Publishing details

Changelog

apache2 (2.4.10-1ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install: Plymouth aware passphrase dialog program
      ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.

apache2 (2.4.10-1) unstable; urgency=medium

  [ Arno Töll ]
  * New upstream version
    + Refresh debian/patches/fhs_compliance.patch
    + Security Fixes:
      - CVE-2014-0117 mod_proxy: Fix DoS that could cause a crash
      - CVE-2014-0226 Fix a race condition resulting in a heap overflow in
        scoreboard handling
      - CVE-2014-0118 mod_deflate: The DEFLATE input filter now limits the
        length and compression ratio of inflated request to mitigate a
        possible DoS
      - CVE-2014-0231 mod_cgid: Fix a denial of service against CGI scripts
    + Fixes SNI with certificate defined in global scope. (Closes: #751361)
  * Warn users if they try to disable modules that we consider essential for
    operation of the Apache web server (Closes: #709461)
  * Drop libcap from our build-dependencies. That was needed for itk which we
    gave source out to it's own package again.
  * Provide apache2.2-common package to avoid upgrading problems for people
    using --purge (apt) or --purge-unused (aptitude) even though that's
    clearly discouraged. This caused disappearing of conffiles because we move
    them from apache2.2-common to apache2 during the upgrade. Ugh. This was
    not a bug in our packaging, but an unfortunately people blame us
    nonetheless even though it's not all our fault. This alternative helps
    those people, but at the same time means that incompatible modules aren't
    force-removed by dpkg during the upgrade. Hopefully we catch all of them
    with the Breaks relation coming along (Closes: #716880, #752922, #711925)

apache2 (2.4.9-2) unstable; urgency=medium

  * Fix logic in postinst to detect existing index.* files in both
    DocumentRoots, the old /var/www and the new /var/www/html. Also
    change the compiled in default DocumentRoot to /var/www/html.
    Closes: #743915
  * Fix buffer overflows in suexec with very long (unix) usernames. Not
    exploitable due to FORTIFY_SOURCE. And creating users usually requires
    root privileges, anyway. Thanks to Luca Bruno for the report.
  * Remove conflicts of mpm modules with mpm_itk, which isn't an mpm
    anymore. Fixes a part of: #734865. libapache2-mpm-itk needs a fix, too.
  * Remove obsolete warning in a2enmod about mpm-itk.
  * Fix lintian warning: Remove image ref to w3.org, which is a privacy
    breach.
 -- Robie Basak <email address hidden>   Thu, 24 Jul 2014 15:13:16 +0000

Available diffs

Builds

Package files