Last commit made on 2013-07-15
Get this branch:
git clone -b ubuntu/raring-devel https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

d971e21... by Marc Deslauriers on 2013-07-12

Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 06907897db7b1c39d173450daf8affd0b7997744

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

0690789... by Marc Deslauriers on 2013-03-15

Import patches-unapplied version 2.2.22-6ubuntu5 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: a02b17d57e500aac3e60c40960bc4ce552c4e6a6

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

a02b17d... by Adam Conrad on 2012-12-05

Import patches-unapplied version 2.2.22-6ubuntu4 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: ee1ada7d0e5a0c25571f4924b632d05112c8a021

New changelog entries:
  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
  * Skip module sanity check between MPMs if cross-building without the
    kernel/binfmt support to run our target binaries on the build system.
  * Backport several cross fixes from upstream as 086_svn_cross_compiles.

ee1ada7... by Marc Deslauriers on 2012-11-08

Import patches-unapplied version 2.2.22-6ubuntu3 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 11984c7fcffe77d492deb681f0a60b0abfa9a3f8

New changelog entries:
  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
    - CVE-2012-4929

11984c7... by Matthieu Baerts on 2012-07-16

Import patches-unapplied version 2.2.22-6ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 8dbf29704dcbbd8934b8055b59948bc6a6b9b461

New changelog entries:
  * debian/apache2.py
   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
   - Check if this directory exists: /etc/apache2/sites-enabled/

8dbf297... by Robie Basak on 2012-06-08

Import patches-unapplied version 2.2.22-6ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 1edd1e44190a4efd3587eb653740e3d1b30efa95

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
  * Dropped changes:
    - debian/control: Add bzr tag and point it to our tree; this is not
      really required and just increases the delta.

1edd1e4... by Stefan Fritsch on 2012-05-29

Import patches-unapplied version 2.2.22-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85df2487082b6cd9a9df3a920a5deb65610a217c

New changelog entries:
  [ Stefan Fritsch ]
  * Fix regression causing apache2 to cache "206 partial content" responses,
    and then serving these partial responses when replying to normal requests.
    Closes: #671204
  * Add section to security.conf that shows how to forbid access to VCS
    directories. Closes: #548213
  * Update ssl default cipher config, add alternative speed optimized config.
    Closes: #649020
  * Add "AddCharset" for .brf files in default mod_mime config.
    Closes: #402567
  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
  * Port some of the comments in apache2.conf from the 2.4 package.
  * Compile mod_version statically, drop associated module load file.
  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
  * Note in README.Debian that future versions of the package will have the
    include statements changed to include only *.conf.
  * Change compiled-in document root to /var/www, to avoid strange error
  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
  [ Arno Töll ]
  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
    to override LDFLAGS at compile time by defining LDLAGS in the environment,
    just like it is possible for CFLAGS. This also means, config_vars.mk now
    exports hardening build flags by default.
  * Update doc-base metadata for the apache2-doc package.

85df248... by Stefan Fritsch on 2012-04-30

Import patches-unapplied version 2.2.22-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7147558dbac2faadd910729d3e4e224cc4ef975f

New changelog entries:
  * Make LoadFile and LoadModule look in the standard search paths if the
    dso file name is given as a pure filename. This helps with the multi-arch

7147558... by Stefan Fritsch on 2012-04-15

Import patches-unapplied version 2.2.22-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b8147564f421fb39c2527ad1ff1e16e2a7ca02dd

New changelog entries:
  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
    hosts' config files.
    If scripting modules like mod_php or mod_rivet are enabled on systems
    where either 1) some frontend server forwards connections to an apache2
    backend server on the localhost address, or 2) the machine running
    apache2 is also used for web browsing, this could allow a remote
    attacker to execute example scripts stored under /usr/share/doc.
    Depending on the installed packages, this could lead to issues like cross
    site scripting, code execution, or leakage of sensitive data.

b814756... by Arno Töll <email address hidden> on 2012-04-05

Import patches-unapplied version 2.2.22-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d1c6efcab0af78d4eaf130d8f3433fe034adcd71

New changelog entries:
  * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
    No such file or directory". Do not use internal rules targets which clash
    with build target names ... (Closes: #667069)
  * Drop apache2-dev virtual package. This had virtually no users but breaks our
    experimental package in some cases (e.g. #666793)
  * Push Standards version - no further changes
  * Update my maintainer address