apache (1.3.26-0woody7.0.0.1) unstable; urgency=low * apache-dev: drop the dependency on libdb2-dev. -- Philippe Troin Thu, 29 Sep 2005 11:31:11 -0700 apache (1.3.26-0woody7) oldstable-security; urgency=high * Add x_CAN-2005-2088_content_length, resolving an issue in mod_proxy where, when a response contains both Transfer-Encoding and Content-Length headers, the connection can be used for HTTP request smuggling and HTTP request spoofing attacks; see CAN-2005-2088 (closes: #322607) -- Adam Conrad Wed, 7 Sep 2005 00:25:02 +1000 apache (1.3.26-0woody6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected handling of user and file supplied data so no overflow can happen [debian/patches/x_CAN-2004-NOMATCH_htpasswd] * Applied upstream patch to fix a buffer overflow in mod_include [debian/patches/x_CAN-2004-0940_mod_include] -- Martin Schulze Fri, 12 Nov 2004 12:06:57 +0100 apache (1.3.26-0woody5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Increment version number to pass a version which was accepted but not installed -- Matt Zimmerman Thu, 24 Jun 2004 14:57:24 -0700 apache (1.3.26-0woody4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply patch from upstream CVS for buffer overflow in mod_proxy (CAN-2004-0492) -- Matt Zimmerman Thu, 24 Jun 2004 09:09:36 -0700 apache (1.3.26-0woody3) stable-security; urgency=medium * Added another fix against two overflowed buffer in the htdigest program -- Martin Schulze Sat, 26 Oct 2002 09:48:11 +0200 apache (1.3.26-0woody2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backport security fixes from 1.3.27 for the following issues: - CAN-2002-0839 (shared memory scoreboard uid/gid) - CAN-2002-0840 (cross-site scripting in error page) - CAN-2002-0843 (buffer overflows in ApacheBench ab.c) * Fix insecure temporary file creation in htpasswd (mdz) * Fix insecure temporary file creation in htdigest (joey) -- Matt Zimmerman Thu, 3 Oct 2002 16:01:51 -0400 apache (1.3.26-0woody1) testing-security; urgency=high * Recompile on woody. * Tweak dependencies on apache-common (oops). -- Matthew Wilcox Thu, 20 Jun 2002 07:59:31 -0600 apache (1.3.26-1) unstable; urgency=high * The "This mission is too important for me to allow you to jeopardize it." release. * New upstream release. * Fixes security bug, Closes: #150287 -- Matthew Wilcox Wed, 19 Jun 2002 11:40:02 -0600 apache (1.3.24-3) unstable; urgency=high * The "I've just picked up a fault in the AE35 unit. It's going to go 100% failure in 72 hours." release. * Thanks for the NMU, Steve. Add -f to mimetypes symlink creation. Closes: #142300 * Patch mod_proxy with all the fixes from CVS. Grumble. Closes: #144520 -- Matthew Wilcox Mon, 29 Apr 2002 14:46:48 -0600 apache (1.3.24-2.1) unstable; urgency=low * "I think you know what the problem is just as well as I do." * symlinking fixed in postinst, package will install on autobuilders, everybody's happy (closes: #142300). -- Steve Langasek Mon, 15 Apr 2002 15:59:08 -0500 apache (1.3.24-2) unstable; urgency=high * The "Without your space helmet, Dave, you're going to find that rather difficult" release. * Fix timestamp in previous changelog entry. * Every time upstream releases a new version, we have to update our control file. Closes: #141965 * Add a #! to apache-common.postinst. Closes: #141866 -- Matthew Wilcox Tue, 9 Apr 2002 11:34:00 -0600 apache (1.3.24-1) unstable; urgency=low * The "I am putting myself to the fullest possible use, which is all I think that any conscious entity can ever hope to do." release. * New upstream release. * Update EAPI patch from mod_ssl 2.8.8-1.3.24 * Update mod_auth_cache to 0.1.1 * Change ubersed to reference /etc/mime.types instead of /etc/apache/mime.types. Move mime.types symlink maintenance from apache to apache-common. Closes: #130256 * Really change apacheconfig script to match directives case-insensitively. Closes: #131104 * Call stat after we open the file in apacheconfig. Patch courtesy of Thom May. Closes: #131548 * Fix tpyo in doc-base file. * Patch mod_bandwidth to use a FHS-compliant directory. Ensure it is created at installation time. Closes: #111216 * Patch configure to not quote thetarget. Closes: #133612 * Change apache-dev's priority to extra because libdb2-dev is in extra now. * Add a dependency on dpkg (>> 1.9.0) because apache now uses start-stop-daemon --retry. Closes: #138900 * Remove one '../' from the icons symlink. Closes: #136554 * add `|| true' to the apache restart line in postinst. -- Matthew Wilcox Mon, 8 Apr 2002 09:37:35 -0600 apache (1.3.23-1) unstable; urgency=high * The "I know I've made some very poor decisions recently, but I can give you my complete assurance that my work will be back to normal." release. * New upstream release. - mod_auth_mysql & mod_auth_pgsql tarballs removed. - dbm_ll_over_the_shop patch reworked. - negotiation patch removed (incorporated in this release) - removed KEYS, README-WIN.TXT and WARNING-WIN.TXT from doc/apache/ - use patch included in upstream pkg.eapi instead of duplicating it. * Change apacheconfig script to match directives case-insensitively. Closes: #131104 * Remove superfluous `$' in postinst. Remove quotes from logs. Remove logs which are piped to commands. Closes: #130717, #130603 * Behave graciously if this is a fresh install and there are no configuration files yet. Closes: #130696 * Rename dbase.off to apache-doc.doc-base to let dh_installdocs work its magic. Closes: #31173 * Remove `pointless debmakeism' from debian/rules -- buildinfo.Debian is no more and the apache-doc postinst/prerm are halved. -- Matthew Wilcox Wed, 6 Feb 2002 17:46:45 -0700 apache (1.3.22-6) unstable; urgency=medium * The "Look Dave, I can see you're really upset about this" release. * Exclude suexec from dh_fixperm. Closes: #126706 #127605 #127323 * Depend on a sufficiently recent version of logrotate to support sharedscripts. Closes: #124339 * Split out mod_auth_mysql & mod_auth_pgsql into separate packages. Closes: #78670 #88338 #116650 #118843 * Rewrite init script to use start-stop-daemon instead of using apachectl. Closes: #126743 #126827 #128909 * Forward-port suexec changes to 1.3.22 rather than replace 1.3.22's suexec with a patched one from 1.3.9. * Add a wildcard match for SSL_* to suexec's acceptable variables for the benefit of mod_ssl users. Closes: #40226 * Update debian/copyright with the Apache Software Licence. Add the names of some contributors. Update acknowledgement text. * Add patch from Apache PR#8334 to eliminate one potential cause of segmentation faults. Closes: #117471 * Add patch from Apache CVS to revert mod_negotiation behaviour to that of 1.3.20. Closes: #122806 * Patch courtesy of Steve Stock to apacheconfig to read all config files, including those mentioned through the Include directive. Closes: #12094 #59998 #105820 #129372 * Add note to README.Debian about default logfile permissions. * Remove old /etc/cron.daily/apache and /etc/apache/cron.conf if they exist. Also remove cron.conf example and references in apacheconfig. Closes: #129742 * Add delaycompress to logrotate file (fixes part of #128148). * Lintian cleanups. Closes: #92882 - Change apache-common control from Replaces: apache to Replaces: apache (<= 1.3.1-1). - Change /usr/share/doc/apache/icons symlink to point to ../../../apache/icons instead of /usr/share/apache/icons. - Add overrides for suexec and apache.dbg - Change permissions on apaci to 644 - Remove /usr/share/doc/apache/manual/LICENSE - Remove /usr/share/doc/apache/INSTALL.gz -- Matthew Wilcox Tue, 22 Jan 2002 09:23:20 -0700 apache (1.3.22-5) unstable; urgency=low * The "I honestly think you ought to calm down; take a stress pill and think things over." release. * Change the apache postinst to eliminate bashisms. Thanks to Gergely Nagy for suggesting a fix. Closes: #124061 * Replace $((t--)) with $((t-=1)) since the version of bash distributed with potato does not recognise $((t--)). Closes: #124114 * Add `AddIcon /icons/deb.gif .deb' to httpd.conf. Closes: #66347 * Change -fpic to -fPIC in apache_1.3.22/src/Configure (patch is debian_requires_fPIC) to conform to Policy 11.2. Closes: #123128 * Clarify ServerRoot description. Closes: #92138 * Change the sed expression which replaces CFG_TARGET.conf with httpd.conf in apxs. It now does what it was intended to do. Closes: #102376 * Strip CFG_SYSCONFDIR instead of CFG_PREFIX from the start of module directives. Patch courtesy of Yves Arrouye . Closes: #103403 -- Matthew Wilcox Sat, 15 Dec 2001 20:00:46 -0700 apache (1.3.22-4) unstable; urgency=low * The "This sort of thing has cropped up before and it has always been due to human error." release. * Remove suidregister calls from apache-common postinst & postrm. Distribute suexec as mode 4755 instead. Closes: #84886, #119201. * Integrate new mod_autoindex features from upstream. Patch courtesy of Kestutis Kupciunas . Closes: #100677 #116221 #118518 #119711 * Redo init.d script based on work from John Rowland Lenton and Grant Bowman . Now traps the output from apachectl and only prints it on error. Also waits up to 30 seconds for apache to stop on a restart instead of a fixed 4 seconds. Closes: #63541, #78041, #79342, #83820, #110456, #121513 * Change capitalisation of Order, Deny and Allow in 210mod_access.info to match that in httpd.conf. Closes: #121104, #102799 * Actually make SUBVERSION `Debian GNU/Linux' instead of `Debian-GNU/Linux'. Make Martin Michlmayr happy. * Switch to using logrotate instead of custom apache cronjob. Insert chunk of code from Adam Heath in postinst to check for logfiles outside /var/log/apache and echo a warning. Closes: #109535, #120195, #123193, #44524, #67255, #90033, #106951, #110409, #114976, #119351 * Add patches from Adam Heath to use the build system better and fix a bug in apachebench. Closes: #64317 * Enable mod_auth_digest. Closes: #108752 * Make apache init script exit 1 on failure. Closes: #75452 * Add icons/small to debian package. Also add .png versions of .gif files. Closes: #123596 * Add a call to /etc/init.d/apache restart in postinst. -- Matthew Wilcox Fri, 14 Dec 2001 11:30:48 -0700 apache (1.3.22-3) unstable; urgency=low * New maintainer. * The "My god... it's full of bugs" release. Incorporates previous NMU. Closes: #120713, #116509, #117616, #96159 * Alternative way of clearing apachectl's environment based on Alexander Hvostov's patch. Closes: #112986, #113387, #114720, #115224, #115766 #116971, #117243, #119617, #122055, #110856 * Specify PG_LIB in debian/rules to make us link against libpg. Closes: #121245, #122752 * Temporarily disable mod_auth_pgsql so I don't violate any crypto regs. It'll be back as soon as we have crypto-in-main. * Add -O1 to CONFLAGS. This turns on inlining for modules when requested. Closes: #120243, #121214, #121268, #122054, #76160, #72911 * Change SERVER_SUBVERSION to "Debian GNU/{Linux,Hurd}". Closes: #114601 -- Matthew Wilcox Sat, 8 Dec 2001 21:17:07 -0700 apache (1.3.22-2.1) unstable; urgency=medium * NMU to close RC bugs before woody. * Add a build-dep on libexpat1-dev and make apache-dev depend on libexpat1-dev. Closes: #120713, #116509 * Add libdb2-dev to apache-dev's Depends. Closes: #117616 -- Matthew Wilcox Mon, 26 Nov 2001 21:08:12 -0700 apache (1.3.22-2) unstable; urgency=low * Removed mod_random and mod_layout, now in separate packages, closes: #116614. -- Johnie Ingram Mon, 22 Oct 2001 15:24:44 -0700 apache (1.3.22-1) unstable; urgency=low * The "Comeback Special" release. VERSION T1A (sat) * New upstream version. * Corrected spelling of behavior in intro.html, closes: #108051, #91907. * Default ownership of logfiles is root/adm, perms 640 (closes: #112675). * Removed spurious echo -nes from init script, closes: #92626. * Includes NMU 1.3.20-1.1, closes: #102170, #72468, #98220. * Obsoleted debian patches: - ab_round_robin_support * Historical bugs: - Access files are not downloadable since 1.3.12, closes: #63162. - Configuration problem fixed in 1.3.14-2.2, closes: #64704. - Perl packages satisfy perl dependency, closes: #64547. - PostgresSQL now buys "www-data", closes: #62922. - Fixed "uninit value in concatenation" in 1.3.20 and other mysterious perl problems, closes: #113887, #65335. - Restarts after libc upgrade, closes: #72530. - Uses libgdbm instead of ndbm.h, closes #74780. - Cron script uses apachectl instead of SIGHUP, closes: #96033. VERSION T1B (wed) * Updated mod_ssl EAPI patch to 2.8.5-1.3.22. * Updated mod_throttle to 3.1.2, closes: #72911, #114857. * Put mysql and pgsql modules back, closes: #97544, #91264. * Moved most supplemental modules to upstream/tarballs. * Added more module documentation to apache-common. * Added mod_auth_cache. * Removed unnecessary -ldb1 from apxs. -- Johnie Ingram Fri, 19 Oct 2001 01:21:00 -0700 apache (1.3.20-1.1) unstable; urgency=low * Non-maintainer upload. * Clear environment in init.d script to prevent leaking priviledged info. (closes: Bug#98220) * Change default logfile perms to 640; owned by root.adm. (closes: #72468) * Allow building with libgdbmg1-dev installed. (closes: Bug#102170) -- Jonathan McDowell Wed, 15 Aug 2001 23:46:21 +0100 apache (1.3.20-1) unstable; urgency=low * New upstream version. * Included patch from Marcus Brinkmann for hurd compile, closes: #100296. * MaxSpareServers set down to 10 in default config for 32MB operation, closes: #98384. * Added MultiViews to location /doc/, closes: #95020. * Switched to /usr/share/doc (finally), closes: #58061. * Fixed bug in apacheconfig on upgrade ("use of uninitialized value in concatenation"), broken by 1.3.9-13.1, closes: #88178, #92133, #92653, #71834, #75758, #83673, #83796. * Fixed typo in cron.daily ("unary operator expected"), closes: #94147. -- Johnie Ingram Tue, 12 Jun 2001 12:45:54 -0700 apache (1.3.19-1) unstable; urgency=low * New upstream version (apache, eapi), closes: #88177, #84678, #78527. * Removed stray strace invocation from debian/rules, closes: #90214, #90418, #90732. -- Johnie Ingram Mon, 26 Mar 2001 09:20:55 -0800 apache (1.3.14-3) unstable; urgency=low * Non-NMU, closes: #80210, #79364, #81699, #75087, #87676, #64123. * Moved mysql and postgres support to separate packages, closes: #83830, #87676. * Fixed link to BTS from default start page, closes: #86618, #74521. * Upgraded priority of apache-dev from extra to optional, closes: #84168. * Fixed apacheconfig regex so AddType directives with over one character of whitespace are recognized, closes: #88922. * Uses single config file (since 1.3.12-2), closes: #79929. -- Johnie Ingram Fri, 16 Mar 2001 12:04:42 -0800 apache (1.3.14-2.3) unstable; urgency=low * Non-maintainer upload * Re-build on i386 to fix broken Depends: line in 1.3.14-2.2, closes: #87676 -- Paul Bame Mon, 26 Feb 2001 13:54:50 -0700 apache (1.3.14-2.2) unstable; urgency=low * Non-maintainer upload * don't kill all processes named 'apache', closes: #75087 * remove lingering AddDefaultCharsetName from older Debian package, closes: #81699 -- Paul Bame Sat, 24 Feb 2001 13:02:07 -0700 apache (1.3.14-2.1) unstable; urgency=low * NMU (maintainer is not able only recompile it in one month) * and that closes: #80210, #79364 -- Petr Cech Fri, 26 Jan 2001 11:47:47 +0100 apache (1.3.14-2) unstable; urgency=low * Fixed typedef of regoff_t in regex2.c from off_t to int, fixing php4 incompatibility with the LFS apache, closes: #78780, #78902. * MODULE API CHANGE: please recompile and depend on: apache-common (>= 1.3.14-2) * Removed LDAP support from apache-common (now in separate package). * Debhelper still in Build-Depends, closes: #72963. * Slight woody incompatibility fixed by new libc, closes: #72527, #72654. -- Johnie Ingram Wed, 6 Dec 2000 15:07:29 -0800 apache (1.3.14-1) unstable; urgency=medium * [RC, security] New upstream version, fixing mod_rewrite problem, closes: #74708, #75174. * mod_ssl EAPI patch 2.7.1-1.3.14 * apache-contrib 1.0.8 (same) * mod_auth_ldap 1.4.6 * fix for rewrite security fix of 1.3.14 * Recompile on potato, reopens: #72572. * Added debhelper to Build-Depends, closes: #69101. * Linked mod_auth_mysql to mysqlclient dynamically, closes: #76534. * Moved adduser stuff from preinst to postinst, added explicit dependency on adduser, closes: #76796. * Includes drow's miraculous perl 5.6 workaround in apacheconfig, closes: #77180, #78382, #78281, #78286, #76704, #74755. * Added NameWidth=* to default httpd.conf, closes: #71824. * Clarified punctuation in intro.html, closes: #63780. * Clarified README.Debian wording, closes: #66656. * Fixed invocation of DBS in debian/rules reset target; added sed in configure-stamp to delete -ndbm from apxs (otherwise the linker segfaults, fun). -- Johnie Ingram Thu, 30 Nov 2000 10:33:48 -0800 apache (1.3.12-2.2) unstable; urgency=low * NMU with maintainer permission. * Recompile on woody (Closes: #72572) * Avoid using /m in apacheconfig, as it makes perl 5.6 very unhappy. * Build with libmysqlclient10-dev and update build-depends. * Build Apache with CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64", to make mod_perl happier. * Add EXTRA_CONFARGS and CONFCMD patch for mod_perl. -- Daniel Jacobowitz Mon, 27 Nov 2000 20:48:07 -0500 apache (1.3.12-2.1) unstable; urgency=low * NMU for new libdb2/glibc -- Ben Collins Wed, 27 Sep 2000 13:35:15 -0400 apache (1.3.12-2) unstable; urgency=low * Merge changes in 1.3.9-13.1, closes: #62741, #62721, #60257, * AddDefaultCharset fix from Torsten Landschoff closes: #67258, #67497, #65888, #66067, #67052, #67062, #67070, #67073, #68756, #62732, #62721, #63418. * Added note explaining why index.html is owned by root.root, closes: #61978. README.Debian is still cryptic however. * Conflicts with jservs that dont do EAPI (<= 1.1-3), closes: #65610. * Apxs no longer requires apache to compile, closes: #65631. * Uses single httpd.conf file by default (6.E plus enhancements by Richard Hwang); apaheconfig modified to tolerate this, closes: #57295. -- Johnie Ingram Thu, 10 Aug 2000 09:42:38 -0700 apache (1.3.12-1) unstable; urgency=low * New upstream version, closes: #60586. * mod_ssl EAPI patch 2.6.3-1.3.12 * apache-contrib 1.0.8 * mod_auth_ldap 1.4.2 -- Johnie Ingram Sun, 16 Apr 2000 09:40:00 -0500 apache (1.3.9-13.2) stable; urgency=high * Non-maintainer upload by Security Team * Applied patch from Greg K-H from WireX fixing insecure creation of tempfiles in htpasswd and htdigest. * Added one more incarnation of 'chmod +x debian/ubersed' was required * Backported security patch from 1.3.13 that fixes a bug in mod_rewrite that enables an attacker to be able to access any file on the web server. -- Martin Schulze Thu, 25 Jan 2001 23:44:06 +0100 apache (1.3.9-13.1) frozen; urgency=low * [RC] debian/scripts/source.unpack: Add "-f -" to call of tar since older versions defaulted to /dev/rmt0 instead of stdin for the archive path (closes: #62741). * [RC] debian/srm.conf: Fixed default character set configuration (closes: #62721). * [RC] debian/apacheconfig: Don't mess with the DocumentRoot by default (closes: #60257). -- Torsten Landschoff Sat, 29 Apr 2000 10:10:55 +0200 apache (1.3.9-13) frozen unstable; urgency=medium * [RC, security] Backported security fix for Cross Site Scripting issue (CERT Advisory CA-2000-02) from apache 1.3.11 patch. * Added default charset iso-8859-1 to initial configs. * [RC, critical] Perl dependency reordered to "perl5 | perl", closes: #61421, #62427, #60575. * Postinst no longer complains on missing /etc/aliases, closes: #60575. * Cron script detects logfile lines with whitespace, closes: #59995. * Fixed apxs filename edited when enabling modules (missing /g in rules sed); suppressed linking to -ldbm, closes: #53172. * The apxs in apache-dev no longer needs apache binary, closes: #47221. * Perms registered for suexec changed to 4755 from 4555, closes: #60147. * Added text from beleagured Debian Webmasters to intro.html, making it clear the project is not responsible for installations, closes: #61414. * LICENSE file of manual included since 1.3.9-1, closes: #42940, #60994, #60995. -- Johnie Ingram Sun, 16 Apr 2000 08:29:56 -0500 apache (1.3.9-12) frozen unstable; urgency=low * [RC] Cron script avoids killing itself, closes: #59365, #59647, #59672, #59659, #59694. * [RC] Order of mod_rewrite and mod_alias loading fixed, closes: #47038, #52893, #58465. * [RC] Deleted line 284 of debian/rules (suid suexec), set it unexecutable by default, closes: #59588, #44096. * Loophole in console message policy exploited, closes: #23848, #39304, #47033, #58848. * Webmaster mail alias is added if needed, so apacheconfig doesn't ask about this during package install, closes: #38068. * Option --manual-modules added to apacheeconfig, so default (and correct in amost all cases) is to work module magic automatically, closes: #38068, #45301. * New full-auto mode added to apacheconfig for postinst "initial setup" use: unlike mere --update, httpd.conf and srm.conf are installed, no questions are asked, and some backups are omitted. * Added LANG=C to init script, so apache doesn't write unparsable logfiles, closes: #42202. * Apacheconfig does not attempt to set non-/var/www documentroot (since 1.3.9 T3B), closes: #27701, #38066, #51733. * All incorrect manpage references to "httpd" are corrected by ubersed, closes: #54465. * Apacheconfig script does not stop apache if it isn't running. * Included improved suexec from Robert Varga that understands <--#exec with parameters (ported from 1.3.3), and includes HTTPS and REDIRECT_HTTPS vars, closes: #47951. -- Johnie Ingram Thu, 9 Mar 2000 05:15:12 -0600 apache (1.3.9-11) frozen unstable; urgency=low * Reversed openldap2 patch, potato uses v1; closes: #49849, #58168. * Added debhelper tag to apache-common postinst, so doc symlink management works. * Added info file for mod_auth_mysql, closes: #56862. * Updated version of mod_throttle, closes: #52683. * Fixed example logfile locations in httpd.conf, closes: #49113. * Removed info files for modules not included in apache-common, closes: #55750, #58732. * Default srm.conf AddLanguage corrected from .jp to .ja, closes: #58134. * Added sharutils to Build-Depends (due to uudecode in rules). * Removed AuthAuthoritative from mod_auth_sys info (it duplicates command in mod_auth), closes: #45708. * Cron script reloads apache with a -HUP, if possible, instead of using apachectl which may have undesired side effects, closes: #57333. * Disabled phf.apache.org error in default access.conf, closes: #51732. * Group for new /var/www directory changed from www-data to root, closes: #53498. * Default srm.conf restricts /doc/ to localhost, closes: #34099. -- Johnie Ingram Sat, 26 Feb 2000 13:49:08 -0600 apache (1.3.9-10) unstable; urgency=low * Systemwide mime types file is used, closes: 45428. * The setenvif module is loaded by default, so running apacheconfig isn't necessary (a problem discovered by doogie). -- Johnie Ingram Sat, 30 Oct 1999 21:09:43 -0500 apache (1.3.9-8) unstable; urgency=low * Made ubersed executable, fixing random default-config problems, closes: #44151, #45566, #45557. -- Johnie Ingram Mon, 20 Sep 1999 18:01:34 -0500 apache (1.3.9-7) unstable; urgency=low * Compile fix for the DBS from Daniel Jacobowitz. -- Johnie Ingram Tue, 14 Sep 1999 23:10:35 -0500 apache (1.3.9-6) unstable; urgency=low * Need for mod_proxy should now be detected correctly (newer directives weren't ilsted), closes: #44929. * Compilation of mod_auth_ldap is optional. -- Johnie Ingram Sun, 12 Sep 1999 21:13:08 -0500 apache (1.3.9-5) unstable; urgency=low * Included auth_ldap from Rudedog's software laboratories. * Creates /var/www during initial install again, closes: #44549. * ScriptAlias problem was non-bug, closes: #44525, #43926. -- Johnie Ingram Fri, 10 Sep 1999 06:47:19 -0500 apache (1.3.9-4) unstable; urgency=low * Updated to conform to the final determination of the Technical Committee (re FHS transition); built with new debhelper. * The mkdir of 'debian/stampdir/upstream' uses -p, closes: #44453. * Included EAPI 2.4.2. -- Johnie Ingram Mon, 6 Sep 1999 04:40:23 -0500 apache (1.3.9-3) unstable; urgency=low * Added debhelper-hack detection. * Fixed sanity-check failure during creation of www-data user, closes: #43866, #43951, #43876, #43905, #42381. * Added patch to ab from doogie so it can test round-robin DNS webserver clusters. -- Johnie Ingram Thu, 2 Sep 1999 02:17:11 -0500 apache (1.3.9-2) unstable; urgency=low * Fixed problem with grep for detection of www-data user (#43866). -- Johnie Ingram Tue, 31 Aug 1999 13:44:25 -0500 apache (1.3.9-1) unstable; urgency=low VERSION T1A (fri): * New upstream version, which "incorporates over 60 significant improvements to the server." * Packaging modernized to use 100% debhelper technology. * Corrected control file -- apxs is in apache-dev, not apache-common. * Include latest EAPI patch from modssl 2.3.11 (NMU, miquels), closes: #42983. * Fixed various and sundry issues in apxs and internal build apxs, closes: #41646, #41775, #32085, #32704, #35630. * Daemon with debugging symbols included with apache-dev, a feature requested by March Eichin, closes: #42098. * Corrected section number in ab and apachectl manpage. * Redundant files removed from apache-common and apache-doc, closes: #32881 (icons/README omitted, icon link in index.html changed, file moved to manual.html, icon symlink create; intro.html can't be moved). * The suexec binary is enabled, suid, standard, and no longer a conffile, closes: #40802, #14880, #15191, #23490, etc. etc. * The suexec source includes ap_config.h, and DOC_ROOT is /var/www, closes: #41151. * Section of apache-doc changed to "doc" from "web", #38925 forwarded. * LICENSE file of manual included for linking purposes, closes: #42940. * Frontpage support is best done by a separate mod-openasp module, closes: #35904. * Instructions for enabling effect of -DSECURITY_HOLE_PASS_AUTHORIZATION at runtime added to README.Debian, closes: #39171. * Discussion of security of /cgi-bin/ referred to debian-devel (all webservers are affected), closes: #43227. * Various inetd-mode bugs fixed upstream, closes: #22036 (but inetd mode is still not recommended). * Updated to Standards-Version 3.0.1.0. VERSION T2A (fri): * Removed errant bashism from postinst; fixed perl, apxs, lintian errors. VERSION T2B (sat): * The apacheconfig script corrects the /doc/ Alias for FHS compliance, closes: #42374. * Included modified version of mod_autoindex and sample htaccess; user-visible changes: * FancyIndexing uses a white background a images with border=0. * New Directives: SidebarName, BodyName, FooterName. * New IndexOptions: StudlyIndexing, BodyColor=, TextColor=, HeaderColor=, FooterColor=, SideColor=, ReadmeColor=. * Output uses HTML 4.0 transitional with CSS tags. * Files named *core (notably gnome-core) are no longer assigned core.gif icon by the default conf (fix is */core), closes: #34167, #43070. * Added official open-use Debian logos; converted one of these into deb.gif for deb files; updated intro.html. * Updated default IndexIgnore to mask README and HEADER instead of all README*, closes: #40468. * Deletion of /var/www written off as impossible, closes: #42285 (possible apache-ssl bug, however). * The install assumes you want to use a valid config, closes: #35618, #35044. * CVS was added to default IndexIgnore in 1.3.6-10, closes: #37609. * Fixed __ucmpdi2 error when using apxs -c on mod_auth_mysql and others, closes: #41918, #41130. * Auth modules using SQL databases are statically linked to client libs. * Init script no longer traps the signals mod_jserv needs, closes: #32450. * Cron script rotates rewrite.log if needed, closes: #33247. * APACHE_DAY_TO_RUN (and DAYS) may now be set to "none", closes: #41037. VERSION T3A (sun): * Packaging updated to use elite doogie DBS technology. VERSION T3B (mon): * Wrote manpage for apacheconfig, closes: #13168. * ServerName problem unreproducable by submitter, closes: #34399. * UserDir in default srm.conf fixed, closes: #34282. * Throttle module omitted (no new upstream version available), closes: #40183, #36864, #36918. * Questions about DocumentRoot and Port suppressed during install, closes: #38066. * Default access.conf uses SymlinksIfOwnerMatch for home, and forbids retrieval of .htaccess files, closes: #35823, #41101. * Apacheconfig will not muck with access.conf and srm.conf on update if the sysadmin has merged everything into a single file, closes: #35083. * Included modified docs on mod_roaming, which is no longer a separate package, closes: #41312, #31842, #35200, #32432. * Fixed bug which could cause mod_env to be omitted from the config. * The bug that apache continues running when ulimits prohibit logfile growth is more properly an issue with su, if a bug at all; closes: #35303. -- Johnie Ingram Tue, 31 Aug 1999 02:29:55 -0500 apache (1.3.6-15.2) unstable; urgency=low * Non-maintainer upload * Compiled against glibc 2.0.7 (slink) by request of real maintainer * Include latest EAPI patch from modssl 2.3.11 fixing bug #42983 -- Miquel van Smoorenburg Mon, 16 Aug 1999 10:58:51 +0200 apache (1.3.6-15.1) unstable; urgency=low * Non-maintainer upload fixing grave #41646. * Fixed the substitution of SBIN when generating debian/apxs. The was a '/' too much at the end so the path wasn't replaced. -- Roman Hodek Thu, 12 Aug 1999 12:59:17 +0200 apache (1.3.6-15) unstable; urgency=low * Corrected compile patch, allowing apache to build again, closes: #41621, #41646. -- Johnie Ingram Tue, 20 Jul 1999 22:20:49 -0400 apache (1.3.6-14) unstable; urgency=low * More perl fixes, closes: #41123. * Applied patch from Daniel Jacobowitz, fixing his inability to compile apache. :-) -- Johnie Ingram Mon, 12 Jul 1999 15:21:01 -0400 apache (1.3.6-13) unstable; urgency=low * Updated for new perl policy. * Added mod_auth_pgsql. -- Johnie Ingram Sat, 10 Jul 1999 14:04:33 -0400 apache (1.3.6-12) unstable; urgency=low * Linked with newer mysql client lib from Flood, so it works with Potato MySQL. -- Johnie Ingram Fri, 11 Jun 1999 14:32:56 -0400 apache (1.3.6-11) unstable; urgency=low * Applied glibc 2.1 fixes from Joel Klecker, closes: #38328, important). * Fixed ServerType regex in init script, closes: #37187. -- Johnie Ingram Thu, 3 Jun 1999 13:57:51 -0400 apache (1.3.6-10) unstable; urgency=low * Added CVS to default IndexIgnore, closes: #37609. -- Johnie Ingram Thu, 13 May 1999 09:55:36 -0400 apache (1.3.6-9.1) unstable; urgency=low * glibc 2.1 fixes. -- Joel Klecker Tue, 25 May 1999 20:31:16 -0700 apache (1.3.6-9) unstable; urgency=low * Removed lynx suggestion, closes: #36820. -- Johnie Ingram Wed, 28 Apr 1999 10:46:55 -0400 apache (1.3.6-8) unstable; urgency=low * Removed conflict with php3, no longer necessary. -- Johnie Ingram Mon, 26 Apr 1999 04:35:00 -0400 apache (1.3.6-7) unstable; urgency=low * Added mod_throttle 2.06 by Anthony Howe. * Added pre-rotation script feature to cron.conf. -- Johnie Ingram Mon, 12 Apr 1999 11:42:52 -0400 apache (1.3.6-6) unstable; urgency=low * Added ExtendedStatus to directive list for mod_status, a problem found by Daniel Jacobowitz. -- Johnie Ingram Fri, 9 Apr 1999 01:03:01 -0400 apache (1.3.6-5) unstable; urgency=low * Again closes: #35447, #35542, #35323, #35344. -- Johnie Ingram Wed, 7 Apr 1999 10:23:43 -0400 apache (1.3.6-4) unstable; urgency=low * Another attempt to remove the mysql-base dependency, closes: #35447, #35542. -- Johnie Ingram Sun, 4 Apr 1999 18:34:19 -0400 apache (1.3.6-3) unstable; urgency=low * Removed spurious dependency on mysql-base, closes: #35323, #35344. * Removed apachectl.8 and httpd.8 from apache-common, closes: #35316. -- Johnie Ingram Wed, 31 Mar 1999 09:53:29 -0500 apache (1.3.6-2) unstable; urgency=low * Corrected bug in apxs that made it not use -DEAPI for modules, closes: #33643. * Moved apxs manpage to correct package. * Note: The init script hasn't depended on start-stop-daemon --pidfile in a while, which closes: #4580. -- Johnie Ingram Tue, 30 Mar 1999 11:28:16 -0500 apache (1.3.6-1) unstable; urgency=low * New upstream version. * Fixed location of config file (CFG_TARGET) in apxs, closes: #30500, #31848. * Re-added glibc 2.1 fixes from Christian Meder. * Added "ExtendedStatus on" directive to default config. * The apxs utility is in apache-dev and uses the correct ld -lc incantation, closes: #31471, #31848, #32705. * Numerous modules addded from Engelschall apache-contrib sources. The apache-common package: * Absorbs and replaces libapache-mod-put at version 1.2-1: Michael Alan Dorman assembled this package from original sources by Lyonel VINCENT . * Absorbs and replaces libapache-mod-roaming at version 1.0.0-1: This package was debianized by Johnie Ingram (johnie@debian.org) on Sun, 3 Jan 1999 23:09:49 -0500. * Absorbs and replaces libapache-mod-auth-sys at version 1.10-4.2: Michael Alan Dorman assembled this package from original sources by Franz Vinzenz . * The ab utility can now output HTML, closes: #33322. * Acknowledges NMU of libapache-mod-put by John Goerzen, closes: #28135. * Acknowledges NMUs of libapache-mod-auth-sys by me, closes: #30617, #30887. (Changes since test release 1.) * Automagically fixes the Group directive if needed, so Apache will work on glibc 2.1 i386 systems, closes: #34743, #34776. * Compiled in mod_macro and added HTML docs. -- Johnie Ingram Wed, 24 Mar 1999 03:18:46 -0500 apache (1.3.5-1) unstable; urgency=low * New upstream version. * The apxs utility is in /usr/bin, closes: #34761. * Bugs fixed in previous releases: slink dependency on apache-common >= 1.3.4, closes: #33372. -- Johnie Ingram Mon, 22 Mar 1999 00:10:11 -0500 apache (1.3.4-5) unstable; urgency=low * Added support for EAPI, by popular demand, closes: #31820. -- Johnie Ingram Mon, 15 Feb 1999 18:01:09 -0500 apache (1.3.4-4) unstable; urgency=low * Removed exit 0 from cron.daily, closes: #32893. * User directories no longer allow symlinks by default (config patches from Ben Collins and Torsten Landschoff, closes: #32204, important); updated docs. -- Johnie Ingram Thu, 11 Feb 1999 12:26:44 -0500 apache (1.3.4-3) unstable; urgency=low * The apache-dev package depends on apache, closes: #28202. * Accept-Language: * bug fixed upstream, closes: #29895. * Includes os-linline.c (since 1.3.4-1), closes: #31375. * FTP proxy response fixed upstream, closes: #27958. * Eliminated more lintian warnings. -- Johnie Ingram Tue, 2 Feb 1999 14:37:18 -0500 apache (1.3.4-2) unstable; urgency=low * Removed the apache-1.3.4/o file, noticed by Daniel Jacobowitz. * Closes Accept-Language: * bug (#29895). * Bugs in 1.3.4-1 prerelease that were fixed by the 1.3.4-1 real upload but unfortunately left undocumented as being fixed: #31735 #31848. -- Johnie Ingram Wed, 13 Jan 1999 04:12:57 -0500 apache (1.3.4-1) unstable; urgency=low * New upstream version, fixing Accept-Language: * bug (#29895). * The apache-dev package now includes os-inline.c (#31735). * Removed possible bashism from apache postinst. -- Johnie Ingram Tue, 12 Jan 1999 18:15:09 -0500 apache (1.3.3-5) frozen unstable; urgency=low * Tweaked init script to understand comments when checking ServerType (#31503, important). * Tweaked dbmmanage to remove `-' deprecation warning (#31762). * Hardcoded server limit set to 512 (#30670). * The apacheconfig program now waits for apache to terminate before starting it again (#31600). * Install script now adds the magic LoadModule line to httpd.conf if for some reason it is completely deleted (#23696). * Cron script intercepts the truly ancient "#-1" User/Group before giving it to savelog (#28200). * Closes #29830 and #28566, rotation of logs in Included files. * Included db1/db.h fix from Sparc upload (#30403). * Closes #27234, feature Options +NoSuExec (patch withdrawn by author via IRC). * Bugs fixed in previous releases, or non-bugs: #23755 (RTLD_NOW), #26318 (suidness of suexec), #25987 #25991 (dbmmanage, reported working in 31762 above). -- Johnie Ingram Tue, 12 Jan 1999 16:20:02 -0500 apache (1.3.3-4) frozen unstable; urgency=low * Linked with libc6 2.0.7u-6. * Stripped debugging symbols from loadable modules in apache-common. * Included patch to cron.daily from Jason Gunthorpe so it also rotates logfiles in configuration files added by the "Include" directive (#29830), fixing #28566. -- Johnie Ingram Thu, 26 Nov 1998 14:49:09 -0500 apache (1.3.3-3.1) frozen unstable; urgency=low * non maintainer, sparc only upload * ndbm.h has moved to db1/ndbm.h with glibc2.1 -- Christian Meder Sat, 28 Nov 1998 03:00:34 +0 apache (1.3.3-3) unstable; urgency=low * Suppressed "futile" error during fresh install (#25690). * Config program does hard restart instead of graceful, so modules are reloaded (#23251, also fixes #22443). * Removed erroneous Meta tags from example srm.conf (#24623). * Brian White confirms that removing "application/x-compress" and "application/x-gzip" from mime.types was correct (20809). * Bugs fixed in previous versions, or non-bugs: #22546 (DirectoryIndex doesn't work), #24776 (mod_rewrite possibly broken). * The apache-common package correctly overwrites htpasswd from apache (#22695). -- Johnie Ingram Mon, 12 Oct 1998 20:46:47 -0400 apache (1.3.3-2) unstable; urgency=low * Fixed syntax error in debian/rules (#26942). * Config programs configures ServerName on initial install again (#25161, also fixes #22870). * Bugs fixed prior to this release: #23573, #26127 (suidregistration of htpasswd), #24415 (suexec and conf.h), #23461 (usr/tmp, fixed in 1.2.1), #22410 (apachectl non-Linux portability, fixed in 1.3.1). * Build process tweaked to be compatible with debhelper from hamm. * Modified example mime.types so compressed PS files are correctly sent as "application/postscript, encoding x-gzip" instead of merely gzipped data (20809, forwarded to mime-support for final resolution). -- Johnie Ingram Mon, 12 Oct 1998 14:45:50 -0400 apache (1.3.3-1) unstable; urgency=low * New upstream version. * Closes t1k bug by IRC request (#25641). -- Johnie Ingram Wed, 7 Oct 1998 15:31:29 -0400 apache (1.3.2-3) unstable; urgency=low, closes=27316 * Added -O2 at Daniel Jacobowitz's behest. * Compiled with libc6 2.0.7t-1 because 2.0.7u of slink blows chunks (#27316). -- Johnie Ingram Thu, 1 Oct 1998 20:44:21 -0400 apache (1.3.2-2) unstable; urgency=low, closes=27143 27167 25095 26151 * Depends on apache-common (>= 1.3.2) (#27143, #27167) and conflicts with older versions of php3 and libapache-mod-perl (#25095). * Applied patch from Julian Gilbey so the APACHE_CHOWN_LOGFILES option in cron.conf is documented (#26151). -- Johnie Ingram Mon, 28 Sep 1998 12:42:31 -0400 apache (1.3.2-1) unstable; urgency=low * Use dh_clean in clean-comon target. * Enabled SHARED_CHAIN for more proper linking of the shared modules. * Remove --enable-rule=STATUS; it's no longer applicable. * Clean up the http_protocol.c.{orig,rej} mess and remove the no longer needed debian/Configuration. * Use uudecode instead of munpack; egcs has some scheduling issues with compiling munpack at the moment. * Remove the hack in 1.3.1-3 in favor of the Apache Group's solution. * Non-maintainer upload; -1 by request of Johnie Ingram. * New upstream release. -- Daniel Jacobowitz Tue, 22 Sep 1998 16:05:21 -0400 apache (1.3.1-3) unstable; urgency=high * Patched against denial of service vulnerability discovered by Dag-Erling Smørgrav, where repeated, identical headers consumes O(n^2) memory. -- Johnie Ingram Fri, 7 Aug 1998 22:03:24 -0400 apache (1.3.1-2) unstable; urgency=low, closes=19497 25125 25016 * Common files split off into separate apache-common package (#19497), at the behest of the Policy Manager and apache-ssl maintainer. * Conflicts with php3 (<= 3.0-2) (#25125, cf. 25079, 25080) and libapache-mod-perl (<< 1.15). * Made clean target more aggressive, and removed docs on Bugs now fixed upstream, making debian diff (somewhat) smaller. * Fixed autodetection of need for mod_mime_magic. * Removed duplicate manpage htdigest.8 and obsolete binaries unescape and inc2shtml. * Default srm.conf now handles more languages (#25016). * Fixed version reply. -- Johnie Ingram Wed, 5 Aug 1998 04:18:47 -0400 apache (1.3.1-1) unstable; urgency=low * New upstream version. -- Johnie Ingram Wed, 22 Jul 1998 18:03:21 -0400 apache (1.3.0-4) unstable; urgency=low, closes=23753 23534 23361 * Fixed suid unregistration of htpasswd in postinst (#23753). * Added patch from Dan Jacobowitz for mod_perl shared library support. * The apacheconfig program no longer considers mod_perl obsolete. * Closes #23534 and #23361, fixed in 1.3.0-3. -- Johnie Ingram Sun, 21 Jun 1998 14:58:54 -0400 apache (1.3.0-3) unstable; urgency=low, closes=23534 * The apacheconfig program no longer indirectly depends on gcc (#23534). -- Johnie Ingram Mon, 15 Jun 1998 14:55:30 -0400 apache (1.3.0-2) frozen unstable; urgency=low, closes=23221 23277 22066 22609 16623 22174 22771 22858 23109 23361 * The apxs program has the correct perl path (#23221, important). * Conflicts with php (<= 3.0rc4-2) (#23277, important). * The config program asks about mod_proxy again, since it now works. * CustomLog nicknames finally work inside VirtualHost containers thanks to patch from Christof Damian (#22066) and the Apache Group. * Added patch to apxs from Gergely Madarasz so PHP can build (23361). * This fixes all (2) release-critical bugs, 8 packaging bugs, an upstream bug in mod_log_config and a buffer overflow in the ftp proxy. It also works with PHP 3.0 without needing a -HUP ever 30 minutes. :-) -- Johnie Ingram Thu, 11 Jun 1998 10:40:45 -0400 apache (1.3.0-1) frozen unstable; urgency=low, closes=22609 16623 22174 22771 22858 23109 * New upstream version (#22858, #23109). * Merged patch from Alpha non-maintainer upload by Paul Slootman (#22609). * Closes #16623, fixed with apacheconfig savviness added at 1.3b6-2. * Fixed user and group in default httpd.conf (again) (#22174). * Includes fix from Jules Bean so loadable modules are found in the correct order, and apxs uses correct include directory. * Doesn't configure in the non-existent mod_rewrite on sparc. * Removed dependency on base-passwd (>=2.0.3.2), which guaranteed nothing about the existence of www-data user and group. * Added FollowSymLinks option to /usr/lib/cgi-bin parameters. * The apxs program is now fully configured (#22771). * Added mod_throttle 1.0. -- Johnie Ingram Fri, 5 Jun 1998 00:54:37 -0400 apache (1.3b7-0) local; urgency=low, closes=22609 16623 22174 22771 * New upstream version: Apache development version 19980523070028. -- Johnie Ingram Sat, 23 May 1998 08:15:13 -0400 apache (1.3b6-3.1) frozen unstable; urgency=low * Non-maintainer upload for Alpha * don't build module unique_id, as that code is (self-admittedly) broken for 64-bit architectures. -- Paul Slootman ; Mon, 18 May 1998 23:16:32 +0200 apache (1.3b6-3) frozen unstable; urgency=low, closes=22074 21525 21532 21708 21778 21893 * Closed huge gaping suexec security hole with patch from Gergely Madarasz (#21525). * Fixed typo in apaci build file (#22074), correcting version replies. * The config program now asks only the questions it needs to during upgrades, avoiding the more lengthier queries, as recommended by Andreas Jellinghaus. * Added Options Indexes for /usr/doc in access.conf (#21708). * Fixed typo in postinst (#21532). * Improved cron script so it can rotate the apache logfile just once a month, or even only once a year, by popular demand (#21893). * Closed #21778, as mod_log_referer (sic) is replaced by mod_log_config. -- Johnie Ingram Wed, 6 May 1998 08:35:03 -0400 apache (1.3b6-2) frozen unstable; urgency=low, closes=20438 20569 18187 18768 18188 17350 15344 17517 18310 16146 15693 19169 18098 18553 19616 * New upstream version, release candidate for 1.3.0. * The dynamic loading that Debian has done for years is now officially supported. * Better support for HTTP/1.1-style virtual hosts. * A number of bugfixes and internal performance enhancements. * Changes from 1.3b6-1 release candidate of Tuesday: * Added APACI configuration fixes from Scott K. Ellis. * Linked shared modules against libc6 as per policy. * The init.d script uses apachectl internally. * The proxy module appears broken, so activation is no longer attempted. * Updated provided conf files, adding highperformance.conf example. * Fixed Powered-by-Apache graphic in /usr/doc/apache/icons/. * The configuration program now adds all features with LoadModule directives, and in the order recommended for Debian by Lars Eilebrecht of the Apache Group (fixing mystifying stuff like #19169). * Install scripts no longer attempt to edit /etc/passwd directly, which wasn't reliable anyway (#18588). * Added text to make it clearer that "corrected" paths are not saved to the config files until the very end (#18187). * Standard configuration no longer stores icons in /usr/doc (#18188, #15344), but asks before correcting icon directory Alias and cgi-bin ScriptAlias (#18187). * The apachectl script now uses correct paths (#19616). * Uses better regular expression in init.d from Nicholas Lichtmaier. * It is now possible to backspace during the selection of Y or N within apacheconfig (#18310), which also fixes operation on sparc. * Configuration program no longer attempts to reconfigure a correctly-configured configuration during an upgrade (#17350, #18768, #18187). * Binds to port 80 even without an explicit Port directive (#18553). * The cron.daily script now correctly parses the obsolete and insecure Group number "#-1" in httpd.conf (#16146, #15693). * Fixed details of logfile locations in apache manpage (#20438). * The init.d script now uses the "graceful restart" reload method. * Closes #20569: log files listed multiple times are only aged once. * Updated initial site webpage. * Added yet more debhelperization, eliminating lintian errors. * Updated to Standards-Version 2.4.1.0. * Closes #18098 -- there is no demand for a 1.2.6 package, and only this 1.3.x has been tested in hamm). * Closes #18128 -- the postinst should not offer an inetd option, as the Apache Group has made it clear this "does not work propery -- avoid if at all possible.". * Demotes #20655 to severity fixed (apache no longer needs the non-free msql.h header to compile, mod_so replaces mod_dl, and dpkg-dev 1.4.0.22 can extract the source package). * Released as -2 because a derivative of a -1 test release somehow found its way into Incoming. -- Johnie Ingram Fri, 24 Apr 1998 12:53:42 -0400 apache (1.3b5-3) frozen unstable; urgency=low * Log files listed multiple times are only aged once (#20569). -- Johnie Ingram Sun, 22 Feb 1998 01:48:41 -0500 apache (1.3b5-2) unstable; urgency=low, closes=18487 18459 * Fixed regex for detection of ServerType inetd configuration (#18487, #18459). -- Johnie Ingram Sun, 22 Feb 1998 01:24:27 -0500 apache (1.3b5-1) unstable; urgency=low, closes=15285 16503 16952 18176 * New upstream version: fixes mod_speling, (#16952), works with inetd (#15285). * Final fix of no2slash() bug: was O(n^2) in the length of the input, now O(n), fixing flakiness of 1.3b3-9 (#16503). * Applied cosmetic patch to init.d messages from David Rocher (#18176). * Added mod_so for testing, to eventually replace mod_dlopen. * Init script will not attempt to start apache if it is configured to run from inetd (15285). -- Johnie Ingram Thu, 19 Feb 1998 22:03:34 -0500 apache (1.3b3-13) unstable; urgency=low * Added coypright file to apache-doc, and added apachectl manpage, to make lintian happier. -- Johnie Ingram Tue, 10 Feb 1998 01:50:30 -0500 apache (1.3b3-12) unstable; urgency=low, closes=15950 16123 16129 17902 15056 * Added restart and force-reload targets to init.d script. * Module mod_auth_dbm is now included as a shared library (#15950, #16123, #16129). * The apachectl program now uses correct paths (#17902), and uses a fully-qualified domain name instead of "localhost" to appease squid proxies (#15056). * Included htdigest binary (cf. 17902). * No longer uses the deprecated dh_installdebfiles debhelper command. * Updated to Standards-Version 2.4.0.0. -- Johnie Ingram Mon, 9 Feb 1998 10:43:29 -0500 apache (1.3b3-11) unstable; urgency=low * The install script now runs suidregister before starting apache instead of after (#17078). * Cron script now exits with status 0 (#16699, #16829). * Config program now understands that the MimeMagicFile directive indicates the need for mod_mime_magic (#16616). * Removed src/buildmark.c.rej from patch. -- Johnie Ingram Mon, 19 Jan 1998 02:31:11 -0500 apache (1.3b3-10) unstable; urgency=low, closes=16468 * Updated patch to prevent denial-of-service vulnerability (#16468) -- previous patch could cause malloc-related problems. -- Johnie Ingram Fri, 2 Jan 1998 09:48:20 -0500 apache (1.3b3-9) unstable; urgency=low, closes=8924 12022 15000 15053 15270 15299 15470 15737 15958 15988 16073 16176 * Removed versioned dependency on perl, no longer necessary (now installs without forcing on sparc). * Applied patch for compliance with policy 2.3.0.1 section 3.6 (#15958). * Removed bashisms from cron daily script (#16073) and apachconfig program (#15988). * Now installs link to shutdown apache at sequence 20 instead of 91 (#15737). * Closed Bug #15470, fixed in 1.3b3-3. * Logfile directory now owned by root.root (#12022, cf. 15053), and cron script does not chown the logfiles by default. * Closed #15053, as the point of running apache as www-data instead of nobody is so parts of the site can be safely writable by the server. * Install program now uses interactive copy to avoid overwriting index.html (#15000, #16176). * Tweaked mod_include description in apacheconfig to make it clearer that this module must be loaded for XBitHack to work in .htaccess files (#15299). * Closed #15270, as mod_browser is replaced by the more flexible module mod_setenvif (and the appropriate config file automatically changed). * Added link to Debian Documentation site in default index.html (#8924). * Config program now defaults to fully automagic configuration. * Happy new year. -- Johnie Ingram Thu, 1 Jan 1998 03:32:04 -0500 apache (1.3b3-8) unstable; urgency=high * Added patch to prevent denial-of-service vulnerability. -- Johnie Ingram Wed, 31 Dec 1997 18:24:10 -0500 apache (1.3b3-7) unstable; urgency=low, closes=15930 * Removed unofficial sparc tweak. * Added official tweak to conf.h from Dean Gaudet for multiple architecture support (os-linux/1542, fixed in 1.3b4). * Added temporary fix from Jason Gunthorpe (#15930) for incorrect logging of "critical memmap failure" errors (this will be fixed in 1.3b4). -- Johnie Ingram Fri, 19 Dec 1997 08:54:38 -0500 apache (1.3b3-6) unstable; urgency=low * Corrected broken link which occured if apache-doc is not installed. * Fixed packaging bugs discovered on powerpc architecture. -- Johnie Ingram Thu, 11 Dec 1997 14:25:03 -0500 apache (1.3b3-5) unstable; urgency=low * Tweaked to autocompile on sparc architecture (mod_auth_db disabled on arch due to db.h from the twilight zone, sparc patch sent upstream). -- Johnie Ingram Wed, 10 Dec 1997 11:25:04 -0500 apache (1.3b3-4) unstable; urgency=low, closes=11736 12042 12091 12093 12101 12600 12988 14895 15602 * Replaces the obsolete apache-modules package, removed from ftp.debian.org by the archive manager (#14982), closing #11736, #12042, #12091, #12093, #12101, #12600, #12988, and #14895. * Outdated apache package no longer in project/experimental (#15602, cf. 14981). -- Johnie Ingram Thu, 4 Dec 1997 06:01:26 -0500 apache (1.3b3-3) unstable; urgency=low * Corrected code typo in log rotation cron script. -- Johnie Ingram Thu, 27 Nov 1997 17:37:55 -0500 apache (1.3b3-2) unstable; urgency=low * Added ability to quit out of the manual module configuration and proceed with autoconfig, at the request of Joey Hess on IRC. -- Johnie Ingram Thu, 27 Nov 1997 15:09:16 -0500 apache (1.3b3-1) unstable; urgency=low, closes=11880 12190 * New upstream version. * Init script no longer uses killall (#12190). * Closed #11880 (apache stops responding), fixed in upstream version. -- Johnie Ingram Thu, 27 Nov 1997 11:56:37 -0500 apache (1.3b2-5) unstable; urgency=low, closes=10352 14829 14888 11834 * Debian makefile garnished with debhelper commands. * All manpages are now compressed (#14888). * Logfile rotation time and frequency is now fully customizable, thanks to code from Craig Sanders of the temporary autonomous zone (#14829), also fixing #10352. * Added patch so cron script parsing of apache config files is not as fragile (#11834). -- Johnie Ingram Mon, 24 Nov 1997 22:41:15 -0500 apache (1.3b2-4) unstable; urgency=low, closes=13465 14811 14880 14887 15191 15175 * Missing www-data user no longer crashes the preinst (#13465). * Cron script calls reload to reload the daemon (#14811). * The suexec utility is no longer a conffile (#14880, #15191). * Development package includes os.h (#15136). * Config program detects and corrects obsolete directory name /var/log/apache-httpd (#15139), and old modules: mod_browser (#14887) and mod_perl (#15175). -- Johnie Ingram Mon, 24 Nov 1997 15:29:45 -0500 apache (1.3b2-3) unstable; urgency=low, closes=9905 * Cron script uses #!/bin/sh again -- you just can't win (#9905). -- Johnie Ingram Wed, 12 Nov 1997 16:22:52 -0500 apache (1.3b2-2) unstable; urgency=low, closes=14806 * Fixed default configuration files so new installations will succeed (#14806). * Corrected GIF link in new-installation webpage. * Restored obsolete modules mod_log_referer and mod_log_agent. * Fixed bug in detection of necessity for loading mod_rewrite module. -- Johnie Ingram Wed, 12 Nov 1997 14:40:42 -0500 apache (1.3b2-1) unstable; urgency=low, closes=6778 8649 9818 9851 11510 11511 11563 11635 12981 12040 12188 12189 12200 12728 13106 13935 13954 14656 * New stabler upstream version, now in beta test. * Module mod_rewrite no longer out of date (#9993) -- it is now officially part of apache. * Module mod_browser replaced with mod_envif. * Added new modules mod_speling [sic] and mod_mime_magic. * Corrected location of CGI logfile in suexec utility (#12040). * Configuration files now default to historic locations in ServerRoot/conf to ease FrontPage 98 and multi-server configurations (#12189), as recommeded by James Chan. * Cron script calls /etc/init.d/apache instead of killall (#12200), and is no longer confused by multiple User or Group directives in httpd.conf (#13741). * MIME types file for apache can now differ from systemwide file, as recommended by Robert Stone. * Installation script no longer fails if /usr/lib/httpd/cgi-bin/ exists but is empty (#9818). * Support for the SuppressHTMLPreamble is now standard with apache (it was a Debian patch in 1.1.3 packages) (#12728, #13954, #11563). * Registered suexec with the suidmanager program, so permissions will persist across upgrades if it is activated (#13935). * Modified init.d script to maintain compliance with Standard for Console Messages even if suexec is activated (#13935), and suexec is now a conffile. * Improved apacheconfig detection of incompatible existing configuration (#11510, #12728). * Debian patch adds a debian_apache.h header (with correct DOC_LOCATION) instead of editing httpd.h, making it easier to rebuild (#9851). * Removed apache_monitor, third-party module mod_perl (#14656, #11635, #12188), obsolete modules mod_log_agent and mod_log_referer (and mod_browser), and mod_auth_dbm (#7516); linked in mod_auth_db. * Timestamps now preserved wherever possible during package build. * Fixed bug in http_core.c introduced by debian dynamic-modules patching and discovered by Dean Gaudet of the Apache Group. * Harcoded default user now nobody.nogroup instead of -1.-1 (#12981). * Moved pre-permed proxy cache directory from /var/spool to /var/cache. * Closed #13106 (RFC 2068 requires errcode 301 instead of 302), fixed upstream with HTTP/1.1 support. * Closed #11511 (apache complains if max servers is set to over 256) as this recommended value is enough for most webserver situations. * Closed #6778 (SIGSEGV if virtual server not defined), fixed upstream. * Tweaked default index.html page to reflect file locations (#8649). * Added SHELL=/bin/bash to debian/rules. * Package now conflicts with "apache-modules" package for apache 1.1.3. * Cron daily script now uses #!/bin/bash (#9905). * Updated to Standards-Version 2.3.0.1. -- Johnie Ingram Wed, 12 Nov 1997 04:25:50 -0500 apache (1.2.4-2) unstable; urgency=low * Corrected potentially confusing reference to invalid logfile location in default httpd.conf (#12095). * Updated to Standards-Version 2.3.0.0. * No longer uses the --verbose option to mkdir, which apparently does not work on all systems (#12090). * Config files now relative to ServerRoot (#12189). * Configuration program now waits for newline asking questions (#12999, #12662). * Ensured htpasswd program is in /usr/bin (#12356). * Fixed erroneous chown to user "www" (#12656). * Closed #9354, as no more references to /home/www-data/webspace remain. * Tweaked packaging for better multiple-architecture support. -- Johnie Ingram Sun, 14 Sep 1997 23:36:40 -0400 apache (1.3a1-3) unstable; urgency=low * Corrected potentially confusing reference to invalid logfile location in default httpd.conf (#12095). * Updated to Standards-Version 2.3.0.0. -- Johnie Ingram Sun, 14 Sep 1997 22:44:50 -0400 apache (1.2.4-1) unstable; urgency=low * New upstream version. -- Johnie Ingram Sat, 23 Aug 1997 12:52:43 -0400 apache (1.2.3-1) unstable; urgency=low * New upstream version. -- Johnie Ingram Wed, 20 Aug 1997 15:00:48 -0400 apache (1.2.1-8) unstable; urgency=low * Fixed name of httpd.conf config file in apache(8) man page. -- Johnie Ingram Wed, 20 Aug 1997 12:03:59 -0400 apache (1.2.1-7) unstable; urgency=low * Added patches from Jordan Hrycaj which fix dynamic module loading. * Removed inadvertent architecture dependence in rules file (#12112). * Source code to suexec now included in package (#12081), and suexec now uses correct logfile path (#12040, #12081). * Configuration files made relative to ServerRoot (#10812). * Made mod_proxy, mod_rewrite, mod_auth_dbm and mod_auth_db dynamic. * Updated mod_perl to version 1.00. * Closed #11510, failure of 1.2 to run with untouched 1.1.3 config file. * Closed #11511 since something within apache does indeed check and warn when a MaxClient directive exceeds HARD_SERVER_LIMIT. * Added cgi-bin examples. -- Johnie Ingram Tue, 19 Aug 1997 23:40:41 -0400 apache (1.3a1-2) experimental; urgency=low * Removed inadvertent architecture dependence in rules file (#12112). * Added patches from Jordan Hrycaj which fix dynamic module loading. -- Johnie Ingram Tue, 19 Aug 1997 00:05:32 -0400 apache (1.2.1-6) unstable; urgency=low * Corrected mod_proxy data so it can be detected automatically. * Made apacheconfig load mod_expires by default, so it can be used in .htaccess. -- Johnie Ingram Wed, 13 Aug 1997 13:34:15 -0400 apache (1.2.1-5.1) unstable; urgency=low * Fixed mod_dlopen. * Fixed variable mismatch total_modules/num_modules. * Updated *.info files and the module config. * Added load order feature to apacheconfig. * Added (temporary) support for mod_perl-1.00 for perl-5.004. -- Jordan Hrycaj Wed, 13 Aug 1997 19:27:02 -0200 apache (1.2.1-5) unstable; urgency=low * Fixed apacheconfig autodetection of the need for mod_expires. * Deleted optional module mod_msql, since with this support apache would require libmsql1 and libmsql1-dev to build, a violation of new Debian policy. * Apache executable and mod-perl libraries are now stripped (#11635). * Removed unnecessary Apache-SSL targets from Debian makefile. * Switched to pristine upstream tar archive. * Updated to Standards-Version: 2.2.0.0. -- Johnie Ingram Mon, 11 Aug 1997 07:12:51 -0400 apache (1.3a1-1) experimental; urgency=low * New upstream version (pristine source). * Deleted optional module mod_msql, since with this support apache would require libmsql1 and libmsql1-dev to build. * Fixed apacheconfig autodetection of the need to activate mod_expires. * Apache executable and mod-perl libraries are now stripped (#11635). * Updated to Standards-Version: 2.2.0.0. -- Johnie Ingram Mon, 11 Aug 1997 07:00:42 -0400 apache (1.2.1-4) unstable; urgency=low * Config program no longer asks twice whether mod_dlopen should be activated (thanks to Alex Apke for catchy bug number, #11223). * Closed #10441, another manifestation of #10856, the lack of mod_proxy. * Added debian copyright stanza to copyright file (#8208). * Added check so Authoritative can never be misspelled again (#9767). * Enabled mod_auth_dbm again, linked with libgdbmg (#7516). * Closed #9081, since the new location of the CGI bin is now Policy. * DocumentRoot can now be a symlink (#9790). -- Johnie Ingram Tue, 15 Jul 1997 00:07:07 -0400 apache (1.2.1-3) unstable; urgency=low * Added files ABOUT_APACHE and KEYS to package. * Restored mod_proxy, by popular demand (#10856). -- Johnie Ingram Sun, 13 Jul 1997 01:16:38 -0400 apache (1.2.1-2) unstable; urgency=low * Fixed spelling of Anonymous_Authoritative in the mod_auth_anon and mod_auth_msql data file, since Apache itself now uses the correct spelling. * Corrected more references to /home/www-data/webspace to /var/www in intro.html (#8649, #9354). * Closed #7290, since this is a bug in bash 2.0 that is fixed in 2.01. * Closed #9818, the failure to install if /usr/lib/httpd/cgi-bin/ exists but is empty. * Closed #7159, the incompatibility of apacheconfig with bash-2.0, since apacheconfig has been perl since 1.1.3-3. * Closed #7478, the confusion of apacheconfig, fixed in 1.1.3-6. * Closed #8945 and #9905, other manifestations of #10714 (fixed in 1.2.1-1). * Closed #10603, which was fixed by the patch from Christoph Martin. -- Johnie Ingram Sat, 12 Jul 1997 15:34:39 -0400 apache (1.2.1-1) unstable; urgency=low * New upstream version. * Added patch from Christoph Martin so /etc/cron.daily/apache can handle relative logfile paths (#10670). * Ensured that scripts trap 1 instead of SIGHUP, which breaks ash (#10714). * Corrected apacheconfig lookups of user www to www-data (#10669). * Vastly simplified the process used to build mod_perl, since dpkg-source can indeed create new subdirectories. * Updated to debian-policy 2.1.3.3. -- Johnie Ingram Fri, 11 Jul 1997 05:38:21 -0400 apache (1.2.0-1) experimental; urgency=low * New upstream version. -- Johnie Ingram Sat, 7 Jun 1997 12:12:46 -0400 apache (1.2b11-2) experimental; urgency=low * Added mod_perl, by popular demand. -- Johnie Ingram Wed, 4 Jun 1997 01:29:01 -0400 apache (1.2b11-1) experimental; urgency=low * New upstream version. * Added www.apacheweek.com to resources in intro.html (Peter Kleinmann). * Fixed default location of conffile for apache_monitor (Bug #9787). -- Johnie Ingram Mon, 2 Jun 1997 22:20:42 -0400 apache (1.2b10-1) experimental; urgency=low * New upstream version. * Updated to debian-policy 2.1.3.2, linked against libc6. * No longer uses debmake for package build. * Install no longer fails if /usr/lib/httpd/cgi-bin exists, but is empty (Bug #9818). * Debian changes modified so they do not conflict with Apache-SSL. * Modules mod_auth_db and mod_auth_dbm now included modules (Bug #7516). * Fixed Bugs #7190, #7478, #7543, #8030, #7927, #8208, #6619, and #7544. -- Johnie Ingram Wed, 21 May 1997 23:14:20 -0400 apache (1.1.3-6) frozen unstable; urgency=low * Config program no longer confused by ServerName directives inside VirtualHost sections (Bugs #7190, #7478). * Compiled apache_monitor with -DDEBIAN, which fixes the default location of the config file (Bug #7543), and corrected typo in its manpage. * Reduced webmaster address strangeness (Bug #7928). * Fixed typo in apacheconfig discovered by Tony Finch (Bug #8359). * Config program always asks before restarting apache, and can now detect when the restart fails (Bug #7927). * Registered htpasswd with suidregister, making it easier for the administrator to make it suid (request #8030). The default permissions and umask have not changed, however. * Corrected mispositioned set -e in apache-dev preinst script, and added set -e to preinst and postinst scripts (Bug #8208). * Added dependency on checkroot to binary-arch rules target, and added removal of substvars and files files to clean target (Bug #8208). * Added language to the apache manpage to make it clear that the Debian apache has FSSTND file location defaults (Bug #6619). * Changed control file so dependencies are no longer hardcoded, a quirk pointed out by Dermot Bradley. * Removed deep debmake magic from install scripts, to facilitate porting to non-debmake environments. * Corrected name of program in apache_monitor.8 manpage (Bug #7544). * Closed Bug #5601, since the need to use nph- filename to disable buffering of CGI program output is not a bug, but a feature. * Closed Bug #7132, which was fixed by the new apacheconfig in 1.1.3-3. * Closed Bug #7277, since undocumented.7.gz is now correct. * Closed Bug #7302, the mod_info bug incorrectly listed as 7017 below. * Closed Bug #7740 (posted against apache 3.0) (!), which was another manifestation of the bug located by Manoj Srivastava (Bug #6524) and fixed in 1.1.2-1. * Closed Bug #7744, since the apache 1.1.1-5 file permissions bug has long been fixed. * Package now includes file checksums (debmake 3.2.4). * Updated to Standards-Version 2.1.3.0. -- Johnie Ingram Mon, 7 Apr 1997 14:19:04 -0400 apache (1.1.3-5) unstable; urgency=low * Restored -DSTATUS to Makefile.modules for mod_info (Bug #7017). * Fixed Bug #7297, where apacheconfig doesn't restart apache because the init.d script inadvertently kills itself. * Changed recommended DocumentRoot to /var/www (Bug #7318). * Removed empty /usr/doc/apache/modules directory. * Fixed some links from undocumented.7.gz to undocumented.7. * Config program now understands numerical IDs better, a deficiency pointed out by Dermot Bradley (bradley@mourne.gpl.net). It isn't perfect, though, because chown doesn't understand, e.g., "-1". * Now validates installation scripts during package build using bash 2.0. -- Johnie Ingram Mon, 17 Feb 1997 23:03:13 -0500 apache (1.2b6-3) experimental; urgency=low * Added missing new-installation homepage file intro.html. * Fixed Bug #7297, where apacheconfig doesn't restart apache because the init.d script inadvertently kills itself. * Changed recommended DocumentRoot to /var/www (Bug #7318). * Fixed some links from undocumented.7.gz to undocumented.7. * Config program now understands numerical IDs better, a deficiency pointed out by Dermot Bradley (bradley@mourne.gpl.net). -- Johnie Ingram Mon, 17 Feb 1997 22:08:30 -0500 apache (1.2b6-2) experimental; urgency=low * Synchronized with 1.1.3-4 (Webstandard 3.0, apacheconfig, the works). -- Johnie Ingram Mon, 10 Feb 1997 13:25:30 -0500 apache (1.1.3-4) stable unstable; urgency=medium * Webstandard 3.0 savvy. * The /usr/lib/httpd directory is no more. * Moved icon directory to /usr/doc/apache/icons, cgi-bin directory to /usr/lib/cgi-bin, and created Alias /doc for /usr/doc, for compliance with Webstandard 3.0 at long last (Bug #6942); added checks and automagic config conversion code. * Closed bug #3470, since compliance with the webstandard means apache can coexist with the other web servers. * Added fallback to smail "mkaliases" command (Bug), and removed stop of apache before upgrade, by suggestion of Joey Hess (joey@kite.ml.org). * Added --force, --force-modules, --serveradmin, --serverroot, --servername, --port, and --update options (back) to apacheconfig. * Closed bug #4817, as CGI scripts are now required to be in /usr. * Source package can actually be unpacked with dpkg-source -x. * Updated default homepage, and fixed filename used for installation. * Minor tweaks to text formatting in apacheconfig and init.d scripts. * Removed apachemodname and install-apachemod programs, these having been superceded by new apacheconfig. * Closed Bug #7107, since the package now uses world-readable permissions on the icons (and does not use /usr/lib/httpd anyway). * Added dependency on perl. * Removed obsolete modules-descr and modules-doc targes from Makefile.modules. * Module mod_auth now loaded by default, because its necessity cannot always be determined from the standard ocnfig files. * Did I mention it was Webstandard 3.0 savvy? -- Johnie Ingram Mon, 10 Feb 1997 02:48:53 -0500 apache (1.1.3-3) unstable; urgency=low * Config program, rewritten in perl, now does an exhaustive check to decide which modules are needed, taking all provided mime types, handlers, and directives into account (Bug #4601). * Config program now supports both Apache 1.1 and 1.2, automatically detecting whether LoadModule or AddModule commands should be used. * Installation script no longer asks to make unnecessary changes (Bug #6945), and the configuration can be skipped if the files look good. * Default homepage is not installed if index.cgi already exists there (Bug #6973). * Config program now prefers the config_log_module over the common_log_module, knows the difference between the two (Bug #4683), and ignores commented-out directives (Bug #6780). * Corrected logfile pathname for the log modules from Apache to Debian default (Bug #6800). * First tentative step toward Webstandard 3.0: /usr/lib/cgi-bin included. * Diff no longer contains extraneous temporary directories (Bug #6803). * Source package updated to use debmake 3.0.11 flat directory structure. * Corrected spelling of "unprivileged" in configuration question. * Closed Bug #7031 (posted against 1.1.1-5), since the reference to /var/web/webspace has long been removed from the new-install homepage. * Ran e2fsck -c on stupid /var partition, eliminating garbage from created diff files (Bug #6561). * Simplified /etc/init.d/apache script, and suppressed spurious error message from kill. * Config file backups are now rotated, so apacheconfig can be run multiple times without potential loss of data. * Closed Bug #7094 (posted against apache 3.1-8) (!), which was another manifestation of the bug located by Manoj Srivastava (#6524) and fixed in 1.1.2-1. * Closed Bug #7095, since the package can now repair broken 1.1.1-5 permissions on the (obsolecent) /usr/lib/httpd directory. -- Johnie Ingram Tue, 4 Feb 1997 11:55:55 -0500 apache (1.2b6-1) experimental; urgency=low * Experimental release of Apache beta, sans autoconfig scripts. ("LoadModule" lines should be replaced with "ClearModuleList, AddModule..."). -- Johnie Ingram Thu, 30 Jan 1997 00:20:23 -0500 apache (1.1.3-2) unstable; urgency=low * Cron script now recognizes indented logfile directives (Bug #6784). * Fixed a problem with recognizing and correcting some PidFile directives which was reported by Jeff Noxon (jeff@planetfall.com). -- Johnie Ingram Tue, 28 Jan 1997 12:36:22 -0500 apache (1.1.3-1) unstable; urgency=low * New upstream version which fixes the new bugs introduced by security release 1.1.2 (sigh). * Added SuppressHTMLPreamble option to mod_dir IndexOptions with patch by Roy T. Fielding. * Hacked mod_info so it correctly shows current configuration from config files with absolute pathnames. * Modified mod_dir to recognize PHP/FI and server-parsed documents as HTML code (so it can extract the title from these as a description), and to increase the maximum size of the generated description. * Added SuppressHTMLPreamble and ScanHTMLTitles to IndexOptions in example srm.conf. * Added module mod_rewrite. * Package now suggests installing the (new) apache-modules package. -- Johnie Ingram Sun, 19 Jan 1997 22:00:22 -0500 apache (1.1.2-1) unstable; urgency=high * New upstream version which fixes security holes in mod_cookies and mod_dir (APACHE_MOD.advisory.1.13.97, Bug #6576). * Post-installation script can now find and install the sample access.conf and srm.conf files (Bug #6522). * Corrected Document Root in example access.conf (Bug #6523), startup script, and initial homepage, which removes the last vestiges of the "silly," (Bug #2802), "abominable" (Bug #3470) /var/web directory. * Fixed a typo in apacheconfig located by Manoj Srivastava (Bug #6524), which also fixes detection of the existing webmaster alias (Bug #5693) and eliminates the need to type Control-D during install (Bug #4724). * Post-installation script now asks for a "publiziced" name instead of an alternate name (Bug #3470). * Webmaster address default is now guessed from /etc/mailname instead of the local hostname (Bug #3470). * File listing in apache.8 corrected to reflect current practice. * Debian/GNU product token added to SERVER_VERSION. * Bug #5062 closed, since any further stripping of the modules would make them unloadable by apache. -- Johnie Ingram Tue, 14 Jan 1997 17:39:26 -0500 apache (1.1.1-9) unstable; urgency=low * Daily cron script no longer inadvertently HUPs itself (Bug #6509). * Officially closes Bugs #4694, #5234, #5842, #5843, and #6509. * Moved apache-dev from "devel" to new section, "web". -- Johnie Ingram Sun, 12 Jan 1997 22:41:22 -0500 apache (1.1.1-8) unstable; urgency=low * Fixed errant "set -x" in cron.daily script. -- Johnie Ingram Wed, 8 Jan 1997 02:12:34 -0500 apache (1.1.1-7) unstable; urgency=high * New maintainer. * Updated to Standards-Version 2.1.2.2 with debmake 2.53. * Fixed bad permissions on apache files and directores under /usr/lib; everything now world-readable (Bug #5234). * Document root changed to /home/www-data/webspace in default srm.conf (Bug #4694) * Symbols stripped from /usr/sbin/unescape (Bug #5062). * Source code and Debian scripts changed to use /var/run/apache.pid throughout (Bug #5842, FSSTND 5.10). * Cron script changed to automatically determine which logs need to be rotated (Bug #5843), and can now handle virtual webserver logs. * Sequence code changed so Apache starts up after the automounter and any database daemons. * Compiled with -DSTATUS for more complete reports from from info_module. * Default savelog time extended to one month. * Startup script changed to comply with proposed Standard for Console Messages. * Moved from "net" to new section "web". * Source code changelog now included in documentation. * Headers, source code, and API documentation now in separate package. * Minor changes to text formatting in apacheconfig and post-install script. -- Johnie Ingram Tue, 7 Jan 1997 17:25:45 -0500 apache (1.1.1-6) unstable; urgency=low * This space intentionally left blank. -- Johnie Ingram Wed, 1 Jan 1997 09:07:08 -0500 apache (1.1.1-5) unstable; urgency=LOW * Changed Configure, mod_dl.c and mod_dld.c to arrange for storing the names of dynamically loaded modules. Then changed mod_info.c so that it uses the names correctly instead of making a SIGSEGV. * The default document root is really found by first looking for an existent www-data passwd entry (it will anyway default to /home/www-data/webspace, but previously only the server was looking for ~www-data). * Corrected typos in the default homepage, home.html, changed default locations to reflect changes made in 1.1.1-4, and added some documentation in this page. * Corrected typos in my manual pages. * Added the install-apachemod(8) script to let other packages install or remove dynamically loadable modules by just calling this script, without having to know how things are done. * New modules are added at the end of the LoadModule block rather than at the beginning, just after the magic. * The apacheconfig(8) script now looks in .htaccess files under the directories listed in access.srm to determine the authentication modules that are needed. * Corrected the compilation of the db and msql authentication modules so that the .so files include the necessary libraries dependencies. * Removed the gdbm1 dependency from Apache because the dependency is only useful when loading the dbm authentication module. Added Suggests: entry for all libraries that modules may need. -- Yves Arrouye Mon, 30 Sep 1996 00:44:34 +0200 apache (1.1.1-4) unstable; urgency=LOW * Fixed the getting of some paths in the config files. * Changed permissions to use root.www-data. * Corrected bug in mod_mime.c that made Content-type and Content-encoding be the same. I hope I didn't introduce other bugs... * Put the package back in net. * Built-in document root is /home/www-data/webspace. This is ugly but consistent with the wu-ftpd package, and should be overriden by the installer anyway. * None of the /etc/apache/*.conf files are listed in conffiles as apacheconfig(8) or the postinst may edit them. * Added option --serverroot to apacheconfig(8) and commented out the default ServerRoot in httpd.conf-dist so that apacheconfig(8) will ask for the value to use. * No CGI scripts are found in this package. -- Yves Arrouye Tue, 24 Sep 1996 11:34:53 +0200 apache (1.1.1-3) non-free; urgency=LOW * Fixed mod_info.c: SIGSEGV bug (reported by Joey Hess ) and bad construction of configuration files paths. Note that the SIGSEGV bug comes from the fact that dynamically loaded modules do not have a name registered in the modules_names table, which means the information page will list modules as dyn_module_1, dyn_module_2, etc. instead of giving their exact names. (The problem has been reported to the Apache group.) * Put conffiles back in the package (omitted accidentally when moving to the new package format). -- Yves Arrouye Mon, 16 Sep 1996 11:32:05 +0200 apache (1.1.1-2) non-free; urgency=LOW * Switched to new source format. * Removed contributed CGI scripts from the package. * Wrote manual pages for utilities included from the support directory. * Moved the package to the non-free section. -- Yves Arrouye Mon, 9 Sep 1996 11:09:33 +0200 apache (1.1.1-1) unstable; urgency=LOW * New release by Yves Arrouye . * Moved some stuff again: things that were named apache-httpd are just named apache. * Made /var/run/apache and put things there. * Created /var/spool/apache for proxy caching. * Wrote mod_dl.c and created /usr/lib/apache filled with modules. * Many many changes to the package configuration system, including an apcheconfig script that determines which modules to load at startup. * Fixed bugs reported against previous packages. -- Yves Arrouye Sat, 24 Aug 1996 11:22:56 +0200