Accepted: apache2 2.2.8-1 (source)
Ubuntu Installer
archive at ubuntu.com
Sat Feb 2 02:27:48 GMT 2008
Accepted:
OK: apache2_2.2.8.orig.tar.gz
OK: apache2_2.2.8-1.diff.gz
OK: apache2_2.2.8-1.dsc
-> Component: main Section: web
Origin: Debian/unstable
Format: 1.7
Date: Fri, 01 Feb 2008 16:24:43 +0000
Source: apache2
Binary: apache2, apache2-mpm-event, apache2-threaded-dev, apache2-utils, apache2-dbg, apache2-mpm-prefork, apache2-src, apache2.2-common, apache2-doc, apache2-mpm-worker, apache2-prefork-dev, apache2-mpm-perchild
Architecture: source
Version: 2.2.8-1
Distribution: hardy
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Changed-By: Mathias Gug <mathiaz at ubuntu.com>
Description:
apache2 - Next generation, scalable, extendable web server
Closes: 311269 337325 349709 411774 436441 458085 458093 458857 459236 460105
Changes:
apache2 (2.2.8-1) unstable; urgency=low
.
* New upstream version:
- Fixes cross-site scripting issues in
o mod_imagemap (CVE-2007-5000)
o mod_status (CVE-2007-6388)
o mod_proxy_balancer's balancer manager (CVE-2007-6421)
- Fixes a denial of service issue in mod_proxy_balancer's balancer manager
(CVE-2007-6422).
- Fixes mod_proxy URL encoding in error messages (closes: #337325).
- Adds explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. For
mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
specify something else than ISO-8859-1 (CVE-2008-0005).
- Adds mod_substitute which performs inline response content pattern
matching (including regex) and substitution (like mod_line_edit).
- Adds "DefaultType none" option.
- Adds new "B" option to RewriteRule to suppress URL unescaping.
- Adds an "if" directive for mod_include to test whether an URL is
accessible, and if so, conditionally display content.
- Adds support for mod_ssl to the event MPM.
* Move the configuration of User, Group, and PidFile to
/etc/apache2/envvars. This makes it easier to use these settings in
scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
(inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
* Make apache2ctl check the configuration syntax before trying to restart
apache, to match the behaviour documented in the man page.
(Closes: #459236)
* Convert docs to be directly viewable with a browser (and not use content
negotiation).
* Add doc-base entry for the documentation. (closes: #311269)
* Don't ship default files in /var/www, but copy a sample file to
/var/www/index.html on new installs. Also remove the now unneeded
RedirectMatch line from sites-available/default.
(Closes: #411774, #458093)
* Add some information to README.Debian (Apache wiki, default virtual host)
* Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
dependencies, easing library transitions (closes: #458857).
* Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
Patch by Nicolas Valcárcel. (Closes: #436441)
* Add reportbug script to list enabled modules.
* Fix some lintian warnings:
- Pass --no-start to dh_installinit instead of omitting the debhelper token
in various maintainer scripts. Also move the update-rc.d call to
apache2.2-common.
- Add Short-Description to init script.
* Remove unused apache2-mpm-prefork.prerm from source package and clean up
debian/rules a bit.
* Don't ship NEWS.Debian with apache2-utils, as the contents are only
relevant for the server.
Files:
405c7118ef0f2e8ee36253e94b9cc5cf 128534 web optional apache2_2.2.8-1.diff.gz
39a755eb0f584c279336387b321e3dfc 6125771 web optional apache2_2.2.8.orig.tar.gz
c2f8c4852c9f6b851552901f7765e344 1269 web optional apache2_2.2.8-1.dsc
More information about the Hardy-changes
mailing list