lp://qastaging/debian/apache2
- Get this branch:
- bzr branch lp://qastaging/debian/apache2
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 58. By Stefan Fritsch
-
[ Stefan Fritsch ]
* CVE-2012-2687: mod_negotiation: Escape filenames in variant list to prevent
a possible XSS for a site where untrusted users can upload files to a
location with MultiViews enabled.
* Add example for X-XSS-Protection to conf.d/security.[ Arno Töll ]
* Fix "contradictory comment in /etc/apache2/apache2. conf about the
.load suffix" (Closes: #676975). Hopefully you are now happy, Vincent. :-) - 57. By Stefan Fritsch
-
[ Arno Töll ]
* Fix "ambiguous comment in /etc/apache2/apache2. conf" by clarifying
contradicting statements. (Closes: #675184)[ Stefan Fritsch ]
* Allow colons in filenames when using wildcards with "Include".
Closes: #676610
* Add examples for X-Content-Type-Options and X-Frame-Options to
conf.d/security.
* Fix the VCS dir example in conf.d/security.
* Pick some bug fixes from upstram trunk:
- core/mod_cgi: Fix script logging in error case
- mod_dumpio: Fix possible loop in input filter.
- mod_proxy_ajp: Reduce memory usage in case of many requests on one
connection - 56. By Stefan Fritsch
-
[ Stefan Fritsch ]
* Fix regression causing apache2 to cache "206 partial content" responses,
and then serving these partial responses when replying to normal requests.
Closes: #671204
* Add section to security.conf that shows how to forbid access to VCS
directories. Closes: #548213
* Update ssl default cipher config, add alternative speed optimized config.
Closes: #649020
* Add "AddCharset" for .brf files in default mod_mime config.
Closes: #402567
* Don't create httpd.conf anymore and don't include it in apache2.conf. If
it contains local modifications, move it to /etc/apache2/conf.d/ httpd.conf
* Port some of the comments in apache2.conf from the 2.4 package.
* Compile mod_version statically, drop associated module load file.
* If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
configtest.
* Note in README.Debian that future versions of the package will have the
include statements changed to include only *.conf.
* Change compiled-in document root to /var/www, to avoid strange error
messages.
* Use "dh --with autotools_dev" instead of patching config.sub/config. guess. [ Arno Töll ]
* Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
to override LDFLAGS at compile time by defining LDLAGS in the environment,
just like it is possible for CFLAGS. This also means, config_vars.mk now
exports hardening build flags by default.
* Update doc-base metadata for the apache2-doc package. - 55. By Stefan Fritsch
-
Make LoadFile and LoadModule look in the standard search paths if the
dso file name is given as a pure filename. This helps with the multi-arch
transition. - 54. By Stefan Fritsch
-
CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
hosts' config files.
If scripting modules like mod_php or mod_rivet are enabled on systems
where either 1) some frontend server forwards connections to an apache2
backend server on the localhost address, or 2) the machine running
apache2 is also used for web browsing, this could allow a remote
attacker to execute example scripts stored under /usr/share/doc.
Depending on the installed packages, this could lead to issues like cross
site scripting, code execution, or leakage of sensitive data. - 53. By Arno Töll <email address hidden>
-
* Fix "FTBFS: mkdir: cannot create directory `debian/
build-tree/ arch':
No such file or directory". Do not use internal rules targets which clash
with build target names ... (Closes: #667069)
* Drop apache2-dev virtual package. This had virtually no users but breaks our
experimental package in some cases (e.g. #666793)
* Push Standards version - no further changes
* Update my maintainer address - 52. By Stefan Fritsch
-
[ Arno Töll ]
Fix "Incorrect debhelper build dependency" by raising the build-dependency
of debhelper to 8.9.7 (Closes: #659148) - 51. By Stefan Fritsch
-
[ Stefan Fritsch ]
* New upstream release, urgency medium due to security fixes:
- Fix CVE-2012-0021: mod_log_config: DoS with '%{cookiename}C' log format
- Fix CVE-2012-0031: Unprivileged child process could cause the parent to
crash at shutdown
- Fix CVE-2012-0053: Exposure of "httpOnly" cookies in code 400 error
message.
* Move httxt2dbm to apache2-utils
* Adjust debian/control to point to new git repository.[ Arno Töll ]
* Fix "typo in /etc/apache2/apache2. conf" (Closes: #653801) - 50. By Stefan Fritsch
-
[ Arno Töll ]
Fix build failures introduced as regregression by the previous build. Debian
buildds aren't rebuilding arch:all packages which caused problems for our
unconditional copying into binary package. I was warned.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/debian/squeeze/apache2