[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. 079884705c476565662537c2d6b221bb1c2330d4

Stefan Fritsch sf at sfritsch.de
Sat Apr 14 20:29:41 UTC 2012 

The following commit has been merged in the next branch:
commit 079884705c476565662537c2d6b221bb1c2330d4
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sat Apr 14 22:28:38 2012 +0200

    Add section to security.conf that shows how to forbid access to VCS
    directories.
    Close two bugs

diff --git a/debian/changelog b/debian/changelog
index c37ad62..813aa5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,7 +26,10 @@ apache2 (2.4.1-4) experimental; urgency=low
   * Update ssl default cipher config, add alternative speed optimized config.
     Closes: #649020
   * Move the configuration of /usr/lib/cgi-bin into a separate config file.
+    Closes: #589638
   * Comment out per-vhost loglevel.
+  * Add section to security.conf that shows how to forbid access to VCS
+    directories. Closes: #548213
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 14 Apr 2012 21:07:50 +0200
 
diff --git a/debian/config-dir/apache2.conf b/debian/config-dir/apache2.conf
index eb808fb..abc795a 100644
--- a/debian/config-dir/apache2.conf
+++ b/debian/config-dir/apache2.conf
@@ -51,8 +51,6 @@
 #   work with the default configuration.
 
 # TODO: Triage the following bugs involving conf changes:
-#	#589638 [w|  |  ] [apache2] apache2: Generally useful options currently set in sites-available/default should be moved to included file
-#	#548213 [w|  |  ] [apache2.2-common] Apache should protect .svn directories
 #	#340947 [w|  |  ] [apache2.2-common] apache2-common: standard path to virtual host document roots under /var/www?
 #	#400681 [n|  |  ] [apache2.2-common] apache2.2-common: mod_authn_alias does not play well with mod_authnz_ldap
 
diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf
index 081d77e..5faf17f 100644
--- a/debian/config-dir/conf-available/security.conf
+++ b/debian/config-dir/conf-available/security.conf
@@ -49,3 +49,13 @@ ServerSignature On
 TraceEnable Off
 #TraceEnable On
 
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#	Require all denied
+#</DirectoryMatch>
+

-- 
Debian packaging for apache2 (Apache HTTPD 2.x)

More information about the Pkg-apache-commits mailing list