[ubuntu/disco-proposed] apache2 2.4.38-2ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Tue Feb 5 12:36:12 UTC 2019
apache2 (2.4.38-2ubuntu1) disco; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
[Removed configure chunk, not needed since configure.in is being
patched.]
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- d/t/control, d/t/check-http2: add basic test for http2 support
* Dropped:
- d/control, d/rules, d/config-dir/mods-available/md.load: don't build
libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
cannot be coinstalled with libcurl3. That situation breaks the
installation of libapache2-mod-shib2. See
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
for details.
[This has been resolved in Disco, where libxmltooling8 is built with
openssl 1.1]
- SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
+ debian/patches/CVE-2018-11763.patch: rework connection IO event
handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
modules/http2/h2_version.h.
- CVE-2018-11763
[Fixed in 2.4.35]
apache2 (2.4.38-2) unstable; urgency=medium
* Disable "reset" test in allowmethods.t (Closes: #921024)
apache2 (2.4.38-1) unstable; urgency=medium
[ Jelmer Vernooij ]
* Reverted for now: Transition to automatic debug package (from: apache2-dbg)
* Trim trailing whitespace
* Use secure copyright file specification URI
[ Niels Thykier ]
* Add Rules-Requires-Root: binary-targets
[ Xavier Guimard ]
* Convert signing-key.pgp into signing-key.asc
* Add http2.conf (Closes: #880993)
* Remove unnecessary greater-than versioned dependency to dpkg-dev,
libbrotli-dev and libapache2-mod-md
* Declare compliance with policy 4.2.1
* Add spelling errors patch (reported)
* Fix some spelling errors in debian files
* Add myself to uploaders
* Refresh patches
* Bump debhelper compatibility level to 10
* debian/rules:
- Remove unnecessary dh argument --parallel
- use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog
* Add upstream/metadata
* Replace MIT by Expat in debian/copyright
* debian/watch: use https url
* Add documentation links in systemd service files
* Team upload
[ Cyrille Bollu ]
* Put HTTP2 configuration within <IfModule !mpm_prefork></IfModule> tags as
it gets automatically de-activated upon apache 'startup when using
mpm_prefork.
* Updated http2.conf to inform user that they may want to change their
LogFormat directives.
[ Xavier Guimard ]
* New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
* Refresh patches
* Remove setenvifexpr.diff patch now included in upstream
* Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
* Add a "sleep" in debian/tests/htcacheclean and skip result if "stop" failed
* Declare compliance with policy 4.3.0
* Fix homepage to https
* Update debian/copyright
apache2 (2.4.37-1) unstable; urgency=medium
* New upstream version
- mod_ssl: Add support for TLSv1.3
* Add docs symlink for libapache2-mod-proxy-uwsgi. Closes: #910218
* Update test-framework to r1845652
* Fix test suite to actually run by creating a test user. It turns out
the test suite refuses to run as root but returns true even in that
case. It seems this has been broken since 2.4.27-4, where the test suite
had been updated and the debci test duration dropped from 15min to
3min. Also, don't rely on the exit status anymore but parse the test
output.
* Backport a fix from trunk for SetEnvIfExpr. This fixes a test failure.
apache2 (2.4.35-1) unstable; urgency=medium
* New upstream version 2.4.35
Security fix:
- CVE-2018-11763: DoS for HTTP/2 connections by continuous SETTINGS
Closes: #909591
* Fix lintian warning: Don't force xz in builddeb override.
Date: Sun, 03 Feb 2019 14:57:13 -0200
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 03 Feb 2019 14:57:13 -0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source
Version: 2.4.38-2ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
libapache2-mod-md - transitional package
libapache2-mod-proxy-uwsgi - transitional package
Closes: 880993 909591 910218 920220 920302 920303 921024
Changes:
apache2 (2.4.38-2ubuntu1) disco; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
[Removed configure chunk, not needed since configure.in is being
patched.]
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- d/t/control, d/t/check-http2: add basic test for http2 support
* Dropped:
- d/control, d/rules, d/config-dir/mods-available/md.load: don't build
libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
cannot be coinstalled with libcurl3. That situation breaks the
installation of libapache2-mod-shib2. See
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
for details.
[This has been resolved in Disco, where libxmltooling8 is built with
openssl 1.1]
- SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
+ debian/patches/CVE-2018-11763.patch: rework connection IO event
handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
modules/http2/h2_version.h.
- CVE-2018-11763
[Fixed in 2.4.35]
.
apache2 (2.4.38-2) unstable; urgency=medium
.
* Disable "reset" test in allowmethods.t (Closes: #921024)
.
apache2 (2.4.38-1) unstable; urgency=medium
.
[ Jelmer Vernooij ]
* Reverted for now: Transition to automatic debug package (from: apache2-dbg)
* Trim trailing whitespace
* Use secure copyright file specification URI
.
[ Niels Thykier ]
* Add Rules-Requires-Root: binary-targets
.
[ Xavier Guimard ]
* Convert signing-key.pgp into signing-key.asc
* Add http2.conf (Closes: #880993)
* Remove unnecessary greater-than versioned dependency to dpkg-dev,
libbrotli-dev and libapache2-mod-md
* Declare compliance with policy 4.2.1
* Add spelling errors patch (reported)
* Fix some spelling errors in debian files
* Add myself to uploaders
* Refresh patches
* Bump debhelper compatibility level to 10
* debian/rules:
- Remove unnecessary dh argument --parallel
- use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog
* Add upstream/metadata
* Replace MIT by Expat in debian/copyright
* debian/watch: use https url
* Add documentation links in systemd service files
* Team upload
.
[ Cyrille Bollu ]
* Put HTTP2 configuration within <IfModule !mpm_prefork></IfModule> tags as
it gets automatically de-activated upon apache 'startup when using
mpm_prefork.
* Updated http2.conf to inform user that they may want to change their
LogFormat directives.
.
[ Xavier Guimard ]
* New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
* Refresh patches
* Remove setenvifexpr.diff patch now included in upstream
* Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
* Add a "sleep" in debian/tests/htcacheclean and skip result if "stop" failed
* Declare compliance with policy 4.3.0
* Fix homepage to https
* Update debian/copyright
.
apache2 (2.4.37-1) unstable; urgency=medium
.
* New upstream version
- mod_ssl: Add support for TLSv1.3
* Add docs symlink for libapache2-mod-proxy-uwsgi. Closes: #910218
* Update test-framework to r1845652
* Fix test suite to actually run by creating a test user. It turns out
the test suite refuses to run as root but returns true even in that
case. It seems this has been broken since 2.4.27-4, where the test suite
had been updated and the debci test duration dropped from 15min to
3min. Also, don't rely on the exit status anymore but parse the test
output.
* Backport a fix from trunk for SetEnvIfExpr. This fixes a test failure.
.
apache2 (2.4.35-1) unstable; urgency=medium
.
* New upstream version 2.4.35
Security fix:
- CVE-2018-11763: DoS for HTTP/2 connections by continuous SETTINGS
Closes: #909591
* Fix lintian warning: Don't force xz in builddeb override.
Checksums-Sha1:
1a0ae8c0f21dba57aa8b966ead075db2f09284c5 3354 apache2_2.4.38-2ubuntu1.dsc
6ee19a7b936a6ddbbf81b313c4a8b38bf232b40e 9187294 apache2_2.4.38.orig.tar.gz
173cabbe6666974fc29ceeab939a7d3dd09ef1c4 1026972 apache2_2.4.38-2ubuntu1.debian.tar.xz
bdc33d40b9b982f9838f757f2bdd503b924b9681 7278 apache2_2.4.38-2ubuntu1_source.buildinfo
Checksums-Sha256:
73870d369b2177baa47f6c94fd42842bbe34340f66e0daffb3e17a72ed4b4731 3354 apache2_2.4.38-2ubuntu1.dsc
38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6 9187294 apache2_2.4.38.orig.tar.gz
378f1646b15c2ac272335b0b8569091cefe969f1b4fdf0d43360038f9007efb9 1026972 apache2_2.4.38-2ubuntu1.debian.tar.xz
10cbbcbe414de9195a8ae7a180e8107f352847fe20e2fe07ff5edfd2f02d27a6 7278 apache2_2.4.38-2ubuntu1_source.buildinfo
Files:
656236a876e36c60355f6214291db4b2 3354 httpd optional apache2_2.4.38-2ubuntu1.dsc
626083caac6d85a048abac6d5ea61e5b 9187294 httpd optional apache2_2.4.38.orig.tar.gz
5a077bb14861bdb2fd3220f198d1300a 1026972 httpd optional apache2_2.4.38-2ubuntu1.debian.tar.xz
5126d46362290f780610865846ff6f60 7278 httpd optional apache2_2.4.38-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAlxZgZ8ACgkQrJg+tb9r
y6l6ug//eHiNhEOY7H89RA9VdVwU/uIvwMDemWFYmJxBBeBDhJxwr7SsW/OdNXc8
4TVDxpCK2DTaePh98IJgcHbJAaDMc7xO3ULIhLR7hfZlDyLyteLjmqQ3Kx1ZChqc
6/1JgxGhqwaAu+8j72ZJxrfJDhNGpes3kgwljSJz6E5NAK+EQ9DMcNCCFFukHNUh
4soGG3heT+kG6G3cRwl/GejgNHop2glQRr2E+OSvQjs3CXNqWcDrZS3CTlibzG4y
MGyfN6QrXxsAdd2AaOuNHTMikkqaxLHjme26qjb6wxRrccAjxiqCago50DWYTfq4
nYid03U2rDp/ecs8CwvysvXX9i+6vOCz5YFisSKujs4/LiU914p+f4QETDmnZrEi
thTB52sg8nPQIEVFSkOvhl1njyOraC1VfwvLzxMm/cHcK/5qOsfmN0q6s5R+1zVZ
z9TZZYSVX10YoHQZ3p+vZZLTURnwaXy6szyb4rBTV47N5a6kOt8YEGZzCWs+WHub
DNJFJKVaTCqlvOUItssUVTgim8/n/yAbZDwWY6OfrD6l73fE+gF/PVwNRz1Dgk1s
U9imrBkWekpgFF9c6oDIxwZ3ug0CyG0+OuKteNuZCTS7XWihsJZMy+/401stkbDj
3Ijb5ZGW5gIFCjI+to+8+7V6e/CC9iyWnSxQ6fi+TKcb0wEb9p4=
=Oo6z
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list