apache2 2.4.38-2ubuntu1 source package in Ubuntu

Changelog

apache2 (2.4.38-2ubuntu1) disco; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
   - debian/patches/086_svn_cross_compiles: Backport several cross
     fixes from upstream
     [Removed configure chunk, not needed since configure.in is being
      patched.]
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - d/t/control, d/t/check-http2: add basic test for http2 support
  * Dropped:
    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
      cannot be coinstalled with libcurl3. That situation breaks the
      installation of libapache2-mod-shib2.  See
      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
      for details.
      [This has been resolved in Disco, where libxmltooling8 is built with
      openssl 1.1]
    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
      + debian/patches/CVE-2018-11763.patch: rework connection IO event
        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
        modules/http2/h2_version.h.
        - CVE-2018-11763
        [Fixed in 2.4.35]

apache2 (2.4.38-2) unstable; urgency=medium

  * Disable "reset" test in allowmethods.t (Closes: #921024)

apache2 (2.4.38-1) unstable; urgency=medium

  [ Jelmer Vernooń≥ ]
  * Reverted for now: Transition to automatic debug package (from: apache2-dbg)
  * Trim trailing whitespace
  * Use secure copyright file specification URI

  [ Niels Thykier ]
  * Add Rules-Requires-Root: binary-targets

  [ Xavier Guimard ]
  * Convert signing-key.pgp into signing-key.asc
  * Add http2.conf (Closes: #880993)
  * Remove unnecessary greater-than versioned dependency to dpkg-dev,
    libbrotli-dev and libapache2-mod-md
  * Declare compliance with policy 4.2.1
  * Add spelling errors patch (reported)
  * Fix some spelling errors in debian files
  * Add myself to uploaders
  * Refresh patches
  * Bump debhelper compatibility level to 10
  * debian/rules:
    - Remove unnecessary dh argument --parallel
    - use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog
  * Add upstream/metadata
  * Replace MIT by Expat in debian/copyright
  * debian/watch: use https url
  * Add documentation links in systemd service files
  * Team upload

  [ Cyrille Bollu ]
  * Put HTTP2 configuration within <IfModule !mpm_prefork></IfModule> tags as
    it gets automatically de-activated upon apache 'startup when using
    mpm_prefork.
  * Updated http2.conf to inform user that they may want to change their
    LogFormat directives.

  [ Xavier Guimard ]
  * New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
  * Refresh patches
  * Remove setenvifexpr.diff patch now included in upstream
  * Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
  * Add a "sleep" in debian/tests/htcacheclean and skip result if "stop" failed
  * Declare compliance with policy 4.3.0
  * Fix homepage to https
  * Update debian/copyright

apache2 (2.4.37-1) unstable; urgency=medium

  * New upstream version
    - mod_ssl: Add support for TLSv1.3
  * Add docs symlink for libapache2-mod-proxy-uwsgi.  Closes: #910218
  * Update test-framework to r1845652
  * Fix test suite to actually run by creating a test user. It turns out
    the test suite refuses to run as root but returns true even in that
    case. It seems this has been broken since 2.4.27-4, where the test suite
    had been updated and the debci test duration dropped from 15min to
    3min. Also, don't rely on the exit status anymore but parse the test
    output.
  * Backport a fix from trunk for SetEnvIfExpr. This fixes a test failure.

apache2 (2.4.35-1) unstable; urgency=medium

  * New upstream version 2.4.35
    Security fix:
    - CVE-2018-11763: DoS for HTTP/2 connections by continuous SETTINGS
      Closes: #909591
  * Fix lintian warning: Don't force xz in builddeb override.

 -- Andreas Hasenack <email address hidden>  Sun, 03 Feb 2019 14:57:13 -0200

Upload details

Uploaded by:
Andreas Hasenack on 2019-02-05
Uploaded to:
Disco
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Disco release on 2019-02-05 main web

Downloads

File Size SHA-256 Checksum
apache2_2.4.38.orig.tar.gz 8.8 MiB 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6
apache2_2.4.38-2ubuntu1.debian.tar.xz 1002.9 KiB 378f1646b15c2ac272335b0b8569091cefe969f1b4fdf0d43360038f9007efb9
apache2_2.4.38-2ubuntu1.dsc 3.3 KiB 73870d369b2177baa47f6c94fd42842bbe34340f66e0daffb3e17a72ed4b4731

View changes file

Binary packages built by this source

apache2: Apache HTTP Server

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 Installing this package results in a full installation, including the
 configuration files, init scripts and support scripts.

apache2-bin: Apache HTTP Server (modules and other binary files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains the binaries only and does not set up a working
 web-server instance. Install the "apache2" package to get a fully working
 instance.

apache2-bin-dbgsym: debug symbols for apache2-bin
apache2-data: Apache HTTP Server (common files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains architecture-independent common files such as icons,
 error pages and static index files.

apache2-dev: Apache HTTP Server (development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides development headers and the apxs2 binary for the Apache
 2 HTTP server, useful to develop and link third party additions to the Debian
 Apache HTTP server package.
 .
 It also provides dh_apache2 and dh sequence addons useful to install various
 Debian Apache2 extensions with debhelper. It supports
  - Apache 2 module configurations and shared objects
  - Site configuration files
  - Global configuration files

apache2-doc: Apache HTTP Server (on-site documentation)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the documentation for the Apache 2 HTTP server. The
 documentation is shipped in HTML format and can be accessed from a local
 running Apache HTTP server instance or by browsing the file system directly.

apache2-ssl-dev: Apache HTTP Server (mod_ssl development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the development header and the dependencies for
 modules that interact with mod_ssl's internal openssl state.

apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec

 Provides a customizable version of the suexec helper program for mod_suexec.
 This is not the version from upstream, but can be configured with a
 configuration file.
 .
 If you do not need non-standard document root or userdir settings, it is
 recommended that you use the standard suexec helper program from the
 apache2-suexec-pristine package instead.

apache2-suexec-custom-dbgsym: debug symbols for apache2-suexec-custom
apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec

 Provides the standard suexec helper program for mod_suexec. This version is
 compiled with document root /var/www and userdir suffix public_html. If you
 need different settings, use the package apache2-suexec-custom.

apache2-suexec-pristine-dbgsym: debug symbols for apache2-suexec-pristine
apache2-utils: Apache HTTP Server (utility programs for web servers)

 Provides some add-on programs useful for any web server. These include:
  - ab (Apache benchmark tool)
  - fcgistarter (Start a FastCGI program)
  - logresolve (Resolve IP addresses to hostnames in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - htcacheclean (Clean up the disk cache)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from Apache log files)
  - httxt2dbm (Generate dbm files for use with RewriteMap)

apache2-utils-dbgsym: debug symbols for apache2-utils
libapache2-mod-md: transitional package

 This is a transitional package to apache2 for users of libapache2-mod-md.
 It can be safely removed after the installation is complete.

libapache2-mod-proxy-uwsgi: transitional package

 This is a transitional package to apache2 for users of
 libapache2-mod-proxy-uwsgi.
 It can be safely removed after the installation is complete.