ubuntu/+source/apache2:debian/buster

Last commit made on 2018-01-14
Get this branch:
git clone -b debian/buster https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/buster
Repository:
lp:ubuntu/+source/apache2

Recent commits

4d9e478... by Ondřej Surý on 2018-01-14

Import patches-unapplied version 2.4.29-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e71b57f8076ca227cd6c0a452857cb81a4bad93d

New changelog entries:
  * Add myself to Uploaders
  * Bump required version of apr/apr-util to 1.6.0 (Closes: #879634)
  * Run wrap-and-sort -a to canonicalize the debian/ directory
  * Add Build-Depends on libbrotli-dev and enable brotli module

e71b57f... by Ondřej Surý on 2017-10-23

Import patches-unapplied version 2.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06779c1600a4c3af43e43591723c3f5fdb1a1a8a

New changelog entries:
  [ Stefan Fritsch ]
  * Replace outdated dependency on dh-systemd
  [ Ondřej Surý ]
  * New upstream version 2.4.29
  * Refresh quilt patches
  * Add mod_ssl_md patch needed for libapache2-mod-md (Closes: #877343)
  * Refresh patches on top of upstream release 2.4.29
  * Fix Apache crash on restarts (ASF Bug 61558)
  * Add deconfigure to the list of recognized scripts (Closes: #877524)

06779c1... by Stefan Fritsch on 2017-09-23

Import patches-unapplied version 2.4.27-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5dd02315d5709feff0de803c1741178ccdb66bd6

New changelog entries:
  * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
    which could result in HTTP OPTIONS method leaking Apache's server memory.
    Closes: #876109
  * Fix argument escaping in apachectl. Closes: #876384

5dd0231... by Stefan Fritsch on 2017-09-03

Import patches-unapplied version 2.4.27-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500aa111c5a5c7a029c58d23bd12cc2c163d3ea8

New changelog entries:
  * Upload to unstable.
  * Update "Breaks:" for openssl transition.
  * Bump Standards-Version to 4.1.0. No changes needed.

500aa11... by Stefan Fritsch on 2017-08-08

Import patches-unapplied version 2.4.27-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: f7ef7e92d24d60f681df739f05081350a628d775

New changelog entries:
  * Use 'invoke-rc.d' instead of init script in logrotate script.
    Closes: #857607
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. LP: #1691495
  * mime.conf: Guard AddOutputFilter INCLUDES with proper <IfModule>.
    LP: #1675184
  * Use 'service' instead of init script in monit example config.
  * Bump Standards-Version to 4.0.1. Other changes:
    - change package priorities from extra to optional
  * Use libprotocol-http2-perl in autopkgtest.
  * Update test suite to svn r1804214.
  * Various tweaks to the test suite autopkgtest to avoid having to skip
    any test.
  * Also remove -DBUILD_DATETIME and -fdebug-prefix-map from config_vars.mk
    to avoid them being used by apxs.
  * deflate.conf: Remove mention of MSIE6

f7ef7e9... by Stefan Fritsch on 2017-07-16

Import patches-unapplied version 2.4.27-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: ee067d5fe3b294b6a1bf001de49d876e8cf21999

New changelog entries:
  * Switch to openssl 1.1. Again closes: #851094
  * Add versioned breaks for gridsite, libapache2-mod-dacs because of
    openssl transition.
  * Provide new apache2-api-20120211-openssl1.1 virtual package and make
    dh_apache2 generate a dependency on it if there is a build-dep on
    apache2-ssl-dev.
  * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
    work and should go into experimental, first. Reopens: #851094

ee067d5... by Stefan Fritsch on 2017-07-16

Import patches-unapplied version 2.4.27-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 88a61448d240fbc3a7b134767d9837bd10071bf6

New changelog entries:
  [ New upstream release ]
  * Fix CVE-2017-9788: mod_auth_digest: Uninitialized memory reflection
    Closes: #868467
  [ Stefan Fritsch ]
  * Switch to openssl 1.1. Closes: #851094

88a6144... by Stefan Fritsch on 2017-06-20

Import patches-unapplied version 2.4.25-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7674960d2cfb46d6dd941e44384ea880155a8188

New changelog entries:
  * Backport security fixes from 2.4.26:
  * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
  * CVE-2017-3169: mod_ssl NULL pointer dereference
  * CVE-2017-7668: Buffer overrun in ap_find_token()
  * CVE-2017-7679: mod_mime buffer overread
  * CVE-2017-7659: mod_http2 NULL pointer dereference

7674960... by Stefan Fritsch on 2017-01-25

Import patches-unapplied version 2.4.25-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5838443ffdd2e4fcade4168049811f0a89641fdb

New changelog entries:
  * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
    Closes: #852543
  * Compile mod_bucketeer mod_case_filter mod_case_filter_in for benefit of
    the test suite, but don't add *.load files because they don't have any
    real-world use.
  * Include the upstream test suite and a corresponding autopkgtest. This
    is quite a hack but it may help quite a bit with security updates,
    especially if stretch gets LTS support, too.

5838443... by Stefan Fritsch on 2017-01-14

Import patches-unapplied version 2.4.25-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e3f3b995ccda824ea1f98974400a0e8b69631687

New changelog entries:
  * Activate mod_reqtimeout in new installs and during updates from
    before 2.4.25-2. It was wrongly not activated in new installs since
    jessie. This made the default installation vulnerable to some DoS
    attacks.
  * Restart htcacheclean on updates and tighten dependency on apache2-utils
    to ensure that apache2-utils cannot be upgraded without apache2.
    Closes: #851122
  * When running on systems with systemd, make 'apache2ctl start' invoke
    systemctl instead. Otherwise systemd will think apache2 is not running
    and ignore further commands like reload. Closes: #839227
  * Avoid segfault in mpm_event if a signal is received too soon after start.
    PR 60487
  * Add test for some modules to be enabled.
  * Remove mention of CVE-2016-5387 in 2.4.25-1 changelog. It was already
    fixed in 2.4.23-2.