apache2 (2.4.38-2ubuntu1) disco; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
[Removed configure chunk, not needed since configure.in is being
patched.]
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- d/t/control, d/t/check-http2: add basic test for http2 support
* Dropped:
- d/control, d/rules, d/config-dir/mods-available/md.load: don't build
libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
cannot be coinstalled with libcurl3. That situation breaks the
installation of libapache2-mod-shib2. See
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
for details.
[This has been resolved in Disco, where libxmltooling8 is built with
openssl 1.1]
- SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
+ debian/patches/CVE-2018-11763.patch: rework connection IO event
handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
modules/http2/h2_version.h.
- CVE-2018-11763
[Fixed in 2.4.35]
apache2 (2.4.38-2) unstable; urgency=medium
* Disable "reset" test in allowmethods.t (Closes: #921024)
apache2 (2.4.38-1) unstable; urgency=medium
[ Jelmer Vernooij ]
* Reverted for now: Transition to automatic debug package (from: apache2-dbg)
* Trim trailing whitespace
* Use secure copyright file specification URI
[ Niels Thykier ]
* Add Rules-Requires-Root: binary-targets
[ Xavier Guimard ]
* Convert signing-key.pgp into signing-key.asc
* Add http2.conf (Closes: #880993)
* Remove unnecessary greater-than versioned dependency to dpkg-dev,
libbrotli-dev and libapache2-mod-md
* Declare compliance with policy 4.2.1
* Add spelling errors patch (reported)
* Fix some spelling errors in debian files
* Add myself to uploaders
* Refresh patches
* Bump debhelper compatibility level to 10
* debian/rules:
- Remove unnecessary dh argument --parallel
- use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog
* Add upstream/metadata
* Replace MIT by Expat in debian/copyright
* debian/watch: use https url
* Add documentation links in systemd service files
* Team upload
[ Cyrille Bollu ]
* Put HTTP2 configuration within <IfModule !mpm_prefork></IfModule> tags as
it gets automatically de-activated upon apache 'startup when using
mpm_prefork.
* Updated http2.conf to inform user that they may want to change their
LogFormat directives.
[ Xavier Guimard ]
* New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
* Refresh patches
* Remove setenvifexpr.diff patch now included in upstream
* Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
* Add a "sleep" in debian/tests/htcacheclean and skip result if "stop" failed
* Declare compliance with policy 4.3.0
* Fix homepage to https
* Update debian/copyright
apache2 (2.4.37-1) unstable; urgency=medium
* New upstream version
- mod_ssl: Add support for TLSv1.3
* Add docs symlink for libapache2-mod-proxy-uwsgi. Closes: #910218
* Update test-framework to r1845652
* Fix test suite to actually run by creating a test user. It turns out
the test suite refuses to run as root but returns true even in that
case. It seems this has been broken since 2.4.27-4, where the test suite
had been updated and the debci test duration dropped from 15min to
3min. Also, don't rely on the exit status anymore but parse the test
output.
* Backport a fix from trunk for SetEnvIfExpr. This fixes a test failure.
apache2 (2.4.35-1) unstable; urgency=medium
* New upstream version 2.4.35
Security fix:
- CVE-2018-11763: DoS for HTTP/2 connections by continuous SETTINGS
Closes: #909591
* Fix lintian warning: Don't force xz in builddeb override.
-- Andreas Hasenack <email address hidden> Sun, 03 Feb 2019 14:57:13 -0200