[ubuntu/quantal] apache2 2.2.22-6ubuntu1 (Accepted)

Robie Basak robie.basak at ubuntu.com
Fri Jun 8 11:35:25 UTC 2012 

apache2 (2.2.22-6ubuntu1) quantal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
  * Dropped changes:
    - debian/control: Add bzr tag and point it to our tree; this is not
      really required and just increases the delta.

apache2 (2.2.22-6) unstable; urgency=low

  [ Stefan Fritsch ]
  * Fix regression causing apache2 to cache "206 partial content" responses,
    and then serving these partial responses when replying to normal requests.
    Closes: #671204
  * Add section to security.conf that shows how to forbid access to VCS
    directories. Closes: #548213
  * Update ssl default cipher config, add alternative speed optimized config.
    Closes: #649020
  * Add "AddCharset" for .brf files in default mod_mime config.
    Closes: #402567
  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
  * Port some of the comments in apache2.conf from the 2.4 package.
  * Compile mod_version statically, drop associated module load file.
  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
    configtest.
  * Note in README.Debian that future versions of the package will have the
    include statements changed to include only *.conf.
  * Change compiled-in document root to /var/www, to avoid strange error
    messages.
  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.

  [ Arno Töll ]
  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
    to override LDFLAGS at compile time by defining LDLAGS in the environment,
    just like it is possible for CFLAGS. This also means, config_vars.mk now
    exports hardening build flags by default.
  * Update doc-base metadata for the apache2-doc package.

apache2 (2.2.22-5) unstable; urgency=low

  * Make LoadFile and LoadModule look in the standard search paths if the
    dso file name is given as a pure filename. This helps with the multi-arch
    transition.

apache2 (2.2.22-4) unstable; urgency=high

  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
    hosts' config files.
    If scripting modules like mod_php or mod_rivet are enabled on systems
    where either 1) some frontend server forwards connections to an apache2
    backend server on the localhost address, or 2) the machine running
    apache2 is also used for web browsing, this could allow a remote
    attacker to execute example scripts stored under /usr/share/doc.
    Depending on the installed packages, this could lead to issues like cross
    site scripting, code execution, or leakage of sensitive data.

apache2 (2.2.22-3) unstable; urgency=low

  * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
    No such file or directory". Do not use internal rules targets which clash
    with build target names ... (Closes: #667069)
  * Drop apache2-dev virtual package. This had virtually no users but breaks our
    experimental package in some cases (e.g. #666793)
  * Push Standards version - no further changes
  * Update my maintainer address

apache2 (2.2.22-2) unstable; urgency=low

  [ Arno Töll ]
  * Fix "Incorrect debhelper build dependency" by raising the build-dependency
    of debhelper to 8.9.7  (Closes: #659148)

Date: Fri, 08 Jun 2012 11:37:31 +0100
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: James Page <james.page at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/apache2/2.2.22-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 08 Jun 2012 11:37:31 +0100
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.22-6ubuntu1
Distribution: quantal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 402567 548213 649020 659148 667069 671204
Changes: 
 apache2 (2.2.22-6ubuntu1) quantal; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/{control, rules}: Enable PIE hardening.
     - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
     - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
     - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
       Plymouth aware passphrase dialog program ask-for-passphrase.
   * Dropped changes:
     - debian/control: Add bzr tag and point it to our tree; this is not
       really required and just increases the delta.
 .
 apache2 (2.2.22-6) unstable; urgency=low
 .
   [ Stefan Fritsch ]
   * Fix regression causing apache2 to cache "206 partial content" responses,
     and then serving these partial responses when replying to normal requests.
     Closes: #671204
   * Add section to security.conf that shows how to forbid access to VCS
     directories. Closes: #548213
   * Update ssl default cipher config, add alternative speed optimized config.
     Closes: #649020
   * Add "AddCharset" for .brf files in default mod_mime config.
     Closes: #402567
   * Don't create httpd.conf anymore and don't include it in apache2.conf. If
     it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
   * Port some of the comments in apache2.conf from the 2.4 package.
   * Compile mod_version statically, drop associated module load file.
   * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
     configtest.
   * Note in README.Debian that future versions of the package will have the
     include statements changed to include only *.conf.
   * Change compiled-in document root to /var/www, to avoid strange error
     messages.
   * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
 .
   [ Arno Töll ]
   * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
     to override LDFLAGS at compile time by defining LDLAGS in the environment,
     just like it is possible for CFLAGS. This also means, config_vars.mk now
     exports hardening build flags by default.
   * Update doc-base metadata for the apache2-doc package.
 .
 apache2 (2.2.22-5) unstable; urgency=low
 .
   * Make LoadFile and LoadModule look in the standard search paths if the
     dso file name is given as a pure filename. This helps with the multi-arch
     transition.
 .
 apache2 (2.2.22-4) unstable; urgency=high
 .
   * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
     hosts' config files.
     If scripting modules like mod_php or mod_rivet are enabled on systems
     where either 1) some frontend server forwards connections to an apache2
     backend server on the localhost address, or 2) the machine running
     apache2 is also used for web browsing, this could allow a remote
     attacker to execute example scripts stored under /usr/share/doc.
     Depending on the installed packages, this could lead to issues like cross
     site scripting, code execution, or leakage of sensitive data.
 .
 apache2 (2.2.22-3) unstable; urgency=low
 .
   * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
     No such file or directory". Do not use internal rules targets which clash
     with build target names ... (Closes: #667069)
   * Drop apache2-dev virtual package. This had virtually no users but breaks our
     experimental package in some cases (e.g. #666793)
   * Push Standards version - no further changes
   * Update my maintainer address
 .
 apache2 (2.2.22-2) unstable; urgency=low
 .
   [ Arno Töll ]
   * Fix "Incorrect debhelper build dependency" by raising the build-dependency
     of debhelper to 8.9.7  (Closes: #659148)
Checksums-Sha1: 
 0fdc1b3ae60334fab01da7442c41b346d79b9813 3009 apache2_2.2.22-6ubuntu1.dsc
 5655dda516d2824c0199c1738f3671f41f09b1ec 194944 apache2_2.2.22-6ubuntu1.debian.tar.gz
Checksums-Sha256: 
 b4102196d5cf4c41546cdc150c0c33c16e3bfe51f4a2582176557e5a64421ff0 3009 apache2_2.2.22-6ubuntu1.dsc
 bd55c569f0ee27dbb387e91b8ade53041ebbf19da22906f7f4bcb6e6359735d0 194944 apache2_2.2.22-6ubuntu1.debian.tar.gz
Files: 
 dd2b0b5d8d3ac8f4c2b9428405eafe5f 3009 httpd optional apache2_2.2.22-6ubuntu1.dsc
 ecb505128237a5717d06432e93ac6495 194944 httpd optional apache2_2.2.22-6ubuntu1.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJP0d/6AAoJEL/srsug59jDpg8P/R9NiEqLWYNquxmsIgMDyd58
NupNrF3AIGU8SuRusRmwuC//MDhqyfvkWiVn33CKuiU4EABkokbhP6Yvi6HEogX4
EswubZ21a8/jeZ1hOROQfitzarAa3WhI61W/8mcln5FARQoeYq1cYyUdrbxKrSzz
/Diq3T/l0a8zmdN3+bVG+Vt7VLgVrNH2eAl2FSdxIn/94Jn4GNX4SXT1n+j+NK9W
SMQjD/SZkQxOPqWNoGnAQ0SyrHO7gGr0Pi16Sba+D/heeonX0f5hh82jtrfnFWeU
f7F476IsXmRw9JWb150WJIlGOOc1nA13lHSmciX1UAb6R3v/IyD/mcCCjbNgm7ns
JKa38kh8Z3ZnDYhW7ZL+NX02BC6k+Y0Cj5iG+8Jy4DYJz39EYXYKBdqk12rExEPQ
+6YX7OiHcKAqklBy8jiKE6sNgVZAUCJDrDEuGKRAQiuHsJYftam+9rLqjkSDqyBg
stkzJp2F/PMEM6kz8/YbaL0njiDnI2YUNUVwxcc1FByYjcQ3OUdIYoSDBT89EVcn
jdfWV+4VuqC8A1vcDMXskc3Y6xine+up1BaaqZg5KvdCYAUpftF3xrmHx49YjmrP
/Ap/nV7ttsMDhIYhho9wensSW5bK9i+iowbrqgcPFPp/drickRTkbq8ApCX4Th0x
BTmXz6MG5jTZJIQBARSN
=tQmW
-----END PGP SIGNATURE-----

More information about the Quantal-changes mailing list