[ubuntu/utopic-proposed] apache2 2.4.10-1ubuntu1 (Accepted)
Robie Basak
robie.basak at ubuntu.com
Fri Jul 25 10:22:24 UTC 2014
apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
d/apache2.install: Plymouth aware passphrase dialog program
ask-for-passphrase.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
configure.
- debian/patches/086_svn_cross_compiles: Backport several cross fixes from
upstream
- d/index.html: replace Debian with Ubuntu on default page.
- d/p/split-logfile.patch: fix completely broken split-logfile command.
apache2 (2.4.10-1) unstable; urgency=medium
[ Arno Töll ]
* New upstream version
+ Refresh debian/patches/fhs_compliance.patch
+ Security Fixes:
- CVE-2014-0117 mod_proxy: Fix DoS that could cause a crash
- CVE-2014-0226 Fix a race condition resulting in a heap overflow in
scoreboard handling
- CVE-2014-0118 mod_deflate: The DEFLATE input filter now limits the
length and compression ratio of inflated request to mitigate a
possible DoS
- CVE-2014-0231 mod_cgid: Fix a denial of service against CGI scripts
+ Fixes SNI with certificate defined in global scope. (Closes: #751361)
* Warn users if they try to disable modules that we consider essential for
operation of the Apache web server (Closes: #709461)
* Drop libcap from our build-dependencies. That was needed for itk which we
gave source out to it's own package again.
* Provide apache2.2-common package to avoid upgrading problems for people
using --purge (apt) or --purge-unused (aptitude) even though that's
clearly discouraged. This caused disappearing of conffiles because we move
them from apache2.2-common to apache2 during the upgrade. Ugh. This was
not a bug in our packaging, but an unfortunately people blame us
nonetheless even though it's not all our fault. This alternative helps
those people, but at the same time means that incompatible modules aren't
force-removed by dpkg during the upgrade. Hopefully we catch all of them
with the Breaks relation coming along (Closes: #716880, #752922, #711925)
apache2 (2.4.9-2) unstable; urgency=medium
* Fix logic in postinst to detect existing index.* files in both
DocumentRoots, the old /var/www and the new /var/www/html. Also
change the compiled in default DocumentRoot to /var/www/html.
Closes: #743915
* Fix buffer overflows in suexec with very long (unix) usernames. Not
exploitable due to FORTIFY_SOURCE. And creating users usually requires
root privileges, anyway. Thanks to Luca Bruno for the report.
* Remove conflicts of mpm modules with mpm_itk, which isn't an mpm
anymore. Fixes a part of: #734865. libapache2-mpm-itk needs a fix, too.
* Remove obsolete warning in a2enmod about mpm-itk.
* Fix lintian warning: Remove image ref to w3.org, which is a privacy
breach.
Date: Thu, 24 Jul 2014 15:13:16 +0000
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/apache2/2.4.10-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2014 15:13:16 +0000
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.10-1ubuntu1
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (binary files and modules)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-mpm-event - transitional event MPM package for apache2
apache2-mpm-itk - transitional itk MPM package for apache2
apache2-mpm-prefork - transitional prefork MPM package for apache2
apache2-mpm-worker - transitional worker MPM package for apache2
apache2-suexec - transitional package for apache2-suexec-pristine
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
apache2.2-bin - Transitional package for apache2-bin
apache2.2-common - Transitional package for apache2
libapache2-mod-macro - Transitional package for apache2-bin
libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 709461 711925 716880 743915 751361 752922
Changes:
apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
d/apache2.install: Plymouth aware passphrase dialog program
ask-for-passphrase.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
configure.
- debian/patches/086_svn_cross_compiles: Backport several cross fixes from
upstream
- d/index.html: replace Debian with Ubuntu on default page.
- d/p/split-logfile.patch: fix completely broken split-logfile command.
.
apache2 (2.4.10-1) unstable; urgency=medium
.
[ Arno Töll ]
* New upstream version
+ Refresh debian/patches/fhs_compliance.patch
+ Security Fixes:
- CVE-2014-0117 mod_proxy: Fix DoS that could cause a crash
- CVE-2014-0226 Fix a race condition resulting in a heap overflow in
scoreboard handling
- CVE-2014-0118 mod_deflate: The DEFLATE input filter now limits the
length and compression ratio of inflated request to mitigate a
possible DoS
- CVE-2014-0231 mod_cgid: Fix a denial of service against CGI scripts
+ Fixes SNI with certificate defined in global scope. (Closes: #751361)
* Warn users if they try to disable modules that we consider essential for
operation of the Apache web server (Closes: #709461)
* Drop libcap from our build-dependencies. That was needed for itk which we
gave source out to it's own package again.
* Provide apache2.2-common package to avoid upgrading problems for people
using --purge (apt) or --purge-unused (aptitude) even though that's
clearly discouraged. This caused disappearing of conffiles because we move
them from apache2.2-common to apache2 during the upgrade. Ugh. This was
not a bug in our packaging, but an unfortunately people blame us
nonetheless even though it's not all our fault. This alternative helps
those people, but at the same time means that incompatible modules aren't
force-removed by dpkg during the upgrade. Hopefully we catch all of them
with the Breaks relation coming along (Closes: #716880, #752922, #711925)
.
apache2 (2.4.9-2) unstable; urgency=medium
.
* Fix logic in postinst to detect existing index.* files in both
DocumentRoots, the old /var/www and the new /var/www/html. Also
change the compiled in default DocumentRoot to /var/www/html.
Closes: #743915
* Fix buffer overflows in suexec with very long (unix) usernames. Not
exploitable due to FORTIFY_SOURCE. And creating users usually requires
root privileges, anyway. Thanks to Luca Bruno for the report.
* Remove conflicts of mpm modules with mpm_itk, which isn't an mpm
anymore. Fixes a part of: #734865. libapache2-mpm-itk needs a fix, too.
* Remove obsolete warning in a2enmod about mpm-itk.
* Fix lintian warning: Remove image ref to w3.org, which is a privacy
breach.
Checksums-Sha1:
599a4c7ede69f740b155282c459778b1976d6d2a 3198 apache2_2.4.10-1ubuntu1.dsc
00f5c3f8274139bd6160eda2cf514fa9b74549e5 5031834 apache2_2.4.10.orig.tar.bz2
28f613a862316d14a0da2d20b180db006d67c8b7 499809 apache2_2.4.10-1ubuntu1.debian.tar.gz
Checksums-Sha256:
f18ca485c84567ef06680deba5568cfeed0e904433e9cef571fab37c0da21e39 3198 apache2_2.4.10-1ubuntu1.dsc
176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a 5031834 apache2_2.4.10.orig.tar.bz2
6c7ef78cfb03b8deeeea2fc649476bbd2d0d5d398ea0cc7f1aaea231ac4dfa02 499809 apache2_2.4.10-1ubuntu1.debian.tar.gz
Files:
9d91e7d67536018a57a70a0fba873918 3198 httpd optional apache2_2.4.10-1ubuntu1.dsc
44543dff14a4ebc1e9e2d86780507156 5031834 httpd optional apache2_2.4.10.orig.tar.bz2
30203a5e1d58e5344583ab1adb698263 499809 httpd optional apache2_2.4.10-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJT0i+3AAoJEOVkucJ1vdUuB7kP/1sy2PCtJlv9Ylc6XIVaqKBh
8hDgmcdxKjmyq2Gr4VbnggAJuvpog2CE7Y/pIe12jGhhZe/qXB27qUGsg5imILmx
0XAQeFV2YPH6fhdFWN/Gzakc0TnlfgMXTE1q4hJZO7N1aEbQ8T+vctsy1g3pO04B
juItr32kV2fiYFyKMzr1qctlz7sHzTgKOLMbu1Vzk9C0pW3kXxvWcVc2+er2NQvP
MbMMhFHlZ5ClTjVmkxzla5w5JBucn9Vvr3o5erPaX4qEHixP5nMrTb5KQn9s7jvX
6Fk34Rlool4u1kVP4L/vcrI2vD0t7RnuICkrQXl1WIDDLbIEVzoUwWnL+thD2ZSo
LgetqDpCQkUILbODOmVRT0ltTJBvdGs8b1icAmQCj1V6AxF5n7Du42zAKLNJopvT
tZTRcZOPs9YjERWp+7zMdhtrr4T2h7ZhpTdKyL3toCEm11ArRUihrvnObH/aJ7PA
pUeWjY+8j7GSGP/uj5lDfG9pQzcDlqeSb49mBvq3bAhmQRWBuKOXeF9KcNqPcRuT
YQs4hqNWJ9vi/JOH930BG+kTexCC7FLi33WVxi4MoQ7vGj1JOFAs9D9PcdeyWlVR
Z4LZvhYoxvtDqt1pDD1FY+UZEyPkg3eJOrD9e5LtizKCrnt7z8T7A7FQPRMWKB6L
wfQ53emPYtHnOYPpB20Q
=9GCX
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list