~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish

Branch merges

Propose for merging

Merged into ubuntu/+source/apache2:debian/sid at revision ed8d6792d1bff487a02b67f2995ad030e05a42c2

Utkarsh Gupta (community): Approve on 2021-07-14

Canonical Server: Pending requested 2021-07-09

Canonical Server packageset reviewers: Pending requested 2021-07-09

Diff: 2517 lines (+1892/-34)

11 files modified

debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+1/-0)
debian/apache2.py (+48/-0)
debian/apache2ctl (+33/-18)
debian/changelog (+1769/-2)
debian/control (+4/-2)
debian/index.html (+19/-12)
debian/source/include-binaries (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ed8d679... by Bryce Harrington on 2021-07-08

changelog reformatting for release

6c79060... by Bryce Harrington on 2021-07-08

update-maintainer

fef9381... by Bryce Harrington on 2021-07-08

reconstruct-changelog

6e846e9... by Bryce Harrington on 2021-07-08

merge-changelogs

1fa9570... by Bryce Harrington on 2021-07-08

  * Dropped:
    - SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
      + debian/patches/CVE-2021-30641.patch: change default behavior in
        server/request.c.
      + CVE-2021-30641
      [Fixed in 2.4.48-1]

539bc55... by Bryce Harrington on 2021-07-08

  * Dropped:
    - SECURITY UPDATE: heap overflow via SessionHeader
      + debian/patches/CVE-2021-26691.patch: account for the '&' in
        identity_concat() in modules/session/mod_session.c.
      + CVE-2021-26691
      [Fixed in 2.4.48-1]

ab3c095... by Bryce Harrington on 2021-07-08

  * Dropped:
    - SECURITY UPDATE: DoS via cookie header in mod_session
      + debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
        session_identity_decode() in modules/session/mod_session.c.
      + CVE-2021-26690
      [Fixed in 2.4.48-1]

3ad1358... by Bryce Harrington on 2021-07-08

  * Dropped:
    - SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
      + debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
        base64 to fail early if the format can't match anyway in
        modules/aaa/mod_auth_digest.c.
      + CVE-2020-35452
      [Fixed in 2.4.48-1]

d6f67c2... by Bryce Harrington on 2021-07-08

  * Dropped:
    - SECURITY UPDATE: mod_proxy_http denial of service.
      + debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
        connection in modules/proxy/mod_proxy_http.c.
      + CVE-2020-13950
      [Fixed in 2.4.48-1]

b695681... by Bryce Harrington on 2021-03-09

    - d/apache2ctl: Also use /run/systemd to check for systemd usage
      (LP: 1918209)