Last commit made on 2012-03-10
Get this branch:
git clone -b debian/lenny https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

5f8cb05... by Stefan Fritsch on 2012-02-05

Import patches-unapplied version 2.2.9-10+lenny12 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 2d405ec019c68ebd88ee66c4f910627555922d12

New changelog entries:
  * Prevent unintended pattern expansion in some reverse proxy
    configurations by strictly validating the request-URI. Fixes
    CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
  * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
    privilege escalation.
  * CVE-2012-0031: Fix client process being able to crash parent process
    during shutdown.
  * CVE-2012-0053: Fix an issue in code 400 error responses that could expose
    "httpOnly" cookies.

2d405ec... by Stefan Fritsch on 2011-09-04

Import patches-unapplied version 2.2.9-10+lenny11 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 6d0a2f0655efb6029e666064dbf2a9ad3c70149a

New changelog entries:
  * Fix regressions related to range requests introduced by 2.2.9-10+lenny10.
    Closes: #639825
  * Fix CVE-2011-3192: DoS by high memory usage for a large number of
    overlapping ranges.
  * Fix CVE-2010-1452: Crash in mod_dav.

6d0a2f0... by Stefan Fritsch on 2010-12-11

Import patches-unapplied version 2.2.9-10+lenny9 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: bb934921ee4652dd952518e5c7ef99adfd73e5c1

New changelog entries:
  * Add the new SSLInsecureRenegotiation directive to configure if clients
    that have not been patched to support secure renegotiation (RFC 5746)
    are allowed to connect (CVE-2009-3555).
    Together with the recent openssl upgrade, this closes: #587037
    This upgrade also adds support for the SSL_SECURE_RENEG variable, to
    allow testing if secure renegotiation is supported by the client.

bb93492... by Stefan Fritsch on 2010-04-19

Import patches-unapplied version 2.2.9-10+lenny8 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 663a29e3a9cb70e3042292eba09ec6f0119d9a7f

New changelog entries:
  * Add missing psmisc dependency for killall used in the init script.
    Closes: #568542
  * Fix potential memory leaks related to the usage of apr_brigade_destroy().
  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0408: denial of service via crafted request in mod_proxy_ajp
  * Fixed CVE-2010-0434: information disclosure via improper handling of
    headers in subrequests

663a29e... by Stefan Fritsch on 2009-11-14

Import patches-unapplied version 2.2.9-10+lenny6 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: a5821d9b3b93174bbe9e7b6c7eadd9771c4e1a5d

New changelog entries:
  * Security:
    - Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
      for the TLS renegotiation prefix injection attack (CVE-2009-3555).
      Any configuration which requires renegotiation for per-directory/location
      access control or uses "SSLVerifyClient optional" is still vulnerable.
  * Minor security fixes in mod_proxy_ftp (closes: #545951):
    - DoS by malicious ftp server (CVE-2009-3094)
    - missing input sanitization: a user could execute arbitrary ftp commands
      on the backend ftp server (CVE-2009-3095)
  * Fix segfault in legacy ap_r* API which is triggered more often since
    the fix for CVE-2009-1891 was applied (closes: #537665).
  * Take care to not override existing index.shtml files when upgrading from
    before 2.2.8-1 (closes: #517089).
  * mod_deflate: Fix invalid etag to be emitted for on-the-fly gzip
    content-encoding. This prevented apache from sending "304 NOT MODIFIED"
    responses for compressed content.
  * mod_rewrite: Fix "B" flag breakage (closes: #524268)
  * Properly declare that apache2-suexec* replace files in old versions of
    apache2.2-common (closes: #528951).
  * Remove other_vhosts_access.log on package purge.

a5821d9... by Stefan Fritsch on 2009-07-14

Import patches-unapplied version 2.2.9-10+lenny4 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: ed7b07f47762e216d45db13b4baa3a7e58898ca0

New changelog entries:
  * Security fixes:
    - CVE-2009-1890: denial of service in mod_proxy (closes: #536718)
    - CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
      Also prevent compressing the content for HEAD requests.
  * Security: CVE-2009-1195: In configurations using the AllowOverride
    directive with certain Options= arguments, local users were not restricted
    from executing commands from a Server-Side-Include script as intended
    (closes: #530834).

ed7b07f... by Stefan Fritsch on 2009-01-20

Import patches-unapplied version 2.2.9-10+lenny2 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: ffa2eafb522267924022c8504aa29634fc4fe8db

New changelog entries:
  * Report an error instead instead of segfaulting when apr_pollset_create
    fails (PR 46467). On Linux kernels since, the value in
    /proc/sys/fs/epoll/max_user_instances needs to be larger than twice the
    value of MaxClients in the Apache configuration. Closes: #511103

ffa2eaf... by Stefan Fritsch on 2008-12-02

Import patches-unapplied version 2.2.9-10+lenny1 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: b9a02e4deba7634687717917d84179e234e40977

New changelog entries:
  * Regression fix from upstream svn for mod_proxy:
    Prevent segmentation faults by correctly adjusting the lifetime of the
    buckets read from the proxy backend. PR 45792
  * Fix from upstream svn for mpm_worker:
    Crosscheck that idle workers are still available before using them and
    thus preventing an overflow of the worker queue which causes a SegFault.
    PR 45605
  * Add a comment to ports.conf to point to NEWS.Debian.gz in case of
    upgrading problems.

b9a02e4... by Stefan Fritsch on 2008-10-01

Import patches-unapplied version 2.2.9-10 to debian/lenny

Imported using git-ubuntu import.