~bryce/ubuntu/+source/apache2:merge-v2.4.53-2-kinetic

Branch merges

Propose for merging

Merged into ubuntu/+source/apache2:debian/sid at revision 664141ab1914122240001fcb45ec825ee3147bd8

Andreas Hasenack: Approve on 2022-05-25

Canonical Server: Pending requested 2022-05-23

git-ubuntu import: Pending requested 2022-05-23

Diff: 2824 lines (+2129/-60)

10 files modified

debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+2/-0)
debian/apache2.py (+48/-0)
debian/changelog (+2006/-2)
debian/control (+4/-2)
debian/index.html (+51/-56)
debian/source/include-binaries (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

664141a... by Bryce Harrington on 2022-05-24

update-maintainer

cf767a8... by Bryce Harrington on 2022-05-24

reconstruct-changelog

697cf20... by Bryce Harrington on 2022-05-24

merge-changelogs

1db915d... by Bryce Harrington on 2022-05-20

  * Dropped:
    - OOB read in mod_lua via crafted request body
      + d/p/CVE-2022-22719.patch: error out if lua_read_body() or
        lua_write_body() fail in modules/lua/lua_request.c.
      [Fixed in 2.4.53 upstream]
    - HTTP Request Smuggling via error discarding the
      request body
      + d/p/CVE-2022-22720.patch: simpler connection close logic
        if discarding the request body fails in modules/http/http_filters.c,
        server/protocol.c.
      [Fixed in 2.4.53 upstream]
    - overflow via large LimitXMLRequestBody
      + d/p/CVE-2022-22721.patch: make sure and check that
        LimitXMLRequestBody fits in system memory in server/core.c,
        server/util.c, server/util_xml.c.
      [Fixed in 2.4.53 upstream]
    - out-of-bounds write in mod_sed
      + d/p/CVE-2022-23943-1.patch: use size_t to allow for larger
        buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
        modules/filters/mod_sed.c, modules/filters/sed1.c.
      + d/p/CVE-2022-23943-2.patch: improve the logic flow in
        modules/filters/mod_sed.c.
      [Fixed in 2.4.53 upstream]

ee14fcd... by Bryce Harrington on 2022-05-20

    - d/apache2.postrm: Include md5 sum for updated index.html

998d8b8... by Bryce Harrington on 2022-05-20

    - d/index.html, d/icons/ubuntu-logo.png: Refresh page design and
      new logo
      (LP: 1966004)

7315771... by Bryce Harrington on 2022-02-03

    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/s/include-binaries: replace Debian with Ubuntu on default
      page and add Ubuntu icon file.
      (LP 1288690)

53018d3... by Bryce Harrington on 2022-02-03

    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
      (LP 609177)

5535030... by Bryce Harrington on 2022-02-03

    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
      (LP 261198)

4f279c2... by Yadd <email address hidden> on 2022-03-15

2.4.53-2 (patches unapplied)

Imported using git-ubuntu import.