-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 17 Jan 2008 20:27:56 +0100 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-dbg apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source i386 all Version: 2.2.8-1 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Next generation, scalable, extendable web server apache2-dbg - Apache debugging symbols apache2-doc - documentation for apache2 apache2-mpm-event - Event driven model for Apache HTTPD apache2-mpm-perchild - Transitional package - please remove apache2-mpm-prefork - Traditional model for Apache HTTPD apache2-mpm-worker - High speed threaded model for Apache HTTPD apache2-prefork-dev - development headers for apache2 apache2-src - Apache source code apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers apache2.2-common - Next generation, scalable, extendable web server Closes: 311269 337325 349709 411774 436441 458085 458093 458857 459236 460105 Changes: apache2 (2.2.8-1) unstable; urgency=low . * New upstream version: - Fixes cross-site scripting issues in o mod_imagemap (CVE-2007-5000) o mod_status (CVE-2007-6388) o mod_proxy_balancer's balancer manager (CVE-2007-6421) - Fixes a denial of service issue in mod_proxy_balancer's balancer manager (CVE-2007-6422). - Fixes mod_proxy URL encoding in error messages (closes: #337325). - Adds explicit charset to the output of various modules to work around possible cross-site scripting flaws affecting web browsers that do not derive the response character set as required by RFC2616. For mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to specify something else than ISO-8859-1 (CVE-2008-0005). - Adds mod_substitute which performs inline response content pattern matching (including regex) and substitution (like mod_line_edit). - Adds "DefaultType none" option. - Adds new "B" option to RewriteRule to suppress URL unescaping. - Adds an "if" directive for mod_include to test whether an URL is accessible, and if so, conditionally display content. - Adds support for mod_ssl to the event MPM. * Move the configuration of User, Group, and PidFile to /etc/apache2/envvars. This makes it easier to use these settings in scripts. /etc/apache2/envvars can now also be used to influence apache2ctl (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085) * Make apache2ctl check the configuration syntax before trying to restart apache, to match the behaviour documented in the man page. (Closes: #459236) * Convert docs to be directly viewable with a browser (and not use content negotiation). * Add doc-base entry for the documentation. (closes: #311269) * Don't ship default files in /var/www, but copy a sample file to /var/www/index.html on new installs. Also remove the now unneeded RedirectMatch line from sites-available/default. (Closes: #411774, #458093) * Add some information to README.Debian (Apache wiki, default virtual host) * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary dependencies, easing library transitions (closes: #458857). * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode. Patch by Nicolas Valcárcel. (Closes: #436441) * Add reportbug script to list enabled modules. * Fix some lintian warnings: - Pass --no-start to dh_installinit instead of omitting the debhelper token in various maintainer scripts. Also move the update-rc.d call to apache2.2-common. - Add Short-Description to init script. * Remove unused apache2-mpm-prefork.prerm from source package and clean up debian/rules a bit. * Don't ship NEWS.Debian with apache2-utils, as the contents are only relevant for the server. Files: c2f8c4852c9f6b851552901f7765e344 1269 web optional apache2_2.2.8-1.dsc 39a755eb0f584c279336387b321e3dfc 6125771 web optional apache2_2.2.8.orig.tar.gz 405c7118ef0f2e8ee36253e94b9cc5cf 128534 web optional apache2_2.2.8-1.diff.gz 7c5c628ce099a8db2af2f0673013db9d 758632 web optional apache2.2-common_2.2.8-1_i386.deb bf9cc92e127c56eacc3702a4c4a3a8e5 232758 web optional apache2-mpm-worker_2.2.8-1_i386.deb 9e326ea633159ddc17a8dcd4e6c0ed4f 228630 web optional apache2-mpm-prefork_2.2.8-1_i386.deb 4ab3e1fc87dd5e1d1a1cd8d653b653df 233408 web optional apache2-mpm-event_2.2.8-1_i386.deb 469ab3fae7c2245a1f9eb162d862fbd6 138010 web optional apache2-utils_2.2.8-1_i386.deb 61914e18762538c19fcdcd3558d0e216 206262 devel extra apache2-prefork-dev_2.2.8-1_i386.deb 985308826a67afc0acfb19f6e05eb55f 206946 devel extra apache2-threaded-dev_2.2.8-1_i386.deb 6a2141ae61e5857f168bf061a3078416 2299634 libdevel extra apache2-dbg_2.2.8-1_i386.deb 4a312e9c72ae3bb2f58b131c4dd1a7be 71126 web optional apache2-mpm-perchild_2.2.8-1_all.deb 8edcee73f90cb5c55852cd02b4cfc66d 43932 web optional apache2_2.2.8-1_all.deb b0080e3a9d6e7309b56ea594887b7b34 1938972 doc optional apache2-doc_2.2.8-1_all.deb e5fb8960e908fd0762d7a0bdfa99d94c 6398378 devel extra apache2-src_2.2.8-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHj7wLbxelr8HyTqQRAiyVAJ9mztuh0wXHVX4mchK+6L9LAxb+lgCgvdHS UY3rMy17E4oBG/p6MKPvzZA= =ixvS -----END PGP SIGNATURE----- Accepted: apache2-dbg_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.8-1_i386.deb apache2-doc_2.2.8-1_all.deb to pool/main/a/apache2/apache2-doc_2.2.8-1_all.deb apache2-mpm-event_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.8-1_i386.deb apache2-mpm-perchild_2.2.8-1_all.deb to pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1_all.deb apache2-mpm-prefork_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1_i386.deb apache2-mpm-worker_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.8-1_i386.deb apache2-prefork-dev_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.8-1_i386.deb apache2-src_2.2.8-1_all.deb to pool/main/a/apache2/apache2-src_2.2.8-1_all.deb apache2-threaded-dev_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.8-1_i386.deb apache2-utils_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.8-1_i386.deb apache2.2-common_2.2.8-1_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.8-1_i386.deb apache2_2.2.8-1.diff.gz to pool/main/a/apache2/apache2_2.2.8-1.diff.gz apache2_2.2.8-1.dsc to pool/main/a/apache2/apache2_2.2.8-1.dsc apache2_2.2.8-1_all.deb to pool/main/a/apache2/apache2_2.2.8-1_all.deb apache2_2.2.8.orig.tar.gz to pool/main/a/apache2/apache2_2.2.8.orig.tar.gz