[ubuntu/impish-proposed] apache2 2.4.48-3ubuntu1 (Accepted)

Bryce Harrington bryce at canonical.com
Wed Jul 14 19:37:12 UTC 2021 

apache2 (2.4.48-3ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles. (LP: 261198)
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
      (LP: 609177)
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/s/include-binaries: replace Debian with Ubuntu on default
      page and add Ubuntu icon file.  (LP: 1288690)
    - d/apache2ctl: Also use systemd for graceful if it is in use.
      This extends an earlier fix for the start command to behave
      similarly for restart / graceful.  Fixes service failures on
      unattended upgrade.  (LP: 1832182)
    - d/apache2ctl: Also use /run/systemd to check for systemd usage
      (LP: 1918209)
  * Dropped:
    - d/t/control, d/t/check-http2: add basic test for http2 support
      [Fixed in 2.4.48-2]
    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
      [Fixed in 2.4.48-1]
    - d/p/CVE-2020-13950.patch: don't dereference NULL proxy
      connection in modules/proxy/mod_proxy_http.c.
      [Fixed in 2.4.48 upstream]
    - d/p/CVE-2020-35452.patch: fast validation of the nonce's
      base64 to fail early if the format can't match anyway in
      modules/aaa/mod_auth_digest.c.
      [Fixed in 2.4.48 upstream]
    - d/p/CVE-2021-26690.patch: save one apr_strtok() in
      session_identity_decode() in modules/session/mod_session.c.
      [Fixed in 2.4.48 upstream]
    - d/p/CVE-2021-26691.patch: account for the '&' in
      identity_concat() in modules/session/mod_session.c.
      [Fixed in 2.4.48 upstream]
    - d/p/CVE-2021-30641.patch: change default behavior in
      server/request.c.
      [Fixed in 2.4.48 upstream]

Date: Thu, 08 Jul 2021 03:20:46 +0000
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.48-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 08 Jul 2021 03:20:46 +0000
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.48-3ubuntu1
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Changes:
 apache2 (2.4.48-3ubuntu1) impish; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles. (LP: 261198)
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
       (LP: 609177)
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
       d/s/include-binaries: replace Debian with Ubuntu on default
       page and add Ubuntu icon file.  (LP: 1288690)
     - d/apache2ctl: Also use systemd for graceful if it is in use.
       This extends an earlier fix for the start command to behave
       similarly for restart / graceful.  Fixes service failures on
       unattended upgrade.  (LP: 1832182)
     - d/apache2ctl: Also use /run/systemd to check for systemd usage
       (LP: 1918209)
   * Dropped:
     - d/t/control, d/t/check-http2: add basic test for http2 support
       [Fixed in 2.4.48-2]
     - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
       [Fixed in 2.4.48-1]
     - d/p/CVE-2020-13950.patch: don't dereference NULL proxy
       connection in modules/proxy/mod_proxy_http.c.
       [Fixed in 2.4.48 upstream]
     - d/p/CVE-2020-35452.patch: fast validation of the nonce's
       base64 to fail early if the format can't match anyway in
       modules/aaa/mod_auth_digest.c.
       [Fixed in 2.4.48 upstream]
     - d/p/CVE-2021-26690.patch: save one apr_strtok() in
       session_identity_decode() in modules/session/mod_session.c.
       [Fixed in 2.4.48 upstream]
     - d/p/CVE-2021-26691.patch: account for the '&' in
       identity_concat() in modules/session/mod_session.c.
       [Fixed in 2.4.48 upstream]
     - d/p/CVE-2021-30641.patch: change default behavior in
       server/request.c.
       [Fixed in 2.4.48 upstream]
Checksums-Sha1:
 6ae083279eb1b46309812e2c919a564880b34478 3367 apache2_2.4.48-3ubuntu1.dsc
 b581bcfdd939fe77c3821f7ad3863c7307374919 9418226 apache2_2.4.48.orig.tar.gz
 22770033f959f5a997498948510ce7d80eeec600 900312 apache2_2.4.48-3ubuntu1.debian.tar.xz
 552d8368435b6137799fa6225ac0913ea3d67e83 8833 apache2_2.4.48-3ubuntu1_source.buildinfo
Checksums-Sha256:
 f41d2380c8f17c43440cb8c55d809fc3fcc7f91895d3f115c463f474d3dbb44b 3367 apache2_2.4.48-3ubuntu1.dsc
 315c0bc50206b866fb17c2cdc28c1973765a8d59ca168b80286e8cb077d0510e 9418226 apache2_2.4.48.orig.tar.gz
 0d52c4ebcc70900d62e0897af955f34608d7cdffbecc630b42ddf7a10f91bbcc 900312 apache2_2.4.48-3ubuntu1.debian.tar.xz
 515005537f462b6d50a685504bb5fe07626dfd8c510112b88ba19223cad5f918 8833 apache2_2.4.48-3ubuntu1_source.buildinfo
Files:
 51faf4f64bf186253fcd6898aa62e1c9 3367 httpd optional apache2_2.4.48-3ubuntu1.dsc
 033453c49c4b081e34acc3e1a4c23648 9418226 httpd optional apache2_2.4.48.orig.tar.gz
 77d285dde1235ca3018ecbc2c83b8b44 900312 httpd optional apache2_2.4.48-3ubuntu1.debian.tar.xz
 7913969099b787f52957c4c66ecda3cb 8833 httpd optional apache2_2.4.48-3ubuntu1_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

More information about the impish-changes mailing list