[Bug 596034] Re: Please merge apache2 2.2.15-5 (main) from debian unstable (main)
Lorenzo De Liso
blackzldl at gmail.com
Fri Jun 18 19:46:34 BST 2010
** Patch added: "merge.debdiff"
http://launchpadlibrarian.net/50554428/merge.debdiff
** Changed in: apache2 (Ubuntu)
Importance: Undecided => Wishlist
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0408
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0434
--
Please merge apache2 2.2.15-5 (main) from debian unstable (main)
https://bugs.launchpad.net/bugs/596034
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
Status in “apache2” package in Ubuntu: New
Bug description:
Binary package hint: apache2
apache2 (2.2.15-5) unstable; urgency=low
* Conflict with apache package as we now include apachectl. Closes: #579065
* Remove conflicts with old apache 2.0 modules. The conflicts are not
necessary anymore as skipping a stable release is not supported anyway.
* Silence the grep in preinst.
-- Stefan Fritsch <sf at debian.org> Sun, 25 Apr 2010 10:46:09 +0200
apache2 (2.2.15-4) unstable; urgency=low
* Move definition of other_vhosts_access.log to new config file
/etc/apache2/conf.d/other-vhosts-access-log, but disable it
if it has been disabled by the admin. Closes: #576572. LP: #507616
* Comment out the contents of mods-available/proxy.conf, as it just
is a nuisance for use of apache2 as a reverse proxy, which is much
more common than the use as forward proxy. Extend the comments
in the file.
* Change defaults or add example configs for some modules:
status.conf:
- enable ExtendedStatus by default
- enable ProxyStatus by default
- document SeeRequestTail directive
proxy_ftp.conf:
- set 'ProxyFtpDirCharset UTF-8' by default
ldap.conf:
- enable /ldap-status page, allow it from localhost by default
proxy_balancer.conf:
- add (disabled) example for /balancer-manager page
ssl.conf:
- document SSLStrictSNIVHostCheck directive
* Add symlink from apachectl to apache2ctl to be more compatible with
upstream. Apache httpd 1.3 hasn't been in Debian for some time.
* Simplify logrotate script. Closes: #576105
* Remove empty directory /usr/lib/debug/usr/sbin in mpm packages.
Closes: #576089
* Fix apxs2 to work with perl 5.12rc3. Closes: #577239
* Add source/format file to make lintian happy.
(LP: #562370)
-- Stefan Fritsch <sf at debian.org> Tue, 20 Apr 2010 23:11:09 +0200
apache2 (2.2.15-3) unstable; urgency=low
* mod_reqtimeout: backport bugfixes from upstream trunk up to r928881,
including a fix for mod_proxy CONNECT requests.
* mod_dav_fs: Use correct permissions when creating new files. LP: #540747
-- Stefan Fritsch <sf at debian.org> Mon, 29 Mar 2010 22:16:24 +0200
apache2 (2.2.15-2) unstable; urgency=low
* Make the Files ~ "^\.ht" block in apache2.conf more secure by adding
Satisfy all. Closes: #572075
* mod_reqtimeout: Various bug fixes, including:
- Don't mess up timeouts of mod_proxy's backend connections.
Closes: #573163
-- Stefan Fritsch <sf at debian.org> Wed, 10 Mar 2010 21:06:06 +0100
apache2 (2.2.15-1) unstable; urgency=low
* New upstream version:
- CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability
- CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol
prefix injection attack.
- CVE-2010-0434: mod_headers: Fix potential information leak with threaded
MPMs.
- mod_reqtimeout: New module limiting the time waiting for receiving
a request from the client. This is a (partial) mitigation against
slowloris-type resource exhaustion attacks. The module is enabled by
default. Closes: #533661
- mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
renegotiation with clients which do not yet support the secure
renegotiation protocol. As this requires openssl 0.9.8m, bump
build dependency accordingly.
* Fix bash completion for a2ensite if the site name contains 'conf' or
'load'. Closes: #572232
* Do a configcheck in the init script before doing a non-graceful restart.
Closes: #571461
-- Stefan Fritsch <sf at debian.org> Sun, 07 Mar 2010 23:22:56 +0100
apache2 (2.2.14-7) unstable; urgency=low
* Fix potential memory leaks related to the usage of apr_brigade_destroy().
* Add hints about correct mod_dav_fs configuration to README.Debian.
Closes: #257945
* Fix error in Polish translation of 404 error page. Closes: #570228
* Document ThreadLimit in apache2.conf's comments.
-- Stefan Fritsch <sf at debian.org> Sat, 20 Feb 2010 12:38:30 +0100
apache2 (2.2.14-6) unstable; urgency=low
* Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and
APACHE_LOG_DIR in the default configuration. If you have modified
/etc/apache2/envvars, make sure that these variables are set and exported.
* Add support for multiple apache2 instances to initscript and apache2ctl.
See /usr/share/doc/apache2.2-common/README.multiple-instances for details.
Closes: #353450
* Set default compiled-in ServerRoot to /etc/apache2 and make paths in
apache2.conf relative to ServerRoot.
* Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061
* Fix symlinks in apache2-dbg package. Closes: #567076
* Fix mod_cache CacheIgnoreURLSessionIdentifiers handling. Closes: #556383
* Add new init script action graceful-stop (LP: #456381)
* Add more languages to mime.conf. To limit this to useful entries, we only
add those for which a translation of the Debian intaller exists. LP: #217964
* Unset $HOME in /etc/apache2/envvars.
* Change default config of mod_info and mod_status to use IP addresses
instead of hostnames. Otherwise the hostname is sometimes logged even with
'HostnameLookup Off'. Closes: #568409
* Add a hook to apache2.2-common's postrm script that may come in handy
when upgrading to 2.4.
* Make bug script also display php extensions.
* Bump Standards-Version (no changes).
* Remove Adam Conrad from Uploaders. Thanks for your work in the past.
-- Stefan Fritsch <sf at debian.org> Sun, 07 Feb 2010 17:29:45 +0100
More information about the Ubuntu-sponsors
mailing list