Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apache-html-2.0.59-2tr RPM for i586

From Trustix 2.2 for i586

Name: apache-html Distribution: Trustix Secure Linux
Version: 2.0.59 Vendor: Comodo Trustix
Release: 2tr Build date: Thu Aug 23 11:32:43 2007
Group: Trustix Official Build host: ttrmgtnived.comodo.net
Size: 13823 Source RPM: apache-2.0.59-2tr.src.rpm
Packager: Comodo Trustix <http://www.trustix.com>
Url: http://www.apache.org/
Summary: The Trustix default pages
This is the Trustix default web pages.

Provides

Requires

License

BSD-like

Changelog

* Thu Aug 23 2007 Nived Gopalan <nived at trustix dot org> 2.0.59-2tr
  - SECURITY Fix: A cross-site scripting vulnerability exits in
    mod_status.c, when ExtendedStatus is enabled and a public
    server-status page is used. This allows remote attackers to inject
    arbitrary web script or HTML via unspecified vectors involving
    charsets with browsers that perform "charset detection" when the
    content-type is not specified.
  - Fixes an error in the Multi-Processing Module (MPM) which could be
    exploited to send signals to arbitrary processes and cause them to
    be terminated.
  - A bug was found in the mod_cache module. On sites where caching is
    enabled, a remote attacker could send a carefully crafted request
    that would cause the Apache child process handling that request to
    crash. This could lead to a denial of service if using a threaded
    Multi-Processing Module.
  
    The Common Vulnerabilities and Exposures project has assigned the
    names CVE-2006-5752, CVE-2007-3304 and CVE-2007-1863 to these issues.
* Thu Aug 31 2006 Nived Gopalan <nived at trustix dot org> 2.0.59-1tr
  - New Upstream.
* Mon Jul 31 2006 Nived Gopalan <nived at trustix dot org> 2.0.55-5tr
  - SECURITY Fix: A vulnerability has been reported in Apache HTTP Server,
    which potentially can be exploited by malicious people to compromise
    a vulnerable system. The vulnerability is caused by a off-by-one error
    in mod_rewrite within the ldap scheme handling and can be exploited
    to cause a one-byte buffer overflow.
  
    The Common Vulnerabilities and Exposures project has assigned the
    name CVE-2006-3747 to this issue.
* Wed Dec 28 2005 Ajith Thampi <ajith at trustix dot org> 2.0.55-4tr
  - Remove apache dependency on apache-suexec
* Mon Dec 19 2005 Nived Gopalan <nived at trustix dot org> 2.0.55-3tr
  - SECURITY Fix: Cross-site scripting (XSS) vulnerability in the mod_imap
    module which allows remote attackers to inject arbitrary web script or
    HTML via the Referer when using image maps.
  - mod_ssl: Fix a possible crash during access control checks if a non-SSL
    request is processed for an SSL vhost.
  
    The Common Vulnerabilities and Exposures project has assigned the
    name CVE-2005-3352 and CVE-2005-3357 to these issues.
* Mon Oct 17 2005 Ajith Thampi <ajith at comodo dot com> 2.0.55-1tr
  - New Upstream and Multiple Security Fixes
  - SECURITY Fix: CAN-2005-2700, CAN-2005-2491, CAN-2005-2088, CAN-2005-2728,
    CAN-2005-2088, CAN-2005-1268 .
  - Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker() was called
    even if mod_auth_ldap_check_user_id() was not (or if it didn't succeed)
    for non-authoritative cases.
  - mod_proxy: Fix over-eager handling of '%' for reverse proxies.
  - mod_ldap: Fix various shared memory cache handling bugs.
* Fri Sep 09 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 2.0.54-8tr
  - SECURITY: security fix for SSLVerifyClient, byterange filter DoS
  - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient
    optional" in the global virtual host configuration, does not properly enforce
    "SSLVerifyClient require" in a per-location context, which allows remote attackers
    to bypass intended access restrictions.
  - The byte-range filter in Apache 2.0 allows remote attackers to cause a denial
    of service (memory consumption) via an HTTP header with a large Range field.
  
    The Common Vulnerabilities and Exposures project has assigned the
    name CAN-2005-2700 and CAN-2005-2728 to this issue.
* Mon Aug 29 2005 Ajith Thampi <ajith at comodo dot com> 2.0.54-7tr
  - Fix Integer overflow in pcre_compile.c which allows attackers to
    execute arbitrary code via quantifier values in regular expressions,
    which leads to a heap-based buffer overflow.
  
    The Common Vulnerabilities and Exposures project has assigned the
    name CAN-2005-2491 to this issue.
* Tue Aug 09 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 2.0.54-6tr
  - Now package suexec in apache-suexec, Fix Bug #1163.
* Mon Jul 25 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 2.0.54-5tr
  - Security Fix:
  - Watchfire reported a flaw that occured when using the Apache server as an
    HTTP proxy.  A remote attacker could send an HTTP request with both a
    "Transfer-Encoding: chunked" header and a "Content-Length" header.  This
    caused Apache to incorrectly handle and forward the body of the request in
    a way that the receiving server processes it as a separate HTTP request.
    This could allow the bypass of Web application firewall protection or lead
    to cross-site scripting (XSS) attacks.
  
  - Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
    callback.  In order to exploit this issue the Apache server would need to
    be configured to use a malicious certificate revocation list (CRL).
  
    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
    name CAN-2005-2088 and CAN-2005-1268 to this issue.
* Wed Jun 01 2005 Ajith Thampi <ajith at comodo dot com> 2.0.54-4tr
  - Rebuilt with mod_perl to activate changes to Apache2, Bug #811
  - Fixing default httpd.conf to reflect correct locations, Bug #701
* Tue May 10 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 2.0.54-3tr
  - Added Requires: apache for devel package, Fix Bug #618
* Wed Apr 27 2005 Nived Gopalan <nived at comodo dot com> 2.0.54-2tr
  - Fixed logrotate, Bug #454
* Tue Apr 19 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 2.0.54-1tr
  - New Upstream
* Tue Mar 01 2005 Erlend Midttun <erlendbm at trustix dot org> 2.0.53-2tr
  - Change SSL config section.  Bug #30.
* Mon Feb 28 2005 Erlend Midttun <erlendbm at trustix dot org> 2.0.53-1tr
  - New upstream.
  - Added LDAP support.
* Thu Nov 18 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.52-6tr
  - Fix for CAN-2004-0942
* Tue Nov 09 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.52-5tr
  - Rebuild for dynamic openssl
* Fri Oct 22 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.52-3tr
  - New upstream
  - Updated default index.html page
  - Erlend split default html pages into a separate package
* Thu Sep 23 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.51-3tr
  - Fix CAN-2004-0811
* Tue Sep 21 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.51-2tr
  - Add some checking to the init script.
* Thu Sep 16 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.51-1tr
  - New upstream fixes CAN-2004-0786 CAN-2004-0747 CAN-2004-0751 
    CAN-2004-0748 and CAN-2004-0809
* Thu Jul 22 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.50-2tr
  - New upstream
* Tue Jun 29 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.49-9tr
  - Add patch for CAN-2004-0493 DoS issue
* Wed Jun 02 2004 Chr. Toldnes <christht at trustix dot org> 2.0.49-8tr
  - rebuild on correct openssl
* Wed Jun 02 2004 Chr. Toldnes <christht at trustix dot org> 2.0.49-7tr
  - Added patch to fix CAN-2004-0488
* Wed Apr 28 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.49-6tr
  - HTTPDDARGS to HTTPDARGS in /etc/sysconfig/httpd
* Thu Apr 22 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.49-5tr
  - Now build the base modules static instead of shared.  This for compliance with the
    released version.
  - Do not force loading of modules from /usr/lib.
* Thu Apr 22 2004 Erlend Midttun <erlendbm at trustix dot org> 2.0.49-4tr
  - Build all modules shared.
* Tue Apr 06 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.49-3tr
  - Don't hardcode lib directory name
* Fri Mar 26 2004 Oystein Viggen <oysteivi at trustix dot com> 2.0.49-2tr
  - Bump release to make sure we're newer than the package in Cloud
* Tue Mar 23 2004 Chr. Toldnes <christht at trustix dot org> 2.0.49-1tr
  - New upstream version
* Mon Mar 01 2004 Erlend Midttun <erlendbm at trustix dot com> 2.0.48-8tr
  - Added more modules.
* Mon Feb 09 2004 Chr. Toldnes <christht at trustix dot org> 2.0.48-6tr
  - apxs moved to -devel
  - new sub package: dbm
  - command line arguments in /etc/sysconfig/httpd
  - Built with correct cflags (LSF).
  - specfile renamed apache.spec
* Wed Dec 03 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.48-5tr
  - Rebuilt.
* Wed Dec 03 2003 Chr. Toldnes <christht at trustix dot org> 2.0.48-4ct
  - Use external expat
* Wed Nov 19 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.48-3tr
  - Added sites directory.
* Tue Nov 18 2003 Tor Hveem <torh at trustix dot org> 2.0.48-2th
  - Some tawie->trustix fixes
* Mon Nov 17 2003 Tor Hveem <torh at trustix dot org> 2.0.48-1th
  - New upstream
* Mon Oct 13 2003 Nico Erfurth <masta at tawie dot org> 2.0.47-9ne
  - Added 64bit file support
  - Fixed usage of CFLAGS
* Sat Oct 04 2003 Michael Scheffler <duke at duke dot de> 2.0.47-8ms
  - Minor changes to index.html
* Fri Oct 03 2003 Michael Scheffler <duke at duke dot de> 2.0.47-7ms
  - Updated default index.html
* Sun Sep 28 2003 Chr. Toldnes <christht at tawie dot org> 2.0.47-6tsl
  - Port to tawie
* Fri Sep 26 2003 Chr. Toldnes <christht at tawie dot org> 2.0.47-5tr
  - Rebuilt and retagged
* Fri Sep 26 2003 Tor Hveem <torh at trustix dot org> 2.0.47-4th
  - Fixed up suexec
* Fri Sep 12 2003 Tor Hveem <torh at trustix dot org> 2.0.47-3th
  * Included dav modules, and auth-digest module
* Thu Jul 10 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.47-2tr
  - Take II, now woth changes from 46-6tr.
* Thu Jul 10 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.47-1tr
  - New upstream, closes serveral security related problems.
* Tue Jul 08 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.46-6tr
  - Removed directory browsing by default.
* Wed Jun 18 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.46-5tr
  - Big rebuild
* Tue Jun 10 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.46-4em
  - Added WAP headers.
  - Added missingok and notifempty to logrotate-config.
* Thu Jun 05 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.46-3em
  - Try to resolve file conflicts.
* Fri May 30 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.46-2em
  - Merge the packages.
* Thu May 29 2003 Gerald Dachs <gda at trustix dot org> 2.0.46-1gd
  - Upgrade to 2.0.46
* Mon Apr 28 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.45-3em
  - Fixed creation of home directory.
* Mon Apr 28 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.45-2em
  - Cleaned up config.  No longer load proxy modules.
  - Added httpd user/group
* Fri Apr 04 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.45-1em
  - Upgrade to 2.0.45
* Mon Mar 24 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.44-4em
  - Rebuilt against glibc 2.3.2.
* Fri Feb 28 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.44-3em
  - Major cleanup of spec file.
  - Major cleanup of /etc/httpd.
  - Major cleanup of /home/httpd.
  - Created manual package.
* Wed Feb 19 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.44-2em
  - Added Include directory.
  - Added commented out PHP4 module line.
* Wed Jan 22 2003 Tor Hveem <torh at trustix dot org> 2.0.44-1th
  - new version
* Sat Jan 18 2003 Gerald Dachs <gda at trustix dot org> 2.0.43-4gd
  - rebuild against openssl 0.9.7
  - Make initscript use lockdev instead of .lockdev
* Tue Jan 07 2003 Erlend Midttun <erlendbm at trustix dot com> 2.0.43-3em
  - Make initscript use .lockdev instead of lockdev
  - Use initdir macro
  - Removed axps from -devel so that it is part of main package.
* Thu Nov 21 2002 Christian H. Toldnes <christht at trustix dot com> 2.0.43-2ct
  - httpd initscript now uses $INITLOCK
* Tue Oct 08 2002 Gerald Dachs <gda at trustix dot org> 2.0.43-1gd
  - new upstream version
* Fri Sep 13 2002 Nico Erfurth <masta at trustix dot org> 2.0.40-2ne
  - Splitted libapr into a seperate package
  - fixed httpd.init to use the new init-directory
* Tue Aug 27 2002 Nico Erfurth <masta at trustix dot org> 2.0.40-1ne
  - Updated to Apache 2.0.40
  - FIXME: ssl-config, no certs are generated
* Wed Jul 17 2002 Roland Kruse <rolandk at trustix dot com> 1.3.26-4rk 
  - rcscripts /etc/rc.d/init.d -> /etc/init.d
* Tue Jul 16 2002 Roland Kruse <rolandk at trustix dot com> 1.3.26-3rk
  - Rebuild for Cloud (temporary, will be replaced with 2.x)
* Mon Jun 24 2002 Christian H. Toldnes <christht at trustix dot com> 1.3.26-2tr
  - Update to mod_ssl-2.8.10 fixes buffer overflow
* Wed Jun 19 2002 Christian H. Toldnes <christht at trustix dot com> 1.3.26-1tr
  - Update to apache-1.3.26 mod_ssl-2.8.9
  - Added index.php to DirectoryIndex in httpd.conf
  - Added missing file apachectl
* Wed May 15 2002 Erlend Midttun <erlendbm at trustix dot com>
  - Seems openssl-devel is not needed as PreReq.  Moving to BuildRequires.
* Tue May 14 2002 Erlend Midttun <erlendbm at trustix dot com>
  - Added Include /etc/httpd/conf.d in config file
  - Added /etc/httpd/conf.d to allow applications to configure apache
    without fscking the normal config file.
  - No longer remove apachectl as it provides more features than our
    SYSV scripts.  "apachectl configtest" for one.  Hopefully it will not
    break anything.
  - Added poweredbytrustix.png.
  - Resynced config file with default.
* Mon Apr 15 2002 Christian H. Toldnes <christht at trustix dot com>
  - New upstream version: apache 1.3.24, modssl 2.8.8
* Fri Mar 01 2002 Christian H. Toldnes <christht at trustix dot com>
  - Correct chkconfig handling in init script.
* Thu Feb 28 2002 Christian H. Toldnes <christht at trustix dot com>
  - New upstream version: apache 1.3.23, modssl 2.8.7
  - Added new set of files for default page.
* Mon Jan 07 2002 Christian H. Toldnes <christht at trustix dot com>
  - Added %config(noreplace) for default html-pages.
* Thu Jan 03 2002 Christian H. Toldnes <christht at trustix dot com>
  - Package cleanup.
* Wed Dec 19 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Fixed logrotate.  Take II.
* Thu Nov 29 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Removed poweredby.gif.
  - Fixed logrotate.
* Thu Oct 04 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Fixed missing dependency of mailcap.
* Thu Jul 26 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Fixed version string to make webmin happy.
* Mon Jul 23 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Seems like we overwrote the config files.
* Mon Jul 09 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Due to a large number of AOL users thinking we stole their favorite
    website, we've changed the "it worked" page.
* Mon Jun 18 2001 Erlend Midttun <erlendbm at trustix dot com>
  - Second attempt at getting /var/log/httpd going.
  - Added support for auth_dbm.
* Tue Jun 12 2001 Erlend Midttun <erlendbm at trustix dot com>
  - New upstream version.
* Mon Mar 19 2001 Alexander Reelsen <ar at trustix dot com>
  - Updated to version 1.3.19
  - Replaced apache-ssl with mod_ssl (now one package for SSL/non-SSL apache)
  - Added apache-contrib module sources
  - General spec file cleanup
* Sat Nov 25 2000 Oystein Viggen <oysteivi at trustix dot com>
  - The new version needs --disable-shared=apache_ssl to actually work
* Wed Nov 22 2000 Olaf Trygve Berglihn <olafb at trustix dot com>
  - Updated to version 1.3.14+ssl_1.42.
* Wed Oct 04 2000 Per Ivar Paulsen <perp at trustix dot com>
  - Fixed mod-rewrite.c bug
* Tue Aug 15 2000 Oystein Viggen <oysteivi at trustix dot com>
  - Security hole through typo in attr for /usr/sbin/httpsd fixed.
* Wed May 24 2000 Per Ivar Paulsen <perp at trustix dot com>
  - Bugfix, downgrade to apache-ssl 1.39
* Wed May 03 2000 Per Ivar Paulsen <perp at trustix dot com>
  - Update apache-ssl to 1.40
* Tue Mar 14 2000 Per Ivar Paulsen <perp at trustix dot com>
  - Updated to apache 1.3.12 and apache-ssl 1.39
* Mon Feb 21 2000 Per Ivar Paulsen <perp at trustix dot com>
  - Initial release for the Trustix Secure Linux distribution.
  - Added noreplace.
  - Moved man and info pages to /usr/share adhering to FHS
  - TODO: add better default configuration
  - Added Apache 1.3.11 and apache_1.3.11+ssl_1.38.

Files

/home/httpd/html/images
/home/httpd/html/images/poweredbytrustix.gif
/home/httpd/html/images/poweredbytrustix.png
/home/httpd/html/images/trustix.gif
/home/httpd/html/images/valid-xhtml10.gif
/home/httpd/html/images/vcss.gif
/home/httpd/html/index.html
/home/httpd/html/trustix.css


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Sep 15 21:53:39 2014