-
apache2 (2.4.27-2ubuntu4.2) artful; urgency=medium
* debian/patches/includeoptional-ignore-non-existent.patch: silently
ignore a not existent file path with IncludeOptional . Closes LP:
#1766186.
-- Andreas Hasenack <email address hidden> Thu, 07 Jun 2018 17:53:23 -0300
-
apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
- debian/patches/CVE-2017-15710.patch: fix language long names
detection as short name in modules/aaa/mod_authnz_ldap.c.
- CVE-2017-15710
* SECURITY UPDATE: incorrect <FilesMatch> matching
- debian/patches/CVE-2017-15715.patch: allow to configure
global/default options for regexes, like caseless matching or
extended format in include/ap_regex.h, server/core.c,
server/util_pcre.c.
- CVE-2017-15715
* SECURITY UPDATE: mod_session header manipulation
- debian/patches/CVE-2018-1283.patch: strip Session header when
SessionEnv is on in modules/session/mod_session.c.
- CVE-2018-1283
* SECURITY UPDATE: DoS via specially-crafted request
- debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
terminated on any error, not only on buffer full in
server/protocol.c.
- CVE-2018-1301
* SECURITY UPDATE: mod_cache_socache DoS
- debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
to carriage return in modules/cache/mod_cache_socache.c.
- CVE-2018-1303
* SECURITY UPDATE: insecure nonce generation
- debian/patches/CVE-2018-1312.patch: actually use the secret when
generating nonces in modules/aaa/mod_auth_digest.c.
- CVE-2018-1312
-- Marc Deslauriers <email address hidden> Wed, 18 Apr 2018 10:20:05 -0400
-
apache2 (2.4.27-2ubuntu4) artful; urgency=medium
* Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
- added debian/patches/util_ldap_cache_lock_fix.patch
-- Rafael David Tinoco <email address hidden> Fri, 02 Mar 2018 02:14:42 +0000
-
apache2 (2.4.27-2ubuntu3) artful; urgency=medium
* SECURITY UPDATE: optionsbleed information leak
- debian/patches/CVE-2017-9798.patch: disallow method registration
at run time in server/core.c.
- CVE-2017-9798
-- Marc Deslauriers <email address hidden> Mon, 18 Sep 2017 11:05:48 -0400
-
apache2 (2.4.27-2ubuntu2) artful; urgency=medium
* Undrop (LP 1658469):
- Don't build http2 module (nghttp2 still not in main) (LP 1687454)
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
-- Marc Deslauriers <email address hidden> Wed, 02 Aug 2017 13:04:45 -0400
-
apache2 (2.4.27-2ubuntu1) artful; urgency=medium
* Merge with Debian unstable (LP: #1702582). Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
Debian with Ubuntu on default page.
+ d/source/include-binaries: add Ubuntu icon file
- Correct systemd-sysv-generator behavior by customizing some
parameters:
+ d/apache2-systemd.conf: add a drop-in file to specify some
parameters for the systemd unit (type=Forking and
RemainsAfterExit=no), this allow a correct state synchronisation
between systemctl status and actual state of apache2 daemon.
+ d/apache2.install: place the apache2-systemd.conf file in the
correct location.
-- Nishanth Aravamudan <email address hidden> Thu, 27 Jul 2017 13:38:39 -0700
-
apache2 (2.4.25-3ubuntu3) artful; urgency=medium
* Re-Drop (LP: #1658469):
- Don't build experimental http2 module for LTS:
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
+ debian/apache2.maintscript: remove http2 conffile.
-- Nishanth Aravamudan <email address hidden> Mon, 01 May 2017 09:55:11 -0700
-
apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
* Undrop (LP 1658469):
- Don't build experimental http2 module for LTS:
+ debian/control: removed libnghttp2-dev Build-Depends (in universe).
+ debian/config-dir/mods-available/http2.load: removed.
+ debian/rules: removed proxy_http2 from configure.
+ debian/apache2.maintscript: remove http2 conffile.
-- Nishanth Aravamudan <email address hidden> Fri, 10 Feb 2017 08:53:43 -0800
