Created by Morton Jonuschat on 2011-11-05 and last modified on 2011-11-06
Get this branch:
bzr branch lp:~mojocode/apache2/peruser
Only Morton Jonuschat can upload to this branch. If you are Morton Jonuschat please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Morton Jonuschat
Apache2 Web Server

Recent revisions

67. By Morton Jonuschat on 2011-11-06

Integrate MPM Peruser 0.4.0rc3 (v16)

66. By Morton Jonuschat on 2011-11-06

Integrate MPM Peruser 0.4.0rc2

65. By Morton Jonuschat on 2011-11-05

Integrate MPM Peruser 0.4.0rc1

64. By Steve Beattie on 2011-09-01

* SECURITY UPDATE: Range header DoS vulnerability
  - debian/patches/207_CVE-2011-3192.dpatch: filter out large
    byte ranges and improve memory efficiency in handling buckets.
    (thanks to Debian and upstream)
  - CVE-2011-3192
* Include fix for regressions introduced by above patch:
  - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206
    and 416 response codes where appropriate (see deban bug 639825)

63. By Marc Deslauriers on 2010-11-18

* SECURITY UPDATE: denial of service via request that lacks a path in
  mod_cache and mod_dav.
  - debian/patches/201_CVE-2010-1452.dpatch: fix path handling in
    modules/cache/cache_storage.c and modules/dav/main/util.c.
  - CVE-2010-1452

62. By Marc Deslauriers on 2010-08-18

* debian/patches/211-sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

61. By Chuck Short on 2010-04-13

debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
(LP: #562370)

60. By Chuck Short on 2010-04-05

* debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
  leaks by making sure to not destroy bucket brigades that have been created
  by earlier filters. Backported from 2.2.15.
* debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
  has reached MaxClients until it has. Backported from 2.2.15
* debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
  more secure by adding Satisfy all. (Debian bug: #572075)
* debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
  debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
  mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
  bug in apache. Enable it by default. (LP: #392759)

59. By Chuck Short on 2010-03-30

debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)

58. By Chuck Short on 2010-03-30

Revert 99-fix-mod-dav-permissions.dpatch

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.