Merge ~ahasenack/ubuntu/+source/apache2:disco-apache2-2.4.37-merge into ubuntu/+source/apache2:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/apache2
- disco-apache2-2.4.37-merge
- Merge into debian/sid
Status: | Rejected |
---|---|
Rejected by: | Andreas Hasenack |
Proposed branch: | ~ahasenack/ubuntu/+source/apache2:disco-apache2-2.4.37-merge |
Merge into: | ubuntu/+source/apache2:debian/sid |
Diff against target: |
2286 lines (+1674/-33) 16 files modified
debian/apache2-bin.install (+1/-0) debian/apache2-utils.ufw.profile (+14/-0) debian/apache2.dirs (+1/-0) debian/apache2.install (+1/-0) debian/apache2.postrm (+1/-0) debian/apache2.py (+48/-0) debian/changelog (+1413/-0) debian/control (+7/-19) debian/index.html (+19/-12) debian/patches/086_svn_cross_compiles (+118/-0) debian/patches/series (+3/-0) debian/rules (+2/-1) debian/source/include-binaries (+1/-0) debian/tests/check-http2 (+41/-0) debian/tests/control (+4/-0) dev/null (+0/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robie Basak | Needs Information | ||
Canonical Server | Pending | ||
Review via email: mp+361977@code.launchpad.net |
Commit message
Description of the change
Merge 2.4.37 from debian, dropping a security patch for CVE-2018-11763 that was incorporated in 2.4.35 (https:/
Apache is affected by the git-empty-dir bug (https:/
Bileto ticket (still running): https:/
Andreas Hasenack (ahasenack) wrote : | # |
Robie Basak (racb) wrote : | # |
1: 00dac52b = 1: bbac7661 - debian/{control, apache2.install, apache2-
2: 890bfeaa = 2: 1f6fa5f0 - debian/apache2.py, debian/
3: 54f028d1 ! 3: f7c44b9e - debian/
@@ -131,9 +131,9 @@
--- a/debian/
+++ b/debian/
@@
+ # This patch is applied manually
#
-
- remove_
+ setenvifexpr.diff
+
+# Patches added by Ubuntu
+086_
4: 676a9a6e ! 4: 92420b0b - d/index.html, d/icons/
@@ -119,10 +119,10 @@
--- a/debian/
+++ b/debian/
@@
- debian/
- debian/
+ debian/
+ debian/
debian/
+debian/
- debian/
debian/
debian/
+ debian/
5: 6ae6dc28 = 5: 7faffea9 - d/t/control, d/t/check-http2: add basic test for http2 support
6: a57862f3 = 6: 3c4eef85 - d/control, d/rules, d/config-
7: 08b68c8f < -: -------- * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames - debian/
-: -------- > 7: b0015c49 * Dropped: - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames + debian/
-: -------- > 8: 64a15d34 merge-changelogs
-: -------- > 9: 2b0bae73 reconstruct-
-: -------- > 10: bad3cd6e update-maintainer
Robie Basak (racb) wrote : | # |
range-diff mismatches 3 and 4 are context only. 7 is correctly dropped (verified in Ubuntu and Debian's CVE tracker). All delta therefore transferred correctly.
Changes in Debian and upstream don't look like they'll affect our delta.
update-maintainer and changelog entries look good.
I'll leave with you, doesn't affect review outcome: does the http2 dep8 test want sending upstream? Or is that already done, or not appropriate?
Needs Information: Is the 3c4eef8 delta ("don't build libapache2-mod-md") still required? libapache2-
All other delta looks appropriate to keep.
Andreas Hasenack (ahasenack) wrote : | # |
Christian filed a bug for the http2 dep8 test with debian: https:/
Checking the mod-md delta will take more time. I have a card for it (https:/
Andreas Hasenack (ahasenack) wrote : | # |
Debian since released 2.4.38, and I rebased. Problem is that 2.4.38 fails dep8, whereas 2.4.37 was fine. I filed a bug with debian for now (http://
Unmerged commits
- bad3cd6... by Andreas Hasenack
-
update-maintainer
- 2b0bae7... by Andreas Hasenack
-
reconstruct-
changelog - 64a15d3... by Andreas Hasenack
-
merge-changelogs
- b0015c4... by Andreas Hasenack
-
* Dropped:
- SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
+ debian/patches/ CVE-2018- 11763.patch: rework connection IO event
handling in modules/http2/h2_ session. c, modules/ http2/h2_ session. h,
modules/ http2/h2_ version. h.
- CVE-2018-11763
[Fixed in 2.4.35] - 3c4eef8... by Andreas Hasenack
-
- d/control, d/rules, d/config-
dir/mods- available/ md.load: don't build
libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
cannot be coinstalled with libcurl3. That situation breaks the
installation of libapache2-mod-shib2. See
https://bugs.launchpad .net/ubuntu/ +source/ apache2/ +bug/1770242/ comments/ 1
for details. - 7faffea... by Andreas Hasenack
-
- d/t/control, d/t/check-http2: add basic test for http2 support
- 92420b0... by Andreas Hasenack
-
- d/index.html, d/icons/
ubuntu- logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include- binaries: add Ubuntu icon file - f7c44b9... by Andreas Hasenack
-
- debian/
patches/ 086_svn_ cross_compiles: Backport several cross
fixes from upstream - 1f6fa5f... by Andreas Hasenack
-
- debian/apache2.py, debian/
apache2- bin.install: Add apport hook. - bbac766... by Andreas Hasenack
-
- debian/{control, apache2.install, apache2-
utils.ufw. profile,
apache2.dirs}: Add ufw profiles.
Preview Diff
1 | diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install |
2 | index 63c573f..3d1bdf1 100644 |
3 | --- a/debian/apache2-bin.install |
4 | +++ b/debian/apache2-bin.install |
5 | @@ -1,2 +1,3 @@ |
6 | /usr/lib/apache2/modules/ |
7 | /usr/sbin/apache2 |
8 | +debian/apache2.py usr/share/apport/package-hooks |
9 | diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile |
10 | new file mode 100644 |
11 | index 0000000..974a655 |
12 | --- /dev/null |
13 | +++ b/debian/apache2-utils.ufw.profile |
14 | @@ -0,0 +1,14 @@ |
15 | +[Apache] |
16 | +title=Web Server |
17 | +description=Apache v2 is the next generation of the omnipresent Apache web server. |
18 | +ports=80/tcp |
19 | + |
20 | +[Apache Secure] |
21 | +title=Web Server (HTTPS) |
22 | +description=Apache v2 is the next generation of the omnipresent Apache web server. |
23 | +ports=443/tcp |
24 | + |
25 | +[Apache Full] |
26 | +title=Web Server (HTTP,HTTPS) |
27 | +description=Apache v2 is the next generation of the omnipresent Apache web server. |
28 | +ports=80,443/tcp |
29 | diff --git a/debian/apache2.dirs b/debian/apache2.dirs |
30 | index 6089013..1aa6d3c 100644 |
31 | --- a/debian/apache2.dirs |
32 | +++ b/debian/apache2.dirs |
33 | @@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk |
34 | var/lib/apache2 |
35 | var/log/apache2 |
36 | var/www/html |
37 | +/etc/ufw/applications.d/apache2 |
38 | diff --git a/debian/apache2.install b/debian/apache2.install |
39 | index b6ad789..92865fc 100644 |
40 | --- a/debian/apache2.install |
41 | +++ b/debian/apache2.install |
42 | @@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2 |
43 | debian/config-dir/envvars /etc/apache2 |
44 | debian/config-dir/magic /etc/apache2 |
45 | debian/debhelper/apache2-maintscript-helper /usr/share/apache2/ |
46 | +debian/apache2-utils.ufw.profile /etc/ufw/applications.d/ |
47 | diff --git a/debian/apache2.postrm b/debian/apache2.postrm |
48 | index a68583c..b0e5d7b 100644 |
49 | --- a/debian/apache2.postrm |
50 | +++ b/debian/apache2.postrm |
51 | @@ -33,6 +33,7 @@ is_default_index_html () { |
52 | 776221a94e5a174dc2396c0f3f6b6a74 |
53 | c481228d439cbb54bdcedbaec5bbb11a |
54 | e2620d4a5a0f8d80dd4b16de59af981f |
55 | + 3526531ccd6c6a1d2340574a305a18f8 |
56 | EOF |
57 | } |
58 | |
59 | diff --git a/debian/apache2.py b/debian/apache2.py |
60 | new file mode 100644 |
61 | index 0000000..a9fb9d8 |
62 | --- /dev/null |
63 | +++ b/debian/apache2.py |
64 | @@ -0,0 +1,48 @@ |
65 | +#!/usr/bin/python |
66 | + |
67 | +'''apport hook for apache2 |
68 | + |
69 | +(c) 2010 Adam Sommer. |
70 | +Author: Adam Sommer <asommer@ubuntu.com> |
71 | + |
72 | +This program is free software; you can redistribute it and/or modify it |
73 | +under the terms of the GNU General Public License as published by the |
74 | +Free Software Foundation; either version 2 of the License, or (at your |
75 | +option) any later version. See http://www.gnu.org/copyleft/gpl.html for |
76 | +the full text of the license. |
77 | +''' |
78 | + |
79 | +from apport.hookutils import * |
80 | +import os |
81 | + |
82 | +SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/' |
83 | + |
84 | +def add_info(report, ui): |
85 | + if os.path.isdir(SITES_ENABLED_DIR): |
86 | + response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory " |
87 | + "may help developers diagnose your bug more " |
88 | + "quickly. However, it may contain sensitive " |
89 | + "information. Do you want to include it in your " |
90 | + "bug report?") |
91 | + |
92 | + if response == None: # user cancelled |
93 | + raise StopIteration |
94 | + |
95 | + elif response == True: |
96 | + # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d |
97 | + for conf_file in os.listdir(SITES_ENABLED_DIR): |
98 | + attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file) |
99 | + |
100 | + try: |
101 | + report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d')) |
102 | + except OSError: |
103 | + report['Apache2ConfdDirListing'] = str(False) |
104 | + |
105 | + # Attach default config files if changed. |
106 | + attach_conffiles(report, 'apache2', conffiles=None) |
107 | + |
108 | + # Attach the error.log file. |
109 | + attach_file(report, '/var/log/apache2/error.log', key='error.log') |
110 | + |
111 | + # Get loaded modules. |
112 | + report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES']) |
113 | diff --git a/debian/changelog b/debian/changelog |
114 | index 82e246d..c2ae1d1 100644 |
115 | --- a/debian/changelog |
116 | +++ b/debian/changelog |
117 | @@ -1,3 +1,31 @@ |
118 | +apache2 (2.4.37-1ubuntu1) disco; urgency=medium |
119 | + |
120 | + * Merge with Debian unstable. Remaining changes: |
121 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
122 | + apache2.dirs}: Add ufw profiles. |
123 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
124 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
125 | + fixes from upstream |
126 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
127 | + Debian with Ubuntu on default page. |
128 | + + d/source/include-binaries: add Ubuntu icon file |
129 | + - d/t/control, d/t/check-http2: add basic test for http2 support |
130 | + - d/control, d/rules, d/config-dir/mods-available/md.load: don't build |
131 | + libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which |
132 | + cannot be coinstalled with libcurl3. That situation breaks the |
133 | + installation of libapache2-mod-shib2. See |
134 | + https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1 |
135 | + for details. |
136 | + * Dropped: |
137 | + - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames |
138 | + + debian/patches/CVE-2018-11763.patch: rework connection IO event |
139 | + handling in modules/http2/h2_session.c, modules/http2/h2_session.h, |
140 | + modules/http2/h2_version.h. |
141 | + - CVE-2018-11763 |
142 | + [Fixed in 2.4.35] |
143 | + |
144 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 18 Jan 2019 11:05:15 -0200 |
145 | + |
146 | apache2 (2.4.37-1) unstable; urgency=medium |
147 | |
148 | * New upstream version |
149 | @@ -24,6 +52,37 @@ apache2 (2.4.35-1) unstable; urgency=medium |
150 | |
151 | -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200 |
152 | |
153 | +apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium |
154 | + |
155 | + * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames |
156 | + - debian/patches/CVE-2018-11763.patch: rework connection IO event |
157 | + handling in modules/http2/h2_session.c, modules/http2/h2_session.h, |
158 | + modules/http2/h2_version.h. |
159 | + - CVE-2018-11763 |
160 | + |
161 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Oct 2018 09:57:22 -0400 |
162 | + |
163 | +apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium |
164 | + |
165 | + * Merge with Debian unstable. Remaining changes: |
166 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
167 | + apache2.dirs}: Add ufw profiles. |
168 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
169 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
170 | + fixes from upstream |
171 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
172 | + Debian with Ubuntu on default page. |
173 | + + d/source/include-binaries: add Ubuntu icon file |
174 | + - d/t/control, d/t/check-http2: add basic test for http2 support |
175 | + - d/control, d/rules, d/config-dir/mods-available/md.load: don't build |
176 | + libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which |
177 | + cannot be coinstalled with libcurl3. That situation breaks the |
178 | + installation of libapache2-mod-shib2. See |
179 | + https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1 |
180 | + for details. |
181 | + |
182 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Aug 2018 17:09:27 -0300 |
183 | + |
184 | apache2 (2.4.34-1) unstable; urgency=medium |
185 | |
186 | [ Ondřej Surý ] |
187 | @@ -42,6 +101,87 @@ apache2 (2.4.34-1) unstable; urgency=medium |
188 | |
189 | -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200 |
190 | |
191 | +apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium |
192 | + |
193 | + * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: |
194 | + re-enable proxy_uwsgi, as the uwsgi source no longer builds this module. |
195 | + |
196 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 28 Jun 2018 10:07:06 -0300 |
197 | + |
198 | +apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium |
199 | + |
200 | + * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and |
201 | + libapache2-mod-md until we figure out their transitions. libapache2-mod-md |
202 | + in particular is problematic because that makes apache2-bin pull in |
203 | + libcurl4 which cannot be coinstalled with libcurl3. That situation breaks |
204 | + the installation of libapache2-mod-shib2. See |
205 | + https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1 |
206 | + for details. |
207 | + - Don't ship md.load and remove build-requires that were added because of |
208 | + mod-md (see |
209 | + https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf) |
210 | + - Remove proxy_uwsgi.load as we are not building it for now (see |
211 | + https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9) |
212 | + |
213 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 May 2018 14:46:19 +0000 |
214 | + |
215 | +apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium |
216 | + |
217 | + * Merge with Debian unstable (LP: #1770242). Remaining changes: |
218 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
219 | + apache2.dirs}: Add ufw profiles. |
220 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
221 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
222 | + fixes from upstream |
223 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
224 | + Debian with Ubuntu on default page. |
225 | + + d/source/include-binaries: add Ubuntu icon file |
226 | + - d/t/control, d/t/check-http2: add basic test for http2 support |
227 | + * Drop: |
228 | + - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig |
229 | + + debian/patches/CVE-2017-15710.patch: fix language long names |
230 | + detection as short name in modules/aaa/mod_authnz_ldap.c. |
231 | + + CVE-2017-15710 |
232 | + - SECURITY UPDATE: incorrect <FilesMatch> matching |
233 | + + debian/patches/CVE-2017-15715.patch: allow to configure |
234 | + global/default options for regexes, like caseless matching or |
235 | + extended format in include/ap_regex.h, server/core.c, |
236 | + server/util_pcre.c. |
237 | + + CVE-2017-15715 |
238 | + - SECURITY UPDATE: mod_session header manipulation |
239 | + + debian/patches/CVE-2018-1283.patch: strip Session header when |
240 | + SessionEnv is on in modules/session/mod_session.c. |
241 | + + CVE-2018-1283 |
242 | + - SECURITY UPDATE: DoS via specially-crafted request |
243 | + + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL |
244 | + terminated on any error, not only on buffer full in |
245 | + server/protocol.c. |
246 | + + CVE-2018-1301 |
247 | + - SECURITY UPDATE: mod_cache_socache DoS |
248 | + + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up |
249 | + to carriage return in modules/cache/mod_cache_socache.c. |
250 | + + CVE-2018-1303 |
251 | + - SECURITY UPDATE: insecure nonce generation |
252 | + + debian/patches/CVE-2018-1312.patch: actually use the secret when |
253 | + generating nonces in modules/aaa/mod_auth_digest.c. |
254 | + + CVE-2018-1312 |
255 | + - Correct systemd-sysv-generator behavior by customizing some |
256 | + parameters: |
257 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
258 | + parameters for the systemd unit (type=Forking and |
259 | + RemainsAfterExit=no), this allow a correct state synchronisation |
260 | + between systemctl status and actual state of apache2 daemon. |
261 | + + d/apache2.install: place the apache2-systemd.conf file in the |
262 | + correct location. |
263 | + [type=Forking already in the base systemd service file, and |
264 | + RemainsAfterExit=no is the default value, so no need to |
265 | + customize these anymore.] |
266 | + - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683) |
267 | + + added debian/patches/util_ldap_cache_lock_fix.patch |
268 | + [Already applied upstream] |
269 | + |
270 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 15 May 2018 11:03:34 -0300 |
271 | + |
272 | apache2 (2.4.33-3) unstable; urgency=medium |
273 | |
274 | * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too. |
275 | @@ -114,6 +254,91 @@ apache2 (2.4.29-2) unstable; urgency=medium |
276 | |
277 | -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000 |
278 | |
279 | +apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium |
280 | + |
281 | + * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig |
282 | + - debian/patches/CVE-2017-15710.patch: fix language long names |
283 | + detection as short name in modules/aaa/mod_authnz_ldap.c. |
284 | + - CVE-2017-15710 |
285 | + * SECURITY UPDATE: incorrect <FilesMatch> matching |
286 | + - debian/patches/CVE-2017-15715.patch: allow to configure |
287 | + global/default options for regexes, like caseless matching or |
288 | + extended format in include/ap_regex.h, server/core.c, |
289 | + server/util_pcre.c. |
290 | + - CVE-2017-15715 |
291 | + * SECURITY UPDATE: mod_session header manipulation |
292 | + - debian/patches/CVE-2018-1283.patch: strip Session header when |
293 | + SessionEnv is on in modules/session/mod_session.c. |
294 | + - CVE-2018-1283 |
295 | + * SECURITY UPDATE: DoS via specially-crafted request |
296 | + - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL |
297 | + terminated on any error, not only on buffer full in |
298 | + server/protocol.c. |
299 | + - CVE-2018-1301 |
300 | + * SECURITY UPDATE: mod_cache_socache DoS |
301 | + - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up |
302 | + to carriage return in modules/cache/mod_cache_socache.c. |
303 | + - CVE-2018-1303 |
304 | + * SECURITY UPDATE: insecure nonce generation |
305 | + - debian/patches/CVE-2018-1312.patch: actually use the secret when |
306 | + generating nonces in modules/aaa/mod_auth_digest.c. |
307 | + - CVE-2018-1312 |
308 | + |
309 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Apr 2018 07:38:24 -0400 |
310 | + |
311 | +apache2 (2.4.29-1ubuntu4) bionic; urgency=medium |
312 | + |
313 | + * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683) |
314 | + - added debian/patches/util_ldap_cache_lock_fix.patch |
315 | + |
316 | + -- Rafael David Tinoco <rafael.tinoco@canonical.com> Fri, 02 Mar 2018 02:19:31 +0000 |
317 | + |
318 | +apache2 (2.4.29-1ubuntu3) bionic; urgency=medium |
319 | + |
320 | + * Switch back to OpenSSL 1.1. |
321 | + |
322 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 11:57:20 +0000 |
323 | + |
324 | +apache2 (2.4.29-1ubuntu2) bionic; urgency=medium |
325 | + |
326 | + * enable http2 (LP: #1687454) by stopping to disable it |
327 | + - debian/control: no more removed libnghttp2-dev Build-Depends (in universe). |
328 | + - debian/config-dir/mods-available/http2.load: no more removed. |
329 | + - debian/rules: no more removed proxy_http2 from configure. |
330 | + * d/t/control, d/t/check-http2: add basic test for http2 support |
331 | + |
332 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Dec 2017 17:25:39 +0100 |
333 | + |
334 | +apache2 (2.4.29-1ubuntu1) bionic; urgency=medium |
335 | + |
336 | + * Merge with Debian unstable. Remaining changes: |
337 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
338 | + apache2.dirs}: Add ufw profiles. |
339 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
340 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
341 | + fixes from upstream |
342 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
343 | + Debian with Ubuntu on default page. |
344 | + + d/source/include-binaries: add Ubuntu icon file |
345 | + - Correct systemd-sysv-generator behavior by customizing some |
346 | + parameters: |
347 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
348 | + parameters for the systemd unit (type=Forking and |
349 | + RemainsAfterExit=no), this allow a correct state synchronisation |
350 | + between systemctl status and actual state of apache2 daemon. |
351 | + + d/apache2.install: place the apache2-systemd.conf file in the |
352 | + correct location. |
353 | + - Don't build http2 module (nghttp2 still not in main) (LP 1687454) |
354 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
355 | + + debian/config-dir/mods-available/http2.load: removed. |
356 | + + debian/rules: removed proxy_http2 from configure. |
357 | + * Switch back to OpenSSL 1.0 as we don't yet have 1.1: |
358 | + - debian/control: switch BuildDepends to libssl1.0-dev |
359 | + - debian/control: remove Breaks on gridsite and libapache2-mod-dacs |
360 | + - debian/rules: remove openssl virtual package and logic |
361 | + |
362 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Nov 2017 10:51:46 -0500 |
363 | + |
364 | apache2 (2.4.29-1) unstable; urgency=medium |
365 | |
366 | [ Stefan Fritsch ] |
367 | @@ -178,6 +403,47 @@ apache2 (2.4.27-3) experimental; urgency=medium |
368 | |
369 | -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200 |
370 | |
371 | +apache2 (2.4.27-2ubuntu3) artful; urgency=medium |
372 | + |
373 | + * SECURITY UPDATE: optionsbleed information leak |
374 | + - debian/patches/CVE-2017-9798.patch: disallow method registration |
375 | + at run time in server/core.c. |
376 | + - CVE-2017-9798 |
377 | + |
378 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Sep 2017 11:05:48 -0400 |
379 | + |
380 | +apache2 (2.4.27-2ubuntu2) artful; urgency=medium |
381 | + |
382 | + * Undrop (LP 1658469): |
383 | + - Don't build http2 module (nghttp2 still not in main) (LP 1687454) |
384 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
385 | + + debian/config-dir/mods-available/http2.load: removed. |
386 | + + debian/rules: removed proxy_http2 from configure. |
387 | + |
388 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Aug 2017 13:04:45 -0400 |
389 | + |
390 | +apache2 (2.4.27-2ubuntu1) artful; urgency=medium |
391 | + |
392 | + * Merge with Debian unstable (LP: #1702582). Remaining changes: |
393 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
394 | + apache2.dirs}: Add ufw profiles. |
395 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
396 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
397 | + fixes from upstream |
398 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
399 | + Debian with Ubuntu on default page. |
400 | + + d/source/include-binaries: add Ubuntu icon file |
401 | + - Correct systemd-sysv-generator behavior by customizing some |
402 | + parameters: |
403 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
404 | + parameters for the systemd unit (type=Forking and |
405 | + RemainsAfterExit=no), this allow a correct state synchronisation |
406 | + between systemctl status and actual state of apache2 daemon. |
407 | + + d/apache2.install: place the apache2-systemd.conf file in the |
408 | + correct location. |
409 | + |
410 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 27 Jul 2017 13:38:39 -0700 |
411 | + |
412 | apache2 (2.4.27-2) unstable; urgency=medium |
413 | |
414 | * Switch back to openssl 1.0 for now. The transition to 1.1 needs more |
415 | @@ -207,6 +473,55 @@ apache2 (2.4.25-4) unstable; urgency=high |
416 | |
417 | -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200 |
418 | |
419 | +apache2 (2.4.25-3ubuntu3) artful; urgency=medium |
420 | + |
421 | + * Re-Drop (LP: #1658469): |
422 | + - Don't build experimental http2 module for LTS: |
423 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
424 | + + debian/config-dir/mods-available/http2.load: removed. |
425 | + + debian/rules: removed proxy_http2 from configure. |
426 | + + debian/apache2.maintscript: remove http2 conffile. |
427 | + |
428 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 01 May 2017 09:55:11 -0700 |
429 | + |
430 | +apache2 (2.4.25-3ubuntu2) zesty; urgency=medium |
431 | + * Undrop (LP 1658469): |
432 | + - Don't build experimental http2 module for LTS: |
433 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
434 | + + debian/config-dir/mods-available/http2.load: removed. |
435 | + + debian/rules: removed proxy_http2 from configure. |
436 | + + debian/apache2.maintscript: remove http2 conffile. |
437 | + |
438 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 08:53:43 -0800 |
439 | + |
440 | +apache2 (2.4.25-3ubuntu1) zesty; urgency=medium |
441 | + |
442 | + * Merge from Debian unstable (LP: #1663425). Remaining changes: |
443 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
444 | + apache2.dirs}: Add ufw profiles. |
445 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
446 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
447 | + fixes from upstream |
448 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
449 | + Debian with Ubuntu on default page. |
450 | + + d/source/include-binaries: add Ubuntu icon file |
451 | + - Correct systemd-sysv-generator behavior by customizing some |
452 | + parameters: |
453 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
454 | + parameters for the systemd unit (type=Forking and |
455 | + RemainsAfterExit=no), this allow a correct state synchronisation |
456 | + between systemctl status and actual state of apache2 daemon. |
457 | + + d/apache2.install: place the apache2-systemd.conf file in the |
458 | + correct location. |
459 | + * Drop (LP: #1658469): |
460 | + - Don't build experimental http2 module for LTS: |
461 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
462 | + + debian/config-dir/mods-available/http2.load: removed. |
463 | + + debian/rules: removed proxy_http2 from configure. |
464 | + + debian/apache2.maintscript: remove http2 conffile. |
465 | + |
466 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 09 Feb 2017 15:48:28 -0800 |
467 | + |
468 | apache2 (2.4.25-3) unstable; urgency=medium |
469 | |
470 | * Fix detection of systemd to fix 'apache2ctl start' on sysv-init. |
471 | @@ -268,6 +583,39 @@ apache2 (2.4.25-1) unstable; urgency=medium |
472 | |
473 | -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +0100 |
474 | |
475 | +apache2 (2.4.23-8ubuntu1) zesty; urgency=medium |
476 | + |
477 | + * Merge from Debian unstable (LP: #). Remaining changes: |
478 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
479 | + apache2.dirs}: Add ufw profiles. |
480 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
481 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
482 | + fixes from upstream |
483 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm, |
484 | + d/source/include-binaries: replace Debian with Ubuntu on default |
485 | + page. |
486 | + [ include-binaries change previously undocumented ] |
487 | + - Don't build experimental http2 module for LTS: |
488 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
489 | + + debian/config-dir/mods-available/http2.load: removed. |
490 | + + debian/rules: removed proxy_http2 from configure. |
491 | + + debian/apache2.maintscript: remove http2 conffile. |
492 | + [ Previously undocumented ] |
493 | + - Correct systemd-sysv-generator behavior by customizing some |
494 | + parameters: |
495 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
496 | + parameters for the systemd unit (type=Forking and |
497 | + RemainsAfterExit=no), this allow a correct state synchronisation |
498 | + between systemctl status and actual state of apache2 daemon. |
499 | + + d/apache2.install: place the apache2-systemd.conf file in the |
500 | + correct location. |
501 | + * Drop: |
502 | + - debian/rules: Fix cross-building by passing |
503 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
504 | + [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ] |
505 | + |
506 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 09 Dec 2016 11:02:38 +0100 |
507 | + |
508 | apache2 (2.4.23-8) unstable; urgency=medium |
509 | |
510 | * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a |
511 | @@ -278,6 +626,33 @@ apache2 (2.4.23-8) unstable; urgency=medium |
512 | |
513 | -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +0100 |
514 | |
515 | +apache2 (2.4.23-7ubuntu1) zesty; urgency=medium |
516 | + |
517 | + * Merge from Debian unstable. Remaining changes: |
518 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
519 | + apache2.dirs}: Add ufw profiles. |
520 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
521 | + - debian/rules: Fix cross-building by passing |
522 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
523 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
524 | + fixes from upstream |
525 | + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace |
526 | + Debian with Ubuntu on default page. |
527 | + - Don't build experimental http2 module for LTS: |
528 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
529 | + + debian/config-dir/mods-available/http2.load: removed. |
530 | + + debian/rules: removed proxy_http2 from configure. |
531 | + - Correct systemd-sysv-generator behavior by customizing some |
532 | + parameters: |
533 | + + d/apache2-systemd.conf: add a drop-in file to specify some |
534 | + parameters for the systemd unit (type=Forking and |
535 | + RemainsAfterExit=no), this allow a correct state synchronisation |
536 | + between systemctl status and actual state of apache2 daemon. |
537 | + + d/apache2.install: place the apache2-systemd.conf file in the |
538 | + correct location. |
539 | + |
540 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 Nov 2016 09:17:24 -0500 |
541 | + |
542 | apache2 (2.4.23-7) unstable; urgency=medium |
543 | |
544 | * Make apache2-dev depend on openssl 1.0, too. Closes: #844160 |
545 | @@ -392,6 +767,55 @@ apache2 (2.4.20-1) unstable; urgency=medium |
546 | |
547 | -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +0200 |
548 | |
549 | +apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium |
550 | + |
551 | + * SECURITY UPDATE: proxy request header vulnerability (httpoxy) |
552 | + - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in |
553 | + server/util_script.c. |
554 | + - CVE-2016-5387 |
555 | + |
556 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Jul 2016 14:32:02 -0400 |
557 | + |
558 | +apache2 (2.4.18-2ubuntu3) xenial; urgency=medium |
559 | + |
560 | + [ Ryan Harper ] |
561 | + * Drop /etc/apache2/mods-available/http2.load. This was inadvertently |
562 | + introduced in 2.4.18-2ubuntu1. The intention is to not carry this at |
563 | + all, since http2 support is intentionally disabled (see LP 1531864). |
564 | + * d/apache2.maintscript: handle removal of http2.load conffile. |
565 | + |
566 | + [ Robie Basak ] |
567 | + * Re-write Ryan's changelog entry. |
568 | + |
569 | + -- Robie Basak <robie.basak@ubuntu.com> Fri, 15 Apr 2016 18:00:57 +0000 |
570 | + |
571 | +apache2 (2.4.18-2ubuntu2) xenial; urgency=medium |
572 | + |
573 | + * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962) |
574 | + - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd |
575 | + unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation |
576 | + between systemctl status and actual state of apache2 daemon. |
577 | + - d/apache2.install: place the apache2-systemd.conf file in the correct location. |
578 | + |
579 | + -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Fri, 08 Apr 2016 11:48:00 +0200 |
580 | + |
581 | +apache2 (2.4.18-2ubuntu1) xenial; urgency=medium |
582 | + |
583 | + * Merge from Debian unstable. Remaining changes: |
584 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
585 | + apache2.dirs}: Add ufw profiles. |
586 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
587 | + - debian/rules: Fix cross-building by passing |
588 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
589 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
590 | + fixes from upstream |
591 | + - d/index.html: replace Debian with Ubuntu on default page. |
592 | + - Don't build experimental http2 module for LTS: |
593 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
594 | + + debian/config-dir/mods-available/http2.load: removed. |
595 | + |
596 | + -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Apr 2016 00:18:31 +0300 |
597 | + |
598 | apache2 (2.4.18-2) unstable; urgency=low |
599 | |
600 | * htcacheclean: |
601 | @@ -417,6 +841,24 @@ apache2 (2.4.18-2) unstable; urgency=low |
602 | |
603 | -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +0200 |
604 | |
605 | +apache2 (2.4.18-1ubuntu1) xenial; urgency=medium |
606 | + |
607 | + * Merge from Debian unstable. Remaining changes: |
608 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
609 | + apache2.dirs}: Add ufw profiles. |
610 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
611 | + - Add dep8 tests. |
612 | + - debian/rules: Fix cross-building by passing |
613 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
614 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
615 | + fixes from upstream |
616 | + - d/index.html: replace Debian with Ubuntu on default page. |
617 | + - Don't build experimental http2 module for LTS: |
618 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
619 | + + debian/config-dir/mods-available/http2.load: removed. |
620 | + |
621 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Jan 2016 15:15:22 -0500 |
622 | + |
623 | apache2 (2.4.18-1) unstable; urgency=medium |
624 | |
625 | * New upstream release: |
626 | @@ -424,12 +866,48 @@ apache2 (2.4.18-1) unstable; urgency=medium |
627 | |
628 | -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +0100 |
629 | |
630 | +apache2 (2.4.17-3ubuntu1) xenial; urgency=medium |
631 | + |
632 | + * Merge from Debian unstable. Remaining changes: |
633 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
634 | + apache2.dirs}: Add ufw profiles. |
635 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
636 | + - Add dep8 tests. |
637 | + - debian/rules: Fix cross-building by passing |
638 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
639 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
640 | + fixes from upstream |
641 | + - d/index.html: replace Debian with Ubuntu on default page. |
642 | + - Don't build experimental http2 module for LTS: |
643 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
644 | + + debian/config-dir/mods-available/http2.load: removed. |
645 | + |
646 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Dec 2015 10:07:35 -0500 |
647 | + |
648 | apache2 (2.4.17-3) unstable; urgency=medium |
649 | |
650 | * mpm_prefork: Fix segfault if started with -X. Closes: #805737 |
651 | |
652 | -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +0100 |
653 | |
654 | +apache2 (2.4.17-2ubuntu1) xenial; urgency=medium |
655 | + |
656 | + * Merge from Debian unstable. Remaining changes: |
657 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
658 | + apache2.dirs}: Add ufw profiles. |
659 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
660 | + - Add dep8 tests. |
661 | + - debian/rules: Fix cross-building by passing |
662 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
663 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
664 | + fixes from upstream |
665 | + - d/index.html: replace Debian with Ubuntu on default page. |
666 | + - Don't build experimental http2 module for LTS: |
667 | + + debian/control: removed libnghttp2-dev Build-Depends (in universe). |
668 | + + debian/config-dir/mods-available/http2.load: removed. |
669 | + |
670 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Nov 2015 09:11:52 -0500 |
671 | + |
672 | apache2 (2.4.17-2) unstable; urgency=medium |
673 | |
674 | * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke |
675 | @@ -440,6 +918,31 @@ apache2 (2.4.17-2) unstable; urgency=medium |
676 | |
677 | -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +0100 |
678 | |
679 | +apache2 (2.4.17-1ubuntu1) xenial; urgency=medium |
680 | + |
681 | + * Merge from Debian unstable. Remaining changes: |
682 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
683 | + apache2.dirs}: Add ufw profiles. |
684 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
685 | + - Add dep8 tests. |
686 | + - debian/rules: Fix cross-building by passing |
687 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
688 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
689 | + fixes from upstream |
690 | + - d/index.html: replace Debian with Ubuntu on default page. |
691 | + * Drop patches (applied upstream): |
692 | + - debian/patches/CVE-2015-3183.patch |
693 | + - debian/patches/CVE-2015-3185.patch |
694 | + * Drop changes (adopted in Debian): |
695 | + - Allow "triggers-awaited" and "triggers-pending" states in addition |
696 | + to "installed" when determining whether to defer actions or |
697 | + process deferred actions. |
698 | + * Don't build experimental http2 module for LTS |
699 | + - debian/control: removed libnghttp2-dev Build-Depends (in universe). |
700 | + - debian/config-dir/mods-available/http2.load: removed. |
701 | + |
702 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 30 Oct 2015 09:35:46 -0400 |
703 | + |
704 | apache2 (2.4.17-1) unstable; urgency=medium |
705 | |
706 | [ Stefan Fritsch ] |
707 | @@ -505,6 +1008,49 @@ apache2 (2.4.16-1) unstable; urgency=medium |
708 | |
709 | -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +0200 |
710 | |
711 | +apache2 (2.4.12-2ubuntu2) wily; urgency=medium |
712 | + |
713 | + * SECURITY UPDATE: request smuggling via chunked transfer encoding |
714 | + - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in |
715 | + modules/http/http_filters.c. |
716 | + - CVE-2015-3183 |
717 | + * SECURITY UPDATE: access restriction bypass via deprecated API |
718 | + - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one |
719 | + in include/http_request.h, server/request.c. |
720 | + - CVE-2015-3185 |
721 | + |
722 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Jul 2015 09:56:09 -0400 |
723 | + |
724 | +apache2 (2.4.12-2ubuntu1) wily; urgency=medium |
725 | + |
726 | + * Merge from Debian unstable. Remaining changes: |
727 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
728 | + apache2.dirs}: Add ufw profiles. |
729 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
730 | + - Add dep8 tests. |
731 | + - debian/rules: Fix cross-building by passing |
732 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
733 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
734 | + fixes from upstream |
735 | + - d/index.html: replace Debian with Ubuntu on default page. |
736 | + - Allow "triggers-awaited" and "triggers-pending" states in addition |
737 | + to "installed" when determining whether to defer actions or |
738 | + process deferred actions. |
739 | + * Drop patches (applied upstream): |
740 | + - d/p/split-logfile.patch |
741 | + - d/p/CVE-2015-0228.patch |
742 | + * Drop changes (superceded in Debian): |
743 | + - Cherry-pick versioned build-depend on dpkg from Debian for correct |
744 | + dpkg-maintscript-helper symlink_to_dir support. |
745 | + * Drop changes (adopted in Debian): |
746 | + - d/control, d/config-dir/mods-available/ssl.conf, |
747 | + d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase |
748 | + dialog program ask-for-passphrase. |
749 | + * Fix cross-building configure line in d/rules, which had bit-rotted in |
750 | + previous merges. |
751 | + |
752 | + -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 May 2015 16:34:00 +0000 |
753 | + |
754 | apache2 (2.4.12-2) unstable; urgency=medium |
755 | |
756 | [ Jean-Michel Nirgal Vourgère ] |
757 | @@ -554,6 +1100,28 @@ apache2 (2.4.10-10) unstable; urgency=medium |
758 | |
759 | -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +0100 |
760 | |
761 | +apache2 (2.4.10-9ubuntu1) vivid; urgency=medium |
762 | + |
763 | + * Merge from Debian unstable. Remaining changes: |
764 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
765 | + apache2.dirs}: Add ufw profiles. |
766 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
767 | + - d/control, d/config-dir/mods-available/ssl.conf, |
768 | + - Add dep8 tests. |
769 | + - debian/rules: Fix cross-building by passing |
770 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
771 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
772 | + fixes from upstream |
773 | + - d/index.html: replace Debian with Ubuntu on default page. |
774 | + - d/p/split-logfile.patch: fix completely broken split-logfile |
775 | + command. |
776 | + - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a |
777 | + denial of service in mod_lua via websockets PING |
778 | + * debian/tests/ssl-passphrase: Add password responder for |
779 | + systemd-ask-passphrase. |
780 | + |
781 | + -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 09 Mar 2015 12:03:16 +0100 |
782 | + |
783 | apache2 (2.4.10-9) unstable; urgency=medium |
784 | |
785 | * CVE-2014-8109: mod_lua: Fix handling of the Require line when a |
786 | @@ -568,6 +1136,54 @@ apache2 (2.4.10-9) unstable; urgency=medium |
787 | |
788 | -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +0100 |
789 | |
790 | +apache2 (2.4.10-8ubuntu3) vivid; urgency=medium |
791 | + |
792 | + * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require |
793 | + directives |
794 | + - debian/patches/CVE-2014-8109.patch: handle multiple Require |
795 | + directives with different arguments in modules/lua/mod_lua.c. |
796 | + - CVE-2014-8109 |
797 | + * SECURITY UPDATE: denial of service in mod_lua via websockets PING |
798 | + - debian/patches/CVE-2015-0228.patch: fix logic in |
799 | + modules/lua/lua_request.c. |
800 | + - CVE-2015-0228 |
801 | + |
802 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Mar 2015 10:56:34 -0500 |
803 | + |
804 | +apache2 (2.4.10-8ubuntu2) vivid; urgency=medium |
805 | + |
806 | + * Allow "triggers-awaited" and "triggers-pending" states in addition to |
807 | + "installed" when determining whether to defer actions or process |
808 | + deferred actions (LP: #1393832). |
809 | + |
810 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 26 Nov 2014 11:31:44 +0000 |
811 | + |
812 | +apache2 (2.4.10-8ubuntu1) vivid; urgency=medium |
813 | + |
814 | + * Merge from Debian unstable. Remaining changes: |
815 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
816 | + apache2.dirs}: Add ufw profiles. |
817 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
818 | + - d/control, d/config-dir/mods-available/ssl.conf, |
819 | + d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase |
820 | + dialog program ask-for-passphrase. |
821 | + - Add dep8 tests. |
822 | + - debian/rules: Fix cross-building by passing |
823 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
824 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
825 | + fixes from upstream |
826 | + - d/index.html: replace Debian with Ubuntu on default page. |
827 | + - d/p/split-logfile.patch: fix completely broken split-logfile |
828 | + command. |
829 | + * Fixes from Debian included in merge: |
830 | + - Crash caused by OCSP stapling code; this was erroneously |
831 | + attributed to Debian in my previous merge, but actually only |
832 | + appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174). |
833 | + * Cherry-pick versioned build-depend on dpkg from Debian for correct |
834 | + dpkg-maintscript-helper symlink_to_dir support. |
835 | + |
836 | + -- Robie Basak <robie.basak@ubuntu.com> Fri, 21 Nov 2014 15:15:58 +0000 |
837 | + |
838 | apache2 (2.4.10-8) unstable; urgency=medium |
839 | |
840 | * Bump dpkg Pre-Depends to version that supports relative symlinks in |
841 | @@ -582,6 +1198,33 @@ apache2 (2.4.10-8) unstable; urgency=medium |
842 | |
843 | -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +0100 |
844 | |
845 | +apache2 (2.4.10-7ubuntu1) vivid; urgency=medium |
846 | + |
847 | + * Merge from Debian unstable. Remaining changes: |
848 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
849 | + apache2.dirs}: Add ufw profiles. |
850 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
851 | + - d/control, d/config-dir/mods-available/ssl.conf, |
852 | + d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase |
853 | + dialog program ask-for-passphrase. |
854 | + - Add dep8 tests. |
855 | + - debian/rules: Fix cross-building by passing |
856 | + DEB_{HOST,BUILD}_GNU_TYPE to configure. |
857 | + - debian/patches/086_svn_cross_compiles: Backport several cross |
858 | + fixes from upstream |
859 | + - d/index.html: replace Debian with Ubuntu on default page. |
860 | + - d/p/split-logfile.patch: fix completely broken split-logfile command. |
861 | + * Fixes from Debian included in merge: |
862 | + - Don't use a2query in preinst, as it may not be available yet |
863 | + (LP: #1312533). |
864 | + - Crash caused by OCSP stapling code (LP: #1366174). |
865 | + - Disable SSLv3 in default config (LP: #1358305). |
866 | + - If apache2 is not configured yet, defer actions executed via |
867 | + apache2-maintscript-helper. This fixes installation failures if a |
868 | + module package is configured first (LP: #1312854). |
869 | + |
870 | + -- Robie Basak <robie.basak@ubuntu.com> Mon, 17 Nov 2014 18:04:40 +0000 |
871 | + |
872 | apache2 (2.4.10-7) unstable; urgency=medium |
873 | |
874 | * Handle transitions of doc dirs and symlinks correctly during upgrade. |
875 | @@ -665,6 +1308,25 @@ apache2 (2.4.10-2) unstable; urgency=medium |
876 | |
877 | -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +0200 |
878 | |
879 | +apache2 (2.4.10-1ubuntu1) utopic; urgency=medium |
880 | + |
881 | + * Merge from Debian unstable. Remaining changes: |
882 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
883 | + apache2.dirs}: Add ufw profiles. |
884 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
885 | + - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase, |
886 | + d/apache2.install: Plymouth aware passphrase dialog program |
887 | + ask-for-passphrase. |
888 | + - Add dep8 tests. |
889 | + - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to |
890 | + configure. |
891 | + - debian/patches/086_svn_cross_compiles: Backport several cross fixes from |
892 | + upstream |
893 | + - d/index.html: replace Debian with Ubuntu on default page. |
894 | + - d/p/split-logfile.patch: fix completely broken split-logfile command. |
895 | + |
896 | + -- Robie Basak <robie.basak@ubuntu.com> Thu, 24 Jul 2014 15:13:16 +0000 |
897 | + |
898 | apache2 (2.4.10-1) unstable; urgency=medium |
899 | |
900 | [ Arno Töll ] |
901 | @@ -712,6 +1374,45 @@ apache2 (2.4.9-2) unstable; urgency=medium |
902 | |
903 | -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +0200 |
904 | |
905 | +apache2 (2.4.9-1ubuntu2) utopic; urgency=medium |
906 | + |
907 | + * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't |
908 | + yet support building against lua 5.2 (LP: #1323930). |
909 | + |
910 | + -- Robie Basak <robie.basak@ubuntu.com> Wed, 28 May 2014 08:55:25 +0000 |
911 | + |
912 | +apache2 (2.4.9-1ubuntu1) utopic; urgency=medium |
913 | + |
914 | + * Merge from Debian unstable. Remaining changes: |
915 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
916 | + apache2.dirs}: Add ufw profiles. |
917 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
918 | + - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase, |
919 | + d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase |
920 | + dialog program ask-for-passphrase. |
921 | + - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to |
922 | + configure. |
923 | + - debian/patches/086_svn_cross_compiles: Backport several cross fixes from |
924 | + upstream |
925 | + - Build using lua5.2. |
926 | + - d/tests/chroot: dep8 test for ChrootDir case. |
927 | + - d/tests/ssl-passphrase: update for new default path /var/www/html. |
928 | + - d/tests/duplicate-module-load: check for duplicate module loads. |
929 | + - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690). |
930 | + - d/p/split-logfile.patch: fix completely broken split-logfile command |
931 | + (LP: #1299162). Thanks to Holger Mauermann. |
932 | + * Drop changes (upstreamed): |
933 | + - d/p/ignore-quilt-dir: adjust build system so that it does not use |
934 | + files find inside the .pc directory. This stops a double module load |
935 | + causing later havoc, including "ChrootDir" directive failure. |
936 | + - debian/patches/CVE-2013-6438.patch: properly calculate correct length |
937 | + in modules/dav/main/util.c. |
938 | + - debian/patches/CVE-2014-0098.patch: properly parse tokens in |
939 | + modules/loggers/mod_log_config.c. |
940 | + * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility. |
941 | + |
942 | + -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 May 2014 19:30:04 +0000 |
943 | + |
944 | apache2 (2.4.9-1) unstable; urgency=medium |
945 | |
946 | * New upstream version. |
947 | @@ -744,6 +1445,63 @@ apache2 (2.4.9-1) unstable; urgency=medium |
948 | |
949 | -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +0100 |
950 | |
951 | +apache2 (2.4.7-1ubuntu4) trusty; urgency=medium |
952 | + |
953 | + * d/p/split-logfile.patch: fix completely broken split-logfile command |
954 | + (LP: #1299162). Thanks to Holger Mauermann. |
955 | + |
956 | + -- Robie Basak <robie.basak@ubuntu.com> Thu, 03 Apr 2014 11:21:22 +0000 |
957 | + |
958 | +apache2 (2.4.7-1ubuntu3) trusty; urgency=medium |
959 | + |
960 | + * SECURITY UPDATE: denial of service via mod_dav incorrect end of string |
961 | + calculation |
962 | + - debian/patches/CVE-2013-6438.patch: properly calculate correct length |
963 | + in modules/dav/main/util.c. |
964 | + - CVE-2013-6438 |
965 | + * SECURITY UPDATE: denial of service via truncated cookie and |
966 | + mod_log_config |
967 | + - debian/patches/CVE-2014-0098.patch: properly parse tokens in |
968 | + modules/loggers/mod_log_config.c. |
969 | + - CVE-2014-0098 |
970 | + |
971 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Mar 2014 08:34:10 -0400 |
972 | + |
973 | +apache2 (2.4.7-1ubuntu2) trusty; urgency=medium |
974 | + |
975 | + * d/index.html: replace Debian with Ubuntu on default page |
976 | + (LP: #1288690). |
977 | + |
978 | + -- Robie Basak <robie.basak@ubuntu.com> Wed, 19 Mar 2014 11:04:21 +0000 |
979 | + |
980 | +apache2 (2.4.7-1ubuntu1) trusty; urgency=medium |
981 | + |
982 | + * Merge from Debian unstable. Remaining changes: |
983 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
984 | + apache2.dirs}: Add ufw profiles. |
985 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
986 | + - d/control, d/config-dir/mods-available/ssl.conf, |
987 | + d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase: |
988 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
989 | + - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE |
990 | + to configure. |
991 | + - debian/patches/086_svn_cross_compiles: Backport several cross fixes |
992 | + from upstream |
993 | + - Build using lua5.2. |
994 | + - d/tests/chroot: dep8 test for ChrootDir case. |
995 | + - d/p/ignore-quilt-dir: adjust build system so that it does not use |
996 | + files find inside the .pc directory. This stops a double module load |
997 | + causing later havoc, including "ChrootDir" directive failure. |
998 | + * Drop changes: |
999 | + - debian/{control, rules}: Enable PIE hardening: no longer required; |
1000 | + 2.4.7-1 is already hardened. |
1001 | + - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved |
1002 | + out of this package. |
1003 | + * d/tests/ssl-passphrase: update for new default path /var/www/html. |
1004 | + * d/tests/duplicate-module-load: check for duplicate module loads. |
1005 | + |
1006 | + -- Robie Basak <robie.basak@ubuntu.com> Tue, 14 Jan 2014 17:23:47 +0000 |
1007 | + |
1008 | apache2 (2.4.7-1) unstable; urgency=low |
1009 | |
1010 | New upstream version |
1011 | @@ -807,6 +1565,53 @@ apache2 (2.4.6-3) unstable; urgency=low |
1012 | |
1013 | -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +0200 |
1014 | |
1015 | +apache2 (2.4.6-2ubuntu4) trusty; urgency=low |
1016 | + |
1017 | + * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so |
1018 | + that it does not use files find inside the .pc directory. This stops a |
1019 | + double module load causing later havoc, including "ChrootDir" directive |
1020 | + failure (LP: #1251939). Thanks to Stefan Fritsch. |
1021 | + * d/tests/chroot: dep8 test for ChrootDir case. |
1022 | + |
1023 | + -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 Nov 2013 16:21:51 +0000 |
1024 | + |
1025 | +apache2 (2.4.6-2ubuntu3) trusty; urgency=low |
1026 | + |
1027 | + * debian/apache2.install: Correct path for ufw. |
1028 | + (LP: #1252722) |
1029 | + |
1030 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 19 Nov 2013 08:59:54 -0500 |
1031 | + |
1032 | +apache2 (2.4.6-2ubuntu2) saucy; urgency=low |
1033 | + |
1034 | + * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes |
1035 | + passphrase prompting for SSL certificates that are passphrase protected. |
1036 | + * Add dep8 test for SSL passphrase prompting. |
1037 | + |
1038 | + -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 Aug 2013 13:08:52 +0000 |
1039 | + |
1040 | +apache2 (2.4.6-2ubuntu1) saucy; urgency=low |
1041 | + |
1042 | + * Merge from Debian unstable. Remaining changes: |
1043 | + - debian/{control, rules}: Enable PIE hardening. |
1044 | + - debian/{control, apache2.install, apache2-utils.ufw.profile, |
1045 | + apache2.dirs}: Add ufw profiles. |
1046 | + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. |
1047 | + - debian/control, debian/config-dir/mods-available/ssl.conf, |
1048 | + debian/ask-for-passphrase, debian/apache2.install: Plymouth aware |
1049 | + passphrase dialog program ask-for-passphrase. |
1050 | + - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE |
1051 | + to configure. |
1052 | + - debian/patches/086_svn_cross_compiles: Backport several cross fixes |
1053 | + from upstream |
1054 | + * Dropped changes: |
1055 | + - debian/patches/CVE-2013-1896.patch: upstream |
1056 | + * Fixed module dependencies (LP: #1205314) |
1057 | + - debian/config-dir/mods-available/lbmethod_*: properly specify |
1058 | + proxy_balancer, not mod_proxy_balancer. |
1059 | + |
1060 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2013 08:31:33 -0400 |
1061 | + |
1062 | apache2 (2.4.6-2) unstable; urgency=low |
1063 | |
1064 | [ Stefan Fritsch ] |
1065 | @@ -859,6 +1664,56 @@ apache2 (2.4.6-1) unstable; urgency=low |
1066 | |
1067 | -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +0200 |
1068 | |
1069 | +apache2 (2.4.4-6ubuntu5) saucy; urgency=low |
1070 | + |
1071 | + * SECURITY UPDATE: denial of service via MERGE request |
1072 | + - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI |
1073 | + in modules/dav/main/mod_dav.c. |
1074 | + - CVE-2013-1896 |
1075 | + |
1076 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Jul 2013 11:20:47 -0400 |
1077 | + |
1078 | +apache2 (2.4.4-6ubuntu4) saucy; urgency=low |
1079 | + |
1080 | + * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to |
1081 | + apache2-bin. apache2-utils is only suggested by apache2, so may not |
1082 | + always be installed by bug reporters. However, apache2-bin will always |
1083 | + need to be installed for Apache to be functional, so this is a better |
1084 | + place for the apport hook. apache2-bin already Conflicts/Replaces |
1085 | + apache2.2-common, so this also fixes (LP: #1199318). |
1086 | + * d/apache2.py: adjust apport hook for new location of configuration |
1087 | + files in apache2 >= 2.4: they have moved from apache2.2-common to |
1088 | + apache2. |
1089 | + |
1090 | + -- Robie Basak <robie.basak@ubuntu.com> Wed, 17 Jul 2013 17:54:22 +0000 |
1091 | + |
1092 | +apache2 (2.4.4-6ubuntu3) saucy; urgency=low |
1093 | + |
1094 | + * Build using lua5.2. |
1095 | + |
1096 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2013 14:24:42 +0200 |
1097 | + |
1098 | +apache2 (2.4.4-6ubuntu2) saucy; urgency=low |
1099 | + |
1100 | + * debian/rules: Fix FTBFS while installing ufw. |
1101 | + |
1102 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 10:10:14 -0500 |
1103 | + |
1104 | +apache2 (2.4.4-6ubuntu1) saucy; urgency=low |
1105 | + |
1106 | + * Merge from Debian unstable. Remaining changes: |
1107 | + - debian/{control, rules}: Enable PIE hardening. |
1108 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1109 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1110 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1111 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1112 | + * Dropped changes: |
1113 | + - debian/patches/CVE-2012-2687.patch: Dropped no longer needed. |
1114 | + - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed. |
1115 | + - debian/patches/CVE-2012-4929.patch: Dropped no longer needed. |
1116 | + |
1117 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 08:34:01 -0500 |
1118 | + |
1119 | apache2 (2.4.4-6) unstable; urgency=low |
1120 | |
1121 | * Denote exact versions breaking gnome-user-share now that Gnome maintainers |
1122 | @@ -1330,6 +2185,122 @@ apache2 (2.4.1-1) experimental; urgency=low |
1123 | |
1124 | -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +0100 |
1125 | |
1126 | +apache2 (2.2.22-6ubuntu5) raring; urgency=low |
1127 | + |
1128 | + * SECURITY UPDATE: multiple cross-site scripting issues |
1129 | + - debian/patches/CVE-2012-3499_4558.patch: properly escape html in |
1130 | + modules/generators/{mod_info.c,mod_status.c}, |
1131 | + modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c, |
1132 | + modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}. |
1133 | + - CVE-2012-3499 |
1134 | + - CVE-2012-4558 |
1135 | + * SECURITY UPDATE: symlink attack in apache2ctl script |
1136 | + - debian/apache2ctl: introduce and use a safer mkdir_chown() function. |
1137 | + - Thanks to Stefan Fritsch for the fix. |
1138 | + - CVE-2013-1048 |
1139 | + |
1140 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Mar 2013 07:59:58 -0400 |
1141 | + |
1142 | +apache2 (2.2.22-6ubuntu4) raring; urgency=low |
1143 | + |
1144 | + * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure. |
1145 | + * Skip module sanity check between MPMs if cross-building without the |
1146 | + kernel/binfmt support to run our target binaries on the build system. |
1147 | + * Backport several cross fixes from upstream as 086_svn_cross_compiles. |
1148 | + |
1149 | + -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Dec 2012 02:21:46 -0700 |
1150 | + |
1151 | +apache2 (2.2.22-6ubuntu3) raring; urgency=low |
1152 | + |
1153 | + * SECURITY UPDATE: XSS vulnerability in mod_negotiation |
1154 | + - debian/patches/CVE-2012-2687.patch: escape filenames in |
1155 | + modules/mappers/mod_negotiation.c. |
1156 | + - CVE-2012-2687 |
1157 | + * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854) |
1158 | + - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off |
1159 | + directive. Defaults to off as enabling compression enables the CRIME |
1160 | + attack. |
1161 | + - CVE-2012-4929 |
1162 | + |
1163 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Nov 2012 17:56:24 -0500 |
1164 | + |
1165 | +apache2 (2.2.22-6ubuntu2) quantal; urgency=low |
1166 | + |
1167 | + * debian/apache2.py |
1168 | + - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171) |
1169 | + - Check if this directory exists: /etc/apache2/sites-enabled/ |
1170 | + |
1171 | + -- Matthieu Baerts (matttbe) <matttbe@gmail.com> Mon, 16 Jul 2012 10:02:18 +0200 |
1172 | + |
1173 | +apache2 (2.2.22-6ubuntu1) quantal; urgency=low |
1174 | + |
1175 | + * Merge from Debian unstable. Remaining changes: |
1176 | + - debian/{control, rules}: Enable PIE hardening. |
1177 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1178 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1179 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1180 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1181 | + * Dropped changes: |
1182 | + - debian/control: Add bzr tag and point it to our tree; this is not |
1183 | + really required and just increases the delta. |
1184 | + |
1185 | + -- Robie Basak <robie.basak@ubuntu.com> Fri, 08 Jun 2012 11:37:31 +0100 |
1186 | + |
1187 | +apache2 (2.2.22-6) unstable; urgency=low |
1188 | + |
1189 | + [ Stefan Fritsch ] |
1190 | + * Fix regression causing apache2 to cache "206 partial content" responses, |
1191 | + and then serving these partial responses when replying to normal requests. |
1192 | + Closes: #671204 |
1193 | + * Add section to security.conf that shows how to forbid access to VCS |
1194 | + directories. Closes: #548213 |
1195 | + * Update ssl default cipher config, add alternative speed optimized config. |
1196 | + Closes: #649020 |
1197 | + * Add "AddCharset" for .brf files in default mod_mime config. |
1198 | + Closes: #402567 |
1199 | + * Don't create httpd.conf anymore and don't include it in apache2.conf. If |
1200 | + it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf |
1201 | + * Port some of the comments in apache2.conf from the 2.4 package. |
1202 | + * Compile mod_version statically, drop associated module load file. |
1203 | + * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the |
1204 | + configtest. |
1205 | + * Note in README.Debian that future versions of the package will have the |
1206 | + include statements changed to include only *.conf. |
1207 | + * Change compiled-in document root to /var/www, to avoid strange error |
1208 | + messages. |
1209 | + * Use "dh --with autotools_dev" instead of patching config.sub/config.guess. |
1210 | + |
1211 | + [ Arno Töll ] |
1212 | + * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible |
1213 | + to override LDFLAGS at compile time by defining LDLAGS in the environment, |
1214 | + just like it is possible for CFLAGS. This also means, config_vars.mk now |
1215 | + exports hardening build flags by default. |
1216 | + * Update doc-base metadata for the apache2-doc package. |
1217 | + |
1218 | + -- Stefan Fritsch <sf@debian.org> Tue, 29 May 2012 22:05:48 +0200 |
1219 | + |
1220 | +apache2 (2.2.22-5) unstable; urgency=low |
1221 | + |
1222 | + * Make LoadFile and LoadModule look in the standard search paths if the |
1223 | + dso file name is given as a pure filename. This helps with the multi-arch |
1224 | + transition. |
1225 | + |
1226 | + -- Stefan Fritsch <sf@debian.org> Mon, 30 Apr 2012 23:38:33 +0200 |
1227 | + |
1228 | +apache2 (2.2.22-4) unstable; urgency=high |
1229 | + |
1230 | + * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual |
1231 | + hosts' config files. |
1232 | + If scripting modules like mod_php or mod_rivet are enabled on systems |
1233 | + where either 1) some frontend server forwards connections to an apache2 |
1234 | + backend server on the localhost address, or 2) the machine running |
1235 | + apache2 is also used for web browsing, this could allow a remote |
1236 | + attacker to execute example scripts stored under /usr/share/doc. |
1237 | + Depending on the installed packages, this could lead to issues like cross |
1238 | + site scripting, code execution, or leakage of sensitive data. |
1239 | + |
1240 | + -- Stefan Fritsch <sf@debian.org> Sun, 15 Apr 2012 23:41:43 +0200 |
1241 | + |
1242 | apache2 (2.2.22-3) unstable; urgency=low |
1243 | |
1244 | * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch': |
1245 | @@ -1350,6 +2321,18 @@ apache2 (2.2.22-2) unstable; urgency=low |
1246 | |
1247 | -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +0100 |
1248 | |
1249 | +apache2 (2.2.22-1ubuntu1) precise; urgency=low |
1250 | + |
1251 | + * Merge from Debian testing. Remaining changes: |
1252 | + - debian/{control, rules}: Enable PIE hardening. |
1253 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1254 | + - debian/control: Add bzr tag and point it to our tree |
1255 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1256 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1257 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1258 | + |
1259 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 12 Feb 2012 20:06:35 -0500 |
1260 | + |
1261 | apache2 (2.2.22-1) unstable; urgency=low |
1262 | |
1263 | [ Stefan Fritsch ] |
1264 | @@ -1367,6 +2350,18 @@ apache2 (2.2.22-1) unstable; urgency=low |
1265 | |
1266 | -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +0100 |
1267 | |
1268 | +apache2 (2.2.21-5ubuntu1) precise; urgency=low |
1269 | + |
1270 | + * Merge from Debian testing. Remaining changes: |
1271 | + - debian/{control, rules}: Enable PIE hardening. |
1272 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1273 | + - debian/control: Add bzr tag and point it to our tree |
1274 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1275 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1276 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1277 | + |
1278 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jan 2012 06:26:31 +0000 |
1279 | + |
1280 | apache2 (2.2.21-5) unstable; urgency=low |
1281 | |
1282 | [ Arno Töll ] |
1283 | @@ -1420,6 +2415,26 @@ apache2 (2.2.21-4) unstable; urgency=low |
1284 | |
1285 | -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +0100 |
1286 | |
1287 | +apache2 (2.2.21-3ubuntu2) precise; urgency=low |
1288 | + |
1289 | + * d/ask-for-passphrase: Flip the logic of this script so that it checks |
1290 | + first to see if apache is being started from a TTY, and then if not, |
1291 | + tries plymouth. (LP: #887410) |
1292 | + |
1293 | + -- Clint Byrum <clint@ubuntu.com> Tue, 06 Dec 2011 16:49:33 -0800 |
1294 | + |
1295 | +apache2 (2.2.21-3ubuntu1) precise; urgency=low |
1296 | + |
1297 | + * Merge from Debian testing. Remaining changes: |
1298 | + - debian/{control, rules}: Enable PIE hardening. |
1299 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1300 | + - debian/control: Add bzr tag and point it to our tree |
1301 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1302 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1303 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1304 | + |
1305 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 09 Dec 2011 05:20:43 +0000 |
1306 | + |
1307 | apache2 (2.2.21-3) unstable; urgency=medium |
1308 | |
1309 | * Fix CVE-2011-4317: Prevent unintended pattern expansion in some |
1310 | @@ -1434,6 +2449,24 @@ apache2 (2.2.21-3) unstable; urgency=medium |
1311 | |
1312 | -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +0100 |
1313 | |
1314 | +apache2 (2.2.21-2ubuntu2) precise; urgency=low |
1315 | + |
1316 | + * No-change rebuild to drop spurious libsfgcc1 dependency on armhf. |
1317 | + |
1318 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Dec 2011 17:36:28 -0700 |
1319 | + |
1320 | +apache2 (2.2.21-2ubuntu1) precise; urgency=low |
1321 | + |
1322 | + * Merge from debian unstable. Remaining changes: |
1323 | + - debian/{control, rules}: Enable PIE hardening. |
1324 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1325 | + - debian/control: Add bzr tag and point it to our tree |
1326 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1327 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1328 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1329 | + |
1330 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 14 Oct 2011 16:01:29 +0000 |
1331 | + |
1332 | apache2 (2.2.21-2) unstable; urgency=high |
1333 | |
1334 | * Fix CVE-2011-3368: Prevent unintended pattern expansion in some |
1335 | @@ -1451,6 +2484,19 @@ apache2 (2.2.21-1) unstable; urgency=low |
1336 | |
1337 | -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +0200 |
1338 | |
1339 | +apache2 (2.2.20-1ubuntu1) oneiric; urgency=low |
1340 | + |
1341 | + * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991). |
1342 | + Remaining changes: |
1343 | + - debian/{control, rules}: Enable PIE hardening. |
1344 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1345 | + - debian/control: Add bzr tag and point it to our tree |
1346 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1347 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1348 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1349 | + |
1350 | + -- Steve Beattie <sbeattie@ubuntu.com> Tue, 06 Sep 2011 01:17:15 -0700 |
1351 | + |
1352 | apache2 (2.2.20-1) unstable; urgency=low |
1353 | |
1354 | * New upstream release. |
1355 | @@ -1473,6 +2519,18 @@ apache2 (2.2.19-2) unstable; urgency=high |
1356 | |
1357 | -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +0200 |
1358 | |
1359 | +apache2 (2.2.19-1ubuntu1) oneiric; urgency=low |
1360 | + |
1361 | + * Merge from debian unstable (LP: #787013). Remaining changes: |
1362 | + - debian/{control, rules}: Enable PIE hardening. |
1363 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1364 | + - debian/control: Add bzr tag and point it to our tree |
1365 | + - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. |
1366 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1367 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1368 | + |
1369 | + -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 23 May 2011 10:16:09 -0400 |
1370 | + |
1371 | apache2 (2.2.19-1) unstable; urgency=low |
1372 | |
1373 | * New upstream release. |
1374 | @@ -1490,6 +2548,18 @@ apache2 (2.2.19-1) unstable; urgency=low |
1375 | |
1376 | -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +0200 |
1377 | |
1378 | +apache2 (2.2.17-3ubuntu1) oneiric; urgency=low |
1379 | + |
1380 | + * Merge from debian unstable. Remaining changes: |
1381 | + - debian/{control, rules}: Enable PIE hardening. |
1382 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1383 | + - debian/control: Add bzr tag and point it to our tree |
1384 | + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. |
1385 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1386 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1387 | + |
1388 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 11 Apr 2011 02:13:30 +0100 |
1389 | + |
1390 | apache2 (2.2.17-3) unstable; urgency=low |
1391 | |
1392 | * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049 |
1393 | @@ -1516,6 +2586,18 @@ apache2 (2.2.17-2) unstable; urgency=high |
1394 | |
1395 | -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +0100 |
1396 | |
1397 | +apache2 (2.2.17-1ubuntu1) natty; urgency=low |
1398 | + |
1399 | + * Merge from debian unstable, remaining changes: |
1400 | + - debian/{control, rules}: Enable PIE hardening. |
1401 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1402 | + - debian/control: Add bzr tag and point it to our tree |
1403 | + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. |
1404 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1405 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1406 | + |
1407 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Feb 2011 13:02:08 -0500 |
1408 | + |
1409 | apache2 (2.2.17-1) unstable; urgency=low |
1410 | |
1411 | * New upstream version |
1412 | @@ -1524,6 +2606,32 @@ apache2 (2.2.17-1) unstable; urgency=low |
1413 | |
1414 | -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +0100 |
1415 | |
1416 | +apache2 (2.2.16-6ubuntu3) natty; urgency=low |
1417 | + |
1418 | + * debian/rules: Don't use "-fno-strict-aliasing" since it causes |
1419 | + apache FTBFS on amd64. (LP: #711293) |
1420 | + |
1421 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 01 Feb 2011 10:19:55 -0500 |
1422 | + |
1423 | +apache2 (2.2.16-6ubuntu2) natty; urgency=low |
1424 | + |
1425 | + * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug. |
1426 | + (LP: #697105) |
1427 | + |
1428 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 25 Jan 2011 11:14:58 -0500 |
1429 | + |
1430 | +apache2 (2.2.16-6ubuntu1) natty; urgency=low |
1431 | + |
1432 | + * Merge from debian unstable. Remaining changes: |
1433 | + - debian/{control, rules}: Enable PIE hardening. |
1434 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1435 | + - debian/control: Add bzr tag and point it to our tree |
1436 | + - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook. |
1437 | + - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: |
1438 | + Plymouth aware passphrase dialog program ask-for-passphrase. |
1439 | + |
1440 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 02 Jan 2011 06:05:51 +0000 |
1441 | + |
1442 | apache2 (2.2.16-6) unstable; urgency=low |
1443 | |
1444 | * Also add $named to the secondary-init-script example. |
1445 | @@ -1539,6 +2647,30 @@ apache2 (2.2.16-5) unstable; urgency=medium |
1446 | |
1447 | -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +0100 |
1448 | |
1449 | +apache2 (2.2.16-4ubuntu2) natty; urgency=low |
1450 | + |
1451 | + [Clint Byrum] |
1452 | + * Adding plymouth aware passphrase dialog program ask-for-passphrase. |
1453 | + (LP: #582963) |
1454 | + + debian/control: apache2.2-common depends on bash for ask-for-passphrase |
1455 | + + debian/config-dir/mods-available/ssl.conf: |
1456 | + - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase |
1457 | + |
1458 | + [Chuck Short] |
1459 | + * Add apport hook. (LP: #609177) |
1460 | + + debian/apache2.py, debian/apache2.2-common.install |
1461 | + |
1462 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:43 -0500 |
1463 | + |
1464 | +apache2 (2.2.16-4ubuntu1) natty; urgency=low |
1465 | + |
1466 | + * Merge from debian unstable. Remaining changes: |
1467 | + - debian/{control, rules}: Enable PIE hardening. |
1468 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1469 | + - debian/control: Add bzr tag and point it to our tree |
1470 | + |
1471 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:41 -0500 |
1472 | + |
1473 | apache2 (2.2.16-4) unstable; urgency=medium |
1474 | |
1475 | * Increase the mod_reqtimeout default timeouts to avoid potential problems |
1476 | @@ -1549,6 +2681,15 @@ apache2 (2.2.16-4) unstable; urgency=medium |
1477 | |
1478 | -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +0100 |
1479 | |
1480 | +apache2 (2.2.16-3ubuntu1) natty; urgency=low |
1481 | + |
1482 | + * Merge from debian unstable. Remaining changes: |
1483 | + - debian/{control, rules}: Enable PIE hardening. |
1484 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1485 | + - debian/control: Add bzr tag and point it to our tree. |
1486 | + |
1487 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 12 Oct 2010 11:54:48 +0100 |
1488 | + |
1489 | apache2 (2.2.16-3) unstable; urgency=high |
1490 | |
1491 | * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage. |
1492 | @@ -1571,6 +2712,30 @@ apache2 (2.2.16-2) unstable; urgency=low |
1493 | |
1494 | -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +0200 |
1495 | |
1496 | +apache2 (2.2.16-1ubuntu3) maverick; urgency=low |
1497 | + |
1498 | + * Revert "stty sane" to unbreak apache starting, this will have to be |
1499 | + fixed a different way. (LP: #626723) |
1500 | + |
1501 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 08 Sep 2010 08:33:17 -0400 |
1502 | + |
1503 | +apache2 (2.2.16-1ubuntu2) maverick; urgency=low |
1504 | + |
1505 | + * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a |
1506 | + password prompt when using apache-ssl. (LP: #582963) |
1507 | + |
1508 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 25 Aug 2010 09:25:05 -0400 |
1509 | + |
1510 | +apache2 (2.2.16-1ubuntu1) maverick; urgency=low |
1511 | + |
1512 | + * Merge from debian unstable. Remaining changes: |
1513 | + - debian/{control, rules}: Enable PIE hardening. |
1514 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1515 | + - debian/control: Add bzr tag and point it to our tree. |
1516 | + - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) |
1517 | + |
1518 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 26 Jul 2010 20:21:37 +0100 |
1519 | + |
1520 | apache2 (2.2.16-1) unstable; urgency=medium |
1521 | |
1522 | * Urgency medium for security fix. |
1523 | @@ -1603,6 +2768,24 @@ apache2 (2.2.15-6) unstable; urgency=low |
1524 | |
1525 | -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +0200 |
1526 | |
1527 | +apache2 (2.2.15-5ubuntu1) maverick; urgency=low |
1528 | + |
1529 | + * Merge from debian unstable. Remaining changes: |
1530 | + - debian/{control, rules}: Enable PIE hardening. |
1531 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1532 | + - debian/control: Add bzr tag and point it to our tree. |
1533 | + - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) |
1534 | + + Dropped: |
1535 | + - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed. |
1536 | + - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed. |
1537 | + - debian/config-dir/apache2.conf: Merged back from debian. |
1538 | + - mod-reqtimeout functionality: Merge back from debian. |
1539 | + - debian/patches/204_CVE-2010-0408.dpatch: No longer needed. |
1540 | + - debian/patches/205_CVE-2010-0434.dpatch: No longer needed. |
1541 | + - debian/patches/203_fix-ab-segfault.dpatch: No longer needed. |
1542 | + |
1543 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 01:28:04 +0100 |
1544 | + |
1545 | apache2 (2.2.15-5) unstable; urgency=low |
1546 | |
1547 | * Conflict with apache package as we now include apachectl. Closes: #579065 |
1548 | @@ -1723,6 +2906,80 @@ apache2 (2.2.14-6) unstable; urgency=low |
1549 | |
1550 | -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +0100 |
1551 | |
1552 | +apache2 (2.2.14-5ubuntu8) lucid; urgency=low |
1553 | + |
1554 | + * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so |
1555 | + (LP: #562370) |
1556 | + |
1557 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 13 Apr 2010 15:09:57 -0400 |
1558 | + |
1559 | +apache2 (2.2.14-5ubuntu7) lucid; urgency=low |
1560 | + |
1561 | + * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory |
1562 | + leaks by making sure to not destroy bucket brigades that have been created |
1563 | + by earlier filters. Backported from 2.2.15. |
1564 | + * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server |
1565 | + has reached MaxClients until it has. Backported from 2.2.15 |
1566 | + * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf |
1567 | + more secure by adding Satisfy all. (Debian bug: #572075) |
1568 | + * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch, |
1569 | + debian/config2-dir/mods-available/reqtimeout.load, |
1570 | + debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the |
1571 | + mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris |
1572 | + bug in apache. Enable it by default. (LP: #392759) |
1573 | + |
1574 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400 |
1575 | + |
1576 | +apache2 (2.2.14-5ubuntu6) lucid; urgency=low |
1577 | + |
1578 | + * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681) |
1579 | + |
1580 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 09:41:11 -0400 |
1581 | + |
1582 | +apache2 (2.2.14-5ubuntu5) lucid; urgency=low |
1583 | + |
1584 | + * Revert 99-fix-mod-dav-permissions.dpatch |
1585 | + |
1586 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 07:55:46 -0400 |
1587 | + |
1588 | +apache2 (2.2.14-5ubuntu4) lucid; urgency=low |
1589 | + |
1590 | + * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when |
1591 | + downloading files from webdav (LP: #540747) |
1592 | + * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381) |
1593 | + |
1594 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 29 Mar 2010 13:37:39 -0400 |
1595 | + |
1596 | +apache2 (2.2.14-5ubuntu3) lucid; urgency=low |
1597 | + |
1598 | + * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp |
1599 | + - debian/patches/204_CVE-2010-0408.dpatch: return the right error code |
1600 | + in modules/proxy/mod_proxy_ajp.c. |
1601 | + - CVE-2010-0408 |
1602 | + * SECURITY UPDATE: information disclosure via improper handling of |
1603 | + headers in subrequests |
1604 | + - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in |
1605 | + in server/protocol.c. |
1606 | + - CVE-2010-0434 |
1607 | + |
1608 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Mar 2010 14:48:48 -0500 |
1609 | + |
1610 | +apache2 (2.2.14-5ubuntu2) lucid; urgency=low |
1611 | + |
1612 | + * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really |
1613 | + wacky options. (LP: #450501) |
1614 | + |
1615 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 08 Mar 2010 14:53:17 -0500 |
1616 | + |
1617 | +apache2 (2.2.14-5ubuntu1) lucid; urgency=low |
1618 | + |
1619 | + * Merge from debian testing. Remaining changes: LP: #506862 |
1620 | + - debian/{control, rules}: Enable PIE hardening. |
1621 | + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. |
1622 | + - debian/control: Add bzr tag and point it to our tree. |
1623 | + |
1624 | + -- Bhavani Shankar <right2bhavi@gmail.com> Wed, 13 Jan 2010 14:28:41 +0530 |
1625 | + |
1626 | apache2 (2.2.14-5) unstable; urgency=low |
1627 | |
1628 | * Security: Further mitigation for the TLS renegotation attack |
1629 | @@ -1746,6 +3003,15 @@ apache2 (2.2.14-5) unstable; urgency=low |
1630 | |
1631 | -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +0100 |
1632 | |
1633 | +apache2 (2.2.14-4ubuntu1) lucid; urgency=low |
1634 | + |
1635 | + * Resynchronzie with Debian, remaining changes are: |
1636 | + - debian/{control, rules}: Enable PIE hardening. |
1637 | + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. |
1638 | + - debian/control: Add bzr tag and point it to our tree. |
1639 | + |
1640 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Dec 2009 14:44:51 -0500 |
1641 | + |
1642 | apache2 (2.2.14-4) unstable; urgency=low |
1643 | |
1644 | * Disable localized error pages again by default because they break |
1645 | @@ -1796,6 +3062,17 @@ apache2 (2.2.14-2) unstable; urgency=medium |
1646 | |
1647 | -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +0100 |
1648 | |
1649 | +apache2 (2.2.14-1ubuntu1) lucid; urgency=low |
1650 | + |
1651 | + * Merge from debian testing, remaining changes: |
1652 | + - debian/{control, rules}: Enable PIE hardening. |
1653 | + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. |
1654 | + - debian/conrol: Add bzr tag and point it to our tree. |
1655 | + - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: |
1656 | + Already applied upstream. |
1657 | + |
1658 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 00:29:03 +0000 |
1659 | + |
1660 | apache2 (2.2.14-1) unstable; urgency=low |
1661 | |
1662 | * New upstream version: |
1663 | @@ -1830,6 +3107,24 @@ apache2 (2.2.13-1) unstable; urgency=low |
1664 | |
1665 | -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +0200 |
1666 | |
1667 | +apache2 (2.2.12-1ubuntu2) karmic; urgency=low |
1668 | + |
1669 | + * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: |
1670 | + - Fix potential segfaults with the use of the legacy ap_rputs() etc |
1671 | + interfaces, in cases where an output filter fails. This happens |
1672 | + frequently after CVE-2009-1891 got fixed. (LP: #409987) |
1673 | + |
1674 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Aug 2009 15:38:47 -0400 |
1675 | + |
1676 | +apache2 (2.2.12-1ubuntu1) karmic; urgency=low |
1677 | + |
1678 | + * Merge from debian unstable, remaining changes: |
1679 | + - debian/{control,rules}: enable PIE hardening. |
1680 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1681 | + - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch. |
1682 | + |
1683 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 04 Aug 2009 20:04:24 +0100 |
1684 | + |
1685 | apache2 (2.2.12-1) unstable; urgency=low |
1686 | |
1687 | * New upstream release: |
1688 | @@ -1877,6 +3172,16 @@ apache2 (2.2.12-1) unstable; urgency=low |
1689 | |
1690 | -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +0200 |
1691 | |
1692 | +apache2 (2.2.11-7ubuntu1) karmic; urgency=low |
1693 | + |
1694 | + * Merge from debian unstable, remaining changes: LP: #398130 |
1695 | + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: |
1696 | + Fix timefmt is ignored when XBitHack is on. (LP: #258914) |
1697 | + - debian/{control,rules}: enable PIE hardening. |
1698 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1699 | + |
1700 | + -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 11 Jul 2009 16:34:32 +0530 |
1701 | + |
1702 | apache2 (2.2.11-7) unstable; urgency=low |
1703 | |
1704 | * Security fixes: |
1705 | @@ -1891,6 +3196,16 @@ apache2 (2.2.11-7) unstable; urgency=low |
1706 | |
1707 | -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +0200 |
1708 | |
1709 | +apache2 (2.2.11-6ubuntu1) karmic; urgency=low |
1710 | + |
1711 | + * Merge from debian unstable, remaining changes: |
1712 | + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: |
1713 | + Fix timefmt is ignored when XBitHack is on. (LP: #258914) |
1714 | + - debian/{control,rules}: enable PIE hardening. |
1715 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1716 | + |
1717 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Jun 2009 01:01:23 +0100 |
1718 | + |
1719 | apache2 (2.2.11-6) unstable; urgency=high |
1720 | |
1721 | * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server |
1722 | @@ -1899,6 +3214,16 @@ apache2 (2.2.11-6) unstable; urgency=high |
1723 | |
1724 | -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +0200 |
1725 | |
1726 | +apache2 (2.2.11-5ubuntu1) karmic; urgency=low |
1727 | + |
1728 | + * Merge from debian unstable, remaining changes: |
1729 | + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: |
1730 | + Fix timefmt is ignored when XBitHack is on. (LP: #258914) |
1731 | + - debian/{control,rules}: enable PIE hardening. |
1732 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1733 | + |
1734 | + -- Andrew Mitchell <ajmitch@ubuntu.com> Wed, 03 Jun 2009 14:10:54 +1200 |
1735 | + |
1736 | apache2 (2.2.11-5) unstable; urgency=low |
1737 | |
1738 | * Move all binaries into a new package apache2.2-bin and make |
1739 | @@ -1947,6 +3272,16 @@ apache2 (2.2.11-4) unstable; urgency=low |
1740 | |
1741 | -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +0200 |
1742 | |
1743 | +apache2 (2.2.11-3ubuntu1) karmic; urgency=low |
1744 | + |
1745 | + * Merge from debian unstable, remaining changes: |
1746 | + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: |
1747 | + Fix timefmt is ignored when XBitHack is on. (LP: #258914) |
1748 | + - debian/{control,rules}: enable PIE hardening. |
1749 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1750 | + |
1751 | + -- Andrew Mitchell <ajmitch@ubuntu.com> Tue, 12 May 2009 16:15:34 +1200 |
1752 | + |
1753 | apache2 (2.2.11-3) unstable; urgency=low |
1754 | |
1755 | * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap |
1756 | @@ -1955,6 +3290,21 @@ apache2 (2.2.11-3) unstable; urgency=low |
1757 | |
1758 | -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +0200 |
1759 | |
1760 | +apache2 (2.2.11-2ubuntu2) jaunty; urgency=low |
1761 | + |
1762 | + * debian/patches/203_fix-ssi-timeftm-ignored.dpatch: |
1763 | + Fix timefmt is ignored when XBitHack is on. (LP: #258914) |
1764 | + |
1765 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 01 Apr 2009 11:39:17 -0400 |
1766 | + |
1767 | +apache2 (2.2.11-2ubuntu1) jaunty; urgency=low |
1768 | + |
1769 | + * Merge from debian unstable, remaining changes: |
1770 | + - debian/{contro,rules}: enable PIE hardening. |
1771 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1772 | + |
1773 | + -- Chuck Short <zulcss@ubuntu.com> Sat, 17 Jan 2009 00:02:55 +0000 |
1774 | + |
1775 | apache2 (2.2.11-2) unstable; urgency=low |
1776 | |
1777 | * Report an error instead instead of segfaulting when apr_pollset_create |
1778 | @@ -1964,6 +3314,14 @@ apache2 (2.2.11-2) unstable; urgency=low |
1779 | |
1780 | -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +0100 |
1781 | |
1782 | +apache2 (2.2.11-1ubuntu1) jaunty; urgency=low |
1783 | + |
1784 | + * Merge from debian unstable, remaining changes: |
1785 | + - debian/{control, rules}: enable PIE hardening. |
1786 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1787 | + |
1788 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 15 Dec 2008 00:06:50 +0000 |
1789 | + |
1790 | apache2 (2.2.11-1) unstable; urgency=low |
1791 | |
1792 | [Thom May] |
1793 | @@ -1978,6 +3336,14 @@ apache2 (2.2.11-1) unstable; urgency=low |
1794 | |
1795 | -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +0100 |
1796 | |
1797 | +apache2 (2.2.9-11ubuntu1) jaunty; urgency=low |
1798 | + |
1799 | + * Merge from debian unstable, remaining changes: (LP: #303375) |
1800 | + - debian/{control, rules}: enable PIE hardening. |
1801 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1802 | + |
1803 | + -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 29 Nov 2008 14:02:31 +0530 |
1804 | + |
1805 | apache2 (2.2.9-11) unstable; urgency=low |
1806 | |
1807 | * Regression fix from upstream svn for mod_proxy: |
1808 | @@ -1992,6 +3358,14 @@ apache2 (2.2.9-11) unstable; urgency=low |
1809 | |
1810 | -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +0100 |
1811 | |
1812 | +apache2 (2.2.9-10ubuntu1) jaunty; urgency=low |
1813 | + |
1814 | + * Merge from debian unstable, remaining changes: |
1815 | + - debian/{control, rules}: enable PIE hardening. |
1816 | + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. |
1817 | + |
1818 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 05 Nov 2008 02:23:18 -0400 |
1819 | + |
1820 | apache2 (2.2.9-10) unstable; urgency=low |
1821 | |
1822 | * Regression fix from upstream svn for mod_proxy_http: |
1823 | @@ -2022,6 +3396,27 @@ apache2 (2.2.9-8) unstable; urgency=low |
1824 | |
1825 | -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +0200 |
1826 | |
1827 | +apache2 (2.2.9-7ubuntu3) intrepid; urgency=low |
1828 | + |
1829 | + * Revert logrotate change since it will break it for everyone. |
1830 | + |
1831 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 19 Sep 2008 09:32:01 -0400 |
1832 | + |
1833 | +apache2 (2.2.9-7ubuntu2) intrepid; urgency=low |
1834 | + |
1835 | + * debian/logrotate: Restart rather than reload for busy websites. |
1836 | + (LP: #270899) |
1837 | + |
1838 | + -- Chuck Short <zulcss@ubuntu.com> Thu, 18 Sep 2008 08:42:22 -0400 |
1839 | + |
1840 | +apache2 (2.2.9-7ubuntu1) intrepid; urgency=low |
1841 | + |
1842 | + * Merge from debian unstable, remaining changes: |
1843 | + - debian/{control,rules}: enable PIE hardening. |
1844 | + - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles. |
1845 | + |
1846 | + -- Kees Cook <kees@ubuntu.com> Thu, 28 Aug 2008 08:10:59 -0700 |
1847 | + |
1848 | apache2 (2.2.9-7) unstable; urgency=low |
1849 | |
1850 | * Fix XSS in mod_proxy_ftp (CVE-2008-2939). |
1851 | @@ -2064,6 +3459,23 @@ apache2 (2.2.9-4) unstable; urgency=low |
1852 | |
1853 | -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +0200 |
1854 | |
1855 | +apache2 (2.2.9-3ubuntu2) intrepid; urgency=low |
1856 | + |
1857 | + * add ufw integration (see |
1858 | + https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages) |
1859 | + (LP: #261198) |
1860 | + - debian/control: suggest ufw for apache2.2-common |
1861 | + - add apache2.2-common.ufw.profile with 3 profiles and install it to |
1862 | + /etc/ufw/applications.d/apache2.2-common |
1863 | + |
1864 | + -- Didier Roche <didrocks@ubuntu-fr.org> Tue, 26 Aug 2008 19:03:42 +0200 |
1865 | + |
1866 | +apache2 (2.2.9-3ubuntu1) intrepid; urgency=low |
1867 | + |
1868 | + * debian/{control,rules}: enable PIE hardening |
1869 | + |
1870 | + -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:45:00 -0700 |
1871 | + |
1872 | apache2 (2.2.9-3) unstable; urgency=low |
1873 | |
1874 | [ Stefan Fritsch ] |
1875 | @@ -4144,3 +5556,4 @@ apache2 (2.0.18-1) unstable; urgency=low |
1876 | * Initial Release. |
1877 | |
1878 | -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +1000 |
1879 | + |
1880 | diff --git a/debian/config-dir/mods-available/md.load b/debian/config-dir/mods-available/md.load |
1881 | deleted file mode 100644 |
1882 | index 812a6a6..0000000 |
1883 | --- a/debian/config-dir/mods-available/md.load |
1884 | +++ /dev/null |
1885 | @@ -1 +0,0 @@ |
1886 | -LoadModule md_module /usr/lib/apache2/modules/mod_md.so |
1887 | diff --git a/debian/control b/debian/control |
1888 | index 5bddb33..15957e5 100644 |
1889 | --- a/debian/control |
1890 | +++ b/debian/control |
1891 | @@ -1,7 +1,8 @@ |
1892 | Source: apache2 |
1893 | Section: httpd |
1894 | Priority: optional |
1895 | -Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> |
1896 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
1897 | +XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> |
1898 | Uploaders: Stefan Fritsch <sf@debian.org>, |
1899 | Arno Töll <arno@debian.org>, |
1900 | Ondřej Surý <ondrej@debian.org> |
1901 | @@ -18,9 +19,7 @@ Build-Depends: debhelper (>= 9.20160709~), |
1902 | libxml2-dev, |
1903 | lsb-release, |
1904 | perl, |
1905 | - zlib1g-dev, |
1906 | - libcurl4-openssl-dev | libcurl4-dev, |
1907 | - libjansson-dev |
1908 | + zlib1g-dev |
1909 | Build-Conflicts: autoconf2.13 |
1910 | Standards-Version: 4.1.2 |
1911 | Vcs-Browser: https://salsa.debian.org/apache-team/apache2 |
1912 | @@ -44,15 +43,14 @@ Provides: httpd, |
1913 | Recommends: ssl-cert |
1914 | Conflicts: apache2.2-bin, |
1915 | apache2.2-common |
1916 | -Breaks: libapache2-mod-md (<< 2.4.33), |
1917 | - libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1918 | +Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1919 | Replaces: apache2.2-bin, |
1920 | apache2.2-common, |
1921 | - libapache2-mod-md (<< 2.4.33), |
1922 | libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1923 | Suggests: apache2-doc, |
1924 | apache2-suexec-pristine | apache2-suexec-custom, |
1925 | - www-browser |
1926 | + www-browser, |
1927 | + ufw |
1928 | Description: Apache HTTP Server |
1929 | The Apache HTTP Server Project's goal is to build a secure, efficient and |
1930 | extensible HTTP server as standards-compliant open source software. The |
1931 | @@ -81,10 +79,8 @@ Depends: ${misc:Depends}, |
1932 | Provides: ${apache2:API} |
1933 | Breaks: gridsite (<< 3.0.0~20170225gitd51b2fd-1~), |
1934 | libapache2-mod-dacs (<= 1.4.38a-2), |
1935 | - libapache2-mod-md (<< 2.4.33), |
1936 | libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1937 | -Replaces: libapache2-mod-md (<< 2.4.33), |
1938 | - libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1939 | +Replaces: libapache2-mod-proxy-uwsgi (<< 2.4.33) |
1940 | Suggests: apache2-doc, |
1941 | apache2-suexec-pristine | apache2-suexec-custom, |
1942 | www-browser |
1943 | @@ -210,14 +206,6 @@ Description: Apache debugging symbols |
1944 | crashing server instances and modules. See |
1945 | /usr/share/doc/apache2/README.backtrace for more information. |
1946 | |
1947 | -Package: libapache2-mod-md |
1948 | -Architecture: any |
1949 | -Section: oldlibs |
1950 | -Depends: ${misc:Depends}, apache2 (= ${binary:Version}) |
1951 | -Description: transitional package |
1952 | - This is a transitional package to apache2 for users of libapache2-mod-md. |
1953 | - It can be safely removed after the installation is complete. |
1954 | - |
1955 | Package: libapache2-mod-proxy-uwsgi |
1956 | Architecture: any |
1957 | Section: oldlibs |
1958 | diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png |
1959 | new file mode 100644 |
1960 | index 0000000..4db2fa1 |
1961 | Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ |
1962 | diff --git a/debian/index.html b/debian/index.html |
1963 | index 766401d..96ed444 100644 |
1964 | --- a/debian/index.html |
1965 | +++ b/debian/index.html |
1966 | @@ -1,9 +1,14 @@ |
1967 | |
1968 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
1969 | <html xmlns="http://www.w3.org/1999/xhtml"> |
1970 | + <!-- |
1971 | + Modified from the Debian original for Ubuntu |
1972 | + Last updated: 2016-11-16 |
1973 | + See: https://launchpad.net/bugs/1288690 |
1974 | + --> |
1975 | <head> |
1976 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
1977 | - <title>Apache2 Debian Default Page: It works</title> |
1978 | + <title>Apache2 Ubuntu Default Page: It works</title> |
1979 | <style type="text/css" media="screen"> |
1980 | * { |
1981 | margin: 0px 0px 0px 0px; |
1982 | @@ -188,9 +193,9 @@ |
1983 | <body> |
1984 | <div class="main_page"> |
1985 | <div class="page_header floating_element"> |
1986 | - <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/> |
1987 | + <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/> |
1988 | <span class="floating_element"> |
1989 | - Apache2 Debian Default Page |
1990 | + Apache2 Ubuntu Default Page |
1991 | </span> |
1992 | </div> |
1993 | <!-- <div class="table_of_contents floating_element"> |
1994 | @@ -221,7 +226,9 @@ |
1995 | <div class="content_section_text"> |
1996 | <p> |
1997 | This is the default welcome page used to test the correct |
1998 | - operation of the Apache2 server after installation on Debian systems. |
1999 | + operation of the Apache2 server after installation on Ubuntu systems. |
2000 | + It is based on the equivalent page on Debian, from which the Ubuntu Apache |
2001 | + packaging is derived. |
2002 | If you can read this page, it means that the Apache HTTP server installed at |
2003 | this site is working properly. You should <b>replace this file</b> (located at |
2004 | <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server. |
2005 | @@ -242,9 +249,9 @@ |
2006 | </div> |
2007 | <div class="content_section_text"> |
2008 | <p> |
2009 | - Debian's Apache2 default configuration is different from the |
2010 | + Ubuntu's Apache2 default configuration is different from the |
2011 | upstream default configuration, and split into several files optimized for |
2012 | - interaction with Debian tools. The configuration system is |
2013 | + interaction with Ubuntu tools. The configuration system is |
2014 | <b>fully documented in |
2015 | /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full |
2016 | documentation. Documentation for the web server itself can be |
2017 | @@ -253,7 +260,7 @@ |
2018 | |
2019 | </p> |
2020 | <p> |
2021 | - The configuration layout for an Apache2 web server installation on Debian systems is as follows: |
2022 | + The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows: |
2023 | </p> |
2024 | <pre> |
2025 | /etc/apache2/ |
2026 | @@ -324,7 +331,7 @@ |
2027 | |
2028 | <div class="content_section_text"> |
2029 | <p> |
2030 | - By default, Debian does not allow access through the web browser to |
2031 | + By default, Ubuntu does not allow access through the web browser to |
2032 | <em>any</em> file apart of those located in <tt>/var/www</tt>, |
2033 | <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a> |
2034 | directories (when enabled) and <tt>/usr/share</tt> (for web |
2035 | @@ -333,7 +340,7 @@ |
2036 | document root directory in <tt>/etc/apache2/apache2.conf</tt>. |
2037 | </p> |
2038 | <p> |
2039 | - The default Debian document root is <tt>/var/www/html</tt>. You |
2040 | + The default Ubuntu document root is <tt>/var/www/html</tt>. You |
2041 | can make your own virtual hosts under /var/www. This is different |
2042 | to previous releases which provides better security out of the box. |
2043 | </p> |
2044 | @@ -345,9 +352,9 @@ |
2045 | </div> |
2046 | <div class="content_section_text"> |
2047 | <p> |
2048 | - Please use the <tt>reportbug</tt> tool to report bugs in the |
2049 | - Apache2 package with Debian. However, check <a |
2050 | - href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0" |
2051 | + Please use the <tt>ubuntu-bug</tt> tool to report bugs in the |
2052 | + Apache2 package with Ubuntu. However, check <a |
2053 | + href="https://bugs.launchpad.net/ubuntu/+source/apache2" |
2054 | rel="nofollow">existing bug reports</a> before reporting a new bug. |
2055 | </p> |
2056 | <p> |
2057 | diff --git a/debian/patches/086_svn_cross_compiles b/debian/patches/086_svn_cross_compiles |
2058 | new file mode 100644 |
2059 | index 0000000..b237908 |
2060 | --- /dev/null |
2061 | +++ b/debian/patches/086_svn_cross_compiles |
2062 | @@ -0,0 +1,118 @@ |
2063 | +Description: Pull upstream fixes for autotools for cross-compiling |
2064 | +Author: Adam Conrad <adconrad@ubuntu.com> |
2065 | +Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328445 |
2066 | +Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1327907 |
2067 | +Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328390 |
2068 | +Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328714 |
2069 | +Forwarded: not-needed |
2070 | + |
2071 | +Index: apache2-2.4.29/acinclude.m4 |
2072 | +=================================================================== |
2073 | +--- apache2-2.4.29.orig/acinclude.m4 2017-11-10 10:56:51.488205250 -0500 |
2074 | ++++ apache2-2.4.29/acinclude.m4 2017-11-10 10:56:51.484205199 -0500 |
2075 | +@@ -55,6 +55,8 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[ |
2076 | + APACHE_SUBST(CPPFLAGS) |
2077 | + APACHE_SUBST(CFLAGS) |
2078 | + APACHE_SUBST(CXXFLAGS) |
2079 | ++ APACHE_SUBST(CC_FOR_BUILD) |
2080 | ++ APACHE_SUBST(CFLAGS_FOR_BUILD) |
2081 | + APACHE_SUBST(LTFLAGS) |
2082 | + APACHE_SUBST(LDFLAGS) |
2083 | + APACHE_SUBST(LT_LDFLAGS) |
2084 | +@@ -697,7 +699,7 @@ int main(void) |
2085 | + { |
2086 | + return sizeof(void *) < sizeof(long); |
2087 | + }], [ap_cv_void_ptr_lt_long=no], [ap_cv_void_ptr_lt_long=yes], |
2088 | +- [ap_cv_void_ptr_lt_long=yes])]) |
2089 | ++ [ap_cv_void_ptr_lt_long="cross compile - not checked"])]) |
2090 | + |
2091 | + if test "$ap_cv_void_ptr_lt_long" = "yes"; then |
2092 | + AC_MSG_ERROR([Size of "void *" is less than size of "long"]) |
2093 | +Index: apache2-2.4.29/configure |
2094 | +=================================================================== |
2095 | +--- apache2-2.4.29.orig/configure 2017-11-10 10:56:51.488205250 -0500 |
2096 | ++++ apache2-2.4.29/configure 2017-11-10 10:56:51.488205250 -0500 |
2097 | +@@ -662,6 +662,8 @@ HTTPD_LDFLAGS |
2098 | + SH_LDFLAGS |
2099 | + LT_LDFLAGS |
2100 | + LTFLAGS |
2101 | ++CFLAGS_FOR_BUILD |
2102 | ++CC_FOR_BUILD |
2103 | + CXXFLAGS |
2104 | + CXX |
2105 | + other_targets |
2106 | +@@ -6071,6 +6073,12 @@ fi |
2107 | + |
2108 | + |
2109 | + |
2110 | ++if test "x${build_alias}" != "x${host_alias}"; then |
2111 | ++ if test "x${CC_FOR_BUILD}" = "x"; then |
2112 | ++ CC_FOR_BUILD=cc |
2113 | ++ fi |
2114 | ++fi |
2115 | ++ |
2116 | + if test "x${cache_file}" = "x/dev/null"; then |
2117 | + # Likewise, ensure that CC and CPP are passed through to the pcre |
2118 | + # configure script iff caching is disabled (the autoconf 2.5x default). |
2119 | +@@ -7698,7 +7706,7 @@ if ${ap_cv_void_ptr_lt_long+:} false; th |
2120 | + $as_echo_n "(cached) " >&6 |
2121 | + else |
2122 | + if test "$cross_compiling" = yes; then : |
2123 | +- ap_cv_void_ptr_lt_long=yes |
2124 | ++ ap_cv_void_ptr_lt_long="cross compile - not checked" |
2125 | + else |
2126 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2127 | + /* end confdefs.h. */ |
2128 | +@@ -37522,6 +37530,14 @@ $as_echo "$as_me: " >&6;} |
2129 | + |
2130 | + |
2131 | + |
2132 | ++ APACHE_VAR_SUBST="$APACHE_VAR_SUBST CC_FOR_BUILD" |
2133 | ++ |
2134 | ++ |
2135 | ++ |
2136 | ++ APACHE_VAR_SUBST="$APACHE_VAR_SUBST CFLAGS_FOR_BUILD" |
2137 | ++ |
2138 | ++ |
2139 | ++ |
2140 | + APACHE_VAR_SUBST="$APACHE_VAR_SUBST LTFLAGS" |
2141 | + |
2142 | + |
2143 | +Index: apache2-2.4.29/configure.in |
2144 | +=================================================================== |
2145 | +--- apache2-2.4.29.orig/configure.in 2017-11-10 10:56:51.488205250 -0500 |
2146 | ++++ apache2-2.4.29/configure.in 2017-11-10 10:56:51.488205250 -0500 |
2147 | +@@ -206,6 +206,14 @@ AC_PROG_CPP |
2148 | + dnl Try to get c99 support for variadic macros |
2149 | + ifdef([AC_PROG_CC_C99], [AC_PROG_CC_C99]) |
2150 | + |
2151 | ++dnl In case of cross compilation we set CC_FOR_BUILD to cc unless |
2152 | ++dnl we got already CC_FOR_BUILD from environment. |
2153 | ++if test "x${build_alias}" != "x${host_alias}"; then |
2154 | ++ if test "x${CC_FOR_BUILD}" = "x"; then |
2155 | ++ CC_FOR_BUILD=cc |
2156 | ++ fi |
2157 | ++fi |
2158 | ++ |
2159 | + if test "x${cache_file}" = "x/dev/null"; then |
2160 | + # Likewise, ensure that CC and CPP are passed through to the pcre |
2161 | + # configure script iff caching is disabled (the autoconf 2.5x default). |
2162 | +Index: apache2-2.4.29/server/Makefile.in |
2163 | +=================================================================== |
2164 | +--- apache2-2.4.29.orig/server/Makefile.in 2017-11-10 10:56:51.488205250 -0500 |
2165 | ++++ apache2-2.4.29/server/Makefile.in 2017-11-10 10:56:51.488205250 -0500 |
2166 | +@@ -24,9 +24,14 @@ TARGETS = delete-exports $(LTLIBRARY_NAM |
2167 | + include $(top_builddir)/build/rules.mk |
2168 | + include $(top_srcdir)/build/library.mk |
2169 | + |
2170 | ++ifdef CC_FOR_BUILD |
2171 | ++gen_test_char: gen_test_char.c |
2172 | ++ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $< |
2173 | ++else |
2174 | + gen_test_char_OBJECTS = gen_test_char.lo |
2175 | + gen_test_char: $(gen_test_char_OBJECTS) |
2176 | + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) |
2177 | ++endif |
2178 | + |
2179 | + test_char.h: gen_test_char |
2180 | + ./gen_test_char > test_char.h |
2181 | diff --git a/debian/patches/series b/debian/patches/series |
2182 | index 3073444..e1f544d 100644 |
2183 | --- a/debian/patches/series |
2184 | +++ b/debian/patches/series |
2185 | @@ -8,3 +8,6 @@ reproducible_builds.diff |
2186 | # This patch is applied manually |
2187 | #suexec-custom.patch |
2188 | setenvifexpr.diff |
2189 | + |
2190 | +# Patches added by Ubuntu |
2191 | +086_svn_cross_compiles |
2192 | diff --git a/debian/rules b/debian/rules |
2193 | index ddd01e5..49ec37a 100755 |
2194 | --- a/debian/rules |
2195 | +++ b/debian/rules |
2196 | @@ -113,6 +113,7 @@ configure-stamp: prebuild-checks-stamp support/suexec-custom.c |
2197 | --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config \ |
2198 | --with-pcre=yes \ |
2199 | --enable-pie \ |
2200 | + --disable-md \ |
2201 | --enable-mpms-shared=all \ |
2202 | --enable-mods-shared="all brotli cgi ident authnz_fcgi imagemap cern_meta proxy_fdpass proxy_http2 bucketeer case_filter case_filter_in" \ |
2203 | --enable-mods-static="unixd logio watchdog version" \ |
2204 | @@ -177,7 +178,7 @@ override_dh_installdocs-indep: |
2205 | dh_installdocs -i |
2206 | |
2207 | override_dh_installdocs-arch: |
2208 | - dh_installdocs --link-doc=apache2 -papache2 -papache2-dbg -plibapache2-mod-md -plibapache2-mod-proxy-uwsgi |
2209 | + dh_installdocs --link-doc=apache2 -papache2 -papache2-dbg -plibapache2-mod-proxy-uwsgi |
2210 | dh_installdocs --link-doc=apache2-dev -papache2-ssl-dev |
2211 | dh_installdocs -a |
2212 | |
2213 | diff --git a/debian/source/include-binaries b/debian/source/include-binaries |
2214 | index ff777a2..b32d256 100644 |
2215 | --- a/debian/source/include-binaries |
2216 | +++ b/debian/source/include-binaries |
2217 | @@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png |
2218 | debian/icons/odf6ots-20x22.png |
2219 | debian/icons/odf6ott-20x22.png |
2220 | debian/icons/openlogo-75.png |
2221 | +debian/icons/ubuntu-logo.png |
2222 | debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml |
2223 | debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php |
2224 | debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml |
2225 | diff --git a/debian/tests/check-http2 b/debian/tests/check-http2 |
2226 | new file mode 100644 |
2227 | index 0000000..6bc9125 |
2228 | --- /dev/null |
2229 | +++ b/debian/tests/check-http2 |
2230 | @@ -0,0 +1,41 @@ |
2231 | +#!/bin/sh |
2232 | +set -uxe |
2233 | + |
2234 | +# http2 is rather new, check that it at least generally works |
2235 | +# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com> |
2236 | + |
2237 | +a2enmod http2 |
2238 | +a2enmod ssl |
2239 | +a2ensite default-ssl |
2240 | +# Enable globally |
2241 | +echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf |
2242 | +service apache2 restart |
2243 | + |
2244 | +# Use curl here. wget doesn't work on Debian, even with --no-check-certificate |
2245 | +# wget on Debian gives me: |
2246 | +# GnuTLS: A TLS warning alert has been received. |
2247 | +# Unable to establish SSL connection. |
2248 | +# Presumably this is due to the self-signed certificate, but I'm not sure how |
2249 | +# to skip the warning with wget. curl will do for now. |
2250 | +echo "Hello, world!" > /var/www/html/hello.txt |
2251 | + |
2252 | +testapache () { |
2253 | + cmd="${1}" |
2254 | + result=$(${cmd}) |
2255 | + |
2256 | + if [ "$result" != "Hello, world!" ]; then |
2257 | + echo "Unexpected result: ${result}" >&2 |
2258 | + exit 1 |
2259 | + else |
2260 | + echo OK |
2261 | + fi |
2262 | +} |
2263 | + |
2264 | +# https shall not affect http |
2265 | +testapache "curl -s -k http://localhost/hello.txt" |
2266 | +# https shall not affect https |
2267 | +testapache "curl -s -k https://localhost/hello.txt" |
2268 | +#plain http2 |
2269 | +testapache "nghttp --no-verify-peer https://localhost/hello.txt" |
2270 | +#http2 upgrade |
2271 | +testapache "nghttp -u --no-verify-peer http://localhost/hello.txt" |
2272 | diff --git a/debian/tests/control b/debian/tests/control |
2273 | index fb913b5..230f19e 100644 |
2274 | --- a/debian/tests/control |
2275 | +++ b/debian/tests/control |
2276 | @@ -23,6 +23,10 @@ Tests: ssl-passphrase |
2277 | Restrictions: needs-root allow-stderr breaks-testbed |
2278 | Depends: apache2, curl, expect, ssl-cert |
2279 | |
2280 | +Tests: check-http2 |
2281 | +Restrictions: needs-root allow-stderr breaks-testbed |
2282 | +Depends: apache2, curl, ssl-cert, nghttp2-client |
2283 | + |
2284 | Tests: chroot |
2285 | Features: no-build-needed |
2286 | Restrictions: needs-root allow-stderr breaks-testbed |
Retriggering tests with proposed