diff -Nru apache2-2.2.22/debian/apache2.2-common.dirs apache2-2.2.22/debian/apache2.2-common.dirs --- apache2-2.2.22/debian/apache2.2-common.dirs 2012-05-28 21:33:08.000000000 +0100 +++ apache2-2.2.22/debian/apache2.2-common.dirs 2012-05-30 04:09:16.000000000 +0100 @@ -13,3 +13,4 @@ var/cache/apache2/mod_disk_cache var/log/apache2 var/www +etc/ufw/applications.d diff -Nru apache2-2.2.22/debian/apache2.2-common.install apache2-2.2.22/debian/apache2.2-common.install --- apache2-2.2.22/debian/apache2.2-common.install 2012-05-28 21:33:08.000000000 +0100 +++ apache2-2.2.22/debian/apache2.2-common.install 2012-05-30 04:09:16.000000000 +0100 @@ -6,3 +6,4 @@ debian/config-dir/* etc/apache2 debian/a2enmod usr/sbin debian/apache2ctl usr/sbin +debian/apache2.py usr/share/apport/package-hooks diff -Nru apache2-2.2.22/debian/apache2.2-common.ufw.profile apache2-2.2.22/debian/apache2.2-common.ufw.profile --- apache2-2.2.22/debian/apache2.2-common.ufw.profile 1970-01-01 01:00:00.000000000 +0100 +++ apache2-2.2.22/debian/apache2.2-common.ufw.profile 2012-01-09 06:25:10.000000000 +0000 @@ -0,0 +1,14 @@ +[Apache] +title=Web Server +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=80/tcp + +[Apache Secure] +title=Web Server (HTTPS) +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=443/tcp + +[Apache Full] +title=Web Server (HTTP,HTTPS) +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=80,443/tcp diff -Nru apache2-2.2.22/debian/apache2.py apache2-2.2.22/debian/apache2.py --- apache2-2.2.22/debian/apache2.py 1970-01-01 01:00:00.000000000 +0100 +++ apache2-2.2.22/debian/apache2.py 2012-01-09 06:25:10.000000000 +0000 @@ -0,0 +1,44 @@ +#!/usr/bin/python + +'''apport hook for apache2 + +(c) 2010 Adam Sommer. +Author: Adam Sommer + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * +import os + +def add_info(report, ui): + response = ui.yesno("The contents of your /etc/apache2/sites-enabled directory " + "may help developers diagnose your bug more " + "quickly. However, it may contain sensitive " + "information. Do you want to include it in your " + "bug report?") + + if response == None: # user cancelled + raise StopIteration + + elif response == True: + # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d + for conf_file in os.listdir('/etc/apache2/sites-enabled'): + attach_file_if_exists(report, '/etc/apache2/sites-enabled/' + conf_file, conf_file) + try: + report['Apache2ConfdDirListing'] = unicode(os.listdir('/etc/apache2/conf.d')) + except OSError: + report['Apache2ConfdDirListing'] = unicode(False) + + # Attach default config files if changed. + attach_conffiles(report, 'apache2.2-common', conffiles=None) + + # Attach the error.log file. + attach_file(report, '/var/log/apache2/error.log', key='error.log') + + # Get loaded modules. + report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES']) diff -Nru apache2-2.2.22/debian/ask-for-passphrase apache2-2.2.22/debian/ask-for-passphrase --- apache2-2.2.22/debian/ask-for-passphrase 1970-01-01 01:00:00.000000000 +0100 +++ apache2-2.2.22/debian/ask-for-passphrase 2012-01-09 06:25:10.000000000 +0000 @@ -0,0 +1,43 @@ +#!/bin/bash +# +# ask-for-passphrase - designed to be used by SSLPassPhraseDialog exec: +# +# Copyright Canonical, Ltd. 2010, All Rights Reserved +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +sitename=$1 +keytype=$2 + +prompt="Apache needs to decrypt your SSL Keys for $sitename ($keytype) +Please enter passphrase:" +tty=`tty` +if [ "$tty" = "not a tty" ] ; then + # Apache gives us a pipe for stdin, but we want to + # talk to apache's terminal. + tty=`tty < /proc/${PPID}/fd/0` + if [ "$tty" = "not a tty" ] ; then + if [ -x /bin/plymouth ] && plymouth --ping ; then + echo $prompt | logger + exec plymouth ask-for-password --prompt="$prompt" + else + logger -p daemon.err -t apache2 "No way to ask user for passphrase" + exit 1 + fi + fi + # We must not print anything on stdout except the passphrase + read -s -p "$prompt" passphrase > $tty 2>&1 < $tty + echo $passphrase +fi diff -Nru apache2-2.2.22/debian/changelog apache2-2.2.22/debian/changelog --- apache2-2.2.22/debian/changelog 2012-05-29 21:06:56.000000000 +0100 +++ apache2-2.2.22/debian/changelog 2012-06-08 11:38:26.000000000 +0100 @@ -1,3 +1,15 @@ +apache2 (2.2.22-6ubuntu1) quantal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Robie Basak Fri, 08 Jun 2012 11:37:31 +0100 + apache2 (2.2.22-6) unstable; urgency=low [ Stefan Fritsch ] @@ -73,6 +85,18 @@ -- Stefan Fritsch Thu, 15 Mar 2012 00:02:31 +0100 +apache2 (2.2.22-1ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Sun, 12 Feb 2012 20:06:35 -0500 + apache2 (2.2.22-1) unstable; urgency=medium [ Stefan Fritsch ] @@ -90,6 +114,18 @@ -- Stefan Fritsch Wed, 01 Feb 2012 21:49:04 +0100 +apache2 (2.2.21-5ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Mon, 09 Jan 2012 06:26:31 +0000 + apache2 (2.2.21-5) unstable; urgency=low [ Arno Töll ] @@ -143,6 +179,26 @@ -- Stefan Fritsch Thu, 29 Dec 2011 12:09:14 +0100 +apache2 (2.2.21-3ubuntu2) precise; urgency=low + + * d/ask-for-passphrase: Flip the logic of this script so that it checks + first to see if apache is being started from a TTY, and then if not, + tries plymouth. (LP: #887410) + + -- Clint Byrum Tue, 06 Dec 2011 16:49:33 -0800 + +apache2 (2.2.21-3ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Fri, 09 Dec 2011 05:20:43 +0000 + apache2 (2.2.21-3) unstable; urgency=medium * Fix CVE-2011-4317: Prevent unintended pattern expansion in some @@ -157,6 +213,24 @@ -- Stefan Fritsch Sat, 03 Dec 2011 18:54:03 +0100 +apache2 (2.2.21-2ubuntu2) precise; urgency=low + + * No-change rebuild to drop spurious libsfgcc1 dependency on armhf. + + -- Adam Conrad Fri, 02 Dec 2011 17:36:28 -0700 + +apache2 (2.2.21-2ubuntu1) precise; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Fri, 14 Oct 2011 16:01:29 +0000 + apache2 (2.2.21-2) unstable; urgency=high * Fix CVE-2011-3368: Prevent unintended pattern expansion in some @@ -174,6 +248,19 @@ -- Stefan Fritsch Mon, 26 Sep 2011 18:16:11 +0200 +apache2 (2.2.20-1ubuntu1) oneiric; urgency=low + + * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991). + Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Steve Beattie Tue, 06 Sep 2011 01:17:15 -0700 + apache2 (2.2.20-1) unstable; urgency=low * New upstream release. @@ -196,6 +283,18 @@ -- Stefan Fritsch Mon, 29 Aug 2011 17:08:17 +0200 +apache2 (2.2.19-1ubuntu1) oneiric; urgency=low + + * Merge from debian unstable (LP: #787013). Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Andres Rodriguez Mon, 23 May 2011 10:16:09 -0400 + apache2 (2.2.19-1) unstable; urgency=low * New upstream release. @@ -213,6 +312,18 @@ -- Stefan Fritsch Sun, 22 May 2011 10:21:21 +0200 +apache2 (2.2.17-3ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Mon, 11 Apr 2011 02:13:30 +0100 + apache2 (2.2.17-3) unstable; urgency=low * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049 @@ -239,6 +350,18 @@ -- Stefan Fritsch Mon, 21 Mar 2011 23:01:17 +0100 +apache2 (2.2.17-1ubuntu1) natty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Tue, 22 Feb 2011 13:02:08 -0500 + apache2 (2.2.17-1) unstable; urgency=low * New upstream version @@ -247,6 +370,32 @@ -- Stefan Fritsch Tue, 15 Feb 2011 23:30:18 +0100 +apache2 (2.2.16-6ubuntu3) natty; urgency=low + + * debian/rules: Don't use "-fno-strict-aliasing" since it causes + apache FTBFS on amd64. (LP: #711293) + + -- Chuck Short Tue, 01 Feb 2011 10:19:55 -0500 + +apache2 (2.2.16-6ubuntu2) natty; urgency=low + + * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug. + (LP: #697105) + + -- Chuck Short Tue, 25 Jan 2011 11:14:58 -0500 + +apache2 (2.2.16-6ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: + Plymouth aware passphrase dialog program ask-for-passphrase. + + -- Chuck Short Sun, 02 Jan 2011 06:05:51 +0000 + apache2 (2.2.16-6) unstable; urgency=low * Also add $named to the secondary-init-script example. @@ -262,6 +411,30 @@ -- Stefan Fritsch Fri, 31 Dec 2010 01:22:19 +0100 +apache2 (2.2.16-4ubuntu2) natty; urgency=low + + [Clint Byrum] + * Adding plymouth aware passphrase dialog program ask-for-passphrase. + (LP: #582963) + + debian/control: apache2.2-common depends on bash for ask-for-passphrase + + debian/config-dir/mods-available/ssl.conf: + - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase + + [Chuck Short] + * Add apport hook. (LP: #609177) + + debian/apache2.py, debian/apache2.2-common.install + + -- Chuck Short Mon, 22 Nov 2010 09:43:43 -0500 + +apache2 (2.2.16-4ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree + + -- Chuck Short Mon, 22 Nov 2010 09:43:41 -0500 + apache2 (2.2.16-4) unstable; urgency=medium * Increase the mod_reqtimeout default timeouts to avoid potential problems @@ -272,6 +445,15 @@ -- Stefan Fritsch Sun, 14 Nov 2010 19:05:55 +0100 +apache2 (2.2.16-3ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + + -- Chuck Short Tue, 12 Oct 2010 11:54:48 +0100 + apache2 (2.2.16-3) unstable; urgency=high * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage. @@ -294,6 +476,30 @@ -- Stefan Fritsch Sun, 29 Aug 2010 15:29:21 +0200 +apache2 (2.2.16-1ubuntu3) maverick; urgency=low + + * Revert "stty sane" to unbreak apache starting, this will have to be + fixed a different way. (LP: #626723) + + -- Chuck Short Wed, 08 Sep 2010 08:33:17 -0400 + +apache2 (2.2.16-1ubuntu2) maverick; urgency=low + + * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a + password prompt when using apache-ssl. (LP: #582963) + + -- Chuck Short Wed, 25 Aug 2010 09:25:05 -0400 + +apache2 (2.2.16-1ubuntu1) maverick; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) + + -- Chuck Short Mon, 26 Jul 2010 20:21:37 +0100 + apache2 (2.2.16-1) unstable; urgency=medium * Urgency medium for security fix. @@ -326,6 +532,24 @@ -- Stefan Fritsch Fri, 16 Jul 2010 23:41:08 +0200 +apache2 (2.2.15-5ubuntu1) maverick; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) + + Dropped: + - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed. + - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed. + - debian/config-dir/apache2.conf: Merged back from debian. + - mod-reqtimeout functionality: Merge back from debian. + - debian/patches/204_CVE-2010-0408.dpatch: No longer needed. + - debian/patches/205_CVE-2010-0434.dpatch: No longer needed. + - debian/patches/203_fix-ab-segfault.dpatch: No longer needed. + + -- Chuck Short Wed, 05 May 2010 01:28:04 +0100 + apache2 (2.2.15-5) unstable; urgency=low * Conflict with apache package as we now include apachectl. Closes: #579065 @@ -446,6 +670,80 @@ -- Stefan Fritsch Sun, 07 Feb 2010 17:29:45 +0100 +apache2 (2.2.14-5ubuntu8) lucid; urgency=low + + * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so + (LP: #562370) + + -- Chuck Short Tue, 13 Apr 2010 15:09:57 -0400 + +apache2 (2.2.14-5ubuntu7) lucid; urgency=low + + * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory + leaks by making sure to not destroy bucket brigades that have been created + by earlier filters. Backported from 2.2.15. + * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server + has reached MaxClients until it has. Backported from 2.2.15 + * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf + more secure by adding Satisfy all. (Debian bug: #572075) + * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch, + debian/config2-dir/mods-available/reqtimeout.load, + debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the + mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris + bug in apache. Enable it by default. (LP: #392759) + + -- Chuck Short Mon, 05 Apr 2010 09:53:35 -0400 + +apache2 (2.2.14-5ubuntu6) lucid; urgency=low + + * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681) + + -- Chuck Short Tue, 30 Mar 2010 09:41:11 -0400 + +apache2 (2.2.14-5ubuntu5) lucid; urgency=low + + * Revert 99-fix-mod-dav-permissions.dpatch + + -- Chuck Short Tue, 30 Mar 2010 07:55:46 -0400 + +apache2 (2.2.14-5ubuntu4) lucid; urgency=low + + * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when + downloading files from webdav (LP: #540747) + * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381) + + -- Chuck Short Mon, 29 Mar 2010 13:37:39 -0400 + +apache2 (2.2.14-5ubuntu3) lucid; urgency=low + + * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp + - debian/patches/204_CVE-2010-0408.dpatch: return the right error code + in modules/proxy/mod_proxy_ajp.c. + - CVE-2010-0408 + * SECURITY UPDATE: information disclosure via improper handling of + headers in subrequests + - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in + in server/protocol.c. + - CVE-2010-0434 + + -- Marc Deslauriers Wed, 10 Mar 2010 14:48:48 -0500 + +apache2 (2.2.14-5ubuntu2) lucid; urgency=low + + * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really + wacky options. (LP: #450501) + + -- Chuck Short Mon, 08 Mar 2010 14:53:17 -0500 + +apache2 (2.2.14-5ubuntu1) lucid; urgency=low + + * Merge from debian testing. Remaining changes: LP: #506862 + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + + -- Bhavani Shankar Wed, 13 Jan 2010 14:28:41 +0530 + apache2 (2.2.14-5) unstable; urgency=low * Security: Further mitigation for the TLS renegotation attack @@ -469,6 +767,15 @@ -- Stefan Fritsch Sat, 02 Jan 2010 22:44:15 +0100 +apache2 (2.2.14-4ubuntu1) lucid; urgency=low + + * Resynchronzie with Debian, remaining changes are: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + + -- Chuck Short Wed, 23 Dec 2009 14:44:51 -0500 + apache2 (2.2.14-4) unstable; urgency=low * Disable localized error pages again by default because they break @@ -519,6 +826,17 @@ -- Stefan Fritsch Sat, 07 Nov 2009 14:37:37 +0100 +apache2 (2.2.14-1ubuntu1) lucid; urgency=low + + * Merge from debian testing, remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. + - debian/conrol: Add bzr tag and point it to our tree. + - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: + Already applied upstream. + + -- Chuck Short Fri, 06 Nov 2009 00:29:03 +0000 + apache2 (2.2.14-1) unstable; urgency=low * New upstream version: @@ -553,6 +871,24 @@ -- Stefan Fritsch Mon, 31 Aug 2009 20:28:56 +0200 +apache2 (2.2.12-1ubuntu2) karmic; urgency=low + + * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: + - Fix potential segfaults with the use of the legacy ap_rputs() etc + interfaces, in cases where an output filter fails. This happens + frequently after CVE-2009-1891 got fixed. (LP: #409987) + + -- Marc Deslauriers Mon, 17 Aug 2009 15:38:47 -0400 + +apache2 (2.2.12-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch. + + -- Chuck Short Tue, 04 Aug 2009 20:04:24 +0100 + apache2 (2.2.12-1) unstable; urgency=low * New upstream release: @@ -600,6 +936,16 @@ -- Stefan Fritsch Tue, 04 Aug 2009 11:02:34 +0200 +apache2 (2.2.11-7ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: LP: #398130 + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Bhavani Shankar Sat, 11 Jul 2009 16:34:32 +0530 + apache2 (2.2.11-7) unstable; urgency=low * Security fixes: @@ -614,6 +960,16 @@ -- Stefan Fritsch Fri, 10 Jul 2009 22:42:57 +0200 +apache2 (2.2.11-6ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Tue, 09 Jun 2009 01:01:23 +0100 + apache2 (2.2.11-6) unstable; urgency=high * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server @@ -622,6 +978,16 @@ -- Stefan Fritsch Mon, 08 Jun 2009 19:22:58 +0200 +apache2 (2.2.11-5ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Andrew Mitchell Wed, 03 Jun 2009 14:10:54 +1200 + apache2 (2.2.11-5) unstable; urgency=low * Move all binaries into a new package apache2.2-bin and make @@ -670,6 +1036,16 @@ -- Stefan Fritsch Tue, 19 May 2009 22:55:27 +0200 +apache2 (2.2.11-3ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Andrew Mitchell Tue, 12 May 2009 16:15:34 +1200 + apache2 (2.2.11-3) unstable; urgency=low * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap @@ -678,6 +1054,21 @@ -- Stefan Fritsch Tue, 31 Mar 2009 21:07:26 +0200 +apache2 (2.2.11-2ubuntu2) jaunty; urgency=low + + * debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + + -- Chuck Short Wed, 01 Apr 2009 11:39:17 -0400 + +apache2 (2.2.11-2ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{contro,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Sat, 17 Jan 2009 00:02:55 +0000 + apache2 (2.2.11-2) unstable; urgency=low * Report an error instead instead of segfaulting when apr_pollset_create @@ -687,6 +1078,14 @@ -- Stefan Fritsch Fri, 16 Jan 2009 19:01:59 +0100 +apache2 (2.2.11-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Mon, 15 Dec 2008 00:06:50 +0000 + apache2 (2.2.11-1) unstable; urgency=low [Thom May] @@ -701,6 +1100,14 @@ -- Stefan Fritsch Sun, 14 Dec 2008 09:34:24 +0100 +apache2 (2.2.9-11ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: (LP: #303375) + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Bhavani Shankar Sat, 29 Nov 2008 14:02:31 +0530 + apache2 (2.2.9-11) unstable; urgency=low * Regression fix from upstream svn for mod_proxy: @@ -715,6 +1122,14 @@ -- Stefan Fritsch Wed, 26 Nov 2008 23:10:22 +0100 +apache2 (2.2.9-10ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Wed, 05 Nov 2008 02:23:18 -0400 + apache2 (2.2.9-10) unstable; urgency=low * Regression fix from upstream svn for mod_proxy_http: @@ -745,6 +1160,27 @@ -- Stefan Fritsch Thu, 11 Sep 2008 09:17:33 +0200 +apache2 (2.2.9-7ubuntu3) intrepid; urgency=low + + * Revert logrotate change since it will break it for everyone. + + -- Chuck Short Fri, 19 Sep 2008 09:32:01 -0400 + +apache2 (2.2.9-7ubuntu2) intrepid; urgency=low + + * debian/logrotate: Restart rather than reload for busy websites. + (LP: #270899) + + -- Chuck Short Thu, 18 Sep 2008 08:42:22 -0400 + +apache2 (2.2.9-7ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control,rules}: enable PIE hardening. + - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles. + + -- Kees Cook Thu, 28 Aug 2008 08:10:59 -0700 + apache2 (2.2.9-7) unstable; urgency=low * Fix XSS in mod_proxy_ftp (CVE-2008-2939). @@ -787,6 +1223,23 @@ -- Stefan Fritsch Sun, 06 Jul 2008 10:38:37 +0200 +apache2 (2.2.9-3ubuntu2) intrepid; urgency=low + + * add ufw integration (see + https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages) + (LP: #261198) + - debian/control: suggest ufw for apache2.2-common + - add apache2.2-common.ufw.profile with 3 profiles and install it to + /etc/ufw/applications.d/apache2.2-common + + -- Didier Roche Tue, 26 Aug 2008 19:03:42 +0200 + +apache2 (2.2.9-3ubuntu1) intrepid; urgency=low + + * debian/{control,rules}: enable PIE hardening + + -- Kees Cook Wed, 20 Aug 2008 15:45:00 -0700 + apache2 (2.2.9-3) unstable; urgency=low [ Stefan Fritsch ] @@ -2357,9 +2810,7 @@ -- Thom May Thu, 13 Jun 2002 17:47:12 +0100 apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low - * New upstream release - -- Thom May Wed, 5 Jun 2002 12:42:34 +0100 apache2 (2.0.36-2) unstable; urgency=low @@ -2867,3 +3318,4 @@ * Initial Release. -- Daniel Stone Wed, 4 Jul 2001 21:29:29 +1000 + diff -Nru apache2-2.2.22/debian/config-dir/mods-available/ssl.conf apache2-2.2.22/debian/config-dir/mods-available/ssl.conf --- apache2-2.2.22/debian/config-dir/mods-available/ssl.conf 2012-05-28 21:40:21.000000000 +0100 +++ apache2-2.2.22/debian/config-dir/mods-available/ssl.conf 2012-05-30 04:09:17.000000000 +0100 @@ -33,7 +33,7 @@ # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin +SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism diff -Nru apache2-2.2.22/debian/control apache2-2.2.22/debian/control --- apache2-2.2.22/debian/control 2012-05-28 21:40:21.000000000 +0100 +++ apache2-2.2.22/debian/control 2012-06-08 11:37:06.000000000 +0100 @@ -1,9 +1,10 @@ Source: apache2 Section: httpd Priority: optional -Maintainer: Debian Apache Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Apache Maintainers Uploaders: Stefan Fritsch , Steinar H. Gunderson , Arno Töll -Build-Depends: debhelper (>= 8.9.7~), lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev, openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev (>= 0.9.8m), sharutils, libcap-dev [linux-any], autoconf, autotools-dev +Build-Depends: debhelper (>= 8.9.7~), lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev, openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev (>= 0.9.8m), sharutils, libcap-dev [linux-any], autoconf, autotools-dev, hardening-wrapper Build-Conflicts: autoconf2.13 Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git @@ -14,7 +15,7 @@ Architecture: any Depends: ${misc:Depends}, apache2.2-bin (= ${binary:Version}), apache2-utils, mime-support, lsb-base, procps [!hurd-i386], perl Recommends: ssl-cert -Suggests: www-browser, apache2-doc, apache2-suexec | apache2-suexec-custom +Suggests: www-browser, apache2-doc, apache2-suexec | apache2-suexec-custom, ufw Conflicts: apache2-common, apache Replaces: apache2-common Description: Apache HTTP Server common files diff -Nru apache2-2.2.22/debian/rules apache2-2.2.22/debian/rules --- apache2-2.2.22/debian/rules 2012-05-28 21:40:21.000000000 +0100 +++ apache2-2.2.22/debian/rules 2012-05-30 04:09:16.000000000 +0100 @@ -29,6 +29,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 + BUILD_DIR=debian/build-tree INSTALL_DIR_RELATIVE=install-tree INSTALL_DIR=debian/$(INSTALL_DIR_RELATIVE) @@ -93,7 +95,7 @@ AP2_event_CONFARGS=$(AP2_prefork_CONFARGS) AP2_itk_CONFARGS=$(AP2_prefork_CONFARGS) -AP2_CFLAGS = -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall $(shell dpkg-buildflags --get CFLAGS) +AP2_CFLAGS = -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall $(shell dpkg-buildflags --get CFLAGS) -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector -fno-strict-aliasing AP2_LDFLAGS = -Wl,--as-needed $(shell dpkg-buildflags --get LDFLAGS) AP2_CPPFLAGS = -DPLATFORM='\"$(LSB_RELEASE)\"' $(shell dpkg-buildflags --get CPPFLAGS) CONFFLAGS += ac_cv_prog_AWK=mawk ac_cv_prog_LYNX_PATH=www-browser @@ -220,6 +222,8 @@ # can't rename files cp debian/default-index.html debian/apache2.2-common/usr/share/apache2/default-site/index.html cp debian/bash_completion debian/apache2.2-common/etc/bash_completion.d/apache2.2-common + install -m 644 debian/apache2.2-common.ufw.profile debian/apache2.2-common/etc/ufw/applications.d/apache2.2-common + install -m 755 debian/ask-for-passphrase debian/apache2.2-common/usr/share/apache2 override_dh_install-indep: