-
5a4aa4d...
by
Dimitri John Ledkov
on 2019-06-13
-
Import patches-unapplied version 2.4.38-3ubuntu2 to ubuntu/eoan-proposed
Imported using git-ubuntu import.
Changelog parent: e936130b355fd0cbf58c47c7cd36cf3a0d49a6fb
New changelog entries:
* Cherrypick upstream test suite fix for buffer.
-
e936130...
by
Dimitri John Ledkov
on 2019-06-10
-
Import patches-unapplied version 2.4.38-3ubuntu1 to ubuntu/eoan-proposed
Imported using git-ubuntu import.
Changelog parent: 6f896d33242900b08c8788338c9e90e23713055c
New changelog entries:
* Merge from Debian unstable. Remaining changes:
- Cherrypick upstream testsuite fix:
+ r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
as such).
- Similarly use TLSv1.2 for pr12355 and pr43738.
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
[Removed configure chunk, not needed since configure.in is being
patched.]
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- d/t/control, d/t/check-http2: add basic test for http2 support
-
6f896d3...
by
Stefan Fritsch
on 2019-04-07
-
Import patches-unapplied version 2.4.38-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 847b2dd6c945b42d4b49bbc8fbb24a7dd4fc4897
New changelog entries:
[ Marc Deslauriers ]
* SECURITY UPDATE: read-after-free on a string compare in mod_http2
- debian/patches/CVE-2019-0196.patch: disentangelment of stream and
request method in modules/http2/h2_request.c.
- CVE-2019-0196
* SECURITY UPDATE: privilege escalation from modules' scripts
- debian/patches/CVE-2019-0211.patch: bind the bucket number of each
child to its slot number in include/scoreboard.h,
server/mpm/event/event.c, server/mpm/prefork/prefork.c,
server/mpm/worker/worker.c.
- CVE-2019-0211
* SECURITY UPDATE: mod_ssl access control bypass
- debian/patches/CVE-2019-0215.patch: restore SSL verify state after
PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
- CVE-2019-0215
* SECURITY UPDATE: mod_auth_digest access control bypass
- debian/patches/CVE-2019-0217.patch: fix a race condition in
modules/aaa/mod_auth_digest.c.
- CVE-2019-0217
* SECURITY UPDATE: URL normalization inconsistincy
- debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
the path in include/http_core.h, include/httpd.h, server/core.c,
server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
in server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
server/util.c.
- CVE-2019-0220
[ Stefan Fritsch ]
* Pull security fixes from 2.4.39 via Ubuntu
* CVE-2019-0197: mod_http2: Fix possible crash on late upgrade
-
847b2dd...
by
Xavier Guimard <email address hidden>
on 2019-01-31
-
Import patches-unapplied version 2.4.38-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 9da9dfa1e43b5d69d2783d1a3e1a5b6dcde606c1
New changelog entries:
* Disable "reset" test in allowmethods.t (Closes: #921024)
-
9da9dfa...
by
Xavier Guimard <email address hidden>
on 2019-01-29
-
Import patches-unapplied version 2.4.38-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 7387d718ca26d92498f9ed1584fea8cbcb4f704e
New changelog entries:
[ Jelmer Vernooij ]
* Reverted for now: Transition to automatic debug package (from: apache2-dbg)
* Trim trailing whitespace
* Use secure copyright file specification URI
[ Niels Thykier ]
* Add Rules-Requires-Root: binary-targets
[ Xavier Guimard ]
* Convert signing-key.pgp into signing-key.asc
* Add http2.conf (Closes: #880993)
* Remove unnecessary greater-than versioned dependency to dpkg-dev,
libbrotli-dev and libapache2-mod-md
* Declare compliance with policy 4.2.1
* Add spelling errors patch (reported)
* Fix some spelling errors in debian files
* Add myself to uploaders
* Refresh patches
* Bump debhelper compatibility level to 10
* debian/rules:
- Remove unnecessary dh argument --parallel
- use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog
* Add upstream/metadata
* Replace MIT by Expat in debian/copyright
* debian/watch: use https url
* Add documentation links in systemd service files
* Team upload
[ Cyrille Bollu ]
* Put HTTP2 configuration within <IfModule !mpm_prefork></IfModule> tags as
it gets automatically de-activated upon apache 'startup when using
mpm_prefork.
* Updated http2.conf to inform user that they may want to change their
LogFormat directives.
[ Xavier Guimard ]
* New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
* Refresh patches
* Remove setenvifexpr.diff patch now included in upstream
* Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
* Add a "sleep" in debian/tests/htcacheclean and skip result if "stop" failed
* Declare compliance with policy 4.3.0
* Fix homepage to https
* Update debian/copyright
-
7387d71...
by
Stefan Fritsch
on 2018-11-03
-
Import patches-unapplied version 2.4.37-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: bf7f8f045ccf34c2c08f02ecdd0f46ef7a97ee46
New changelog entries:
* New upstream version
- mod_ssl: Add support for TLSv1.3
* Add docs symlink for libapache2-mod-proxy-uwsgi. Closes: #910218
* Update test-framework to r1845652
* Fix test suite to actually run by creating a test user. It turns out
the test suite refuses to run as root but returns true even in that
case. It seems this has been broken since 2.4.27-4, where the test suite
had been updated and the debci test duration dropped from 15min to
3min. Also, don't rely on the exit status anymore but parse the test
output.
* Backport a fix from trunk for SetEnvIfExpr. This fixes a test failure.
-
bf7f8f0...
by
Stefan Fritsch
on 2018-10-07
-
Import patches-unapplied version 2.4.35-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: ef5d2450201d96722e86ff11a816bf14e3b9cfca
New changelog entries:
* New upstream version 2.4.35
Security fix:
- CVE-2018-11763: DoS for HTTP/2 connections by continuous SETTINGS
Closes: #909591
* Fix lintian warning: Don't force xz in builddeb override.
-
ef5d245...
by
Stefan Fritsch
on 2018-07-27
-
Import patches-unapplied version 2.4.34-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: f9135dfca55cef91c3af3074fc3ba3826d3f95d8
New changelog entries:
[ Ondřej Surý ]
* New upstream version 2.4.34
Security fixes:
- CVE-2018-1333: Denial of service in mod_http2. Closes: #904106
- CVE-2018-8011: Denial of service in mod_md. Closes: #904107
* Refresh patches for Apache2 2.4.34 release
* Update the suexec-custom.patch for 2.4.34 release
[ Stefan Fritsch ]
* Remove load order dependency introduced in mod_lbmethod_* in 2.4.34
* Remove debian/gbp.conf. Closes: #904641
* Fix typo in apache2_switch_mpm() in apache2-maintscript-helper.
Closes: #904150
-
f9135df...
by
Stefan Fritsch
on 2018-05-05
-
Import patches-unapplied version 2.4.33-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: b13a69a4c7ec1ab4ee90a70d5dff9e013a2d26d0
New changelog entries:
* Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
Closes: #894785
* mod_http2: Avoid high memory usage with large files, causing crashes on
32bit archs. Closes: #897218
* Migrate from alioth to salsa.
-
b13a69a...
by
Stefan Fritsch
on 2018-04-22
-
Import patches-unapplied version 2.4.33-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 3e69ee740b7685d9d4399b12bf8aa5f4b7e23e36
New changelog entries:
* Add Replaces: and transitional packages for libapache2-mod-proxy-uwsgi
and libapache2-mod-md.
Closes: #894760, #894761, #894785
