Last commit made on 2016-07-18
Get this branch:
git clone -b ubuntu/wily-updates https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

ae00901... by Marc Deslauriers on 2016-07-14

Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 80e107784b66ab740328c0da1c1d81f9e20168dd

New changelog entries:
  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
    - CVE-2016-5387

80e1077... by Marc Deslauriers on 2015-07-24

Import patches-unapplied version 2.4.12-2ubuntu2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: db68d8373debd5ab56cbd27c91f3ba0b2915360e

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

db68d83... by Robie Basak on 2015-05-28

Import patches-unapplied version 2.4.12-2ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: f677101aa983ac70400564a70e87bb95376d4df4

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - Allow "triggers-awaited" and "triggers-pending" states in addition
      to "installed" when determining whether to defer actions or
      process deferred actions.
  * Drop patches (applied upstream):
    - d/p/split-logfile.patch
    - d/p/CVE-2015-0228.patch
  * Drop changes (superceded in Debian):
    - Cherry-pick versioned build-depend on dpkg from Debian for correct
      dpkg-maintscript-helper symlink_to_dir support.
  * Drop changes (adopted in Debian):
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
  * Fix cross-building configure line in d/rules, which had bit-rotted in
    previous merges.

f677101... by Stefan Fritsch on 2015-05-11

Import patches-unapplied version 2.4.12-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e2d71c29855a1f1856aecd52cf535b4d37b3a17

New changelog entries:
  [ Jean-Michel Nirgal Vourgère ]
  * d/control:
    + Update Vcs-Browser.
  * d/copyright:
    + Change d/debhelper/dh_apache2 to dh_apache2.in.
    + Drop paragraph about inexistant itk patches.
  [ Stefan Fritsch ]
  * Remove all the transitional packages:
    apache2-mpm-worker, apache2-mpm-prefork, apache2-mpm-event,
    apache2-mpm-itk, apache2.2-bin, apache2.2-common,
    libapache2-mod-proxy-html, libapache2-mod-macro, apache2-suexec
    This also fixes the dependency problems caused by a recent version
    of debhelper (see #784803).

5e2d71c... by Stefan Fritsch on 2015-04-28

Import patches-unapplied version 2.4.12-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 39eb079c9724146918f6b841ee163649115bc53b

New changelog entries:
  * New upstream version
  * Add a patch for CVE-2015-0253 which was introduced in 2.4.11 which
    was never shipped in Debian.
  * Ship mod_proxy_html's default config file. Closes: #782022
  * Fix typo in dh_apache2 man page. Closes: #781032

39eb079... by Stefan Fritsch on 2015-03-31

Import patches-unapplied version 2.4.10-11 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d87b281ce5165a351c4c75234d05bb03608aaf8f

New changelog entries:
  * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
    This could cause all kinds of strange behavior. PR 56008. PR 57328
  * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
  * mpm_event: Fix crashes due to various race conditions. Closes: #779078

d87b281... by Stefan Fritsch on 2015-03-15

Import patches-unapplied version 2.4.10-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 17c775a090b998a69e6b861dff2feb279f63dafa

New changelog entries:
  * CVE-2015-0228: mod_lua: Fix denial of service vulnerability in
  * Fix setup-instance example script to handle a2enconf/a2disconf.
    LP: #1430936
  * Tweak mention of mod_access_compat in NEWS.Debian. The module does
    not really work in practice.

17c775a... by Stefan Fritsch on 2014-12-22

Import patches-unapplied version 2.4.10-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fd7676df657ceb8377ee7649ec7c7000fbfed3e2

New changelog entries:
  * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
    LuaAuthzProvider is used in multiple Require directives with different
  * Include ask-for-passphrase script from Ubuntu with some tweaks. This
    fixes asking for certificate passphrases if started via systemd.
    Closes: #773405
  * Fix init script to not wait 20s if passphrase was wrong.
  * Also bump debhelper build-depends to get dh_installdeb with support for
    symlink_to_dir. Closes: #770421

fd7676d... by Stefan Fritsch on 2014-11-18

Import patches-unapplied version 2.4.10-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4169270c04cdaffeb3d988bd336c7ae6917dd27f

New changelog entries:
  * Bump dpkg Pre-Depends to version that supports relative symlinks in
    dpkg-maintscript-helper's symlink_to_dir. Closes: #769821
  * mod_proxy_fcgi: Fix potential denial of service by malicious fcgi
    script. (CVE-2014-3583). Fix similar bug in mod_authnz_fcgi even
    though it does not seem to be exploitable.
  * mpm_event: Fix use-after-free that may lead to a server crash.
  * mod_ssl: Fix memory leak on graceful restart. Closes: #754492
  * mod_ssl: Avoid crashes during startup or graceful restart due to
    openssl using a callback to invalid memory. LP: #1366174

4169270... by Stefan Fritsch on 2014-11-09

Import patches-unapplied version 2.4.10-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5dfb01394a39404c813eee0a5d207009639806ed

New changelog entries:
  * Handle transitions of doc dirs and symlinks correctly during upgrade.
    Use dpkg-maintscript-helper for this and remove existing explicit logic.
    Closes: #767850
  * Remove obsolete conffiles in apache2.2-common, instead doing this only in
    apache2. This partially fixes #768815