Changelog
apache2 (2.4.6-1) unstable; urgency=low
New upstream release:
* CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
(Closes: #717272)
* New modules mod_cache_socache, mod_proxy_wstunnel.
* mod_ssl: Add support for subjectAltName-based host name checking in proxy
mode (SSLProxyCheckPeerName).
* mod_lua: Many new functions.
* mod_auth_basic: Add a generic mechanism to fake basic authentication
using the ap_expr parser (AuthBasicFake).
* mod_proxy: New BalancerInherit and ProxyPassInherit options.
* mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.
[ Arno Töll ]
* Document our security model in our NEWS file and highlight we do not allow
access to /srv. Thanks to joeyh for pointing this out.
* Allow the use of apache2-maintscript-helper from a sub-function. We rely
on dpkg's arguments supplied in $1, $2 etc. This clashes with function
arguments supplied to to sh sub-function. Allow manual override in such
cases.
* Mention that the dh_apache2 conditional must be present in postrm too
(Closes: #716694)
* Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
checking the supplied arguments, we were off by one (Closes: #717299).
* Reinstall index.html also on upgrades as it is removed during upgrades.
* Add mod_macro transitional package as it was promoted to core and does not
exist as individual package anymore (Closes: #706962)
[ Stefan Fritsch ]
* Don't fail package upgrade or removal just because the configuration is in
an inconsistent state (Closes: #716921, #717343, LP: #1202653).
* Improve error output of init script.
* Fix broken dependency information in several *.load files.
* Add mod_authn_core as dependency of the mod_auth_* modules.
(Closes: #717448)
-- Arno Töll <email address hidden> Sun, 21 Jul 2013 18:44:42 +0200