ubuntu/+source/apache2:ubuntu/trusty-proposed

Last commit made on 2018-04-05
Get this branch:
git clone -b ubuntu/trusty-proposed https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-proposed
Repository:
lp:ubuntu/+source/apache2

Recent commits

d9db552... by Rafael David Tinoco on 2018-03-02

Import patches-unapplied version 2.4.7-1ubuntu4.19 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4ce8f475fe1a7c4af97f6dc09ecf28efdee0d12b

New changelog entries:
  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
    - added debian/patches/util_ldap_cache_lock_fix.patch

4ce8f47... by Marc Deslauriers on 2017-09-18

Import patches-unapplied version 2.4.7-1ubuntu4.18 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 181b6d05779ecf34634cb44f74771a9f25cc5387

New changelog entries:
  * SECURITY UPDATE: optionsbleed information leak
    - debian/patches/CVE-2017-9798.patch: disallow method registration
      at run time in server/core.c.
    - CVE-2017-9798

181b6d0... by Marc Deslauriers on 2017-07-27

Import patches-unapplied version 2.4.7-1ubuntu4.17 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 85378f36afd9fb3303888d983153f29b342d26ee

New changelog entries:
  * SECURITY UPDATE: uninitialized memory reflection in mod_auth_digest
    - debian/patches/CVE-2017-9788.patch: correct string scope in
      modules/aaa/mod_auth_digest.c.
    - CVE-2017-9788

85378f3... by Marc Deslauriers on 2017-06-26

Import patches-unapplied version 2.4.7-1ubuntu4.16 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 14a42d6bee0f8d416de61b834f193934893c6b58

New changelog entries:
  * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw()
    - debian/patches/CVE-2017-3167.patch: deprecate and replace
      ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h,
      server/protocol.c, server/request.c.
    - CVE-2017-3167
  * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection()
    - debian/patches/CVE-2017-3169.patch: fix ctx passed to
      ssl_io_filter_error() in modules/ssl/ssl_engine_io.c.
    - CVE-2017-3169
  * SECURITY UPDATE: denial of service and possible incorrect value return
    in HTTP strict parsing changes
    - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in
      server/util.c.
    - CVE-2017-7668
  * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header
    - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in
      modules/http/mod_mime.c.
    - CVE-2017-7679

14a42d6... by Marc Deslauriers on 2017-05-05

Import patches-unapplied version 2.4.7-1ubuntu4.15 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 5e537cd787b3a5bd8ac3c08836b3d4a2ecf30b47

New changelog entries:
  * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue
    - debian/patches/CVE-2016-0736.patch: authenticate the session
      data/cookie with a MAC in modules/session/mod_session_crypto.c.
    - CVE-2016-0736
  * SECURITY UPDATE: denial of service via malicious mod_auth_digest input
    - debian/patches/CVE-2016-2161.patch: improve memory handling in
      modules/aaa/mod_auth_digest.c.
    - CVE-2016-2161
  * SECURITY UPDATE: response splitting and cache pollution issue via
    incomplete RFC7230 HTTP request grammar enforcing
    - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in
      include/http_core.h, include/http_protocol.h, include/httpd.h,
      modules/http/http_filters.c, server/core.c, server/gen_test_char.c,
      server/protocol.c, server/util.c, server/vhost.c.
    - debian/patches/hostnames_with_underscores.diff: relax hostname
      restrictions in server/vhost.c.
    - CVE-2016-8743
  * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and
    may introduce compatibility issues with clients that do not strictly
    follow specifications. A new configuration directive,
    "HttpProtocolOptions Unsafe" can be used to re-enable some of the less
    strict parsing restrictions, at the expense of security.

5e537cd... by Marc Deslauriers on 2016-07-14

Import patches-unapplied version 2.4.7-1ubuntu4.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fe526ba278235a37d3b808793acf0da3ecaa76e5

New changelog entries:
  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
      server/util_script.c.
    - CVE-2016-5387
  * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in
    trusty-proposed.

fe526ba... by ChristianEhrhardt on 2016-06-07

Import patches-unapplied version 2.4.7-1ubuntu4.11 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 604ac30cde956f740ae42a005fdc08283b1c06bb

New changelog entries:
  * Fix hang until proxy timeout for Proxy responses with error status and
    "ProxyErrorOverride On" being set (LP: #1495988).

604ac30... by Louis Bouchard on 2016-04-20

Import patches-unapplied version 2.4.7-1ubuntu4.10 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7d9ca92cae55b0bdd87b7fd64ded8f17e77e84ab

New changelog entries:
  * Add apache2 specific modification needed along with fix to
    libapache2-mpm-itk so it becomes installable again (LP: #1286882):
    - Removes warning on mpm_itk use
    - Removes conflicts on mpm_itk

7d9ca92... by Dave Chiluk on 2016-01-13

Import patches-unapplied version 2.4.7-1ubuntu4.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 90ca46e36d58ecf124b43f0715c67ea578fabc34

New changelog entries:
  * Force disablereuse on for mod_proxy_wstunnel. Fixes "Unable to connect to:
    ws://<maas IP>:/MAAS/ws" errors with maas, and other proxy applications.
    https://bz.apache.org/bugzilla/show_bug.cgi?id=55890
    (LP: #1484696).

90ca46e... by Jeffrey Hutzelman <email address hidden> on 2015-10-08

Import patches-unapplied version 2.4.7-1ubuntu4.8 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: d9c682ad7724b64fc68380d9db89d78be93ce235

New changelog entries:
  * Fix -D[efined] or <Define>[d] variables lifetime across restarts.
    This fixes incorrect processing of configuration files on reload
    (LP: #1504354).