~ahasenack/ubuntu/+source/apache2:focal-apache2-ajp-secret

Branch merges

Propose for merging

Merged into ubuntu/+source/apache2:ubuntu/devel at revision cd2d8271579104b7dc9e8254c7bee4d4c1021e17

Christian Ehrhardt  (community): Approve on 2020-03-06

Thomas (community): Approve (test) on 2020-03-06

Canonical Server: Pending requested 2020-03-05

Diff: 259 lines (+231/-0)

4 files modified

debian/changelog (+7/-0)
debian/patches/mod_proxy_ajp-secret-parameter-doc.patch (+32/-0)
debian/patches/mod_proxy_ajp-secret-parameter.patch (+190/-0)
debian/patches/series (+2/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

cd2d827... by Andreas Hasenack on 2020-03-05

changelog

f60ad90... by Andreas Hasenack on 2020-03-05

  * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
    parameter to mod_proxy_ajp (LP: #1865340)

a2c1b5e... by Andreas Hasenack on 2020-02-26

Import patches-unapplied version 2.4.41-4ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: c4dbe6ec8768d7e06811e43c10b7d1f2bacab23f

New changelog entries:
  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - d/t/control, d/t/check-http2: add basic test for http2 support
    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
      was re-added by mistake in 2.4.41-1 (Closes #921024)

c4dbe6e... by Xavier Guimard <email address hidden> on 2020-02-07

Import patches-unapplied version 2.4.41-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 14c2047fbc5ddafab8fa30e479383e0a5b8fca4b

New changelog entries:
  * Add gcc in chroot autopkgtest (fixes debci)

14c2047... by Xavier Guimard <email address hidden> on 2020-02-05

Import patches-unapplied version 2.4.41-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9779207254568d838ae5e93d57c2c76482552338

New changelog entries:
  * Don't use hardcoded libgcc_s.so.1 path in autopkgtest files. Thanks to
    Aurelien Jarno (Closes: #950711)

9779207... by Xavier Guimard <email address hidden> on 2020-01-13

Import patches-unapplied version 2.4.41-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7e8193f3f2538a444b296255c5cfd09a62df47e5

New changelog entries:
  [ Stefan Fritsch ]
  * Add *.load file for mod_socache_redis
  [ Vagrant Cascadian ]
  * Embeds path to EGREP in config_vars.mk (Closes: #948757)
  * Sanitize CXXFLAGS/-ffile-prefix-map in config_vars.mk (Closes: #948759)

7e8193f... by Xavier Guimard <email address hidden> on 2019-08-14

Import patches-unapplied version 2.4.41-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a5715ea05f24a5e129a3c9e62b3429cc14019ce2

New changelog entries:
  * New upstream version 2.4.41
  * Update lintian overrides
  * Remove README in usr/share/apache2
  * Move httxt2dbm manpage in section 8
  * Update test framework

a5715ea... by Xavier Guimard <email address hidden> on 2019-08-12

Import patches-unapplied version 2.4.39-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7fedf333b093840f6ad873e632fe32992f3bdd01

New changelog entries:
  * Fix bad call of dh_link. Thanks to Daniel Baumann (Closes: #934640)

7fedf33... by Xavier Guimard <email address hidden> on 2019-08-12

Import patches-unapplied version 2.4.39-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6f896d33242900b08c8788338c9e90e23713055c

New changelog entries:
  [ Helmut Grohne ]
  * Do not install /usr/share/apache2/build/config.nice (Closes: #929510)
  [ Xavier Guimard ]
  * New upstream version 2.4.39
  * Refresh patches
  * Remove patches now included in upstream
  * Replace duplicate doc files by links using jdupes
  * Add bison in build dependencies

6f896d3... by Stefan Fritsch on 2019-04-07

Import patches-unapplied version 2.4.38-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 847b2dd6c945b42d4b49bbc8fbb24a7dd4fc4897

New changelog entries:
  [ Marc Deslauriers ]
  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
      request method in modules/http2/h2_request.c.
    - CVE-2019-0196
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
      server/mpm/worker/worker.c.
    - CVE-2019-0211
  * SECURITY UPDATE: mod_ssl access control bypass
    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
    - CVE-2019-0215
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
      server/util.c.
    - CVE-2019-0220
  [ Stefan Fritsch ]
  * Pull security fixes from 2.4.39 via Ubuntu
  * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade