ubuntu/+source/apache2:ubuntu/cosmic-proposed

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

c01ee5a... by Marc Deslauriers on 2018-10-03

Import patches-unapplied version 2.4.34-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 54cf94ea486abd9b821825e9707ccbab064f95a2

New changelog entries:
  * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
    - debian/patches/CVE-2018-11763.patch: rework connection IO event
      handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
      modules/http2/h2_version.h.
    - CVE-2018-11763

54cf94e... by Andreas Hasenack on 2018-08-03

Import patches-unapplied version 2.4.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ef5d2450201d96722e86ff11a816bf14e3b9cfca

New changelog entries:
  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - d/t/control, d/t/check-http2: add basic test for http2 support
    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
      cannot be coinstalled with libcurl3. That situation breaks the
      installation of libapache2-mod-shib2. See
      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
      for details.

ef5d245... by Stefan Fritsch on 2018-07-27

Import patches-unapplied version 2.4.34-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f9135dfca55cef91c3af3074fc3ba3826d3f95d8

New changelog entries:
  [ Ondřej Surý ]
  * New upstream version 2.4.34
    Security fixes:
    - CVE-2018-1333: Denial of service in mod_http2. Closes: #904106
    - CVE-2018-8011: Denial of service in mod_md. Closes: #904107
  * Refresh patches for Apache2 2.4.34 release
  * Update the suexec-custom.patch for 2.4.34 release
  [ Stefan Fritsch ]
  * Remove load order dependency introduced in mod_lbmethod_* in 2.4.34
  * Remove debian/gbp.conf. Closes: #904641
  * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper.
    Closes: #904150

f9135df... by Stefan Fritsch on 2018-05-05

Import patches-unapplied version 2.4.33-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b13a69a4c7ec1ab4ee90a70d5dff9e013a2d26d0

New changelog entries:
  * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
    Closes: #894785
  * mod_http2: Avoid high memory usage with large files, causing crashes on
    32bit archs. Closes: #897218
  * Migrate from alioth to salsa.

b13a69a... by Stefan Fritsch on 2018-04-22

Import patches-unapplied version 2.4.33-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3e69ee740b7685d9d4399b12bf8aa5f4b7e23e36

New changelog entries:
  * Add Replaces: and transitional packages for libapache2-mod-proxy-uwsgi
    and libapache2-mod-md.
    Closes: #894760, #894761, #894785

3e69ee7... by Stefan Fritsch on 2018-03-30

Import patches-unapplied version 2.4.33-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4d9e478148bbfba2ec7ea63e425f3425c76e6b42

New changelog entries:
  * New upstream version.
    Security fixes:
    - CVE-2017-15710
      Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
    - CVE-2018-1283
      mod_session: CGI-like applications that intend to read from mod_session's
      'SessionEnv ON' could be fooled into reading user-supplied data instead.
    - CVE-2018-1303
      mod_cache_socache: Fix request headers parsing to avoid a possible crash
      with specially crafted input data.
    - CVE-2018-1301
      core: Possible crash with excessively long HTTP request headers.
      Impractical to exploit with a production build and production LogLevel.
    - CVE-2017-15715
      core: Configure the regular expression engine to match '$' to the end of
      the input string only, excluding matching the end of any embedded
      newline characters. Behavior can be changed with new directive
      'RegexDefaultOptions'.
    - CVE-2018-1312
      mod_auth_digest: Fix generation of nonce values to prevent replay
      attacks across servers using a common Digest domain. This change
      may cause problems if used with round robin load balancers. PR 54637
    - CVE-2018-1302
      mod_http2: Potential crash w/ mod_http2.
    - mod_proxy_uwsgi: New UWSGI proxy submodule.
    - mod_md: New experimental module for managing domains across virtual
      hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
      renew certificates.
    - core: silently ignore a not existent file path when IncludeOptional
      is used. Closes: #878920
    - mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980
  * Fix lintian warnings:
    - Include SupportApache-small.png in apache2-doc package instead of
      linking to apache.org, to avoid privacy issues.
    - Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
    - Remove deprecated use of autotools_dev with dh.
    - Add some overrides
  * Bump standards-version to 4.1.2 (no changes)

4d9e478... by Ondřej Surý on 2018-01-14

Import patches-unapplied version 2.4.29-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e71b57f8076ca227cd6c0a452857cb81a4bad93d

New changelog entries:
  * Add myself to Uploaders
  * Bump required version of apr/apr-util to 1.6.0 (Closes: #879634)
  * Run wrap-and-sort -a to canonicalize the debian/ directory
  * Add Build-Depends on libbrotli-dev and enable brotli module

e71b57f... by Ondřej Surý on 2017-10-23

Import patches-unapplied version 2.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06779c1600a4c3af43e43591723c3f5fdb1a1a8a

New changelog entries:
  [ Stefan Fritsch ]
  * Replace outdated dependency on dh-systemd
  [ Ondřej Surý ]
  * New upstream version 2.4.29
  * Refresh quilt patches
  * Add mod_ssl_md patch needed for libapache2-mod-md (Closes: #877343)
  * Refresh patches on top of upstream release 2.4.29
  * Fix Apache crash on restarts (ASF Bug 61558)
  * Add deconfigure to the list of recognized scripts (Closes: #877524)

06779c1... by Stefan Fritsch on 2017-09-23

Import patches-unapplied version 2.4.27-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5dd02315d5709feff0de803c1741178ccdb66bd6

New changelog entries:
  * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
    which could result in HTTP OPTIONS method leaking Apache's server memory.
    Closes: #876109
  * Fix argument escaping in apachectl. Closes: #876384

5dd0231... by Stefan Fritsch on 2017-09-03

Import patches-unapplied version 2.4.27-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500aa111c5a5c7a029c58d23bd12cc2c163d3ea8

New changelog entries:
  * Upload to unstable.
  * Update "Breaks:" for openssl transition.
  * Bump Standards-Version to 4.1.0. No changes needed.