[ubuntu/saucy-proposed] apache2 2.4.6-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Jul 26 17:47:15 UTC 2013
apache2 (2.4.6-2ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/control, debian/config-dir/mods-available/ssl.conf,
debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
passphrase dialog program ask-for-passphrase.
- debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross fixes
from upstream
* Dropped changes:
- debian/patches/CVE-2013-1896.patch: upstream
* Fixed module dependencies (LP: #1205314)
- debian/config-dir/mods-available/lbmethod_*: properly specify
proxy_balancer, not mod_proxy_balancer.
apache2 (2.4.6-2) unstable; urgency=low
[ Stefan Fritsch ]
* Fix watch file
* Don't pass --silent to libtool, allowing blhc to check the compiler
options in the build logs.
[ Arno Töll ]
* Allow third party packages to use triggers if they use them in a
maintainer script invoking apache2-maintscript-helper (Closes: #717610)
apache2 (2.4.6-1) unstable; urgency=low
New upstream release:
* CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
(Closes: #717272)
* New modules mod_cache_socache, mod_proxy_wstunnel.
* mod_ssl: Add support for subjectAltName-based host name checking in proxy
mode (SSLProxyCheckPeerName).
* mod_lua: Many new functions.
* mod_auth_basic: Add a generic mechanism to fake basic authentication
using the ap_expr parser (AuthBasicFake).
* mod_proxy: New BalancerInherit and ProxyPassInherit options.
* mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.
[ Arno Töll ]
* Document our security model in our NEWS file and highlight we do not allow
access to /srv. Thanks to joeyh for pointing this out.
* Allow the use of apache2-maintscript-helper from a sub-function. We rely
on dpkg's arguments supplied in $1, $2 etc. This clashes with function
arguments supplied to to sh sub-function. Allow manual override in such
cases.
* Mention that the dh_apache2 conditional must be present in postrm too
(Closes: #716694)
* Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
checking the supplied arguments, we were off by one (Closes: #717299).
* Reinstall index.html also on upgrades as it is removed during upgrades.
* Add mod_macro transitional package as it was promoted to core and does not
exist as individual package anymore (Closes: #706962)
[ Stefan Fritsch ]
* Don't fail package upgrade or removal just because the configuration is in
an inconsistent state (Closes: #716921, #717343, LP: #1202653).
* Improve error output of init script.
* Fix broken dependency information in several *.load files.
* Add mod_authn_core as dependency of the mod_auth_* modules.
(Closes: #717448)
Date: Fri, 26 Jul 2013 08:31:33 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/apache2/2.4.6-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jul 2013 08:31:33 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.6-2ubuntu1
Distribution: saucy
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (binary files and modules)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-mpm-event - transitional event MPM package for apache2
apache2-mpm-itk - transitional itk MPM package for apache2
apache2-mpm-prefork - transitional prefork MPM package for apache2
apache2-mpm-worker - transitional worker MPM package for apache2
apache2-suexec - transitional package for apache2-suexec-pristine
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
apache2.2-bin - Transitional package for apache2-bin
libapache2-mod-macro - Transitional package for apache2-bin
libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 706962 716694 716921 717272 717299 717343 717448 717610
Launchpad-Bugs-Fixed: 1202653 1205314
Changes:
apache2 (2.4.6-2ubuntu1) saucy; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/control, debian/config-dir/mods-available/ssl.conf,
debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
passphrase dialog program ask-for-passphrase.
- debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross fixes
from upstream
* Dropped changes:
- debian/patches/CVE-2013-1896.patch: upstream
* Fixed module dependencies (LP: #1205314)
- debian/config-dir/mods-available/lbmethod_*: properly specify
proxy_balancer, not mod_proxy_balancer.
.
apache2 (2.4.6-2) unstable; urgency=low
.
[ Stefan Fritsch ]
* Fix watch file
* Don't pass --silent to libtool, allowing blhc to check the compiler
options in the build logs.
.
[ Arno Töll ]
* Allow third party packages to use triggers if they use them in a
maintainer script invoking apache2-maintscript-helper (Closes: #717610)
.
apache2 (2.4.6-1) unstable; urgency=low
.
New upstream release:
* CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
(Closes: #717272)
* New modules mod_cache_socache, mod_proxy_wstunnel.
* mod_ssl: Add support for subjectAltName-based host name checking in proxy
mode (SSLProxyCheckPeerName).
* mod_lua: Many new functions.
* mod_auth_basic: Add a generic mechanism to fake basic authentication
using the ap_expr parser (AuthBasicFake).
* mod_proxy: New BalancerInherit and ProxyPassInherit options.
* mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.
.
[ Arno Töll ]
* Document our security model in our NEWS file and highlight we do not allow
access to /srv. Thanks to joeyh for pointing this out.
* Allow the use of apache2-maintscript-helper from a sub-function. We rely
on dpkg's arguments supplied in $1, $2 etc. This clashes with function
arguments supplied to to sh sub-function. Allow manual override in such
cases.
* Mention that the dh_apache2 conditional must be present in postrm too
(Closes: #716694)
* Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
checking the supplied arguments, we were off by one (Closes: #717299).
* Reinstall index.html also on upgrades as it is removed during upgrades.
* Add mod_macro transitional package as it was promoted to core and does not
exist as individual package anymore (Closes: #706962)
.
[ Stefan Fritsch ]
* Don't fail package upgrade or removal just because the configuration is in
an inconsistent state (Closes: #716921, #717343, LP: #1202653).
* Improve error output of init script.
* Fix broken dependency information in several *.load files.
* Add mod_authn_core as dependency of the mod_auth_* modules.
(Closes: #717448)
Checksums-Sha1:
cb526604dfa8ee59bc14b126880e4644faa20698 3202 apache2_2.4.6-2ubuntu1.dsc
16d8ec72535ded65d035122b0d944b0e64eaa2a2 4949897 apache2_2.4.6.orig.tar.bz2
02753da5a459ec40470b81255a631055157b0374 198066 apache2_2.4.6-2ubuntu1.debian.tar.gz
Checksums-Sha256:
5d8d7594b9e83c8c82fe0aeb9a9672bba6d7606cd9ccccb2c2524282cf53a955 3202 apache2_2.4.6-2ubuntu1.dsc
dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea 4949897 apache2_2.4.6.orig.tar.bz2
35d4eef416fd92fab4bd1550b6625d2d511dc6103b3293acd773025ab074e90c 198066 apache2_2.4.6-2ubuntu1.debian.tar.gz
Files:
fe2af7388447336e610773ca2c4d38a6 3202 httpd optional apache2_2.4.6-2ubuntu1.dsc
ea5e361ca37b8d7853404419dd502efe 4949897 httpd optional apache2_2.4.6.orig.tar.bz2
f4b2dd9dab2802fe070d365671851ef5 198066 httpd optional apache2_2.4.6-2ubuntu1.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJR8rX5AAoJEGVp2FWnRL6TA4UP/jgRS6FxmFpkxSLKeo7Go+pQ
UG6JKip2+WfrjEraMj7Tdx6GRNgyDHOBFFe3P2Tx6MGwqyd56vjsMh5l2jCRASiG
avlUikC7jdQjhcaAvS81PPgUhm0AgKEfXUmzTVVSX9IZ43mL8MEP5EFtb+EohT7M
+DbYCR44PFKr1/tC6+6SvGhDuFogOiTY8/sQWx3mHFAQBsRUgHyVwiRhkrutiGCT
jr/dK4l5x2AFo+/aMkzH9/92mz+/8x5FaBpwyO09oOGXMv4txlVWGJHW3eeu/JyY
bBjtlmTA/FynBFwqE199964PQFngg2vsYHV7xdwCalWx+EVY681f28Oi3qj48DD2
IdHzvaa1LP9gLhS5kZ7dfZI6LDmnlxWQ0NENtWwA9L6+SVVdzRZCREExNFnaiw+q
pQJEY6DvkTttFXDdZ4ozZbylszNe9uQIQFb7HTY/mI1l+RqN77wCNCF9R5RklbkD
KNNCQTvo4aEBlx09UWtRPo5z0HhXnKqYCGUUZFY0nQyCxkFTBxWHvLPn+GTaxarO
fI5jOZu5w2bMcyz3zCFUOzNbbL1n7s6tHAyBVtxL4C6jjO30EAdde2nNKMbpmKjN
viPeMVOIy1rPl04lDbDzC+nwcVNG2B8TxzwXBhwiD/nqPhZvRjqV6qI43Beg1lXm
83SdOgUOuk0xtXPqVQO7
=bblz
-----END PGP SIGNATURE-----
More information about the Saucy-changes
mailing list