ubuntu/+source/apache2:applied/debian/sid

Last commit made on 2018-03-31
Get this branch:
git clone -b applied/debian/sid https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/sid
Repository:
lp:ubuntu/+source/apache2

Recent commits

0ce9b25... by Stefan Fritsch on 2018-03-30

Import patches-applied version 2.4.33-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d8eeb4126b1ab2ef92ceb89629b9edb3a8089b3e
Unapplied parent: 80ec81c53c05d766dea5b8a165d52a9b8073be03

New changelog entries:
  * New upstream version.
    Security fixes:
    - CVE-2017-15710
      Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
    - CVE-2018-1283
      mod_session: CGI-like applications that intend to read from mod_session's
      'SessionEnv ON' could be fooled into reading user-supplied data instead.
    - CVE-2018-1303
      mod_cache_socache: Fix request headers parsing to avoid a possible crash
      with specially crafted input data.
    - CVE-2018-1301
      core: Possible crash with excessively long HTTP request headers.
      Impractical to exploit with a production build and production LogLevel.
    - CVE-2017-15715
      core: Configure the regular expression engine to match '$' to the end of
      the input string only, excluding matching the end of any embedded
      newline characters. Behavior can be changed with new directive
      'RegexDefaultOptions'.
    - CVE-2018-1312
      mod_auth_digest: Fix generation of nonce values to prevent replay
      attacks across servers using a common Digest domain. This change
      may cause problems if used with round robin load balancers. PR 54637
    - CVE-2018-1302
      mod_http2: Potential crash w/ mod_http2.
    - mod_proxy_uwsgi: New UWSGI proxy submodule.
    - mod_md: New experimental module for managing domains across virtual
      hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
      renew certificates.
    - core: silently ignore a not existent file path when IncludeOptional
      is used. Closes: #878920
    - mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980
  * Fix lintian warnings:
    - Include SupportApache-small.png in apache2-doc package instead of
      linking to apache.org, to avoid privacy issues.
    - Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
    - Remove deprecated use of autotools_dev with dh.
    - Add some overrides
  * Bump standards-version to 4.1.2 (no changes)

80ec81c... by Stefan Fritsch on 2018-03-30

Make builds reproducible

Gbp-Pq: reproducible_builds.diff.

4d1f781... by Stefan Fritsch on 2018-03-30

add suexec-custom to the build system

Gbp-Pq: build_suexec-custom.patch.

7a66306... by Stefan Fritsch on 2018-03-30

Adapt apxs to Debian specific changes

Gbp-Pq: customize_apxs.patch.

b6654d1... by Stefan Fritsch on 2018-03-30

Fix race condition with chdir

Gbp-Pq: suexec-CVE-2007-1742.patch.

985883e... by Stefan Fritsch on 2018-03-30

Remove LD_LIBRARY_PATH from envvars-std

Gbp-Pq: no_LD_LIBRARY_PATH.patch.

c5f599a... by Stefan Fritsch on 2018-03-30

Fix up FHS file locations for apache2 droppings.

Gbp-Pq: fhs_compliance.patch.

3e69ee7... by Stefan Fritsch on 2018-03-30

Import patches-unapplied version 2.4.33-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4d9e478148bbfba2ec7ea63e425f3425c76e6b42

New changelog entries:
  * New upstream version.
    Security fixes:
    - CVE-2017-15710
      Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
    - CVE-2018-1283
      mod_session: CGI-like applications that intend to read from mod_session's
      'SessionEnv ON' could be fooled into reading user-supplied data instead.
    - CVE-2018-1303
      mod_cache_socache: Fix request headers parsing to avoid a possible crash
      with specially crafted input data.
    - CVE-2018-1301
      core: Possible crash with excessively long HTTP request headers.
      Impractical to exploit with a production build and production LogLevel.
    - CVE-2017-15715
      core: Configure the regular expression engine to match '$' to the end of
      the input string only, excluding matching the end of any embedded
      newline characters. Behavior can be changed with new directive
      'RegexDefaultOptions'.
    - CVE-2018-1312
      mod_auth_digest: Fix generation of nonce values to prevent replay
      attacks across servers using a common Digest domain. This change
      may cause problems if used with round robin load balancers. PR 54637
    - CVE-2018-1302
      mod_http2: Potential crash w/ mod_http2.
    - mod_proxy_uwsgi: New UWSGI proxy submodule.
    - mod_md: New experimental module for managing domains across virtual
      hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
      renew certificates.
    - core: silently ignore a not existent file path when IncludeOptional
      is used. Closes: #878920
    - mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980
  * Fix lintian warnings:
    - Include SupportApache-small.png in apache2-doc package instead of
      linking to apache.org, to avoid privacy issues.
    - Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
    - Remove deprecated use of autotools_dev with dh.
    - Add some overrides
  * Bump standards-version to 4.1.2 (no changes)

4d9e478... by Ondřej Surý on 2018-01-14

Import patches-unapplied version 2.4.29-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e71b57f8076ca227cd6c0a452857cb81a4bad93d

New changelog entries:
  * Add myself to Uploaders
  * Bump required version of apr/apr-util to 1.6.0 (Closes: #879634)
  * Run wrap-and-sort -a to canonicalize the debian/ directory
  * Add Build-Depends on libbrotli-dev and enable brotli module

e71b57f... by Ondřej Surý on 2017-10-23

Import patches-unapplied version 2.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06779c1600a4c3af43e43591723c3f5fdb1a1a8a

New changelog entries:
  [ Stefan Fritsch ]
  * Replace outdated dependency on dh-systemd
  [ Ondřej Surý ]
  * New upstream version 2.4.29
  * Refresh quilt patches
  * Add mod_ssl_md patch needed for libapache2-mod-md (Closes: #877343)
  * Refresh patches on top of upstream release 2.4.29
  * Fix Apache crash on restarts (ASF Bug 61558)
  * Add deconfigure to the list of recognized scripts (Closes: #877524)