Merge apache2 from Debian unstable for 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Fix Released
|
Undecided
|
Bryce Harrington |
Bug Description
Upstream: 2.4.51
Debian: 2.4.51-1
Ubuntu: 2.4.48-3.1ubuntu3
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
apache2 (2.4.51-1) unstable; urgency=medium
* New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
* Fix apache2ctl (see https:/
-- Yadd <email address hidden> Thu, 07 Oct 2021 20:35:33 +0200
apache2 (2.4.50-1) unstable; urgency=high
* New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
* Remove patches already merged upstream
-- Ondřej Surý <email address hidden> Tue, 05 Oct 2021 13:25:23 +0200
apache2 (2.4.49-4) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patch to fix crash in 2.4.49
-- Yadd <email address hidden> Fri, 01 Oct 2021 11:34:24 +0200
apache2 (2.4.49-3) unstable; urgency=medium
[ Yadd ]
* Re-export upstream signing key without extra signatures.
* Drop transition for old debug package migration.
[ Moritz Muehlenhoff ]
* Fix CVE-2021-40438 regression
-- Yadd <email address hidden> Thu, 30 Sep 2021 06:00:06 +0200
apache2 (2.4.49-2) unstable; urgency=medium
[ Michiel Hazelhof ]
* Fix multi instance issue (Closes: #868861)
[ Philippe Ombredanne ]
* Fix GPL version typo in copyright file
-- Yadd <email address hidden> Thu, 23 Sep 2021 13:55:55 +0200
apache2 (2.4.49-1) unstable; urgency=medium
* Update upstream GPG keys
* New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160,
CVE-2021-39275, CVE-2021-40438)
* Refresh patches
-- Yadd <email address hidden> Thu, 16 Sep 2021 06:22:23 +0200
apache2 (2.4.48-4) unstable; urgency=medium
* Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193)
-- Yadd <email address hidden> Thu, 12 Aug 2021 11:37:43 +0200
apache2 (2.4.48-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Direct init script reload output from logrotate to syslog, to
avoid mail-spamming the local admin (Closes: #990580)
-- Thorsten Glaser <email address hidden> Sat, 10 Jul 2021 23:31:28 +0200
apache2 (2.4.48-3) unstable; urgency=medium
* Fix debian/changelog
-- Yadd <email address hidden> Sun, 20 Jun 2021 16:39:33 +0200
apache2 (2.4.48-2) unstable; urgency=medium
* Back to unstable: Apache2 will follow upstream changes for Bullseye
[ Christian Ehrhardt ]
* d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
-- Yadd <email address hidden> Sat, 19 Jun 2021 17:50:29 +0200
apache2 (2.4.48-1) experimental; urgency=medium
[ Daniel Lewart ]
* Update apache2.logrotate (Closes: #979813)
[ Andreas Hasenack ]
* Avoid test suite failure (Closes: #985012)
[ Yadd ]
* Update lintian overrides
* Re-export upstream signing key without extra signatures.
[ Ondřej Surý ]
* New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
CVE-2021-30641, CVE-2021-31618)
-- Ondřej Surý <email address hidden> Tue, 08 Jun 2021 08:29:35 +0200
apache2 (2.4.47-1) experimental; urgency=medium
### Old Ubuntu Delta ###
apache2 (2.4.48-3.1ubuntu3) impish; urgency=medium
* SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311)
- debian/
rules in modules/
- debian/
hostname in modules/
modules/
-- Marc Deslauriers <email address hidden> Tue, 28 Sep 2021 08:52:26 -0400
apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
* SECURITY UPDATE: request splitting over HTTP/2
- debian/
include/
include/
server/
- CVE-2021-33193
* SECURITY UPDATE: NULL deref via malformed requests
- debian/
server/
- CVE-2021-34798
* SECURITY UPDATE: DoS in mod_proxy_uwsgi
- debian/
generic worker in modules/
- CVE-2021-36160
* SECURITY UPDATE: buffer overflow in ap_escape_quotes
- debian/
substitution logic in server/util.c.
- CVE-2021-39275
* SECURITY UPDATE: arbitrary origin server via crafted request uri-path
- debian/
parsing in the 'proxy:' URL in modules/
modules/
- debian/
configured UDS path in modules/
- CVE-2021-40438
-- Marc Deslauriers <email address hidden> Thu, 23 Sep 2021 12:51:16 -0400
apache2 (2.4.48-3.1ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-
apache2.
- debian/apache2.py, debian/
(LP 609177)
- d/index.html, d/icons/
d/
page and add Ubuntu icon file. (LP 1288690)
- d/apache2ctl: Also use systemd for graceful if it is in use.
This extends an earlier fix for the start command to behave
similarly for restart / graceful. Fixes service failures on
unattended upgrade. (LP 1832182)
- d/apache2ctl: Also use /run/systemd to check for systemd usage
(LP 1918209)
-- Bryce Harrington <email address hidden> Wed, 11 Aug 2021 20:03:24 -0700
Changed in apache2 (Ubuntu): | |
assignee: | nobody → Bryce Harrington (bryce) |
description: | updated |
Changed in apache2 (Ubuntu): | |
milestone: | none → ubuntu-22.01 |
Changed in apache2 (Ubuntu): | |
milestone: | ubuntu-22.01 → ubuntu-21.12 |
Changed in apache2 (Ubuntu): | |
status: | New → In Progress |
Changed in apache2 (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in apache2 (Ubuntu): | |
status: | Fix Committed → Fix Released |
As a reminder: when working on the merge, please double-check to see if the OpenSSL 3 patches (d/p/support- openssl3- *.patch) need some kind of refresh/adjustment. They come from:
https:/ /github. com/apache/ httpd/pull/ 258