Ubuntu
apache2 package

Merge ~ahasenack/ubuntu/+source/apache2:groovy-apache-2446-merge into ubuntu/+source/apache2:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/apache2
  3. groovy-apache-2446-merge
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 3714ceecdc70c9c36364407cc706224f51585e47
Merge reported by: Christian Ehrhardt 
Merged at revision: 3714ceecdc70c9c36364407cc706224f51585e47
Proposed branch: ~ahasenack/ubuntu/+source/apache2:groovy-apache-2446-merge
Merge into: ubuntu/+source/apache2:debian/sid
Diff against target: 2378 lines (+1777/-17)
14 files modified
debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+1/-0)
debian/apache2.py (+48/-0)
debian/changelog (+1638/-2)
debian/control (+4/-2)
debian/index.html (+19/-12)
debian/perl-framework/t/apache/expr_string.t (+4/-0)
debian/perl-framework/t/modules/allowmethods.t (+0/-1)
debian/source/include-binaries (+1/-0)
debian/tests/check-http2 (+41/-0)
debian/tests/control (+4/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+389757@code.launchpad.net

Description of the change

Merge from debian, new upstream 2.4.46

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/apache-2446-merge/

No delta drops or adds this time. The test sleep that debian doesn't have is upstream, so eventually debian will get it when they refresh the test framework in debian/perl-framework

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

At the moment, the build is failing due to the glib2/ffi mess:

 libglib2.0-0 : Depends: libffi8.1.0 (>= 3.4~20200819)

This is being worked on, and hopefully tomorrow I can retry and it will be green.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I couldn't restart the build in your personal PPA for a try (another +1 for bileto I guess).

Reading the changelog .42 -> .46 didn't show anything concerning.
https://www.apachelounge.com/Changelog-2.4.html
nghttp2 is already on 1.41 so we are ok for that.
The load balancing changes to h2 might be impactful but LGTM.

Remaining Delta seems ok - test sleep is upstream as you mentioned.

The one Delta I wonder is "086_svn_cross_compiles" which we carry since raring.
It is mentioned as "backport from upstream" - shouldn't these be in the upstream version after 8 years? The Origin links in the patch make no sense for what the patch does.
If anything these would be better:
https://patchwork.ozlabs.org/<email address hidden>/
http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff

Since we need to rebuild anyway - do you think we could try dropping these?

+1 for the proposed MP with a bonus if we could try dropping this ancient patch for a try (after libffi is resolved).

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The annoying svn patch is committed in trunk, to be 2.5, but I have no idea when 2.5 will be released. I asked infinity a while ago on irc what the story was behind the patch, and he doesn't remember the details, only that it was thought upstream would ship it soon and we could drop it.

I can try dropping it, no objections here.

~ahasenack/ubuntu/+source/apache2:groovy-apache-2446-merge updated
4444816... by Andreas Hasenack

  * Dropped:
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
      [Unclear if it's still necessary, and upstream hasn't made a
      release with it yet]

c7dd2c5... by Andreas Hasenack

merge-changelogs

455f030... by Andreas Hasenack

reconstruct-changelog

3714cee... by Andreas Hasenack

update-maintainer

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

apache built without the patch, the ppa is just pending publication

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Let me push the change here

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

IMHO then let us drop it, thanks for trying that.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagging and uploading 3714ceecdc70c9c36364407cc706224f51585e47

$ git push pkg upload/2.4.46-1ubuntu1
Enumerating objects: 91, done.
Counting objects: 100% (91/91), done.
Delta compression using up to 4 threads
Compressing objects: 100% (52/52), done.
Writing objects: 100% (64/64), 25.71 KiB | 265.00 KiB/s, done.
Total 64 (delta 47), reused 17 (delta 12)
remote: Checking connectivity: 64, done.
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/apache2
 * [new tag] upload/2.4.46-1ubuntu1 -> upload/2.4.46-1ubuntu1

$ dput ubuntu ../apache2_2.4.46-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../apache2_2.4.46-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../apache2_2.4.46-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.46-1ubuntu1.dsc: done.
  Uploading apache2_2.4.46.orig.tar.gz: done.
  Uploading apache2_2.4.46-1ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.46-1ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.46-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

merged
 apache2 | 2.4.46-1ubuntu1 | groovy | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
index 63c573f..3d1bdf1 100644
--- a/debian/apache2-bin.install
+++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
1/usr/lib/apache2/modules/1/usr/lib/apache2/modules/
2/usr/sbin/apache22/usr/sbin/apache2
3debian/apache2.py usr/share/apport/package-hooks
diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
3new file mode 1006444new file mode 100644
index 0000000..974a655
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
1[Apache]
2title=Web Server
3description=Apache v2 is the next generation of the omnipresent Apache web server.
4ports=80/tcp
5
6[Apache Secure]
7title=Web Server (HTTPS)
8description=Apache v2 is the next generation of the omnipresent Apache web server.
9ports=443/tcp
10
11[Apache Full]
12title=Web Server (HTTP,HTTPS)
13description=Apache v2 is the next generation of the omnipresent Apache web server.
14ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 6089013..1aa6d3c 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
10var/lib/apache210var/lib/apache2
11var/log/apache211var/log/apache2
12var/www/html12var/www/html
13/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad789..92865fc 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2
8debian/config-dir/envvars /etc/apache28debian/config-dir/envvars /etc/apache2
9debian/config-dir/magic /etc/apache29debian/config-dir/magic /etc/apache2
10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/10debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
11debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/apache2.postrm b/debian/apache2.postrm
index a68583c..b0e5d7b 100644
--- a/debian/apache2.postrm
+++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
33 776221a94e5a174dc2396c0f3f6b6a7433 776221a94e5a174dc2396c0f3f6b6a74
34 c481228d439cbb54bdcedbaec5bbb11a34 c481228d439cbb54bdcedbaec5bbb11a
35 e2620d4a5a0f8d80dd4b16de59af981f35 e2620d4a5a0f8d80dd4b16de59af981f
36 3526531ccd6c6a1d2340574a305a18f8
36 EOF37 EOF
37}38}
3839
diff --git a/debian/apache2.py b/debian/apache2.py
39new file mode 10064440new file mode 100644
index 0000000..a9fb9d8
--- /dev/null
+++ b/debian/apache2.py
@@ -0,0 +1,48 @@
1#!/usr/bin/python
2
3'''apport hook for apache2
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
19
20def add_info(report, ui):
21 if os.path.isdir(SITES_ENABLED_DIR):
22 response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
23 "may help developers diagnose your bug more "
24 "quickly. However, it may contain sensitive "
25 "information. Do you want to include it in your "
26 "bug report?")
27
28 if response == None: # user cancelled
29 raise StopIteration
30
31 elif response == True:
32 # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
33 for conf_file in os.listdir(SITES_ENABLED_DIR):
34 attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
35
36 try:
37 report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
38 except OSError:
39 report['Apache2ConfdDirListing'] = str(False)
40
41 # Attach default config files if changed.
42 attach_conffiles(report, 'apache2', conffiles=None)
43
44 # Attach the error.log file.
45 attach_file(report, '/var/log/apache2/error.log', key='error.log')
46
47 # Get loaded modules.
48 report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
diff --git a/debian/changelog b/debian/changelog
index 8a927ae..6295e4e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
1apache2 (2.4.46-1ubuntu1) groovy; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - debian/{control, apache2.install, apache2-utils.ufw.profile,
5 apache2.dirs}: Add ufw profiles.
6 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
7 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
8 Debian with Ubuntu on default page.
9 + d/source/include-binaries: add Ubuntu icon file
10 - d/t/control, d/t/check-http2: add basic test for http2 support
11 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
12 was re-added by mistake in 2.4.41-1 (Closes #921024)
13 - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
14 issue reading error log too quickly after request, by adding a sleep.
15 (LP #1890302)
16 * Dropped:
17 - debian/patches/086_svn_cross_compiles: Backport several cross
18 fixes from upstream
19 [Unclear if it's still necessary, and upstream hasn't made a
20 release with it yet]
21
22 -- Andreas Hasenack <andreas@canonical.com> Tue, 25 Aug 2020 09:13:38 -0300
23
1apache2 (2.4.46-1) unstable; urgency=medium24apache2 (2.4.46-1) unstable; urgency=medium
225
3 [ Xavier Guimard ]26 [ Xavier Guimard ]
@@ -14,6 +37,39 @@ apache2 (2.4.46-1) unstable; urgency=medium
1437
15 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +020038 -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200
1639
40apache2 (2.4.43-1ubuntu2) groovy; urgency=medium
41
42 * d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
43 issue reading error log too quickly after request, by adding a sleep.
44 (LP: #1890302)
45
46 -- Bryce Harrington <bryce@canonical.com> Wed, 05 Aug 2020 12:44:59 -0700
47
48apache2 (2.4.43-1ubuntu1) groovy; urgency=medium
49
50 * Merge with Debian unstable. Remaining changes:
51 - debian/{control, apache2.install, apache2-utils.ufw.profile,
52 apache2.dirs}: Add ufw profiles.
53 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
54 - debian/patches/086_svn_cross_compiles: Backport several cross
55 fixes from upstream
56 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
57 Debian with Ubuntu on default page.
58 + d/source/include-binaries: add Ubuntu icon file
59 - d/t/control, d/t/check-http2: add basic test for http2 support
60 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
61 was re-added by mistake in 2.4.41-1 (Closes #921024)
62 * Dropped:
63 - d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
64 parameter to mod_proxy_ajp (LP #1865340)
65 [Fixed upstream]
66 - d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
67 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
68 Closes #955348, LP #1872478
69 [In 2.4.43-1]
70
71 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Jul 2020 10:22:42 -0300
72
17apache2 (2.4.43-1) unstable; urgency=medium73apache2 (2.4.43-1) unstable; urgency=medium
1874
19 [ Timo Aaltonen ]75 [ Timo Aaltonen ]
@@ -41,6 +97,39 @@ apache2 (2.4.41-5) unstable; urgency=medium
4197
42 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +010098 -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100
4399
100apache2 (2.4.41-4ubuntu3) focal; urgency=medium
101
102 [ Timo Aaltonen ]
103 * d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
104 mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
105 Closes: #955348, LP: #1872478
106
107 -- Andreas Hasenack <andreas@canonical.com> Mon, 13 Apr 2020 14:19:17 -0300
108
109apache2 (2.4.41-4ubuntu2) focal; urgency=medium
110
111 * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
112 parameter to mod_proxy_ajp (LP: #1865340)
113
114 -- Andreas Hasenack <andreas@canonical.com> Thu, 05 Mar 2020 15:51:00 -0300
115
116apache2 (2.4.41-4ubuntu1) focal; urgency=medium
117
118 * Merge with Debian unstable. Remaining changes:
119 - debian/{control, apache2.install, apache2-utils.ufw.profile,
120 apache2.dirs}: Add ufw profiles.
121 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
122 - debian/patches/086_svn_cross_compiles: Backport several cross
123 fixes from upstream
124 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
125 Debian with Ubuntu on default page.
126 + d/source/include-binaries: add Ubuntu icon file
127 - d/t/control, d/t/check-http2: add basic test for http2 support
128 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
129 was re-added by mistake in 2.4.41-1 (Closes #921024)
130
131 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 10:36:13 -0300
132
44apache2 (2.4.41-4) unstable; urgency=medium133apache2 (2.4.41-4) unstable; urgency=medium
45134
46 * Add gcc in chroot autopkgtest (fixes debci)135 * Add gcc in chroot autopkgtest (fixes debci)
@@ -65,6 +154,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
65154
66 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100155 -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100
67156
157apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
158
159 * Merge with Debian unstable. Remaining changes:
160 - debian/{control, apache2.install, apache2-utils.ufw.profile,
161 apache2.dirs}: Add ufw profiles.
162 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
163 - debian/patches/086_svn_cross_compiles: Backport several cross
164 fixes from upstream
165 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
166 Debian with Ubuntu on default page.
167 + d/source/include-binaries: add Ubuntu icon file
168 - d/t/control, d/t/check-http2: add basic test for http2 support
169 * Dropped:
170 - Cherrypick upstream testsuite fix:
171 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
172 as such).
173 + Similarly use TLSv1.2 for pr12355 and pr43738.
174 [Test suite updated in 2.4.41-1]
175 - Cherrypick upstream test suite fix for buffer.
176 [Included in 2.4.41-1]
177 - d/p/spelling-errors.patch: removed hunks already fixed upstream
178 [Included in 2.4.39-1]
179 - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
180 + d/p/CVE-2019-0196.patch
181 + d/p/CVE-2019-0211.patch
182 + d/p/CVE-2019-0215.patch
183 + d/p/CVE-2019-0217.patch
184 + d/p/CVE-2019-0220-*.patch
185 + d/p/CVE-2019-0197.patch
186 * Added:
187 - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
188 was re-added by mistake in 2.4.41-1 (Closes: #921024)
189
190 -- Andreas Hasenack <andreas@canonical.com> Wed, 14 Aug 2019 11:36:32 -0300
191
68apache2 (2.4.41-1) unstable; urgency=medium192apache2 (2.4.41-1) unstable; urgency=medium
69193
70 * New upstream version 2.4.41194 * New upstream version 2.4.41
@@ -95,6 +219,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
95219
96 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200220 -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200
97221
222apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
223
224 * New upstream version: 2.4.39
225 * d/p/spelling-errors.patch: removed hunks already fixed upstream
226 * Remaining changes:
227 - Cherrypick upstream test suite fix for buffer.
228 - Cherrypick upstream testsuite fix:
229 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
230 as such).
231 - Similarly use TLSv1.2 for pr12355 and pr43738.
232 - debian/{control, apache2.install, apache2-utils.ufw.profile,
233 apache2.dirs}: Add ufw profiles.
234 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
235 - debian/patches/086_svn_cross_compiles: Backport several cross
236 fixes from upstream
237 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
238 Debian with Ubuntu on default page.
239 + d/source/include-binaries: add Ubuntu icon file
240 - d/t/control, d/t/check-http2: add basic test for http2 support
241 * Dropped patches (fixed upstream):
242 - d/p/CVE-2019-0196.patch
243 - d/p/CVE-2019-0211.patch
244 - d/p/CVE-2019-0215.patch
245 - d/p/CVE-2019-0217.patch
246 - d/p/CVE-2019-0220-*.patch
247 - d/p/CVE-2019-0197.patch
248
249 -- Andreas Hasenack <andreas@canonical.com> Mon, 05 Aug 2019 18:09:08 -0300
250
251apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
252
253 * Cherrypick upstream test suite fix for buffer.
254
255 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 13 Jun 2019 11:08:24 +0100
256
257apache2 (2.4.38-3ubuntu1) eoan; urgency=low
258
259 * Merge from Debian unstable. Remaining changes:
260 - Cherrypick upstream testsuite fix:
261 + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
262 as such).
263 - Similarly use TLSv1.2 for pr12355 and pr43738.
264 - debian/{control, apache2.install, apache2-utils.ufw.profile,
265 apache2.dirs}: Add ufw profiles.
266 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
267 - debian/patches/086_svn_cross_compiles: Backport several cross
268 fixes from upstream
269 [Removed configure chunk, not needed since configure.in is being
270 patched.]
271 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
272 Debian with Ubuntu on default page.
273 + d/source/include-binaries: add Ubuntu icon file
274 - d/t/control, d/t/check-http2: add basic test for http2 support
275
276 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 10 Jun 2019 19:17:38 +0100
277
98apache2 (2.4.38-3) unstable; urgency=high278apache2 (2.4.38-3) unstable; urgency=high
99279
100 [ Marc Deslauriers ]280 [ Marc Deslauriers ]
@@ -132,6 +312,79 @@ apache2 (2.4.38-3) unstable; urgency=high
132312
133 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200313 -- Stefan Fritsch <sf@debian.org> Sun, 07 Apr 2019 20:15:40 +0200
134314
315apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
316
317 * Cherrypick upstream testsuite fix:
318 - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
319 as such).
320 * Similarly use TLSv1.2 for pr12355 and pr43738.
321
322 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 07 May 2019 10:39:47 +0100
323
324apache2 (2.4.38-2ubuntu2) disco; urgency=medium
325
326 * SECURITY UPDATE: read-after-free on a string compare in mod_http2
327 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
328 request method in modules/http2/h2_request.c.
329 - CVE-2019-0196
330 * SECURITY UPDATE: privilege escalation from modules' scripts
331 - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
332 child to its slot number in include/scoreboard.h,
333 server/mpm/event/event.c, server/mpm/prefork/prefork.c,
334 server/mpm/worker/worker.c.
335 - CVE-2019-0211
336 * SECURITY UPDATE: mod_ssl access control bypass
337 - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
338 PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
339 - CVE-2019-0215
340 * SECURITY UPDATE: mod_auth_digest access control bypass
341 - debian/patches/CVE-2019-0217.patch: fix a race condition in
342 modules/aaa/mod_auth_digest.c.
343 - CVE-2019-0217
344 * SECURITY UPDATE: URL normalization inconsistincy
345 - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
346 the path in include/http_core.h, include/httpd.h, server/core.c,
347 server/request.c, server/util.c.
348 - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
349 in server/request.c, server/util.c.
350 - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
351 server/util.c.
352 - CVE-2019-0220
353
354 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Apr 2019 14:31:46 -0400
355
356apache2 (2.4.38-2ubuntu1) disco; urgency=medium
357
358 * Merge with Debian unstable. Remaining changes:
359 - debian/{control, apache2.install, apache2-utils.ufw.profile,
360 apache2.dirs}: Add ufw profiles.
361 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
362 - debian/patches/086_svn_cross_compiles: Backport several cross
363 fixes from upstream
364 [Removed configure chunk, not needed since configure.in is being
365 patched.]
366 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
367 Debian with Ubuntu on default page.
368 + d/source/include-binaries: add Ubuntu icon file
369 - d/t/control, d/t/check-http2: add basic test for http2 support
370 * Dropped:
371 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
372 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
373 cannot be coinstalled with libcurl3. That situation breaks the
374 installation of libapache2-mod-shib2. See
375 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
376 for details.
377 [This has been resolved in Disco, where libxmltooling8 is built with
378 openssl 1.1]
379 - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
380 + debian/patches/CVE-2018-11763.patch: rework connection IO event
381 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
382 modules/http2/h2_version.h.
383 - CVE-2018-11763
384 [Fixed in 2.4.35]
385
386 -- Andreas Hasenack <andreas@canonical.com> Sun, 03 Feb 2019 14:57:13 -0200
387
135apache2 (2.4.38-2) unstable; urgency=medium388apache2 (2.4.38-2) unstable; urgency=medium
136389
137 * Disable "reset" test in allowmethods.t (Closes: #921024)390 * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -213,6 +466,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
213466
214 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200467 -- Stefan Fritsch <sf@debian.org> Sun, 07 Oct 2018 12:54:58 +0200
215468
469apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
470
471 * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
472 - debian/patches/CVE-2018-11763.patch: rework connection IO event
473 handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
474 modules/http2/h2_version.h.
475 - CVE-2018-11763
476
477 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Oct 2018 09:57:22 -0400
478
479apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
480
481 * Merge with Debian unstable. Remaining changes:
482 - debian/{control, apache2.install, apache2-utils.ufw.profile,
483 apache2.dirs}: Add ufw profiles.
484 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
485 - debian/patches/086_svn_cross_compiles: Backport several cross
486 fixes from upstream
487 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
488 Debian with Ubuntu on default page.
489 + d/source/include-binaries: add Ubuntu icon file
490 - d/t/control, d/t/check-http2: add basic test for http2 support
491 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
492 libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
493 cannot be coinstalled with libcurl3. That situation breaks the
494 installation of libapache2-mod-shib2. See
495 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
496 for details.
497
498 -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Aug 2018 17:09:27 -0300
499
216apache2 (2.4.34-1) unstable; urgency=medium500apache2 (2.4.34-1) unstable; urgency=medium
217501
218 [ Ondřej Surý ]502 [ Ondřej Surý ]
@@ -231,6 +515,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
231515
232 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200516 -- Stefan Fritsch <sf@debian.org> Fri, 27 Jul 2018 21:37:37 +0200
233517
518apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
519
520 * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
521 re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
522
523 -- Andreas Hasenack <andreas@canonical.com> Thu, 28 Jun 2018 10:07:06 -0300
524
525apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
526
527 * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
528 libapache2-mod-md until we figure out their transitions. libapache2-mod-md
529 in particular is problematic because that makes apache2-bin pull in
530 libcurl4 which cannot be coinstalled with libcurl3. That situation breaks
531 the installation of libapache2-mod-shib2. See
532 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
533 for details.
534 - Don't ship md.load and remove build-requires that were added because of
535 mod-md (see
536 https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
537 - Remove proxy_uwsgi.load as we are not building it for now (see
538 https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
539
540 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 May 2018 14:46:19 +0000
541
542apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
543
544 * Merge with Debian unstable (LP: #1770242). Remaining changes:
545 - debian/{control, apache2.install, apache2-utils.ufw.profile,
546 apache2.dirs}: Add ufw profiles.
547 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
548 - debian/patches/086_svn_cross_compiles: Backport several cross
549 fixes from upstream
550 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
551 Debian with Ubuntu on default page.
552 + d/source/include-binaries: add Ubuntu icon file
553 - d/t/control, d/t/check-http2: add basic test for http2 support
554 * Drop:
555 - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
556 + debian/patches/CVE-2017-15710.patch: fix language long names
557 detection as short name in modules/aaa/mod_authnz_ldap.c.
558 + CVE-2017-15710
559 - SECURITY UPDATE: incorrect <FilesMatch> matching
560 + debian/patches/CVE-2017-15715.patch: allow to configure
561 global/default options for regexes, like caseless matching or
562 extended format in include/ap_regex.h, server/core.c,
563 server/util_pcre.c.
564 + CVE-2017-15715
565 - SECURITY UPDATE: mod_session header manipulation
566 + debian/patches/CVE-2018-1283.patch: strip Session header when
567 SessionEnv is on in modules/session/mod_session.c.
568 + CVE-2018-1283
569 - SECURITY UPDATE: DoS via specially-crafted request
570 + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
571 terminated on any error, not only on buffer full in
572 server/protocol.c.
573 + CVE-2018-1301
574 - SECURITY UPDATE: mod_cache_socache DoS
575 + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
576 to carriage return in modules/cache/mod_cache_socache.c.
577 + CVE-2018-1303
578 - SECURITY UPDATE: insecure nonce generation
579 + debian/patches/CVE-2018-1312.patch: actually use the secret when
580 generating nonces in modules/aaa/mod_auth_digest.c.
581 + CVE-2018-1312
582 - Correct systemd-sysv-generator behavior by customizing some
583 parameters:
584 + d/apache2-systemd.conf: add a drop-in file to specify some
585 parameters for the systemd unit (type=Forking and
586 RemainsAfterExit=no), this allow a correct state synchronisation
587 between systemctl status and actual state of apache2 daemon.
588 + d/apache2.install: place the apache2-systemd.conf file in the
589 correct location.
590 [type=Forking already in the base systemd service file, and
591 RemainsAfterExit=no is the default value, so no need to
592 customize these anymore.]
593 - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
594 + added debian/patches/util_ldap_cache_lock_fix.patch
595 [Already applied upstream]
596
597 -- Andreas Hasenack <andreas@canonical.com> Tue, 15 May 2018 11:03:34 -0300
598
234apache2 (2.4.33-3) unstable; urgency=medium599apache2 (2.4.33-3) unstable; urgency=medium
235600
236 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.601 * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -303,6 +668,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
303668
304 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000669 -- Ondřej Surý <ondrej@debian.org> Sun, 14 Jan 2018 11:01:58 +0000
305670
671apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
672
673 * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
674 - debian/patches/CVE-2017-15710.patch: fix language long names
675 detection as short name in modules/aaa/mod_authnz_ldap.c.
676 - CVE-2017-15710
677 * SECURITY UPDATE: incorrect <FilesMatch> matching
678 - debian/patches/CVE-2017-15715.patch: allow to configure
679 global/default options for regexes, like caseless matching or
680 extended format in include/ap_regex.h, server/core.c,
681 server/util_pcre.c.
682 - CVE-2017-15715
683 * SECURITY UPDATE: mod_session header manipulation
684 - debian/patches/CVE-2018-1283.patch: strip Session header when
685 SessionEnv is on in modules/session/mod_session.c.
686 - CVE-2018-1283
687 * SECURITY UPDATE: DoS via specially-crafted request
688 - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
689 terminated on any error, not only on buffer full in
690 server/protocol.c.
691 - CVE-2018-1301
692 * SECURITY UPDATE: mod_cache_socache DoS
693 - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
694 to carriage return in modules/cache/mod_cache_socache.c.
695 - CVE-2018-1303
696 * SECURITY UPDATE: insecure nonce generation
697 - debian/patches/CVE-2018-1312.patch: actually use the secret when
698 generating nonces in modules/aaa/mod_auth_digest.c.
699 - CVE-2018-1312
700
701 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Apr 2018 07:38:24 -0400
702
703apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
704
705 * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
706 - added debian/patches/util_ldap_cache_lock_fix.patch
707
708 -- Rafael David Tinoco <rafael.tinoco@canonical.com> Fri, 02 Mar 2018 02:19:31 +0000
709
710apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
711
712 * Switch back to OpenSSL 1.1.
713
714 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 11:57:20 +0000
715
716apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
717
718 * enable http2 (LP: #1687454) by stopping to disable it
719 - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
720 - debian/config-dir/mods-available/http2.load: no more removed.
721 - debian/rules: no more removed proxy_http2 from configure.
722 * d/t/control, d/t/check-http2: add basic test for http2 support
723
724 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Dec 2017 17:25:39 +0100
725
726apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
727
728 * Merge with Debian unstable. Remaining changes:
729 - debian/{control, apache2.install, apache2-utils.ufw.profile,
730 apache2.dirs}: Add ufw profiles.
731 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
732 - debian/patches/086_svn_cross_compiles: Backport several cross
733 fixes from upstream
734 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
735 Debian with Ubuntu on default page.
736 + d/source/include-binaries: add Ubuntu icon file
737 - Correct systemd-sysv-generator behavior by customizing some
738 parameters:
739 + d/apache2-systemd.conf: add a drop-in file to specify some
740 parameters for the systemd unit (type=Forking and
741 RemainsAfterExit=no), this allow a correct state synchronisation
742 between systemctl status and actual state of apache2 daemon.
743 + d/apache2.install: place the apache2-systemd.conf file in the
744 correct location.
745 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
746 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
747 + debian/config-dir/mods-available/http2.load: removed.
748 + debian/rules: removed proxy_http2 from configure.
749 * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
750 - debian/control: switch BuildDepends to libssl1.0-dev
751 - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
752 - debian/rules: remove openssl virtual package and logic
753
754 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Nov 2017 10:51:46 -0500
755
306apache2 (2.4.29-1) unstable; urgency=medium756apache2 (2.4.29-1) unstable; urgency=medium
307757
308 [ Stefan Fritsch ]758 [ Stefan Fritsch ]
@@ -367,6 +817,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
367817
368 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200818 -- Stefan Fritsch <sf@debian.org> Sun, 16 Jul 2017 23:11:07 +0200
369819
820apache2 (2.4.27-2ubuntu3) artful; urgency=medium
821
822 * SECURITY UPDATE: optionsbleed information leak
823 - debian/patches/CVE-2017-9798.patch: disallow method registration
824 at run time in server/core.c.
825 - CVE-2017-9798
826
827 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Sep 2017 11:05:48 -0400
828
829apache2 (2.4.27-2ubuntu2) artful; urgency=medium
830
831 * Undrop (LP 1658469):
832 - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
833 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
834 + debian/config-dir/mods-available/http2.load: removed.
835 + debian/rules: removed proxy_http2 from configure.
836
837 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Aug 2017 13:04:45 -0400
838
839apache2 (2.4.27-2ubuntu1) artful; urgency=medium
840
841 * Merge with Debian unstable (LP: #1702582). Remaining changes:
842 - debian/{control, apache2.install, apache2-utils.ufw.profile,
843 apache2.dirs}: Add ufw profiles.
844 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
845 - debian/patches/086_svn_cross_compiles: Backport several cross
846 fixes from upstream
847 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
848 Debian with Ubuntu on default page.
849 + d/source/include-binaries: add Ubuntu icon file
850 - Correct systemd-sysv-generator behavior by customizing some
851 parameters:
852 + d/apache2-systemd.conf: add a drop-in file to specify some
853 parameters for the systemd unit (type=Forking and
854 RemainsAfterExit=no), this allow a correct state synchronisation
855 between systemctl status and actual state of apache2 daemon.
856 + d/apache2.install: place the apache2-systemd.conf file in the
857 correct location.
858
859 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 27 Jul 2017 13:38:39 -0700
860
370apache2 (2.4.27-2) unstable; urgency=medium861apache2 (2.4.27-2) unstable; urgency=medium
371862
372 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more863 * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -396,6 +887,55 @@ apache2 (2.4.25-4) unstable; urgency=high
396887
397 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200888 -- Stefan Fritsch <sf@debian.org> Tue, 20 Jun 2017 21:31:51 +0200
398889
890apache2 (2.4.25-3ubuntu3) artful; urgency=medium
891
892 * Re-Drop (LP: #1658469):
893 - Don't build experimental http2 module for LTS:
894 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
895 + debian/config-dir/mods-available/http2.load: removed.
896 + debian/rules: removed proxy_http2 from configure.
897 + debian/apache2.maintscript: remove http2 conffile.
898
899 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 01 May 2017 09:55:11 -0700
900
901apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
902 * Undrop (LP 1658469):
903 - Don't build experimental http2 module for LTS:
904 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
905 + debian/config-dir/mods-available/http2.load: removed.
906 + debian/rules: removed proxy_http2 from configure.
907 + debian/apache2.maintscript: remove http2 conffile.
908
909 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 08:53:43 -0800
910
911apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
912
913 * Merge from Debian unstable (LP: #1663425). Remaining changes:
914 - debian/{control, apache2.install, apache2-utils.ufw.profile,
915 apache2.dirs}: Add ufw profiles.
916 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
917 - debian/patches/086_svn_cross_compiles: Backport several cross
918 fixes from upstream
919 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
920 Debian with Ubuntu on default page.
921 + d/source/include-binaries: add Ubuntu icon file
922 - Correct systemd-sysv-generator behavior by customizing some
923 parameters:
924 + d/apache2-systemd.conf: add a drop-in file to specify some
925 parameters for the systemd unit (type=Forking and
926 RemainsAfterExit=no), this allow a correct state synchronisation
927 between systemctl status and actual state of apache2 daemon.
928 + d/apache2.install: place the apache2-systemd.conf file in the
929 correct location.
930 * Drop (LP: #1658469):
931 - Don't build experimental http2 module for LTS:
932 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
933 + debian/config-dir/mods-available/http2.load: removed.
934 + debian/rules: removed proxy_http2 from configure.
935 + debian/apache2.maintscript: remove http2 conffile.
936
937 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 09 Feb 2017 15:48:28 -0800
938
399apache2 (2.4.25-3) unstable; urgency=medium939apache2 (2.4.25-3) unstable; urgency=medium
400940
401 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.941 * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -457,6 +997,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
457997
458 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +0100998 -- Stefan Fritsch <sf@debian.org> Wed, 21 Dec 2016 23:46:06 +0100
459999
1000apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
1001
1002 * Merge from Debian unstable (LP: #). Remaining changes:
1003 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1004 apache2.dirs}: Add ufw profiles.
1005 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1006 - debian/patches/086_svn_cross_compiles: Backport several cross
1007 fixes from upstream
1008 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
1009 d/source/include-binaries: replace Debian with Ubuntu on default
1010 page.
1011 [ include-binaries change previously undocumented ]
1012 - Don't build experimental http2 module for LTS:
1013 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1014 + debian/config-dir/mods-available/http2.load: removed.
1015 + debian/rules: removed proxy_http2 from configure.
1016 + debian/apache2.maintscript: remove http2 conffile.
1017 [ Previously undocumented ]
1018 - Correct systemd-sysv-generator behavior by customizing some
1019 parameters:
1020 + d/apache2-systemd.conf: add a drop-in file to specify some
1021 parameters for the systemd unit (type=Forking and
1022 RemainsAfterExit=no), this allow a correct state synchronisation
1023 between systemctl status and actual state of apache2 daemon.
1024 + d/apache2.install: place the apache2-systemd.conf file in the
1025 correct location.
1026 * Drop:
1027 - debian/rules: Fix cross-building by passing
1028 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1029 [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
1030
1031 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 09 Dec 2016 11:02:38 +0100
1032
460apache2 (2.4.23-8) unstable; urgency=medium1033apache2 (2.4.23-8) unstable; urgency=medium
4611034
462 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a1035 * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -467,6 +1040,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
4671040
468 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +01001041 -- Stefan Fritsch <sf@debian.org> Sun, 20 Nov 2016 00:33:13 +0100
4691042
1043apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
1044
1045 * Merge from Debian unstable. Remaining changes:
1046 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1047 apache2.dirs}: Add ufw profiles.
1048 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1049 - debian/rules: Fix cross-building by passing
1050 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1051 - debian/patches/086_svn_cross_compiles: Backport several cross
1052 fixes from upstream
1053 - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
1054 Debian with Ubuntu on default page.
1055 - Don't build experimental http2 module for LTS:
1056 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1057 + debian/config-dir/mods-available/http2.load: removed.
1058 + debian/rules: removed proxy_http2 from configure.
1059 - Correct systemd-sysv-generator behavior by customizing some
1060 parameters:
1061 + d/apache2-systemd.conf: add a drop-in file to specify some
1062 parameters for the systemd unit (type=Forking and
1063 RemainsAfterExit=no), this allow a correct state synchronisation
1064 between systemctl status and actual state of apache2 daemon.
1065 + d/apache2.install: place the apache2-systemd.conf file in the
1066 correct location.
1067
1068 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 Nov 2016 09:17:24 -0500
1069
470apache2 (2.4.23-7) unstable; urgency=medium1070apache2 (2.4.23-7) unstable; urgency=medium
4711071
472 * Make apache2-dev depend on openssl 1.0, too. Closes: #8441601072 * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -581,6 +1181,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
5811181
582 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +02001182 -- Stefan Fritsch <sf@debian.org> Sun, 10 Apr 2016 14:03:41 +0200
5831183
1184apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
1185
1186 * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
1187 - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
1188 server/util_script.c.
1189 - CVE-2016-5387
1190
1191 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Jul 2016 14:32:02 -0400
1192
1193apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
1194
1195 [ Ryan Harper ]
1196 * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
1197 introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
1198 all, since http2 support is intentionally disabled (see LP 1531864).
1199 * d/apache2.maintscript: handle removal of http2.load conffile.
1200
1201 [ Robie Basak ]
1202 * Re-write Ryan's changelog entry.
1203
1204 -- Robie Basak <robie.basak@ubuntu.com> Fri, 15 Apr 2016 18:00:57 +0000
1205
1206apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
1207
1208 * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
1209 - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
1210 unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
1211 between systemctl status and actual state of apache2 daemon.
1212 - d/apache2.install: place the apache2-systemd.conf file in the correct location.
1213
1214 -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Fri, 08 Apr 2016 11:48:00 +0200
1215
1216apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
1217
1218 * Merge from Debian unstable. Remaining changes:
1219 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1220 apache2.dirs}: Add ufw profiles.
1221 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1222 - debian/rules: Fix cross-building by passing
1223 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1224 - debian/patches/086_svn_cross_compiles: Backport several cross
1225 fixes from upstream
1226 - d/index.html: replace Debian with Ubuntu on default page.
1227 - Don't build experimental http2 module for LTS:
1228 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1229 + debian/config-dir/mods-available/http2.load: removed.
1230
1231 -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Apr 2016 00:18:31 +0300
1232
584apache2 (2.4.18-2) unstable; urgency=low1233apache2 (2.4.18-2) unstable; urgency=low
5851234
586 * htcacheclean:1235 * htcacheclean:
@@ -606,6 +1255,24 @@ apache2 (2.4.18-2) unstable; urgency=low
6061255
607 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +02001256 -- Stefan Fritsch <sf@debian.org> Mon, 28 Mar 2016 21:58:54 +0200
6081257
1258apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
1259
1260 * Merge from Debian unstable. Remaining changes:
1261 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1262 apache2.dirs}: Add ufw profiles.
1263 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1264 - Add dep8 tests.
1265 - debian/rules: Fix cross-building by passing
1266 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1267 - debian/patches/086_svn_cross_compiles: Backport several cross
1268 fixes from upstream
1269 - d/index.html: replace Debian with Ubuntu on default page.
1270 - Don't build experimental http2 module for LTS:
1271 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1272 + debian/config-dir/mods-available/http2.load: removed.
1273
1274 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Jan 2016 15:15:22 -0500
1275
609apache2 (2.4.18-1) unstable; urgency=medium1276apache2 (2.4.18-1) unstable; urgency=medium
6101277
611 * New upstream release:1278 * New upstream release:
@@ -613,12 +1280,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
6131280
614 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +01001281 -- Stefan Fritsch <sf@debian.org> Sat, 19 Dec 2015 09:26:14 +0100
6151282
1283apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
1284
1285 * Merge from Debian unstable. Remaining changes:
1286 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1287 apache2.dirs}: Add ufw profiles.
1288 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1289 - Add dep8 tests.
1290 - debian/rules: Fix cross-building by passing
1291 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1292 - debian/patches/086_svn_cross_compiles: Backport several cross
1293 fixes from upstream
1294 - d/index.html: replace Debian with Ubuntu on default page.
1295 - Don't build experimental http2 module for LTS:
1296 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1297 + debian/config-dir/mods-available/http2.load: removed.
1298
1299 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 03 Dec 2015 10:07:35 -0500
1300
616apache2 (2.4.17-3) unstable; urgency=medium1301apache2 (2.4.17-3) unstable; urgency=medium
6171302
618 * mpm_prefork: Fix segfault if started with -X. Closes: #8057371303 * mpm_prefork: Fix segfault if started with -X. Closes: #805737
6191304
620 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +01001305 -- Stefan Fritsch <sf@debian.org> Mon, 23 Nov 2015 19:52:09 +0100
6211306
1307apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
1308
1309 * Merge from Debian unstable. Remaining changes:
1310 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1311 apache2.dirs}: Add ufw profiles.
1312 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1313 - Add dep8 tests.
1314 - debian/rules: Fix cross-building by passing
1315 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1316 - debian/patches/086_svn_cross_compiles: Backport several cross
1317 fixes from upstream
1318 - d/index.html: replace Debian with Ubuntu on default page.
1319 - Don't build experimental http2 module for LTS:
1320 + debian/control: removed libnghttp2-dev Build-Depends (in universe).
1321 + debian/config-dir/mods-available/http2.load: removed.
1322
1323 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Nov 2015 09:11:52 -0500
1324
622apache2 (2.4.17-2) unstable; urgency=medium1325apache2 (2.4.17-2) unstable; urgency=medium
6231326
624 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke1327 * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -629,6 +1332,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
6291332
630 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +01001333 -- Stefan Fritsch <sf@debian.org> Sat, 31 Oct 2015 23:17:11 +0100
6311334
1335apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
1336
1337 * Merge from Debian unstable. Remaining changes:
1338 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1339 apache2.dirs}: Add ufw profiles.
1340 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1341 - Add dep8 tests.
1342 - debian/rules: Fix cross-building by passing
1343 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1344 - debian/patches/086_svn_cross_compiles: Backport several cross
1345 fixes from upstream
1346 - d/index.html: replace Debian with Ubuntu on default page.
1347 * Drop patches (applied upstream):
1348 - debian/patches/CVE-2015-3183.patch
1349 - debian/patches/CVE-2015-3185.patch
1350 * Drop changes (adopted in Debian):
1351 - Allow "triggers-awaited" and "triggers-pending" states in addition
1352 to "installed" when determining whether to defer actions or
1353 process deferred actions.
1354 * Don't build experimental http2 module for LTS
1355 - debian/control: removed libnghttp2-dev Build-Depends (in universe).
1356 - debian/config-dir/mods-available/http2.load: removed.
1357
1358 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 30 Oct 2015 09:35:46 -0400
1359
632apache2 (2.4.17-1) unstable; urgency=medium1360apache2 (2.4.17-1) unstable; urgency=medium
6331361
634 [ Stefan Fritsch ]1362 [ Stefan Fritsch ]
@@ -694,6 +1422,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
6941422
695 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +02001423 -- Stefan Fritsch <sf@debian.org> Sun, 02 Aug 2015 00:44:07 +0200
6961424
1425apache2 (2.4.12-2ubuntu2) wily; urgency=medium
1426
1427 * SECURITY UPDATE: request smuggling via chunked transfer encoding
1428 - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
1429 modules/http/http_filters.c.
1430 - CVE-2015-3183
1431 * SECURITY UPDATE: access restriction bypass via deprecated API
1432 - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
1433 in include/http_request.h, server/request.c.
1434 - CVE-2015-3185
1435
1436 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Jul 2015 09:56:09 -0400
1437
1438apache2 (2.4.12-2ubuntu1) wily; urgency=medium
1439
1440 * Merge from Debian unstable. Remaining changes:
1441 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1442 apache2.dirs}: Add ufw profiles.
1443 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1444 - Add dep8 tests.
1445 - debian/rules: Fix cross-building by passing
1446 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1447 - debian/patches/086_svn_cross_compiles: Backport several cross
1448 fixes from upstream
1449 - d/index.html: replace Debian with Ubuntu on default page.
1450 - Allow "triggers-awaited" and "triggers-pending" states in addition
1451 to "installed" when determining whether to defer actions or
1452 process deferred actions.
1453 * Drop patches (applied upstream):
1454 - d/p/split-logfile.patch
1455 - d/p/CVE-2015-0228.patch
1456 * Drop changes (superceded in Debian):
1457 - Cherry-pick versioned build-depend on dpkg from Debian for correct
1458 dpkg-maintscript-helper symlink_to_dir support.
1459 * Drop changes (adopted in Debian):
1460 - d/control, d/config-dir/mods-available/ssl.conf,
1461 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1462 dialog program ask-for-passphrase.
1463 * Fix cross-building configure line in d/rules, which had bit-rotted in
1464 previous merges.
1465
1466 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 May 2015 16:34:00 +0000
1467
697apache2 (2.4.12-2) unstable; urgency=medium1468apache2 (2.4.12-2) unstable; urgency=medium
6981469
699 [ Jean-Michel Nirgal Vourgère ]1470 [ Jean-Michel Nirgal Vourgère ]
@@ -743,6 +1514,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
7431514
744 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +01001515 -- Stefan Fritsch <sf@debian.org> Sun, 15 Mar 2015 10:47:36 +0100
7451516
1517apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
1518
1519 * Merge from Debian unstable. Remaining changes:
1520 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1521 apache2.dirs}: Add ufw profiles.
1522 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1523 - d/control, d/config-dir/mods-available/ssl.conf,
1524 - Add dep8 tests.
1525 - debian/rules: Fix cross-building by passing
1526 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1527 - debian/patches/086_svn_cross_compiles: Backport several cross
1528 fixes from upstream
1529 - d/index.html: replace Debian with Ubuntu on default page.
1530 - d/p/split-logfile.patch: fix completely broken split-logfile
1531 command.
1532 - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
1533 denial of service in mod_lua via websockets PING
1534 * debian/tests/ssl-passphrase: Add password responder for
1535 systemd-ask-passphrase.
1536
1537 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 09 Mar 2015 12:03:16 +0100
1538
746apache2 (2.4.10-9) unstable; urgency=medium1539apache2 (2.4.10-9) unstable; urgency=medium
7471540
748 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a1541 * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -757,6 +1550,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
7571550
758 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +01001551 -- Stefan Fritsch <sf@debian.org> Mon, 22 Dec 2014 20:24:36 +0100
7591552
1553apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
1554
1555 * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
1556 directives
1557 - debian/patches/CVE-2014-8109.patch: handle multiple Require
1558 directives with different arguments in modules/lua/mod_lua.c.
1559 - CVE-2014-8109
1560 * SECURITY UPDATE: denial of service in mod_lua via websockets PING
1561 - debian/patches/CVE-2015-0228.patch: fix logic in
1562 modules/lua/lua_request.c.
1563 - CVE-2015-0228
1564
1565 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Mar 2015 10:56:34 -0500
1566
1567apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
1568
1569 * Allow "triggers-awaited" and "triggers-pending" states in addition to
1570 "installed" when determining whether to defer actions or process
1571 deferred actions (LP: #1393832).
1572
1573 -- Colin Watson <cjwatson@ubuntu.com> Wed, 26 Nov 2014 11:31:44 +0000
1574
1575apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
1576
1577 * Merge from Debian unstable. Remaining changes:
1578 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1579 apache2.dirs}: Add ufw profiles.
1580 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1581 - d/control, d/config-dir/mods-available/ssl.conf,
1582 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1583 dialog program ask-for-passphrase.
1584 - Add dep8 tests.
1585 - debian/rules: Fix cross-building by passing
1586 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1587 - debian/patches/086_svn_cross_compiles: Backport several cross
1588 fixes from upstream
1589 - d/index.html: replace Debian with Ubuntu on default page.
1590 - d/p/split-logfile.patch: fix completely broken split-logfile
1591 command.
1592 * Fixes from Debian included in merge:
1593 - Crash caused by OCSP stapling code; this was erroneously
1594 attributed to Debian in my previous merge, but actually only
1595 appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
1596 * Cherry-pick versioned build-depend on dpkg from Debian for correct
1597 dpkg-maintscript-helper symlink_to_dir support.
1598
1599 -- Robie Basak <robie.basak@ubuntu.com> Fri, 21 Nov 2014 15:15:58 +0000
1600
760apache2 (2.4.10-8) unstable; urgency=medium1601apache2 (2.4.10-8) unstable; urgency=medium
7611602
762 * Bump dpkg Pre-Depends to version that supports relative symlinks in1603 * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -771,6 +1612,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
7711612
772 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +01001613 -- Stefan Fritsch <sf@debian.org> Tue, 18 Nov 2014 15:18:18 +0100
7731614
1615apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
1616
1617 * Merge from Debian unstable. Remaining changes:
1618 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1619 apache2.dirs}: Add ufw profiles.
1620 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1621 - d/control, d/config-dir/mods-available/ssl.conf,
1622 d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
1623 dialog program ask-for-passphrase.
1624 - Add dep8 tests.
1625 - debian/rules: Fix cross-building by passing
1626 DEB_{HOST,BUILD}_GNU_TYPE to configure.
1627 - debian/patches/086_svn_cross_compiles: Backport several cross
1628 fixes from upstream
1629 - d/index.html: replace Debian with Ubuntu on default page.
1630 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1631 * Fixes from Debian included in merge:
1632 - Don't use a2query in preinst, as it may not be available yet
1633 (LP: #1312533).
1634 - Crash caused by OCSP stapling code (LP: #1366174).
1635 - Disable SSLv3 in default config (LP: #1358305).
1636 - If apache2 is not configured yet, defer actions executed via
1637 apache2-maintscript-helper. This fixes installation failures if a
1638 module package is configured first (LP: #1312854).
1639
1640 -- Robie Basak <robie.basak@ubuntu.com> Mon, 17 Nov 2014 18:04:40 +0000
1641
774apache2 (2.4.10-7) unstable; urgency=medium1642apache2 (2.4.10-7) unstable; urgency=medium
7751643
776 * Handle transitions of doc dirs and symlinks correctly during upgrade.1644 * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -854,6 +1722,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
8541722
855 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +02001723 -- Stefan Fritsch <sf@debian.org> Sun, 21 Sep 2014 22:58:33 +0200
8561724
1725apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
1726
1727 * Merge from Debian unstable. Remaining changes:
1728 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1729 apache2.dirs}: Add ufw profiles.
1730 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1731 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
1732 d/apache2.install: Plymouth aware passphrase dialog program
1733 ask-for-passphrase.
1734 - Add dep8 tests.
1735 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
1736 configure.
1737 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
1738 upstream
1739 - d/index.html: replace Debian with Ubuntu on default page.
1740 - d/p/split-logfile.patch: fix completely broken split-logfile command.
1741
1742 -- Robie Basak <robie.basak@ubuntu.com> Thu, 24 Jul 2014 15:13:16 +0000
1743
857apache2 (2.4.10-1) unstable; urgency=medium1744apache2 (2.4.10-1) unstable; urgency=medium
8581745
859 [ Arno Töll ]1746 [ Arno Töll ]
@@ -901,6 +1788,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
9011788
902 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +02001789 -- Stefan Fritsch <sf@debian.org> Sun, 08 Jun 2014 10:38:04 +0200
9031790
1791apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
1792
1793 * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
1794 yet support building against lua 5.2 (LP: #1323930).
1795
1796 -- Robie Basak <robie.basak@ubuntu.com> Wed, 28 May 2014 08:55:25 +0000
1797
1798apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
1799
1800 * Merge from Debian unstable. Remaining changes:
1801 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1802 apache2.dirs}: Add ufw profiles.
1803 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1804 - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
1805 d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
1806 dialog program ask-for-passphrase.
1807 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
1808 configure.
1809 - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
1810 upstream
1811 - Build using lua5.2.
1812 - d/tests/chroot: dep8 test for ChrootDir case.
1813 - d/tests/ssl-passphrase: update for new default path /var/www/html.
1814 - d/tests/duplicate-module-load: check for duplicate module loads.
1815 - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
1816 - d/p/split-logfile.patch: fix completely broken split-logfile command
1817 (LP: #1299162). Thanks to Holger Mauermann.
1818 * Drop changes (upstreamed):
1819 - d/p/ignore-quilt-dir: adjust build system so that it does not use
1820 files find inside the .pc directory. This stops a double module load
1821 causing later havoc, including "ChrootDir" directive failure.
1822 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
1823 in modules/dav/main/util.c.
1824 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
1825 modules/loggers/mod_log_config.c.
1826 * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
1827
1828 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 May 2014 19:30:04 +0000
1829
904apache2 (2.4.9-1) unstable; urgency=medium1830apache2 (2.4.9-1) unstable; urgency=medium
9051831
906 * New upstream version.1832 * New upstream version.
@@ -933,6 +1859,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
9331859
934 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +01001860 -- Stefan Fritsch <sf@debian.org> Sat, 29 Mar 2014 22:50:32 +0100
9351861
1862apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
1863
1864 * d/p/split-logfile.patch: fix completely broken split-logfile command
1865 (LP: #1299162). Thanks to Holger Mauermann.
1866
1867 -- Robie Basak <robie.basak@ubuntu.com> Thu, 03 Apr 2014 11:21:22 +0000
1868
1869apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
1870
1871 * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
1872 calculation
1873 - debian/patches/CVE-2013-6438.patch: properly calculate correct length
1874 in modules/dav/main/util.c.
1875 - CVE-2013-6438
1876 * SECURITY UPDATE: denial of service via truncated cookie and
1877 mod_log_config
1878 - debian/patches/CVE-2014-0098.patch: properly parse tokens in
1879 modules/loggers/mod_log_config.c.
1880 - CVE-2014-0098
1881
1882 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Mar 2014 08:34:10 -0400
1883
1884apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
1885
1886 * d/index.html: replace Debian with Ubuntu on default page
1887 (LP: #1288690).
1888
1889 -- Robie Basak <robie.basak@ubuntu.com> Wed, 19 Mar 2014 11:04:21 +0000
1890
1891apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
1892
1893 * Merge from Debian unstable. Remaining changes:
1894 - debian/{control, apache2.install, apache2-utils.ufw.profile,
1895 apache2.dirs}: Add ufw profiles.
1896 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
1897 - d/control, d/config-dir/mods-available/ssl.conf,
1898 d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
1899 Plymouth aware passphrase dialog program ask-for-passphrase.
1900 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
1901 to configure.
1902 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
1903 from upstream
1904 - Build using lua5.2.
1905 - d/tests/chroot: dep8 test for ChrootDir case.
1906 - d/p/ignore-quilt-dir: adjust build system so that it does not use
1907 files find inside the .pc directory. This stops a double module load
1908 causing later havoc, including "ChrootDir" directive failure.
1909 * Drop changes:
1910 - debian/{control, rules}: Enable PIE hardening: no longer required;
1911 2.4.7-1 is already hardened.
1912 - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
1913 out of this package.
1914 * d/tests/ssl-passphrase: update for new default path /var/www/html.
1915 * d/tests/duplicate-module-load: check for duplicate module loads.
1916
1917 -- Robie Basak <robie.basak@ubuntu.com> Tue, 14 Jan 2014 17:23:47 +0000
1918
936apache2 (2.4.7-1) unstable; urgency=low1919apache2 (2.4.7-1) unstable; urgency=low
9371920
938 New upstream version1921 New upstream version
@@ -996,6 +1979,53 @@ apache2 (2.4.6-3) unstable; urgency=low
9961979
997 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +02001980 -- Stefan Fritsch <sf@debian.org> Mon, 12 Aug 2013 20:15:38 +0200
9981981
1982apache2 (2.4.6-2ubuntu4) trusty; urgency=low
1983
1984 * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
1985 that it does not use files find inside the .pc directory. This stops a
1986 double module load causing later havoc, including "ChrootDir" directive
1987 failure (LP: #1251939). Thanks to Stefan Fritsch.
1988 * d/tests/chroot: dep8 test for ChrootDir case.
1989
1990 -- Robie Basak <robie.basak@ubuntu.com> Thu, 28 Nov 2013 16:21:51 +0000
1991
1992apache2 (2.4.6-2ubuntu3) trusty; urgency=low
1993
1994 * debian/apache2.install: Correct path for ufw.
1995 (LP: #1252722)
1996
1997 -- Chuck Short <zulcss@ubuntu.com> Tue, 19 Nov 2013 08:59:54 -0500
1998
1999apache2 (2.4.6-2ubuntu2) saucy; urgency=low
2000
2001 * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
2002 passphrase prompting for SSL certificates that are passphrase protected.
2003 * Add dep8 test for SSL passphrase prompting.
2004
2005 -- Robie Basak <robie.basak@ubuntu.com> Fri, 09 Aug 2013 13:08:52 +0000
2006
2007apache2 (2.4.6-2ubuntu1) saucy; urgency=low
2008
2009 * Merge from Debian unstable. Remaining changes:
2010 - debian/{control, rules}: Enable PIE hardening.
2011 - debian/{control, apache2.install, apache2-utils.ufw.profile,
2012 apache2.dirs}: Add ufw profiles.
2013 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
2014 - debian/control, debian/config-dir/mods-available/ssl.conf,
2015 debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
2016 passphrase dialog program ask-for-passphrase.
2017 - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
2018 to configure.
2019 - debian/patches/086_svn_cross_compiles: Backport several cross fixes
2020 from upstream
2021 * Dropped changes:
2022 - debian/patches/CVE-2013-1896.patch: upstream
2023 * Fixed module dependencies (LP: #1205314)
2024 - debian/config-dir/mods-available/lbmethod_*: properly specify
2025 proxy_balancer, not mod_proxy_balancer.
2026
2027 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2013 08:31:33 -0400
2028
999apache2 (2.4.6-2) unstable; urgency=low2029apache2 (2.4.6-2) unstable; urgency=low
10002030
1001 [ Stefan Fritsch ]2031 [ Stefan Fritsch ]
@@ -1048,6 +2078,56 @@ apache2 (2.4.6-1) unstable; urgency=low
10482078
1049 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +02002079 -- Arno Töll <arno@debian.org> Sun, 21 Jul 2013 18:44:42 +0200
10502080
2081apache2 (2.4.4-6ubuntu5) saucy; urgency=low
2082
2083 * SECURITY UPDATE: denial of service via MERGE request
2084 - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
2085 in modules/dav/main/mod_dav.c.
2086 - CVE-2013-1896
2087
2088 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Jul 2013 11:20:47 -0400
2089
2090apache2 (2.4.4-6ubuntu4) saucy; urgency=low
2091
2092 * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
2093 apache2-bin. apache2-utils is only suggested by apache2, so may not
2094 always be installed by bug reporters. However, apache2-bin will always
2095 need to be installed for Apache to be functional, so this is a better
2096 place for the apport hook. apache2-bin already Conflicts/Replaces
2097 apache2.2-common, so this also fixes (LP: #1199318).
2098 * d/apache2.py: adjust apport hook for new location of configuration
2099 files in apache2 >= 2.4: they have moved from apache2.2-common to
2100 apache2.
2101
2102 -- Robie Basak <robie.basak@ubuntu.com> Wed, 17 Jul 2013 17:54:22 +0000
2103
2104apache2 (2.4.4-6ubuntu3) saucy; urgency=low
2105
2106 * Build using lua5.2.
2107
2108 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2013 14:24:42 +0200
2109
2110apache2 (2.4.4-6ubuntu2) saucy; urgency=low
2111
2112 * debian/rules: Fix FTBFS while installing ufw.
2113
2114 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 10:10:14 -0500
2115
2116apache2 (2.4.4-6ubuntu1) saucy; urgency=low
2117
2118 * Merge from Debian unstable. Remaining changes:
2119 - debian/{control, rules}: Enable PIE hardening.
2120 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2121 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2122 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2123 Plymouth aware passphrase dialog program ask-for-passphrase.
2124 * Dropped changes:
2125 - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
2126 - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
2127 - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
2128
2129 -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Jul 2013 08:34:01 -0500
2130
1051apache2 (2.4.4-6) unstable; urgency=low2131apache2 (2.4.4-6) unstable; urgency=low
10522132
1053 * Denote exact versions breaking gnome-user-share now that Gnome maintainers2133 * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1519,6 +2599,122 @@ apache2 (2.4.1-1) experimental; urgency=low
15192599
1520 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +01002600 -- Stefan Fritsch <sf@debian.org> Mon, 19 Mar 2012 10:46:02 +0100
15212601
2602apache2 (2.2.22-6ubuntu5) raring; urgency=low
2603
2604 * SECURITY UPDATE: multiple cross-site scripting issues
2605 - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
2606 modules/generators/{mod_info.c,mod_status.c},
2607 modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
2608 modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
2609 - CVE-2012-3499
2610 - CVE-2012-4558
2611 * SECURITY UPDATE: symlink attack in apache2ctl script
2612 - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
2613 - Thanks to Stefan Fritsch for the fix.
2614 - CVE-2013-1048
2615
2616 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Mar 2013 07:59:58 -0400
2617
2618apache2 (2.2.22-6ubuntu4) raring; urgency=low
2619
2620 * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
2621 * Skip module sanity check between MPMs if cross-building without the
2622 kernel/binfmt support to run our target binaries on the build system.
2623 * Backport several cross fixes from upstream as 086_svn_cross_compiles.
2624
2625 -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Dec 2012 02:21:46 -0700
2626
2627apache2 (2.2.22-6ubuntu3) raring; urgency=low
2628
2629 * SECURITY UPDATE: XSS vulnerability in mod_negotiation
2630 - debian/patches/CVE-2012-2687.patch: escape filenames in
2631 modules/mappers/mod_negotiation.c.
2632 - CVE-2012-2687
2633 * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
2634 - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
2635 directive. Defaults to off as enabling compression enables the CRIME
2636 attack.
2637 - CVE-2012-4929
2638
2639 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Nov 2012 17:56:24 -0500
2640
2641apache2 (2.2.22-6ubuntu2) quantal; urgency=low
2642
2643 * debian/apache2.py
2644 - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
2645 - Check if this directory exists: /etc/apache2/sites-enabled/
2646
2647 -- Matthieu Baerts (matttbe) <matttbe@gmail.com> Mon, 16 Jul 2012 10:02:18 +0200
2648
2649apache2 (2.2.22-6ubuntu1) quantal; urgency=low
2650
2651 * Merge from Debian unstable. Remaining changes:
2652 - debian/{control, rules}: Enable PIE hardening.
2653 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2654 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2655 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2656 Plymouth aware passphrase dialog program ask-for-passphrase.
2657 * Dropped changes:
2658 - debian/control: Add bzr tag and point it to our tree; this is not
2659 really required and just increases the delta.
2660
2661 -- Robie Basak <robie.basak@ubuntu.com> Fri, 08 Jun 2012 11:37:31 +0100
2662
2663apache2 (2.2.22-6) unstable; urgency=low
2664
2665 [ Stefan Fritsch ]
2666 * Fix regression causing apache2 to cache "206 partial content" responses,
2667 and then serving these partial responses when replying to normal requests.
2668 Closes: #671204
2669 * Add section to security.conf that shows how to forbid access to VCS
2670 directories. Closes: #548213
2671 * Update ssl default cipher config, add alternative speed optimized config.
2672 Closes: #649020
2673 * Add "AddCharset" for .brf files in default mod_mime config.
2674 Closes: #402567
2675 * Don't create httpd.conf anymore and don't include it in apache2.conf. If
2676 it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
2677 * Port some of the comments in apache2.conf from the 2.4 package.
2678 * Compile mod_version statically, drop associated module load file.
2679 * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
2680 configtest.
2681 * Note in README.Debian that future versions of the package will have the
2682 include statements changed to include only *.conf.
2683 * Change compiled-in document root to /var/www, to avoid strange error
2684 messages.
2685 * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
2686
2687 [ Arno Töll ]
2688 * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
2689 to override LDFLAGS at compile time by defining LDLAGS in the environment,
2690 just like it is possible for CFLAGS. This also means, config_vars.mk now
2691 exports hardening build flags by default.
2692 * Update doc-base metadata for the apache2-doc package.
2693
2694 -- Stefan Fritsch <sf@debian.org> Tue, 29 May 2012 22:05:48 +0200
2695
2696apache2 (2.2.22-5) unstable; urgency=low
2697
2698 * Make LoadFile and LoadModule look in the standard search paths if the
2699 dso file name is given as a pure filename. This helps with the multi-arch
2700 transition.
2701
2702 -- Stefan Fritsch <sf@debian.org> Mon, 30 Apr 2012 23:38:33 +0200
2703
2704apache2 (2.2.22-4) unstable; urgency=high
2705
2706 * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
2707 hosts' config files.
2708 If scripting modules like mod_php or mod_rivet are enabled on systems
2709 where either 1) some frontend server forwards connections to an apache2
2710 backend server on the localhost address, or 2) the machine running
2711 apache2 is also used for web browsing, this could allow a remote
2712 attacker to execute example scripts stored under /usr/share/doc.
2713 Depending on the installed packages, this could lead to issues like cross
2714 site scripting, code execution, or leakage of sensitive data.
2715
2716 -- Stefan Fritsch <sf@debian.org> Sun, 15 Apr 2012 23:41:43 +0200
2717
1522apache2 (2.2.22-3) unstable; urgency=low2718apache2 (2.2.22-3) unstable; urgency=low
15232719
1524 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':2720 * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1539,6 +2735,18 @@ apache2 (2.2.22-2) unstable; urgency=low
15392735
1540 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +01002736 -- Stefan Fritsch <sf@debian.org> Thu, 15 Mar 2012 00:02:31 +0100
15412737
2738apache2 (2.2.22-1ubuntu1) precise; urgency=low
2739
2740 * Merge from Debian testing. Remaining changes:
2741 - debian/{control, rules}: Enable PIE hardening.
2742 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2743 - debian/control: Add bzr tag and point it to our tree
2744 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2745 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2746 Plymouth aware passphrase dialog program ask-for-passphrase.
2747
2748 -- Chuck Short <zulcss@ubuntu.com> Sun, 12 Feb 2012 20:06:35 -0500
2749
1542apache2 (2.2.22-1) unstable; urgency=low2750apache2 (2.2.22-1) unstable; urgency=low
15432751
1544 [ Stefan Fritsch ]2752 [ Stefan Fritsch ]
@@ -1556,6 +2764,18 @@ apache2 (2.2.22-1) unstable; urgency=low
15562764
1557 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +01002765 -- Stefan Fritsch <sf@debian.org> Wed, 01 Feb 2012 21:49:04 +0100
15582766
2767apache2 (2.2.21-5ubuntu1) precise; urgency=low
2768
2769 * Merge from Debian testing. Remaining changes:
2770 - debian/{control, rules}: Enable PIE hardening.
2771 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2772 - debian/control: Add bzr tag and point it to our tree
2773 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2774 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2775 Plymouth aware passphrase dialog program ask-for-passphrase.
2776
2777 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jan 2012 06:26:31 +0000
2778
1559apache2 (2.2.21-5) unstable; urgency=low2779apache2 (2.2.21-5) unstable; urgency=low
15602780
1561 [ Arno Töll ]2781 [ Arno Töll ]
@@ -1609,6 +2829,26 @@ apache2 (2.2.21-4) unstable; urgency=low
16092829
1610 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +01002830 -- Stefan Fritsch <sf@debian.org> Thu, 29 Dec 2011 12:09:14 +0100
16112831
2832apache2 (2.2.21-3ubuntu2) precise; urgency=low
2833
2834 * d/ask-for-passphrase: Flip the logic of this script so that it checks
2835 first to see if apache is being started from a TTY, and then if not,
2836 tries plymouth. (LP: #887410)
2837
2838 -- Clint Byrum <clint@ubuntu.com> Tue, 06 Dec 2011 16:49:33 -0800
2839
2840apache2 (2.2.21-3ubuntu1) precise; urgency=low
2841
2842 * Merge from Debian testing. Remaining changes:
2843 - debian/{control, rules}: Enable PIE hardening.
2844 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2845 - debian/control: Add bzr tag and point it to our tree
2846 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2847 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2848 Plymouth aware passphrase dialog program ask-for-passphrase.
2849
2850 -- Chuck Short <zulcss@ubuntu.com> Fri, 09 Dec 2011 05:20:43 +0000
2851
1612apache2 (2.2.21-3) unstable; urgency=medium2852apache2 (2.2.21-3) unstable; urgency=medium
16132853
1614 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some2854 * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1623,6 +2863,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
16232863
1624 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +01002864 -- Stefan Fritsch <sf@debian.org> Sat, 03 Dec 2011 18:54:03 +0100
16252865
2866apache2 (2.2.21-2ubuntu2) precise; urgency=low
2867
2868 * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
2869
2870 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Dec 2011 17:36:28 -0700
2871
2872apache2 (2.2.21-2ubuntu1) precise; urgency=low
2873
2874 * Merge from debian unstable. Remaining changes:
2875 - debian/{control, rules}: Enable PIE hardening.
2876 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2877 - debian/control: Add bzr tag and point it to our tree
2878 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2879 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2880 Plymouth aware passphrase dialog program ask-for-passphrase.
2881
2882 -- Chuck Short <zulcss@ubuntu.com> Fri, 14 Oct 2011 16:01:29 +0000
2883
1626apache2 (2.2.21-2) unstable; urgency=high2884apache2 (2.2.21-2) unstable; urgency=high
16272885
1628 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some2886 * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1640,6 +2898,19 @@ apache2 (2.2.21-1) unstable; urgency=low
16402898
1641 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +02002899 -- Stefan Fritsch <sf@debian.org> Mon, 26 Sep 2011 18:16:11 +0200
16422900
2901apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
2902
2903 * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
2904 Remaining changes:
2905 - debian/{control, rules}: Enable PIE hardening.
2906 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2907 - debian/control: Add bzr tag and point it to our tree
2908 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2909 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2910 Plymouth aware passphrase dialog program ask-for-passphrase.
2911
2912 -- Steve Beattie <sbeattie@ubuntu.com> Tue, 06 Sep 2011 01:17:15 -0700
2913
1643apache2 (2.2.20-1) unstable; urgency=low2914apache2 (2.2.20-1) unstable; urgency=low
16442915
1645 * New upstream release.2916 * New upstream release.
@@ -1662,6 +2933,18 @@ apache2 (2.2.19-2) unstable; urgency=high
16622933
1663 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +02002934 -- Stefan Fritsch <sf@debian.org> Mon, 29 Aug 2011 17:08:17 +0200
16642935
2936apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
2937
2938 * Merge from debian unstable (LP: #787013). Remaining changes:
2939 - debian/{control, rules}: Enable PIE hardening.
2940 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2941 - debian/control: Add bzr tag and point it to our tree
2942 - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
2943 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2944 Plymouth aware passphrase dialog program ask-for-passphrase.
2945
2946 -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 23 May 2011 10:16:09 -0400
2947
1665apache2 (2.2.19-1) unstable; urgency=low2948apache2 (2.2.19-1) unstable; urgency=low
16662949
1667 * New upstream release.2950 * New upstream release.
@@ -1679,6 +2962,18 @@ apache2 (2.2.19-1) unstable; urgency=low
16792962
1680 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +02002963 -- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 10:21:21 +0200
16812964
2965apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
2966
2967 * Merge from debian unstable. Remaining changes:
2968 - debian/{control, rules}: Enable PIE hardening.
2969 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
2970 - debian/control: Add bzr tag and point it to our tree
2971 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
2972 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
2973 Plymouth aware passphrase dialog program ask-for-passphrase.
2974
2975 -- Chuck Short <zulcss@ubuntu.com> Mon, 11 Apr 2011 02:13:30 +0100
2976
1682apache2 (2.2.17-3) unstable; urgency=low2977apache2 (2.2.17-3) unstable; urgency=low
16832978
1684 * Fix compilation with OpenSSL without SSLv2 support. Closes: #6220492979 * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1705,6 +3000,18 @@ apache2 (2.2.17-2) unstable; urgency=high
17053000
1706 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +01003001 -- Stefan Fritsch <sf@debian.org> Mon, 21 Mar 2011 23:01:17 +0100
17073002
3003apache2 (2.2.17-1ubuntu1) natty; urgency=low
3004
3005 * Merge from debian unstable, remaining changes:
3006 - debian/{control, rules}: Enable PIE hardening.
3007 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3008 - debian/control: Add bzr tag and point it to our tree
3009 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3010 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3011 Plymouth aware passphrase dialog program ask-for-passphrase.
3012
3013 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Feb 2011 13:02:08 -0500
3014
1708apache2 (2.2.17-1) unstable; urgency=low3015apache2 (2.2.17-1) unstable; urgency=low
17093016
1710 * New upstream version3017 * New upstream version
@@ -1713,6 +3020,32 @@ apache2 (2.2.17-1) unstable; urgency=low
17133020
1714 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +01003021 -- Stefan Fritsch <sf@debian.org> Tue, 15 Feb 2011 23:30:18 +0100
17153022
3023apache2 (2.2.16-6ubuntu3) natty; urgency=low
3024
3025 * debian/rules: Don't use "-fno-strict-aliasing" since it causes
3026 apache FTBFS on amd64. (LP: #711293)
3027
3028 -- Chuck Short <zulcss@ubuntu.com> Tue, 01 Feb 2011 10:19:55 -0500
3029
3030apache2 (2.2.16-6ubuntu2) natty; urgency=low
3031
3032 * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
3033 (LP: #697105)
3034
3035 -- Chuck Short <zulcss@ubuntu.com> Tue, 25 Jan 2011 11:14:58 -0500
3036
3037apache2 (2.2.16-6ubuntu1) natty; urgency=low
3038
3039 * Merge from debian unstable. Remaining changes:
3040 - debian/{control, rules}: Enable PIE hardening.
3041 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3042 - debian/control: Add bzr tag and point it to our tree
3043 - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
3044 - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
3045 Plymouth aware passphrase dialog program ask-for-passphrase.
3046
3047 -- Chuck Short <zulcss@ubuntu.com> Sun, 02 Jan 2011 06:05:51 +0000
3048
1716apache2 (2.2.16-6) unstable; urgency=low3049apache2 (2.2.16-6) unstable; urgency=low
17173050
1718 * Also add $named to the secondary-init-script example.3051 * Also add $named to the secondary-init-script example.
@@ -1728,6 +3061,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
17283061
1729 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +01003062 -- Stefan Fritsch <sf@debian.org> Fri, 31 Dec 2010 01:22:19 +0100
17303063
3064apache2 (2.2.16-4ubuntu2) natty; urgency=low
3065
3066 [Clint Byrum]
3067 * Adding plymouth aware passphrase dialog program ask-for-passphrase.
3068 (LP: #582963)
3069 + debian/control: apache2.2-common depends on bash for ask-for-passphrase
3070 + debian/config-dir/mods-available/ssl.conf:
3071 - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
3072
3073 [Chuck Short]
3074 * Add apport hook. (LP: #609177)
3075 + debian/apache2.py, debian/apache2.2-common.install
3076
3077 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:43 -0500
3078
3079apache2 (2.2.16-4ubuntu1) natty; urgency=low
3080
3081 * Merge from debian unstable. Remaining changes:
3082 - debian/{control, rules}: Enable PIE hardening.
3083 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3084 - debian/control: Add bzr tag and point it to our tree
3085
3086 -- Chuck Short <zulcss@ubuntu.com> Mon, 22 Nov 2010 09:43:41 -0500
3087
1731apache2 (2.2.16-4) unstable; urgency=medium3088apache2 (2.2.16-4) unstable; urgency=medium
17323089
1733 * Increase the mod_reqtimeout default timeouts to avoid potential problems3090 * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1738,6 +3095,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
17383095
1739 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +01003096 -- Stefan Fritsch <sf@debian.org> Sun, 14 Nov 2010 19:05:55 +0100
17403097
3098apache2 (2.2.16-3ubuntu1) natty; urgency=low
3099
3100 * Merge from debian unstable. Remaining changes:
3101 - debian/{control, rules}: Enable PIE hardening.
3102 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3103 - debian/control: Add bzr tag and point it to our tree.
3104
3105 -- Chuck Short <zulcss@ubuntu.com> Tue, 12 Oct 2010 11:54:48 +0100
3106
1741apache2 (2.2.16-3) unstable; urgency=high3107apache2 (2.2.16-3) unstable; urgency=high
17423108
1743 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.3109 * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1760,6 +3126,30 @@ apache2 (2.2.16-2) unstable; urgency=low
17603126
1761 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +02003127 -- Stefan Fritsch <sf@debian.org> Sun, 29 Aug 2010 15:29:21 +0200
17623128
3129apache2 (2.2.16-1ubuntu3) maverick; urgency=low
3130
3131 * Revert "stty sane" to unbreak apache starting, this will have to be
3132 fixed a different way. (LP: #626723)
3133
3134 -- Chuck Short <zulcss@ubuntu.com> Wed, 08 Sep 2010 08:33:17 -0400
3135
3136apache2 (2.2.16-1ubuntu2) maverick; urgency=low
3137
3138 * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
3139 password prompt when using apache-ssl. (LP: #582963)
3140
3141 -- Chuck Short <zulcss@ubuntu.com> Wed, 25 Aug 2010 09:25:05 -0400
3142
3143apache2 (2.2.16-1ubuntu1) maverick; urgency=low
3144
3145 * Merge from debian unstable. Remaining changes:
3146 - debian/{control, rules}: Enable PIE hardening.
3147 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3148 - debian/control: Add bzr tag and point it to our tree.
3149 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3150
3151 -- Chuck Short <zulcss@ubuntu.com> Mon, 26 Jul 2010 20:21:37 +0100
3152
1763apache2 (2.2.16-1) unstable; urgency=medium3153apache2 (2.2.16-1) unstable; urgency=medium
17643154
1765 * Urgency medium for security fix.3155 * Urgency medium for security fix.
@@ -1792,6 +3182,24 @@ apache2 (2.2.15-6) unstable; urgency=low
17923182
1793 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +02003183 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jul 2010 23:41:08 +0200
17943184
3185apache2 (2.2.15-5ubuntu1) maverick; urgency=low
3186
3187 * Merge from debian unstable. Remaining changes:
3188 - debian/{control, rules}: Enable PIE hardening.
3189 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3190 - debian/control: Add bzr tag and point it to our tree.
3191 - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
3192 + Dropped:
3193 - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
3194 - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
3195 - debian/config-dir/apache2.conf: Merged back from debian.
3196 - mod-reqtimeout functionality: Merge back from debian.
3197 - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
3198 - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
3199 - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
3200
3201 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 01:28:04 +0100
3202
1795apache2 (2.2.15-5) unstable; urgency=low3203apache2 (2.2.15-5) unstable; urgency=low
17963204
1797 * Conflict with apache package as we now include apachectl. Closes: #5790653205 * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -1912,6 +3320,80 @@ apache2 (2.2.14-6) unstable; urgency=low
19123320
1913 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +01003321 -- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 17:29:45 +0100
19143322
3323apache2 (2.2.14-5ubuntu8) lucid; urgency=low
3324
3325 * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
3326 (LP: #562370)
3327
3328 -- Chuck Short <zulcss@ubuntu.com> Tue, 13 Apr 2010 15:09:57 -0400
3329
3330apache2 (2.2.14-5ubuntu7) lucid; urgency=low
3331
3332 * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
3333 leaks by making sure to not destroy bucket brigades that have been created
3334 by earlier filters. Backported from 2.2.15.
3335 * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
3336 has reached MaxClients until it has. Backported from 2.2.15
3337 * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
3338 more secure by adding Satisfy all. (Debian bug: #572075)
3339 * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
3340 debian/config2-dir/mods-available/reqtimeout.load,
3341 debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
3342 mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
3343 bug in apache. Enable it by default. (LP: #392759)
3344
3345 -- Chuck Short <zulcss@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400
3346
3347apache2 (2.2.14-5ubuntu6) lucid; urgency=low
3348
3349 * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
3350
3351 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 09:41:11 -0400
3352
3353apache2 (2.2.14-5ubuntu5) lucid; urgency=low
3354
3355 * Revert 99-fix-mod-dav-permissions.dpatch
3356
3357 -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Mar 2010 07:55:46 -0400
3358
3359apache2 (2.2.14-5ubuntu4) lucid; urgency=low
3360
3361 * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
3362 downloading files from webdav (LP: #540747)
3363 * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
3364
3365 -- Chuck Short <zulcss@ubuntu.com> Mon, 29 Mar 2010 13:37:39 -0400
3366
3367apache2 (2.2.14-5ubuntu3) lucid; urgency=low
3368
3369 * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
3370 - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
3371 in modules/proxy/mod_proxy_ajp.c.
3372 - CVE-2010-0408
3373 * SECURITY UPDATE: information disclosure via improper handling of
3374 headers in subrequests
3375 - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
3376 in server/protocol.c.
3377 - CVE-2010-0434
3378
3379 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Mar 2010 14:48:48 -0500
3380
3381apache2 (2.2.14-5ubuntu2) lucid; urgency=low
3382
3383 * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
3384 wacky options. (LP: #450501)
3385
3386 -- Chuck Short <zulcss@ubuntu.com> Mon, 08 Mar 2010 14:53:17 -0500
3387
3388apache2 (2.2.14-5ubuntu1) lucid; urgency=low
3389
3390 * Merge from debian testing. Remaining changes: LP: #506862
3391 - debian/{control, rules}: Enable PIE hardening.
3392 - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
3393 - debian/control: Add bzr tag and point it to our tree.
3394
3395 -- Bhavani Shankar <right2bhavi@gmail.com> Wed, 13 Jan 2010 14:28:41 +0530
3396
1915apache2 (2.2.14-5) unstable; urgency=low3397apache2 (2.2.14-5) unstable; urgency=low
19163398
1917 * Security: Further mitigation for the TLS renegotation attack3399 * Security: Further mitigation for the TLS renegotation attack
@@ -1935,6 +3417,15 @@ apache2 (2.2.14-5) unstable; urgency=low
19353417
1936 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +01003418 -- Stefan Fritsch <sf@debian.org> Sat, 02 Jan 2010 22:44:15 +0100
19373419
3420apache2 (2.2.14-4ubuntu1) lucid; urgency=low
3421
3422 * Resynchronzie with Debian, remaining changes are:
3423 - debian/{control, rules}: Enable PIE hardening.
3424 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3425 - debian/control: Add bzr tag and point it to our tree.
3426
3427 -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Dec 2009 14:44:51 -0500
3428
1938apache2 (2.2.14-4) unstable; urgency=low3429apache2 (2.2.14-4) unstable; urgency=low
19393430
1940 * Disable localized error pages again by default because they break3431 * Disable localized error pages again by default because they break
@@ -1985,6 +3476,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
19853476
1986 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +01003477 -- Stefan Fritsch <sf@debian.org> Sat, 07 Nov 2009 14:37:37 +0100
19873478
3479apache2 (2.2.14-1ubuntu1) lucid; urgency=low
3480
3481 * Merge from debian testing, remaining changes:
3482 - debian/{control, rules}: Enable PIE hardening.
3483 - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
3484 - debian/conrol: Add bzr tag and point it to our tree.
3485 - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3486 Already applied upstream.
3487
3488 -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 00:29:03 +0000
3489
1988apache2 (2.2.14-1) unstable; urgency=low3490apache2 (2.2.14-1) unstable; urgency=low
19893491
1990 * New upstream version:3492 * New upstream version:
@@ -2019,6 +3521,24 @@ apache2 (2.2.13-1) unstable; urgency=low
20193521
2020 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +02003522 -- Stefan Fritsch <sf@debian.org> Mon, 31 Aug 2009 20:28:56 +0200
20213523
3524apache2 (2.2.12-1ubuntu2) karmic; urgency=low
3525
3526 * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
3527 - Fix potential segfaults with the use of the legacy ap_rputs() etc
3528 interfaces, in cases where an output filter fails. This happens
3529 frequently after CVE-2009-1891 got fixed. (LP: #409987)
3530
3531 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Aug 2009 15:38:47 -0400
3532
3533apache2 (2.2.12-1ubuntu1) karmic; urgency=low
3534
3535 * Merge from debian unstable, remaining changes:
3536 - debian/{control,rules}: enable PIE hardening.
3537 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3538 - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
3539
3540 -- Chuck Short <zulcss@ubuntu.com> Tue, 04 Aug 2009 20:04:24 +0100
3541
2022apache2 (2.2.12-1) unstable; urgency=low3542apache2 (2.2.12-1) unstable; urgency=low
20233543
2024 * New upstream release:3544 * New upstream release:
@@ -2066,6 +3586,16 @@ apache2 (2.2.12-1) unstable; urgency=low
20663586
2067 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +02003587 -- Stefan Fritsch <sf@debian.org> Tue, 04 Aug 2009 11:02:34 +0200
20683588
3589apache2 (2.2.11-7ubuntu1) karmic; urgency=low
3590
3591 * Merge from debian unstable, remaining changes: LP: #398130
3592 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3593 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3594 - debian/{control,rules}: enable PIE hardening.
3595 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3596
3597 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 11 Jul 2009 16:34:32 +0530
3598
2069apache2 (2.2.11-7) unstable; urgency=low3599apache2 (2.2.11-7) unstable; urgency=low
20703600
2071 * Security fixes:3601 * Security fixes:
@@ -2080,6 +3610,16 @@ apache2 (2.2.11-7) unstable; urgency=low
20803610
2081 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +02003611 -- Stefan Fritsch <sf@debian.org> Fri, 10 Jul 2009 22:42:57 +0200
20823612
3613apache2 (2.2.11-6ubuntu1) karmic; urgency=low
3614
3615 * Merge from debian unstable, remaining changes:
3616 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
3617 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3618 - debian/{control,rules}: enable PIE hardening.
3619 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3620
3621 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Jun 2009 01:01:23 +0100
3622
2083apache2 (2.2.11-6) unstable; urgency=high3623apache2 (2.2.11-6) unstable; urgency=high
20843624
2085 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server3625 * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2088,6 +3628,16 @@ apache2 (2.2.11-6) unstable; urgency=high
20883628
2089 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +02003629 -- Stefan Fritsch <sf@debian.org> Mon, 08 Jun 2009 19:22:58 +0200
20903630
3631apache2 (2.2.11-5ubuntu1) karmic; urgency=low
3632
3633 * Merge from debian unstable, remaining changes:
3634 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3635 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3636 - debian/{control,rules}: enable PIE hardening.
3637 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3638
3639 -- Andrew Mitchell <ajmitch@ubuntu.com> Wed, 03 Jun 2009 14:10:54 +1200
3640
2091apache2 (2.2.11-5) unstable; urgency=low3641apache2 (2.2.11-5) unstable; urgency=low
20923642
2093 * Move all binaries into a new package apache2.2-bin and make3643 * Move all binaries into a new package apache2.2-bin and make
@@ -2136,6 +3686,16 @@ apache2 (2.2.11-4) unstable; urgency=low
21363686
2137 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +02003687 -- Stefan Fritsch <sf@debian.org> Tue, 19 May 2009 22:55:27 +0200
21383688
3689apache2 (2.2.11-3ubuntu1) karmic; urgency=low
3690
3691 * Merge from debian unstable, remaining changes:
3692 - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3693 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3694 - debian/{control,rules}: enable PIE hardening.
3695 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3696
3697 -- Andrew Mitchell <ajmitch@ubuntu.com> Tue, 12 May 2009 16:15:34 +1200
3698
2139apache2 (2.2.11-3) unstable; urgency=low3699apache2 (2.2.11-3) unstable; urgency=low
21403700
2141 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap3701 * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2144,6 +3704,21 @@ apache2 (2.2.11-3) unstable; urgency=low
21443704
2145 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +02003705 -- Stefan Fritsch <sf@debian.org> Tue, 31 Mar 2009 21:07:26 +0200
21463706
3707apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
3708
3709 * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
3710 Fix timefmt is ignored when XBitHack is on. (LP: #258914)
3711
3712 -- Chuck Short <zulcss@ubuntu.com> Wed, 01 Apr 2009 11:39:17 -0400
3713
3714apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
3715
3716 * Merge from debian unstable, remaining changes:
3717 - debian/{contro,rules}: enable PIE hardening.
3718 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3719
3720 -- Chuck Short <zulcss@ubuntu.com> Sat, 17 Jan 2009 00:02:55 +0000
3721
2147apache2 (2.2.11-2) unstable; urgency=low3722apache2 (2.2.11-2) unstable; urgency=low
21483723
2149 * Report an error instead instead of segfaulting when apr_pollset_create3724 * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2153,6 +3728,14 @@ apache2 (2.2.11-2) unstable; urgency=low
21533728
2154 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +01003729 -- Stefan Fritsch <sf@debian.org> Fri, 16 Jan 2009 19:01:59 +0100
21553730
3731apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
3732
3733 * Merge from debian unstable, remaining changes:
3734 - debian/{control, rules}: enable PIE hardening.
3735 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3736
3737 -- Chuck Short <zulcss@ubuntu.com> Mon, 15 Dec 2008 00:06:50 +0000
3738
2156apache2 (2.2.11-1) unstable; urgency=low3739apache2 (2.2.11-1) unstable; urgency=low
21573740
2158 [Thom May]3741 [Thom May]
@@ -2167,6 +3750,14 @@ apache2 (2.2.11-1) unstable; urgency=low
21673750
2168 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +01003751 -- Stefan Fritsch <sf@debian.org> Sun, 14 Dec 2008 09:34:24 +0100
21693752
3753apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
3754
3755 * Merge from debian unstable, remaining changes: (LP: #303375)
3756 - debian/{control, rules}: enable PIE hardening.
3757 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3758
3759 -- Bhavani Shankar <right2bhavi@gmail.com> Sat, 29 Nov 2008 14:02:31 +0530
3760
2170apache2 (2.2.9-11) unstable; urgency=low3761apache2 (2.2.9-11) unstable; urgency=low
21713762
2172 * Regression fix from upstream svn for mod_proxy:3763 * Regression fix from upstream svn for mod_proxy:
@@ -2181,6 +3772,14 @@ apache2 (2.2.9-11) unstable; urgency=low
21813772
2182 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +01003773 -- Stefan Fritsch <sf@debian.org> Wed, 26 Nov 2008 23:10:22 +0100
21833774
3775apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
3776
3777 * Merge from debian unstable, remaining changes:
3778 - debian/{control, rules}: enable PIE hardening.
3779 - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
3780
3781 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 Nov 2008 02:23:18 -0400
3782
2184apache2 (2.2.9-10) unstable; urgency=low3783apache2 (2.2.9-10) unstable; urgency=low
21853784
2186 * Regression fix from upstream svn for mod_proxy_http:3785 * Regression fix from upstream svn for mod_proxy_http:
@@ -2211,6 +3810,27 @@ apache2 (2.2.9-8) unstable; urgency=low
22113810
2212 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +02003811 -- Stefan Fritsch <sf@debian.org> Thu, 11 Sep 2008 09:17:33 +0200
22133812
3813apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
3814
3815 * Revert logrotate change since it will break it for everyone.
3816
3817 -- Chuck Short <zulcss@ubuntu.com> Fri, 19 Sep 2008 09:32:01 -0400
3818
3819apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
3820
3821 * debian/logrotate: Restart rather than reload for busy websites.
3822 (LP: #270899)
3823
3824 -- Chuck Short <zulcss@ubuntu.com> Thu, 18 Sep 2008 08:42:22 -0400
3825
3826apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
3827
3828 * Merge from debian unstable, remaining changes:
3829 - debian/{control,rules}: enable PIE hardening.
3830 - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
3831
3832 -- Kees Cook <kees@ubuntu.com> Thu, 28 Aug 2008 08:10:59 -0700
3833
2214apache2 (2.2.9-7) unstable; urgency=low3834apache2 (2.2.9-7) unstable; urgency=low
22153835
2216 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).3836 * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2253,6 +3873,23 @@ apache2 (2.2.9-4) unstable; urgency=low
22533873
2254 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +02003874 -- Stefan Fritsch <sf@debian.org> Sun, 06 Jul 2008 10:38:37 +0200
22553875
3876apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
3877
3878 * add ufw integration (see
3879 https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
3880 (LP: #261198)
3881 - debian/control: suggest ufw for apache2.2-common
3882 - add apache2.2-common.ufw.profile with 3 profiles and install it to
3883 /etc/ufw/applications.d/apache2.2-common
3884
3885 -- Didier Roche <didrocks@ubuntu-fr.org> Tue, 26 Aug 2008 19:03:42 +0200
3886
3887apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
3888
3889 * debian/{control,rules}: enable PIE hardening
3890
3891 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:45:00 -0700
3892
2256apache2 (2.2.9-3) unstable; urgency=low3893apache2 (2.2.9-3) unstable; urgency=low
22573894
2258 [ Stefan Fritsch ]3895 [ Stefan Fritsch ]
@@ -3823,9 +5460,7 @@ apache2 (2.0.37-1) unstable; urgency=low
3823 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +01005460 -- Thom May <thom@debian.org> Thu, 13 Jun 2002 17:47:12 +0100
38245461
3825apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low5462apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
3826
3827 * New upstream release5463 * New upstream release
3828
3829 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +01005464 -- Thom May <thom@debian.org> Wed, 5 Jun 2002 12:42:34 +0100
38305465
3831apache2 (2.0.36-2) unstable; urgency=low5466apache2 (2.0.36-2) unstable; urgency=low
@@ -4333,3 +5968,4 @@ apache2 (2.0.18-1) unstable; urgency=low
4333 * Initial Release.5968 * Initial Release.
43345969
4335 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +10005970 -- Daniel Stone <daniel@sfarc.net> Wed, 4 Jul 2001 21:29:29 +1000
5971
diff --git a/debian/control b/debian/control
index 146b597..34db166 100644
--- a/debian/control
+++ b/debian/control
@@ -1,5 +1,6 @@
1Source: apache21Source: apache2
2Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>2Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
3Uploaders: Stefan Fritsch <sf@debian.org>,4Uploaders: Stefan Fritsch <sf@debian.org>,
4 Arno Töll <arno@debian.org>,5 Arno Töll <arno@debian.org>,
5 Ondřej Surý <ondrej@debian.org>,6 Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
44Recommends: ssl-cert45Recommends: ssl-cert
45Suggests: apache2-doc,46Suggests: apache2-doc,
46 apache2-suexec-pristine | apache2-suexec-custom,47 apache2-suexec-pristine | apache2-suexec-custom,
47 www-browser48 www-browser,
49 ufw
48Pre-Depends: dpkg (>= 1.17.14)50Pre-Depends: dpkg (>= 1.17.14)
49Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)51Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
50Conflicts: apache2.2-bin,52Conflicts: apache2.2-bin,
diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
51new file mode 10064453new file mode 100644
index 0000000..4db2fa1
52Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ54Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
diff --git a/debian/index.html b/debian/index.html
index 766401d..96ed444 100644
--- a/debian/index.html
+++ b/debian/index.html
@@ -1,9 +1,14 @@
11
2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml">3<html xmlns="http://www.w3.org/1999/xhtml">
4 <!--
5 Modified from the Debian original for Ubuntu
6 Last updated: 2016-11-16
7 See: https://launchpad.net/bugs/1288690
8 -->
4 <head>9 <head>
5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />10 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6 <title>Apache2 Debian Default Page: It works</title>11 <title>Apache2 Ubuntu Default Page: It works</title>
7 <style type="text/css" media="screen">12 <style type="text/css" media="screen">
8 * {13 * {
9 margin: 0px 0px 0px 0px;14 margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
188 <body>193 <body>
189 <div class="main_page">194 <div class="main_page">
190 <div class="page_header floating_element">195 <div class="page_header floating_element">
191 <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>196 <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
192 <span class="floating_element">197 <span class="floating_element">
193 Apache2 Debian Default Page198 Apache2 Ubuntu Default Page
194 </span>199 </span>
195 </div>200 </div>
196<!-- <div class="table_of_contents floating_element">201<!-- <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
221 <div class="content_section_text">226 <div class="content_section_text">
222 <p>227 <p>
223 This is the default welcome page used to test the correct 228 This is the default welcome page used to test the correct
224 operation of the Apache2 server after installation on Debian systems.229 operation of the Apache2 server after installation on Ubuntu systems.
230 It is based on the equivalent page on Debian, from which the Ubuntu Apache
231 packaging is derived.
225 If you can read this page, it means that the Apache HTTP server installed at232 If you can read this page, it means that the Apache HTTP server installed at
226 this site is working properly. You should <b>replace this file</b> (located at233 this site is working properly. You should <b>replace this file</b> (located at
227 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.234 <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
242 </div>249 </div>
243 <div class="content_section_text">250 <div class="content_section_text">
244 <p>251 <p>
245 Debian's Apache2 default configuration is different from the252 Ubuntu's Apache2 default configuration is different from the
246 upstream default configuration, and split into several files optimized for253 upstream default configuration, and split into several files optimized for
247 interaction with Debian tools. The configuration system is254 interaction with Ubuntu tools. The configuration system is
248 <b>fully documented in255 <b>fully documented in
249 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full256 /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
250 documentation. Documentation for the web server itself can be257 documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
253260
254 </p>261 </p>
255 <p>262 <p>
256 The configuration layout for an Apache2 web server installation on Debian systems is as follows:263 The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
257 </p>264 </p>
258 <pre>265 <pre>
259/etc/apache2/266/etc/apache2/
@@ -324,7 +331,7 @@
324331
325 <div class="content_section_text">332 <div class="content_section_text">
326 <p>333 <p>
327 By default, Debian does not allow access through the web browser to334 By default, Ubuntu does not allow access through the web browser to
328 <em>any</em> file apart of those located in <tt>/var/www</tt>,335 <em>any</em> file apart of those located in <tt>/var/www</tt>,
329 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>336 <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
330 directories (when enabled) and <tt>/usr/share</tt> (for web337 directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
333 document root directory in <tt>/etc/apache2/apache2.conf</tt>.340 document root directory in <tt>/etc/apache2/apache2.conf</tt>.
334 </p>341 </p>
335 <p>342 <p>
336 The default Debian document root is <tt>/var/www/html</tt>. You343 The default Ubuntu document root is <tt>/var/www/html</tt>. You
337 can make your own virtual hosts under /var/www. This is different344 can make your own virtual hosts under /var/www. This is different
338 to previous releases which provides better security out of the box.345 to previous releases which provides better security out of the box.
339 </p>346 </p>
@@ -345,9 +352,9 @@
345 </div>352 </div>
346 <div class="content_section_text">353 <div class="content_section_text">
347 <p>354 <p>
348 Please use the <tt>reportbug</tt> tool to report bugs in the355 Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
349 Apache2 package with Debian. However, check <a356 Apache2 package with Ubuntu. However, check <a
350 href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"357 href="https://bugs.launchpad.net/ubuntu/+source/apache2"
351 rel="nofollow">existing bug reports</a> before reporting a new bug.358 rel="nofollow">existing bug reports</a> before reporting a new bug.
352 </p>359 </p>
353 <p>360 <p>
diff --git a/debian/perl-framework/t/apache/expr_string.t b/debian/perl-framework/t/apache/expr_string.t
index a9115ee..66b0903 100644
--- a/debian/perl-framework/t/apache/expr_string.t
+++ b/debian/perl-framework/t/apache/expr_string.t
@@ -7,6 +7,8 @@ use Apache::TestUtil qw(t_write_file t_start_error_log_watch t_finish_error_log_
77
8use File::Spec;8use File::Spec;
99
10use Time::HiRes qw(usleep);
11
10# test ap_expr12# test ap_expr
1113
12Apache::TestRequest::user_agent(keep_alive => 1);14Apache::TestRequest::user_agent(keep_alive => 1);
@@ -62,6 +64,8 @@ foreach my $t (@test_cases) {
62 'SomeHeader' => 'SomeValue',64 'SomeHeader' => 'SomeValue',
63 'User-Agent' => 'SomeAgent',65 'User-Agent' => 'SomeAgent',
64 'Referer' => 'SomeReferer');66 'Referer' => 'SomeReferer');
67 ### Sleep here, attempt to avoid intermittent failures. (LP: #1890302)
68 usleep(250000);
65 my @loglines = t_finish_error_log_watch();69 my @loglines = t_finish_error_log_watch();
6670
67 my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i71 my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i
diff --git a/debian/perl-framework/t/modules/allowmethods.t b/debian/perl-framework/t/modules/allowmethods.t
index ad34959..6e2e815 100644
--- a/debian/perl-framework/t/modules/allowmethods.t
+++ b/debian/perl-framework/t/modules/allowmethods.t
@@ -23,7 +23,6 @@ my @test_cases = (
23 [ $get, $post, 405 ],23 [ $get, $post, 405 ],
24 [ $head, $post, 405 ],24 [ $head, $post, 405 ],
25 [ $post, $post, 200 ],25 [ $post, $post, 200 ],
26 [ $get, $post . '/reset', 200 ],
27);26);
2827
29plan tests => (scalar @test_cases), have_module 'allowmethods';28plan tests => (scalar @test_cases), have_module 'allowmethods';
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
index ff777a2..b32d256 100644
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
17debian/icons/odf6ots-20x22.png17debian/icons/odf6ots-20x22.png
18debian/icons/odf6ott-20x22.png18debian/icons/odf6ott-20x22.png
19debian/icons/openlogo-75.png19debian/icons/openlogo-75.png
20debian/icons/ubuntu-logo.png
20debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml21debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
21debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php22debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
22debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml23debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
23new file mode 10064424new file mode 100644
index 0000000..6bc9125
--- /dev/null
+++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
1#!/bin/sh
2set -uxe
3
4# http2 is rather new, check that it at least generally works
5# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
6
7a2enmod http2
8a2enmod ssl
9a2ensite default-ssl
10# Enable globally
11echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
12service apache2 restart
13
14# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
15# wget on Debian gives me:
16# GnuTLS: A TLS warning alert has been received.
17# Unable to establish SSL connection.
18# Presumably this is due to the self-signed certificate, but I'm not sure how
19# to skip the warning with wget. curl will do for now.
20echo "Hello, world!" > /var/www/html/hello.txt
21
22testapache () {
23 cmd="${1}"
24 result=$(${cmd})
25
26 if [ "$result" != "Hello, world!" ]; then
27 echo "Unexpected result: ${result}" >&2
28 exit 1
29 else
30 echo OK
31 fi
32}
33
34# https shall not affect http
35testapache "curl -s -k http://localhost/hello.txt"
36# https shall not affect https
37testapache "curl -s -k https://localhost/hello.txt"
38#plain http2
39testapache "nghttp --no-verify-peer https://localhost/hello.txt"
40#http2 upgrade
41testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
diff --git a/debian/tests/control b/debian/tests/control
index be79f60..37ae2ca 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -23,6 +23,10 @@ Tests: ssl-passphrase
23Restrictions: needs-root allow-stderr breaks-testbed23Restrictions: needs-root allow-stderr breaks-testbed
24Depends: apache2, curl, expect, ssl-cert24Depends: apache2, curl, expect, ssl-cert
2525
26Tests: check-http2
27Restrictions: needs-root allow-stderr breaks-testbed
28Depends: apache2, curl, ssl-cert, nghttp2-client
29
26Tests: chroot30Tests: chroot
27Features: no-build-needed31Features: no-build-needed
28Restrictions: needs-root allow-stderr breaks-testbed32Restrictions: needs-root allow-stderr breaks-testbed

Subscribers

People subscribed via source and target branches