[SCM] Debian packaging for apache2 branch, master, updated. debian/2.4.4-6-2-g2adb1c6
Arno Töll
arno at debian.org
Sat Jun 8 15:52:05 UTC 2013
The following commit has been merged in the master branch:
commit 2adb1c65407a37009b3e11129d04e668fa6ba31a
Author: Arno Töll <arno at debian.org>
Date: Sat Jun 8 17:51:58 2013 +0200
Adapt our NEWS file and explain our security model
diff --git a/debian/apache2.NEWS b/debian/apache2.NEWS
index df2e464..8e195dc 100644
--- a/debian/apache2.NEWS
+++ b/debian/apache2.NEWS
@@ -20,6 +20,11 @@ apache2 (2.4.1-1) experimental; urgency=low
a2dismod mpm_worker
a2enmod mpm_prefork
+ We did change the security model for Apache in our default configuration. We
+ do not allow access to the file system outside /var/www, /srv and /usr/share.
+ If you are running virtual hosts or scripts outside these directories, you
+ need to whitelist them in your configuration to grant access through HTTP.
+
Moreover, the configuration mechanism in Debian has changed. All
configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
diff --git a/debian/config-dir/apache2.conf b/debian/config-dir/apache2.conf
index 9411bc2..fad3af3 100644
--- a/debian/config-dir/apache2.conf
+++ b/debian/config-dir/apache2.conf
@@ -145,7 +145,7 @@ Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and
+# not allow access to the root filesystem outside of /usr/share, /srv and
# /var/www. The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server.
<Directory />
--
Debian packaging for apache2
More information about the Pkg-apache-commits
mailing list