Ubuntu
apache2 package

Merge ~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish into ubuntu/+source/apache2:debian/sid

  1. Git
  2. lp:~bryce/ubuntu/+source/apache2
  3. merge-v2.4.48-3-impish
  4. Merge into debian/sid
Proposed by Bryce Harrington
Status: Merged
Approved by: Bryce Harrington
Approved revision: ed8d6792d1bff487a02b67f2995ad030e05a42c2
Merge reported by: Bryce Harrington
Merged at revision: ed8d6792d1bff487a02b67f2995ad030e05a42c2
Proposed branch: ~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish
Merge into: ubuntu/+source/apache2:debian/sid
Diff against target: 2517 lines (+1892/-34)
11 files modified
debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+1/-0)
debian/apache2.py (+48/-0)
debian/apache2ctl (+33/-18)
debian/changelog (+1769/-2)
debian/control (+4/-2)
debian/index.html (+19/-12)
debian/source/include-binaries (+1/-0)
Reviewer Review Type Date Requested Status
Utkarsh Gupta (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+405429@code.launchpad.net

Description of the change

Pretty standard merge of apache, good chunk of the delta is able to drop. Remainder of delta is ubuntu-specific, but I've added bug #'s for each change to facilitate future review in case we want to look at it more. Debian has been active at pulling the changes they care about from us proactively.

I verified the package builds and the autopkgtests pass locally for me, and that the usual tags are pushed:
https://git.launchpad.net/~bryce/ubuntu/+source/apache2?h=merge-v2.4.48-3-impish

PPA: https://launchpad.net/~bryce/+archive/ubuntu/apache2-merge-v2.4.48-3

To post a comment you must log in.
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

[Since I started to take a look at it, I'll complete this on Monday]

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

* Changelog:
  - [✓] old/ubuntu and the split tag match as expected
  - [✓] changelog entry correct version and targeted codename
  - [✓] changelog entries correct

Although I'd personally prefer to squash the last commit with the 3rd last one, that is, "changelog reformatting for release" with "reconstruct-changelog". This is also noted in the PackageMerging.md in the maintainer's handbook. That said, it's really trivial so I'll let you decide if you want to do that or not.

  - [✓] update-maintainer has been run

* Old Delta:
  - [✓] dropped changes are ok to be dropped
  - [?] nothing else to drop
  - [?] changes forwarded upstream/debian (if appropriate)

For the last two points here, the remaining delta isn't forwarded but you have mentioned that all of it is Ubuntu-specific, so I believe ya. And indeed, apport stuff and f4b8b766a27bc06df1f2149738c0022b53d33735 are indeed Ubuntu-specific. I haven't checked the rest but I assume you already did and so it's not worth forwarding!

* Build/Test:
  - [✓] build is ok
  - [✓] verified PPA package installs/uninstalls
  - [✓] autopkgtest against the PPA package passes
  - [-] sanity checks test fine

Except for 1 trivial comment about the d/ch entry, things look good. +1. Thank you! \o/

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

I'm experimenting with keeping my manual changelog changes separated from the ones mechanically generated by git-ubuntu. So, I squashed all my hand edits into that last commit. Ultimately, all the "changelog*" commits will get deleted next merge, so it's a bit irrelevant how they're organized, except if it makes reviewing easier or harder.

As to the forwarding, yeah like I mention Debian seems to give good attention at proactively pulling what they want from us for this package.  From what I can see, the items in our delta would at least need some generalization/rework to make them worth carrying for Debian.

Thanks for the review!

Revision history for this message
Bryce Harrington (bryce) wrote :

$ git ubuntu tag --upload
$ git push pkg upload/2.4.48-3ubuntu1
Enumerating objects: 70, done.
Counting objects: 100% (70/70), done.
Delta compression using up to 12 threads
Compressing objects: 100% (47/47), done.
Writing objects: 100% (54/54), 27.41 KiB | 2.11 MiB/s, done.
Total 54 (delta 36), reused 11 (delta 7)
To ssh://git.launchpad.net/ubuntu/+source/apache2
 * [new tag] upload/2.4.48-3ubuntu1 -> upload/2.4.48-3ubuntu1

$ dput ubuntu apache2_2.4.48-3ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: /home/bryce/pkg/Apache2/merge-v2.4.48-3/apache2_2.4.48-3ubuntu1_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: /home/bryce/pkg/Apache2/merge-v2.4.48-3/apache2_2.4.48-3ubuntu1.dsc: Valid signature from E603B2578FB8F0FB
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.48-3ubuntu1.dsc: done.
  Uploading apache2_2.4.48.orig.tar.gz: done.
  Uploading apache2_2.4.48-3ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.48-3ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.48-3ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Bryce Harrington (bryce) wrote :

 apache2 | 2.4.48-3ubuntu1 | impish | source

This has transitioned.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
index 63c573f..3d1bdf1 100644
--- a/debian/apache2-bin.install
+++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
1/usr/lib/apache2/modules/1/usr/lib/apache2/modules/
2/usr/sbin/apache22/usr/sbin/apache2
3debian/apache2.py usr/share/apport/package-hooks
diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
3new file mode 1006444new file mode 100644
index 0000000..974a655
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
1[Apache]
2title=Web Server
3description=Apache v2 is the next generation of the omnipresent Apache web server.
4ports=80/tcp
5
6[Apache Secure]
7title=Web Server (HTTPS)
8description=Apache v2 is the next generation of the omnipresent Apache web server.
9ports=443/tcp
10
11[Apache Full]
12title=Web Server (HTTP,HTTPS)
13description=Apache v2 is the next generation of the omnipresent Apache web server.
14ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 6089013..1aa6d3c 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
10var/lib/apache210var/lib/apache2
11var/log/apache211var/log/apache2
12var/www/html12var/www/html
13/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad789..92865fc 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2
8debian/config-dir/envvars /etc/apache28debian/config-dir/envvars /etc/apache2
9debian/config-dir/magic /etc/apache29debian/config-dir/magic /etc/apache2
10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
11debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/apache2.postrm b/debian/apache2.postrm
index a68583c..b0e5d7b 100644
--- a/debian/apache2.postrm
+++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
33 776221a94e5a174dc2396c0f3f6b6a7433 776221a94e5a174dc2396c0f3f6b6a74
34 c481228d439cbb54bdcedbaec5bbb11a34 c481228d439cbb54bdcedbaec5bbb11a
35 e2620d4a5a0f8d80dd4b16de59af981f35 e2620d4a5a0f8d80dd4b16de59af981f
36 3526531ccd6c6a1d2340574a305a18f8
36 EOF37 EOF
37}38}
3839
diff --git a/debian/apache2.py b/debian/apache2.py
39new file mode 10064440new file mode 100644
index 0000000..a9fb9d8
--- /dev/null
+++ b/debian/apache2.py
@@ -0,0 +1,48 @@
1#!/usr/bin/python
2
3'''apport hook for apache2
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
19
20def add_info(report, ui):
21 if os.path.isdir(SITES_ENABLED_DIR):
22 response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
23 "may help developers diagnose your bug more "
24 "quickly. However, it may contain sensitive "
25 "information. Do you want to include it in your "
26 "bug report?")
27
28 if response == None: # user cancelled
29 raise StopIteration
30
31 elif response == True:
32 # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
33 for conf_file in os.listdir(SITES_ENABLED_DIR):
34 attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
35
36 try:
37 report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
38 except OSError:
39 report['Apache2ConfdDirListing'] = str(False)
40
41 # Attach default config files if changed.
42 attach_conffiles(report, 'apache2', conffiles=None)
43
44 # Attach the error.log file.
45 attach_file(report, '/var/log/apache2/error.log', key='error.log')
46
47 # Get loaded modules.
48 report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
diff --git a/debian/apache2ctl b/debian/apache2ctl
index 404b9f9..02f3bca 100755
--- a/debian/apache2ctl
+++ b/debian/apache2ctl
@@ -143,6 +143,21 @@ mkdir_chown () {
143 fi143 fi
144}144}
145145
146need_systemd () {
147 # Detect if systemd is in use and should be used for managing
148 # the Apache2 httpd service. Returns 0 if so, 1 otherwise.
149 if [ -z "${APACHE_STARTED_BY_SYSTEMD}" ]; then
150 case "$(readlink -f /proc/1/exe)" in
151 *systemd*)
152 return 0
153 ;;
154 esac
155 # With Docker, /proc/1 is not necessarily an init system,
156 # so fallback to checking in /run.
157 [ -d /run/systemd/system ]
158 fi
159 return 1
160}
146161
147[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}162[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
148[ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}163[ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
@@ -153,38 +168,38 @@ start)
153 # (this is bad if there are several apache2 instances running)168 # (this is bad if there are several apache2 instances running)
154 rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*169 rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*
155170
156 need_systemd=false171 if need_systemd; then
157 if [ -z "$APACHE_STARTED_BY_SYSTEMD" ] ; then
158 case "$(readlink -f /proc/1/exe)" in
159 *systemd*)
160 need_systemd=true
161 ;;
162 *)
163 ;;
164 esac
165 fi
166 if $need_systemd ; then
167 # If running on systemd we should not start httpd without systemd172 # If running on systemd we should not start httpd without systemd
168 # or systemd will get confused about the status of httpd.173 # or systemd will get confused about the status of httpd.
169 echo "Invoking 'systemctl start $APACHE_SYSTEMD_SERVICE'."174 echo "Invoking 'systemctl start ${APACHE_SYSTEMD_SERVICE}'."
170 echo "Use 'systemctl status $APACHE_SYSTEMD_SERVICE' for more info."175 echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
171 systemctl start "$APACHE_SYSTEMD_SERVICE"176 systemctl start "${APACHE_SYSTEMD_SERVICE}"
172 else177 else
173 unset APACHE_STARTED_BY_SYSTEMD178 unset APACHE_STARTED_BY_SYSTEMD
174 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"179 ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
175 fi180 fi
176181
177 ERROR=$?182 ERROR=$?
178 ;;183 ;;
179stop|graceful-stop)184stop|graceful-stop)
180 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"185 ${HTTPD} ${APACHE_ARGUMENTS} -k "$ARGV"
181 ERROR=$?186 ERROR=$?
182 ;;187 ;;
183restart|graceful)188restart|graceful)
184 if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then189 if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
185 $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"190 if need_systemd; then
191 # If running on systemd we should not directly restart httpd since
192 # systemd would be confused about httpd's status.
193 # (See LP: #1832182)
194 echo "Invoking 'systemctl restart ${APACHE_SYSTEMD_SERVICE}'."
195 echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
196 systemctl restart "${APACHE_SYSTEMD_SERVICE}"
197 else
198 unset APACHE_STARTED_BY_SYSTEMD
199 ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
200 fi
186 else201 else
187 $HTTPD ${APACHE_ARGUMENTS} -t202 ${HTTPD} ${APACHE_ARGUMENTS} -t
188 fi203 fi
189 ERROR=$?204 ERROR=$?
190 ;;205 ;;
diff --git a/debian/changelog b/debian/changelog
index 9683426..ea76682 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,43 @@
1apache2 (2.4.48-3ubuntu1) impish; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - debian/{control, apache2.install, apache2-utils.ufw.profile,
5 apache2.dirs}: Add ufw profiles. (LP: 261198)
6 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
7 (LP: 609177)
8 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
9 d/s/include-binaries: replace Debian with Ubuntu on default
10 page and add Ubuntu icon file. (LP: 1288690)
11 - d/apache2ctl: Also use systemd for graceful if it is in use.
12 This extends an earlier fix for the start command to behave
13 similarly for restart / graceful. Fixes service failures on
14 unattended upgrade. (LP: 1832182)
15 - d/apache2ctl: Also use /run/systemd to check for systemd usage
16 (LP: 1918209)
17 * Dropped:
18 - d/t/control, d/t/check-http2: add basic test for http2 support
19 [Fixed in 2.4.48-2]
20 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
21 [Fixed in 2.4.48-1]
22 - d/p/CVE-2020-13950.patch: don't dereference NULL proxy
23 connection in modules/proxy/mod_proxy_http.c.
24 [Fixed in 2.4.48 upstream]
25 - d/p/CVE-2020-35452.patch: fast validation of the nonce's
26 base64 to fail early if the format can't match anyway in
27 modules/aaa/mod_auth_digest.c.
28 [Fixed in 2.4.48 upstream]
29 - d/p/CVE-2021-26690.patch: save one apr_strtok() in
30 session_identity_decode() in modules/session/mod_session.c.
31 [Fixed in 2.4.48 upstream]
32 - d/p/CVE-2021-26691.patch: account for the '&' in
33 identity_concat() in modules/session/mod_session.c.
34 [Fixed in 2.4.48 upstream]
35 - d/p/CVE-2021-30641.patch: change default behavior in
36 server/request.c.
37 [Fixed in 2.4.48 upstream]
38
39 -- Bryce Harrington <bryce@canonical.com> Thu, 08 Jul 2021 03:20:46 +0000
40
1apache2 (2.4.48-3) unstable; urgency=medium41apache2 (2.4.48-3) unstable; urgency=medium
242
3 * Fix debian/changelog43 * Fix debian/changelog
@@ -54,6 +94,65 @@ apache2 (2.4.46-5) unstable; urgency=medium
5494
55 -- Yadd <yadd@debian.org> Thu, 10 Jun 2021 11:57:38 +020095 -- Yadd <yadd@debian.org> Thu, 10 Jun 2021 11:57:38 +0200
5696
97apache2 (2.4.46-4ubuntu3) impish; urgency=medium
98
99 * No-change rebuild due to OpenLDAP soname bump.
100
101 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 17:43:48 -0400
102
103apache2 (2.4.46-4ubuntu2) impish; urgency=medium
104
105 * SECURITY UPDATE: mod_proxy_http denial of service.
106 - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
107 connection in modules/proxy/mod_proxy_http.c.
108 - CVE-2020-13950
109 * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
110 - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
111 base64 to fail early if the format can't match anyway in
112 modules/aaa/mod_auth_digest.c.
113 - CVE-2020-35452
114 * SECURITY UPDATE: DoS via cookie header in mod_session
115 - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
116 session_identity_decode() in modules/session/mod_session.c.
117 - CVE-2021-26690
118 * SECURITY UPDATE: heap overflow via SessionHeader
119 - debian/patches/CVE-2021-26691.patch: account for the '&' in
120 identity_concat() in modules/session/mod_session.c.
121 - CVE-2021-26691
122 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
123 - debian/patches/CVE-2021-30641.patch: change default behavior in
124 server/request.c.
125 - CVE-2021-30641
126
127 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 17 Jun 2021 13:09:41 -0400
128
129apache2 (2.4.46-4ubuntu1) hirsute; urgency=medium
130
131 * Merge with Debian unstable, to allow moving from lua5.2 to
132 lua5.3 (LP: #1910372). Remaining changes:
133 - debian/{control, apache2.install, apache2-utils.ufw.profile,
134 apache2.dirs}: Add ufw profiles.
135 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
136 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
137 Debian with Ubuntu on default page.
138 + d/source/include-binaries: add Ubuntu icon file
139 - d/t/control, d/t/check-http2: add basic test for http2 support
140 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
141 issue reading error log too quickly after request, by adding a sleep.
142 (LP #1890302)
143 - d/apache2ctl: Also use systemd for graceful if it is in use.
144 This extends an earlier fix for the start command to behave
145 similarly for restart / graceful. Fixes service failures on
146 unattended upgrade.
147 * Drop:
148 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
149 was re-added by mistake in 2.4.41-1 (Closes #921024)
150 [Included in Debian 2.4.46-3]
151 * d/apache2ctl: Also use /run/systemd to check for systemd usage
152 (LP: #1918209)
153
154 -- Bryce Harrington <bryce@canonical.com> Tue, 09 Mar 2021 00:45:35 +0000
155
57apache2 (2.4.46-4) unstable; urgency=medium156apache2 (2.4.46-4) unstable; urgency=medium
58157
59 * Ignore other random another test failures (Closes: #979664)158 * Ignore other random another test failures (Closes: #979664)
@@ -71,6 +170,28 @@ apache2 (2.4.46-3) unstable; urgency=medium
71170
72 -- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +0100171 -- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +0100
73172
173apache2 (2.4.46-2ubuntu1) hirsute; urgency=medium
174
175 * Merge with Debian unstable. Remaining changes:
176 - debian/{control, apache2.install, apache2-utils.ufw.profile,
177 apache2.dirs}: Add ufw profiles.
178 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
179 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
180 Debian with Ubuntu on default page.
181 + d/source/include-binaries: add Ubuntu icon file
182 - d/t/control, d/t/check-http2: add basic test for http2 support
183 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
184 was re-added by mistake in 2.4.41-1 (Closes #921024)
185 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
186 issue reading error log too quickly after request, by adding a sleep.
187 (LP #1890302)
188 - d/apache2ctl: Also use systemd for graceful if it is in use.
189 This extends an earlier fix for the start command to behave
190 similarly for restart / graceful. Fixes service failures on
191 unattended upgrade.
192
193 -- Paride Legovini <paride.legovini@canonical.com> Mon, 14 Dec 2020 18:12:15 +0100
194
74apache2 (2.4.46-2) unstable; urgency=medium195apache2 (2.4.46-2) unstable; urgency=medium
75196
76 [ Jean-Michel Vourgère ]197 [ Jean-Michel Vourgère ]
@@ -92,6 +213,39 @@ apache2 (2.4.46-2) unstable; urgency=medium
92213
93 -- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +0100214 -- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +0100
94215
216apache2 (2.4.46-1ubuntu2) hirsute; urgency=medium
217
218 * d/apache2ctl: Also use systemd for graceful if it is in use.
219 (LP: #1832182)
220 - This extends an earlier fix for the start command to behave
221 similarly for restart / graceful. Fixes service failures on
222 unattended upgrade.
223
224 -- Bryce Harrington <bryce@canonical.com> Mon, 05 Oct 2020 16:06:32 -0700
225
226apache2 (2.4.46-1ubuntu1) groovy; urgency=medium
227
228 * Merge with Debian unstable. Remaining changes:
229 - debian/{control, apache2.install, apache2-utils.ufw.profile,
230 apache2.dirs}: Add ufw profiles.
231 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
232 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
233 Debian with Ubuntu on default page.
234 + d/source/include-binaries: add Ubuntu icon file
235 - d/t/control, d/t/check-http2: add basic test for http2 support
236 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
237 was re-added by mistake in 2.4.41-1 (Closes #921024)
238 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
239 issue reading error log too quickly after request, by adding a sleep.
240 (LP #1890302)
241 * Dropped:
242 - debian/patches/086_svn_cross_compiles: Backport several cross
243 fixes from upstream
244 [Unclear if it's still necessary, and upstream hasn't made a
245 release with it yet]
246
247 -- Andreas Hasenack <andreas@canonical.com> Tue, 25 Aug 2020 09:13:38 -0300
248
95apache2 (2.4.46-1) unstable; urgency=medium249apache2 (2.4.46-1) unstable; urgency=medium
96250
97 [ Xavier Guimard ]251 [ Xavier Guimard ]
@@ -108,6 +262,39 @@ apache2 (2.4.46-1) unstable; urgency=medium
108262
109 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200263 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200
110264
265apache2 (2.4.43-1ubuntu2) groovy; urgency=medium
266
267 * d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
268 issue reading error log too quickly after request, by adding a sleep.
269 (LP: #1890302)
270
271 -- Bryce Harrington <bryce@canonical.com> Wed, 05 Aug 2020 12:44:59 -0700
272
273apache2 (2.4.43-1ubuntu1) groovy; urgency=medium
274
275 * Merge with Debian unstable. Remaining changes:
276 - debian/{control, apache2.install, apache2-utils.ufw.profile,
277 apache2.dirs}: Add ufw profiles.
278 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
279 - debian/patches/086_svn_cross_compiles: Backport several cross
280 fixes from upstream
281 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
282 Debian with Ubuntu on default page.
283 + d/source/include-binaries: add Ubuntu icon file
284 - d/t/control, d/t/check-http2: add basic test for http2 support
285 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
286 was re-added by mistake in 2.4.41-1 (Closes #921024)
287 * Dropped:
288 - d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
289 parameter to mod_proxy_ajp (LP #1865340)
290 [Fixed upstream]
291 - d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
292 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
293 Closes #955348, LP #1872478
294 [In 2.4.43-1]
295
296 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Jul 2020 10:22:42 -0300
297
111apache2 (2.4.43-1) unstable; urgency=medium298apache2 (2.4.43-1) unstable; urgency=medium
112299
113 [ Timo Aaltonen ]300 [ Timo Aaltonen ]
@@ -135,6 +322,39 @@ apache2 (2.4.41-5) unstable; urgency=medium
135322
136 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100323 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100
137324
325apache2 (2.4.41-4ubuntu3) focal; urgency=medium
326
327 [ Timo Aaltonen ]
328 * d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
329 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
330 Closes: #955348, LP: #1872478
331
332 -- Andreas Hasenack <andreas@canonical.com> Mon, 13 Apr 2020 14:19:17 -0300
333
334apache2 (2.4.41-4ubuntu2) focal; urgency=medium
335
336 * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
337 parameter to mod_proxy_ajp (LP: #1865340)
338
339 -- Andreas Hasenack <andreas@canonical.com> Thu, 05 Mar 2020 15:51:00 -0300
340
341apache2 (2.4.41-4ubuntu1) focal; urgency=medium
342
343 * Merge with Debian unstable. Remaining changes:
344 - debian/{control, apache2.install, apache2-utils.ufw.profile,
345 apache2.dirs}: Add ufw profiles.
346 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
347 - debian/patches/086_svn_cross_compiles: Backport several cross
348 fixes from upstream
349 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
350 Debian with Ubuntu on default page.
351 + d/source/include-binaries: add Ubuntu icon file
352 - d/t/control, d/t/check-http2: add basic test for http2 support
353 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
354 was re-added by mistake in 2.4.41-1 (Closes #921024)
355
356 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 10:36:13 -0300
357
138apache2 (2.4.41-4) unstable; urgency=medium358apache2 (2.4.41-4) unstable; urgency=medium
139359
140 * Add gcc in chroot autopkgtest (fixes debci)360 * Add gcc in chroot autopkgtest (fixes debci)
@@ -159,6 +379,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
159379
160 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100380 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100
161381
382apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
383
384 * Merge with Debian unstable. Remaining changes:
385 - debian/{control, apache2.install, apache2-utils.ufw.profile,
386 apache2.dirs}: Add ufw profiles.
387 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
388 - debian/patches/086_svn_cross_compiles: Backport several cross
389 fixes from upstream
390 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
391 Debian with Ubuntu on default page.
392 + d/source/include-binaries: add Ubuntu icon file
393 - d/t/control, d/t/check-http2: add basic test for http2 support
394 * Dropped:
395 - Cherrypick upstream testsuite fix:
396 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
397 as such).
398 + Similarly use TLSv1.2 for pr12355 and pr43738.
399 [Test suite updated in 2.4.41-1]
400 - Cherrypick upstream test suite fix for buffer.
401 [Included in 2.4.41-1]
402 - d/p/spelling-errors.patch: removed hunks already fixed upstream
403 [Included in 2.4.39-1]
404 - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
405 + d/p/CVE-2019-0196.patch
406 + d/p/CVE-2019-0211.patch
407 + d/p/CVE-2019-0215.patch
408 + d/p/CVE-2019-0217.patch
409 + d/p/CVE-2019-0220-*.patch
410 + d/p/CVE-2019-0197.patch
411 * Added:
412 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
413 was re-added by mistake in 2.4.41-1 (Closes: #921024)
414
415 -- Andreas Hasenack <andreas@canonical.com> Wed, 14 Aug 2019 11:36:32 -0300
416
162apache2 (2.4.41-1) unstable; urgency=medium417apache2 (2.4.41-1) unstable; urgency=medium
163418
164 * New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081,419 * New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081,
@@ -191,6 +446,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
191446
192 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200447 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200
193448
449apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
450
451 * New upstream version: 2.4.39
452 * d/p/spelling-errors.patch: removed hunks already fixed upstream
453 * Remaining changes:
454 - Cherrypick upstream test suite fix for buffer.
455 - Cherrypick upstream testsuite fix:
456 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
457 as such).
458 - Similarly use TLSv1.2 for pr12355 and pr43738.
459 - debian/{control, apache2.install, apache2-utils.ufw.profile,
460 apache2.dirs}: Add ufw profiles.
461 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
462 - debian/patches/086_svn_cross_compiles: Backport several cross
463 fixes from upstream
464 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
465 Debian with Ubuntu on default page.
466 + d/source/include-binaries: add Ubuntu icon file
467 - d/t/control, d/t/check-http2: add basic test for http2 support
468 * Dropped patches (fixed upstream):
469 - d/p/CVE-2019-0196.patch
470 - d/p/CVE-2019-0211.patch
471 - d/p/CVE-2019-0215.patch
472 - d/p/CVE-2019-0217.patch
473 - d/p/CVE-2019-0220-*.patch
474 - d/p/CVE-2019-0197.patch
475
476 -- Andreas Hasenack <andreas@canonical.com> Mon, 05 Aug 2019 18:09:08 -0300
477
478apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
479
480 * Cherrypick upstream test suite fix for buffer.
481
482 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 13 Jun 2019 11:08:24 +0100
483
484apache2 (2.4.38-3ubuntu1) eoan; urgency=low
485
486 * Merge from Debian unstable. Remaining changes:
487 - Cherrypick upstream testsuite fix:
488 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
489 as such).
490 - Similarly use TLSv1.2 for pr12355 and pr43738.
491 - debian/{control, apache2.install, apache2-utils.ufw.profile,
492 apache2.dirs}: Add ufw profiles.
493 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
494 - debian/patches/086_svn_cross_compiles: Backport several cross
495 fixes from upstream
496 [Removed configure chunk, not needed since configure.in is being
497 patched.]
498 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
499 Debian with Ubuntu on default page.
500 + d/source/include-binaries: add Ubuntu icon file
501 - d/t/control, d/t/check-http2: add basic test for http2 support
502
503 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 10 Jun 2019 19:17:38 +0100
504
194apache2 (2.4.38-3) unstable; urgency=high505apache2 (2.4.38-3) unstable; urgency=high
195506
196 [ Marc Deslauriers ]507 [ Marc Deslauriers ]
@@ -228,6 +539,79 @@ apache2 (2.4.38-3) unstable; urgency=high
228539
229 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200540 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200
230541
542apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
543
544 * Cherrypick upstream testsuite fix:
545 - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
546 as such).
547 * Similarly use TLSv1.2 for pr12355 and pr43738.
548
549 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 07 May 2019 10:39:47 +0100
550
551apache2 (2.4.38-2ubuntu2) disco; urgency=medium
552
553 * SECURITY UPDATE: read-after-free on a string compare in mod_http2
554 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
555 request method in modules/http2/h2_request.c.
556 - CVE-2019-0196
557 * SECURITY UPDATE: privilege escalation from modules' scripts
558 - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
559 child to its slot number in include/scoreboard.h,
560 server/mpm/event/event.c, server/mpm/prefork/prefork.c,
561 server/mpm/worker/worker.c.
562 - CVE-2019-0211
563 * SECURITY UPDATE: mod_ssl access control bypass
564 - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
565 PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
566 - CVE-2019-0215
567 * SECURITY UPDATE: mod_auth_digest access control bypass
568 - debian/patches/CVE-2019-0217.patch: fix a race condition in
569 modules/aaa/mod_auth_digest.c.
570 - CVE-2019-0217
571 * SECURITY UPDATE: URL normalization inconsistincy
572 - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
573 the path in include/http_core.h, include/httpd.h, server/core.c,
574 server/request.c, server/util.c.
575 - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
576 in server/request.c, server/util.c.
577 - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
578 server/util.c.
579 - CVE-2019-0220
580
581 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Apr 2019 14:31:46 -0400
582
583apache2 (2.4.38-2ubuntu1) disco; urgency=medium
584
585 * Merge with Debian unstable. Remaining changes:
586 - debian/{control, apache2.install, apache2-utils.ufw.profile,
587 apache2.dirs}: Add ufw profiles.
588 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
589 - debian/patches/086_svn_cross_compiles: Backport several cross
590 fixes from upstream
591 [Removed configure chunk, not needed since configure.in is being
592 patched.]
593 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
594 Debian with Ubuntu on default page.
595 + d/source/include-binaries: add Ubuntu icon file
596 - d/t/control, d/t/check-http2: add basic test for http2 support
597 * Dropped:
598 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
599 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
600 cannot be coinstalled with libcurl3. That situation breaks the
601 installation of libapache2-mod-shib2. See
602 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
603 for details.
604 [This has been resolved in Disco, where libxmltooling8 is built with
605 openssl 1.1]
606 - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
607 + debian/patches/CVE-2018-11763.patch: rework connection IO event
608 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
609 modules/http2/h2_version.h.
610 - CVE-2018-11763
611 [Fixed in 2.4.35]
612
613 -- Andreas Hasenack <andreas@canonical.com> Sun, 03 Feb 2019 14:57:13 -0200
614
231apache2 (2.4.38-2) unstable; urgency=medium615apache2 (2.4.38-2) unstable; urgency=medium
232616
233 * Disable "reset" test in allowmethods.t (Closes: #921024)617 * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -310,6 +694,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
310694
311 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200695 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200
312696
697apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
698
699 * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
700 - debian/patches/CVE-2018-11763.patch: rework connection IO event
701 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
702 modules/http2/h2_version.h.
703 - CVE-2018-11763
704
705 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Oct 2018 09:57:22 -0400
706
707apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
708
709 * Merge with Debian unstable. Remaining changes:
710 - debian/{control, apache2.install, apache2-utils.ufw.profile,
711 apache2.dirs}: Add ufw profiles.
712 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
713 - debian/patches/086_svn_cross_compiles: Backport several cross
714 fixes from upstream
715 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
716 Debian with Ubuntu on default page.
717 + d/source/include-binaries: add Ubuntu icon file
718 - d/t/control, d/t/check-http2: add basic test for http2 support
719 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
720 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
721 cannot be coinstalled with libcurl3. That situation breaks the
722 installation of libapache2-mod-shib2. See
723 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
724 for details.
725
726 -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Aug 2018 17:09:27 -0300
727
313apache2 (2.4.34-1) unstable; urgency=medium728apache2 (2.4.34-1) unstable; urgency=medium
314729
315 [ Ondřej Surý ]730 [ Ondřej Surý ]
@@ -328,6 +743,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
328743
329 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200744 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200
330745
746apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
747
748 * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
749 re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
750
751 -- Andreas Hasenack <andreas@canonical.com> Thu, 28 Jun 2018 10:07:06 -0300
752
753apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
754
755 * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
756 libapache2-mod-md until we figure out their transitions. libapache2-mod-md
757 in particular is problematic because that makes apache2-bin pull in
758 libcurl4 which cannot be coinstalled with libcurl3. That situation breaks
759 the installation of libapache2-mod-shib2. See
760 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
761 for details.
762 - Don't ship md.load and remove build-requires that were added because of
763 mod-md (see
764 https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
765 - Remove proxy_uwsgi.load as we are not building it for now (see
766 https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
767
768 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 May 2018 14:46:19 +0000
769
770apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
771
772 * Merge with Debian unstable (LP: #1770242). Remaining changes:
773 - debian/{control, apache2.install, apache2-utils.ufw.profile,
774 apache2.dirs}: Add ufw profiles.
775 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
776 - debian/patches/086_svn_cross_compiles: Backport several cross
777 fixes from upstream
778 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
779 Debian with Ubuntu on default page.
780 + d/source/include-binaries: add Ubuntu icon file
781 - d/t/control, d/t/check-http2: add basic test for http2 support
782 * Drop:
783 - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
784 + debian/patches/CVE-2017-15710.patch: fix language long names
785 detection as short name in modules/aaa/mod_authnz_ldap.c.
786 + CVE-2017-15710
787 - SECURITY UPDATE: incorrect <FilesMatch> matching
788 + debian/patches/CVE-2017-15715.patch: allow to configure
789 global/default options for regexes, like caseless matching or
790 extended format in include/ap_regex.h, server/core.c,
791 server/util_pcre.c.
792 + CVE-2017-15715
793 - SECURITY UPDATE: mod_session header manipulation
794 + debian/patches/CVE-2018-1283.patch: strip Session header when
795 SessionEnv is on in modules/session/mod_session.c.
796 + CVE-2018-1283
797 - SECURITY UPDATE: DoS via specially-crafted request
798 + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
799 terminated on any error, not only on buffer full in
800 server/protocol.c.
801 + CVE-2018-1301
802 - SECURITY UPDATE: mod_cache_socache DoS
803 + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
804 to carriage return in modules/cache/mod_cache_socache.c.
805 + CVE-2018-1303
806 - SECURITY UPDATE: insecure nonce generation
807 + debian/patches/CVE-2018-1312.patch: actually use the secret when
808 generating nonces in modules/aaa/mod_auth_digest.c.
809 + CVE-2018-1312
810 - Correct systemd-sysv-generator behavior by customizing some
811 parameters:
812 + d/apache2-systemd.conf: add a drop-in file to specify some
813 parameters for the systemd unit (type=Forking and
814 RemainsAfterExit=no), this allow a correct state synchronisation
815 between systemctl status and actual state of apache2 daemon.
816 + d/apache2.install: place the apache2-systemd.conf file in the
817 correct location.
818 [type=Forking already in the base systemd service file, and
819 RemainsAfterExit=no is the default value, so no need to
820 customize these anymore.]
821 - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
822 + added debian/patches/util_ldap_cache_lock_fix.patch
823 [Already applied upstream]
824
825 -- Andreas Hasenack <andreas@canonical.com> Tue, 15 May 2018 11:03:34 -0300
826
331apache2 (2.4.33-3) unstable; urgency=medium827apache2 (2.4.33-3) unstable; urgency=medium
332828
333 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.829 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -400,6 +896,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
400896
401 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000897 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000
402898
899apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
900
901 * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
902 - debian/patches/CVE-2017-15710.patch: fix language long names
903 detection as short name in modules/aaa/mod_authnz_ldap.c.
904 - CVE-2017-15710
905 * SECURITY UPDATE: incorrect <FilesMatch> matching
906 - debian/patches/CVE-2017-15715.patch: allow to configure
907 global/default options for regexes, like caseless matching or
908 extended format in include/ap_regex.h, server/core.c,
909 server/util_pcre.c.
910 - CVE-2017-15715
911 * SECURITY UPDATE: mod_session header manipulation
912 - debian/patches/CVE-2018-1283.patch: strip Session header when
913 SessionEnv is on in modules/session/mod_session.c.
914 - CVE-2018-1283
915 * SECURITY UPDATE: DoS via specially-crafted request
916 - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
917 terminated on any error, not only on buffer full in
918 server/protocol.c.
919 - CVE-2018-1301
920 * SECURITY UPDATE: mod_cache_socache DoS
921 - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
922 to carriage return in modules/cache/mod_cache_socache.c.
923 - CVE-2018-1303
924 * SECURITY UPDATE: insecure nonce generation
925 - debian/patches/CVE-2018-1312.patch: actually use the secret when
926 generating nonces in modules/aaa/mod_auth_digest.c.
927 - CVE-2018-1312
928
929 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Apr 2018 07:38:24 -0400
930
931apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
932
933 * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
934 - added debian/patches/util_ldap_cache_lock_fix.patch
935
936 -- Rafael David Tinoco <rafael.tinoco@canonical.com> Fri, 02 Mar 2018 02:19:31 +0000
937
938apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
939
940 * Switch back to OpenSSL 1.1.
941
942 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 11:57:20 +0000
943
944apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
945
946 * enable http2 (LP: #1687454) by stopping to disable it
947 - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
948 - debian/config-dir/mods-available/http2.load: no more removed.
949 - debian/rules: no more removed proxy_http2 from configure.
950 * d/t/control, d/t/check-http2: add basic test for http2 support
951
952 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Dec 2017 17:25:39 +0100
953
954apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
955
956 * Merge with Debian unstable. Remaining changes:
957 - debian/{control, apache2.install, apache2-utils.ufw.profile,
958 apache2.dirs}: Add ufw profiles.
959 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
960 - debian/patches/086_svn_cross_compiles: Backport several cross
961 fixes from upstream
962 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
963 Debian with Ubuntu on default page.
964 + d/source/include-binaries: add Ubuntu icon file
965 - Correct systemd-sysv-generator behavior by customizing some
966 parameters:
967 + d/apache2-systemd.conf: add a drop-in file to specify some
968 parameters for the systemd unit (type=Forking and
969 RemainsAfterExit=no), this allow a correct state synchronisation
970 between systemctl status and actual state of apache2 daemon.
971 + d/apache2.install: place the apache2-systemd.conf file in the
972 correct location.
973 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
974 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
975 + debian/config-dir/mods-available/http2.load: removed.
976 + debian/rules: removed proxy_http2 from configure.
977 * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
978 - debian/control: switch BuildDepends to libssl1.0-dev
979 - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
980 - debian/rules: remove openssl virtual package and logic
981
982 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Nov 2017 10:51:46 -0500
983
403apache2 (2.4.29-1) unstable; urgency=medium984apache2 (2.4.29-1) unstable; urgency=medium
404985
405 [ Stefan Fritsch ]986 [ Stefan Fritsch ]
@@ -464,6 +1045,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
4641045
465 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +02001046 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200
4661047
1048apache2 (2.4.27-2ubuntu3) artful; urgency=medium
1049
1050 * SECURITY UPDATE: optionsbleed information leak
1051 - debian/patches/CVE-2017-9798.patch: disallow method registration
1052 at run time in server/core.c.
1053 - CVE-2017-9798
1054
1055 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Sep 2017 11:05:48 -0400
1056
1057apache2 (2.4.27-2ubuntu2) artful; urgency=medium
1058
1059 * Undrop (LP 1658469):
1060 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
1061 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1062 + debian/config-dir/mods-available/http2.load: removed.
1063 + debian/rules: removed proxy_http2 from configure.
1064
1065 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Aug 2017 13:04:45 -0400
1066
1067apache2 (2.4.27-2ubuntu1) artful; urgency=medium
1068
1069 * Merge with Debian unstable (LP: #1702582). Remaining changes:
1070 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1071 apache2.dirs}: Add ufw profiles.
1072 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1073 - debian/patches/086_svn_cross_compiles: Backport several cross
1074 fixes from upstream
1075 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1076 Debian with Ubuntu on default page.
1077 + d/source/include-binaries: add Ubuntu icon file
1078 - Correct systemd-sysv-generator behavior by customizing some
1079 parameters:
1080 + d/apache2-systemd.conf: add a drop-in file to specify some
1081 parameters for the systemd unit (type=Forking and
1082 RemainsAfterExit=no), this allow a correct state synchronisation
1083 between systemctl status and actual state of apache2 daemon.
1084 + d/apache2.install: place the apache2-systemd.conf file in the
1085 correct location.
1086
1087 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 27 Jul 2017 13:38:39 -0700
1088
467apache2 (2.4.27-2) unstable; urgency=medium1089apache2 (2.4.27-2) unstable; urgency=medium
4681090
469 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more1091 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -493,6 +1115,55 @@ apache2 (2.4.25-4) unstable; urgency=high
4931115
494 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +02001116 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200
4951117
1118apache2 (2.4.25-3ubuntu3) artful; urgency=medium
1119
1120 * Re-Drop (LP: #1658469):
1121 - Don't build experimental http2 module for LTS:
1122 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1123 + debian/config-dir/mods-available/http2.load: removed.
1124 + debian/rules: removed proxy_http2 from configure.
1125 + debian/apache2.maintscript: remove http2 conffile.
1126
1127 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 01 May 2017 09:55:11 -0700
1128
1129apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
1130 * Undrop (LP 1658469):
1131 - Don't build experimental http2 module for LTS:
1132 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1133 + debian/config-dir/mods-available/http2.load: removed.
1134 + debian/rules: removed proxy_http2 from configure.
1135 + debian/apache2.maintscript: remove http2 conffile.
1136
1137 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 08:53:43 -0800
1138
1139apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
1140
1141 * Merge from Debian unstable (LP: #1663425). Remaining changes:
1142 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1143 apache2.dirs}: Add ufw profiles.
1144 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1145 - debian/patches/086_svn_cross_compiles: Backport several cross
1146 fixes from upstream
1147 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1148 Debian with Ubuntu on default page.
1149 + d/source/include-binaries: add Ubuntu icon file
1150 - Correct systemd-sysv-generator behavior by customizing some
1151 parameters:
1152 + d/apache2-systemd.conf: add a drop-in file to specify some
1153 parameters for the systemd unit (type=Forking and
1154 RemainsAfterExit=no), this allow a correct state synchronisation
1155 between systemctl status and actual state of apache2 daemon.
1156 + d/apache2.install: place the apache2-systemd.conf file in the
1157 correct location.
1158 * Drop (LP: #1658469):
1159 - Don't build experimental http2 module for LTS:
1160 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1161 + debian/config-dir/mods-available/http2.load: removed.
1162 + debian/rules: removed proxy_http2 from configure.
1163 + debian/apache2.maintscript: remove http2 conffile.
1164
1165 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 09 Feb 2017 15:48:28 -0800
1166
496apache2 (2.4.25-3) unstable; urgency=medium1167apache2 (2.4.25-3) unstable; urgency=medium
4971168
498 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.1169 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -554,6 +1225,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
5541225
555 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +01001226 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +0100
5561227
1228apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
1229
1230 * Merge from Debian unstable (LP: #). Remaining changes:
1231 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1232 apache2.dirs}: Add ufw profiles.
1233 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1234 - debian/patches/086_svn_cross_compiles: Backport several cross
1235 fixes from upstream
1236 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
1237 d/source/include-binaries: replace Debian with Ubuntu on default
1238 page.
1239 [ include-binaries change previously undocumented ]
1240 - Don't build experimental http2 module for LTS:
1241 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1242 + debian/config-dir/mods-available/http2.load: removed.
1243 + debian/rules: removed proxy_http2 from configure.
1244 + debian/apache2.maintscript: remove http2 conffile.
1245 [ Previously undocumented ]
1246 - Correct systemd-sysv-generator behavior by customizing some
1247 parameters:
1248 + d/apache2-systemd.conf: add a drop-in file to specify some
1249 parameters for the systemd unit (type=Forking and
1250 RemainsAfterExit=no), this allow a correct state synchronisation
1251 between systemctl status and actual state of apache2 daemon.
1252 + d/apache2.install: place the apache2-systemd.conf file in the
1253 correct location.
1254 * Drop:
1255 - debian/rules: Fix cross-building by passing
1256 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1257 [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
1258
1259 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 09 Dec 2016 11:02:38 +0100
1260
557apache2 (2.4.23-8) unstable; urgency=medium1261apache2 (2.4.23-8) unstable; urgency=medium
5581262
559 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a1263 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -564,6 +1268,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
5641268
565 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +01001269 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +0100
5661270
1271apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
1272
1273 * Merge from Debian unstable. Remaining changes:
1274 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1275 apache2.dirs}: Add ufw profiles.
1276 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1277 - debian/rules: Fix cross-building by passing
1278 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1279 - debian/patches/086_svn_cross_compiles: Backport several cross
1280 fixes from upstream
1281 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1282 Debian with Ubuntu on default page.
1283 - Don't build experimental http2 module for LTS:
1284 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1285 + debian/config-dir/mods-available/http2.load: removed.
1286 + debian/rules: removed proxy_http2 from configure.
1287 - Correct systemd-sysv-generator behavior by customizing some
1288 parameters:
1289 + d/apache2-systemd.conf: add a drop-in file to specify some
1290 parameters for the systemd unit (type=Forking and
1291 RemainsAfterExit=no), this allow a correct state synchronisation
1292 between systemctl status and actual state of apache2 daemon.
1293 + d/apache2.install: place the apache2-systemd.conf file in the
1294 correct location.
1295
1296 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 Nov 2016 09:17:24 -0500
1297
567apache2 (2.4.23-7) unstable; urgency=medium1298apache2 (2.4.23-7) unstable; urgency=medium
5681299
569 * Make apache2-dev depend on openssl 1.0, too. Closes: #8441601300 * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -678,6 +1409,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
6781409
679 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +02001410 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +0200
6801411
1412apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
1413
1414 * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
1415 - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
1416 server/util_script.c.
1417 - CVE-2016-5387
1418
1419 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Jul 2016 14:32:02 -0400
1420
1421apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
1422
1423 [ Ryan Harper ]
1424 * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
1425 introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
1426 all, since http2 support is intentionally disabled (see LP 1531864).
1427 * d/apache2.maintscript: handle removal of http2.load conffile.
1428
1429 [ Robie Basak ]
1430 * Re-write Ryan's changelog entry.
1431
1432 -- Robie Basak <robie.basak@ubuntu.com> Fri, 15 Apr 2016 18:00:57 +0000
1433
1434apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
1435
1436 * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
1437 - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
1438 unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
1439 between systemctl status and actual state of apache2 daemon.
1440 - d/apache2.install: place the apache2-systemd.conf file in the correct location.
1441
1442 -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Fri, 08 Apr 2016 11:48:00 +0200
1443
1444apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
1445
1446 * Merge from Debian unstable. Remaining changes:
1447 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1448 apache2.dirs}: Add ufw profiles.
1449 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1450 - debian/rules: Fix cross-building by passing
1451 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1452 - debian/patches/086_svn_cross_compiles: Backport several cross
1453 fixes from upstream
1454 - d/index.html: replace Debian with Ubuntu on default page.
1455 - Don't build experimental http2 module for LTS:
1456 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1457 + debian/config-dir/mods-available/http2.load: removed.
1458
1459 -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Apr 2016 00:18:31 +0300
1460
681apache2 (2.4.18-2) unstable; urgency=low1461apache2 (2.4.18-2) unstable; urgency=low
6821462
683 * htcacheclean:1463 * htcacheclean:
@@ -703,6 +1483,24 @@ apache2 (2.4.18-2) unstable; urgency=low
7031483
704 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +02001484 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +0200
7051485
1486apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
1487
1488 * Merge from Debian unstable. Remaining changes:
1489 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1490 apache2.dirs}: Add ufw profiles.
1491 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1492 - Add dep8 tests.
1493 - debian/rules: Fix cross-building by passing
1494 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1495 - debian/patches/086_svn_cross_compiles: Backport several cross
1496 fixes from upstream
1497 - d/index.html: replace Debian with Ubuntu on default page.
1498 - Don't build experimental http2 module for LTS:
1499 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1500 + debian/config-dir/mods-available/http2.load: removed.
1501
1502 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Jan 2016 15:15:22 -0500
1503
706apache2 (2.4.18-1) unstable; urgency=medium1504apache2 (2.4.18-1) unstable; urgency=medium
7071505
708 * New upstream release:1506 * New upstream release:
@@ -710,12 +1508,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
7101508
711 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +01001509 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +0100
7121510
1511apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
1512
1513 * Merge from Debian unstable. Remaining changes:
1514 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1515 apache2.dirs}: Add ufw profiles.
1516 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1517 - Add dep8 tests.
1518 - debian/rules: Fix cross-building by passing
1519 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1520 - debian/patches/086_svn_cross_compiles: Backport several cross
1521 fixes from upstream
1522 - d/index.html: replace Debian with Ubuntu on default page.
1523 - Don't build experimental http2 module for LTS:
1524 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1525 + debian/config-dir/mods-available/http2.load: removed.
1526
1527 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Dec 2015 10:07:35 -0500
1528
713apache2 (2.4.17-3) unstable; urgency=medium1529apache2 (2.4.17-3) unstable; urgency=medium
7141530
715 * mpm_prefork: Fix segfault if started with -X. Closes: #8057371531 * mpm_prefork: Fix segfault if started with -X. Closes: #805737
7161532
717 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +01001533 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +0100
7181534
1535apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
1536
1537 * Merge from Debian unstable. Remaining changes:
1538 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1539 apache2.dirs}: Add ufw profiles.
1540 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1541 - Add dep8 tests.
1542 - debian/rules: Fix cross-building by passing
1543 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1544 - debian/patches/086_svn_cross_compiles: Backport several cross
1545 fixes from upstream
1546 - d/index.html: replace Debian with Ubuntu on default page.
1547 - Don't build experimental http2 module for LTS:
1548 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1549 + debian/config-dir/mods-available/http2.load: removed.
1550
1551 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Nov 2015 09:11:52 -0500
1552
719apache2 (2.4.17-2) unstable; urgency=medium1553apache2 (2.4.17-2) unstable; urgency=medium
7201554
721 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke1555 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -726,6 +1560,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
7261560
727 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +01001561 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +0100
7281562
1563apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
1564
1565 * Merge from Debian unstable. Remaining changes:
1566 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1567 apache2.dirs}: Add ufw profiles.
1568 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1569 - Add dep8 tests.
1570 - debian/rules: Fix cross-building by passing
1571 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1572 - debian/patches/086_svn_cross_compiles: Backport several cross
1573 fixes from upstream
1574 - d/index.html: replace Debian with Ubuntu on default page.
1575 * Drop patches (applied upstream):
1576 - debian/patches/CVE-2015-3183.patch
1577 - debian/patches/CVE-2015-3185.patch
1578 * Drop changes (adopted in Debian):
1579 - Allow "triggers-awaited" and "triggers-pending" states in addition
1580 to "installed" when determining whether to defer actions or
1581 process deferred actions.
1582 * Don't build experimental http2 module for LTS
1583 - debian/control: removed libnghttp2-dev Build-Depends (in universe).
1584 - debian/config-dir/mods-available/http2.load: removed.
1585
1586 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 30 Oct 2015 09:35:46 -0400
1587
729apache2 (2.4.17-1) unstable; urgency=medium1588apache2 (2.4.17-1) unstable; urgency=medium
7301589
731 [ Stefan Fritsch ]1590 [ Stefan Fritsch ]
@@ -791,6 +1650,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
7911650
792 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +02001651 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +0200
7931652
1653apache2 (2.4.12-2ubuntu2) wily; urgency=medium
1654
1655 * SECURITY UPDATE: request smuggling via chunked transfer encoding
1656 - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
1657 modules/http/http_filters.c.
1658 - CVE-2015-3183
1659 * SECURITY UPDATE: access restriction bypass via deprecated API
1660 - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
1661 in include/http_request.h, server/request.c.
1662 - CVE-2015-3185
1663
1664 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Jul 2015 09:56:09 -0400
1665
1666apache2 (2.4.12-2ubuntu1) wily; urgency=medium
1667
1668 * Merge from Debian unstable. Remaining changes:
1669 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1670 apache2.dirs}: Add ufw profiles.
1671 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1672 - Add dep8 tests.
1673 - debian/rules: Fix cross-building by passing
1674 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1675 - debian/patches/086_svn_cross_compiles: Backport several cross
1676 fixes from upstream
1677 - d/index.html: replace Debian with Ubuntu on default page.
1678 - Allow "triggers-awaited" and "triggers-pending" states in addition
1679 to "installed" when determining whether to defer actions or
1680 process deferred actions.
1681 * Drop patches (applied upstream):
1682 - d/p/split-logfile.patch
1683 - d/p/CVE-2015-0228.patch
1684 * Drop changes (superceded in Debian):
1685 - Cherry-pick versioned build-depend on dpkg from Debian for correct
1686 dpkg-maintscript-helper symlink_to_dir support.
1687 * Drop changes (adopted in Debian):
1688 - d/control, d/config-dir/mods-available/ssl.conf,
1689 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1690 dialog program ask-for-passphrase.
1691 * Fix cross-building configure line in d/rules, which had bit-rotted in
1692 previous merges.
1693
1694 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 May 2015 16:34:00 +0000
1695
794apache2 (2.4.12-2) unstable; urgency=medium1696apache2 (2.4.12-2) unstable; urgency=medium
7951697
796 [ Jean-Michel Nirgal Vourgère ]1698 [ Jean-Michel Nirgal Vourgère ]
@@ -840,6 +1742,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
8401742
841 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +01001743 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +0100
8421744
1745apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
1746
1747 * Merge from Debian unstable. Remaining changes:
1748 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1749 apache2.dirs}: Add ufw profiles.
1750 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1751 - d/control, d/config-dir/mods-available/ssl.conf,
1752 - Add dep8 tests.
1753 - debian/rules: Fix cross-building by passing
1754 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1755 - debian/patches/086_svn_cross_compiles: Backport several cross
1756 fixes from upstream
1757 - d/index.html: replace Debian with Ubuntu on default page.
1758 - d/p/split-logfile.patch: fix completely broken split-logfile
1759 command.
1760 - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
1761 denial of service in mod_lua via websockets PING
1762 * debian/tests/ssl-passphrase: Add password responder for
1763 systemd-ask-passphrase.
1764
1765 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 09 Mar 2015 12:03:16 +0100
1766
843apache2 (2.4.10-9) unstable; urgency=medium1767apache2 (2.4.10-9) unstable; urgency=medium
8441768
845 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a1769 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -854,6 +1778,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
8541778
855 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +01001779 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +0100
8561780
1781apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
1782
1783 * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
1784 directives
1785 - debian/patches/CVE-2014-8109.patch: handle multiple Require
1786 directives with different arguments in modules/lua/mod_lua.c.
1787 - CVE-2014-8109
1788 * SECURITY UPDATE: denial of service in mod_lua via websockets PING
1789 - debian/patches/CVE-2015-0228.patch: fix logic in
1790 modules/lua/lua_request.c.
1791 - CVE-2015-0228
1792
1793 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Mar 2015 10:56:34 -0500
1794
1795apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
1796
1797 * Allow "triggers-awaited" and "triggers-pending" states in addition to
1798 "installed" when determining whether to defer actions or process
1799 deferred actions (LP: #1393832).
1800
1801 -- Colin Watson <cjwatson@ubuntu.com> Wed, 26 Nov 2014 11:31:44 +0000
1802
1803apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
1804
1805 * Merge from Debian unstable. Remaining changes:
1806 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1807 apache2.dirs}: Add ufw profiles.
1808 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1809 - d/control, d/config-dir/mods-available/ssl.conf,
1810 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1811 dialog program ask-for-passphrase.
1812 - Add dep8 tests.
1813 - debian/rules: Fix cross-building by passing
1814 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1815 - debian/patches/086_svn_cross_compiles: Backport several cross
1816 fixes from upstream
1817 - d/index.html: replace Debian with Ubuntu on default page.
1818 - d/p/split-logfile.patch: fix completely broken split-logfile
1819 command.
1820 * Fixes from Debian included in merge:
1821 - Crash caused by OCSP stapling code; this was erroneously
1822 attributed to Debian in my previous merge, but actually only
1823 appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
1824 * Cherry-pick versioned build-depend on dpkg from Debian for correct
1825 dpkg-maintscript-helper symlink_to_dir support.
1826
1827 -- Robie Basak <robie.basak@ubuntu.com> Fri, 21 Nov 2014 15:15:58 +0000
1828
857apache2 (2.4.10-8) unstable; urgency=medium1829apache2 (2.4.10-8) unstable; urgency=medium
8581830
859 * Bump dpkg Pre-Depends to version that supports relative symlinks in1831 * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -868,6 +1840,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
8681840
869 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +01001841 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +0100
8701842
1843apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
1844
1845 * Merge from Debian unstable. Remaining changes:
1846 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1847 apache2.dirs}: Add ufw profiles.
1848 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1849 - d/control, d/config-dir/mods-available/ssl.conf,
1850 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1851 dialog program ask-for-passphrase.
1852 - Add dep8 tests.
1853 - debian/rules: Fix cross-building by passing
1854 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1855 - debian/patches/086_svn_cross_compiles: Backport several cross
1856 fixes from upstream
1857 - d/index.html: replace Debian with Ubuntu on default page.
1858 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1859 * Fixes from Debian included in merge:
1860 - Don't use a2query in preinst, as it may not be available yet
1861 (LP: #1312533).
1862 - Crash caused by OCSP stapling code (LP: #1366174).
1863 - Disable SSLv3 in default config (LP: #1358305).
1864 - If apache2 is not configured yet, defer actions executed via
1865 apache2-maintscript-helper. This fixes installation failures if a
1866 module package is configured first (LP: #1312854).
1867
1868 -- Robie Basak <robie.basak@ubuntu.com> Mon, 17 Nov 2014 18:04:40 +0000
1869
871apache2 (2.4.10-7) unstable; urgency=medium1870apache2 (2.4.10-7) unstable; urgency=medium
8721871
873 * Handle transitions of doc dirs and symlinks correctly during upgrade.1872 * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -951,6 +1950,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
9511950
952 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +02001951 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +0200
9531952
1953apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
1954
1955 * Merge from Debian unstable. Remaining changes:
1956 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1957 apache2.dirs}: Add ufw profiles.
1958 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1959 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
1960 d/apache2.install: Plymouth aware passphrase dialog program
1961 ask-for-passphrase.
1962 - Add dep8 tests.
1963 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
1964 configure.
1965 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
1966 upstream
1967 - d/index.html: replace Debian with Ubuntu on default page.
1968 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1969
1970 -- Robie Basak <robie.basak@ubuntu.com> Thu, 24 Jul 2014 15:13:16 +0000
1971
954apache2 (2.4.10-1) unstable; urgency=medium1972apache2 (2.4.10-1) unstable; urgency=medium
9551973
956 [ Arno Töll ]1974 [ Arno Töll ]
@@ -998,6 +2016,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
9982016
999 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +02002017 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +0200
10002018
2019apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
2020
2021 * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
2022 yet support building against lua 5.2 (LP: #1323930).
2023
2024 -- Robie Basak <robie.basak@ubuntu.com> Wed, 28 May 2014 08:55:25 +0000
2025
2026apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
2027
2028 * Merge from Debian unstable. Remaining changes:
2029 - debian/{control, apache2.install, apache2-utils.ufw.profile,
2030 apache2.dirs}: Add ufw profiles.
2031 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
2032 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
2033 d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
2034 dialog program ask-for-passphrase.
2035 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
2036 configure.
2037 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
2038 upstream
2039 - Build using lua5.2.
2040 - d/tests/chroot: dep8 test for ChrootDir case.
2041 - d/tests/ssl-passphrase: update for new default path /var/www/html.
2042 - d/tests/duplicate-module-load: check for duplicate module loads.
2043 - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
2044 - d/p/split-logfile.patch: fix completely broken split-logfile command
2045 (LP: #1299162). Thanks to Holger Mauermann.
2046 * Drop changes (upstreamed):
2047 - d/p/ignore-quilt-dir: adjust build system so that it does not use
2048 files find inside the .pc directory. This stops a double module load
2049 causing later havoc, including "ChrootDir" directive failure.
2050 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
2051 in modules/dav/main/util.c.
2052 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
2053 modules/loggers/mod_log_config.c.
2054 * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
2055
2056 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 May 2014 19:30:04 +0000
2057
1001apache2 (2.4.9-1) unstable; urgency=medium2058apache2 (2.4.9-1) unstable; urgency=medium
10022059
1003 * New upstream version.2060 * New upstream version.
@@ -1030,6 +2087,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
10302087
1031 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +01002088 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +0100
10322089
2090apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
2091
2092 * d/p/split-logfile.patch: fix completely broken split-logfile command
2093 (LP: #1299162). Thanks to Holger Mauermann.
2094
2095 -- Robie Basak <robie.basak@ubuntu.com> Thu, 03 Apr 2014 11:21:22 +0000
2096
2097apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
2098
2099 * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
2100 calculation
2101 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
2102 in modules/dav/main/util.c.
2103 - CVE-2013-6438
2104 * SECURITY UPDATE: denial of service via truncated cookie and
2105 mod_log_config
2106 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
2107 modules/loggers/mod_log_config.c.
2108 - CVE-2014-0098
2109
2110 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Mar 2014 08:34:10 -0400
2111
2112apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
2113
2114 * d/index.html: replace Debian with Ubuntu on default page
2115 (LP: #1288690).
2116
2117 -- Robie Basak <robie.basak@ubuntu.com> Wed, 19 Mar 2014 11:04:21 +0000
2118
2119apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
2120
2121 * Merge from Debian unstable. Remaining changes:
2122 - debian/{control, apache2.install, apache2-utils.ufw.profile,
2123 apache2.dirs}: Add ufw profiles.
2124 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
2125 - d/control, d/config-dir/mods-available/ssl.conf,
2126 d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
2127 Plymouth aware passphrase dialog program ask-for-passphrase.
2128 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
2129 to configure.
2130 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
2131 from upstream
2132 - Build using lua5.2.
2133 - d/tests/chroot: dep8 test for ChrootDir case.
2134 - d/p/ignore-quilt-dir: adjust build system so that it does not use
2135 files find inside the .pc directory. This stops a double module load
2136 causing later havoc, including "ChrootDir" directive failure.
2137 * Drop changes:
2138 - debian/{control, rules}: Enable PIE hardening: no longer required;
2139 2.4.7-1 is already hardened.
2140 - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
2141 out of this package.
2142 * d/tests/ssl-passphrase: update for new default path /var/www/html.
2143 * d/tests/duplicate-module-load: check for duplicate module loads.
2144
2145 -- Robie Basak <robie.basak@ubuntu.com> Tue, 14 Jan 2014 17:23:47 +0000
2146
1033apache2 (2.4.7-1) unstable; urgency=low2147apache2 (2.4.7-1) unstable; urgency=low
10342148
1035 New upstream version2149 New upstream version
@@ -1093,6 +2207,53 @@ apache2 (2.4.6-3) unstable; urgency=low
10932207
1094 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +02002208 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +0200
10952209
2210apache2 (2.4.6-2ubuntu4) trusty; urgency=low
2211
2212 * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
2213 that it does not use files find inside the .pc directory. This stops a
2214 double module load causing later havoc, including "ChrootDir" directive
2215 failure (LP: #1251939). Thanks to Stefan Fritsch.
2216 * d/tests/chroot: dep8 test for ChrootDir case.
2217
2218 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 Nov 2013 16:21:51 +0000
2219
2220apache2 (2.4.6-2ubuntu3) trusty; urgency=low
2221
2222 * debian/apache2.install: Correct path for ufw.
2223 (LP: #1252722)
2224
2225 -- Chuck Short <zulcss@ubuntu.com> Tue, 19 Nov 2013 08:59:54 -0500
2226
2227apache2 (2.4.6-2ubuntu2) saucy; urgency=low
2228
2229 * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
2230 passphrase prompting for SSL certificates that are passphrase protected.
2231 * Add dep8 test for SSL passphrase prompting.
2232
2233 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 Aug 2013 13:08:52 +0000
2234
2235apache2 (2.4.6-2ubuntu1) saucy; urgency=low
2236
2237 * Merge from Debian unstable. Remaining changes:
2238 - debian/{control, rules}: Enable PIE hardening.
2239 - debian/{control, apache2.install, apache2-utils.ufw.profile,
2240 apache2.dirs}: Add ufw profiles.
2241 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
2242 - debian/control, debian/config-dir/mods-available/ssl.conf,
2243 debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
2244 passphrase dialog program ask-for-passphrase.
2245 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
2246 to configure.
2247 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
2248 from upstream
2249 * Dropped changes:
2250 - debian/patches/CVE-2013-1896.patch: upstream
2251 * Fixed module dependencies (LP: #1205314)
2252 - debian/config-dir/mods-available/lbmethod_*: properly specify
2253 proxy_balancer, not mod_proxy_balancer.
2254
2255 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2013 08:31:33 -0400
2256
1096apache2 (2.4.6-2) unstable; urgency=low2257apache2 (2.4.6-2) unstable; urgency=low
10972258
1098 [ Stefan Fritsch ]2259 [ Stefan Fritsch ]
@@ -1145,6 +2306,56 @@ apache2 (2.4.6-1) unstable; urgency=low
11452306
1146 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +02002307 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +0200
11472308
2309apache2 (2.4.4-6ubuntu5) saucy; urgency=low
2310
2311 * SECURITY UPDATE: denial of service via MERGE request
2312 - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
2313 in modules/dav/main/mod_dav.c.
2314 - CVE-2013-1896
2315
2316 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Jul 2013 11:20:47 -0400
2317
2318apache2 (2.4.4-6ubuntu4) saucy; urgency=low
2319
2320 * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
2321 apache2-bin. apache2-utils is only suggested by apache2, so may not
2322 always be installed by bug reporters. However, apache2-bin will always
2323 need to be installed for Apache to be functional, so this is a better
2324 place for the apport hook. apache2-bin already Conflicts/Replaces
2325 apache2.2-common, so this also fixes (LP: #1199318).
2326 * d/apache2.py: adjust apport hook for new location of configuration
2327 files in apache2 >= 2.4: they have moved from apache2.2-common to
2328 apache2.
2329
2330 -- Robie Basak <robie.basak@ubuntu.com> Wed, 17 Jul 2013 17:54:22 +0000
2331
2332apache2 (2.4.4-6ubuntu3) saucy; urgency=low
2333
2334 * Build using lua5.2.
2335
2336 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2013 14:24:42 +0200
2337
2338apache2 (2.4.4-6ubuntu2) saucy; urgency=low
2339
2340 * debian/rules: Fix FTBFS while installing ufw.
2341
2342 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 10:10:14 -0500
2343
2344apache2 (2.4.4-6ubuntu1) saucy; urgency=low
2345
2346 * Merge from Debian unstable. Remaining changes:
2347 - debian/{control, rules}: Enable PIE hardening.
2348 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2349 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2350 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2351 Plymouth aware passphrase dialog program ask-for-passphrase.
2352 * Dropped changes:
2353 - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
2354 - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
2355 - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
2356
2357 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 08:34:01 -0500
2358
1148apache2 (2.4.4-6) unstable; urgency=low2359apache2 (2.4.4-6) unstable; urgency=low
11492360
1150 * Denote exact versions breaking gnome-user-share now that Gnome maintainers2361 * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1616,6 +2827,122 @@ apache2 (2.4.1-1) experimental; urgency=low
16162827
1617 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +01002828 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +0100
16182829
2830apache2 (2.2.22-6ubuntu5) raring; urgency=low
2831
2832 * SECURITY UPDATE: multiple cross-site scripting issues
2833 - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
2834 modules/generators/{mod_info.c,mod_status.c},
2835 modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
2836 modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
2837 - CVE-2012-3499
2838 - CVE-2012-4558
2839 * SECURITY UPDATE: symlink attack in apache2ctl script
2840 - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
2841 - Thanks to Stefan Fritsch for the fix.
2842 - CVE-2013-1048
2843
2844 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Mar 2013 07:59:58 -0400
2845
2846apache2 (2.2.22-6ubuntu4) raring; urgency=low
2847
2848 * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
2849 * Skip module sanity check between MPMs if cross-building without the
2850 kernel/binfmt support to run our target binaries on the build system.
2851 * Backport several cross fixes from upstream as 086_svn_cross_compiles.
2852
2853 -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Dec 2012 02:21:46 -0700
2854
2855apache2 (2.2.22-6ubuntu3) raring; urgency=low
2856
2857 * SECURITY UPDATE: XSS vulnerability in mod_negotiation
2858 - debian/patches/CVE-2012-2687.patch: escape filenames in
2859 modules/mappers/mod_negotiation.c.
2860 - CVE-2012-2687
2861 * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
2862 - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
2863 directive. Defaults to off as enabling compression enables the CRIME
2864 attack.
2865 - CVE-2012-4929
2866
2867 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Nov 2012 17:56:24 -0500
2868
2869apache2 (2.2.22-6ubuntu2) quantal; urgency=low
2870
2871 * debian/apache2.py
2872 - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
2873 - Check if this directory exists: /etc/apache2/sites-enabled/
2874
2875 -- Matthieu Baerts (matttbe) <matttbe@gmail.com> Mon, 16 Jul 2012 10:02:18 +0200
2876
2877apache2 (2.2.22-6ubuntu1) quantal; urgency=low
2878
2879 * Merge from Debian unstable. Remaining changes:
2880 - debian/{control, rules}: Enable PIE hardening.
2881 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2882 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2883 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2884 Plymouth aware passphrase dialog program ask-for-passphrase.
2885 * Dropped changes:
2886 - debian/control: Add bzr tag and point it to our tree; this is not
2887 really required and just increases the delta.
2888
2889 -- Robie Basak <robie.basak@ubuntu.com> Fri, 08 Jun 2012 11:37:31 +0100
2890
2891apache2 (2.2.22-6) unstable; urgency=low
2892
2893 [ Stefan Fritsch ]
2894 * Fix regression causing apache2 to cache "206 partial content" responses,
2895 and then serving these partial responses when replying to normal requests.
2896 Closes: #671204
2897 * Add section to security.conf that shows how to forbid access to VCS
2898 directories. Closes: #548213
2899 * Update ssl default cipher config, add alternative speed optimized config.
2900 Closes: #649020
2901 * Add "AddCharset" for .brf files in default mod_mime config.
2902 Closes: #402567
2903 * Don't create httpd.conf anymore and don't include it in apache2.conf. If
2904 it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
2905 * Port some of the comments in apache2.conf from the 2.4 package.
2906 * Compile mod_version statically, drop associated module load file.
2907 * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
2908 configtest.
2909 * Note in README.Debian that future versions of the package will have the
2910 include statements changed to include only *.conf.
2911 * Change compiled-in document root to /var/www, to avoid strange error
2912 messages.
2913 * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
2914
2915 [ Arno Töll ]
2916 * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
2917 to override LDFLAGS at compile time by defining LDLAGS in the environment,
2918 just like it is possible for CFLAGS. This also means, config_vars.mk now
2919 exports hardening build flags by default.
2920 * Update doc-base metadata for the apache2-doc package.
2921
2922 -- Stefan Fritsch <sf@debian.org> Tue, 29 May 2012 22:05:48 +0200
2923
2924apache2 (2.2.22-5) unstable; urgency=low
2925
2926 * Make LoadFile and LoadModule look in the standard search paths if the
2927 dso file name is given as a pure filename. This helps with the multi-arch
2928 transition.
2929
2930 -- Stefan Fritsch <sf@debian.org> Mon, 30 Apr 2012 23:38:33 +0200
2931
2932apache2 (2.2.22-4) unstable; urgency=high
2933
2934 * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
2935 hosts' config files.
2936 If scripting modules like mod_php or mod_rivet are enabled on systems
2937 where either 1) some frontend server forwards connections to an apache2
2938 backend server on the localhost address, or 2) the machine running
2939 apache2 is also used for web browsing, this could allow a remote
2940 attacker to execute example scripts stored under /usr/share/doc.
2941 Depending on the installed packages, this could lead to issues like cross
2942 site scripting, code execution, or leakage of sensitive data.
2943
2944 -- Stefan Fritsch <sf@debian.org> Sun, 15 Apr 2012 23:41:43 +0200
2945
1619apache2 (2.2.22-3) unstable; urgency=low2946apache2 (2.2.22-3) unstable; urgency=low
16202947
1621 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':2948 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1636,6 +2963,18 @@ apache2 (2.2.22-2) unstable; urgency=low
16362963
1637 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +01002964 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +0100
16382965
2966apache2 (2.2.22-1ubuntu1) precise; urgency=low
2967
2968 * Merge from Debian testing. Remaining changes:
2969 - debian/{control, rules}: Enable PIE hardening.
2970 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2971 - debian/control: Add bzr tag and point it to our tree
2972 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2973 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2974 Plymouth aware passphrase dialog program ask-for-passphrase.
2975
2976 -- Chuck Short <zulcss@ubuntu.com> Sun, 12 Feb 2012 20:06:35 -0500
2977
1639apache2 (2.2.22-1) unstable; urgency=low2978apache2 (2.2.22-1) unstable; urgency=low
16402979
1641 [ Stefan Fritsch ]2980 [ Stefan Fritsch ]
@@ -1653,6 +2992,18 @@ apache2 (2.2.22-1) unstable; urgency=low
16532992
1654 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +01002993 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +0100
16552994
2995apache2 (2.2.21-5ubuntu1) precise; urgency=low
2996
2997 * Merge from Debian testing. Remaining changes:
2998 - debian/{control, rules}: Enable PIE hardening.
2999 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3000 - debian/control: Add bzr tag and point it to our tree
3001 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3002 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3003 Plymouth aware passphrase dialog program ask-for-passphrase.
3004
3005 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jan 2012 06:26:31 +0000
3006
1656apache2 (2.2.21-5) unstable; urgency=low3007apache2 (2.2.21-5) unstable; urgency=low
16573008
1658 [ Arno Töll ]3009 [ Arno Töll ]
@@ -1706,6 +3057,26 @@ apache2 (2.2.21-4) unstable; urgency=low
17063057
1707 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +01003058 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +0100
17083059
3060apache2 (2.2.21-3ubuntu2) precise; urgency=low
3061
3062 * d/ask-for-passphrase: Flip the logic of this script so that it checks
3063 first to see if apache is being started from a TTY, and then if not,
3064 tries plymouth. (LP: #887410)
3065
3066 -- Clint Byrum <clint@ubuntu.com> Tue, 06 Dec 2011 16:49:33 -0800
3067
3068apache2 (2.2.21-3ubuntu1) precise; urgency=low
3069
3070 * Merge from Debian testing. Remaining changes:
3071 - debian/{control, rules}: Enable PIE hardening.
3072 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3073 - debian/control: Add bzr tag and point it to our tree
3074 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3075 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3076 Plymouth aware passphrase dialog program ask-for-passphrase.
3077
3078 -- Chuck Short <zulcss@ubuntu.com> Fri, 09 Dec 2011 05:20:43 +0000
3079
1709apache2 (2.2.21-3) unstable; urgency=medium3080apache2 (2.2.21-3) unstable; urgency=medium
17103081
1711 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some3082 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1720,6 +3091,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
17203091
1721 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +01003092 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +0100
17223093
3094apache2 (2.2.21-2ubuntu2) precise; urgency=low
3095
3096 * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
3097
3098 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Dec 2011 17:36:28 -0700
3099
3100apache2 (2.2.21-2ubuntu1) precise; urgency=low
3101
3102 * Merge from debian unstable. Remaining changes:
3103 - debian/{control, rules}: Enable PIE hardening.
3104 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3105 - debian/control: Add bzr tag and point it to our tree
3106 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3107 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3108 Plymouth aware passphrase dialog program ask-for-passphrase.
3109
3110 -- Chuck Short <zulcss@ubuntu.com> Fri, 14 Oct 2011 16:01:29 +0000
3111
1723apache2 (2.2.21-2) unstable; urgency=high3112apache2 (2.2.21-2) unstable; urgency=high
17243113
1725 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some3114 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1737,6 +3126,19 @@ apache2 (2.2.21-1) unstable; urgency=low
17373126
1738 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +02003127 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +0200
17393128
3129apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
3130
3131 * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
3132 Remaining changes:
3133 - debian/{control, rules}: Enable PIE hardening.
3134 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3135 - debian/control: Add bzr tag and point it to our tree
3136 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3137 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3138 Plymouth aware passphrase dialog program ask-for-passphrase.
3139
3140 -- Steve Beattie <sbeattie@ubuntu.com> Tue, 06 Sep 2011 01:17:15 -0700
3141
1740apache2 (2.2.20-1) unstable; urgency=low3142apache2 (2.2.20-1) unstable; urgency=low
17413143
1742 * New upstream release.3144 * New upstream release.
@@ -1759,6 +3161,18 @@ apache2 (2.2.19-2) unstable; urgency=high
17593161
1760 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +02003162 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +0200
17613163
3164apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
3165
3166 * Merge from debian unstable (LP: #787013). Remaining changes:
3167 - debian/{control, rules}: Enable PIE hardening.
3168 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3169 - debian/control: Add bzr tag and point it to our tree
3170 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
3171 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3172 Plymouth aware passphrase dialog program ask-for-passphrase.
3173
3174 -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 23 May 2011 10:16:09 -0400
3175
1762apache2 (2.2.19-1) unstable; urgency=low3176apache2 (2.2.19-1) unstable; urgency=low
17633177
1764 * New upstream release.3178 * New upstream release.
@@ -1776,6 +3190,18 @@ apache2 (2.2.19-1) unstable; urgency=low
17763190
1777 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +02003191 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +0200
17783192
3193apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
3194
3195 * Merge from debian unstable. Remaining changes:
3196 - debian/{control, rules}: Enable PIE hardening.
3197 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3198 - debian/control: Add bzr tag and point it to our tree
3199 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3200 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3201 Plymouth aware passphrase dialog program ask-for-passphrase.
3202
3203 -- Chuck Short <zulcss@ubuntu.com> Mon, 11 Apr 2011 02:13:30 +0100
3204
1779apache2 (2.2.17-3) unstable; urgency=low3205apache2 (2.2.17-3) unstable; urgency=low
17803206
1781 * Fix compilation with OpenSSL without SSLv2 support. Closes: #6220493207 * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1802,6 +3228,18 @@ apache2 (2.2.17-2) unstable; urgency=high
18023228
1803 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +01003229 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +0100
18043230
3231apache2 (2.2.17-1ubuntu1) natty; urgency=low
3232
3233 * Merge from debian unstable, remaining changes:
3234 - debian/{control, rules}: Enable PIE hardening.
3235 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3236 - debian/control: Add bzr tag and point it to our tree
3237 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3238 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3239 Plymouth aware passphrase dialog program ask-for-passphrase.
3240
3241 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Feb 2011 13:02:08 -0500
3242
1805apache2 (2.2.17-1) unstable; urgency=low3243apache2 (2.2.17-1) unstable; urgency=low
18063244
1807 * New upstream version3245 * New upstream version
@@ -1810,6 +3248,32 @@ apache2 (2.2.17-1) unstable; urgency=low
18103248
1811 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +01003249 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +0100
18123250
3251apache2 (2.2.16-6ubuntu3) natty; urgency=low
3252
3253 * debian/rules: Don't use "-fno-strict-aliasing" since it causes
3254 apache FTBFS on amd64. (LP: #711293)
3255
3256 -- Chuck Short <zulcss@ubuntu.com> Tue, 01 Feb 2011 10:19:55 -0500
3257
3258apache2 (2.2.16-6ubuntu2) natty; urgency=low
3259
3260 * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
3261 (LP: #697105)
3262
3263 -- Chuck Short <zulcss@ubuntu.com> Tue, 25 Jan 2011 11:14:58 -0500
3264
3265apache2 (2.2.16-6ubuntu1) natty; urgency=low
3266
3267 * Merge from debian unstable. Remaining changes:
3268 - debian/{control, rules}: Enable PIE hardening.
3269 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3270 - debian/control: Add bzr tag and point it to our tree
3271 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3272 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3273 Plymouth aware passphrase dialog program ask-for-passphrase.
3274
3275 -- Chuck Short <zulcss@ubuntu.com> Sun, 02 Jan 2011 06:05:51 +0000
3276
1813apache2 (2.2.16-6) unstable; urgency=low3277apache2 (2.2.16-6) unstable; urgency=low
18143278
1815 * Also add $named to the secondary-init-script example.3279 * Also add $named to the secondary-init-script example.
@@ -1825,6 +3289,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
18253289
1826 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +01003290 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +0100
18273291
3292apache2 (2.2.16-4ubuntu2) natty; urgency=low
3293
3294 [Clint Byrum]
3295 * Adding plymouth aware passphrase dialog program ask-for-passphrase.
3296 (LP: #582963)
3297 + debian/control: apache2.2-common depends on bash for ask-for-passphrase
3298 + debian/config-dir/mods-available/ssl.conf:
3299 - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
3300
3301 [Chuck Short]
3302 * Add apport hook. (LP: #609177)
3303 + debian/apache2.py, debian/apache2.2-common.install
3304
3305 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:43 -0500
3306
3307apache2 (2.2.16-4ubuntu1) natty; urgency=low
3308
3309 * Merge from debian unstable. Remaining changes:
3310 - debian/{control, rules}: Enable PIE hardening.
3311 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3312 - debian/control: Add bzr tag and point it to our tree
3313
3314 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:41 -0500
3315
1828apache2 (2.2.16-4) unstable; urgency=medium3316apache2 (2.2.16-4) unstable; urgency=medium
18293317
1830 * Increase the mod_reqtimeout default timeouts to avoid potential problems3318 * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1835,6 +3323,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
18353323
1836 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +01003324 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +0100
18373325
3326apache2 (2.2.16-3ubuntu1) natty; urgency=low
3327
3328 * Merge from debian unstable. Remaining changes:
3329 - debian/{control, rules}: Enable PIE hardening.
3330 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3331 - debian/control: Add bzr tag and point it to our tree.
3332
3333 -- Chuck Short <zulcss@ubuntu.com> Tue, 12 Oct 2010 11:54:48 +0100
3334
1838apache2 (2.2.16-3) unstable; urgency=high3335apache2 (2.2.16-3) unstable; urgency=high
18393336
1840 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.3337 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1857,6 +3354,30 @@ apache2 (2.2.16-2) unstable; urgency=low
18573354
1858 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +02003355 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +0200
18593356
3357apache2 (2.2.16-1ubuntu3) maverick; urgency=low
3358
3359 * Revert "stty sane" to unbreak apache starting, this will have to be
3360 fixed a different way. (LP: #626723)
3361
3362 -- Chuck Short <zulcss@ubuntu.com> Wed, 08 Sep 2010 08:33:17 -0400
3363
3364apache2 (2.2.16-1ubuntu2) maverick; urgency=low
3365
3366 * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
3367 password prompt when using apache-ssl. (LP: #582963)
3368
3369 -- Chuck Short <zulcss@ubuntu.com> Wed, 25 Aug 2010 09:25:05 -0400
3370
3371apache2 (2.2.16-1ubuntu1) maverick; urgency=low
3372
3373 * Merge from debian unstable. Remaining changes:
3374 - debian/{control, rules}: Enable PIE hardening.
3375 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3376 - debian/control: Add bzr tag and point it to our tree.
3377 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3378
3379 -- Chuck Short <zulcss@ubuntu.com> Mon, 26 Jul 2010 20:21:37 +0100
3380
1860apache2 (2.2.16-1) unstable; urgency=medium3381apache2 (2.2.16-1) unstable; urgency=medium
18613382
1862 * Urgency medium for security fix.3383 * Urgency medium for security fix.
@@ -1889,6 +3410,24 @@ apache2 (2.2.15-6) unstable; urgency=low
18893410
1890 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +02003411 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +0200
18913412
3413apache2 (2.2.15-5ubuntu1) maverick; urgency=low
3414
3415 * Merge from debian unstable. Remaining changes:
3416 - debian/{control, rules}: Enable PIE hardening.
3417 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3418 - debian/control: Add bzr tag and point it to our tree.
3419 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3420 + Dropped:
3421 - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
3422 - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
3423 - debian/config-dir/apache2.conf: Merged back from debian.
3424 - mod-reqtimeout functionality: Merge back from debian.
3425 - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
3426 - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
3427 - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
3428
3429 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 01:28:04 +0100
3430
1892apache2 (2.2.15-5) unstable; urgency=low3431apache2 (2.2.15-5) unstable; urgency=low
18933432
1894 * Conflict with apache package as we now include apachectl. Closes: #5790653433 * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -2009,6 +3548,80 @@ apache2 (2.2.14-6) unstable; urgency=low
20093548
2010 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +01003549 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +0100
20113550
3551apache2 (2.2.14-5ubuntu8) lucid; urgency=low
3552
3553 * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
3554 (LP: #562370)
3555
3556 -- Chuck Short <zulcss@ubuntu.com> Tue, 13 Apr 2010 15:09:57 -0400
3557
3558apache2 (2.2.14-5ubuntu7) lucid; urgency=low
3559
3560 * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
3561 leaks by making sure to not destroy bucket brigades that have been created
3562 by earlier filters. Backported from 2.2.15.
3563 * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
3564 has reached MaxClients until it has. Backported from 2.2.15
3565 * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
3566 more secure by adding Satisfy all. (Debian bug: #572075)
3567 * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
3568 debian/config2-dir/mods-available/reqtimeout.load,
3569 debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
3570 mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
3571 bug in apache. Enable it by default. (LP: #392759)
3572
3573 -- Chuck Short <zulcss@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400
3574
3575apache2 (2.2.14-5ubuntu6) lucid; urgency=low
3576
3577 * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
3578
3579 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 09:41:11 -0400
3580
3581apache2 (2.2.14-5ubuntu5) lucid; urgency=low
3582
3583 * Revert 99-fix-mod-dav-permissions.dpatch
3584
3585 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 07:55:46 -0400
3586
3587apache2 (2.2.14-5ubuntu4) lucid; urgency=low
3588
3589 * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
3590 downloading files from webdav (LP: #540747)
3591 * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
3592
3593 -- Chuck Short <zulcss@ubuntu.com> Mon, 29 Mar 2010 13:37:39 -0400
3594
3595apache2 (2.2.14-5ubuntu3) lucid; urgency=low
3596
3597 * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
3598 - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
3599 in modules/proxy/mod_proxy_ajp.c.
3600 - CVE-2010-0408
3601 * SECURITY UPDATE: information disclosure via improper handling of
3602 headers in subrequests
3603 - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
3604 in server/protocol.c.
3605 - CVE-2010-0434
3606
3607 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Mar 2010 14:48:48 -0500
3608
3609apache2 (2.2.14-5ubuntu2) lucid; urgency=low
3610
3611 * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
3612 wacky options. (LP: #450501)
3613
3614 -- Chuck Short <zulcss@ubuntu.com> Mon, 08 Mar 2010 14:53:17 -0500
3615
3616apache2 (2.2.14-5ubuntu1) lucid; urgency=low
3617
3618 * Merge from debian testing. Remaining changes: LP: #506862
3619 - debian/{control, rules}: Enable PIE hardening.
3620 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3621 - debian/control: Add bzr tag and point it to our tree.
3622
3623 -- Bhavani Shankar <right2bhavi@gmail.com> Wed, 13 Jan 2010 14:28:41 +0530
3624
2012apache2 (2.2.14-5) unstable; urgency=low3625apache2 (2.2.14-5) unstable; urgency=low
20133626
2014 * Security: Further mitigation for the TLS renegotation attack3627 * Security: Further mitigation for the TLS renegotation attack
@@ -2032,6 +3645,15 @@ apache2 (2.2.14-5) unstable; urgency=low
20323645
2033 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +01003646 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +0100
20343647
3648apache2 (2.2.14-4ubuntu1) lucid; urgency=low
3649
3650 * Resynchronzie with Debian, remaining changes are:
3651 - debian/{control, rules}: Enable PIE hardening.
3652 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3653 - debian/control: Add bzr tag and point it to our tree.
3654
3655 -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Dec 2009 14:44:51 -0500
3656
2035apache2 (2.2.14-4) unstable; urgency=low3657apache2 (2.2.14-4) unstable; urgency=low
20363658
2037 * Disable localized error pages again by default because they break3659 * Disable localized error pages again by default because they break
@@ -2082,6 +3704,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
20823704
2083 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +01003705 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +0100
20843706
3707apache2 (2.2.14-1ubuntu1) lucid; urgency=low
3708
3709 * Merge from debian testing, remaining changes:
3710 - debian/{control, rules}: Enable PIE hardening.
3711 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3712 - debian/conrol: Add bzr tag and point it to our tree.
3713 - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3714 Already applied upstream.
3715
3716 -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 00:29:03 +0000
3717
2085apache2 (2.2.14-1) unstable; urgency=low3718apache2 (2.2.14-1) unstable; urgency=low
20863719
2087 * New upstream version:3720 * New upstream version:
@@ -2116,6 +3749,24 @@ apache2 (2.2.13-1) unstable; urgency=low
21163749
2117 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +02003750 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +0200
21183751
3752apache2 (2.2.12-1ubuntu2) karmic; urgency=low
3753
3754 * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3755 - Fix potential segfaults with the use of the legacy ap_rputs() etc
3756 interfaces, in cases where an output filter fails. This happens
3757 frequently after CVE-2009-1891 got fixed. (LP: #409987)
3758
3759 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Aug 2009 15:38:47 -0400
3760
3761apache2 (2.2.12-1ubuntu1) karmic; urgency=low
3762
3763 * Merge from debian unstable, remaining changes:
3764 - debian/{control,rules}: enable PIE hardening.
3765 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3766 - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
3767
3768 -- Chuck Short <zulcss@ubuntu.com> Tue, 04 Aug 2009 20:04:24 +0100
3769
2119apache2 (2.2.12-1) unstable; urgency=low3770apache2 (2.2.12-1) unstable; urgency=low
21203771
2121 * New upstream release:3772 * New upstream release:
@@ -2163,6 +3814,16 @@ apache2 (2.2.12-1) unstable; urgency=low
21633814
2164 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +02003815 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +0200
21653816
3817apache2 (2.2.11-7ubuntu1) karmic; urgency=low
3818
3819 * Merge from debian unstable, remaining changes: LP: #398130
3820 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3821 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3822 - debian/{control,rules}: enable PIE hardening.
3823 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3824
3825 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 11 Jul 2009 16:34:32 +0530
3826
2166apache2 (2.2.11-7) unstable; urgency=low3827apache2 (2.2.11-7) unstable; urgency=low
21673828
2168 * Security fixes:3829 * Security fixes:
@@ -2177,6 +3838,16 @@ apache2 (2.2.11-7) unstable; urgency=low
21773838
2178 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +02003839 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +0200
21793840
3841apache2 (2.2.11-6ubuntu1) karmic; urgency=low
3842
3843 * Merge from debian unstable, remaining changes:
3844 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3845 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3846 - debian/{control,rules}: enable PIE hardening.
3847 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3848
3849 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Jun 2009 01:01:23 +0100
3850
2180apache2 (2.2.11-6) unstable; urgency=high3851apache2 (2.2.11-6) unstable; urgency=high
21813852
2182 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server3853 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2185,6 +3856,16 @@ apache2 (2.2.11-6) unstable; urgency=high
21853856
2186 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +02003857 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +0200
21873858
3859apache2 (2.2.11-5ubuntu1) karmic; urgency=low
3860
3861 * Merge from debian unstable, remaining changes:
3862 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3863 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3864 - debian/{control,rules}: enable PIE hardening.
3865 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3866
3867 -- Andrew Mitchell <ajmitch@ubuntu.com> Wed, 03 Jun 2009 14:10:54 +1200
3868
2188apache2 (2.2.11-5) unstable; urgency=low3869apache2 (2.2.11-5) unstable; urgency=low
21893870
2190 * Move all binaries into a new package apache2.2-bin and make3871 * Move all binaries into a new package apache2.2-bin and make
@@ -2233,6 +3914,16 @@ apache2 (2.2.11-4) unstable; urgency=low
22333914
2234 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +02003915 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +0200
22353916
3917apache2 (2.2.11-3ubuntu1) karmic; urgency=low
3918
3919 * Merge from debian unstable, remaining changes:
3920 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3921 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3922 - debian/{control,rules}: enable PIE hardening.
3923 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3924
3925 -- Andrew Mitchell <ajmitch@ubuntu.com> Tue, 12 May 2009 16:15:34 +1200
3926
2236apache2 (2.2.11-3) unstable; urgency=low3927apache2 (2.2.11-3) unstable; urgency=low
22373928
2238 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap3929 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2241,6 +3932,21 @@ apache2 (2.2.11-3) unstable; urgency=low
22413932
2242 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +02003933 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +0200
22433934
3935apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
3936
3937 * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3938 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3939
3940 -- Chuck Short <zulcss@ubuntu.com> Wed, 01 Apr 2009 11:39:17 -0400
3941
3942apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
3943
3944 * Merge from debian unstable, remaining changes:
3945 - debian/{contro,rules}: enable PIE hardening.
3946 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3947
3948 -- Chuck Short <zulcss@ubuntu.com> Sat, 17 Jan 2009 00:02:55 +0000
3949
2244apache2 (2.2.11-2) unstable; urgency=low3950apache2 (2.2.11-2) unstable; urgency=low
22453951
2246 * Report an error instead instead of segfaulting when apr_pollset_create3952 * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2250,6 +3956,14 @@ apache2 (2.2.11-2) unstable; urgency=low
22503956
2251 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +01003957 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +0100
22523958
3959apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
3960
3961 * Merge from debian unstable, remaining changes:
3962 - debian/{control, rules}: enable PIE hardening.
3963 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3964
3965 -- Chuck Short <zulcss@ubuntu.com> Mon, 15 Dec 2008 00:06:50 +0000
3966
2253apache2 (2.2.11-1) unstable; urgency=low3967apache2 (2.2.11-1) unstable; urgency=low
22543968
2255 [Thom May]3969 [Thom May]
@@ -2264,6 +3978,14 @@ apache2 (2.2.11-1) unstable; urgency=low
22643978
2265 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +01003979 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +0100
22663980
3981apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
3982
3983 * Merge from debian unstable, remaining changes: (LP: #303375)
3984 - debian/{control, rules}: enable PIE hardening.
3985 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3986
3987 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 29 Nov 2008 14:02:31 +0530
3988
2267apache2 (2.2.9-11) unstable; urgency=low3989apache2 (2.2.9-11) unstable; urgency=low
22683990
2269 * Regression fix from upstream svn for mod_proxy:3991 * Regression fix from upstream svn for mod_proxy:
@@ -2278,6 +4000,14 @@ apache2 (2.2.9-11) unstable; urgency=low
22784000
2279 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +01004001 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +0100
22804002
4003apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
4004
4005 * Merge from debian unstable, remaining changes:
4006 - debian/{control, rules}: enable PIE hardening.
4007 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
4008
4009 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 Nov 2008 02:23:18 -0400
4010
2281apache2 (2.2.9-10) unstable; urgency=low4011apache2 (2.2.9-10) unstable; urgency=low
22824012
2283 * Regression fix from upstream svn for mod_proxy_http:4013 * Regression fix from upstream svn for mod_proxy_http:
@@ -2308,6 +4038,27 @@ apache2 (2.2.9-8) unstable; urgency=low
23084038
2309 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +02004039 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +0200
23104040
4041apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
4042
4043 * Revert logrotate change since it will break it for everyone.
4044
4045 -- Chuck Short <zulcss@ubuntu.com> Fri, 19 Sep 2008 09:32:01 -0400
4046
4047apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
4048
4049 * debian/logrotate: Restart rather than reload for busy websites.
4050 (LP: #270899)
4051
4052 -- Chuck Short <zulcss@ubuntu.com> Thu, 18 Sep 2008 08:42:22 -0400
4053
4054apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
4055
4056 * Merge from debian unstable, remaining changes:
4057 - debian/{control,rules}: enable PIE hardening.
4058 - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
4059
4060 -- Kees Cook <kees@ubuntu.com> Thu, 28 Aug 2008 08:10:59 -0700
4061
2311apache2 (2.2.9-7) unstable; urgency=low4062apache2 (2.2.9-7) unstable; urgency=low
23124063
2313 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).4064 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2350,6 +4101,23 @@ apache2 (2.2.9-4) unstable; urgency=low
23504101
2351 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +02004102 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +0200
23524103
4104apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
4105
4106 * add ufw integration (see
4107 https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
4108 (LP: #261198)
4109 - debian/control: suggest ufw for apache2.2-common
4110 - add apache2.2-common.ufw.profile with 3 profiles and install it to
4111 /etc/ufw/applications.d/apache2.2-common
4112
4113 -- Didier Roche <didrocks@ubuntu-fr.org> Tue, 26 Aug 2008 19:03:42 +0200
4114
4115apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
4116
4117 * debian/{control,rules}: enable PIE hardening
4118
4119 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:45:00 -0700
4120
2353apache2 (2.2.9-3) unstable; urgency=low4121apache2 (2.2.9-3) unstable; urgency=low
23544122
2355 [ Stefan Fritsch ]4123 [ Stefan Fritsch ]
@@ -3920,9 +5688,7 @@ apache2 (2.0.37-1) unstable; urgency=low
3920 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +01005688 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +0100
39215689
3922apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low5690apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
3923
3924 * New upstream release5691 * New upstream release
3925
3926 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +01005692 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +0100
39275693
3928apache2 (2.0.36-2) unstable; urgency=low5694apache2 (2.0.36-2) unstable; urgency=low
@@ -4430,3 +6196,4 @@ apache2 (2.0.18-1) unstable; urgency=low
4430 * Initial Release.6196 * Initial Release.
44316197
4432 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +10006198 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +1000
6199
diff --git a/debian/control b/debian/control
index ac67128..c12b174 100644
--- a/debian/control
+++ b/debian/control
@@ -1,5 +1,6 @@
1Source: apache21Source: apache2
2Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>2Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
3Uploaders: Stefan Fritsch <sf@debian.org>,4Uploaders: Stefan Fritsch <sf@debian.org>,
4 Arno Töll <arno@debian.org>,5 Arno Töll <arno@debian.org>,
5 Ondřej Surý <ondrej@debian.org>,6 Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
44Recommends: ssl-cert45Recommends: ssl-cert
45Suggests: apache2-doc,46Suggests: apache2-doc,
46 apache2-suexec-pristine | apache2-suexec-custom,47 apache2-suexec-pristine | apache2-suexec-custom,
47 www-browser48 www-browser,
49 ufw
48Pre-Depends: dpkg (>= 1.17.14),50Pre-Depends: dpkg (>= 1.17.14),
49 ${misc:Pre-Depends}51 ${misc:Pre-Depends}
50Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)52Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
51new file mode 10064453new file mode 100644
index 0000000..4db2fa1
52Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ54Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
diff --git a/debian/index.html b/debian/index.html
index 766401d..96ed444 100644
--- a/debian/index.html
+++ b/debian/index.html
@@ -1,9 +1,14 @@
11
2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml">3<html xmlns="http://www.w3.org/1999/xhtml">
4 <!--
5 Modified from the Debian original for Ubuntu
6 Last updated: 2016-11-16
7 See: https://launchpad.net/bugs/1288690
8 -->
4 <head>9 <head>
5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />10 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6 <title>Apache2 Debian Default Page: It works</title>11 <title>Apache2 Ubuntu Default Page: It works</title>
7 <style type="text/css" media="screen">12 <style type="text/css" media="screen">
8 * {13 * {
9 margin: 0px 0px 0px 0px;14 margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
188 <body>193 <body>
189 <div class="main_page">194 <div class="main_page">
190 <div class="page_header floating_element">195 <div class="page_header floating_element">
191 <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>196 <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
192 <span class="floating_element">197 <span class="floating_element">
193 Apache2 Debian Default Page198 Apache2 Ubuntu Default Page
194 </span>199 </span>
195 </div>200 </div>
196<!-- <div class="table_of_contents floating_element">201<!-- <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
221 <div class="content_section_text">226 <div class="content_section_text">
222 <p>227 <p>
223 This is the default welcome page used to test the correct 228 This is the default welcome page used to test the correct
224 operation of the Apache2 server after installation on Debian systems.229 operation of the Apache2 server after installation on Ubuntu systems.
230 It is based on the equivalent page on Debian, from which the Ubuntu Apache
231 packaging is derived.
225 If you can read this page, it means that the Apache HTTP server installed at232 If you can read this page, it means that the Apache HTTP server installed at
226 this site is working properly. You should <b>replace this file</b> (located at233 this site is working properly. You should <b>replace this file</b> (located at
227 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.234 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
242 </div>249 </div>
243 <div class="content_section_text">250 <div class="content_section_text">
244 <p>251 <p>
245 Debian's Apache2 default configuration is different from the252 Ubuntu's Apache2 default configuration is different from the
246 upstream default configuration, and split into several files optimized for253 upstream default configuration, and split into several files optimized for
247 interaction with Debian tools. The configuration system is254 interaction with Ubuntu tools. The configuration system is
248 <b>fully documented in255 <b>fully documented in
249 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full256 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
250 documentation. Documentation for the web server itself can be257 documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
253260
254 </p>261 </p>
255 <p>262 <p>
256 The configuration layout for an Apache2 web server installation on Debian systems is as follows:263 The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
257 </p>264 </p>
258 <pre>265 <pre>
259/etc/apache2/266/etc/apache2/
@@ -324,7 +331,7 @@
324331
325 <div class="content_section_text">332 <div class="content_section_text">
326 <p>333 <p>
327 By default, Debian does not allow access through the web browser to334 By default, Ubuntu does not allow access through the web browser to
328 <em>any</em> file apart of those located in <tt>/var/www</tt>,335 <em>any</em> file apart of those located in <tt>/var/www</tt>,
329 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>336 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
330 directories (when enabled) and <tt>/usr/share</tt> (for web337 directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
333 document root directory in <tt>/etc/apache2/apache2.conf</tt>.340 document root directory in <tt>/etc/apache2/apache2.conf</tt>.
334 </p>341 </p>
335 <p>342 <p>
336 The default Debian document root is <tt>/var/www/html</tt>. You343 The default Ubuntu document root is <tt>/var/www/html</tt>. You
337 can make your own virtual hosts under /var/www. This is different344 can make your own virtual hosts under /var/www. This is different
338 to previous releases which provides better security out of the box.345 to previous releases which provides better security out of the box.
339 </p>346 </p>
@@ -345,9 +352,9 @@
345 </div>352 </div>
346 <div class="content_section_text">353 <div class="content_section_text">
347 <p>354 <p>
348 Please use the <tt>reportbug</tt> tool to report bugs in the355 Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
349 Apache2 package with Debian. However, check <a356 Apache2 package with Ubuntu. However, check <a
350 href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"357 href="https://bugs.launchpad.net/ubuntu/+source/apache2"
351 rel="nofollow">existing bug reports</a> before reporting a new bug.358 rel="nofollow">existing bug reports</a> before reporting a new bug.
352 </p>359 </p>
353 <p>360 <p>
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
index d617b1d..823d9c0 100644
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
17debian/icons/odf6ots-20x22.png17debian/icons/odf6ots-20x22.png
18debian/icons/odf6ott-20x22.png18debian/icons/odf6ott-20x22.png
19debian/icons/openlogo-75.png19debian/icons/openlogo-75.png
20debian/icons/ubuntu-logo.png
20debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml21debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
21debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php22debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
22debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml23debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml

Subscribers

People subscribed via source and target branches