-
8b34a73...
by
Andreas Hasenack
on 2018-06-07
-
Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed
Imported using git-ubuntu import.
Changelog parent: cbc32000dfcc49bf646d2453fa1b15f7c2075c8c
New changelog entries:
* debian/patches/includeoptional-ignore-non-existent.patch: silently
ignore a not existent file path with IncludeOptional . Closes LP:
#1766186.
-
cbc3200...
by
Marc Deslauriers
on 2018-04-18
-
Import patches-unapplied version 2.4.27-2ubuntu4.1 to ubuntu/artful-security
Imported using git-ubuntu import.
Changelog parent: c7c79f29748d24bb5f9fbc71b131aef8cc4117c2
New changelog entries:
* SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
- debian/patches/CVE-2017-15710.patch: fix language long names
detection as short name in modules/aaa/mod_authnz_ldap.c.
- CVE-2017-15710
* SECURITY UPDATE: incorrect <FilesMatch> matching
- debian/patches/CVE-2017-15715.patch: allow to configure
global/default options for regexes, like caseless matching or
extended format in include/ap_regex.h, server/core.c,
server/util_pcre.c.
- CVE-2017-15715
* SECURITY UPDATE: mod_session header manipulation
- debian/patches/CVE-2018-1283.patch: strip Session header when
SessionEnv is on in modules/session/mod_session.c.
- CVE-2018-1283
* SECURITY UPDATE: DoS via specially-crafted request
- debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
terminated on any error, not only on buffer full in
server/protocol.c.
- CVE-2018-1301
* SECURITY UPDATE: mod_cache_socache DoS
- debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
to carriage return in modules/cache/mod_cache_socache.c.
- CVE-2018-1303
* SECURITY UPDATE: insecure nonce generation
- debian/patches/CVE-2018-1312.patch: actually use the secret when
generating nonces in modules/aaa/mod_auth_digest.c.
- CVE-2018-1312
-
c7c79f2...
by
Rafael David Tinoco
on 2018-03-02
-
Import patches-unapplied version 2.4.27-2ubuntu4 to ubuntu/artful-proposed
Imported using git-ubuntu import.
Changelog parent: c484172d3a6599603ebbf2fbbc81312301b61e72
New changelog entries:
* Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
- added debian/patches/util_ldap_cache_lock_fix.patch
-
c484172...
by
Marc Deslauriers
on 2017-09-18
-
Import patches-unapplied version 2.4.27-2ubuntu3 to ubuntu/artful-proposed
Imported using git-ubuntu import.
Changelog parent: f09ecdf404a45f84d3f6706d7415653f3faa38d7
New changelog entries:
* SECURITY UPDATE: optionsbleed information leak
- debian/patches/CVE-2017-9798.patch: disallow method registration
at run time in server/core.c.
- CVE-2017-9798
-
f09ecdf...
by
Marc Deslauriers
on 2017-08-02
-
Import patches-unapplied version 2.4.27-2ubuntu2 to ubuntu/artful-proposed
Imported using git-ubuntu import.
Changelog parent: 0c22eaa464e098765fdace1b667f458294cb7203
New changelog entries:
* Undrop (LP 1658469):
- Don't build http2 module (nghttp2 still not in main) (LP 1687454)
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
-
0c22eaa...
by
Nish Aravamudan
on 2017-07-27
-
Import patches-unapplied version 2.4.27-2ubuntu1 to ubuntu/artful-proposed
Imported using git-ubuntu import.
Changelog parent: eebc1582658d9efdd5c48781816735fa69d6487d
New changelog entries:
* Merge with Debian unstable (LP: #1702582). Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- Correct systemd-sysv-generator behavior by customizing some
parameters:
+ d/apache2-systemd.conf: add a drop-in file to specify some
parameters for the systemd unit (type=Forking and
RemainsAfterExit=no), this allow a correct state synchronisation
between systemctl status and actual state of apache2 daemon.
+ d/apache2.install: place the apache2-systemd.conf file in the
correct location.
-
eebc158...
by
Stefan Fritsch
on 2017-07-16
-
Import patches-unapplied version 2.4.27-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: ee067d5fe3b294b6a1bf001de49d876e8cf21999
New changelog entries:
* Switch back to openssl 1.0 for now. The transition to 1.1 needs more
work and should go into experimental, first. Reopens: #851094
-
ee067d5...
by
Stefan Fritsch
on 2017-07-16
-
Import patches-unapplied version 2.4.27-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 88a61448d240fbc3a7b134767d9837bd10071bf6
New changelog entries:
[ New upstream release ]
* Fix CVE-2017-9788: mod_auth_digest: Uninitialized memory reflection
Closes: #868467
[ Stefan Fritsch ]
* Switch to openssl 1.1. Closes: #851094
-
88a6144...
by
Stefan Fritsch
on 2017-06-20
-
Import patches-unapplied version 2.4.25-4 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 7674960d2cfb46d6dd941e44384ea880155a8188
New changelog entries:
* Backport security fixes from 2.4.26:
* CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
* CVE-2017-3169: mod_ssl NULL pointer dereference
* CVE-2017-7668: Buffer overrun in ap_find_token()
* CVE-2017-7679: mod_mime buffer overread
* CVE-2017-7659: mod_http2 NULL pointer dereference
-
7674960...
by
Stefan Fritsch
on 2017-01-25
-
Import patches-unapplied version 2.4.25-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 5838443ffdd2e4fcade4168049811f0a89641fdb
New changelog entries:
* Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
Closes: #852543
* Compile mod_bucketeer mod_case_filter mod_case_filter_in for benefit of
the test suite, but don't add *.load files because they don't have any
real-world use.
* Include the upstream test suite and a corresponding autopkgtest. This
is quite a hack but it may help quite a bit with security updates,
especially if stretch gets LTS support, too.
