Please sync apache2 2.2.8-1 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/apache2
status new
importance wishlist
subscribe ubuntu-
Please sync apache2 2.2.8-1 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
Debian has accepted our modification (OpenDocument integration and LDFLAGS modification). The init.d modification is no longer relevant because debian has changed the way the pid file is defined.
Changelog since current hardy version 2.2.6-3ubuntu2:
apache2 (2.2.8-1) unstable; urgency=low
* New upstream version:
- Fixes cross-site scripting issues in
o mod_imagemap (CVE-2007-5000)
o mod_status (CVE-2007-6388)
o mod_proxy_
- Fixes a denial of service issue in mod_proxy_
(
- Fixes mod_proxy URL encoding in error messages (closes: #337325).
- Adds explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. For
mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
specify something else than ISO-8859-1 (CVE-2008-0005).
- Adds mod_substitute which performs inline response content pattern
matching (including regex) and substitution (like mod_line_edit).
- Adds "DefaultType none" option.
- Adds new "B" option to RewriteRule to suppress URL unescaping.
- Adds an "if" directive for mod_include to test whether an URL is
accessible, and if so, conditionally display content.
- Adds support for mod_ssl to the event MPM.
* Move the configuration of User, Group, and PidFile to
/etc/
scripts. /etc/apache2/
(inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
* Make apache2ctl check the configuration syntax before trying to restart
apache, to match the behaviour documented in the man page.
(Closes: #459236)
* Convert docs to be directly viewable with a browser (and not use content
negotiation).
* Add doc-base entry for the documentation. (closes: #311269)
* Don't ship default files in /var/www, but copy a sample file to
/var/
RedirectMatch line from sites-available
(Closes: #411774, #458093)
* Add some information to README.Debian (Apache wiki, default virtual host)
* Build with LDFLAGS=
dependencies, easing library transitions (closes: #458857).
* Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
Patch by Nicolas Valcárcel. (Closes: #436441)
* Add reportbug script to list enabled modules.
* Fix some lintian warnings:
- Pass --no-start to dh_installinit instead of omitting the debhelper token
in various maintainer scripts. Also move the update-rc.d call to
apache2.
- Add Short-Description to init script.
* Remove unused apache2-
debian/rules a bit.
* Don't ship NEWS.Debian with apache2-utils, as the contents are only
relevant for the server.
-- Stefan Fritsch <email address hidden> Thu, 17 Jan 2008 20:27:56 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHnmP0M0t
+01Dr8jdAPTtkiR
=0TB7
-----END PGP SIGNATURE-----
ACKed.