-
854603c...
by
Nish Aravamudan
on 2017-02-10
-
Import patches-unapplied version 2.4.25-3ubuntu2 to ubuntu/zesty-proposed
Imported using git-ubuntu import.
Changelog parent: f110b98a2e759a131e5fa7b6b13c58d73f6c1550
New changelog entries:
* Undrop (LP 1658469):
- Don't build experimental http2 module for LTS:
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
+ debian/apache2.maintscript: remove http2 conffile.
-
f110b98...
by
Nish Aravamudan
on 2017-02-09
-
Import patches-unapplied version 2.4.25-3ubuntu1 to ubuntu/zesty-proposed
Imported using git-ubuntu import.
Changelog parent: 7674960d2cfb46d6dd941e44384ea880155a8188
New changelog entries:
* Merge from Debian unstable (LP: #1663425). Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- Correct systemd-sysv-generator behavior by customizing some
parameters:
+ d/apache2-systemd.conf: add a drop-in file to specify some
parameters for the systemd unit (type=Forking and
RemainsAfterExit=no), this allow a correct state synchronisation
between systemctl status and actual state of apache2 daemon.
+ d/apache2.install: place the apache2-systemd.conf file in the
correct location.
* Drop (LP: #1658469):
- Don't build experimental http2 module for LTS:
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
+ debian/apache2.maintscript: remove http2 conffile.
-
7674960...
by
Stefan Fritsch
on 2017-01-25
-
Import patches-unapplied version 2.4.25-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 5838443ffdd2e4fcade4168049811f0a89641fdb
New changelog entries:
* Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
Closes: #852543
* Compile mod_bucketeer mod_case_filter mod_case_filter_in for benefit of
the test suite, but don't add *.load files because they don't have any
real-world use.
* Include the upstream test suite and a corresponding autopkgtest. This
is quite a hack but it may help quite a bit with security updates,
especially if stretch gets LTS support, too.
-
5838443...
by
Stefan Fritsch
on 2017-01-14
-
Import patches-unapplied version 2.4.25-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: e3f3b995ccda824ea1f98974400a0e8b69631687
New changelog entries:
* Activate mod_reqtimeout in new installs and during updates from
before 2.4.25-2. It was wrongly not activated in new installs since
jessie. This made the default installation vulnerable to some DoS
attacks.
* Restart htcacheclean on updates and tighten dependency on apache2-utils
to ensure that apache2-utils cannot be upgraded without apache2.
Closes: #851122
* When running on systems with systemd, make 'apache2ctl start' invoke
systemctl instead. Otherwise systemd will think apache2 is not running
and ignore further commands like reload. Closes: #839227
* Avoid segfault in mpm_event if a signal is received too soon after start.
PR 60487
* Add test for some modules to be enabled.
* Remove mention of CVE-2016-5387 in 2.4.25-1 changelog. It was already
fixed in 2.4.23-2.
-
e3f3b99...
by
Stefan Fritsch
on 2016-12-21
-
Import patches-unapplied version 2.4.25-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: d0ab85635184f1f83ca54b0a0b3298a0b72ade50
New changelog entries:
[ New upstream release ]
* Security: CVE-2016-0736:
mod_session_crypto: Authenticate the session data/cookie with a MAC to
prevent deciphering or tampering with a padding oracle attack.
* Security: CVE-2016-2161:
mod_auth_digest: Prevent segfaults during client entry allocation when the
shared memory space is exhausted.
* Security: CVE-2016-5387:
Mitigate [f]cgi "httpoxy" issues.
* Security: CVE-2016-8740:
mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
Closes: #847124
* Security: CVE-2016-8743:
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies.
* The stricter HTTP enforcement may cause compatibility problems with
non-conforming clients. Fine-tuning is possible with the new
HttpProtocolOptions directive.
* mpm_event: Fix "scoreboard full" errors. Closes: #834708 LP: #1466926
* mod_http2: Many fixes and support for early pushes using the new
H2PushResource directive.
[ Stefan Fritsch ]
* Switch to debhelper compatibility level 9.
-
d0ab856...
by
Stefan Fritsch
on 2016-11-19
-
Import patches-unapplied version 2.4.23-8 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 4e4d3675b4d968da9149885326d2a14d661aeef0
New changelog entries:
* Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
new package apache2-ssl-dev. Packages that interface with openssl
state from mod_ssl must build-depend on this new package.
This will help to disentangle the build-deps in the openssl transition.
Closes: #845033
-
4e4d367...
by
Stefan Fritsch
on 2016-11-13
-
Import patches-unapplied version 2.4.23-7 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 261fbaae28d1aed5754a63aaf03543a06238618f
New changelog entries:
* Make apache2-dev depend on openssl 1.0, too. Closes: #844160
* Move DefaultRuntimeDir and pid file for multi-instances to
/var/run/apache2-xxx. Thanks to Horst Platz for the debugging.
Closes: #838932 LP: #1627339
* Fix systemd unit naming for multi-instances.
* Tweak embedded .tar.gz some more to build reproducibly.
-
261fbaa...
by
Stefan Fritsch
on 2016-11-09
-
Import patches-unapplied version 2.4.23-6 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 93bf74a68a235f34f125fe6569c857952ea962f8
New changelog entries:
* One more tweak for reproducible build. Thanks to Daniel Shahaf for the
patch. Closes: #839977
* Avoid building with openssl 1.1 for now. See #828236
-
93bf74a...
by
Raphaël Hertzog
on 2016-09-29
-
Import patches-unapplied version 2.4.23-5 to debian/sid
Imported using git-ubuntu import.
Changelog parent: de3165a08d3ec8fab6adac39e682658c9af74cd6
New changelog entries:
* Team upload.
[ Stefan Fritsch ]
* Tweak creation of .tar.gz embedded in preinst to get reproducible
build.
[ Raphaël Hertzog ]
* Add systemd unit files. Closes: #798430
* Improve a2enmod to enable apache-htcacheclean with systemctl and let
it enable '<email address hidden>' for multi-instance
support.
* Improve setup-instance to rely on the systemd <email address hidden> for
multi-instance support.
* Drop /lib/systemd/system/apache2.service.d/forking.conf now that we have
proper native systemd support.
* Modify handling of /etc/init.d/apache-htcacheclean to have a usual
Default-Start value but instead we disable it manually in the postinst.
That way "systemctl enable apache-htcacheclean" works.
* Add some lintian overrides for non-problems (two update-rc.d calls in
postinst, and a .js file with a very long line).
-
de3165a...
by
Stefan Fritsch
on 2016-08-12
-
Import patches-unapplied version 2.4.23-4 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 86826c02309410af6c74d595ef718255cd847959
New changelog entries:
* Fix pre-inst script for new installations. Closes: #834169