[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. debian/2.2.22-3-233-g72ed328
Arno Töll
arno at debian.org
Mon May 28 20:30:16 UTC 2012
The following commit has been merged in the next branch:
commit 72ed3286b71caeef84db2b03a16b232fef6e995c
Merge: 1ae155c52d293367abf14e6257528bb40a002dd0 dee1b6b74eb29fe008ed0a90806de162f91a9c0c
Author: Arno Töll <arno at debian.org>
Date: Mon May 28 22:29:54 2012 +0200
Merge branch 'next' of git+ssh://git.debian.org/git/pkg-apache/apache2 into next
diff --combined debian/changelog
index 25c012a,86c3c27..b17f65b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,17 +1,15 @@@
apache2 (2.4.2-2) experimental; urgency=low
- * UNRELEASED
-
[ Stefan Fritsch ]
* Explicitly enable mod_authz_core on upgrades. It can happen that it is
not pulled in by any of the enabled modules, but we need it in any case
for apache2.conf. Closes: #669876
* Don't ship the changelogs in the apache2-mpm-itk transitional package.
+ * Make dh_apache2 only accept shell function names as conditional, to avoid
+ problems with shell and sed special characters.
+ * Add Replaces for the old mpm packages to apache2-bin. Closes: #671683
+ * Add transitional package for libapache2-mod-proxy-html. Closes: #666816
+ * Don't ship changelogs in the apache2.2-bin transitional package.
[ Arno Töll ]
* Add mode lines to various configuration files and scripts. Reformat
@@@ -28,8 -35,30 +33,30 @@@
* Implement a -r switch for dh_apache2 which allows to force a reload of the
web server if required.
- -- Arno Töll <arno at debian.org> Fri, 27 Apr 2012 02:22:58 +0200
+ -- Arno Töll <arno at debian.org> Mon, 28 May 2012 17:36:03 +0200
+ apache2 (2.2.22-5) unstable; urgency=low
+
+ * Make LoadFile and LoadModule look in the standard search paths if the
+ dso file name is given as a pure filename. This helps with the multi-arch
+ transition.
+
+ -- Stefan Fritsch <sf at debian.org> Mon, 30 Apr 2012 23:38:33 +0200
+
+ apache2 (2.2.22-4) unstable; urgency=high
+
+ * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
+ hosts' config files.
+ If scripting modules like mod_php or mod_rivet are enabled on systems
+ where either 1) some frontend server forwards connections to an apache2
+ backend server on the localhost address, or 2) the machine running
+ apache2 is also used for web browsing, this could allow a remote
+ attacker to execute example scripts stored under /usr/share/doc.
+ Depending on the installed packages, this could lead to issues like cross
+ site scripting, code execution, or leakage of sensitive data.
+
+ -- Stefan Fritsch <sf at debian.org> Sun, 15 Apr 2012 23:41:43 +0200
+
apache2 (2.4.2-1) experimental; urgency=low
* New upstream release
--
Debian packaging for apache2 (Apache HTTPD 2.x)
More information about the Pkg-apache-commits
mailing list