Merge apache2 from Debian unstable for plucky
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Fix Released
|
High
|
Bryce Harrington |
Bug Description
Upstream: 2.4.62
Debian: 2.4.62-3 2.4.62-4
Ubuntu: 2.4.62-1ubuntu1
Debian new has 2.4.62-4, which may be available for merge soon.
If this merge pulls in a new upstream version, also consider adding an entry to the Plucky Release Notes: https:/
### New Debian Changes ###
apache2 (2.4.62-3) unstable; urgency=medium
* Fix debian/changelog
-- Bastien Roucariès <email address hidden> Fri, 04 Oct 2024 13:35:02 +0000
apache2 (2.4.62-2) unstable; urgency=medium
* Add myself as maintainer with yadd agreement.
* Fix CVE-2024-38474 regression:
Better question mark tracking to avoid UnsafeAllow3F
(Closes: #1079172)
* Fix CVE-2024-39884 regression:
Trust strings from configuration in mod_proxy
(Closes: #1079206)
-- Bastien Roucariès <email address hidden> Sun, 29 Sep 2024 18:47:03 +0000
apache2 (2.4.62-1) unstable; urgency=medium
* New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)
-- Yadd <email address hidden> Thu, 18 Jul 2024 06:56:52 +0400
apache2 (2.4.61-1) unstable; urgency=medium
* New upstream version 2.4.61 (Closes: CVE-2024-39884)
-- Yadd <email address hidden> Wed, 03 Jul 2024 19:22:29 +0400
apache2 (2.4.60-1) unstable; urgency=medium
[ Bastien Roucariès ]
* Forward port CVE-2023-25690 uwsgi tests
* Fix depends of uwsgi test
* Use python3 uwsgi plugin
* Encode bytes for uwsgi test
[ Bryce Harrington ]
* Add UFW profile integration (Closes: #1071705)
[Chris Murray]
* Use https instead of http in doc (LP: #2045055)
[ Yadd ]
* Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
* Update test framework
* releasing package apache2 version 2.4.59-1~deb12u1
* New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
CVE-2024-38477, CVE-2024-39573)
* Unfuzz patches
-- Yadd <email address hidden> Mon, 01 Jul 2024 18:04:08 +0400
apache2 (2.4.59-2) unstable; urgency=medium
* Breaks against fossil due to CVE-2024-24795 follows up
-- Bastien Roucariès <email address hidden> Mon, 29 Apr 2024 21:55:28 +0000
apache2 (2.4.59-1) unstable; urgency=medium
[ Stefan Fritsch ]
* Remove old transitional packages libapache2-mod-md and
libapache2-
[ Yadd ]
* mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
* Refresh patches
* New upstream version 2.4.59
(Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
* Refresh patches
* Update patches
* Update test framework
-- Yadd <email address hidden> Fri, 05 Apr 2024 08:08:11 +0400
apache2 (2.4.58-1) unstable; urgency=medium
[ Bas Couwenberg ]
* Provide dh-sequence-apache2 (Closes: #1050870)
[ Yadd ]
* Drop dependency to obsolete lsb-base
* New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
CVE-2023-45802)
* Refresh patches
-- Yadd <email address hidden> Thu, 19 Oct 2023 14:56:29 +0400
apache2 (2.4.57-3) unstable; urgency=medium
* Update a2enmod to drop given/when (Closes: #1050458)
* Restore changes not included in Bookworm (set -e in apache2ctl)
-- Yadd <email address hidden> Tue, 29 Aug 2023 11:39:32 +0400
apache2 (2.4.57-2) unstable; urgency=medium
### Old Ubuntu Delta ###
apache2 (2.4.62-1ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2077060). Remaining changes:
- d/index.html, d/icons/
d/
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-
(LP #609177)
- d/c/m/setenvif.
dolphin and Konqueror/5 careful redirection so that directories can be
deleted via webdav.
(LP #1927742)
- d/debhelper/
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (Closes: #1060450)
(LP #2038912)
- d/index.html, d/apache2.postrm: Fix https link to apache
documenta
(LP #2045055)
* Dropped:
- d/control, d/apache2.install, d/apache2-
d/
(LP #261198)
[Included in Debian 2.4.60-1]
- d/control: Upgrade lua build dependency to 5.4
(LP #1910372)
[Included in Debian 2.4.60-1]
-- Bryce Harrington <email address hidden> Thu, 15 Aug 2024 00:32:14 -0700
Related branches
- git-ubuntu bot: Approve
- Lena Voytek (community): Approve
- Canonical Server Reporter: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 3231 lines (+2453/-59)13 files modifieddebian/apache2-bin.install (+1/-0)
debian/apache2.postrm (+4/-0)
debian/apache2.py (+48/-0)
debian/changelog (+2291/-2)
debian/config-dir/mods-available/setenvif.conf (+2/-0)
debian/control (+2/-1)
debian/debhelper/apache2-maintscript-helper (+4/-0)
debian/index.html (+51/-56)
debian/patches/fix-dolphin-to-delete-webdav-dirs.patch (+16/-0)
debian/patches/series (+1/-0)
debian/source/include-binaries (+1/-0)
debian/tests/check-ubuntu-branding (+28/-0)
debian/tests/control (+4/-0)
CVE References
Changed in apache2 (Ubuntu): | |
milestone: | none → ubuntu-24.12 |
summary: |
- Merge apache2 from Debian unstable for jammy + Merge apache2 from Debian unstable for plucky |
Changed in apache2 (Ubuntu): | |
assignee: | nobody → Bryce Harrington (bryce) |
description: | updated |
description: | updated |
Changed in apache2 (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
Changed in apache2 (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package apache2 - 2.4.62-3ubuntu1
---------------
apache2 (2.4.62-3ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085206). Remaining changes: ubuntu- logo.png, d/apache2.postrm, source/ include- binaries, d/t/check- ubuntu- branding: Replace bin.install: Add apport hook conf, d/p/fix- dolphin- to-delete- webdav- dirs.patch: Add apache2- maintscript- helper: Allow execution when called from a tion.
- d/index.html, d/icons/
d/
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-
(LP #609177)
- d/c/m/setenvif.
dolphin and Konqueror/5 careful redirection so that directories can be
deleted via webdav.
(LP #1927742)
- d/debhelper/
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (Closes: #1060450)
(LP #2038912)
- d/index.html, d/apache2.postrm: Fix https link to apache
documenta
(LP #2045055)
apache2 (2.4.62-3) unstable; urgency=medium
* Fix debian/changelog
apache2 (2.4.62-2) unstable; urgency=medium
* Add myself as maintainer with yadd agreement.
* Fix CVE-2024-38474 regression:
Better question mark tracking to avoid UnsafeAllow3F
(Closes: #1079172)
* Fix CVE-2024-39884 regression:
Trust strings from configuration in mod_proxy
(Closes: #1079206)
-- Bryce Harrington <email address hidden> Thu, 21 Nov 2024 13:36:30 -0800