars. This makes it easier to use these settings in
    scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
    (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
  * Make apache2ctl check the configuration syntax before trying to restart
    apache, to match the behaviour documented in the man page.
    (Closes: #459236)
  * Convert docs to be directly viewable with a browser (and not use content
    negotiation).
  * Add doc-base entry for the documentation. (closes: #311269)
  * Don't ship default files in /var/www, but copy a sample file to
    /var/www/index.html on new installs. Also remove the now unneeded
    RedirectMatch line from sites-available/default.
    (Closes: #411774, #458093)
  * Add some information to README.Debian (Apache wiki, default virtual host)
  * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
    dependencies, easing library transitions (closes: #458857).
  * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
    Patch by Nicolas Valcárcel. (Closes: #436441)
  * Add reportbug script to list enabled modules.
  * Fix some lintian warnings:
    - Pass --no-start to dh_installinit instead of omitting the debhelper token
      in various maintainer scripts. Also move the update-rc.d call to
      apache2.2-common.
    - Add Short-Description to init script.
  * Remove unused apache2-mpm-prefork.prerm from source package and clean up
    debian/rules a bit.
  * Don't ship NEWS.Debian with apache2-utils, as the contents are only
    relevant for the server.

ubuntu/feisty-proposed 2007-11-22 09:03:38 UTC 2007-11-22
Import patches-unapplied version 2.2.3-3.2ubuntu2 to ubuntu/feisty-proposed

Author: Mathias Gug
Author Date: 2007-11-21 21:55:25 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2 to ubuntu/feisty-proposed

Imported using git-ubuntu import.

Changelog parent: feefdc175424a2bba8748fe884fc8f7b18478a48

New changelog entries:
  * debian/apache2.2-common.init.d: make sure that /var/lock/apache2 is owned
    by www-data. Fixes LP: #129920.

applied/ubuntu/feisty-proposed 2007-11-22 09:03:38 UTC 2007-11-22
Import patches-applied version 2.2.3-3.2ubuntu2 to applied/ubuntu/feisty-prop...

Author: Mathias Gug
Author Date: 2007-11-21 21:55:25 UTC

Import patches-applied version 2.2.3-3.2ubuntu2 to applied/ubuntu/feisty-proposed

Imported using git-ubuntu import.

Changelog parent: dcf8e2ec19e0176c37b5dfd4159f3254020687a8
Unapplied parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * debian/apache2.2-common.init.d: make sure that /var/lock/apache2 is owned
    by www-data. Fixes LP: #129920.

ubuntu/gutsy 2007-10-04 23:05:35 UTC 2007-10-04
Import patches-unapplied version 2.2.4-3build1 to ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 17:58:34 UTC

Import patches-unapplied version 2.2.4-3build1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 97ecbf9eaefe3e89bd6b5c775a2c7adf09d9aa16

New changelog entries:
  * Trigger rebuild for hppa

applied/ubuntu/gutsy 2007-10-04 23:05:35 UTC 2007-10-04
Import patches-applied version 2.2.4-3build1 to applied/ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 17:58:34 UTC

Import patches-applied version 2.2.4-3build1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: ed76e69299be7410bc93aa3a5c2319e691e618dd
Unapplied parent: 007e0885d14fc0b3fb017dbc8f5aecb611035477

New changelog entries:
  * Trigger rebuild for hppa

ubuntu/feisty 2007-01-15 17:03:49 UTC 2007-01-15
Import patches-unapplied version 2.2.3-3.2build1 to ubuntu/feisty

Author: Martin Pitt
Author Date: 2007-01-15 16:10:39 UTC

Import patches-unapplied version 2.2.3-3.2build1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: e560b75b498f68319346543fc68580d6b6933013

New changelog entries:
  * No-change upload for the libpq4->libpq5 transition.

applied/ubuntu/feisty 2007-01-15 17:03:49 UTC 2007-01-15
Import patches-applied version 2.2.3-3.2build1 to applied/ubuntu/feisty

Author: Martin Pitt
Author Date: 2007-01-15 16:10:39 UTC

Import patches-applied version 2.2.3-3.2build1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 348870c568f0ccba9ce1ceab45009c91addabf23
Unapplied parent: 6f85e15c72930581e490084cc2ff522b6ab684c3

New changelog entries:
  * No-change upload for the libpq4->libpq5 transition.

applied/ubuntu/edgy 2006-09-27 16:03:13 UTC 2006-09-27
Import patches-applied version 2.0.55-4ubuntu4 to applied/ubuntu/edgy

Author: Martin Pitt
Author Date: 2006-09-27 14:23:09 UTC

Import patches-applied version 2.0.55-4ubuntu4 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 1b3d08b6e7b1b426ec787276c8a1a373e0c7859f
Unapplied parent: 893391ae39edf394545212af60eed7704580500e

New changelog entries:
  * Add debian/patches/054_restore_prefix_fix:
    - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
      overwrites $@ in 2.60, see Debian bug #372179), so that the package
      builds again on recent Edgy.
    - Thanks to Daniel Schepler <schepler@math.berkeley.edu> for this patch
      (taken from Debian #374160)
    - Closes: LP#62242

ubuntu/edgy 2006-09-27 16:03:13 UTC 2006-09-27
Import patches-unapplied version 2.0.55-4ubuntu4 to ubuntu/edgy

Author: Martin Pitt
Author Date: 2006-09-27 14:23:09 UTC

Import patches-unapplied version 2.0.55-4ubuntu4 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: a0b302a2ed0aee3fa4cce1f648db7352ec6790b6

New changelog entries:
  * Add debian/patches/054_restore_prefix_fix:
    - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
      overwrites $@ in 2.60, see Debian bug #372179), so that the package
      builds again on recent Edgy.
    - Thanks to Daniel Schepler <schepler@math.berkeley.edu> for this patch
      (taken from Debian #374160)
    - Closes: LP#62242

applied/ubuntu/hoary-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-secu...

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 657ecdcdcbf45caf67ed50afa297d5299082105b
Unapplied parent: 6908b2459e1534584bf62fc76c4c60fed0ff79aa

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/breezy-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: b8faaf6c1917684cff7b4d15cbec148194d23458

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/breezy-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-sec...

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: bc8dec8fb8d5c02e5b19f12982865ad26bc99e06
Unapplied parent: 2e0bdf3ad9292466e60d2dcd8c63f62c50e6474e

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/breezy-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-sec...

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: bc8dec8fb8d5c02e5b19f12982865ad26bc99e06
Unapplied parent: 2e0bdf3ad9292466e60d2dcd8c63f62c50e6474e

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/hoary-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3099455f859b99511d89df4f27f5cc597bd0f29b

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/hoary-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-secu...

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 657ecdcdcbf45caf67ed50afa297d5299082105b
Unapplied parent: 6908b2459e1534584bf62fc76c4c60fed0ff79aa

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/breezy-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: b8faaf6c1917684cff7b4d15cbec148194d23458

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/hoary-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3099455f859b99511d89df4f27f5cc597bd0f29b

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/dapper 2006-05-29 01:06:38 UTC 2006-05-29
Import patches-unapplied version 2.0.55-4ubuntu2 to ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-05-26 10:12:28 UTC

Import patches-unapplied version 2.0.55-4ubuntu2 to ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: b276d2c8d339ae0484867fa2442ba935dc3d45fd

New changelog entries:
  * Include patch from SVN HEAD to make sure LFS works on 64-bit platforms
    where sendfile() doesn't like dealing with anything larger than 32-bit
    chunks. Yes, Linux 2.6, I'm looking at you (see: launchpad.net/11850)

applied/ubuntu/dapper 2006-05-29 01:06:38 UTC 2006-05-29
Import patches-applied version 2.0.55-4ubuntu2 to applied/ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-05-26 10:12:28 UTC

Import patches-applied version 2.0.55-4ubuntu2 to applied/ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: 002805185e4e258976652ba495fa3ec5b93fdcc4
Unapplied parent: d7a8237e104dc0117991d1983f43cef255509076

New changelog entries:
  * Include patch from SVN HEAD to make sure LFS works on 64-bit platforms
    where sendfile() doesn't like dealing with anything larger than 32-bit
    chunks. Yes, Linux 2.6, I'm looking at you (see: launchpad.net/11850)

ubuntu/warty-security 2006-01-30 21:13:52 UTC 2006-01-30
Import patches-unapplied version 2.0.50-12ubuntu4.10 to ubuntu/warty-security

Author: Adam Conrad
Author Date: 2006-01-07 13:00:08 UTC

Import patches-unapplied version 2.0.50-12ubuntu4.10 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 647a5b8326262640555988ea5bbcc1822207d1bc

New changelog entries:
  * SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
    - Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
      mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
    - Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
      threaded MPMs when making a non-SSL connection to an SSL-enabled port
      on a server with a custom 400 error document defined; see CVE-2005-3357

applied/ubuntu/warty-security 2006-01-30 21:13:52 UTC 2006-01-30
Import patches-applied version 2.0.50-12ubuntu4.10 to applied/ubuntu/warty-se...

Author: Adam Conrad
Author Date: 2006-01-07 13:00:08 UTC

Import patches-applied version 2.0.50-12ubuntu4.10 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 237574061f5ccaf15d2806b628a316260a40856c
Unapplied parent: feb77dcc33754598833d5f204d0543cdbddbbf26

New changelog entries:
  * SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
    - Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
      mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
    - Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
      threaded MPMs when making a non-SSL connection to an SSL-enabled port
      on a server with a custom 400 error document defined; see CVE-2005-3357

applied/ubuntu/warty-devel 2006-01-30 21:13:52 UTC 2006-01-30
Import patches-applied version 2.0.50-12ubuntu4.10 to applied/ubuntu/warty-se...

Author: Adam Conrad
Author Date: 2006-01-07 13:00:08 UTC

Import patches-applied version 2.0.50-12ubuntu4.10 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 237574061f5ccaf15d2806b628a316260a40856c
Unapplied parent: feb77dcc33754598833d5f204d0543cdbddbbf26

New changelog entries:
  * SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
    - Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
      mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
    - Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
      threaded MPMs when making a non-SSL connection to an SSL-enabled port
      on a server with a custom 400 error document defined; see CVE-2005-3357

ubuntu/warty-devel 2006-01-30 21:13:52 UTC 2006-01-30
Import patches-unapplied version 2.0.50-12ubuntu4.10 to ubuntu/warty-security

Author: Adam Conrad
Author Date: 2006-01-07 13:00:08 UTC

Import patches-unapplied version 2.0.50-12ubuntu4.10 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 647a5b8326262640555988ea5bbcc1822207d1bc

New changelog entries:
  * SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
    - Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
      mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
    - Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
      threaded MPMs when making a non-SSL connection to an SSL-enabled port
      on a server with a custom 400 error document defined; see CVE-2005-3357

applied/ubuntu/breezy 2005-12-21 04:40:26 UTC 2005-12-21
Import patches-applied version 2.0.54-5ubuntu2 to applied/ubuntu/breezy

Author: Adam Conrad
Author Date: 2005-10-04 01:53:01 UTC

Import patches-applied version 2.0.54-5ubuntu2 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: be60ea610bf848625c0d1c116355a017b010ed02
Unapplied parent: 134b87fd2ce08ad6fe8ee0e17807745640dbf1dd

New changelog entries:
  * Add 047_ssl_reneg_with_body, which adds a (bounded) buffer of request
    body data to provide a limited but safe fix for the mod_ssl renegotiation
    vs requests-with-bodies bug, as occurs with POST and SVN (Ubuntu #14991)
  * Resynchronise with Debian, bringing in several security patches.
  * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL
    certificate validation; see CAN-2005-1268 (closes: #320048, #320063)
  * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy
    where, when a response contains both Transfer-Encoding and Content-Length
    headers, the connection can be used for HTTP request smuggling and HTTP
    request spoofing attacks; see CAN-2005-2088 (closes: #316173)
  * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache
    when large byte ranges are requested; see CAN-2005-2728 (closes: #326435)
  * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context
    of the SSLVerifyClient directive is not honoured within a <Location>
    nested in a <VirtualHost>, and is left unenforced; see CAN-2005-2700
  * Resynchronise with Debian.
  * Alter 041_util_ldap_fix.patch to revert util_ldap.c to the known
    good version from 2.0.53 (closes: #308648, and re-fixes #307567)
  * Resync with Debian to bring in several useful bugfixes.
  * Add 042_htdigest_CAN-2005-1344 to fix a buffer overflow in
    htdigest, which is described in CAN-2005-1344 (closes: #307134)
  * Add 041_util_ldap_fix.patch from upstream bug #34618 to fix
    issues with mod_auth_ldap sometimes segfaulting and sometimes
    locking up and spinning the CPU to oblivion (closes: #307567)
  * Alter 011_fix_ap-config to make apr-config point us at the system
    libtool, and make libapr0-dev depend on libtool (closes: #306481)
  * Alter 008_make_include_safe to prevent apache2 from including dpkg
    conffile leftovers (.dpkg-old et al) (closes: #304786, #296728)
  * Resync again, bringing in brown-paper-bag bugfix from Debian.
  * Set suexec2's ownership properly, so it's actually executable by
    apache2 with the newly-restrictive permissions (closes: #305242)
  * Resync with Debian, bringing in new upstream.
  * New upstream bugfix-only release (closes: #305121)
  * Fix debian/watch file to only look at apache 2.0.x, so we stop being
    told about the 2.1 beta releases (and I'll notice new 2.0.x releases)
  * Drop o+rx permissions from suexec2; while it has code in place to
    make sure the caller is www-data, if that code should be buggy,
    filesystem permissions will help mitigate fallout (closes: #301045)
  * Update the 003_build_with_autoconf_2.5 patch to make sure both
    apr and apr-util have an AC_PREREQ for autoconf 2.50, so we don't get
    weird autoconf mix-and-match FTBFS issues (closes: #301819)

ubuntu/breezy 2005-12-21 04:40:26 UTC 2005-12-21
Import patches-unapplied version 2.0.54-5ubuntu2 to ubuntu/breezy

Author: Adam Conrad
Author Date: 2005-10-04 01:53:01 UTC

Import patches-unapplied version 2.0.54-5ubuntu2 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 73744c193d222d0f26e574f101087459ca9b700a

New changelog entries:
  * Add 047_ssl_reneg_with_body, which adds a (bounded) buffer of request
    body data to provide a limited but safe fix for the mod_ssl renegotiation
    vs requests-with-bodies bug, as occurs with POST and SVN (Ubuntu #14991)
  * Resynchronise with Debian, bringing in several security patches.
  * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL
    certificate validation; see CAN-2005-1268 (closes: #320048, #320063)
  * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy
    where, when a response contains both Transfer-Encoding and Content-Length
    headers, the connection can be used for HTTP request smuggling and HTTP
    request spoofing attacks; see CAN-2005-2088 (closes: #316173)
  * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache
    when large byte ranges are requested; see CAN-2005-2728 (closes: #326435)
  * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context
    of the SSLVerifyClient directive is not honoured within a <Location>
    nested in a <VirtualHost>, and is left unenforced; see CAN-2005-2700
  * Resynchronise with Debian.
  * Alter 041_util_ldap_fix.patch to revert util_ldap.c to the known
    good version from 2.0.53 (closes: #308648, and re-fixes #307567)
  * Resync with Debian to bring in several useful bugfixes.
  * Add 042_htdigest_CAN-2005-1344 to fix a buffer overflow in
    htdigest, which is described in CAN-2005-1344 (closes: #307134)
  * Add 041_util_ldap_fix.patch from upstream bug #34618 to fix
    issues with mod_auth_ldap sometimes segfaulting and sometimes
    locking up and spinning the CPU to oblivion (closes: #307567)
  * Alter 011_fix_ap-config to make apr-config point us at the system
    libtool, and make libapr0-dev depend on libtool (closes: #306481)
  * Alter 008_make_include_safe to prevent apache2 from including dpkg
    conffile leftovers (.dpkg-old et al) (closes: #304786, #296728)
  * Resync again, bringing in brown-paper-bag bugfix from Debian.
  * Set suexec2's ownership properly, so it's actually executable by
    apache2 with the newly-restrictive permissions (closes: #305242)
  * Resync with Debian, bringing in new upstream.
  * New upstream bugfix-only release (closes: #305121)
  * Fix debian/watch file to only look at apache 2.0.x, so we stop being
    told about the 2.1 beta releases (and I'll notice new 2.0.x releases)
  * Drop o+rx permissions from suexec2; while it has code in place to
    make sure the caller is www-data, if that code should be buggy,
    filesystem permissions will help mitigate fallout (closes: #301045)
  * Update the 003_build_with_autoconf_2.5 patch to make sure both
    apr and apr-util have an AC_PREREQ for autoconf 2.50, so we don't get
    weird autoconf mix-and-match FTBFS issues (closes: #301819)

ubuntu/hoary 2005-12-20 20:38:23 UTC 2005-12-20
Import patches-unapplied version 2.0.53-5ubuntu5 to ubuntu/hoary

Author: Adam Conrad
Author Date: 2005-04-01 16:30:56 UTC

Import patches-unapplied version 2.0.53-5ubuntu5 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: a9b7db731beb72eeafe0a61ed091b780fedf1025

New changelog entries:
  * Fix the init script to not exit with an error when asked to
    stop a daemon that isn't running (Was the root cause of #8374)
  * Make sure package removals don't fail even if the init script
    doesn't stop apache2 (Ubuntu #8374)
  * Add dependency on lsb-base (>= 1.3-9ubuntu2) to guarantee
    availability of lsb init functions (Ubuntu #7765)
  * Really remove /etc/apache2/conf.d/charset on purge, rather
    than just writing about it in the changelog.
  * Resynchronise with Debian, resolving minor conflicts.
  * Remove /etc/apache2/conf.d/charset on purge.
  * Update 040_link_external_pcre to require autoconf 2.50, so it
    doesn't fail when autoconf2.13 is installed (closes: #295428)
  * Further mangle the apache_stop function in the init script so it
    attempts as hard as possible to make sure apache2 is stopped before
    it tries to restart. Thanks to Andre Tomt <andre@tomt.net> for
    the bug and patch this fix was based on (closes: #295915, #281557)
  * Resynchronise with Debian.
  * Add 040_link_external_pcre to allow us to link to an external libpcre
    rather than statically compiling the bundled version.
  * Add --with-external-pcre to the configure flags in debian/rules
    (closes: #294673, #294675, #282606, #294740)
  * Stop hardcoding the path to netstat in postinst (closes: #294737)
  * Resync from Debian
  * Drop Andres Salomon's PCRE manglig patch in favour of hand-merging
    Joe Orton's patch against head to completely internalise apache's
    copy of PCRE, only exposing a wrapper API. (closes: #294395)
  * Make apache2-threaded-dev and apache2-prefork-dev both arch:any
    as they contain architecture-dependant defines (closes: #294257)
  * Resync from Debian

  * New upstream release
    - Remove 036_HEAD_CAN-2004-0942, integrated upstream
    - Remove 037_HEAD_CAN-2004-0885, integrated upstream
  * Drop support for the threadpool MPM, as it's abandoned upstream.
    - Make apache2-mpm-threadpool an empty package depending on
      apache2-mpm-worker, and make worker replace the old threadpool
  * Make SYSCONFDIR configurable at the top of a2{en,dis}{mod,site}
  * Drop the build-conflict on gawk, and use ac_cv_prog_AWK=mawk
    instead (closes: #283396)
  * Make the apache_stop() function stop trying to do the equivalent
    of "killall apache2", and instead issue a nasty warning if it can't
    stop apache2 on its own
  * Make "restart" an alias for "force-reload" in the init script, as
    apache2ctl restart doesn't match policy's requirements for restart
  * Swapping between threaded and unthreaded MPMs could leave one with
    both mod_cgi and mod_cgid enabled. Fixed the postinsts so that
    no longer happens
  * Update 021-pcre_mangle_symbols.patch from Andres Salomon, now also
    mangling typedefs, which should fix PHP (closes: #280823)
  * Hardcode a dependency on libgcc1 (>= 1:3.3.5) so pthread_cancel
    will work correctly with partial upgrades (closes: #287033)
  * When removing ssl_scache, make sure to remove its db transation logs
    and other garbage as well (closes: #293831)
  * Remove duplicate /icons/ from the default site (closes: #291856)
  * Yank 039_fix_forensic_tmpfiles from Ubuntu's apache2 packages
  * Split out utils into seperate apache2-utils. This will also
    supercede the apache-utils package (closes: #285219)
  * Add split-logfile to apache2-utils (closes: #290814)
  * Make the MPM postinsts scream loudly, but not fail, if you've
    deleted cgi{,d}.load before swapping MPMs (closes: #283141)
  * Fix up temp file usage in check_forensic (Ubuntu: #5606)
  * Comment out the RedirectMatch in default site for Ubuntu
  * Ensure that we're sending out UTF-8 by default (Ubuntu: #5222)
  * Resynchronise with Debian.
  * Nuke duplicate patches; use Debian's not ours.
  * No longer build-conflict with gawk, instead use mawk specifically.
  * Brown paper bag release to fix apache2-common's postinst, by judiciously
    sprinkling ||true in a couple of needed places (closes: #280527)
  * While hunting for unclean uses of VAR=`command` in the package, found
    the cause of the "can't purge with broken config" bugs and fixed that
    too with yet another ||true (closes: #263511, #273759, #279875)
  * Include two patches, 036_HEAD_CAN-2004-0942 and 037_HEAD_CAN-2004-0885
    - CAN-2004-0942: Memory leak in header parsing in server/protocol.c
    - CAN-2004-0885: Incorrect SSLCipherSuite selection in mod_ssl
  * Fix up our use of netstat in apache2-common's postinst to clean up some
    unnecessary output to stderr, as well as detect when netstat believes
    we don't have AF_INET support. This should allow for installation in
    chroots where the /proc filesystem isn't mounted (closes: #245487)
  * Add 035_HEAD_Content-Length_Fix_From_CVS, which should solve problems
    with Content-Length being set incorrectly on proxied HEAD requests,
    breaking Windows Update from proxied machines (closes: #277787)
  * Take out the reload/start magic in the postinst, and just call start in
    all cases, as we stop the daemon in the prerm (closes: #275175, #222786)
  * Copy config.guess/config.sub/ltmain.sh in from /usr/share/libtool at
    build time. (closes: #257228, #263101)
  * Clean up the clean target in debian/rules to remove some duplicate
    maintainer scripts from the debian/ directory that we don't need to be
    shipping in the source package.
  * Move envvars to /etc/apache2/ and add patch 038_no_LD_LIBRARY_PATH to
    remove the extraneous LD_LIBRARY_PATH from envvars (closes: #276670)
  * SECURITY UPDATE to fix remote Denial of Service
  * added patch 035_CAN-2004-0942.patch:
    - server/protocol.c - Trim trailing whitespace here, after reading a
      complete field including continuation lines. Also simplify code to remove
      whitespace between field-name and colon.
    - This fixes a denial of service (CPU consumption) via an HTTP GET request
      with a MIME header containing multiple lines with a large number of space
      characters.
  * References:
    CAN-2004-0942
    http://lists.netsys.com/pipermail/full-disclosure/2004-November/028248.html
  * Thanks to Gerardo Di Giacomo <gerardo@linux.it> for preparing this update.
  * Resynchronise with Debian.
  * Drop included security fixes which are upstream.
  * New upstream bugfix/security release:
    - Fixes CAN-2004-0811: Satisfy directive bypass (closes: #273412)
  * Add '|| true' to a2enmod to stop it from dying when the installed MPM
    isn't prefork (closes: #273017, #273019, #272865, #273021, #273258)
  * Touch /var/log/apache2/error.log on new installs to ensure that our log
    directory isn't removed until the package is purged, so logrotate doesn't
    complain about its inability to find it (closes: #239571)
  * Add 032_suexec_is_shared, which makes sure suEXEC is only searched for
    and enabled when mod_suexec is loaded (closes: #227653)
  * Use '$APACHE2CTL startssl' consistently in init script to make sure the
    SSL define doesn't disappear on force-reload (closes: #272531)
  * Add 033_dbm_read_hash_or_btree to allow apr-util and dbmmanage to open
    and manipulate DB_BTREE databases, while still defaulting to creating
    DB_HASH databases as before. This should clear up incompatibilities
    with other applications (such as PHP) which default to DB_BTREE.
  * Moved dbmmanage2 to /usr/bin, instead of /usr/sbin, as it's a user tool.
  * Added 034_ab2_has_openssl, thanks to 2.1-cvs, Fedora, thom, and a bit
    of munging, to compile a working ab2 with SSL support (closes: #261820)
  * Test for the existence of /usr/sbin/apache2 before we go trying to invoke
    it to determine what MPM we have installed (closes: #272103, #272207)
  * Make the default httpd.conf created in apache2-common's postinst contain
    a fake LoadModule line (commented out), and make apxs2 default to
    installing modules to /etc/apache2/httpd.conf, so people using apxs2
    rather than the mods-{enabled,available} directories get the expected
    behaviour, rather than obscure errors (closes: #167552, #231134)
  * apxs2 now writes the correct path to modules in httpd.conf, including
    the mysteriously missing slash (closes: #231450, #167557)
  * Make apxs2 install modules with mode 644, since 755 makes no sense.
  * Added a bit of magic to a2{en,dis}site to treat the default site as a
    special case and add a "000-" priority to the beginning of its symlink.
    Patches welcome to turn this into something robust, like update-rc.d.
  * New upstream release, including the following security fixes:
    - CAN-2004-0747: ap_resolve_env buffer overflow
    - CAN-2004-0786: apr_uri_parse segfault in memcpy
    - CAN-2004-0809: mod_dav crash/DoS via NULL pointer dereference
  * Drop the following patches which are now included upstream:
    - 025_CAN-2004-0748.patch
    - 026_CAN-2004-0751.patch
    - 027_autoindex_ignore_bad_files.patch
    - 028_apr_sticky_bits.patch
  * Install a properly sanitised config_vars.mk so that apxs2 behaves in
    a reasonably sane way (closes: #243340, #270768)
  * Relax www-browser dependency to a Suggests, as the mod_status dump from
    apache2ctl is a pretty minor (and oft unused) feature (closes: #269309)
  * init script now allows you to stop (but not start, restart, etc) the web
    server, even if NO_START is set to 1 (closes: #269398)
  * Make the apache2 -> apache2-mpm-* dependency tighter, so it does what
    one expects when installing it (closes: #269580)
  * Remove the ^/doc/apache2-doc/manual(.*)$ /manual$1 RedirectMatch from
    the default site which was confusing and useless (closes: #270216)
  * Add debian/watch file to track upstream versions.
  * Add some magic to a2enmod to map cgi to cgid if using a threaded MPM.
  * Add a2ensite and a2dissite which do the same thing as a2{en,dis}mod,
    but for sites rather than modules (closes: #269251)

applied/ubuntu/hoary 2005-12-20 20:38:23 UTC 2005-12-20
Import patches-applied version 2.0.53-5ubuntu5 to applied/ubuntu/hoary

Author: Adam Conrad
Author Date: 2005-04-01 16:30:56 UTC

Import patches-applied version 2.0.53-5ubuntu5 to applied/ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 9a5f9c785daeaa9728d3bb764cf344070423111b
Unapplied parent: 73744c193d222d0f26e574f101087459ca9b700a

New changelog entries:
  * Fix the init script to not exit with an error when asked to
    stop a daemon that isn't running (Was the root cause of #8374)
  * Make sure package removals don't fail even if the init script
    doesn't stop apache2 (Ubuntu #8374)
  * Add dependency on lsb-base (>= 1.3-9ubuntu2) to guarantee
    availability of lsb init functions (Ubuntu #7765)
  * Really remove /etc/apache2/conf.d/charset on purge, rather
    than just writing about it in the changelog.
  * Resynchronise with Debian, resolving minor conflicts.
  * Remove /etc/apache2/conf.d/charset on purge.
  * Update 040_link_external_pcre to require autoconf 2.50, so it
    doesn't fail when autoconf2.13 is installed (closes: #295428)
  * Further mangle the apache_stop function in the init script so it
    attempts as hard as possible to make sure apache2 is stopped before
    it tries to restart. Thanks to Andre Tomt <andre@tomt.net> for
    the bug and patch this fix was based on (closes: #295915, #281557)
  * Resynchronise with Debian.
  * Add 040_link_external_pcre to allow us to link to an external libpcre
    rather than statically compiling the bundled version.
  * Add --with-external-pcre to the configure flags in debian/rules
    (closes: #294673, #294675, #282606, #294740)
  * Stop hardcoding the path to netstat in postinst (closes: #294737)
  * Resync from Debian
  * Drop Andres Salomon's PCRE manglig patch in favour of hand-merging
    Joe Orton's patch against head to completely internalise apache's
    copy of PCRE, only exposing a wrapper API. (closes: #294395)
  * Make apache2-threaded-dev and apache2-prefork-dev both arch:any
    as they contain architecture-dependant defines (closes: #294257)
  * Resync from Debian

  * New upstream release
    - Remove 036_HEAD_CAN-2004-0942, integrated upstream
    - Remove 037_HEAD_CAN-2004-0885, integrated upstream
  * Drop support for the threadpool MPM, as it's abandoned upstream.
    - Make apache2-mpm-threadpool an empty package depending on
      apache2-mpm-worker, and make worker replace the old threadpool
  * Make SYSCONFDIR configurable at the top of a2{en,dis}{mod,site}
  * Drop the build-conflict on gawk, and use ac_cv_prog_AWK=mawk
    instead (closes: #283396)
  * Make the apache_stop() function stop trying to do the equivalent
    of "killall apache2", and instead issue a nasty warning if it can't
    stop apache2 on its own
  * Make "restart" an alias for "force-reload" in the init script, as
    apache2ctl restart doesn't match policy's requirements for restart
  * Swapping between threaded and unthreaded MPMs could leave one with
    both mod_cgi and mod_cgid enabled. Fixed the postinsts so that
    no longer happens
  * Update 021-pcre_mangle_symbols.patch from Andres Salomon, now also
    mangling typedefs, which should fix PHP (closes: #280823)
  * Hardcode a dependency on libgcc1 (>= 1:3.3.5) so pthread_cancel
    will work correctly with partial upgrades (closes: #287033)
  * When removing ssl_scache, make sure to remove its db transation logs
    and other garbage as well (closes: #293831)
  * Remove duplicate /icons/ from the default site (closes: #291856)
  * Yank 039_fix_forensic_tmpfiles from Ubuntu's apache2 packages
  * Split out utils into seperate apache2-utils. This will also
    supercede the apache-utils package (closes: #285219)
  * Add split-logfile to apache2-utils (closes: #290814)
  * Make the MPM postinsts scream loudly, but not fail, if you've
    deleted cgi{,d}.load before swapping MPMs (closes: #283141)
  * Fix up temp file usage in check_forensic (Ubuntu: #5606)
  * Comment out the RedirectMatch in default site for Ubuntu
  * Ensure that we're sending out UTF-8 by default (Ubuntu: #5222)
  * Resynchronise with Debian.
  * Nuke duplicate patches; use Debian's not ours.
  * No longer build-conflict with gawk, instead use mawk specifically.
  * Brown paper bag release to fix apache2-common's postinst, by judiciously
    sprinkling ||true in a couple of needed places (closes: #280527)
  * While hunting for unclean uses of VAR=`command` in the package, found
    the cause of the "can't purge with broken config" bugs and fixed that
    too with yet another ||true (closes: #263511, #273759, #279875)
  * Include two patches, 036_HEAD_CAN-2004-0942 and 037_HEAD_CAN-2004-0885
    - CAN-2004-0942: Memory leak in header parsing in server/protocol.c
    - CAN-2004-0885: Incorrect SSLCipherSuite selection in mod_ssl
  * Fix up our use of netstat in apache2-common's postinst to clean up some
    unnecessary output to stderr, as well as detect when netstat believes
    we don't have AF_INET support. This should allow for installation in
    chroots where the /proc filesystem isn't mounted (closes: #245487)
  * Add 035_HEAD_Content-Length_Fix_From_CVS, which should solve problems
    with Content-Length being set incorrectly on proxied HEAD requests,
    breaking Windows Update from proxied machines (closes: #277787)
  * Take out the reload/start magic in the postinst, and just call start in
    all cases, as we stop the daemon in the prerm (closes: #275175, #222786)
  * Copy config.guess/config.sub/ltmain.sh in from /usr/share/libtool at
    build time. (closes: #257228, #263101)
  * Clean up the clean target in debian/rules to remove some duplicate
    maintainer scripts from the debian/ directory that we don't need to be
    shipping in the source package.
  * Move envvars to /etc/apache2/ and add patch 038_no_LD_LIBRARY_PATH to
    remove the extraneous LD_LIBRARY_PATH from envvars (closes: #276670)
  * SECURITY UPDATE to fix remote Denial of Service
  * added patch 035_CAN-2004-0942.patch:
    - server/protocol.c - Trim trailing whitespace here, after reading a
      complete field including continuation lines. Also simplify code to remove
      whitespace between field-name and colon.
    - This fixes a denial of service (CPU consumption) via an HTTP GET request
      with a MIME header containing multiple lines with a large number of space
      characters.
  * References:
    CAN-2004-0942
    http://lists.netsys.com/pipermail/full-disclosure/2004-November/028248.html
  * Thanks to Gerardo Di Giacomo <gerardo@linux.it> for preparing this update.
  * Resynchronise with Debian.
  * Drop included security fixes which are upstream.
  * New upstream bugfix/security release:
    - Fixes CAN-2004-0811: Satisfy directive bypass (closes: #273412)
  * Add '|| true' to a2enmod to stop it from dying when the installed MPM
    isn't prefork (closes: #273017, #273019, #272865, #273021, #273258)
  * Touch /var/log/apache2/error.log on new installs to ensure that our log
    directory isn't removed until the package is purged, so logrotate doesn't
    complain about its inability to find it (closes: #239571)
  * Add 032_suexec_is_shared, which makes sure suEXEC is only searched for
    and enabled when mod_suexec is loaded (closes: #227653)
  * Use '$APACHE2CTL startssl' consistently in init script to make sure the
    SSL define doesn't disappear on force-reload (closes: #272531)
  * Add 033_dbm_read_hash_or_btree to allow apr-util and dbmmanage to open
    and manipulate DB_BTREE databases, while still defaulting to creating
    DB_HASH databases as before. This should clear up incompatibilities
    with other applications (such as PHP) which default to DB_BTREE.
  * Moved dbmmanage2 to /usr/bin, instead of /usr/sbin, as it's a user tool.
  * Added 034_ab2_has_openssl, thanks to 2.1-cvs, Fedora, thom, and a bit
    of munging, to compile a working ab2 with SSL support (closes: #261820)
  * Test for the existence of /usr/sbin/apache2 before we go trying to invoke
    it to determine what MPM we have installed (closes: #272103, #272207)
  * Make the default httpd.conf created in apache2-common's postinst contain
    a fake LoadModule line (commented out), and make apxs2 default to
    installing modules to /etc/apache2/httpd.conf, so people using apxs2
    rather than the mods-{enabled,available} directories get the expected
    behaviour, rather than obscure errors (closes: #167552, #231134)
  * apxs2 now writes the correct path to modules in httpd.conf, including
    the mysteriously missing slash (closes: #231450, #167557)
  * Make apxs2 install modules with mode 644, since 755 makes no sense.
  * Added a bit of magic to a2{en,dis}site to treat the default site as a
    special case and add a "000-" priority to the beginning of its symlink.
    Patches welcome to turn this into something robust, like update-rc.d.
  * New upstream release, including the following security fixes:
    - CAN-2004-0747: ap_resolve_env buffer overflow
    - CAN-2004-0786: apr_uri_parse segfault in memcpy
    - CAN-2004-0809: mod_dav crash/DoS via NULL pointer dereference
  * Drop the following patches which are now included upstream:
    - 025_CAN-2004-0748.patch
    - 026_CAN-2004-0751.patch
    - 027_autoindex_ignore_bad_files.patch
    - 028_apr_sticky_bits.patch
  * Install a properly sanitised config_vars.mk so that apxs2 behaves in
    a reasonably sane way (closes: #243340, #270768)
  * Relax www-browser dependency to a Suggests, as the mod_status dump from
    apache2ctl is a pretty minor (and oft unused) feature (closes: #269309)
  * init script now allows you to stop (but not start, restart, etc) the web
    server, even if NO_START is set to 1 (closes: #269398)
  * Make the apache2 -> apache2-mpm-* dependency tighter, so it does what
    one expects when installing it (closes: #269580)
  * Remove the ^/doc/apache2-doc/manual(.*)$ /manual$1 RedirectMatch from
    the default site which was confusing and useless (closes: #270216)
  * Add debian/watch file to track upstream versions.
  * Add some magic to a2enmod to map cgi to cgid if using a threaded MPM.
  * Add a2ensite and a2dissite which do the same thing as a2{en,dis}mod,
    but for sites rather than modules (closes: #269251)

ubuntu/warty 2005-12-20 14:14:55 UTC 2005-12-20
Import patches-unapplied version 2.0.50-12ubuntu4 to ubuntu/warty

Author: Thom May
Author Date: 2004-10-13 18:46:10 UTC

Import patches-unapplied version 2.0.50-12ubuntu4 to ubuntu/warty

Imported using git-ubuntu import.

applied/ubuntu/warty 2005-12-20 14:14:55 UTC 2005-12-20
Import patches-applied version 2.0.50-12ubuntu4 to applied/ubuntu/warty

Author: Thom May
Author Date: 2004-10-13 18:46:10 UTC

Import patches-applied version 2.0.50-12ubuntu4 to applied/ubuntu/warty

Imported using git-ubuntu import.

Unapplied parent: a9b7db731beb72eeafe0a61ed091b780fedf1025

201288 of 288 results

Other repositories

Name Last Modified
lp:ubuntu/+source/apache2 2018-11-28
lp:~ahasenack/ubuntu/+source/apache2 2018-11-24
lp:~nacc/ubuntu/+source/apache2 2017-07-27
lp:~evarlast/ubuntu/+source/apache2 2016-11-30
14 of 4 results
You can't create new repositories for apache2 in Ubuntu.