apache2 2.4.10-8ubuntu1 source package in Ubuntu

Changelog

apache2 (2.4.10-8ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
  * Fixes from Debian included in merge:
    - Crash caused by OCSP stapling code; this was erroneously
      attributed to Debian in my previous merge, but actually only
      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
  * Cherry-pick versioned build-depend on dpkg from Debian for correct
    dpkg-maintscript-helper symlink_to_dir support.

apache2 (2.4.10-8) unstable; urgency=medium

  * Bump dpkg Pre-Depends to version that supports relative symlinks in
    dpkg-maintscript-helper's symlink_to_dir. Closes: #769821
  * mod_proxy_fcgi: Fix potential denial of service by malicious fcgi
    script. (CVE-2014-3583). Fix similar bug in mod_authnz_fcgi even
    though it does not seem to be exploitable.
  * mpm_event: Fix use-after-free that may lead to a server crash.
  * mod_ssl: Fix memory leak on graceful restart. Closes: #754492
  * mod_ssl: Avoid crashes during startup or graceful restart due to
    openssl using a callback to invalid memory. LP: #1366174

apache2 (2.4.10-7ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.
  * Fixes from Debian included in merge:
    - Don't use a2query in preinst, as it may not be available yet
      (LP: #1312533).
    - Crash caused by OCSP stapling code (LP: #1366174).
    - Disable SSLv3 in default config (LP: #1358305).
    - If apache2 is not configured yet, defer actions executed via
      apache2-maintscript-helper. This fixes installation failures if a
      module package is configured first (LP: #1312854).

apache2 (2.4.10-7) unstable; urgency=medium

  * Handle transitions of doc dirs and symlinks correctly during upgrade.
    Use dpkg-maintscript-helper for this and remove existing explicit logic.
    Closes: #767850
  * Remove obsolete conffiles in apache2.2-common, instead doing this only in
    apache2. This partially fixes #768815

apache2 (2.4.10-6) unstable; urgency=medium

  * Disable SSLv3 in default config. Closes: #765347
  * Pull changes from upstream 2.4.x branch up to r1632831
    - Fixes an LDAP regression in 2.4.10
    - mod_cache: Avoid sending 304 responses during failed revalidations.
      PR 56881
    - mod_status: Honor client IP address using mod_remoteip. PR 55886
  * Fix typo in package description. Closes: #765500

apache2 (2.4.10-5) unstable; urgency=medium

  * Remove one forgotten instance of ident.load in the preinst.

apache2 (2.4.10-4) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Make apache2 depend on apache2-utils. This got lost somewhere in the
    2.4 update.
  * Fix possible installation failure because of broken preinst script.
    Closes: #764498
  * Improve package descriptions. Closes: #763676

  [ Arno Töll ]
  * Add proper return codes to fail() conditions in a2query. Thanks to Ondřej
    Surý for providing a patch.

apache2 (2.4.10-3) unstable; urgency=medium

  * CVE-2014-3581: Fix a DoS in mod_cache.
  * If apache2 is not configured yet, defer actions executed via
    apache2-maintscript-helper. This fixes installation failures if a
    module package is configured first. Closes: #745834
  * Don't use a2query in preinst, as it may not be available yet.
    Closes: #745812
  * Include mod_authnz_fcgi. Closes: #762908
  * Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
  * Remove misleading sentence in apache2-bin's description. Closes: #762645
  * Remove trailing space in apache2/suexec/www-data. Closes: #719930
  * Add NEWS entry for the logrotate change in 2.4.10-2.
  * Bump Standards-version (no changes).
  * Fix lintian warning: Tweak licence short names in copyright file.

apache2 (2.4.10-2) unstable; urgency=medium

  * Pull changes from upstream 2.4.x branch up to r1626207
    + Security Fix for CVE-2013-5704: HTTP trailers could be used to
      replace HTTP headers late during request processing, potentially
      undoing or otherwise confusing modules that examined or modified
      request headers earlier.
      Adds "MergeTrailers" directive to restore legacy behavior.

  * Switch to apache2 providing the httpd and httpd-cgi virtual packages.
    The previously providing apache2-bin package lacks the configuration
    files. Closes: #756361
  * Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily
    logs. The daily graceful restart also has the advantage of regenerating
    things like TLS session ticket keys more often. Closes: #759382
  * Clarify description of apache2 package. Closes: #755976
  * In the maintainer script helper, print out Apache's error message if
    the config check fails.
  * Re-add mod_ident. It has still at least one user. LP: #1333388
 -- Robie Basak <email address hidden>   Fri, 21 Nov 2014 15:15:58 +0000