apache2 2.4.10-8ubuntu1 source package in Ubuntu

Changelog

apache2 (2.4.10-8ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
  * Fixes from Debian included in merge:
    - Crash caused by OCSP stapling code; this was erroneously
      attributed to Debian in my previous merge, but actually only
      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
  * Cherry-pick versioned build-depend on dpkg from Debian for correct
    dpkg-maintscript-helper symlink_to_dir support.

apache2 (2.4.10-8) unstable; urgency=medium

  * Bump dpkg Pre-Depends to version that supports relative symlinks in
    dpkg-maintscript-helper's symlink_to_dir. Closes: #769821
  * mod_proxy_fcgi: Fix potential denial of service by malicious fcgi
    script. (CVE-2014-3583). Fix similar bug in mod_authnz_fcgi even
    though it does not seem to be exploitable.
  * mpm_event: Fix use-after-free that may lead to a server crash.
  * mod_ssl: Fix memory leak on graceful restart. Closes: #754492
  * mod_ssl: Avoid crashes during startup or graceful restart due to
    openssl using a callback to invalid memory. LP: #1366174

apache2 (2.4.10-7ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.
  * Fixes from Debian included in merge:
    - Don't use a2query in preinst, as it may not be available yet
      (LP: #1312533).
    - Crash caused by OCSP stapling code (LP: #1366174).
    - Disable SSLv3 in default config (LP: #1358305).
    - If apache2 is not configured yet, defer actions executed via
      apache2-maintscript-helper. This fixes installation failures if a
      module package is configured first (LP: #1312854).

apache2 (2.4.10-7) unstable; urgency=medium

  * Handle transitions of doc dirs and symlinks correctly during upgrade.
    Use dpkg-maintscript-helper for this and remove existing explicit logic.
    Closes: #767850
  * Remove obsolete conffiles in apache2.2-common, instead doing this only in
    apache2. This partially fixes #768815

apache2 (2.4.10-6) unstable; urgency=medium

  * Disable SSLv3 in default config. Closes: #765347
  * Pull changes from upstream 2.4.x branch up to r1632831
    - Fixes an LDAP regression in 2.4.10
    - mod_cache: Avoid sending 304 responses during failed revalidations.
      PR 56881
    - mod_status: Honor client IP address using mod_remoteip. PR 55886
  * Fix typo in package description. Closes: #765500

apache2 (2.4.10-5) unstable; urgency=medium

  * Remove one forgotten instance of ident.load in the preinst.

apache2 (2.4.10-4) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Make apache2 depend on apache2-utils. This got lost somewhere in the
    2.4 update.
  * Fix possible installation failure because of broken preinst script.
    Closes: #764498
  * Improve package descriptions. Closes: #763676

  [ Arno Töll ]
  * Add proper return codes to fail() conditions in a2query. Thanks to Ondřej
    Surý for providing a patch.

apache2 (2.4.10-3) unstable; urgency=medium

  * CVE-2014-3581: Fix a DoS in mod_cache.
  * If apache2 is not configured yet, defer actions executed via
    apache2-maintscript-helper. This fixes installation failures if a
    module package is configured first. Closes: #745834
  * Don't use a2query in preinst, as it may not be available yet.
    Closes: #745812
  * Include mod_authnz_fcgi. Closes: #762908
  * Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
  * Remove misleading sentence in apache2-bin's description. Closes: #762645
  * Remove trailing space in apache2/suexec/www-data. Closes: #719930
  * Add NEWS entry for the logrotate change in 2.4.10-2.
  * Bump Standards-version (no changes).
  * Fix lintian warning: Tweak licence short names in copyright file.

apache2 (2.4.10-2) unstable; urgency=medium

  * Pull changes from upstream 2.4.x branch up to r1626207
    + Security Fix for CVE-2013-5704: HTTP trailers could be used to
      replace HTTP headers late during request processing, potentially
      undoing or otherwise confusing modules that examined or modified
      request headers earlier.
      Adds "MergeTrailers" directive to restore legacy behavior.

  * Switch to apache2 providing the httpd and httpd-cgi virtual packages.
    The previously providing apache2-bin package lacks the configuration
    files. Closes: #756361
  * Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily
    logs. The daily graceful restart also has the advantage of regenerating
    things like TLS session ticket keys more often. Closes: #759382
  * Clarify description of apache2 package. Closes: #755976
  * In the maintainer script helper, print out Apache's error message if
    the config check fails.
  * Re-add mod_ident. It has still at least one user. LP: #1333388
 -- Robie Basak <email address hidden>   Fri, 21 Nov 2014 15:15:58 +0000

Upload details

Uploaded by:
Robie Basak
Uploaded to:
Vivid
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.4.10.orig.tar.bz2 4.8 MiB 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a
apache2_2.4.10-8ubuntu1.debian.tar.gz 684.5 KiB 8b12299c7546efb0198f946f19f0d08bb5cef9e324879b07c18ef17e0a228d3b
apache2_2.4.10-8ubuntu1.dsc 3.1 KiB 4312055836d450829eefa1438c8b98649b69efffb10a1415b9804198f8634046

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu vivid.

No description available for apache2 in ubuntu vivid.

apache2-bin: No summary available for apache2-bin in ubuntu vivid.

No description available for apache2-bin in ubuntu vivid.

apache2-data: No summary available for apache2-data in ubuntu vivid.

No description available for apache2-data in ubuntu vivid.

apache2-dbg: No summary available for apache2-dbg in ubuntu vivid.

No description available for apache2-dbg in ubuntu vivid.

apache2-dev: No summary available for apache2-dev in ubuntu vivid.

No description available for apache2-dev in ubuntu vivid.

apache2-doc: No summary available for apache2-doc in ubuntu vivid.

No description available for apache2-doc in ubuntu vivid.

apache2-mpm-event: No summary available for apache2-mpm-event in ubuntu vivid.

No description available for apache2-mpm-event in ubuntu vivid.

apache2-mpm-itk: No summary available for apache2-mpm-itk in ubuntu vivid.

No description available for apache2-mpm-itk in ubuntu vivid.

apache2-mpm-prefork: No summary available for apache2-mpm-prefork in ubuntu vivid.

No description available for apache2-mpm-prefork in ubuntu vivid.

apache2-mpm-worker: No summary available for apache2-mpm-worker in ubuntu vivid.

No description available for apache2-mpm-worker in ubuntu vivid.

apache2-suexec: No summary available for apache2-suexec in ubuntu vivid.

No description available for apache2-suexec in ubuntu vivid.

apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu vivid.

No description available for apache2-suexec-custom in ubuntu vivid.

apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu vivid.

No description available for apache2-suexec-pristine in ubuntu vivid.

apache2-utils: No summary available for apache2-utils in ubuntu vivid.

No description available for apache2-utils in ubuntu vivid.

apache2.2-bin: No summary available for apache2.2-bin in ubuntu vivid.

No description available for apache2.2-bin in ubuntu vivid.

apache2.2-common: No summary available for apache2.2-common in ubuntu vivid.

No description available for apache2.2-common in ubuntu vivid.

libapache2-mod-macro: No summary available for libapache2-mod-macro in ubuntu vivid.

No description available for libapache2-mod-macro in ubuntu vivid.

libapache2-mod-proxy-html: No summary available for libapache2-mod-proxy-html in ubuntu vivid.

No description available for libapache2-mod-proxy-html in ubuntu vivid.