Ubuntu
apache2 package

Merge apache2 2.4.66-2 from Debian Unstable for r-series

Bug #2138379 reported by Hector CAO
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
Medium
Hector CAO

Bug Description

New apache2 version is available in Debian

It might comes with the fix for the issue : https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1832182

Related branches

~hectorcao/ubuntu/+source/apache2:merge-lp2138379-resolute
Lukas Märdian (community): Approve
Canonical Server Reporter: Pending requested
git-ubuntu import: Pending requested
Diff: 3329 lines (+2544/-59)
11 files modified
debian/apache2-bin.install (+1/-0)
debian/apache2.postrm (+4/-0)
debian/apache2.py (+48/-0)
debian/changelog (+2401/-2)
debian/config-dir/mods-available/setenvif.conf (+2/-0)
debian/control (+2/-1)
debian/debhelper/apache2-maintscript-helper (+2/-0)
debian/index.html (+51/-56)
debian/source/include-binaries (+1/-0)
debian/tests/check-ubuntu-branding (+28/-0)
debian/tests/control (+4/-0)

CVE References

Hector CAO (hectorcao)
Changed in apache2 (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Hector CAO (hectorcao)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.4.66-2ubuntu1

---------------
apache2 (2.4.66-2ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2138379). Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries, d/t/check-ubuntu-branding: Replace
      Debian with Ubuntu on default homepage.
      (LP #1966004, LP #1947459)
    - d/apache2.py, d/apache2-bin.install: Add apport hook
      (LP #609177)
    - d/c/m/setenvif.conf: Add dolphin and Konqueror/5 careful redirection so
      that directories can be deleted via webdav. (LP #1927742)
    - d/debhelper/apache2-maintscript-helper: Allow execution when called from a
      postinst script through a trigger (i.e., postinst triggered).
      Thanks to Roel van Meer. (Closes: #1060450)
      (LP #2038912)
    - d/index.html, d/apache2.postrm: Fix https link to apache
      documentation.
      (LP #2045055)

apache2 (2.4.66-2) unstable; urgency=medium

  * Update test framework
  * Parallelize tests when more than 3 CPUs are available

apache2 (2.4.66-1) unstable; urgency=medium

  [ Laurent Bigonville ]
  * Enable systemd module (Closes: #860087).
  * debian/apache2ctl: Fix the restart and greceful when using system.
    When apache is not running and restart or greceful is called, apache
    was running in the user cgroup and system was be confused
    (Closes: #927302).
    This will also avoid to leak fd to apache
    (Closes: #713967).

  [ Helmut Grohne ]
  * Fix FTCBFS: (Closes: #913094)
    + Annotate perl build dependency with :any.
    + cross.patch: Use AC_PATH_TOOL to find pkg-config.
    + Generate server/test_char.h ahead of the build

  [ Jason Perrin ]
  * Fix packaging steps undo setting of setuid bit
    (Closes: #900612)

  [ Bastien Roucariès]
  * Harden systemd services. Set ProtectSystem=full
    ProtectHome=read-only, RestrictSUIDSGID=yes.
    This may break read-write CGI script to /home and
    WebDaV or other CGI/php/lua uses.
  * Move /var/run to /run and /var/lock to /run/lock
  * Allow CAP_SYS_CHROOT for chroot
    (Closes: #1091855)
  * Remove apache2 IPC

  [ Moritz Schlarb ]
  * Support Rules-Requires-Root: no (Closes: #1105015)

  [ Yadd ]
  * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098,
    CVE-2025-59775, CVE-2025-65082, CVE-2025-66200)

 -- Hector Cao <email address hidden> Wed, 14 Jan 2026 16:39:27 +0100

Changed in apache2 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.