lp:ubuntu/hardy-proposed/apache2
- Get this branch:
- bzr branch lp:ubuntu/hardy-proposed/apache2
Branch merges
Branch information
Recent revisions
- 33. By Marc Deslauriers
-
* debian/
patches/ 212_sslinsecure renegotiation- directive. dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix. - 32. By Dave Walker
-
debian/
apache2. 2-common. postinst: When dpkg-statoverride is used, the cut
delimiter has now been set to use ' ', as it was causing upgrades to fail.
(LP: #583698) - 31. By Dave Walker
-
debian/
patches/ 211_fix_ mod_proxy_ nocanon. dpatch: Fix duplicated query string
when using nocanon option to mod_proxy. Patch courtesy of James Troup, based
on upstream cherry pick. (LP: #455873) - 30. By Chuck Short
-
debian/
patches/ 999_fix_ mod_proxy_ nocanon. dpatch: Make all proxy modules
nocanon aware and do not add the query string again in this case.
Thanks to James Troup. (LP: #455873) - 29. By Chuck Short
-
debian/
patches/ /101_fix- spinning- mod_proxy. dpatch: Fix mod_proxy
with SSL using all the CPU. (LP: #306293) - 28. By Chuck Short
-
debian/
patches/ /101_fix- spinning- mod_proxy. dpatch: Fix mod_proxy
with SSL using all the CPU. (LP: #306293) - 27. By Marc Deslauriers
-
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/ 201_security_ CVE-2008- 2364.dpatch (LP: #239894)
- The ap_proxy_http_process_ response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 2364 [ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
mod_proxy_balancer
- debian/patches/ 200_security_ CVE-2007- 6420.dpatch: generate and validate a
nonce in modules/proxy/mod_ proxy_balancer. c.
- CVE-2007-6420
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/ 201_security_ CVE-2008- 2364.dpatch: updated patch to newer
version.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/ 202_security_ CVE-2008- 2939.dpatch: escape the html
contained in the wildcard value in modules/proxy/mod_ proxy_ftp. c.
- CVE-2008-2939 - 26. By Stefan Fritsch
-
* New upstream version:
- Fixes cross-site scripting issues in
o mod_imagemap (CVE-2007-5000)
o mod_status (CVE-2007-6388)
o mod_proxy_balancer' s balancer manager (CVE-2007-6421)
- Fixes a denial of service issue in mod_proxy_balancer' s balancer manager
(CVE-2007-6422) .
- Fixes mod_proxy URL encoding in error messages (closes: #337325).
- Adds explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. For
mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
specify something else than ISO-8859-1 (CVE-2008-0005).
- Adds mod_substitute which performs inline response content pattern
matching (including regex) and substitution (like mod_line_edit).
- Adds "DefaultType none" option.
- Adds new "B" option to RewriteRule to suppress URL unescaping.
- Adds an "if" directive for mod_include to test whether an URL is
accessible, and if so, conditionally display content.
- Adds support for mod_ssl to the event MPM.
* Move the configuration of User, Group, and PidFile to
/etc/apache2/ envvars. This makes it easier to use these settings in
scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
(inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
* Make apache2ctl check the configuration syntax before trying to restart
apache, to match the behaviour documented in the man page.
(Closes: #459236)
* Convert docs to be directly viewable with a browser (and not use content
negotiation).
* Add doc-base entry for the documentation. (closes: #311269)
* Don't ship default files in /var/www, but copy a sample file to
/var/www/index. html on new installs. Also remove the now unneeded
RedirectMatch line from sites-available/default.
(Closes: #411774, #458093)
* Add some information to README.Debian (Apache wiki, default virtual host)
* Build with LDFLAGS=-Wl,--as- needed to drop a lot of unnecessary
dependencies, easing library transitions (closes: #458857).
* Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
Patch by Nicolas Valcárcel. (Closes: #436441)
* Add reportbug script to list enabled modules.
* Fix some lintian warnings:
- Pass --no-start to dh_installinit instead of omitting the debhelper token
in various maintainer scripts. Also move the update-rc.d call to
apache2.2-common.
- Add Short-Description to init script.
* Remove unused apache2-mpm-prefork. prerm from source package and clean up
debian/rules a bit.
* Don't ship NEWS.Debian with apache2-utils, as the contents are only
relevant for the server. - 25. By Soren Hansen
-
[ Nicolas Valcárcel ]
* Added icons for OpenDocuments by default on mime.conf
(Closes: LP: #130836)
* Icons added to the package in uuencode format
* Added sharutils to Build-Depends on debian/control for uuencode
* debian/apache2. 2-common. apache2. init:
- Only look for *.conf files in /etc/apache2 when searching for pidfiles
(Closes: LP: #112991) Thanks to Daniel Hahler for the patch[ Soren Hansen ]
* Clean up after OpenDocument icon generation - 24. By Martin Pitt
-
* Build with LDFLAGS=
-Wl,--as- needed to drop a lot of unnecessary
dependencies (including db4.5).
* Modify Maintainer value to match the DebianMaintainerField
specification.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/apache2