Apache2 Web Server

lp:~mojocode/apache2/peruser

Created by Morton Jonuschat on 2011-11-05 and last modified on 2011-11-06

Get this branch:: bzr branch lp:~mojocode/apache2/peruser

Only Morton Jonuschat can upload to this branch. If you are Morton Jonuschat please log in for upload directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Morton Jonuschat

Project:: Apache2 Web Server

Status:: Development

Recent revisions

67. By Morton Jonuschat on 2011-11-06: Integrate MPM Peruser 0.4.0rc3 (v16)
66. By Morton Jonuschat on 2011-11-06: Integrate MPM Peruser 0.4.0rc2
65. By Morton Jonuschat on 2011-11-05: Integrate MPM Peruser 0.4.0rc1
64. By Steve Beattie on 2011-09-01: * SECURITY UPDATE: Range header DoS vulnerability
  - debian/patches/207_CVE-2011-3192.dpatch: filter out large
    byte ranges and improve memory efficiency in handling buckets.
    (thanks to Debian and upstream)
  - CVE-2011-3192
* Include fix for regressions introduced by above patch:
  - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206
    and 416 response codes where appropriate (see deban bug 639825)
63. By Marc Deslauriers on 2010-11-18: * SECURITY UPDATE: denial of service via request that lacks a path in
  mod_cache and mod_dav.
  - debian/patches/201_CVE-2010-1452.dpatch: fix path handling in
    modules/cache/cache_storage.c and modules/dav/main/util.c.
  - CVE-2010-1452
62. By Marc Deslauriers on 2010-08-18: * debian/patches/211-sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.
61. By Chuck Short on 2010-04-13: debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
(LP: #562370)
60. By Chuck Short on 2010-04-05: * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
  leaks by making sure to not destroy bucket brigades that have been created
  by earlier filters. Backported from 2.2.15.
* debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
  has reached MaxClients until it has. Backported from 2.2.15
* debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
  more secure by adding Satisfy all. (Debian bug: #572075)
* debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
  debian/config2-dir/mods-available/reqtimeout.load,
  debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
  mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
  bug in apache. Enable it by default. (LP: #392759)
59. By Chuck Short on 2010-03-30: debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
58. By Chuck Short on 2010-03-30: Revert 99-fix-mod-dav-permissions.dpatch

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:apache2

This branch contains Public information

Everyone can see this information.

Subscribers

Morton Jonuschat