Format: 1.8
Date: Tue, 09 Apr 2024 13:52:19 +0200
Source: apache2
Architecture: source
Version: 2.4.59-1+ubuntu22.04.1+deb.sury.org+1
Distribution: jammy
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Closes: 980275 1000114 1007254 1010455 1012513 1014056 1032476 1032628 1033284 1033408 1050458 1050870 1054564
Changes:
 apache2 (2.4.59-1+ubuntu22.04.1+deb.sury.org+1) jammy; urgency=medium
 .
   * No-change backport to jammy.
 .
 apache2 (2.4.59-1) unstable; urgency=medium
 .
   [ Stefan Fritsch ]
   * Remove old transitional packages libapache2-mod-md and
     libapache2-mod-proxy-uwsgi. Closes: #1032628
 .
   [ Yadd ]
   * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
   * Refresh patches
   * New upstream version 2.4.59
   * Refresh patches
   * Update patches
   * Update test framework
 .
 apache2 (2.4.58-1) unstable; urgency=medium
 .
   [ Bas Couwenberg ]
   * Provide dh-sequence-apache2 (Closes: #1050870)
 .
   [ Yadd ]
   * Drop dependency to obsolete lsb-base
   * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
     CVE-2023-45802)
   * Refresh patches
 .
 apache2 (2.4.57-3) unstable; urgency=medium
 .
   * Update a2enmod to drop given/when (Closes: #1050458)
   * Restore changes not included in Bookworm (set -e in apache2ctl)
 .
 apache2 (2.4.57-2) unstable; urgency=medium
 .
   * Revert debian/* changes (Bookworm freeze)
 .
 apache2 (2.4.57-1) unstable; urgency=medium
 .
   * New upstream version 2.4.57
   * Drop 2.4.56-regression patches
 .
 apache2 (2.4.56-2) unstable; urgency=medium
 .
   * Fix regression in mod_rewrite introduced in version 2.4.56
     (Closes: #1033284)
   * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)
 .
 apache2 (2.4.56-1) unstable; urgency=medium
 .
   * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690)
 .
 apache2 (2.4.55-1) unstable; urgency=medium
 .
   [ Hendrik Jäger ]
   * disable ssl session tickets
   * redundant example as already enabled in the default config
   * logrotate indentation
   * Update example how to prevent access to VCS directories
 .
   [ lintian-brush ]
   * Update lintian override info to new format:
     + debian/source/lintian-overrides: line 2, 4-5, 8
     + debian/apache2-data.lintian-overrides: line 2-5
     + debian/apache2-bin.lintian-overrides: line 3
     + debian/apache2-doc.lintian-overrides: line 2
     + debian/apache2.lintian-overrides: line 6
   * Set upstream metadata fields: Repository-Browse.
   * Update standards version to 4.6.2, no changes needed.
 .
   [ Yadd ]
   * New upstream version (Closes: CVE-2006-20001, CVE-2022-36760,
     CVE-2022-37436)
 .
 apache2 (2.4.54-5) unstable; urgency=medium
 .
   [ Hendrik Jäger ]
   * fix: one oom-killed thread should not take down the whole service
   * fix: remove modelines
   * fix: update clickjacking protection example
   * fix: use tab for indentation, even in commented examples
 .
   [ Yadd ]
   * Revert "Fix: confusing and impractical naming" (unbreak squid and haproxy
     tests)
 .
 apache2 (2.4.54-4) unstable; urgency=medium
 .
   [ Charles Plessy ]
   * Replace mime-support transition package with media-types (Closes: #980275)
 .
   [ Hendrik Jäger ]
   * fix mislead safety precautions: don't hide errors when enabling a module.
     MR !20
   * fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
   * Fix confusing and impractical naming: rename default-ssl.conf into
     000-default-ssl.conf. MR !23
   * Fix confusing keyword: replace _default_ by *. MR !24
 .
 apache2 (2.4.54-3) unstable; urgency=medium
 .
   [ Hendrik Jäger ]
   * Do not enable global alias /manual
   * mention not enabling /manual for the docs in the NEWS
 .
 apache2 (2.4.54-2) unstable; urgency=medium
 .
   * Move cgid socket into a writeable directory (Closes: #1014056)
   * Update lintian overrides
   * Declare compliance with policy 4.6.1
   * Install NOTICE in each package
 .
 apache2 (2.4.54-1) unstable; urgency=medium
 .
   [ Simon Deziel ]
   * Escape literal "." for BrowserMatch directives in setenvif.conf
   * Use non-capturing regex with FilesMatch directive in default-ssl.conf
 .
   [ Ondřej Surý ]
   * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
     CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
     CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
   * New upstream version 2.4.54
 .
 apache2 (2.4.53-2) unstable; urgency=medium
 .
   * Clean useless Conflicts/Replace
   * apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254)
 .
 apache2 (2.4.53-1) unstable; urgency=medium
 .
   * New upstream version 2.4.53 (Closes: CVE-2022-22719,
     CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
   * Update copyright
   * Patches:
     + Drop fix-2.4.52-regression.patch, now included in upstream
     + Refresh fhs_compliance.patch
     + Update and disable child_processes_fail_to_start.patch
   * Update test framework
   * Back to unstable
 .
 apache2 (2.4.52-3) experimental; urgency=medium
 .
   * Fix autopkgtest with libpcre2 (autopkgtest still fails due to an SSL
     error)
   * Set hardening=+all instead of hardening=+bindnow
 .
 apache2 (2.4.52-2) experimental; urgency=medium
 .
   * Build with pcre2 (Closes: #1000114)
Checksums-Sha1:
 9e83ef98e598aaadc2df1ec9759928053b5d4fe6 3567 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.dsc
 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz
 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc
 88256f0eb96ab1d438e705ff89aab326e17c2c05 819792 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.debian.tar.xz
 40037f01239beb66f0ce3375d2036338ec5f1298 9343 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1_source.buildinfo
Checksums-Sha256:
 d3cc27f2c8adf65e389052595a53c27592a60d2b9835984f3cfab74e241dca65 3567 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.dsc
 e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz
 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc
 0c1297d19996b895735464d4387262d1306e9b7ab7f5b9206e5c6a888ad4e80d 819792 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.debian.tar.xz
 7bed78eef4f1747f11f6d48b61d0a9c29049e3ee05d50cfc0a4d4787884e3840 9343 apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1_source.buildinfo
Files:
 2cb3b44b54df57a723e83dc25473f570 3567 httpd optional apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.dsc
 c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz
 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc
 53c986d6231c9d856acfa642719b5dc1 819792 httpd optional apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1.debian.tar.xz
 70c656e6b679d3c9b3ce54a6bafd6c60 9343 httpd optional apache2_2.4.59-1+ubuntu22.04.1+deb.sury.org+1_source.buildinfo