[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. 079884705c476565662537c2d6b221bb1c2330d4
Stefan Fritsch
sf at sfritsch.de
Sat Apr 14 20:29:41 UTC 2012
The following commit has been merged in the next branch:
commit 079884705c476565662537c2d6b221bb1c2330d4
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Apr 14 22:28:38 2012 +0200
Add section to security.conf that shows how to forbid access to VCS
directories.
Close two bugs
diff --git a/debian/changelog b/debian/changelog
index c37ad62..813aa5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,7 +26,10 @@ apache2 (2.4.1-4) experimental; urgency=low
* Update ssl default cipher config, add alternative speed optimized config.
Closes: #649020
* Move the configuration of /usr/lib/cgi-bin into a separate config file.
+ Closes: #589638
* Comment out per-vhost loglevel.
+ * Add section to security.conf that shows how to forbid access to VCS
+ directories. Closes: #548213
-- Stefan Fritsch <sf at debian.org> Sat, 14 Apr 2012 21:07:50 +0200
diff --git a/debian/config-dir/apache2.conf b/debian/config-dir/apache2.conf
index eb808fb..abc795a 100644
--- a/debian/config-dir/apache2.conf
+++ b/debian/config-dir/apache2.conf
@@ -51,8 +51,6 @@
# work with the default configuration.
# TODO: Triage the following bugs involving conf changes:
-# #589638 [w| | ] [apache2] apache2: Generally useful options currently set in sites-available/default should be moved to included file
-# #548213 [w| | ] [apache2.2-common] Apache should protect .svn directories
# #340947 [w| | ] [apache2.2-common] apache2-common: standard path to virtual host document roots under /var/www?
# #400681 [n| | ] [apache2.2-common] apache2.2-common: mod_authn_alias does not play well with mod_authnz_ldap
diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf
index 081d77e..5faf17f 100644
--- a/debian/config-dir/conf-available/security.conf
+++ b/debian/config-dir/conf-available/security.conf
@@ -49,3 +49,13 @@ ServerSignature On
TraceEnable Off
#TraceEnable On
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+# Require all denied
+#</DirectoryMatch>
+
--
Debian packaging for apache2 (Apache HTTPD 2.x)
More information about the Pkg-apache-commits
mailing list