SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache-2.0.59-3tr.i586.rpm :
Thu Aug 23 14:00:00 2007 Nived Gopalan 2.0.59-3tr
- SECURITY Fix: A cross-site scripting vulnerability exits in
mod_status.c, when ExtendedStatus is enabled and a public
server-status page is used. This allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors involving
charsets with browsers that perform \"charset detection\" when the
content-type is not specified.
- Fixes an error in the Multi-Processing Module (MPM) which could be
exploited to send signals to arbitrary processes and cause them to
be terminated.
- A bug was found in the mod_cache module. On sites where caching is
enabled, a remote attacker could send a carefully crafted request
that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.

The Common Vulnerabilities and Exposures project has assigned the
names CVE-2006-5752, CVE-2007-3304 and CVE-2007-1863 to these issues.

Mon Feb 26 13:00:00 2007 Nived Gopalan
- Rebuilt

Tue Aug 15 14:00:00 2006 Nived Gopalan 2.0.59-1tr
- New Upstream.

Mon Jul 31 14:00:00 2006 Nived Gopalan 2.0.55-6tr
- SECURITY Fix: A vulnerability has been reported in Apache HTTP Server,
which potentially can be exploited by malicious people to compromise
a vulnerable system. The vulnerability is caused by a off-by-one error
in mod_rewrite within the ldap scheme handling and can be exploited
to cause a one-byte buffer overflow.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-3747 to this issue.

Wed Dec 28 13:00:00 2005 Ajith Thampi 2.0.55-5tr
- Remove apache dependency on apache-suexec

Mon Dec 19 13:00:00 2005 Nived Gopalan 2.0.55-4tr
- SECURITY Fix: Cross-site scripting (XSS) vulnerability in the mod_imap
module which allows remote attackers to inject arbitrary web script or
HTML via the Referer when using image maps.
- mod_ssl: Fix a possible crash during access control checks if a non-SSL
request is processed for an SSL vhost.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-3352 and CVE-2005-3357 to these issues.

Mon Dec 5 13:00:00 2005 Nived Gopalan 2.0.55-3tr
- Added BuildRequires openldap-devel, cyrus-sasl-devel and
gnutls-devel, Bug #1452.

Wed Oct 19 14:00:00 2005 Ajith Thampi 2.0.55-2tr
- Fix removal of /var/run/fastcgi/dynamic on service stop

Mon Oct 17 14:00:00 2005 Ajith Thampi 2.0.55-1tr
- New Upstream and Multiple Security Fixes
- SECURITY Fix: CAN-2005-2700, CAN-2005-2491, CAN-2005-2088, CAN-2005-2728,
CAN-2005-2088, CAN-2005-1268 .
- Fix core dump if mod_auth_ldap\'s mod_auth_ldap_auth_checker() was called
even if mod_auth_ldap_check_user_id() was not (or if it didn\'t succeed)
for non-authoritative cases.
- mod_proxy: Fix over-eager handling of \'%\' for reverse proxies.
- mod_ldap: Fix various shared memory cache handling bugs.

Fri Sep 9 14:00:00 2005 Syed Shabir Zakiullah 2.0.54-14tr
- SECURITY: security fix for SSLVerifyClient, byterange filter DoS
- ssl_engine_kernel.c in mod_ssl before 2.8.24, when using \"SSLVerifyClient
optional\" in the global virtual host configuration, does not properly enforce
\"SSLVerifyClient require\" in a per-location context, which allows remote attackers
to bypass intended access restrictions.
- The byte-range filter in Apache 2.0 allows remote attackers to cause a denial
of service (memory consumption) via an HTTP header with a large Range field.

The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2700 and CAN-2005-2728 to this issue.

Mon Aug 29 14:00:00 2005 Ajith Thampi 2.0.54-13tr
- Fix Integer overflow in pcre_compile.c which allows attackers to
execute arbitrary code via quantifier values in regular expressions,
which leads to a heap-based buffer overflow.

The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.

Tue Aug 9 14:00:00 2005 Syed Shabir Zakiullah 2.0.54-12tr
- Now package suexec in apache-suexec, Ref. Bug #1163.

Mon Jul 25 14:00:00 2005 Syed Shabir Zakiullah 2.0.54-11tr
- Security Fix:
- Watchfire reported a flaw that occured when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
\"Transfer-Encoding: chunked\" header and a \"Content-Length\" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.

- Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL).

The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CAN-2005-2088 and CAN-2005-1268 to this issue.

Mon Jun 6 14:00:00 2005 Ajith Thampi 2.0.54-10tr
- Rebuilt on perl-5.8.7

Wed Jun 1 14:00:00 2005 Ajith Thampi 2.0.54-9tr
- Fixing default httpd.conf to reflect correct locations, Bug #701

Tue May 10 14:00:00 2005 Syed Shabir Zakiullah 2.0.54-7tr
- Added Requires: apache for devel package, Fix Bug #618

Wed May 4 14:00:00 2005 Ajith Thampi 2.0.54-6tr
- Rebuilt with mod_python, mod_perl, perl, php for fixing segfault issue.

Thu Apr 28 14:00:00 2005 Syed Shabir Zakiullah 2.0.54-5tr
- Added deplibs patch to make libaprutils to link against its dependencies

Tue Apr 26 14:00:00 2005 Nived Gopalan 2.0.54-4tr
- Fixed logrotate, Bug #455

Mon Apr 25 14:00:00 2005 Ajith Thampi 2.0.54-3tr
- Rebuilt on db-4.3.27

Wed Apr 20 14:00:00 2005 Thushara Gopalakrishnan 2.0.54-2tr
- Changed init priority

Tue Apr 19 14:00:00 2005 Raghu 2.0.54-1tr
- New Upstream

Tue Apr 12 14:00:00 2005 Raghu 2.0.53-7tr
- Rebuilt for openldap-2.2.24

Fri Apr 8 14:00:00 2005 Raghu 2.0.53-6tr
- Rebuilt for openldap-2.2.9

Wed Mar 23 13:00:00 2005 Ajith Thampi 2.0.53-5tr
- Added LDAP support
- Change SSL config section. Bug #30.
- Fixed a broken modules link

Tue Mar 15 13:00:00 2005 Bipin S 2.0.53-4tr
- Rebuit

Fri Feb 18 13:00:00 2005 Raghu 2.0.53-1tr
- New Upstream
- Fix for CAN-2004-0942,CAN-2004-0885

Wed Feb 2 13:00:00 2005 Ajith Thampi 2.0.52-8tr
- Rebuild for db-4.2.52

Thu Nov 18 13:00:00 2004 Erlend Midttun 2.0.52-6tr
- Fix for CAN-2004-0942

Tue Nov 9 13:00:00 2004 Oystein Viggen 2.0.52-5tr
- Rebuild for dynamic openssl

Fri Oct 22 14:00:00 2004 Oystein Viggen 2.0.52-3tr
- New upstream
- Updated default index.html page
- Erlend split default html pages into a separate package

Thu Sep 23 14:00:00 2004 Erlend Midttun 2.0.51-3tr
- Fix CAN-2004-0811

Tue Sep 21 14:00:00 2004 Erlend Midttun 2.0.51-2tr
- Add some checking to the init script.

Thu Sep 16 14:00:00 2004 Erlend Midttun 2.0.51-1tr
- New upstream fixes CAN-2004-0786 CAN-2004-0747 CAN-2004-0751
CAN-2004-0748 and CAN-2004-0809

Thu Jul 22 14:00:00 2004 Oystein Viggen 2.0.50-2tr
- New upstream

Tue Jun 29 14:00:00 2004 Oystein Viggen 2.0.49-9tr
- Add patch for CAN-2004-0493 DoS issue

Wed Jun 2 14:00:00 2004 Chr. Toldnes 2.0.49-8tr
- rebuild on correct openssl

Wed Jun 2 14:00:00 2004 Chr. Toldnes 2.0.49-7tr
- Added patch to fix CAN-2004-0488

Wed Apr 28 14:00:00 2004 Erlend Midttun 2.0.49-6tr
- HTTPDDARGS to HTTPDARGS in /etc/sysconfig/httpd

Thu Apr 22 14:00:00 2004 Erlend Midttun 2.0.49-5tr
- Now build the base modules static instead of shared. This for compliance with the
released version.
- Do not force loading of modules from /usr/lib.

Thu Apr 22 14:00:00 2004 Erlend Midttun 2.0.49-4tr
- Build all modules shared.

Tue Apr 6 14:00:00 2004 Oystein Viggen 2.0.49-3tr
- Don\'t hardcode lib directory name

Fri Mar 26 13:00:00 2004 Oystein Viggen 2.0.49-2tr
- Bump release to make sure we\'re newer than the package in Cloud

Tue Mar 23 13:00:00 2004 Chr. Toldnes 2.0.49-1tr
- New upstream version

Mon Mar 1 13:00:00 2004 Erlend Midttun 2.0.48-8tr
- Added more modules.

Mon Feb 9 13:00:00 2004 Chr. Toldnes 2.0.48-6tr
- apxs moved to -devel
- new sub package: dbm
- command line arguments in /etc/sysconfig/httpd
- Built with correct cflags (LSF).
- specfile renamed apache.spec

Wed Dec 3 13:00:00 2003 Erlend Midttun 2.0.48-5tr
- Rebuilt.

Wed Dec 3 13:00:00 2003 Chr. Toldnes 2.0.48-4ct
- Use external expat

Wed Nov 19 13:00:00 2003 Erlend Midttun 2.0.48-3tr
- Added sites directory.

Tue Nov 18 13:00:00 2003 Tor Hveem 2.0.48-2th
- Some tawie->trustix fixes

Mon Nov 17 13:00:00 2003 Tor Hveem 2.0.48-1th
- New upstream

Mon Oct 13 14:00:00 2003 Nico Erfurth 2.0.47-9ne
- Added 64bit file support
- Fixed usage of CFLAGS

Sat Oct 4 14:00:00 2003 Michael Scheffler 2.0.47-8ms
- Minor changes to index.html

Fri Oct 3 14:00:00 2003 Michael Scheffler 2.0.47-7ms
- Updated default index.html

Sun Sep 28 14:00:00 2003 Chr. Toldnes 2.0.47-6tsl
- Port to tawie

Fri Sep 26 14:00:00 2003 Chr. Toldnes 2.0.47-5tr
- Rebuilt and retagged

Fri Sep 26 14:00:00 2003 Tor Hveem 2.0.47-4th
- Fixed up suexec

Fri Sep 12 14:00:00 2003 Tor Hveem 2.0.47-3th

* Included dav modules, and auth-digest module

Thu Jul 10 14:00:00 2003 Erlend Midttun 2.0.47-2tr
- Take II, now woth changes from 46-6tr.

Thu Jul 10 14:00:00 2003 Erlend Midttun 2.0.47-1tr
- New upstream, closes serveral security related problems.

Tue Jul 8 14:00:00 2003 Erlend Midttun 2.0.46-6tr
- Removed directory browsing by default.

Wed Jun 18 14:00:00 2003 Erlend Midttun 2.0.46-5tr
- Big rebuild

Tue Jun 10 14:00:00 2003 Erlend Midttun 2.0.46-4em
- Added WAP headers.
- Added missingok and notifempty to logrotate-config.

Thu Jun 5 14:00:00 2003 Erlend Midttun 2.0.46-3em
- Try to resolve file conflicts.

Fri May 30 14:00:00 2003 Erlend Midttun 2.0.46-2em
- Merge the packages.

Thu May 29 14:00:00 2003 Gerald Dachs 2.0.46-1gd
- Upgrade to 2.0.46

Mon Apr 28 14:00:00 2003 Erlend Midttun 2.0.45-3em
- Fixed creation of home directory.

Mon Apr 28 14:00:00 2003 Erlend Midttun 2.0.45-2em
- Cleaned up config. No longer load proxy modules.
- Added httpd user/group

Fri Apr 4 14:00:00 2003 Erlend Midttun 2.0.45-1em
- Upgrade to 2.0.45

Mon Mar 24 13:00:00 2003 Erlend Midttun 2.0.44-4em
- Rebuilt against glibc 2.3.2.

Fri Feb 28 13:00:00 2003 Erlend Midttun 2.0.44-3em
- Major cleanup of spec file.
- Major cleanup of /etc/httpd.
- Major cleanup of /home/httpd.
- Created manual package.

Wed Feb 19 13:00:00 2003 Erlend Midttun 2.0.44-2em
- Added Include directory.
- Added commented out PHP4 module line.

Wed Jan 22 13:00:00 2003 Tor Hveem 2.0.44-1th
- new version

Sat Jan 18 13:00:00 2003 Gerald Dachs 2.0.43-4gd
- rebuild against openssl 0.9.7
- Make initscript use lockdev instead of .lockdev

Tue Jan 7 13:00:00 2003 Erlend Midttun 2.0.43-3em
- Make initscript use .lockdev instead of lockdev
- Use initdir macro
- Removed axps from -devel so that it is part of main package.

Thu Nov 21 13:00:00 2002 Christian H. Toldnes 2.0.43-2ct
- httpd initscript now uses $INITLOCK

Tue Oct 8 14:00:00 2002 Gerald Dachs 2.0.43-1gd
- new upstream version

Fri Sep 13 14:00:00 2002 Nico Erfurth 2.0.40-2ne
- Splitted libapr into a seperate package
- fixed httpd.init to use the new init-directory

Tue Aug 27 14:00:00 2002 Nico Erfurth 2.0.40-1ne
- Updated to Apache 2.0.40
- FIXME: ssl-config, no certs are generated

Wed Jul 17 14:00:00 2002 Roland Kruse 1.3.26-4rk
- rcscripts /etc/rc.d/init.d -> /etc/init.d

Tue Jul 16 14:00:00 2002 Roland Kruse 1.3.26-3rk
- Rebuild for Cloud (temporary, will be replaced with 2.x)

Mon Jun 24 14:00:00 2002 Christian H. Toldnes 1.3.26-2tr
- Update to mod_ssl-2.8.10 fixes buffer overflow

Wed Jun 19 14:00:00 2002 Christian H. Toldnes 1.3.26-1tr
- Update to apache-1.3.26 mod_ssl-2.8.9
- Added index.php to DirectoryIndex in httpd.conf
- Added missing file apachectl

Wed May 15 14:00:00 2002 Erlend Midttun
- Seems openssl-devel is not needed as PreReq. Moving to BuildRequires.

Tue May 14 14:00:00 2002 Erlend Midttun
- Added Include /etc/httpd/conf.d in config file
- Added /etc/httpd/conf.d to allow applications to configure apache
without fscking the normal config file.
- No longer remove apachectl as it provides more features than our
SYSV scripts. \"apachectl configtest\" for one. Hopefully it will not
break anything.
- Added poweredbytrustix.png.
- Resynced config file with default.

Mon Apr 15 14:00:00 2002 Christian H. Toldnes
- New upstream version: apache 1.3.24, modssl 2.8.8

Fri Mar 1 13:00:00 2002 Christian H. Toldnes
- Correct chkconfig handling in init script.

Thu Feb 28 13:00:00 2002 Christian H. Toldnes
- New upstream version: apache 1.3.23, modssl 2.8.7
- Added new set of files for default page.

Mon Jan 7 13:00:00 2002 Christian H. Toldnes
- Added %config(noreplace) for default html-pages.

Thu Jan 3 13:00:00 2002 Christian H. Toldnes
- Package cleanup.

Wed Dec 19 13:00:00 2001 Erlend Midttun
- Fixed logrotate. Take II.

Thu Nov 29 13:00:00 2001 Erlend Midttun
- Removed poweredby.gif.
- Fixed logrotate.

Thu Oct 4 14:00:00 2001 Erlend Midttun
- Fixed missing dependency of mailcap.

Thu Jul 26 14:00:00 2001 Erlend Midttun
- Fixed version string to make webmin happy.

Mon Jul 23 14:00:00 2001 Erlend Midttun
- Seems like we overwrote the config files.

Mon Jul 9 14:00:00 2001 Erlend Midttun
- Due to a large number of AOL users thinking we stole their favorite
website, we\'ve changed the \"it worked\" page.

Mon Jun 18 14:00:00 2001 Erlend Midttun
- Second attempt at getting /var/log/httpd going.
- Added support for auth_dbm.

Tue Jun 12 14:00:00 2001 Erlend Midttun
- New upstream version.

Mon Mar 19 13:00:00 2001 Alexander Reelsen
- Updated to version 1.3.19
- Replaced apache-ssl with mod_ssl (now one package for SSL/non-SSL apache)
- Added apache-contrib module sources
- General spec file cleanup

Sat Nov 25 13:00:00 2000 Oystein Viggen
- The new version needs --disable-shared=apache_ssl to actually work

Wed Nov 22 13:00:00 2000 Olaf Trygve Berglihn
- Updated to version 1.3.14+ssl_1.42.

Wed Oct 4 14:00:00 2000 Per Ivar Paulsen
- Fixed mod-rewrite.c bug

Tue Aug 15 14:00:00 2000 Oystein Viggen
- Security hole through typo in attr for /usr/sbin/httpsd fixed.

Wed May 24 14:00:00 2000 Per Ivar Paulsen
- Bugfix, downgrade to apache-ssl 1.39

Wed May 3 14:00:00 2000 Per Ivar Paulsen
- Update apache-ssl to 1.40

Tue Mar 14 13:00:00 2000 Per Ivar Paulsen
- Updated to apache 1.3.12 and apache-ssl 1.39

Mon Feb 21 13:00:00 2000 Per Ivar Paulsen
- Initial release for the Trustix Secure Linux distribution.
- Added noreplace.
- Moved man and info pages to /usr/share adhering to FHS
- TODO: add better default configuration
- Added Apache 1.3.11 and apache_1.3.11+ssl_1.38.


  
ICM