-
Committer:
Bazaar Package Importer
-
Author(s):
Adam Conrad
-
Date:
2005-11-26 19:06:32 UTC
-
mfrom:
(0.3.1 upstream)
-
Revision ID:
james.westby@ubuntu.com-20051126190632-92v2yy30o7ny1dat
Tags: 2.0.55-4
* Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
* Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
threaded MPMs when making a non-SSL connection to an SSL-enabled port
on a server with a custom 400 error document defined; see CVE-2005-3357
* Clean up our use of trailing slashes on directories in debian/rules, so
the newer, pickier, obviously very improved coreutils doesn't bite us.
* Remove some cruft from apache2-common's postinst, dealing with upgrade
scenarios from versions older than those released in Sarge or Warty.
* Use "SHELL := sh -e" in debian/rules, so the build will stop on shell
errors, instead of blundering on to later make targets (closes: #340761)
* Recreate /var/run/apache2 and /var/lock/apache2 in our init script, in
case the user has /var/run and /var/lock on tmpfs, which is fasionable.
* Make our init script a /bin/bash script instead of a /bin/sh script, so
we can abuse it with regex globbing (#348189, #347962, #340955, #342008)
* Take patch from Adrian Bridgett to output errors from our config test
in the init script, but only do so when we're VERBOSE (closes: #339323)
* In the spirit of the LSB, make our init script exit 2 when called with
incorrect arguments, and exit 4 when asked for status (closes: #330275)
* Fix the default site to not mix configuration syntax (closes: #345922)
* Mention apxs2 in the apache2-*-dev long descriptions (closes: #307921)