Publishing details
Changelog
apache2 (2.4.59-1+ubuntu20.04.1+deb.sury.org+1) focal; urgency=medium
* No-change backport to focal.
apache2 (2.4.59-1) unstable; urgency=medium
[ Stefan Fritsch ]
* Remove old transitional packages libapache2-mod-md and
libapache2-mod-proxy-uwsgi. Closes: #1032628
[ Yadd ]
* mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
* Refresh patches
* New upstream version 2.4.59
* Refresh patches
* Update patches
* Update test framework
apache2 (2.4.58-1) unstable; urgency=medium
[ Bas Couwenberg ]
* Provide dh-sequence-apache2 (Closes: #1050870)
[ Yadd ]
* Drop dependency to obsolete lsb-base
* New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
CVE-2023-45802)
* Refresh patches
apache2 (2.4.57-3) unstable; urgency=medium
* Update a2enmod to drop given/when (Closes: #1050458)
* Restore changes not included in Bookworm (set -e in apache2ctl)
apache2 (2.4.57-2) unstable; urgency=medium
* Revert debian/* changes (Bookworm freeze)
apache2 (2.4.57-1) unstable; urgency=medium
* New upstream version 2.4.57
* Drop 2.4.56-regression patches
apache2 (2.4.56-2) unstable; urgency=medium
* Fix regression in mod_rewrite introduced in version 2.4.56
(Closes: #1033284)
* Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)
apache2 (2.4.56-1) unstable; urgency=medium
* New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690)
apache2 (2.4.55-1) unstable; urgency=medium
[ Hendrik Jäger ]
* disable ssl session tickets
* redundant example as already enabled in the default config
* logrotate indentation
* Update example how to prevent access to VCS directories
[ lintian-brush ]
* Update lintian override info to new format:
+ debian/source/lintian-overrides: line 2, 4-5, 8
+ debian/apache2-data.lintian-overrides: line 2-5
+ debian/apache2-bin.lintian-overrides: line 3
+ debian/apache2-doc.lintian-overrides: line 2
+ debian/apache2.lintian-overrides: line 6
* Set upstream metadata fields: Repository-Browse.
* Update standards version to 4.6.2, no changes needed.
[ Yadd ]
* New upstream version (Closes: CVE-2006-20001, CVE-2022-36760,
CVE-2022-37436)
apache2 (2.4.54-5) unstable; urgency=medium
[ Hendrik Jäger ]
* fix: one oom-killed thread should not take down the whole service
* fix: remove modelines
* fix: update clickjacking protection example
* fix: use tab for indentation, even in commented examples
[ Yadd ]
* Revert "Fix: confusing and impractical naming" (unbreak squid and haproxy
tests)
apache2 (2.4.54-4) unstable; urgency=medium
[ Charles Plessy ]
* Replace mime-support transition package with media-types (Closes: #980275)
[ Hendrik Jäger ]
* fix mislead safety precautions: don't hide errors when enabling a module.
MR !20
* fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
* Fix confusing and impractical naming: rename default-ssl.conf into
000-default-ssl.conf. MR !23
* Fix confusing keyword: replace _default_ by *. MR !24
apache2 (2.4.54-3) unstable; urgency=medium
[ Hendrik Jäger ]
* Do not enable global alias /manual
* mention not enabling /manual for the docs in the NEWS
apache2 (2.4.54-2) unstable; urgency=medium
* Move cgid socket into a writeable directory (Closes: #1014056)
* Update lintian overrides
* Declare compliance with policy 4.6.1
* Install NOTICE in each package
apache2 (2.4.54-1) unstable; urgency=medium
[ Simon Deziel ]
* Escape literal "." for BrowserMatch directives in setenvif.conf
* Use non-capturing regex with FilesMatch directive in default-ssl.conf
[ Ondřej Surý ]
* New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
[ Yadd ]
* Fix htcacheclean doc (Closes: #1010455)
* New upstream version 2.4.54
apache2 (2.4.53-2) unstable; urgency=medium
* Clean useless Conflicts/Replace
* apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254)
apache2 (2.4.53-1) unstable; urgency=medium
* New upstream version 2.4.53 (Closes: CVE-2022-22719,
CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
* Update copyright
* Patches:
+ Drop fix-2.4.52-regression.patch, now included in upstream
+ Refresh fhs_compliance.patch
+ Update and disable child_processes_fail_to_start.patch
* Update test framework
* Back to unstable
apache2 (2.4.52-3) experimental; urgency=medium
* Fix autopkgtest with libpcre2 (autopkgtest still fails due to an SSL
error)
* Set hardening=+all instead of hardening=+bindnow
apache2 (2.4.52-2) experimental; urgency=medium
* Build with pcre2 (Closes: #1000114)
apache2 (2.4.52-1) unstable; urgency=medium
* Refresh suexec-custom.patch
* Update lintian overrides
* Wrap long lines in changelog entries: 2.4.51-2.
* New upstream version 2.4.52 (Closes: CVE-2021-44224, CVE-2021-44790)
* Refresh patches
apache2 (2.4.51-2) unstable; urgency=medium
* Add patch to have new macro_ignore_empty and macro_ignore_bad_nesting
parameters
apache2 (2.4.51-1) unstable; urgency=medium
* New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
* Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659)
apache2 (2.4.50-1) unstable; urgency=high
* New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
* Remove patches already merged upstream
apache2 (2.4.49-4) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patch to fix crash in 2.4.49
apache2 (2.4.49-3) unstable; urgency=medium
[ Yadd ]
* Re-export upstream signing key without extra signatures.
* Drop transition for old debug package migration.
[ Moritz Muehlenhoff ]
* Fix CVE-2021-40438 regression
apache2 (2.4.49-2) unstable; urgency=medium
[ Michiel Hazelhof ]
* Fix multi instance issue (Closes: #868861)
[ Philippe Ombredanne ]
* Fix GPL version typo in copyright file
apache2 (2.4.49-1) unstable; urgency=medium
* Update upstream GPG keys
* New upstream version 2.4.51. Closes: CVE-2021-33193, CVE-2021-34798,
CVE-2021-36160, CVE-2021-39275, CVE-2021-40438, CVE-2021-41524,
CVE-2021-41773, CVE-2021-42013)
* Refresh patches
apache2 (2.4.48-4) unstable; urgency=medium
* Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193)
apache2 (2.4.48-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Direct init script reload output from logrotate to syslog, to
avoid mail-spamming the local admin (Closes: #990580)
apache2 (2.4.48-3) unstable; urgency=medium
* Fix debian/changelog
apache2 (2.4.48-2) unstable; urgency=medium
* Back to unstable: Apache2 will follow upstream changes for Bullseye
[ Christian Ehrhardt ]
* d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
apache2 (2.4.48-1) experimental; urgency=medium
[ Daniel Lewart ]
* Update apache2.logrotate (Closes: #979813)
[ Andreas Hasenack ]
* Avoid test suite failure (Closes: #985012)
[ Yadd ]
* Update lintian overrides
* Re-export upstream signing key without extra signatures.
[ Ondřej Surý ]
* New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
CVE-2021-30641, CVE-2021-31618)
apache2 (2.4.47-1) experimental; urgency=medium
* Update upstream keys file
* New upstream version 2.4.47
* Refresh patches
apache2 (2.4.46-6) unstable; urgency=medium
* Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452,
CVE-2021-26690, CVE-2021-26691, CVE-2021-30641)
apache2 (2.4.46-5) unstable; urgency=medium
* Fix "NULL pointer dereference on specially crafted HTTP/2 request"
(Closes: #989562, CVE-2021-31618)
apache2 (2.4.46-4) unstable; urgency=medium
* Ignore other random another test failures (Closes: #979664)
apache2 (2.4.46-3) unstable; urgency=medium
* Remove postinst/preinst hooks concerning old versions
* Clean include-binaries
* Enable verbose test output during autopkgtest
* Declare compliance with policy 4.5.1
* Add debian/gbp.conf
* Disable temporary 3 subtests (Closes: #979664)
apache2 (2.4.46-2) unstable; urgency=medium
[ Jean-Michel Vourgère ]
* Man: Add missing options and see also in a2en*(8)
[ Xavier Guimard ]
* Bump debhelper compatibility level to 13
+ Set debhelper-compat version in Build-Depends.
* Use dh_installsystemd rather than deprecated dh_systemd_enable
* Add extension .da for danish language in mime.conf (Closes: #972398)
* Automatically deflate application/wasm files (Closes: #972400)
* Use "graceful-stop" in systemd ExecStop (Closes: #974665)
* Re-export upstream signing key without extra signatures.
* Ignore lintian's national-encoding tag in test framework
* Add ${misc:Pre-Depends} in apache2 package
* Update lintian overrides
* Refresh patches
* Fix little spelling errors
apache2 (2.4.46-1) unstable; urgency=medium
[ Xavier Guimard ]
* Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md
[ Timo Tijhof ]
* Compress text/javascript with mod_deflate by default (Closes: #959195)
[ Xavier Guimard ]
* Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md
* Update upstream keys
* New upstream version 2.4.46 (Closes: CVE-2020-11984, CVE-2020-11993,
CVE-2020-9490)
apache2 (2.4.43-1) unstable; urgency=medium
[ Timo Aaltonen ]
* mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST
requests (Closes: #955348)
[ Moritz Schlarb ]
* Fix logrotate script for multi-instance (Closes: #914606)
[ Xavier Guimard ]
* New upstream version 2.4.43 (Closes: CVE-2020-1927, CVE-2020-1934)
* Refresh patches
apache2 (2.4.41-5) unstable; urgency=medium
[ Xavier Guimard ]
* Avoid double mod_dav load (Closes: #951753)
[ Timo Aaltonen ]
* mod_proxy_ajp-add-secret-parameter.diff: Apply a patch from 2.4.x to fix
AJP with current tomcat.
(Closes: #954201)
-- Ondřej Surý <email address hidden> Tue, 09 Apr 2024 13:51:54 +0200
Builds
Built packages
-
apache2
Apache HTTP Server
-
apache2-bin
Apache HTTP Server (modules and other binary files)
-
apache2-bin-dbgsym
debug symbols for apache2-bin
-
apache2-data
Apache HTTP Server (common files)
-
apache2-dev
Apache HTTP Server (development headers)
-
apache2-doc
Apache HTTP Server (on-site documentation)
-
apache2-ssl-dev
Apache HTTP Server (mod_ssl development headers)
-
apache2-suexec-custom
Apache HTTP Server configurable suexec program for mod_suexec
-
apache2-suexec-custom-dbgsym
debug symbols for apache2-suexec-custom
-
apache2-suexec-pristine
Apache HTTP Server standard suexec program for mod_suexec
-
apache2-suexec-pristine-dbgsym
debug symbols for apache2-suexec-pristine
-
apache2-utils
Apache HTTP Server (utility programs for web servers)
-
apache2-utils-dbgsym
debug symbols for apache2-utils
Package files