~bryce/ubuntu/+source/apache2:ubuntu/xenial-devel

Last commit made on 2020-11-16
Get this branch:
git clone -b ubuntu/xenial-devel https://git.launchpad.net/~bryce/ubuntu/+source/apache2
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information

Name:
ubuntu/xenial-devel
Repository:
lp:~bryce/ubuntu/+source/apache2

Recent commits

c77f0d4... by Bryce Harrington on 2020-11-16

changelog

ed168f2... by Bryce Harrington on 2020-11-16

  * d/apache2.install: List confdir contents explicitly. Avoids
    installing *.in templates.
    (LP: #1899611)

ae7d48b... by Bryce Harrington on 2020-07-16

changelog

6de7816... by Bryce Harrington on 2020-07-15

  * On Linux, use pthread mutexes. On kfreebsd/hurd, continue using
    fctnl because they lack robust pthread mutexes.
    (LP: #1565744)

b21b82b... by Christian Ehrhardt  on 2020-06-15

2.4.18-2ubuntu3.15 (patches unapplied)

Imported using git-ubuntu import.

ca65472... by Jesse Williamson on 2019-10-08

Import patches-unapplied version 2.4.18-2ubuntu3.14 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 77680cde0c65256b267966a5f34bff41578644a7

New changelog entries:
  * Backport mod_reqtimeout with handshake support (LP: #1846138)
    - d/p/0001-mod-reqtimeout-revent-long-response-times.patch
    - d/p/0002-mod_reqtimeout-fix-body-timeout-disabling-for-CONNECT-request.patch
    - d/p/0003-mod_reqtimeout-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch

77680cd... by Steve Beattie on 2019-09-16

Import patches-unapplied version 2.4.18-2ubuntu3.13 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9753035d2b58c6df6e643f1c86517ba839118265

New changelog entries:
  * SECURITY REGRESSION: mod_proxy balancer XSS/CSRF hardening broke
    browsers which change case in headers and breaks balancers
    loading in some configurations (LP: #1842701)
    - drop d/p/CVE-2019-10092-3.patch

9753035... by Steve Beattie on 2019-08-26

Import patches-unapplied version 2.4.18-2ubuntu3.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 718e5625748d3e7515c8ebd6ed821eebec5e2e9e

New changelog entries:
  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092
  * SECURITY UPDATE: mod_rewrite potential open redirect.
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098

718e562... by Marc Deslauriers on 2019-04-03

Import patches-unapplied version 2.4.18-2ubuntu3.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d7a2c9922f3a2122925aa4b3b2aa3b47a52eb920

New changelog entries:
  * SECURITY UPDATE: mod_session expiry time issue
    - debian/patches/CVE-2018-17199.patch: always decode session attributes
      early in modules/session/mod_session.c.
    - CVE-2018-17199
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
      server/mpm/worker/worker.c.
    - CVE-2019-0211
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
      server/util.c.
    - CVE-2019-0220

d7a2c99... by Andreas Hasenack on 2018-06-07

Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 70003688226c7b2b0040a7bb651616a86e4f1b50

New changelog entries:
  * debian/patches/includeoptional-ignore-non-existent.patch: silently
    ignore a not existent file path with IncludeOptional . Closes LP:
    #1766186.