lp:debian/apache2

Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

59. By Stefan Fritsch

Fix typo in conf.d/security comment. Closes: #678740

58. By Stefan Fritsch

[ Stefan Fritsch ]
* CVE-2012-2687: mod_negotiation: Escape filenames in variant list to prevent
  a possible XSS for a site where untrusted users can upload files to a
  location with MultiViews enabled.
* Add example for X-XSS-Protection to conf.d/security.

[ Arno Töll ]
* Fix "contradictory comment in /etc/apache2/apache2.conf about the
  .load suffix" (Closes: #676975). Hopefully you are now happy, Vincent. :-)

57. By Stefan Fritsch

[ Arno Töll ]
* Fix "ambiguous comment in /etc/apache2/apache2.conf" by clarifying
  contradicting statements. (Closes: #675184)

[ Stefan Fritsch ]
* Allow colons in filenames when using wildcards with "Include".
  Closes: #676610
* Add examples for X-Content-Type-Options and X-Frame-Options to
  conf.d/security.
* Fix the VCS dir example in conf.d/security.
* Pick some bug fixes from upstram trunk:
  - core/mod_cgi: Fix script logging in error case
  - mod_dumpio: Fix possible loop in input filter.
  - mod_proxy_ajp: Reduce memory usage in case of many requests on one
    connection

56. By Stefan Fritsch

[ Stefan Fritsch ]
* Fix regression causing apache2 to cache "206 partial content" responses,
  and then serving these partial responses when replying to normal requests.
  Closes: #671204
* Add section to security.conf that shows how to forbid access to VCS
  directories. Closes: #548213
* Update ssl default cipher config, add alternative speed optimized config.
  Closes: #649020
* Add "AddCharset" for .brf files in default mod_mime config.
  Closes: #402567
* Don't create httpd.conf anymore and don't include it in apache2.conf. If
  it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
* Port some of the comments in apache2.conf from the 2.4 package.
* Compile mod_version statically, drop associated module load file.
* If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
  configtest.
* Note in README.Debian that future versions of the package will have the
  include statements changed to include only *.conf.
* Change compiled-in document root to /var/www, to avoid strange error
  messages.
* Use "dh --with autotools_dev" instead of patching config.sub/config.guess.

[ Arno Töll ]
* Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
  to override LDFLAGS at compile time by defining LDLAGS in the environment,
  just like it is possible for CFLAGS. This also means, config_vars.mk now
  exports hardening build flags by default.
* Update doc-base metadata for the apache2-doc package.

55. By Stefan Fritsch

Make LoadFile and LoadModule look in the standard search paths if the
dso file name is given as a pure filename. This helps with the multi-arch
transition.

54. By Stefan Fritsch

CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
hosts' config files.
If scripting modules like mod_php or mod_rivet are enabled on systems
where either 1) some frontend server forwards connections to an apache2
backend server on the localhost address, or 2) the machine running
apache2 is also used for web browsing, this could allow a remote
attacker to execute example scripts stored under /usr/share/doc.
Depending on the installed packages, this could lead to issues like cross
site scripting, code execution, or leakage of sensitive data.

53. By Arno Töll <email address hidden>

* Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
  No such file or directory". Do not use internal rules targets which clash
  with build target names ... (Closes: #667069)
* Drop apache2-dev virtual package. This had virtually no users but breaks our
  experimental package in some cases (e.g. #666793)
* Push Standards version - no further changes
* Update my maintainer address

52. By Stefan Fritsch

[ Arno Töll ]
Fix "Incorrect debhelper build dependency" by raising the build-dependency
of debhelper to 8.9.7 (Closes: #659148)

51. By Stefan Fritsch

[ Stefan Fritsch ]
* New upstream release, urgency medium due to security fixes:
  - Fix CVE-2012-0021: mod_log_config: DoS with '%{cookiename}C' log format
  - Fix CVE-2012-0031: Unprivileged child process could cause the parent to
    crash at shutdown
  - Fix CVE-2012-0053: Exposure of "httpOnly" cookies in code 400 error
    message.
* Move httxt2dbm to apache2-utils
* Adjust debian/control to point to new git repository.

[ Arno Töll ]
* Fix "typo in /etc/apache2/apache2.conf" (Closes: #653801)

50. By Stefan Fritsch

[ Arno Töll ]
Fix build failures introduced as regregression by the previous build. Debian
buildds aren't rebuilding arch:all packages which caused problems for our
unconditional copying into binary package. I was warned.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/squeeze/apache2
This branch contains Public information 
Everyone can see this information.

Subscribers