Ubuntu
apache2 package

Merge ~bryce/ubuntu/+source/apache2:merge-v2.4.46-4-hirsute into ubuntu/+source/apache2:debian/sid

  1. Git
  2. lp:~bryce/ubuntu/+source/apache2
  3. merge-v2.4.46-4-hirsute
  4. Merge into debian/sid
Proposed by Bryce Harrington
Status: Merged
Approved by: Bryce Harrington
Approved revision: e9e339c4bcea9c55de8cd6b61bedeb101021cc37
Merge reported by: Bryce Harrington
Merged at revision: e9e339c4bcea9c55de8cd6b61bedeb101021cc37
Proposed branch: ~bryce/ubuntu/+source/apache2:merge-v2.4.46-4-hirsute
Merge into: ubuntu/+source/apache2:debian/sid
Diff against target: 2522 lines (+1869/-34)
14 files modified
debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+1/-0)
debian/apache2.py (+48/-0)
debian/apache2ctl (+33/-18)
debian/changelog (+1697/-2)
debian/control (+4/-2)
debian/index.html (+19/-12)
debian/perl-framework/t/apache/expr_string.t (+4/-0)
debian/source/include-binaries (+1/-0)
debian/tests/check-http2 (+41/-0)
debian/tests/control (+4/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+399177@code.launchpad.net

Description of the change

This is a minor merge from Debian to help resolve LP: #1910372 which seeks to drop lua5.2 in favor of lua 5.3. Debian has already made this change, so doing the merge allows us to do as well.

The lua version change was not mentioned in Debian's changelog, but can be seen in the diff. To make sure there were not other undocumented changes that might violate our FFe policy, I did a commit-by-commit review of all changes in the -3 and -4 releases from Debian. There were no substantial changes to the software itself other than lua5.3 afaict. A report on this analysis is below.

Debian has disabled several test cases which I think are not broken for us. I considered re-enabling them for us, but I don't think that would gain us much. One of the commit messages uses the word 'temporary' so perhaps Debian and/or upstream will be working on fixes to them.

One piece of our delta is now in Debian. The remainder has been with us for quite some time and still looks to me like it should stay with us.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/apache2-merge-v2.4.46-4

### Additional Note ###

Historically, the split changes aren't available via git-ubuntu due to a bug. As a work-around to that, I started from Paride's merge branch. The aforementioned dropped delta was the only merge conflict.

Also, Apache2 hits the 'empty directories' problem with git, and so requires passing --no-verify to various git commands. Because of this, `git ubuntu merge finish pkg/ubuntu/devel` errors with a stack trace. The workaround I used for that was as follows:

$ git commit -m merge-changelogs --no-verify debian/changelog
[detached HEAD 4180b2f0f] merge-changelogs
 1 file changed, 1670 insertions(+), 2 deletions(-)
$ commit_message=$(for rev in $(git rev-list --reverse 'new/debian..HEAD^'); do git log --pretty=%B -n 1 $rev | sed '/^\
[[:space:]]*$/d'; done)
$ awk -v r="$commit_message" '{gsub(/* PLACEHOLDER/,r)}1' debian/changelog > debian/changelog.tmp
$ mv debian/changelog.tmp debian/changelog
$ git commit --no-verify -m reconstruct-changelog debian/changelog
$ update-maintainer
$ git commit --no-verify -m update-maintainer debian/control

I think this provided equivalent results to what git ubuntu does (I took the steps directly from the git-ubuntu codebase). I couldn't find these steps documented anywhere, although I suspect it's what others have had to do in the past. Anyway, I include them here for reference if someone needs them for future apache merges. (But sounds like Robie has a better way to work around this that might be better to try next time.)

### Analysis of Debian changes ###

c4345ed5 releasing package apache2 version 2.4.46-4
  - changelog only

91ec8581 Ignore another test
  - Identical to one of the changes in the ubuntu delta,
    which we can drop now.

b4b14a64 Ignore another random another test failure
  - Disables test case for png content. Reason not mentioned.

a55c97f6 releasing package apache2 version 2.4.46-3
  - changelog only

ac6936d8 Disable temporary 3 subtests
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979664
  - Disables an xml filter test case and two session module test cases.
    Reason not mentioned, just that they fail CI.

a0088e23 Update d/ch
  - changelog only

8753f5b5 Add debian/gbp.conf
  - Adds gbp config, which we don't use for maintaining apache.

115d3084 Declare compliance with policy 4.5.1
  - Just a housekeeping cleanup

647d73b6 Fix day-of-week for changelog entry 2.0.42-2.
  - changelog only

809ce169 Build against lua5.3 instead of lua5.2
  - This is a substantive change as it alters build dependencies, but
    this is a change we actively want.

920ac47a Update lintian overrides
  - Just a housekeeping cleanup

1883ce71 Update d/ch
  - changelog only

52c6d77a Enable verbose test output during autopkgtest
  - More verbosity during autopkgtest should be fine + helpful

58945288 Clean include-binaries
  - Drops debian/upstream/signing-key.pgp from the list of
    include-binaries. This file was converted to signing-key.asc back
    in 2.4.38-1.
  - So this is just cleanup

42d6a1de Remove postinst/preinst hooks concerning old versions
cb7db4b5 Partial revert of 42d6a1de
  - Drops some various cleanups for old versions of Apache2, that we
    haven't shipped since before bionic. Users upgrading from such old
    versions would have to go through at least bionic and focal, which
    will have cleaned the files up.
  - So this cleanup should also be safe for us

27377967 Spelling error in (c)
  - Just a sp. fix for debian/copyright

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is still marked as WIP, is it or shall this be reviewed?
Since I was missing last week I might miss some context here and not waste time reviewing if it might be not the right next step.

Revision history for this message
Bryce Harrington (bryce) wrote :

Yes, this is ready to be reviewed.

The reason I set to WIP was anticipating there might be ideas from the "git ubuntu empty dirs" meeting that I'd need to redo the merge for, but there weren't, so this is good to go as is.

~bryce/ubuntu/+source/apache2:merge-v2.4.46-4-hirsute updated
2f86ed6... by Bryce Harrington

  * d/apache2ctl: Also use /run/systemd to check for systemd usage
    (LP: #1918209)

b9374b4... by Bryce Harrington

merge-changelogs

5e1e6b6... by Bryce Harrington

reconstruct-changelog

04405d0... by Bryce Harrington

update-maintainer

e9e339c... by Bryce Harrington

changelog add'l details about merge

Revision history for this message
Bryce Harrington (bryce) wrote :

Btw, I've also tacked on a bugfix for an issue we think causes OCI build failures.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Changelog:
- [✓] old content match as expected (I also have parides branch)
- [✓] changelog entry correct version and targeted codename
- [?] changelog entries correct (almost - IMHO the extra entry for 1918209 would go under an "* Added Changes", but that is optional and up to you
- [✓] update-maintainer has been run

Actual changes:
- [✓] no major upstream changes to consider
- [✓] no further upstream version to consider
- [✓] debian changes look safe (I've went through the changes in salsa just like you did and agree)

Old Delta:
- [✓] dropped changes are ok to be dropped
- [✓] nothing else to drop
- [?] changes forwarded upstream/debian
      Since Debian recently seems to be big on "disabling random fail tests" I wonder if it might be a good time to forward our delta for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1890302 ?

New Delta:
- [✓] new are good
- [?] new change submitted to Debian? I've not seen a reference for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1918209
I agree it is a common pattern https://codesearch.debian.net/search?q=%2Frun%2Fsystemd%2Fsystem&literal=1 and ok to add, but maybe file it with Debian as well to some day be able to drop the Delta?

Build/Test:
- [✓] build is ok
- [✓] verified PPA package installs/uninstalls

Revision history for this message
Christian Ehrhardt  (paelzer) :
review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for the review. I've gone ahead and uploaded it (so we can get the fix for the OCIs in play), and will forward the delta to Debian later this week. I can't do the upload tag yet due to a git-ubuntu bug but will do so once there's a solution for that.

$ dput ubuntu apache2_2.4.46-4ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: /home/bryce/pkg/Apache2/merge-v2.4.46-4/apache2_2.4.46-4ubuntu1_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: /home/bryce/pkg/Apache2/merge-v2.4.46-4/apache2_2.4.46-4ubuntu1.dsc: Valid signature from E603B2578FB8F0FB
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.46-4ubuntu1.dsc: done.
  Uploading apache2_2.4.46-4ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.46-4ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.46-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Bryce Harrington (bryce) wrote :

This has now migrated. (There was one perl test failure on amd64 but it appears to have been just a timing issue; I re-triggered it and it passed.)

  - Current Version: 2.4.46-4ubuntu1
  - Proposed Version: None
  - Debian Version: 2.4.46-4
  - New Version: 2.4.46-4ubuntu1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
index 63c573f..3d1bdf1 100644
--- a/debian/apache2-bin.install
+++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
1/usr/lib/apache2/modules/1/usr/lib/apache2/modules/
2/usr/sbin/apache22/usr/sbin/apache2
3debian/apache2.py usr/share/apport/package-hooks
diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
3new file mode 1006444new file mode 100644
index 0000000..974a655
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
1[Apache]
2title=Web Server
3description=Apache v2 is the next generation of the omnipresent Apache web server.
4ports=80/tcp
5
6[Apache Secure]
7title=Web Server (HTTPS)
8description=Apache v2 is the next generation of the omnipresent Apache web server.
9ports=443/tcp
10
11[Apache Full]
12title=Web Server (HTTP,HTTPS)
13description=Apache v2 is the next generation of the omnipresent Apache web server.
14ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 6089013..1aa6d3c 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
10var/lib/apache210var/lib/apache2
11var/log/apache211var/log/apache2
12var/www/html12var/www/html
13/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad789..92865fc 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2
8debian/config-dir/envvars /etc/apache28debian/config-dir/envvars /etc/apache2
9debian/config-dir/magic /etc/apache29debian/config-dir/magic /etc/apache2
10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
11debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/apache2.postrm b/debian/apache2.postrm
index a68583c..b0e5d7b 100644
--- a/debian/apache2.postrm
+++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
33 776221a94e5a174dc2396c0f3f6b6a7433 776221a94e5a174dc2396c0f3f6b6a74
34 c481228d439cbb54bdcedbaec5bbb11a34 c481228d439cbb54bdcedbaec5bbb11a
35 e2620d4a5a0f8d80dd4b16de59af981f35 e2620d4a5a0f8d80dd4b16de59af981f
36 3526531ccd6c6a1d2340574a305a18f8
36 EOF37 EOF
37}38}
3839
diff --git a/debian/apache2.py b/debian/apache2.py
39new file mode 10064440new file mode 100644
index 0000000..a9fb9d8
--- /dev/null
+++ b/debian/apache2.py
@@ -0,0 +1,48 @@
1#!/usr/bin/python
2
3'''apport hook for apache2
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
19
20def add_info(report, ui):
21 if os.path.isdir(SITES_ENABLED_DIR):
22 response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
23 "may help developers diagnose your bug more "
24 "quickly. However, it may contain sensitive "
25 "information. Do you want to include it in your "
26 "bug report?")
27
28 if response == None: # user cancelled
29 raise StopIteration
30
31 elif response == True:
32 # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
33 for conf_file in os.listdir(SITES_ENABLED_DIR):
34 attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
35
36 try:
37 report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
38 except OSError:
39 report['Apache2ConfdDirListing'] = str(False)
40
41 # Attach default config files if changed.
42 attach_conffiles(report, 'apache2', conffiles=None)
43
44 # Attach the error.log file.
45 attach_file(report, '/var/log/apache2/error.log', key='error.log')
46
47 # Get loaded modules.
48 report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
diff --git a/debian/apache2ctl b/debian/apache2ctl
index 404b9f9..02f3bca 100755
--- a/debian/apache2ctl
+++ b/debian/apache2ctl
@@ -143,6 +143,21 @@ mkdir_chown () {
143 fi143 fi
144}144}
145145
146need_systemd () {
147 # Detect if systemd is in use and should be used for managing
148 # the Apache2 httpd service. Returns 0 if so, 1 otherwise.
149 if [ -z "${APACHE_STARTED_BY_SYSTEMD}" ]; then
150 case "$(readlink -f /proc/1/exe)" in
151 *systemd*)
152 return 0
153 ;;
154 esac
155 # With Docker, /proc/1 is not necessarily an init system,
156 # so fallback to checking in /run.
157 [ -d /run/systemd/system ]
158 fi
159 return 1
160}
146161
147[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}162[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
148[ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}163[ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
@@ -153,38 +168,38 @@ start)
153 # (this is bad if there are several apache2 instances running)168 # (this is bad if there are several apache2 instances running)
154 rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*169 rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*
155170
156 need_systemd=false171 if need_systemd; then
157 if [ -z "$APACHE_STARTED_BY_SYSTEMD" ] ; then
158 case "$(readlink -f /proc/1/exe)" in
159 *systemd*)
160 need_systemd=true
161 ;;
162 *)
163 ;;
164 esac
165 fi
166 if $need_systemd ; then
167 # If running on systemd we should not start httpd without systemd172 # If running on systemd we should not start httpd without systemd
168 # or systemd will get confused about the status of httpd.173 # or systemd will get confused about the status of httpd.
169 echo "Invoking 'systemctl start $APACHE_SYSTEMD_SERVICE'."174 echo "Invoking 'systemctl start ${APACHE_SYSTEMD_SERVICE}'."
170 echo "Use 'systemctl status $APACHE_SYSTEMD_SERVICE' for more info."175 echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
171 systemctl start "$APACHE_SYSTEMD_SERVICE"176 systemctl start "${APACHE_SYSTEMD_SERVICE}"
172 else177 else
173 unset APACHE_STARTED_BY_SYSTEMD178 unset APACHE_STARTED_BY_SYSTEMD
174 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"179 ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
175 fi180 fi
176181
177 ERROR=$?182 ERROR=$?
178 ;;183 ;;
179stop|graceful-stop)184stop|graceful-stop)
180 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"185 ${HTTPD} ${APACHE_ARGUMENTS} -k "$ARGV"
181 ERROR=$?186 ERROR=$?
182 ;;187 ;;
183restart|graceful)188restart|graceful)
184 if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then189 if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
185 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"190 if need_systemd; then
191 # If running on systemd we should not directly restart httpd since
192 # systemd would be confused about httpd's status.
193 # (See LP: #1832182)
194 echo "Invoking 'systemctl restart ${APACHE_SYSTEMD_SERVICE}'."
195 echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
196 systemctl restart "${APACHE_SYSTEMD_SERVICE}"
197 else
198 unset APACHE_STARTED_BY_SYSTEMD
199 ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
200 fi
186 else201 else
187 $HTTPD ${APACHE_ARGUMENTS} -t202 ${HTTPD} ${APACHE_ARGUMENTS} -t
188 fi203 fi
189 ERROR=$?204 ERROR=$?
190 ;;205 ;;
diff --git a/debian/changelog b/debian/changelog
index 8a02325..19b4857 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,30 @@
1apache2 (2.4.46-4ubuntu1) hirsute; urgency=medium
2
3 * Merge with Debian unstable, to allow moving from lua5.2 to
4 lua5.3 (LP: #1910372). Remaining changes:
5 - debian/{control, apache2.install, apache2-utils.ufw.profile,
6 apache2.dirs}: Add ufw profiles.
7 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
8 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
9 Debian with Ubuntu on default page.
10 + d/source/include-binaries: add Ubuntu icon file
11 - d/t/control, d/t/check-http2: add basic test for http2 support
12 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
13 issue reading error log too quickly after request, by adding a sleep.
14 (LP #1890302)
15 - d/apache2ctl: Also use systemd for graceful if it is in use.
16 This extends an earlier fix for the start command to behave
17 similarly for restart / graceful. Fixes service failures on
18 unattended upgrade.
19 * Drop:
20 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
21 was re-added by mistake in 2.4.41-1 (Closes #921024)
22 [Included in Debian 2.4.46-3]
23 * d/apache2ctl: Also use /run/systemd to check for systemd usage
24 (LP: #1918209)
25
26 -- Bryce Harrington <bryce@canonical.com> Tue, 09 Mar 2021 00:45:35 +0000
27
1apache2 (2.4.46-4) unstable; urgency=medium28apache2 (2.4.46-4) unstable; urgency=medium
229
3 * Ignore other random another test failures (Closes: #979664)30 * Ignore other random another test failures (Closes: #979664)
@@ -15,6 +42,28 @@ apache2 (2.4.46-3) unstable; urgency=medium
1542
16 -- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +010043 -- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +0100
1744
45apache2 (2.4.46-2ubuntu1) hirsute; urgency=medium
46
47 * Merge with Debian unstable. Remaining changes:
48 - debian/{control, apache2.install, apache2-utils.ufw.profile,
49 apache2.dirs}: Add ufw profiles.
50 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
51 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
52 Debian with Ubuntu on default page.
53 + d/source/include-binaries: add Ubuntu icon file
54 - d/t/control, d/t/check-http2: add basic test for http2 support
55 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
56 was re-added by mistake in 2.4.41-1 (Closes #921024)
57 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
58 issue reading error log too quickly after request, by adding a sleep.
59 (LP #1890302)
60 - d/apache2ctl: Also use systemd for graceful if it is in use.
61 This extends an earlier fix for the start command to behave
62 similarly for restart / graceful. Fixes service failures on
63 unattended upgrade.
64
65 -- Paride Legovini <paride.legovini@canonical.com> Mon, 14 Dec 2020 18:12:15 +0100
66
18apache2 (2.4.46-2) unstable; urgency=medium67apache2 (2.4.46-2) unstable; urgency=medium
1968
20 [ Jean-Michel Vourgère ]69 [ Jean-Michel Vourgère ]
@@ -36,6 +85,39 @@ apache2 (2.4.46-2) unstable; urgency=medium
3685
37 -- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +010086 -- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +0100
3887
88apache2 (2.4.46-1ubuntu2) hirsute; urgency=medium
89
90 * d/apache2ctl: Also use systemd for graceful if it is in use.
91 (LP: #1832182)
92 - This extends an earlier fix for the start command to behave
93 similarly for restart / graceful. Fixes service failures on
94 unattended upgrade.
95
96 -- Bryce Harrington <bryce@canonical.com> Mon, 05 Oct 2020 16:06:32 -0700
97
98apache2 (2.4.46-1ubuntu1) groovy; urgency=medium
99
100 * Merge with Debian unstable. Remaining changes:
101 - debian/{control, apache2.install, apache2-utils.ufw.profile,
102 apache2.dirs}: Add ufw profiles.
103 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
104 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
105 Debian with Ubuntu on default page.
106 + d/source/include-binaries: add Ubuntu icon file
107 - d/t/control, d/t/check-http2: add basic test for http2 support
108 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
109 was re-added by mistake in 2.4.41-1 (Closes #921024)
110 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
111 issue reading error log too quickly after request, by adding a sleep.
112 (LP #1890302)
113 * Dropped:
114 - debian/patches/086_svn_cross_compiles: Backport several cross
115 fixes from upstream
116 [Unclear if it's still necessary, and upstream hasn't made a
117 release with it yet]
118
119 -- Andreas Hasenack <andreas@canonical.com> Tue, 25 Aug 2020 09:13:38 -0300
120
39apache2 (2.4.46-1) unstable; urgency=medium121apache2 (2.4.46-1) unstable; urgency=medium
40122
41 [ Xavier Guimard ]123 [ Xavier Guimard ]
@@ -52,6 +134,39 @@ apache2 (2.4.46-1) unstable; urgency=medium
52134
53 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200135 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200
54136
137apache2 (2.4.43-1ubuntu2) groovy; urgency=medium
138
139 * d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
140 issue reading error log too quickly after request, by adding a sleep.
141 (LP: #1890302)
142
143 -- Bryce Harrington <bryce@canonical.com> Wed, 05 Aug 2020 12:44:59 -0700
144
145apache2 (2.4.43-1ubuntu1) groovy; urgency=medium
146
147 * Merge with Debian unstable. Remaining changes:
148 - debian/{control, apache2.install, apache2-utils.ufw.profile,
149 apache2.dirs}: Add ufw profiles.
150 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
151 - debian/patches/086_svn_cross_compiles: Backport several cross
152 fixes from upstream
153 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
154 Debian with Ubuntu on default page.
155 + d/source/include-binaries: add Ubuntu icon file
156 - d/t/control, d/t/check-http2: add basic test for http2 support
157 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
158 was re-added by mistake in 2.4.41-1 (Closes #921024)
159 * Dropped:
160 - d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
161 parameter to mod_proxy_ajp (LP #1865340)
162 [Fixed upstream]
163 - d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
164 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
165 Closes #955348, LP #1872478
166 [In 2.4.43-1]
167
168 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Jul 2020 10:22:42 -0300
169
55apache2 (2.4.43-1) unstable; urgency=medium170apache2 (2.4.43-1) unstable; urgency=medium
56171
57 [ Timo Aaltonen ]172 [ Timo Aaltonen ]
@@ -79,6 +194,39 @@ apache2 (2.4.41-5) unstable; urgency=medium
79194
80 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100195 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100
81196
197apache2 (2.4.41-4ubuntu3) focal; urgency=medium
198
199 [ Timo Aaltonen ]
200 * d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
201 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
202 Closes: #955348, LP: #1872478
203
204 -- Andreas Hasenack <andreas@canonical.com> Mon, 13 Apr 2020 14:19:17 -0300
205
206apache2 (2.4.41-4ubuntu2) focal; urgency=medium
207
208 * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
209 parameter to mod_proxy_ajp (LP: #1865340)
210
211 -- Andreas Hasenack <andreas@canonical.com> Thu, 05 Mar 2020 15:51:00 -0300
212
213apache2 (2.4.41-4ubuntu1) focal; urgency=medium
214
215 * Merge with Debian unstable. Remaining changes:
216 - debian/{control, apache2.install, apache2-utils.ufw.profile,
217 apache2.dirs}: Add ufw profiles.
218 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
219 - debian/patches/086_svn_cross_compiles: Backport several cross
220 fixes from upstream
221 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
222 Debian with Ubuntu on default page.
223 + d/source/include-binaries: add Ubuntu icon file
224 - d/t/control, d/t/check-http2: add basic test for http2 support
225 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
226 was re-added by mistake in 2.4.41-1 (Closes #921024)
227
228 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 10:36:13 -0300
229
82apache2 (2.4.41-4) unstable; urgency=medium230apache2 (2.4.41-4) unstable; urgency=medium
83231
84 * Add gcc in chroot autopkgtest (fixes debci)232 * Add gcc in chroot autopkgtest (fixes debci)
@@ -103,6 +251,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
103251
104 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100252 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100
105253
254apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
255
256 * Merge with Debian unstable. Remaining changes:
257 - debian/{control, apache2.install, apache2-utils.ufw.profile,
258 apache2.dirs}: Add ufw profiles.
259 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
260 - debian/patches/086_svn_cross_compiles: Backport several cross
261 fixes from upstream
262 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
263 Debian with Ubuntu on default page.
264 + d/source/include-binaries: add Ubuntu icon file
265 - d/t/control, d/t/check-http2: add basic test for http2 support
266 * Dropped:
267 - Cherrypick upstream testsuite fix:
268 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
269 as such).
270 + Similarly use TLSv1.2 for pr12355 and pr43738.
271 [Test suite updated in 2.4.41-1]
272 - Cherrypick upstream test suite fix for buffer.
273 [Included in 2.4.41-1]
274 - d/p/spelling-errors.patch: removed hunks already fixed upstream
275 [Included in 2.4.39-1]
276 - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
277 + d/p/CVE-2019-0196.patch
278 + d/p/CVE-2019-0211.patch
279 + d/p/CVE-2019-0215.patch
280 + d/p/CVE-2019-0217.patch
281 + d/p/CVE-2019-0220-*.patch
282 + d/p/CVE-2019-0197.patch
283 * Added:
284 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
285 was re-added by mistake in 2.4.41-1 (Closes: #921024)
286
287 -- Andreas Hasenack <andreas@canonical.com> Wed, 14 Aug 2019 11:36:32 -0300
288
106apache2 (2.4.41-1) unstable; urgency=medium289apache2 (2.4.41-1) unstable; urgency=medium
107290
108 * New upstream version 2.4.41291 * New upstream version 2.4.41
@@ -133,6 +316,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
133316
134 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200317 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200
135318
319apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
320
321 * New upstream version: 2.4.39
322 * d/p/spelling-errors.patch: removed hunks already fixed upstream
323 * Remaining changes:
324 - Cherrypick upstream test suite fix for buffer.
325 - Cherrypick upstream testsuite fix:
326 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
327 as such).
328 - Similarly use TLSv1.2 for pr12355 and pr43738.
329 - debian/{control, apache2.install, apache2-utils.ufw.profile,
330 apache2.dirs}: Add ufw profiles.
331 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
332 - debian/patches/086_svn_cross_compiles: Backport several cross
333 fixes from upstream
334 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
335 Debian with Ubuntu on default page.
336 + d/source/include-binaries: add Ubuntu icon file
337 - d/t/control, d/t/check-http2: add basic test for http2 support
338 * Dropped patches (fixed upstream):
339 - d/p/CVE-2019-0196.patch
340 - d/p/CVE-2019-0211.patch
341 - d/p/CVE-2019-0215.patch
342 - d/p/CVE-2019-0217.patch
343 - d/p/CVE-2019-0220-*.patch
344 - d/p/CVE-2019-0197.patch
345
346 -- Andreas Hasenack <andreas@canonical.com> Mon, 05 Aug 2019 18:09:08 -0300
347
348apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
349
350 * Cherrypick upstream test suite fix for buffer.
351
352 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 13 Jun 2019 11:08:24 +0100
353
354apache2 (2.4.38-3ubuntu1) eoan; urgency=low
355
356 * Merge from Debian unstable. Remaining changes:
357 - Cherrypick upstream testsuite fix:
358 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
359 as such).
360 - Similarly use TLSv1.2 for pr12355 and pr43738.
361 - debian/{control, apache2.install, apache2-utils.ufw.profile,
362 apache2.dirs}: Add ufw profiles.
363 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
364 - debian/patches/086_svn_cross_compiles: Backport several cross
365 fixes from upstream
366 [Removed configure chunk, not needed since configure.in is being
367 patched.]
368 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
369 Debian with Ubuntu on default page.
370 + d/source/include-binaries: add Ubuntu icon file
371 - d/t/control, d/t/check-http2: add basic test for http2 support
372
373 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 10 Jun 2019 19:17:38 +0100
374
136apache2 (2.4.38-3) unstable; urgency=high375apache2 (2.4.38-3) unstable; urgency=high
137376
138 [ Marc Deslauriers ]377 [ Marc Deslauriers ]
@@ -170,6 +409,79 @@ apache2 (2.4.38-3) unstable; urgency=high
170409
171 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200410 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200
172411
412apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
413
414 * Cherrypick upstream testsuite fix:
415 - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
416 as such).
417 * Similarly use TLSv1.2 for pr12355 and pr43738.
418
419 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 07 May 2019 10:39:47 +0100
420
421apache2 (2.4.38-2ubuntu2) disco; urgency=medium
422
423 * SECURITY UPDATE: read-after-free on a string compare in mod_http2
424 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
425 request method in modules/http2/h2_request.c.
426 - CVE-2019-0196
427 * SECURITY UPDATE: privilege escalation from modules' scripts
428 - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
429 child to its slot number in include/scoreboard.h,
430 server/mpm/event/event.c, server/mpm/prefork/prefork.c,
431 server/mpm/worker/worker.c.
432 - CVE-2019-0211
433 * SECURITY UPDATE: mod_ssl access control bypass
434 - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
435 PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
436 - CVE-2019-0215
437 * SECURITY UPDATE: mod_auth_digest access control bypass
438 - debian/patches/CVE-2019-0217.patch: fix a race condition in
439 modules/aaa/mod_auth_digest.c.
440 - CVE-2019-0217
441 * SECURITY UPDATE: URL normalization inconsistincy
442 - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
443 the path in include/http_core.h, include/httpd.h, server/core.c,
444 server/request.c, server/util.c.
445 - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
446 in server/request.c, server/util.c.
447 - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
448 server/util.c.
449 - CVE-2019-0220
450
451 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Apr 2019 14:31:46 -0400
452
453apache2 (2.4.38-2ubuntu1) disco; urgency=medium
454
455 * Merge with Debian unstable. Remaining changes:
456 - debian/{control, apache2.install, apache2-utils.ufw.profile,
457 apache2.dirs}: Add ufw profiles.
458 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
459 - debian/patches/086_svn_cross_compiles: Backport several cross
460 fixes from upstream
461 [Removed configure chunk, not needed since configure.in is being
462 patched.]
463 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
464 Debian with Ubuntu on default page.
465 + d/source/include-binaries: add Ubuntu icon file
466 - d/t/control, d/t/check-http2: add basic test for http2 support
467 * Dropped:
468 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
469 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
470 cannot be coinstalled with libcurl3. That situation breaks the
471 installation of libapache2-mod-shib2. See
472 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
473 for details.
474 [This has been resolved in Disco, where libxmltooling8 is built with
475 openssl 1.1]
476 - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
477 + debian/patches/CVE-2018-11763.patch: rework connection IO event
478 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
479 modules/http2/h2_version.h.
480 - CVE-2018-11763
481 [Fixed in 2.4.35]
482
483 -- Andreas Hasenack <andreas@canonical.com> Sun, 03 Feb 2019 14:57:13 -0200
484
173apache2 (2.4.38-2) unstable; urgency=medium485apache2 (2.4.38-2) unstable; urgency=medium
174486
175 * Disable "reset" test in allowmethods.t (Closes: #921024)487 * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -251,6 +563,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
251563
252 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200564 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200
253565
566apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
567
568 * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
569 - debian/patches/CVE-2018-11763.patch: rework connection IO event
570 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
571 modules/http2/h2_version.h.
572 - CVE-2018-11763
573
574 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Oct 2018 09:57:22 -0400
575
576apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
577
578 * Merge with Debian unstable. Remaining changes:
579 - debian/{control, apache2.install, apache2-utils.ufw.profile,
580 apache2.dirs}: Add ufw profiles.
581 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
582 - debian/patches/086_svn_cross_compiles: Backport several cross
583 fixes from upstream
584 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
585 Debian with Ubuntu on default page.
586 + d/source/include-binaries: add Ubuntu icon file
587 - d/t/control, d/t/check-http2: add basic test for http2 support
588 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
589 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
590 cannot be coinstalled with libcurl3. That situation breaks the
591 installation of libapache2-mod-shib2. See
592 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
593 for details.
594
595 -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Aug 2018 17:09:27 -0300
596
254apache2 (2.4.34-1) unstable; urgency=medium597apache2 (2.4.34-1) unstable; urgency=medium
255598
256 [ Ondřej Surý ]599 [ Ondřej Surý ]
@@ -269,6 +612,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
269612
270 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200613 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200
271614
615apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
616
617 * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
618 re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
619
620 -- Andreas Hasenack <andreas@canonical.com> Thu, 28 Jun 2018 10:07:06 -0300
621
622apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
623
624 * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
625 libapache2-mod-md until we figure out their transitions. libapache2-mod-md
626 in particular is problematic because that makes apache2-bin pull in
627 libcurl4 which cannot be coinstalled with libcurl3. That situation breaks
628 the installation of libapache2-mod-shib2. See
629 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
630 for details.
631 - Don't ship md.load and remove build-requires that were added because of
632 mod-md (see
633 https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
634 - Remove proxy_uwsgi.load as we are not building it for now (see
635 https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
636
637 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 May 2018 14:46:19 +0000
638
639apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
640
641 * Merge with Debian unstable (LP: #1770242). Remaining changes:
642 - debian/{control, apache2.install, apache2-utils.ufw.profile,
643 apache2.dirs}: Add ufw profiles.
644 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
645 - debian/patches/086_svn_cross_compiles: Backport several cross
646 fixes from upstream
647 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
648 Debian with Ubuntu on default page.
649 + d/source/include-binaries: add Ubuntu icon file
650 - d/t/control, d/t/check-http2: add basic test for http2 support
651 * Drop:
652 - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
653 + debian/patches/CVE-2017-15710.patch: fix language long names
654 detection as short name in modules/aaa/mod_authnz_ldap.c.
655 + CVE-2017-15710
656 - SECURITY UPDATE: incorrect <FilesMatch> matching
657 + debian/patches/CVE-2017-15715.patch: allow to configure
658 global/default options for regexes, like caseless matching or
659 extended format in include/ap_regex.h, server/core.c,
660 server/util_pcre.c.
661 + CVE-2017-15715
662 - SECURITY UPDATE: mod_session header manipulation
663 + debian/patches/CVE-2018-1283.patch: strip Session header when
664 SessionEnv is on in modules/session/mod_session.c.
665 + CVE-2018-1283
666 - SECURITY UPDATE: DoS via specially-crafted request
667 + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
668 terminated on any error, not only on buffer full in
669 server/protocol.c.
670 + CVE-2018-1301
671 - SECURITY UPDATE: mod_cache_socache DoS
672 + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
673 to carriage return in modules/cache/mod_cache_socache.c.
674 + CVE-2018-1303
675 - SECURITY UPDATE: insecure nonce generation
676 + debian/patches/CVE-2018-1312.patch: actually use the secret when
677 generating nonces in modules/aaa/mod_auth_digest.c.
678 + CVE-2018-1312
679 - Correct systemd-sysv-generator behavior by customizing some
680 parameters:
681 + d/apache2-systemd.conf: add a drop-in file to specify some
682 parameters for the systemd unit (type=Forking and
683 RemainsAfterExit=no), this allow a correct state synchronisation
684 between systemctl status and actual state of apache2 daemon.
685 + d/apache2.install: place the apache2-systemd.conf file in the
686 correct location.
687 [type=Forking already in the base systemd service file, and
688 RemainsAfterExit=no is the default value, so no need to
689 customize these anymore.]
690 - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
691 + added debian/patches/util_ldap_cache_lock_fix.patch
692 [Already applied upstream]
693
694 -- Andreas Hasenack <andreas@canonical.com> Tue, 15 May 2018 11:03:34 -0300
695
272apache2 (2.4.33-3) unstable; urgency=medium696apache2 (2.4.33-3) unstable; urgency=medium
273697
274 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.698 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -341,6 +765,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
341765
342 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000766 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000
343767
768apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
769
770 * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
771 - debian/patches/CVE-2017-15710.patch: fix language long names
772 detection as short name in modules/aaa/mod_authnz_ldap.c.
773 - CVE-2017-15710
774 * SECURITY UPDATE: incorrect <FilesMatch> matching
775 - debian/patches/CVE-2017-15715.patch: allow to configure
776 global/default options for regexes, like caseless matching or
777 extended format in include/ap_regex.h, server/core.c,
778 server/util_pcre.c.
779 - CVE-2017-15715
780 * SECURITY UPDATE: mod_session header manipulation
781 - debian/patches/CVE-2018-1283.patch: strip Session header when
782 SessionEnv is on in modules/session/mod_session.c.
783 - CVE-2018-1283
784 * SECURITY UPDATE: DoS via specially-crafted request
785 - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
786 terminated on any error, not only on buffer full in
787 server/protocol.c.
788 - CVE-2018-1301
789 * SECURITY UPDATE: mod_cache_socache DoS
790 - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
791 to carriage return in modules/cache/mod_cache_socache.c.
792 - CVE-2018-1303
793 * SECURITY UPDATE: insecure nonce generation
794 - debian/patches/CVE-2018-1312.patch: actually use the secret when
795 generating nonces in modules/aaa/mod_auth_digest.c.
796 - CVE-2018-1312
797
798 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Apr 2018 07:38:24 -0400
799
800apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
801
802 * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
803 - added debian/patches/util_ldap_cache_lock_fix.patch
804
805 -- Rafael David Tinoco <rafael.tinoco@canonical.com> Fri, 02 Mar 2018 02:19:31 +0000
806
807apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
808
809 * Switch back to OpenSSL 1.1.
810
811 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 11:57:20 +0000
812
813apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
814
815 * enable http2 (LP: #1687454) by stopping to disable it
816 - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
817 - debian/config-dir/mods-available/http2.load: no more removed.
818 - debian/rules: no more removed proxy_http2 from configure.
819 * d/t/control, d/t/check-http2: add basic test for http2 support
820
821 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Dec 2017 17:25:39 +0100
822
823apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
824
825 * Merge with Debian unstable. Remaining changes:
826 - debian/{control, apache2.install, apache2-utils.ufw.profile,
827 apache2.dirs}: Add ufw profiles.
828 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
829 - debian/patches/086_svn_cross_compiles: Backport several cross
830 fixes from upstream
831 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
832 Debian with Ubuntu on default page.
833 + d/source/include-binaries: add Ubuntu icon file
834 - Correct systemd-sysv-generator behavior by customizing some
835 parameters:
836 + d/apache2-systemd.conf: add a drop-in file to specify some
837 parameters for the systemd unit (type=Forking and
838 RemainsAfterExit=no), this allow a correct state synchronisation
839 between systemctl status and actual state of apache2 daemon.
840 + d/apache2.install: place the apache2-systemd.conf file in the
841 correct location.
842 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
843 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
844 + debian/config-dir/mods-available/http2.load: removed.
845 + debian/rules: removed proxy_http2 from configure.
846 * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
847 - debian/control: switch BuildDepends to libssl1.0-dev
848 - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
849 - debian/rules: remove openssl virtual package and logic
850
851 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Nov 2017 10:51:46 -0500
852
344apache2 (2.4.29-1) unstable; urgency=medium853apache2 (2.4.29-1) unstable; urgency=medium
345854
346 [ Stefan Fritsch ]855 [ Stefan Fritsch ]
@@ -405,6 +914,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
405914
406 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200915 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200
407916
917apache2 (2.4.27-2ubuntu3) artful; urgency=medium
918
919 * SECURITY UPDATE: optionsbleed information leak
920 - debian/patches/CVE-2017-9798.patch: disallow method registration
921 at run time in server/core.c.
922 - CVE-2017-9798
923
924 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Sep 2017 11:05:48 -0400
925
926apache2 (2.4.27-2ubuntu2) artful; urgency=medium
927
928 * Undrop (LP 1658469):
929 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
930 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
931 + debian/config-dir/mods-available/http2.load: removed.
932 + debian/rules: removed proxy_http2 from configure.
933
934 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Aug 2017 13:04:45 -0400
935
936apache2 (2.4.27-2ubuntu1) artful; urgency=medium
937
938 * Merge with Debian unstable (LP: #1702582). Remaining changes:
939 - debian/{control, apache2.install, apache2-utils.ufw.profile,
940 apache2.dirs}: Add ufw profiles.
941 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
942 - debian/patches/086_svn_cross_compiles: Backport several cross
943 fixes from upstream
944 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
945 Debian with Ubuntu on default page.
946 + d/source/include-binaries: add Ubuntu icon file
947 - Correct systemd-sysv-generator behavior by customizing some
948 parameters:
949 + d/apache2-systemd.conf: add a drop-in file to specify some
950 parameters for the systemd unit (type=Forking and
951 RemainsAfterExit=no), this allow a correct state synchronisation
952 between systemctl status and actual state of apache2 daemon.
953 + d/apache2.install: place the apache2-systemd.conf file in the
954 correct location.
955
956 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 27 Jul 2017 13:38:39 -0700
957
408apache2 (2.4.27-2) unstable; urgency=medium958apache2 (2.4.27-2) unstable; urgency=medium
409959
410 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more960 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -434,6 +984,55 @@ apache2 (2.4.25-4) unstable; urgency=high
434984
435 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200985 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200
436986
987apache2 (2.4.25-3ubuntu3) artful; urgency=medium
988
989 * Re-Drop (LP: #1658469):
990 - Don't build experimental http2 module for LTS:
991 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
992 + debian/config-dir/mods-available/http2.load: removed.
993 + debian/rules: removed proxy_http2 from configure.
994 + debian/apache2.maintscript: remove http2 conffile.
995
996 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 01 May 2017 09:55:11 -0700
997
998apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
999 * Undrop (LP 1658469):
1000 - Don't build experimental http2 module for LTS:
1001 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1002 + debian/config-dir/mods-available/http2.load: removed.
1003 + debian/rules: removed proxy_http2 from configure.
1004 + debian/apache2.maintscript: remove http2 conffile.
1005
1006 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 08:53:43 -0800
1007
1008apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
1009
1010 * Merge from Debian unstable (LP: #1663425). Remaining changes:
1011 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1012 apache2.dirs}: Add ufw profiles.
1013 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1014 - debian/patches/086_svn_cross_compiles: Backport several cross
1015 fixes from upstream
1016 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1017 Debian with Ubuntu on default page.
1018 + d/source/include-binaries: add Ubuntu icon file
1019 - Correct systemd-sysv-generator behavior by customizing some
1020 parameters:
1021 + d/apache2-systemd.conf: add a drop-in file to specify some
1022 parameters for the systemd unit (type=Forking and
1023 RemainsAfterExit=no), this allow a correct state synchronisation
1024 between systemctl status and actual state of apache2 daemon.
1025 + d/apache2.install: place the apache2-systemd.conf file in the
1026 correct location.
1027 * Drop (LP: #1658469):
1028 - Don't build experimental http2 module for LTS:
1029 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1030 + debian/config-dir/mods-available/http2.load: removed.
1031 + debian/rules: removed proxy_http2 from configure.
1032 + debian/apache2.maintscript: remove http2 conffile.
1033
1034 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 09 Feb 2017 15:48:28 -0800
1035
437apache2 (2.4.25-3) unstable; urgency=medium1036apache2 (2.4.25-3) unstable; urgency=medium
4381037
439 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.1038 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -495,6 +1094,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
4951094
496 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +01001095 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +0100
4971096
1097apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
1098
1099 * Merge from Debian unstable (LP: #). Remaining changes:
1100 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1101 apache2.dirs}: Add ufw profiles.
1102 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1103 - debian/patches/086_svn_cross_compiles: Backport several cross
1104 fixes from upstream
1105 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
1106 d/source/include-binaries: replace Debian with Ubuntu on default
1107 page.
1108 [ include-binaries change previously undocumented ]
1109 - Don't build experimental http2 module for LTS:
1110 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1111 + debian/config-dir/mods-available/http2.load: removed.
1112 + debian/rules: removed proxy_http2 from configure.
1113 + debian/apache2.maintscript: remove http2 conffile.
1114 [ Previously undocumented ]
1115 - Correct systemd-sysv-generator behavior by customizing some
1116 parameters:
1117 + d/apache2-systemd.conf: add a drop-in file to specify some
1118 parameters for the systemd unit (type=Forking and
1119 RemainsAfterExit=no), this allow a correct state synchronisation
1120 between systemctl status and actual state of apache2 daemon.
1121 + d/apache2.install: place the apache2-systemd.conf file in the
1122 correct location.
1123 * Drop:
1124 - debian/rules: Fix cross-building by passing
1125 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1126 [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
1127
1128 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 09 Dec 2016 11:02:38 +0100
1129
498apache2 (2.4.23-8) unstable; urgency=medium1130apache2 (2.4.23-8) unstable; urgency=medium
4991131
500 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a1132 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -505,6 +1137,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
5051137
506 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +01001138 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +0100
5071139
1140apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
1141
1142 * Merge from Debian unstable. Remaining changes:
1143 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1144 apache2.dirs}: Add ufw profiles.
1145 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1146 - debian/rules: Fix cross-building by passing
1147 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1148 - debian/patches/086_svn_cross_compiles: Backport several cross
1149 fixes from upstream
1150 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1151 Debian with Ubuntu on default page.
1152 - Don't build experimental http2 module for LTS:
1153 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1154 + debian/config-dir/mods-available/http2.load: removed.
1155 + debian/rules: removed proxy_http2 from configure.
1156 - Correct systemd-sysv-generator behavior by customizing some
1157 parameters:
1158 + d/apache2-systemd.conf: add a drop-in file to specify some
1159 parameters for the systemd unit (type=Forking and
1160 RemainsAfterExit=no), this allow a correct state synchronisation
1161 between systemctl status and actual state of apache2 daemon.
1162 + d/apache2.install: place the apache2-systemd.conf file in the
1163 correct location.
1164
1165 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 Nov 2016 09:17:24 -0500
1166
508apache2 (2.4.23-7) unstable; urgency=medium1167apache2 (2.4.23-7) unstable; urgency=medium
5091168
510 * Make apache2-dev depend on openssl 1.0, too. Closes: #8441601169 * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -619,6 +1278,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
6191278
620 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +02001279 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +0200
6211280
1281apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
1282
1283 * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
1284 - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
1285 server/util_script.c.
1286 - CVE-2016-5387
1287
1288 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Jul 2016 14:32:02 -0400
1289
1290apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
1291
1292 [ Ryan Harper ]
1293 * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
1294 introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
1295 all, since http2 support is intentionally disabled (see LP 1531864).
1296 * d/apache2.maintscript: handle removal of http2.load conffile.
1297
1298 [ Robie Basak ]
1299 * Re-write Ryan's changelog entry.
1300
1301 -- Robie Basak <robie.basak@ubuntu.com> Fri, 15 Apr 2016 18:00:57 +0000
1302
1303apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
1304
1305 * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
1306 - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
1307 unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
1308 between systemctl status and actual state of apache2 daemon.
1309 - d/apache2.install: place the apache2-systemd.conf file in the correct location.
1310
1311 -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Fri, 08 Apr 2016 11:48:00 +0200
1312
1313apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
1314
1315 * Merge from Debian unstable. Remaining changes:
1316 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1317 apache2.dirs}: Add ufw profiles.
1318 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1319 - debian/rules: Fix cross-building by passing
1320 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1321 - debian/patches/086_svn_cross_compiles: Backport several cross
1322 fixes from upstream
1323 - d/index.html: replace Debian with Ubuntu on default page.
1324 - Don't build experimental http2 module for LTS:
1325 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1326 + debian/config-dir/mods-available/http2.load: removed.
1327
1328 -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Apr 2016 00:18:31 +0300
1329
622apache2 (2.4.18-2) unstable; urgency=low1330apache2 (2.4.18-2) unstable; urgency=low
6231331
624 * htcacheclean:1332 * htcacheclean:
@@ -644,6 +1352,24 @@ apache2 (2.4.18-2) unstable; urgency=low
6441352
645 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +02001353 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +0200
6461354
1355apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
1356
1357 * Merge from Debian unstable. Remaining changes:
1358 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1359 apache2.dirs}: Add ufw profiles.
1360 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1361 - Add dep8 tests.
1362 - debian/rules: Fix cross-building by passing
1363 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1364 - debian/patches/086_svn_cross_compiles: Backport several cross
1365 fixes from upstream
1366 - d/index.html: replace Debian with Ubuntu on default page.
1367 - Don't build experimental http2 module for LTS:
1368 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1369 + debian/config-dir/mods-available/http2.load: removed.
1370
1371 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Jan 2016 15:15:22 -0500
1372
647apache2 (2.4.18-1) unstable; urgency=medium1373apache2 (2.4.18-1) unstable; urgency=medium
6481374
649 * New upstream release:1375 * New upstream release:
@@ -651,12 +1377,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
6511377
652 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +01001378 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +0100
6531379
1380apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
1381
1382 * Merge from Debian unstable. Remaining changes:
1383 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1384 apache2.dirs}: Add ufw profiles.
1385 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1386 - Add dep8 tests.
1387 - debian/rules: Fix cross-building by passing
1388 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1389 - debian/patches/086_svn_cross_compiles: Backport several cross
1390 fixes from upstream
1391 - d/index.html: replace Debian with Ubuntu on default page.
1392 - Don't build experimental http2 module for LTS:
1393 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1394 + debian/config-dir/mods-available/http2.load: removed.
1395
1396 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Dec 2015 10:07:35 -0500
1397
654apache2 (2.4.17-3) unstable; urgency=medium1398apache2 (2.4.17-3) unstable; urgency=medium
6551399
656 * mpm_prefork: Fix segfault if started with -X. Closes: #8057371400 * mpm_prefork: Fix segfault if started with -X. Closes: #805737
6571401
658 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +01001402 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +0100
6591403
1404apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
1405
1406 * Merge from Debian unstable. Remaining changes:
1407 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1408 apache2.dirs}: Add ufw profiles.
1409 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1410 - Add dep8 tests.
1411 - debian/rules: Fix cross-building by passing
1412 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1413 - debian/patches/086_svn_cross_compiles: Backport several cross
1414 fixes from upstream
1415 - d/index.html: replace Debian with Ubuntu on default page.
1416 - Don't build experimental http2 module for LTS:
1417 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1418 + debian/config-dir/mods-available/http2.load: removed.
1419
1420 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Nov 2015 09:11:52 -0500
1421
660apache2 (2.4.17-2) unstable; urgency=medium1422apache2 (2.4.17-2) unstable; urgency=medium
6611423
662 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke1424 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -667,6 +1429,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
6671429
668 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +01001430 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +0100
6691431
1432apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
1433
1434 * Merge from Debian unstable. Remaining changes:
1435 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1436 apache2.dirs}: Add ufw profiles.
1437 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1438 - Add dep8 tests.
1439 - debian/rules: Fix cross-building by passing
1440 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1441 - debian/patches/086_svn_cross_compiles: Backport several cross
1442 fixes from upstream
1443 - d/index.html: replace Debian with Ubuntu on default page.
1444 * Drop patches (applied upstream):
1445 - debian/patches/CVE-2015-3183.patch
1446 - debian/patches/CVE-2015-3185.patch
1447 * Drop changes (adopted in Debian):
1448 - Allow "triggers-awaited" and "triggers-pending" states in addition
1449 to "installed" when determining whether to defer actions or
1450 process deferred actions.
1451 * Don't build experimental http2 module for LTS
1452 - debian/control: removed libnghttp2-dev Build-Depends (in universe).
1453 - debian/config-dir/mods-available/http2.load: removed.
1454
1455 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 30 Oct 2015 09:35:46 -0400
1456
670apache2 (2.4.17-1) unstable; urgency=medium1457apache2 (2.4.17-1) unstable; urgency=medium
6711458
672 [ Stefan Fritsch ]1459 [ Stefan Fritsch ]
@@ -732,6 +1519,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
7321519
733 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +02001520 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +0200
7341521
1522apache2 (2.4.12-2ubuntu2) wily; urgency=medium
1523
1524 * SECURITY UPDATE: request smuggling via chunked transfer encoding
1525 - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
1526 modules/http/http_filters.c.
1527 - CVE-2015-3183
1528 * SECURITY UPDATE: access restriction bypass via deprecated API
1529 - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
1530 in include/http_request.h, server/request.c.
1531 - CVE-2015-3185
1532
1533 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Jul 2015 09:56:09 -0400
1534
1535apache2 (2.4.12-2ubuntu1) wily; urgency=medium
1536
1537 * Merge from Debian unstable. Remaining changes:
1538 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1539 apache2.dirs}: Add ufw profiles.
1540 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1541 - Add dep8 tests.
1542 - debian/rules: Fix cross-building by passing
1543 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1544 - debian/patches/086_svn_cross_compiles: Backport several cross
1545 fixes from upstream
1546 - d/index.html: replace Debian with Ubuntu on default page.
1547 - Allow "triggers-awaited" and "triggers-pending" states in addition
1548 to "installed" when determining whether to defer actions or
1549 process deferred actions.
1550 * Drop patches (applied upstream):
1551 - d/p/split-logfile.patch
1552 - d/p/CVE-2015-0228.patch
1553 * Drop changes (superceded in Debian):
1554 - Cherry-pick versioned build-depend on dpkg from Debian for correct
1555 dpkg-maintscript-helper symlink_to_dir support.
1556 * Drop changes (adopted in Debian):
1557 - d/control, d/config-dir/mods-available/ssl.conf,
1558 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1559 dialog program ask-for-passphrase.
1560 * Fix cross-building configure line in d/rules, which had bit-rotted in
1561 previous merges.
1562
1563 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 May 2015 16:34:00 +0000
1564
735apache2 (2.4.12-2) unstable; urgency=medium1565apache2 (2.4.12-2) unstable; urgency=medium
7361566
737 [ Jean-Michel Nirgal Vourgère ]1567 [ Jean-Michel Nirgal Vourgère ]
@@ -781,6 +1611,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
7811611
782 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +01001612 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +0100
7831613
1614apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
1615
1616 * Merge from Debian unstable. Remaining changes:
1617 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1618 apache2.dirs}: Add ufw profiles.
1619 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1620 - d/control, d/config-dir/mods-available/ssl.conf,
1621 - Add dep8 tests.
1622 - debian/rules: Fix cross-building by passing
1623 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1624 - debian/patches/086_svn_cross_compiles: Backport several cross
1625 fixes from upstream
1626 - d/index.html: replace Debian with Ubuntu on default page.
1627 - d/p/split-logfile.patch: fix completely broken split-logfile
1628 command.
1629 - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
1630 denial of service in mod_lua via websockets PING
1631 * debian/tests/ssl-passphrase: Add password responder for
1632 systemd-ask-passphrase.
1633
1634 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 09 Mar 2015 12:03:16 +0100
1635
784apache2 (2.4.10-9) unstable; urgency=medium1636apache2 (2.4.10-9) unstable; urgency=medium
7851637
786 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a1638 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -795,6 +1647,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
7951647
796 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +01001648 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +0100
7971649
1650apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
1651
1652 * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
1653 directives
1654 - debian/patches/CVE-2014-8109.patch: handle multiple Require
1655 directives with different arguments in modules/lua/mod_lua.c.
1656 - CVE-2014-8109
1657 * SECURITY UPDATE: denial of service in mod_lua via websockets PING
1658 - debian/patches/CVE-2015-0228.patch: fix logic in
1659 modules/lua/lua_request.c.
1660 - CVE-2015-0228
1661
1662 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Mar 2015 10:56:34 -0500
1663
1664apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
1665
1666 * Allow "triggers-awaited" and "triggers-pending" states in addition to
1667 "installed" when determining whether to defer actions or process
1668 deferred actions (LP: #1393832).
1669
1670 -- Colin Watson <cjwatson@ubuntu.com> Wed, 26 Nov 2014 11:31:44 +0000
1671
1672apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
1673
1674 * Merge from Debian unstable. Remaining changes:
1675 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1676 apache2.dirs}: Add ufw profiles.
1677 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1678 - d/control, d/config-dir/mods-available/ssl.conf,
1679 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1680 dialog program ask-for-passphrase.
1681 - Add dep8 tests.
1682 - debian/rules: Fix cross-building by passing
1683 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1684 - debian/patches/086_svn_cross_compiles: Backport several cross
1685 fixes from upstream
1686 - d/index.html: replace Debian with Ubuntu on default page.
1687 - d/p/split-logfile.patch: fix completely broken split-logfile
1688 command.
1689 * Fixes from Debian included in merge:
1690 - Crash caused by OCSP stapling code; this was erroneously
1691 attributed to Debian in my previous merge, but actually only
1692 appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
1693 * Cherry-pick versioned build-depend on dpkg from Debian for correct
1694 dpkg-maintscript-helper symlink_to_dir support.
1695
1696 -- Robie Basak <robie.basak@ubuntu.com> Fri, 21 Nov 2014 15:15:58 +0000
1697
798apache2 (2.4.10-8) unstable; urgency=medium1698apache2 (2.4.10-8) unstable; urgency=medium
7991699
800 * Bump dpkg Pre-Depends to version that supports relative symlinks in1700 * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -809,6 +1709,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
8091709
810 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +01001710 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +0100
8111711
1712apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
1713
1714 * Merge from Debian unstable. Remaining changes:
1715 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1716 apache2.dirs}: Add ufw profiles.
1717 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1718 - d/control, d/config-dir/mods-available/ssl.conf,
1719 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1720 dialog program ask-for-passphrase.
1721 - Add dep8 tests.
1722 - debian/rules: Fix cross-building by passing
1723 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1724 - debian/patches/086_svn_cross_compiles: Backport several cross
1725 fixes from upstream
1726 - d/index.html: replace Debian with Ubuntu on default page.
1727 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1728 * Fixes from Debian included in merge:
1729 - Don't use a2query in preinst, as it may not be available yet
1730 (LP: #1312533).
1731 - Crash caused by OCSP stapling code (LP: #1366174).
1732 - Disable SSLv3 in default config (LP: #1358305).
1733 - If apache2 is not configured yet, defer actions executed via
1734 apache2-maintscript-helper. This fixes installation failures if a
1735 module package is configured first (LP: #1312854).
1736
1737 -- Robie Basak <robie.basak@ubuntu.com> Mon, 17 Nov 2014 18:04:40 +0000
1738
812apache2 (2.4.10-7) unstable; urgency=medium1739apache2 (2.4.10-7) unstable; urgency=medium
8131740
814 * Handle transitions of doc dirs and symlinks correctly during upgrade.1741 * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -892,6 +1819,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
8921819
893 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +02001820 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +0200
8941821
1822apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
1823
1824 * Merge from Debian unstable. Remaining changes:
1825 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1826 apache2.dirs}: Add ufw profiles.
1827 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1828 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
1829 d/apache2.install: Plymouth aware passphrase dialog program
1830 ask-for-passphrase.
1831 - Add dep8 tests.
1832 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
1833 configure.
1834 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
1835 upstream
1836 - d/index.html: replace Debian with Ubuntu on default page.
1837 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1838
1839 -- Robie Basak <robie.basak@ubuntu.com> Thu, 24 Jul 2014 15:13:16 +0000
1840
895apache2 (2.4.10-1) unstable; urgency=medium1841apache2 (2.4.10-1) unstable; urgency=medium
8961842
897 [ Arno Töll ]1843 [ Arno Töll ]
@@ -939,6 +1885,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
9391885
940 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +02001886 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +0200
9411887
1888apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
1889
1890 * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
1891 yet support building against lua 5.2 (LP: #1323930).
1892
1893 -- Robie Basak <robie.basak@ubuntu.com> Wed, 28 May 2014 08:55:25 +0000
1894
1895apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
1896
1897 * Merge from Debian unstable. Remaining changes:
1898 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1899 apache2.dirs}: Add ufw profiles.
1900 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1901 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
1902 d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
1903 dialog program ask-for-passphrase.
1904 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
1905 configure.
1906 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
1907 upstream
1908 - Build using lua5.2.
1909 - d/tests/chroot: dep8 test for ChrootDir case.
1910 - d/tests/ssl-passphrase: update for new default path /var/www/html.
1911 - d/tests/duplicate-module-load: check for duplicate module loads.
1912 - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
1913 - d/p/split-logfile.patch: fix completely broken split-logfile command
1914 (LP: #1299162). Thanks to Holger Mauermann.
1915 * Drop changes (upstreamed):
1916 - d/p/ignore-quilt-dir: adjust build system so that it does not use
1917 files find inside the .pc directory. This stops a double module load
1918 causing later havoc, including "ChrootDir" directive failure.
1919 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
1920 in modules/dav/main/util.c.
1921 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
1922 modules/loggers/mod_log_config.c.
1923 * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
1924
1925 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 May 2014 19:30:04 +0000
1926
942apache2 (2.4.9-1) unstable; urgency=medium1927apache2 (2.4.9-1) unstable; urgency=medium
9431928
944 * New upstream version.1929 * New upstream version.
@@ -971,6 +1956,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
9711956
972 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +01001957 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +0100
9731958
1959apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
1960
1961 * d/p/split-logfile.patch: fix completely broken split-logfile command
1962 (LP: #1299162). Thanks to Holger Mauermann.
1963
1964 -- Robie Basak <robie.basak@ubuntu.com> Thu, 03 Apr 2014 11:21:22 +0000
1965
1966apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
1967
1968 * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
1969 calculation
1970 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
1971 in modules/dav/main/util.c.
1972 - CVE-2013-6438
1973 * SECURITY UPDATE: denial of service via truncated cookie and
1974 mod_log_config
1975 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
1976 modules/loggers/mod_log_config.c.
1977 - CVE-2014-0098
1978
1979 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Mar 2014 08:34:10 -0400
1980
1981apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
1982
1983 * d/index.html: replace Debian with Ubuntu on default page
1984 (LP: #1288690).
1985
1986 -- Robie Basak <robie.basak@ubuntu.com> Wed, 19 Mar 2014 11:04:21 +0000
1987
1988apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
1989
1990 * Merge from Debian unstable. Remaining changes:
1991 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1992 apache2.dirs}: Add ufw profiles.
1993 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1994 - d/control, d/config-dir/mods-available/ssl.conf,
1995 d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
1996 Plymouth aware passphrase dialog program ask-for-passphrase.
1997 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
1998 to configure.
1999 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
2000 from upstream
2001 - Build using lua5.2.
2002 - d/tests/chroot: dep8 test for ChrootDir case.
2003 - d/p/ignore-quilt-dir: adjust build system so that it does not use
2004 files find inside the .pc directory. This stops a double module load
2005 causing later havoc, including "ChrootDir" directive failure.
2006 * Drop changes:
2007 - debian/{control, rules}: Enable PIE hardening: no longer required;
2008 2.4.7-1 is already hardened.
2009 - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
2010 out of this package.
2011 * d/tests/ssl-passphrase: update for new default path /var/www/html.
2012 * d/tests/duplicate-module-load: check for duplicate module loads.
2013
2014 -- Robie Basak <robie.basak@ubuntu.com> Tue, 14 Jan 2014 17:23:47 +0000
2015
974apache2 (2.4.7-1) unstable; urgency=low2016apache2 (2.4.7-1) unstable; urgency=low
9752017
976 New upstream version2018 New upstream version
@@ -1034,6 +2076,53 @@ apache2 (2.4.6-3) unstable; urgency=low
10342076
1035 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +02002077 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +0200
10362078
2079apache2 (2.4.6-2ubuntu4) trusty; urgency=low
2080
2081 * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
2082 that it does not use files find inside the .pc directory. This stops a
2083 double module load causing later havoc, including "ChrootDir" directive
2084 failure (LP: #1251939). Thanks to Stefan Fritsch.
2085 * d/tests/chroot: dep8 test for ChrootDir case.
2086
2087 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 Nov 2013 16:21:51 +0000
2088
2089apache2 (2.4.6-2ubuntu3) trusty; urgency=low
2090
2091 * debian/apache2.install: Correct path for ufw.
2092 (LP: #1252722)
2093
2094 -- Chuck Short <zulcss@ubuntu.com> Tue, 19 Nov 2013 08:59:54 -0500
2095
2096apache2 (2.4.6-2ubuntu2) saucy; urgency=low
2097
2098 * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
2099 passphrase prompting for SSL certificates that are passphrase protected.
2100 * Add dep8 test for SSL passphrase prompting.
2101
2102 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 Aug 2013 13:08:52 +0000
2103
2104apache2 (2.4.6-2ubuntu1) saucy; urgency=low
2105
2106 * Merge from Debian unstable. Remaining changes:
2107 - debian/{control, rules}: Enable PIE hardening.
2108 - debian/{control, apache2.install, apache2-utils.ufw.profile,
2109 apache2.dirs}: Add ufw profiles.
2110 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
2111 - debian/control, debian/config-dir/mods-available/ssl.conf,
2112 debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
2113 passphrase dialog program ask-for-passphrase.
2114 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
2115 to configure.
2116 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
2117 from upstream
2118 * Dropped changes:
2119 - debian/patches/CVE-2013-1896.patch: upstream
2120 * Fixed module dependencies (LP: #1205314)
2121 - debian/config-dir/mods-available/lbmethod_*: properly specify
2122 proxy_balancer, not mod_proxy_balancer.
2123
2124 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2013 08:31:33 -0400
2125
1037apache2 (2.4.6-2) unstable; urgency=low2126apache2 (2.4.6-2) unstable; urgency=low
10382127
1039 [ Stefan Fritsch ]2128 [ Stefan Fritsch ]
@@ -1086,6 +2175,56 @@ apache2 (2.4.6-1) unstable; urgency=low
10862175
1087 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +02002176 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +0200
10882177
2178apache2 (2.4.4-6ubuntu5) saucy; urgency=low
2179
2180 * SECURITY UPDATE: denial of service via MERGE request
2181 - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
2182 in modules/dav/main/mod_dav.c.
2183 - CVE-2013-1896
2184
2185 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Jul 2013 11:20:47 -0400
2186
2187apache2 (2.4.4-6ubuntu4) saucy; urgency=low
2188
2189 * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
2190 apache2-bin. apache2-utils is only suggested by apache2, so may not
2191 always be installed by bug reporters. However, apache2-bin will always
2192 need to be installed for Apache to be functional, so this is a better
2193 place for the apport hook. apache2-bin already Conflicts/Replaces
2194 apache2.2-common, so this also fixes (LP: #1199318).
2195 * d/apache2.py: adjust apport hook for new location of configuration
2196 files in apache2 >= 2.4: they have moved from apache2.2-common to
2197 apache2.
2198
2199 -- Robie Basak <robie.basak@ubuntu.com> Wed, 17 Jul 2013 17:54:22 +0000
2200
2201apache2 (2.4.4-6ubuntu3) saucy; urgency=low
2202
2203 * Build using lua5.2.
2204
2205 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2013 14:24:42 +0200
2206
2207apache2 (2.4.4-6ubuntu2) saucy; urgency=low
2208
2209 * debian/rules: Fix FTBFS while installing ufw.
2210
2211 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 10:10:14 -0500
2212
2213apache2 (2.4.4-6ubuntu1) saucy; urgency=low
2214
2215 * Merge from Debian unstable. Remaining changes:
2216 - debian/{control, rules}: Enable PIE hardening.
2217 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2218 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2219 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2220 Plymouth aware passphrase dialog program ask-for-passphrase.
2221 * Dropped changes:
2222 - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
2223 - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
2224 - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
2225
2226 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 08:34:01 -0500
2227
1089apache2 (2.4.4-6) unstable; urgency=low2228apache2 (2.4.4-6) unstable; urgency=low
10902229
1091 * Denote exact versions breaking gnome-user-share now that Gnome maintainers2230 * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1557,6 +2696,122 @@ apache2 (2.4.1-1) experimental; urgency=low
15572696
1558 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +01002697 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +0100
15592698
2699apache2 (2.2.22-6ubuntu5) raring; urgency=low
2700
2701 * SECURITY UPDATE: multiple cross-site scripting issues
2702 - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
2703 modules/generators/{mod_info.c,mod_status.c},
2704 modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
2705 modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
2706 - CVE-2012-3499
2707 - CVE-2012-4558
2708 * SECURITY UPDATE: symlink attack in apache2ctl script
2709 - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
2710 - Thanks to Stefan Fritsch for the fix.
2711 - CVE-2013-1048
2712
2713 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Mar 2013 07:59:58 -0400
2714
2715apache2 (2.2.22-6ubuntu4) raring; urgency=low
2716
2717 * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
2718 * Skip module sanity check between MPMs if cross-building without the
2719 kernel/binfmt support to run our target binaries on the build system.
2720 * Backport several cross fixes from upstream as 086_svn_cross_compiles.
2721
2722 -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Dec 2012 02:21:46 -0700
2723
2724apache2 (2.2.22-6ubuntu3) raring; urgency=low
2725
2726 * SECURITY UPDATE: XSS vulnerability in mod_negotiation
2727 - debian/patches/CVE-2012-2687.patch: escape filenames in
2728 modules/mappers/mod_negotiation.c.
2729 - CVE-2012-2687
2730 * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
2731 - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
2732 directive. Defaults to off as enabling compression enables the CRIME
2733 attack.
2734 - CVE-2012-4929
2735
2736 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Nov 2012 17:56:24 -0500
2737
2738apache2 (2.2.22-6ubuntu2) quantal; urgency=low
2739
2740 * debian/apache2.py
2741 - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
2742 - Check if this directory exists: /etc/apache2/sites-enabled/
2743
2744 -- Matthieu Baerts (matttbe) <matttbe@gmail.com> Mon, 16 Jul 2012 10:02:18 +0200
2745
2746apache2 (2.2.22-6ubuntu1) quantal; urgency=low
2747
2748 * Merge from Debian unstable. Remaining changes:
2749 - debian/{control, rules}: Enable PIE hardening.
2750 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2751 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2752 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2753 Plymouth aware passphrase dialog program ask-for-passphrase.
2754 * Dropped changes:
2755 - debian/control: Add bzr tag and point it to our tree; this is not
2756 really required and just increases the delta.
2757
2758 -- Robie Basak <robie.basak@ubuntu.com> Fri, 08 Jun 2012 11:37:31 +0100
2759
2760apache2 (2.2.22-6) unstable; urgency=low
2761
2762 [ Stefan Fritsch ]
2763 * Fix regression causing apache2 to cache "206 partial content" responses,
2764 and then serving these partial responses when replying to normal requests.
2765 Closes: #671204
2766 * Add section to security.conf that shows how to forbid access to VCS
2767 directories. Closes: #548213
2768 * Update ssl default cipher config, add alternative speed optimized config.
2769 Closes: #649020
2770 * Add "AddCharset" for .brf files in default mod_mime config.
2771 Closes: #402567
2772 * Don't create httpd.conf anymore and don't include it in apache2.conf. If
2773 it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
2774 * Port some of the comments in apache2.conf from the 2.4 package.
2775 * Compile mod_version statically, drop associated module load file.
2776 * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
2777 configtest.
2778 * Note in README.Debian that future versions of the package will have the
2779 include statements changed to include only *.conf.
2780 * Change compiled-in document root to /var/www, to avoid strange error
2781 messages.
2782 * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
2783
2784 [ Arno Töll ]
2785 * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
2786 to override LDFLAGS at compile time by defining LDLAGS in the environment,
2787 just like it is possible for CFLAGS. This also means, config_vars.mk now
2788 exports hardening build flags by default.
2789 * Update doc-base metadata for the apache2-doc package.
2790
2791 -- Stefan Fritsch <sf@debian.org> Tue, 29 May 2012 22:05:48 +0200
2792
2793apache2 (2.2.22-5) unstable; urgency=low
2794
2795 * Make LoadFile and LoadModule look in the standard search paths if the
2796 dso file name is given as a pure filename. This helps with the multi-arch
2797 transition.
2798
2799 -- Stefan Fritsch <sf@debian.org> Mon, 30 Apr 2012 23:38:33 +0200
2800
2801apache2 (2.2.22-4) unstable; urgency=high
2802
2803 * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
2804 hosts' config files.
2805 If scripting modules like mod_php or mod_rivet are enabled on systems
2806 where either 1) some frontend server forwards connections to an apache2
2807 backend server on the localhost address, or 2) the machine running
2808 apache2 is also used for web browsing, this could allow a remote
2809 attacker to execute example scripts stored under /usr/share/doc.
2810 Depending on the installed packages, this could lead to issues like cross
2811 site scripting, code execution, or leakage of sensitive data.
2812
2813 -- Stefan Fritsch <sf@debian.org> Sun, 15 Apr 2012 23:41:43 +0200
2814
1560apache2 (2.2.22-3) unstable; urgency=low2815apache2 (2.2.22-3) unstable; urgency=low
15612816
1562 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':2817 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1577,6 +2832,18 @@ apache2 (2.2.22-2) unstable; urgency=low
15772832
1578 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +01002833 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +0100
15792834
2835apache2 (2.2.22-1ubuntu1) precise; urgency=low
2836
2837 * Merge from Debian testing. Remaining changes:
2838 - debian/{control, rules}: Enable PIE hardening.
2839 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2840 - debian/control: Add bzr tag and point it to our tree
2841 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2842 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2843 Plymouth aware passphrase dialog program ask-for-passphrase.
2844
2845 -- Chuck Short <zulcss@ubuntu.com> Sun, 12 Feb 2012 20:06:35 -0500
2846
1580apache2 (2.2.22-1) unstable; urgency=low2847apache2 (2.2.22-1) unstable; urgency=low
15812848
1582 [ Stefan Fritsch ]2849 [ Stefan Fritsch ]
@@ -1594,6 +2861,18 @@ apache2 (2.2.22-1) unstable; urgency=low
15942861
1595 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +01002862 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +0100
15962863
2864apache2 (2.2.21-5ubuntu1) precise; urgency=low
2865
2866 * Merge from Debian testing. Remaining changes:
2867 - debian/{control, rules}: Enable PIE hardening.
2868 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2869 - debian/control: Add bzr tag and point it to our tree
2870 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2871 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2872 Plymouth aware passphrase dialog program ask-for-passphrase.
2873
2874 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jan 2012 06:26:31 +0000
2875
1597apache2 (2.2.21-5) unstable; urgency=low2876apache2 (2.2.21-5) unstable; urgency=low
15982877
1599 [ Arno Töll ]2878 [ Arno Töll ]
@@ -1647,6 +2926,26 @@ apache2 (2.2.21-4) unstable; urgency=low
16472926
1648 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +01002927 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +0100
16492928
2929apache2 (2.2.21-3ubuntu2) precise; urgency=low
2930
2931 * d/ask-for-passphrase: Flip the logic of this script so that it checks
2932 first to see if apache is being started from a TTY, and then if not,
2933 tries plymouth. (LP: #887410)
2934
2935 -- Clint Byrum <clint@ubuntu.com> Tue, 06 Dec 2011 16:49:33 -0800
2936
2937apache2 (2.2.21-3ubuntu1) precise; urgency=low
2938
2939 * Merge from Debian testing. Remaining changes:
2940 - debian/{control, rules}: Enable PIE hardening.
2941 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2942 - debian/control: Add bzr tag and point it to our tree
2943 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2944 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2945 Plymouth aware passphrase dialog program ask-for-passphrase.
2946
2947 -- Chuck Short <zulcss@ubuntu.com> Fri, 09 Dec 2011 05:20:43 +0000
2948
1650apache2 (2.2.21-3) unstable; urgency=medium2949apache2 (2.2.21-3) unstable; urgency=medium
16512950
1652 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some2951 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1661,6 +2960,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
16612960
1662 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +01002961 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +0100
16632962
2963apache2 (2.2.21-2ubuntu2) precise; urgency=low
2964
2965 * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
2966
2967 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Dec 2011 17:36:28 -0700
2968
2969apache2 (2.2.21-2ubuntu1) precise; urgency=low
2970
2971 * Merge from debian unstable. Remaining changes:
2972 - debian/{control, rules}: Enable PIE hardening.
2973 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2974 - debian/control: Add bzr tag and point it to our tree
2975 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2976 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2977 Plymouth aware passphrase dialog program ask-for-passphrase.
2978
2979 -- Chuck Short <zulcss@ubuntu.com> Fri, 14 Oct 2011 16:01:29 +0000
2980
1664apache2 (2.2.21-2) unstable; urgency=high2981apache2 (2.2.21-2) unstable; urgency=high
16652982
1666 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some2983 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1678,6 +2995,19 @@ apache2 (2.2.21-1) unstable; urgency=low
16782995
1679 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +02002996 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +0200
16802997
2998apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
2999
3000 * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
3001 Remaining changes:
3002 - debian/{control, rules}: Enable PIE hardening.
3003 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3004 - debian/control: Add bzr tag and point it to our tree
3005 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3006 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3007 Plymouth aware passphrase dialog program ask-for-passphrase.
3008
3009 -- Steve Beattie <sbeattie@ubuntu.com> Tue, 06 Sep 2011 01:17:15 -0700
3010
1681apache2 (2.2.20-1) unstable; urgency=low3011apache2 (2.2.20-1) unstable; urgency=low
16823012
1683 * New upstream release.3013 * New upstream release.
@@ -1700,6 +3030,18 @@ apache2 (2.2.19-2) unstable; urgency=high
17003030
1701 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +02003031 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +0200
17023032
3033apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
3034
3035 * Merge from debian unstable (LP: #787013). Remaining changes:
3036 - debian/{control, rules}: Enable PIE hardening.
3037 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3038 - debian/control: Add bzr tag and point it to our tree
3039 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3040 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3041 Plymouth aware passphrase dialog program ask-for-passphrase.
3042
3043 -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 23 May 2011 10:16:09 -0400
3044
1703apache2 (2.2.19-1) unstable; urgency=low3045apache2 (2.2.19-1) unstable; urgency=low
17043046
1705 * New upstream release.3047 * New upstream release.
@@ -1717,6 +3059,18 @@ apache2 (2.2.19-1) unstable; urgency=low
17173059
1718 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +02003060 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +0200
17193061
3062apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
3063
3064 * Merge from debian unstable. Remaining changes:
3065 - debian/{control, rules}: Enable PIE hardening.
3066 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3067 - debian/control: Add bzr tag and point it to our tree
3068 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3069 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3070 Plymouth aware passphrase dialog program ask-for-passphrase.
3071
3072 -- Chuck Short <zulcss@ubuntu.com> Mon, 11 Apr 2011 02:13:30 +0100
3073
1720apache2 (2.2.17-3) unstable; urgency=low3074apache2 (2.2.17-3) unstable; urgency=low
17213075
1722 * Fix compilation with OpenSSL without SSLv2 support. Closes: #6220493076 * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1743,6 +3097,18 @@ apache2 (2.2.17-2) unstable; urgency=high
17433097
1744 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +01003098 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +0100
17453099
3100apache2 (2.2.17-1ubuntu1) natty; urgency=low
3101
3102 * Merge from debian unstable, remaining changes:
3103 - debian/{control, rules}: Enable PIE hardening.
3104 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3105 - debian/control: Add bzr tag and point it to our tree
3106 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3107 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3108 Plymouth aware passphrase dialog program ask-for-passphrase.
3109
3110 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Feb 2011 13:02:08 -0500
3111
1746apache2 (2.2.17-1) unstable; urgency=low3112apache2 (2.2.17-1) unstable; urgency=low
17473113
1748 * New upstream version3114 * New upstream version
@@ -1751,6 +3117,32 @@ apache2 (2.2.17-1) unstable; urgency=low
17513117
1752 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +01003118 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +0100
17533119
3120apache2 (2.2.16-6ubuntu3) natty; urgency=low
3121
3122 * debian/rules: Don't use "-fno-strict-aliasing" since it causes
3123 apache FTBFS on amd64. (LP: #711293)
3124
3125 -- Chuck Short <zulcss@ubuntu.com> Tue, 01 Feb 2011 10:19:55 -0500
3126
3127apache2 (2.2.16-6ubuntu2) natty; urgency=low
3128
3129 * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
3130 (LP: #697105)
3131
3132 -- Chuck Short <zulcss@ubuntu.com> Tue, 25 Jan 2011 11:14:58 -0500
3133
3134apache2 (2.2.16-6ubuntu1) natty; urgency=low
3135
3136 * Merge from debian unstable. Remaining changes:
3137 - debian/{control, rules}: Enable PIE hardening.
3138 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3139 - debian/control: Add bzr tag and point it to our tree
3140 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3141 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3142 Plymouth aware passphrase dialog program ask-for-passphrase.
3143
3144 -- Chuck Short <zulcss@ubuntu.com> Sun, 02 Jan 2011 06:05:51 +0000
3145
1754apache2 (2.2.16-6) unstable; urgency=low3146apache2 (2.2.16-6) unstable; urgency=low
17553147
1756 * Also add $named to the secondary-init-script example.3148 * Also add $named to the secondary-init-script example.
@@ -1766,6 +3158,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
17663158
1767 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +01003159 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +0100
17683160
3161apache2 (2.2.16-4ubuntu2) natty; urgency=low
3162
3163 [Clint Byrum]
3164 * Adding plymouth aware passphrase dialog program ask-for-passphrase.
3165 (LP: #582963)
3166 + debian/control: apache2.2-common depends on bash for ask-for-passphrase
3167 + debian/config-dir/mods-available/ssl.conf:
3168 - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
3169
3170 [Chuck Short]
3171 * Add apport hook. (LP: #609177)
3172 + debian/apache2.py, debian/apache2.2-common.install
3173
3174 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:43 -0500
3175
3176apache2 (2.2.16-4ubuntu1) natty; urgency=low
3177
3178 * Merge from debian unstable. Remaining changes:
3179 - debian/{control, rules}: Enable PIE hardening.
3180 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3181 - debian/control: Add bzr tag and point it to our tree
3182
3183 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:41 -0500
3184
1769apache2 (2.2.16-4) unstable; urgency=medium3185apache2 (2.2.16-4) unstable; urgency=medium
17703186
1771 * Increase the mod_reqtimeout default timeouts to avoid potential problems3187 * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1776,6 +3192,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
17763192
1777 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +01003193 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +0100
17783194
3195apache2 (2.2.16-3ubuntu1) natty; urgency=low
3196
3197 * Merge from debian unstable. Remaining changes:
3198 - debian/{control, rules}: Enable PIE hardening.
3199 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3200 - debian/control: Add bzr tag and point it to our tree.
3201
3202 -- Chuck Short <zulcss@ubuntu.com> Tue, 12 Oct 2010 11:54:48 +0100
3203
1779apache2 (2.2.16-3) unstable; urgency=high3204apache2 (2.2.16-3) unstable; urgency=high
17803205
1781 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.3206 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1798,6 +3223,30 @@ apache2 (2.2.16-2) unstable; urgency=low
17983223
1799 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +02003224 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +0200
18003225
3226apache2 (2.2.16-1ubuntu3) maverick; urgency=low
3227
3228 * Revert "stty sane" to unbreak apache starting, this will have to be
3229 fixed a different way. (LP: #626723)
3230
3231 -- Chuck Short <zulcss@ubuntu.com> Wed, 08 Sep 2010 08:33:17 -0400
3232
3233apache2 (2.2.16-1ubuntu2) maverick; urgency=low
3234
3235 * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
3236 password prompt when using apache-ssl. (LP: #582963)
3237
3238 -- Chuck Short <zulcss@ubuntu.com> Wed, 25 Aug 2010 09:25:05 -0400
3239
3240apache2 (2.2.16-1ubuntu1) maverick; urgency=low
3241
3242 * Merge from debian unstable. Remaining changes:
3243 - debian/{control, rules}: Enable PIE hardening.
3244 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3245 - debian/control: Add bzr tag and point it to our tree.
3246 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3247
3248 -- Chuck Short <zulcss@ubuntu.com> Mon, 26 Jul 2010 20:21:37 +0100
3249
1801apache2 (2.2.16-1) unstable; urgency=medium3250apache2 (2.2.16-1) unstable; urgency=medium
18023251
1803 * Urgency medium for security fix.3252 * Urgency medium for security fix.
@@ -1830,6 +3279,24 @@ apache2 (2.2.15-6) unstable; urgency=low
18303279
1831 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +02003280 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +0200
18323281
3282apache2 (2.2.15-5ubuntu1) maverick; urgency=low
3283
3284 * Merge from debian unstable. Remaining changes:
3285 - debian/{control, rules}: Enable PIE hardening.
3286 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3287 - debian/control: Add bzr tag and point it to our tree.
3288 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3289 + Dropped:
3290 - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
3291 - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
3292 - debian/config-dir/apache2.conf: Merged back from debian.
3293 - mod-reqtimeout functionality: Merge back from debian.
3294 - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
3295 - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
3296 - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
3297
3298 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 01:28:04 +0100
3299
1833apache2 (2.2.15-5) unstable; urgency=low3300apache2 (2.2.15-5) unstable; urgency=low
18343301
1835 * Conflict with apache package as we now include apachectl. Closes: #5790653302 * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -1950,6 +3417,80 @@ apache2 (2.2.14-6) unstable; urgency=low
19503417
1951 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +01003418 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +0100
19523419
3420apache2 (2.2.14-5ubuntu8) lucid; urgency=low
3421
3422 * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
3423 (LP: #562370)
3424
3425 -- Chuck Short <zulcss@ubuntu.com> Tue, 13 Apr 2010 15:09:57 -0400
3426
3427apache2 (2.2.14-5ubuntu7) lucid; urgency=low
3428
3429 * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
3430 leaks by making sure to not destroy bucket brigades that have been created
3431 by earlier filters. Backported from 2.2.15.
3432 * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
3433 has reached MaxClients until it has. Backported from 2.2.15
3434 * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
3435 more secure by adding Satisfy all. (Debian bug: #572075)
3436 * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
3437 debian/config2-dir/mods-available/reqtimeout.load,
3438 debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
3439 mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
3440 bug in apache. Enable it by default. (LP: #392759)
3441
3442 -- Chuck Short <zulcss@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400
3443
3444apache2 (2.2.14-5ubuntu6) lucid; urgency=low
3445
3446 * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
3447
3448 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 09:41:11 -0400
3449
3450apache2 (2.2.14-5ubuntu5) lucid; urgency=low
3451
3452 * Revert 99-fix-mod-dav-permissions.dpatch
3453
3454 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 07:55:46 -0400
3455
3456apache2 (2.2.14-5ubuntu4) lucid; urgency=low
3457
3458 * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
3459 downloading files from webdav (LP: #540747)
3460 * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
3461
3462 -- Chuck Short <zulcss@ubuntu.com> Mon, 29 Mar 2010 13:37:39 -0400
3463
3464apache2 (2.2.14-5ubuntu3) lucid; urgency=low
3465
3466 * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
3467 - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
3468 in modules/proxy/mod_proxy_ajp.c.
3469 - CVE-2010-0408
3470 * SECURITY UPDATE: information disclosure via improper handling of
3471 headers in subrequests
3472 - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
3473 in server/protocol.c.
3474 - CVE-2010-0434
3475
3476 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Mar 2010 14:48:48 -0500
3477
3478apache2 (2.2.14-5ubuntu2) lucid; urgency=low
3479
3480 * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
3481 wacky options. (LP: #450501)
3482
3483 -- Chuck Short <zulcss@ubuntu.com> Mon, 08 Mar 2010 14:53:17 -0500
3484
3485apache2 (2.2.14-5ubuntu1) lucid; urgency=low
3486
3487 * Merge from debian testing. Remaining changes: LP: #506862
3488 - debian/{control, rules}: Enable PIE hardening.
3489 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3490 - debian/control: Add bzr tag and point it to our tree.
3491
3492 -- Bhavani Shankar <right2bhavi@gmail.com> Wed, 13 Jan 2010 14:28:41 +0530
3493
1953apache2 (2.2.14-5) unstable; urgency=low3494apache2 (2.2.14-5) unstable; urgency=low
19543495
1955 * Security: Further mitigation for the TLS renegotation attack3496 * Security: Further mitigation for the TLS renegotation attack
@@ -1973,6 +3514,15 @@ apache2 (2.2.14-5) unstable; urgency=low
19733514
1974 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +01003515 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +0100
19753516
3517apache2 (2.2.14-4ubuntu1) lucid; urgency=low
3518
3519 * Resynchronzie with Debian, remaining changes are:
3520 - debian/{control, rules}: Enable PIE hardening.
3521 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3522 - debian/control: Add bzr tag and point it to our tree.
3523
3524 -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Dec 2009 14:44:51 -0500
3525
1976apache2 (2.2.14-4) unstable; urgency=low3526apache2 (2.2.14-4) unstable; urgency=low
19773527
1978 * Disable localized error pages again by default because they break3528 * Disable localized error pages again by default because they break
@@ -2023,6 +3573,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
20233573
2024 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +01003574 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +0100
20253575
3576apache2 (2.2.14-1ubuntu1) lucid; urgency=low
3577
3578 * Merge from debian testing, remaining changes:
3579 - debian/{control, rules}: Enable PIE hardening.
3580 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3581 - debian/conrol: Add bzr tag and point it to our tree.
3582 - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3583 Already applied upstream.
3584
3585 -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 00:29:03 +0000
3586
2026apache2 (2.2.14-1) unstable; urgency=low3587apache2 (2.2.14-1) unstable; urgency=low
20273588
2028 * New upstream version:3589 * New upstream version:
@@ -2057,6 +3618,24 @@ apache2 (2.2.13-1) unstable; urgency=low
20573618
2058 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +02003619 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +0200
20593620
3621apache2 (2.2.12-1ubuntu2) karmic; urgency=low
3622
3623 * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3624 - Fix potential segfaults with the use of the legacy ap_rputs() etc
3625 interfaces, in cases where an output filter fails. This happens
3626 frequently after CVE-2009-1891 got fixed. (LP: #409987)
3627
3628 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Aug 2009 15:38:47 -0400
3629
3630apache2 (2.2.12-1ubuntu1) karmic; urgency=low
3631
3632 * Merge from debian unstable, remaining changes:
3633 - debian/{control,rules}: enable PIE hardening.
3634 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3635 - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
3636
3637 -- Chuck Short <zulcss@ubuntu.com> Tue, 04 Aug 2009 20:04:24 +0100
3638
2060apache2 (2.2.12-1) unstable; urgency=low3639apache2 (2.2.12-1) unstable; urgency=low
20613640
2062 * New upstream release:3641 * New upstream release:
@@ -2104,6 +3683,16 @@ apache2 (2.2.12-1) unstable; urgency=low
21043683
2105 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +02003684 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +0200
21063685
3686apache2 (2.2.11-7ubuntu1) karmic; urgency=low
3687
3688 * Merge from debian unstable, remaining changes: LP: #398130
3689 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3690 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3691 - debian/{control,rules}: enable PIE hardening.
3692 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3693
3694 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 11 Jul 2009 16:34:32 +0530
3695
2107apache2 (2.2.11-7) unstable; urgency=low3696apache2 (2.2.11-7) unstable; urgency=low
21083697
2109 * Security fixes:3698 * Security fixes:
@@ -2118,6 +3707,16 @@ apache2 (2.2.11-7) unstable; urgency=low
21183707
2119 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +02003708 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +0200
21203709
3710apache2 (2.2.11-6ubuntu1) karmic; urgency=low
3711
3712 * Merge from debian unstable, remaining changes:
3713 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3714 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3715 - debian/{control,rules}: enable PIE hardening.
3716 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3717
3718 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Jun 2009 01:01:23 +0100
3719
2121apache2 (2.2.11-6) unstable; urgency=high3720apache2 (2.2.11-6) unstable; urgency=high
21223721
2123 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server3722 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2126,6 +3725,16 @@ apache2 (2.2.11-6) unstable; urgency=high
21263725
2127 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +02003726 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +0200
21283727
3728apache2 (2.2.11-5ubuntu1) karmic; urgency=low
3729
3730 * Merge from debian unstable, remaining changes:
3731 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3732 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3733 - debian/{control,rules}: enable PIE hardening.
3734 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3735
3736 -- Andrew Mitchell <ajmitch@ubuntu.com> Wed, 03 Jun 2009 14:10:54 +1200
3737
2129apache2 (2.2.11-5) unstable; urgency=low3738apache2 (2.2.11-5) unstable; urgency=low
21303739
2131 * Move all binaries into a new package apache2.2-bin and make3740 * Move all binaries into a new package apache2.2-bin and make
@@ -2174,6 +3783,16 @@ apache2 (2.2.11-4) unstable; urgency=low
21743783
2175 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +02003784 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +0200
21763785
3786apache2 (2.2.11-3ubuntu1) karmic; urgency=low
3787
3788 * Merge from debian unstable, remaining changes:
3789 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3790 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3791 - debian/{control,rules}: enable PIE hardening.
3792 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3793
3794 -- Andrew Mitchell <ajmitch@ubuntu.com> Tue, 12 May 2009 16:15:34 +1200
3795
2177apache2 (2.2.11-3) unstable; urgency=low3796apache2 (2.2.11-3) unstable; urgency=low
21783797
2179 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap3798 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2182,6 +3801,21 @@ apache2 (2.2.11-3) unstable; urgency=low
21823801
2183 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +02003802 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +0200
21843803
3804apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
3805
3806 * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3807 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3808
3809 -- Chuck Short <zulcss@ubuntu.com> Wed, 01 Apr 2009 11:39:17 -0400
3810
3811apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
3812
3813 * Merge from debian unstable, remaining changes:
3814 - debian/{contro,rules}: enable PIE hardening.
3815 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3816
3817 -- Chuck Short <zulcss@ubuntu.com> Sat, 17 Jan 2009 00:02:55 +0000
3818
2185apache2 (2.2.11-2) unstable; urgency=low3819apache2 (2.2.11-2) unstable; urgency=low
21863820
2187 * Report an error instead instead of segfaulting when apr_pollset_create3821 * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2191,6 +3825,14 @@ apache2 (2.2.11-2) unstable; urgency=low
21913825
2192 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +01003826 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +0100
21933827
3828apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
3829
3830 * Merge from debian unstable, remaining changes:
3831 - debian/{control, rules}: enable PIE hardening.
3832 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3833
3834 -- Chuck Short <zulcss@ubuntu.com> Mon, 15 Dec 2008 00:06:50 +0000
3835
2194apache2 (2.2.11-1) unstable; urgency=low3836apache2 (2.2.11-1) unstable; urgency=low
21953837
2196 [Thom May]3838 [Thom May]
@@ -2205,6 +3847,14 @@ apache2 (2.2.11-1) unstable; urgency=low
22053847
2206 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +01003848 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +0100
22073849
3850apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
3851
3852 * Merge from debian unstable, remaining changes: (LP: #303375)
3853 - debian/{control, rules}: enable PIE hardening.
3854 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3855
3856 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 29 Nov 2008 14:02:31 +0530
3857
2208apache2 (2.2.9-11) unstable; urgency=low3858apache2 (2.2.9-11) unstable; urgency=low
22093859
2210 * Regression fix from upstream svn for mod_proxy:3860 * Regression fix from upstream svn for mod_proxy:
@@ -2219,6 +3869,14 @@ apache2 (2.2.9-11) unstable; urgency=low
22193869
2220 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +01003870 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +0100
22213871
3872apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
3873
3874 * Merge from debian unstable, remaining changes:
3875 - debian/{control, rules}: enable PIE hardening.
3876 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3877
3878 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 Nov 2008 02:23:18 -0400
3879
2222apache2 (2.2.9-10) unstable; urgency=low3880apache2 (2.2.9-10) unstable; urgency=low
22233881
2224 * Regression fix from upstream svn for mod_proxy_http:3882 * Regression fix from upstream svn for mod_proxy_http:
@@ -2249,6 +3907,27 @@ apache2 (2.2.9-8) unstable; urgency=low
22493907
2250 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +02003908 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +0200
22513909
3910apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
3911
3912 * Revert logrotate change since it will break it for everyone.
3913
3914 -- Chuck Short <zulcss@ubuntu.com> Fri, 19 Sep 2008 09:32:01 -0400
3915
3916apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
3917
3918 * debian/logrotate: Restart rather than reload for busy websites.
3919 (LP: #270899)
3920
3921 -- Chuck Short <zulcss@ubuntu.com> Thu, 18 Sep 2008 08:42:22 -0400
3922
3923apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
3924
3925 * Merge from debian unstable, remaining changes:
3926 - debian/{control,rules}: enable PIE hardening.
3927 - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
3928
3929 -- Kees Cook <kees@ubuntu.com> Thu, 28 Aug 2008 08:10:59 -0700
3930
2252apache2 (2.2.9-7) unstable; urgency=low3931apache2 (2.2.9-7) unstable; urgency=low
22533932
2254 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).3933 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2291,6 +3970,23 @@ apache2 (2.2.9-4) unstable; urgency=low
22913970
2292 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +02003971 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +0200
22933972
3973apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
3974
3975 * add ufw integration (see
3976 https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
3977 (LP: #261198)
3978 - debian/control: suggest ufw for apache2.2-common
3979 - add apache2.2-common.ufw.profile with 3 profiles and install it to
3980 /etc/ufw/applications.d/apache2.2-common
3981
3982 -- Didier Roche <didrocks@ubuntu-fr.org> Tue, 26 Aug 2008 19:03:42 +0200
3983
3984apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
3985
3986 * debian/{control,rules}: enable PIE hardening
3987
3988 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:45:00 -0700
3989
2294apache2 (2.2.9-3) unstable; urgency=low3990apache2 (2.2.9-3) unstable; urgency=low
22953991
2296 [ Stefan Fritsch ]3992 [ Stefan Fritsch ]
@@ -3861,9 +5557,7 @@ apache2 (2.0.37-1) unstable; urgency=low
3861 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +01005557 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +0100
38625558
3863apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low5559apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
3864
3865 * New upstream release5560 * New upstream release
3866
3867 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +01005561 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +0100
38685562
3869apache2 (2.0.36-2) unstable; urgency=low5563apache2 (2.0.36-2) unstable; urgency=low
@@ -4371,3 +6065,4 @@ apache2 (2.0.18-1) unstable; urgency=low
4371 * Initial Release.6065 * Initial Release.
43726066
4373 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +10006067 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +1000
6068
diff --git a/debian/control b/debian/control
index 11d92ea..a86d804 100644
--- a/debian/control
+++ b/debian/control
@@ -1,5 +1,6 @@
1Source: apache21Source: apache2
2Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>2Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
3Uploaders: Stefan Fritsch <sf@debian.org>,4Uploaders: Stefan Fritsch <sf@debian.org>,
4 Arno Töll <arno@debian.org>,5 Arno Töll <arno@debian.org>,
5 Ondřej Surý <ondrej@debian.org>,6 Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
44Recommends: ssl-cert45Recommends: ssl-cert
45Suggests: apache2-doc,46Suggests: apache2-doc,
46 apache2-suexec-pristine | apache2-suexec-custom,47 apache2-suexec-pristine | apache2-suexec-custom,
47 www-browser48 www-browser,
49 ufw
48Pre-Depends: dpkg (>= 1.17.14),50Pre-Depends: dpkg (>= 1.17.14),
49 ${misc:Pre-Depends}51 ${misc:Pre-Depends}
50Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)52Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
51new file mode 10064453new file mode 100644
index 0000000..4db2fa1
52Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ54Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
diff --git a/debian/index.html b/debian/index.html
index 766401d..96ed444 100644
--- a/debian/index.html
+++ b/debian/index.html
@@ -1,9 +1,14 @@
11
2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml">3<html xmlns="http://www.w3.org/1999/xhtml">
4 <!--
5 Modified from the Debian original for Ubuntu
6 Last updated: 2016-11-16
7 See: https://launchpad.net/bugs/1288690
8 -->
4 <head>9 <head>
5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />10 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6 <title>Apache2 Debian Default Page: It works</title>11 <title>Apache2 Ubuntu Default Page: It works</title>
7 <style type="text/css" media="screen">12 <style type="text/css" media="screen">
8 * {13 * {
9 margin: 0px 0px 0px 0px;14 margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
188 <body>193 <body>
189 <div class="main_page">194 <div class="main_page">
190 <div class="page_header floating_element">195 <div class="page_header floating_element">
191 <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>196 <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
192 <span class="floating_element">197 <span class="floating_element">
193 Apache2 Debian Default Page198 Apache2 Ubuntu Default Page
194 </span>199 </span>
195 </div>200 </div>
196<!-- <div class="table_of_contents floating_element">201<!-- <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
221 <div class="content_section_text">226 <div class="content_section_text">
222 <p>227 <p>
223 This is the default welcome page used to test the correct 228 This is the default welcome page used to test the correct
224 operation of the Apache2 server after installation on Debian systems.229 operation of the Apache2 server after installation on Ubuntu systems.
230 It is based on the equivalent page on Debian, from which the Ubuntu Apache
231 packaging is derived.
225 If you can read this page, it means that the Apache HTTP server installed at232 If you can read this page, it means that the Apache HTTP server installed at
226 this site is working properly. You should <b>replace this file</b> (located at233 this site is working properly. You should <b>replace this file</b> (located at
227 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.234 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
242 </div>249 </div>
243 <div class="content_section_text">250 <div class="content_section_text">
244 <p>251 <p>
245 Debian's Apache2 default configuration is different from the252 Ubuntu's Apache2 default configuration is different from the
246 upstream default configuration, and split into several files optimized for253 upstream default configuration, and split into several files optimized for
247 interaction with Debian tools. The configuration system is254 interaction with Ubuntu tools. The configuration system is
248 <b>fully documented in255 <b>fully documented in
249 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full256 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
250 documentation. Documentation for the web server itself can be257 documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
253260
254 </p>261 </p>
255 <p>262 <p>
256 The configuration layout for an Apache2 web server installation on Debian systems is as follows:263 The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
257 </p>264 </p>
258 <pre>265 <pre>
259/etc/apache2/266/etc/apache2/
@@ -324,7 +331,7 @@
324331
325 <div class="content_section_text">332 <div class="content_section_text">
326 <p>333 <p>
327 By default, Debian does not allow access through the web browser to334 By default, Ubuntu does not allow access through the web browser to
328 <em>any</em> file apart of those located in <tt>/var/www</tt>,335 <em>any</em> file apart of those located in <tt>/var/www</tt>,
329 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>336 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
330 directories (when enabled) and <tt>/usr/share</tt> (for web337 directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
333 document root directory in <tt>/etc/apache2/apache2.conf</tt>.340 document root directory in <tt>/etc/apache2/apache2.conf</tt>.
334 </p>341 </p>
335 <p>342 <p>
336 The default Debian document root is <tt>/var/www/html</tt>. You343 The default Ubuntu document root is <tt>/var/www/html</tt>. You
337 can make your own virtual hosts under /var/www. This is different344 can make your own virtual hosts under /var/www. This is different
338 to previous releases which provides better security out of the box.345 to previous releases which provides better security out of the box.
339 </p>346 </p>
@@ -345,9 +352,9 @@
345 </div>352 </div>
346 <div class="content_section_text">353 <div class="content_section_text">
347 <p>354 <p>
348 Please use the <tt>reportbug</tt> tool to report bugs in the355 Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
349 Apache2 package with Debian. However, check <a356 Apache2 package with Ubuntu. However, check <a
350 href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"357 href="https://bugs.launchpad.net/ubuntu/+source/apache2"
351 rel="nofollow">existing bug reports</a> before reporting a new bug.358 rel="nofollow">existing bug reports</a> before reporting a new bug.
352 </p>359 </p>
353 <p>360 <p>
diff --git a/debian/perl-framework/t/apache/expr_string.t b/debian/perl-framework/t/apache/expr_string.t
index a9115ee..66b0903 100644
--- a/debian/perl-framework/t/apache/expr_string.t
+++ b/debian/perl-framework/t/apache/expr_string.t
@@ -7,6 +7,8 @@ use Apache::TestUtil qw(t_write_file t_start_error_log_watch t_finish_error_log_
77
8use File::Spec;8use File::Spec;
99
10use Time::HiRes qw(usleep);
11
10# test ap_expr12# test ap_expr
1113
12Apache::TestRequest::user_agent(keep_alive => 1);14Apache::TestRequest::user_agent(keep_alive => 1);
@@ -62,6 +64,8 @@ foreach my $t (@test_cases) {
62 'SomeHeader' => 'SomeValue',64 'SomeHeader' => 'SomeValue',
63 'User-Agent' => 'SomeAgent',65 'User-Agent' => 'SomeAgent',
64 'Referer' => 'SomeReferer');66 'Referer' => 'SomeReferer');
67 ### Sleep here, attempt to avoid intermittent failures. (LP: #1890302)
68 usleep(250000);
65 my @loglines = t_finish_error_log_watch();69 my @loglines = t_finish_error_log_watch();
6670
67 my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i71 my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
index d617b1d..823d9c0 100644
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
17debian/icons/odf6ots-20x22.png17debian/icons/odf6ots-20x22.png
18debian/icons/odf6ott-20x22.png18debian/icons/odf6ott-20x22.png
19debian/icons/openlogo-75.png19debian/icons/openlogo-75.png
20debian/icons/ubuntu-logo.png
20debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml21debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
21debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php22debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
22debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml23debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
23new file mode 10064424new file mode 100644
index 0000000..6bc9125
--- /dev/null
+++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
1#!/bin/sh
2set -uxe
3
4# http2 is rather new, check that it at least generally works
5# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
6
7a2enmod http2
8a2enmod ssl
9a2ensite default-ssl
10# Enable globally
11echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
12service apache2 restart
13
14# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
15# wget on Debian gives me:
16# GnuTLS: A TLS warning alert has been received.
17# Unable to establish SSL connection.
18# Presumably this is due to the self-signed certificate, but I'm not sure how
19# to skip the warning with wget. curl will do for now.
20echo "Hello, world!" > /var/www/html/hello.txt
21
22testapache () {
23 cmd="${1}"
24 result=$(${cmd})
25
26 if [ "$result" != "Hello, world!" ]; then
27 echo "Unexpected result: ${result}" >&2
28 exit 1
29 else
30 echo OK
31 fi
32}
33
34# https shall not affect http
35testapache "curl -s -k http://localhost/hello.txt"
36# https shall not affect https
37testapache "curl -s -k https://localhost/hello.txt"
38#plain http2
39testapache "nghttp --no-verify-peer https://localhost/hello.txt"
40#http2 upgrade
41testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
diff --git a/debian/tests/control b/debian/tests/control
index be79f60..37ae2ca 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -23,6 +23,10 @@ Tests: ssl-passphrase
23Restrictions: needs-root allow-stderr breaks-testbed23Restrictions: needs-root allow-stderr breaks-testbed
24Depends: apache2, curl, expect, ssl-cert24Depends: apache2, curl, expect, ssl-cert
2525
26Tests: check-http2
27Restrictions: needs-root allow-stderr breaks-testbed
28Depends: apache2, curl, ssl-cert, nghttp2-client
29
26Tests: chroot30Tests: chroot
27Features: no-build-needed31Features: no-build-needed
28Restrictions: needs-root allow-stderr breaks-testbed32Restrictions: needs-root allow-stderr breaks-testbed

Subscribers

People subscribed via source and target branches