[ubuntu/vivid-proposed] apache2 2.4.10-7ubuntu1 (Accepted)
Robie Basak
robie.basak at ubuntu.com
Mon Nov 17 20:37:15 UTC 2014
apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- d/control, d/config-dir/mods-available/ssl.conf,
d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
dialog program ask-for-passphrase.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing
DEB_{HOST,BUILD}_GNU_TYPE to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html: replace Debian with Ubuntu on default page.
- d/p/split-logfile.patch: fix completely broken split-logfile command.
* Fixes from Debian included in merge:
- Don't use a2query in preinst, as it may not be available yet
(LP: #1312533).
- Crash caused by OCSP stapling code (LP: #1366174).
- Disable SSLv3 in default config (LP: #1358305).
- If apache2 is not configured yet, defer actions executed via
apache2-maintscript-helper. This fixes installation failures if a
module package is configured first (LP: #1312854).
apache2 (2.4.10-7) unstable; urgency=medium
* Handle transitions of doc dirs and symlinks correctly during upgrade.
Use dpkg-maintscript-helper for this and remove existing explicit logic.
Closes: #767850
* Remove obsolete conffiles in apache2.2-common, instead doing this only in
apache2. This partially fixes #768815
apache2 (2.4.10-6) unstable; urgency=medium
* Disable SSLv3 in default config. Closes: #765347
* Pull changes from upstream 2.4.x branch up to r1632831
- Fixes an LDAP regression in 2.4.10
- mod_cache: Avoid sending 304 responses during failed revalidations.
PR 56881
- mod_status: Honor client IP address using mod_remoteip. PR 55886
* Fix typo in package description. Closes: #765500
apache2 (2.4.10-5) unstable; urgency=medium
* Remove one forgotten instance of ident.load in the preinst.
apache2 (2.4.10-4) unstable; urgency=medium
[ Stefan Fritsch ]
* Make apache2 depend on apache2-utils. This got lost somewhere in the
2.4 update.
* Fix possible installation failure because of broken preinst script.
Closes: #764498
* Improve package descriptions. Closes: #763676
[ Arno Töll ]
* Add proper return codes to fail() conditions in a2query. Thanks to Ondřej
Surý for providing a patch.
apache2 (2.4.10-3) unstable; urgency=medium
* CVE-2014-3581: Fix a DoS in mod_cache.
* If apache2 is not configured yet, defer actions executed via
apache2-maintscript-helper. This fixes installation failures if a
module package is configured first. Closes: #745834
* Don't use a2query in preinst, as it may not be available yet.
Closes: #745812
* Include mod_authnz_fcgi. Closes: #762908
* Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
* Remove misleading sentence in apache2-bin's description. Closes: #762645
* Remove trailing space in apache2/suexec/www-data. Closes: #719930
* Add NEWS entry for the logrotate change in 2.4.10-2.
* Bump Standards-version (no changes).
* Fix lintian warning: Tweak licence short names in copyright file.
apache2 (2.4.10-2) unstable; urgency=medium
* Pull changes from upstream 2.4.x branch up to r1626207
+ Security Fix for CVE-2013-5704: HTTP trailers could be used to
replace HTTP headers late during request processing, potentially
undoing or otherwise confusing modules that examined or modified
request headers earlier.
Adds "MergeTrailers" directive to restore legacy behavior.
* Switch to apache2 providing the httpd and httpd-cgi virtual packages.
The previously providing apache2-bin package lacks the configuration
files. Closes: #756361
* Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily
logs. The daily graceful restart also has the advantage of regenerating
things like TLS session ticket keys more often. Closes: #759382
* Clarify description of apache2 package. Closes: #755976
* In the maintainer script helper, print out Apache's error message if
the config check fails.
* Re-add mod_ident. It has still at least one user. LP: #1333388
Date: Mon, 17 Nov 2014 18:04:40 +0000
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.10-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 17 Nov 2014 18:04:40 +0000
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.10-7ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-mpm-event - transitional event MPM package for apache2
apache2-mpm-itk - transitional itk MPM package for apache2
apache2-mpm-prefork - transitional prefork MPM package for apache2
apache2-mpm-worker - transitional worker MPM package for apache2
apache2-suexec - transitional package for apache2-suexec-pristine
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
apache2.2-bin - Transitional package for apache2-bin
apache2.2-common - Transitional package for apache2
libapache2-mod-macro - Transitional package for apache2-bin
libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 719930 745812 745834 746359 755976 756361 759382 762645 762908 763676 764498 765347 765500 767850
Launchpad-Bugs-Fixed: 1312533 1312854 1333388 1358305 1366174
Changes:
apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- d/control, d/config-dir/mods-available/ssl.conf,
d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
dialog program ask-for-passphrase.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing
DEB_{HOST,BUILD}_GNU_TYPE to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html: replace Debian with Ubuntu on default page.
- d/p/split-logfile.patch: fix completely broken split-logfile command.
* Fixes from Debian included in merge:
- Don't use a2query in preinst, as it may not be available yet
(LP: #1312533).
- Crash caused by OCSP stapling code (LP: #1366174).
- Disable SSLv3 in default config (LP: #1358305).
- If apache2 is not configured yet, defer actions executed via
apache2-maintscript-helper. This fixes installation failures if a
module package is configured first (LP: #1312854).
.
apache2 (2.4.10-7) unstable; urgency=medium
.
* Handle transitions of doc dirs and symlinks correctly during upgrade.
Use dpkg-maintscript-helper for this and remove existing explicit logic.
Closes: #767850
* Remove obsolete conffiles in apache2.2-common, instead doing this only in
apache2. This partially fixes #768815
.
apache2 (2.4.10-6) unstable; urgency=medium
.
* Disable SSLv3 in default config. Closes: #765347
* Pull changes from upstream 2.4.x branch up to r1632831
- Fixes an LDAP regression in 2.4.10
- mod_cache: Avoid sending 304 responses during failed revalidations.
PR 56881
- mod_status: Honor client IP address using mod_remoteip. PR 55886
* Fix typo in package description. Closes: #765500
.
apache2 (2.4.10-5) unstable; urgency=medium
.
* Remove one forgotten instance of ident.load in the preinst.
.
apache2 (2.4.10-4) unstable; urgency=medium
.
[ Stefan Fritsch ]
* Make apache2 depend on apache2-utils. This got lost somewhere in the
2.4 update.
* Fix possible installation failure because of broken preinst script.
Closes: #764498
* Improve package descriptions. Closes: #763676
.
[ Arno Töll ]
* Add proper return codes to fail() conditions in a2query. Thanks to Ondřej
Surý for providing a patch.
.
apache2 (2.4.10-3) unstable; urgency=medium
.
* CVE-2014-3581: Fix a DoS in mod_cache.
* If apache2 is not configured yet, defer actions executed via
apache2-maintscript-helper. This fixes installation failures if a
module package is configured first. Closes: #745834
* Don't use a2query in preinst, as it may not be available yet.
Closes: #745812
* Include mod_authnz_fcgi. Closes: #762908
* Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
* Remove misleading sentence in apache2-bin's description. Closes: #762645
* Remove trailing space in apache2/suexec/www-data. Closes: #719930
* Add NEWS entry for the logrotate change in 2.4.10-2.
* Bump Standards-version (no changes).
* Fix lintian warning: Tweak licence short names in copyright file.
.
apache2 (2.4.10-2) unstable; urgency=medium
.
* Pull changes from upstream 2.4.x branch up to r1626207
+ Security Fix for CVE-2013-5704: HTTP trailers could be used to
replace HTTP headers late during request processing, potentially
undoing or otherwise confusing modules that examined or modified
request headers earlier.
Adds "MergeTrailers" directive to restore legacy behavior.
.
* Switch to apache2 providing the httpd and httpd-cgi virtual packages.
The previously providing apache2-bin package lacks the configuration
files. Closes: #756361
* Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily
logs. The daily graceful restart also has the advantage of regenerating
things like TLS session ticket keys more often. Closes: #759382
* Clarify description of apache2 package. Closes: #755976
* In the maintainer script helper, print out Apache's error message if
the config check fails.
* Re-add mod_ident. It has still at least one user. LP: #1333388
Checksums-Sha1:
7e0a84f5ceb9bb7fd440c462f49f7a9e088c7c28 3198 apache2_2.4.10-7ubuntu1.dsc
00f5c3f8274139bd6160eda2cf514fa9b74549e5 5031834 apache2_2.4.10.orig.tar.bz2
2e65cbcd5a1a6aa6855e9ef4ab37cce8af0582bf 694933 apache2_2.4.10-7ubuntu1.debian.tar.gz
Checksums-Sha256:
e796e4cc47a71937dd98e095a6bf2db4b11d8055c3b28d82b9d381dc7912e2d8 3198 apache2_2.4.10-7ubuntu1.dsc
176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a 5031834 apache2_2.4.10.orig.tar.bz2
ec10ecf133491c9247b1b72e20d5e1a4bc5767fd3ecf395ccde6948827c85cde 694933 apache2_2.4.10-7ubuntu1.debian.tar.gz
Files:
c738f0d381b89824505d08d5976075bb 3198 httpd optional apache2_2.4.10-7ubuntu1.dsc
44543dff14a4ebc1e9e2d86780507156 5031834 httpd optional apache2_2.4.10.orig.tar.bz2
bea6c86922fa553b647987cfd96a129b 694933 httpd optional apache2_2.4.10-7ubuntu1.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUalxqAAoJEOVkucJ1vdUu92UP/3wD19wm/WSinx0Srco8Wmop
4kOWU7mX6aUEkRnO2VFnWs+wK4VXsvAqpKiKcCyFDo3IhhexvJ+15cis8Xrd8NMK
MKP3cyNLFwpmLJpKrP5Q1v1k0VzjmCriMnMfQv5F0lkExEkx2VFwQChinbLWiG/Q
c0j0FylYgdjgqkIeVLXAN8w9YZgg35Sy+ZFBH9oFZKJs3kFIB56RVZ+x4vLKIaxb
WFBqBMx/BIC81KfLrO/Z/nhyXOdujer+o8sqc5pGjiNSHskuugfeBcsdR3Pc7tQ5
wziAOq1V4K/goLnu+ivZUal981Cwe3/m7HYlwKiA4af4YzHmMMh93nvidaQRxbpB
f4T3O17jAnLpgHcGgjxDp90gmX+dfA6GHQZLYIXTNDgTL0HKBex5QbZVMRgzfW3W
3sYRF71BEz5hbJPjQqFTIdCns9ZZKdnl6jHagEhZ5+8QonsJh2B0PhEU/PDHiqQW
Gj70A5vBbz3BWN1OZMdq9p/evivKM/gFKMw5NWEnVIj2BgblsV53ikMxp2TDBvYL
3wHdtdbyN4/7a+iNRiM/T1qu/arjE2D3EAdg/0iCh3Yg7z6H/2xpkV0rsGxzOVmS
dmjMfLygvSdPXhqmceZCDa2+Cdq0Jy38kEJx1iVhp4PtTb807htGS9cxhVaa8Wmo
zD8UCu/YACyn/MsQtEH2
=6YE4
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list