ubuntu/+source/apache2:ubuntu/bionic-updates

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

6c8f20d... by Marc Deslauriers on 2018-04-25

Import patches-unapplied version 2.4.29-1ubuntu4.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: cb2b84735ee83e83e8d277ce4a346fff956f7fd4

New changelog entries:
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

cb2b847... by Rafael David Tinoco on 2018-03-02

Import patches-unapplied version 2.4.29-1ubuntu4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 37630b8cc1dfd80c1b632f3e56c6a507e68d17be

New changelog entries:
  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
    - added debian/patches/util_ldap_cache_lock_fix.patch

37630b8... by Dimitri John Ledkov on 2018-02-06

Import patches-unapplied version 2.4.29-1ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: cee1373bae8b05cf72102a280b9c3da239934f63

New changelog entries:
  * Switch back to OpenSSL 1.1.

cee1373... by  Christian Ehrhardt  on 2017-12-05

Import patches-unapplied version 2.4.29-1ubuntu2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 8eb2f0f67135d0ede19f5b3f26d85ac0a7ea9afb

New changelog entries:
  * enable http2 (LP: #1687454) by stopping to disable it
    - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
    - debian/config-dir/mods-available/http2.load: no more removed.
    - debian/rules: no more removed proxy_http2 from configure.
  * d/t/control, d/t/check-http2: add basic test for http2 support

8eb2f0f... by Marc Deslauriers on 2017-11-10

Import patches-unapplied version 2.4.29-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: e71b57f8076ca227cd6c0a452857cb81a4bad93d

New changelog entries:
  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - Correct systemd-sysv-generator behavior by customizing some
      parameters:
      + d/apache2-systemd.conf: add a drop-in file to specify some
        parameters for the systemd unit (type=Forking and
        RemainsAfterExit=no), this allow a correct state synchronisation
        between systemctl status and actual state of apache2 daemon.
      + d/apache2.install: place the apache2-systemd.conf file in the
        correct location.
    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
      + debian/config-dir/mods-available/http2.load: removed.
      + debian/rules: removed proxy_http2 from configure.
  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
    - debian/control: switch BuildDepends to libssl1.0-dev
    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
    - debian/rules: remove openssl virtual package and logic

e71b57f... by Ondřej Surý on 2017-10-23

Import patches-unapplied version 2.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06779c1600a4c3af43e43591723c3f5fdb1a1a8a

New changelog entries:
  [ Stefan Fritsch ]
  * Replace outdated dependency on dh-systemd
  [ Ondřej Surý ]
  * New upstream version 2.4.29
  * Refresh quilt patches
  * Add mod_ssl_md patch needed for libapache2-mod-md (Closes: #877343)
  * Refresh patches on top of upstream release 2.4.29
  * Fix Apache crash on restarts (ASF Bug 61558)
  * Add deconfigure to the list of recognized scripts (Closes: #877524)

06779c1... by Stefan Fritsch on 2017-09-23

Import patches-unapplied version 2.4.27-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5dd02315d5709feff0de803c1741178ccdb66bd6

New changelog entries:
  * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
    which could result in HTTP OPTIONS method leaking Apache's server memory.
    Closes: #876109
  * Fix argument escaping in apachectl. Closes: #876384

5dd0231... by Stefan Fritsch on 2017-09-03

Import patches-unapplied version 2.4.27-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500aa111c5a5c7a029c58d23bd12cc2c163d3ea8

New changelog entries:
  * Upload to unstable.
  * Update "Breaks:" for openssl transition.
  * Bump Standards-Version to 4.1.0. No changes needed.

500aa11... by Stefan Fritsch on 2017-08-08

Import patches-unapplied version 2.4.27-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: f7ef7e92d24d60f681df739f05081350a628d775

New changelog entries:
  * Use 'invoke-rc.d' instead of init script in logrotate script.
    Closes: #857607
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. LP: #1691495
  * mime.conf: Guard AddOutputFilter INCLUDES with proper <IfModule>.
    LP: #1675184
  * Use 'service' instead of init script in monit example config.
  * Bump Standards-Version to 4.0.1. Other changes:
    - change package priorities from extra to optional
  * Use libprotocol-http2-perl in autopkgtest.
  * Update test suite to svn r1804214.
  * Various tweaks to the test suite autopkgtest to avoid having to skip
    any test.
  * Also remove -DBUILD_DATETIME and -fdebug-prefix-map from config_vars.mk
    to avoid them being used by apxs.
  * deflate.conf: Remove mention of MSIE6

f7ef7e9... by Stefan Fritsch on 2017-07-16

Import patches-unapplied version 2.4.27-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: ee067d5fe3b294b6a1bf001de49d876e8cf21999

New changelog entries:
  * Switch to openssl 1.1. Again closes: #851094
  * Add versioned breaks for gridsite, libapache2-mod-dacs because of
    openssl transition.
  * Provide new apache2-api-20120211-openssl1.1 virtual package and make
    dh_apache2 generate a dependency on it if there is a build-dep on
    apache2-ssl-dev.
  * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
    work and should go into experimental, first. Reopens: #851094