Merge apache2 from Debian Unstable for r-series
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apache2 (Ubuntu) |
Fix Released
|
Medium
|
Renan Rodrigo | ||
Bug Description
Scheduled-For: ubuntu-25.11
Ubuntu: 2.4.64-1ubuntu3
Debian Unstable: 2.4.65-3
A new release of apache2 is available for merging from Debian Unstable.
If it turns out this needs a sync rather than a merge, please change the tagging from ['needs-merge', 'upgrade-
If this merge pulls in a new upstream version, also consider adding an entry to the r-series Release Notes: https:/
### New Debian Changes ###
apache2 (2.4.65-3) unstable; urgency=medium
* Change default LANG in envvars from C to C.UTF-8
(Closes: #787584)
* systemd service apache2 is aliased to httpd
(Closes: #915855)
* document a2* environment files in man page
(Closes: #880421)
* Failing test in its test suite
(Closes: #1107289, LP: #2112429)
* Restart on-abnormal instead of on-abort
(Closes: #1106280)
* Allow triggers to use maintscript helper to restart apache
(LP: #2038912)
-- Bastien Roucariès <email address hidden> Mon, 11 Aug 2025 19:07:56 +0200
apache2 (2.4.65-2) unstable; urgency=high
* Fix SSLProtocol has a duplicate "all"
(Closes: #1109839)
* Warn about misconfigured load balancer following fix of
CVE-2025-23048.
-- Bastien Roucariès <email address hidden> Tue, 29 Jul 2025 19:52:31 +0200
apache2 (2.4.65-1) unstable; urgency=medium
* New upstream version 2.4.65 (Closes: CVE-2025-54090)
* Unfuzz patch
-- Yadd <email address hidden> Wed, 23 Jul 2025 16:05:45 +0200
apache2 (2.4.64-2) UNRELEASED; urgency=medium
* Per RFC 8996 disable by default TLS 1.0 and TLS 1.1
(Closes: #943415)
-- Bastien Roucariès <email address hidden> Thu, 17 Jul 2025 18:03:42 +0200
### Old Ubuntu Delta ###
apache2 (2.4.64-1ubuntu3) questing; urgency=medium
* Rebuild to include updated RISC-V base ISA RVA23
-- Heinrich Schuchardt <email address hidden> Wed, 03 Sep 2025 14:58:51 +0000
apache2 (2.4.64-1ubuntu2) questing; urgency=medium
* SECURITY UPDATE: incorrect RewriteCond expr handling
- debian/
modules/
- CVE-2025-54090
-- Marc Deslauriers <email address hidden> Wed, 23 Jul 2025 14:22:41 -0400
apache2 (2.4.64-1ubuntu1) questing; urgency=medium
* Merge with Debian Unstable. Remaining changes:
- d/index.html, d/icons/
d/
Debian with Ubuntu on default homepage (LP: 1966004, LP: 1947459).
- d/apache2.py, d/apache2-
- d/debhelper/
a postinst script through a trigger (i.e., postinst triggered). Thanks
to Roel van Meer (Closes: 1060450, LP: 2038912).
- d/index.html, d/apache2.postrm: Fix HTTPS link to Apache
documentation (LP: 2045055).
- d/perl-
revisions to address changes in libxml2 changes. (LP: 2112429)
-- Marc Deslauriers <email address hidden> Wed, 16 Jul 2025 17:30:33 -0400
Related branches
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 3301 lines (+2523/-59)11 files modifieddebian/apache2-bin.install (+1/-0)
debian/apache2.postrm (+4/-0)
debian/apache2.py (+48/-0)
debian/changelog (+2380/-2)
debian/config-dir/mods-available/setenvif.conf (+2/-0)
debian/control (+2/-1)
debian/debhelper/apache2-maintscript-helper (+2/-0)
debian/index.html (+51/-56)
debian/source/include-binaries (+1/-0)
debian/tests/check-ubuntu-branding (+28/-0)
debian/tests/control (+4/-0)
CVE References
| Changed in apache2 (Ubuntu): | |
| assignee: | nobody → Lena Voytek (lvoytek) |
| Changed in apache2 (Ubuntu): | |
| milestone: | none → ubuntu-26.01 |
| Changed in apache2 (Ubuntu): | |
| importance: | Undecided → Medium |
| Changed in apache2 (Ubuntu): | |
| assignee: | Lena Voytek (lvoytek) → Renan Rodrigo (rr) |
| Changed in apache2 (Ubuntu): | |
| status: | New → In Progress |
| milestone: | ubuntu-26.01 → ubuntu-25.11 |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in apache2 (Ubuntu): | |
| status: | In Progress → Fix Released |
This bug was fixed in the package apache2 - 2.4.65-3ubuntu1
---------------
apache2 (2.4.65-3ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2126015). Remaining changes:
- d/index.html, d/icons/
d/
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-
(LP #609177)
- d/c/m/setenvif.
that directories can be deleted via webdav. (LP #1927742)
- d/debhelper/
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (Closes: #1060450)
(LP #2038912)
- d/index.html, d/apache2.postrm: Fix https link to apache
documenta
(LP #2045055)
* Dropped changes:
- d/p/CVE-
modules/
[ Applied upstream in version 2.4.65 ]
apache2 (2.4.65-3) unstable; urgency=medium
* Change default LANG in envvars from C to C.UTF-8
(Closes: #787584)
* systemd service apache2 is aliased to httpd
(Closes: #915855)
* document a2* environment files in man page
(Closes: #880421)
* Failing test in its test suite
(Closes: #1107289, LP: #2112429)
* Restart on-abnormal instead of on-abort
(Closes: #1106280)
* Allow triggers to use maintscript helper to restart apache
(LP: #2038912)
apache2 (2.4.65-2) unstable; urgency=high
* Fix SSLProtocol has a duplicate "all"
(Closes: #1109839)
* Warn about misconfigured load balancer following fix of
CVE-2025-23048.
apache2 (2.4.65-1) unstable; urgency=medium
* New upstream version 2.4.65 (Closes: CVE-2025-54090)
* Unfuzz patch
apache2 (2.4.64-2) UNRELEASED; urgency=medium
* Per RFC 8996 disable by default TLS 1.0 and TLS 1.1
(Closes: #943415)
-- Renan Rodrigo <email address hidden> Mon, 17 Nov 2025 09:22:55 -0300