Merge apache2 from Debian unstable for mantic

Bug #2018048 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
New
Undecided
Bryce Harrington

Bug Description

Upstream: 2.4.57
Debian: 2.4.57-2
Ubuntu: 2.4.55-1ubuntu2

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

apache2 (2.4.57-2) unstable; urgency=medium

  * Revert debian/* changes (Bookworm freeze)

 -- Yadd <email address hidden> Thu, 13 Apr 2023 07:26:51 +0400

apache2 (2.4.57-1) unstable; urgency=medium

  * New upstream version 2.4.57
  * Drop 2.4.56-regression patches

 -- Yadd <email address hidden> Sat, 08 Apr 2023 06:57:16 +0400

apache2 (2.4.56-2) unstable; urgency=medium

  * Fix regression in mod_rewrite introduced in version 2.4.56
    (Closes: #1033284)
  * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)

 -- Yadd <email address hidden> Sun, 02 Apr 2023 06:54:25 +0400

apache2 (2.4.56-1) unstable; urgency=medium

  * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690)

 -- Yadd <email address hidden> Wed, 08 Mar 2023 06:44:05 +0400

apache2 (2.4.55-1) unstable; urgency=medium

  [ Hendrik Jäger ]
  * disable ssl session tickets
  * redundant example as already enabled in the default config
  * logrotate indentation
  * Update example how to prevent access to VCS directories

  [ lintian-brush ]
  * Update lintian override info to new format:
    + debian/source/lintian-overrides: line 2, 4-5, 8
    + debian/apache2-data.lintian-overrides: line 2-5
    + debian/apache2-bin.lintian-overrides: line 3
    + debian/apache2-doc.lintian-overrides: line 2
    + debian/apache2.lintian-overrides: line 6
  * Set upstream metadata fields: Repository-Browse.
  * Update standards version to 4.6.2, no changes needed.

  [ Yadd ]
  * New upstream version (Closes: CVE-2006-20001, CVE-2022-36760,
    CVE-2022-37436)

 -- Yadd <email address hidden> Wed, 18 Jan 2023 07:41:55 +0400

apache2 (2.4.54-5) unstable; urgency=medium

  [ Hendrik Jäger ]
  * fix: one oom-killed thread should not take down the whole service
  * fix: remove modelines
  * fix: update clickjacking protection example
  * fix: use tab for indentation, even in commented examples

  [ Yadd ]
  * Revert 'Fix: confusing and impractical naming' (unbreak squid and haproxy
    tests)

 -- Yadd <email address hidden> Tue, 29 Nov 2022 15:56:10 +0100

apache2 (2.4.54-4) unstable; urgency=medium

  [ Charles Plessy ]
  * Replace mime-support transition package with media-types (Closes: #980275)

  [ Hendrik Jäger ]
  * fix mislead safety precautions: don't hide errors when enabling a module.
    MR !20
  * fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
  * Fix confusing and impractical naming: rename default-ssl.conf into
    000-default-ssl.conf. MR !23
  * Fix confusing keyword: replace _default_ by *. MR !24

 -- Yadd <email address hidden> Thu, 24 Nov 2022 10:45:00 +0100

apache2 (2.4.54-3) unstable; urgency=medium

  [ Hendrik Jäger ]
  * Do not enable global alias /manual
  * mention not enabling /manual for the docs in the NEWS

 -- Yadd <email address hidden> Wed, 12 Oct 2022 09:20:52 +0200

apache2 (2.4.54-2) unstable; urgency=medium

  * Move cgid socket into a writeable directory (Closes: #1014056)
  * Update lintian overrides
  * Declare compliance with policy 4.6.1
  * Install NOTICE in each package

 -- Yadd <email address hidden> Tue, 05 Jul 2022 15:49:58 +0200

apache2 (2.4.54-1) unstable; urgency=medium

  [ Simon Deziel ]

### Old Ubuntu Delta ###

apache2 (2.4.55-1ubuntu2) lunar; urgency=medium

  * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy
    - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query
      strings in modules/http2/mod_proxy_http2.c,
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c,
      modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c,
      modules/proxy/mod_proxy_wstunnel.c.
    - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in
      modules/http2/mod_proxy_http2.c.
    - CVE-2023-25690
  * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting
    - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response
      parsing/validation in modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2023-27522

 -- Marc Deslauriers <email address hidden> Wed, 08 Mar 2023 11:32:34 -0500

apache2 (2.4.55-1ubuntu1) lunar; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries: Replace Debian with Ubuntu on default
      homepage.
    - d/apache2.py, d/apache2-bin.install: Add apport hook
    - d/control, d/apache2.install, d/apache2-utils.ufw.profile,
      d/apache2.dirs: Add ufw profiles

 -- Steve Langasek <email address hidden> Tue, 24 Jan 2023 13:31:02 -0800

Bryce Harrington (bryce)
Changed in apache2 (Ubuntu):
milestone: none → ubuntu-23.07
Bryce Harrington (bryce)
Changed in apache2 (Ubuntu):
assignee: nobody → Bryce Harrington (bryce)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.