lp:debian/wheezy/apache2

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

57. By Stefan Fritsch on 2012-06-10

[ Arno Töll ]
* Fix "ambiguous comment in /etc/apache2/apache2.conf" by clarifying
  contradicting statements. (Closes: #675184)

[ Stefan Fritsch ]
* Allow colons in filenames when using wildcards with "Include".
  Closes: #676610
* Add examples for X-Content-Type-Options and X-Frame-Options to
  conf.d/security.
* Fix the VCS dir example in conf.d/security.
* Pick some bug fixes from upstram trunk:
  - core/mod_cgi: Fix script logging in error case
  - mod_dumpio: Fix possible loop in input filter.
  - mod_proxy_ajp: Reduce memory usage in case of many requests on one
    connection

56. By Stefan Fritsch on 2012-05-29

[ Stefan Fritsch ]
* Fix regression causing apache2 to cache "206 partial content" responses,
  and then serving these partial responses when replying to normal requests.
  Closes: #671204
* Add section to security.conf that shows how to forbid access to VCS
  directories. Closes: #548213
* Update ssl default cipher config, add alternative speed optimized config.
  Closes: #649020
* Add "AddCharset" for .brf files in default mod_mime config.
  Closes: #402567
* Don't create httpd.conf anymore and don't include it in apache2.conf. If
  it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
* Port some of the comments in apache2.conf from the 2.4 package.
* Compile mod_version statically, drop associated module load file.
* If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
  configtest.
* Note in README.Debian that future versions of the package will have the
  include statements changed to include only *.conf.
* Change compiled-in document root to /var/www, to avoid strange error
  messages.
* Use "dh --with autotools_dev" instead of patching config.sub/config.guess.

[ Arno Töll ]
* Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
  to override LDFLAGS at compile time by defining LDLAGS in the environment,
  just like it is possible for CFLAGS. This also means, config_vars.mk now
  exports hardening build flags by default.
* Update doc-base metadata for the apache2-doc package.

55. By Stefan Fritsch on 2012-04-30

Make LoadFile and LoadModule look in the standard search paths if the
dso file name is given as a pure filename. This helps with the multi-arch
transition.

54. By Stefan Fritsch on 2012-04-15

CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
hosts' config files.
If scripting modules like mod_php or mod_rivet are enabled on systems
where either 1) some frontend server forwards connections to an apache2
backend server on the localhost address, or 2) the machine running
apache2 is also used for web browsing, this could allow a remote
attacker to execute example scripts stored under /usr/share/doc.
Depending on the installed packages, this could lead to issues like cross
site scripting, code execution, or leakage of sensitive data.

53. By Arno Töll <email address hidden> on 2012-04-05

* Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
  No such file or directory". Do not use internal rules targets which clash
  with build target names ... (Closes: #667069)
* Drop apache2-dev virtual package. This had virtually no users but breaks our
  experimental package in some cases (e.g. #666793)
* Push Standards version - no further changes
* Update my maintainer address

52. By Stefan Fritsch on 2012-03-15

[ Arno Töll ]
Fix "Incorrect debhelper build dependency" by raising the build-dependency
of debhelper to 8.9.7 (Closes: #659148)

51. By Stefan Fritsch on 2012-02-01

[ Stefan Fritsch ]
* New upstream release, urgency medium due to security fixes:
  - Fix CVE-2012-0021: mod_log_config: DoS with '%{cookiename}C' log format
  - Fix CVE-2012-0031: Unprivileged child process could cause the parent to
    crash at shutdown
  - Fix CVE-2012-0053: Exposure of "httpOnly" cookies in code 400 error
    message.
* Move httxt2dbm to apache2-utils
* Adjust debian/control to point to new git repository.

[ Arno Töll ]
* Fix "typo in /etc/apache2/apache2.conf" (Closes: #653801)

50. By Stefan Fritsch on 2011-12-29

[ Arno Töll ]
Fix build failures introduced as regregression by the previous build. Debian
buildds aren't rebuilding arch:all packages which caused problems for our
unconditional copying into binary package. I was warned.

49. By Stefan Fritsch on 2011-12-29

[ Stefan Fritsch ]

* Security: Fix broken patch for CVE-2011-3607 (Integer overflow in
  ap_pregsub).
* Optimize debian/rules again to improve build time by doing most work in a
  single parallelized "build-%" target.

[ Arno Töll ]

* Fix "Suggest removing DefaultType from apache2.conf" change the DefaultType
  from text/plain to None. This lets the browser guess a proper MIME type
  instead of being forced to treat a given file according to our default type
  (Closes: #440058)
* Fix "add pre-rotate hook to logrotate script" execute scripts in
  /etc/logrotate.d/httpd-prerotate if available (Closes: #590096).
* Fix "Hide /icons index" Disables indexes on the icon directory. By upgrading
  to Debian's 3.0/quilt source format also images don't need to be generated
  at build time anymore. Hence, the icon date can no longer lead to
  information disclosure (Closes: #649888).
* Upgrade package to 3.0/quilt.
  + Remove uuencoded images, keep them in their binary format in debian/icons
  + Upgrade to quilt from dpatch and refresh all patches by keeping all hunks
    unchanged. Remove the `001_branding' patch by supplying -DPLATFORM at
    build time where needed Move the 200_cp_suexec.dpatch patch and
    202_suexec-custom.dpatch patch to debian/rules. 200_cp_suexec.dpatch was a
    script, not a patch which is not supported by quilt.
* Rewrite debian/rules and base it on dh(1).
  + use overrides where possible, replace some debhelper calls by our own
    implementation where needed. That's required since the Apache package is
    compiled in parts several times for each MPM once.
  + move some install operations to the their respective .install files
  + Support dpkg-buildflags now, which also enables by default hardening
    flags. Thus, remove them from their explicit appearance in debian/rules
  + Remove DEB_BUILD_OPTIONS legacy support. It comes for free when using
    dh(1)/dpkg-buildflags(1).
* Push debhelper compatibility to 8
* Remove unused Lintian overrides for the Debian source package remove and
  redundant priorities in debian/control.
* Add myself to Uploaders

48. By Stefan Fritsch on 2011-12-03

* Fix CVE-2011-4317: Prevent unintended pattern expansion in some
  reverse proxy configurations. (Similar to CVE-2011-3368, but different
  attack vector.)
* Fix CVE-2011-3607: Integer overflow in ap_pregsub could cause segfault
  via malicious .htaccess.
* Mention dpkg-statoverride for changing permissions of suexec. LP: #897120
* Fix broken link in docs. Closes: #650528
* Remove Tollef Fog Heen, Thom May, and Peter Samuelson from uploaders.
  Thanks for your work in the past.