Last commit made on 2020-11-16
Get this branch:
git clone -b ubuntu/xenial-devel https://git.launchpad.net/~bryce/ubuntu/+source/apache2
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information


Recent commits

c77f0d4... by Bryce Harrington on 2020-11-16


ed168f2... by Bryce Harrington on 2020-11-16

  * d/apache2.install: List confdir contents explicitly. Avoids
    installing *.in templates.
    (LP: #1899611)

ae7d48b... by Bryce Harrington on 2020-07-16


6de7816... by Bryce Harrington on 2020-07-15

  * On Linux, use pthread mutexes. On kfreebsd/hurd, continue using
    fctnl because they lack robust pthread mutexes.
    (LP: #1565744)

b21b82b... by Christian Ehrhardt  on 2020-06-15

2.4.18-2ubuntu3.15 (patches unapplied)

Imported using git-ubuntu import.

ca65472... by Jesse Williamson on 2019-10-08

Import patches-unapplied version 2.4.18-2ubuntu3.14 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 77680cde0c65256b267966a5f34bff41578644a7

New changelog entries:
  * Backport mod_reqtimeout with handshake support (LP: #1846138)
    - d/p/0001-mod-reqtimeout-revent-long-response-times.patch
    - d/p/0002-mod_reqtimeout-fix-body-timeout-disabling-for-CONNECT-request.patch
    - d/p/0003-mod_reqtimeout-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch

77680cd... by Steve Beattie on 2019-09-16

Import patches-unapplied version 2.4.18-2ubuntu3.13 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9753035d2b58c6df6e643f1c86517ba839118265

New changelog entries:
  * SECURITY REGRESSION: mod_proxy balancer XSS/CSRF hardening broke
    browsers which change case in headers and breaks balancers
    loading in some configurations (LP: #1842701)
    - drop d/p/CVE-2019-10092-3.patch

9753035... by Steve Beattie on 2019-08-26

Import patches-unapplied version 2.4.18-2ubuntu3.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 718e5625748d3e7515c8ebd6ed821eebec5e2e9e

New changelog entries:
  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
    - CVE-2019-10092
  * SECURITY UPDATE: mod_rewrite potential open redirect.
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098

718e562... by Marc Deslauriers on 2019-04-03

Import patches-unapplied version 2.4.18-2ubuntu3.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d7a2c9922f3a2122925aa4b3b2aa3b47a52eb920

New changelog entries:
  * SECURITY UPDATE: mod_session expiry time issue
    - debian/patches/CVE-2018-17199.patch: always decode session attributes
      early in modules/session/mod_session.c.
    - CVE-2018-17199
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
    - CVE-2019-0211
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
    - CVE-2019-0220

d7a2c99... by Andreas Hasenack on 2018-06-07

Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 70003688226c7b2b0040a7bb651616a86e4f1b50

New changelog entries:
  * debian/patches/includeoptional-ignore-non-existent.patch: silently
    ignore a not existent file path with IncludeOptional . Closes LP: