** Changed in: apache2 (Ubuntu)
Assignee: (unassigned) => Bryce Harrington (bryce)
** Description changed:
Upstream: 2.4.62
Debian: 2.4.62-3 2.4.62-4
Ubuntu: 2.4.62-1ubuntu1
-
Debian new has 2.4.62-4, which may be available for merge soon.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
If this merge pulls in a new upstream version, also consider adding an
- entry to the Jammy Release Notes:
+ entry to the Plucky Release Notes:
https://discourse.ubuntu.com/c/release/38
-
### New Debian Changes ###
apache2 (2.4.62-3) unstable; urgency=medium
- * Fix debian/changelog
+ * Fix debian/changelog
- -- Bastien Roucariès <[email protected]> Fri, 04 Oct 2024 13:35:02
+ -- Bastien Roucariès <[email protected]> Fri, 04 Oct 2024 13:35:02
+0000
apache2 (2.4.62-2) unstable; urgency=medium
- * Add myself as maintainer with yadd agreement.
- * Fix CVE-2024-38474 regression:
- Better question mark tracking to avoid UnsafeAllow3F
- (Closes: #1079172)
- * Fix CVE-2024-39884 regression:
- Trust strings from configuration in mod_proxy
- (Closes: #1079206)
+ * Add myself as maintainer with yadd agreement.
+ * Fix CVE-2024-38474 regression:
+ Better question mark tracking to avoid UnsafeAllow3F
+ (Closes: #1079172)
+ * Fix CVE-2024-39884 regression:
+ Trust strings from configuration in mod_proxy
+ (Closes: #1079206)
- -- Bastien Roucariès <[email protected]> Sun, 29 Sep 2024 18:47:03
+ -- Bastien Roucariès <[email protected]> Sun, 29 Sep 2024 18:47:03
+0000
apache2 (2.4.62-1) unstable; urgency=medium
- * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)
+ * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)
- -- Yadd <[email protected]> Thu, 18 Jul 2024 06:56:52 +0400
+ -- Yadd <[email protected]> Thu, 18 Jul 2024 06:56:52 +0400
apache2 (2.4.61-1) unstable; urgency=medium
- * New upstream version 2.4.61 (Closes: CVE-2024-39884)
+ * New upstream version 2.4.61 (Closes: CVE-2024-39884)
- -- Yadd <[email protected]> Wed, 03 Jul 2024 19:22:29 +0400
+ -- Yadd <[email protected]> Wed, 03 Jul 2024 19:22:29 +0400
apache2 (2.4.60-1) unstable; urgency=medium
- [ Bastien Roucariès ]
- * Forward port CVE-2023-25690 uwsgi tests
- * Fix depends of uwsgi test
- * Use python3 uwsgi plugin
- * Encode bytes for uwsgi test
+ [ Bastien Roucariès ]
+ * Forward port CVE-2023-25690 uwsgi tests
+ * Fix depends of uwsgi test
+ * Use python3 uwsgi plugin
+ * Encode bytes for uwsgi test
- [ Bryce Harrington ]
- * Add UFW profile integration (Closes: #1071705)
+ [ Bryce Harrington ]
+ * Add UFW profile integration (Closes: #1071705)
- [Chris Murray]
- * Use https instead of http in doc (LP: #2045055)
+ [Chris Murray]
+ * Use https instead of http in doc (LP: #2045055)
- [ Yadd ]
- * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
- * Update test framework
- * releasing package apache2 version 2.4.59-1~deb12u1
- * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
- CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
- CVE-2024-38477, CVE-2024-39573)
- * Unfuzz patches
+ [ Yadd ]
+ * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
+ * Update test framework
+ * releasing package apache2 version 2.4.59-1~deb12u1
+ * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
+ CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
+ CVE-2024-38477, CVE-2024-39573)
+ * Unfuzz patches
- -- Yadd <[email protected]> Mon, 01 Jul 2024 18:04:08 +0400
+ -- Yadd <[email protected]> Mon, 01 Jul 2024 18:04:08 +0400
apache2 (2.4.59-2) unstable; urgency=medium
- * Breaks against fossil due to CVE-2024-24795 follows up
+ * Breaks against fossil due to CVE-2024-24795 follows up
- -- Bastien Roucariès <[email protected]> Mon, 29 Apr 2024 21:55:28
+ -- Bastien Roucariès <[email protected]> Mon, 29 Apr 2024 21:55:28
+0000
apache2 (2.4.59-1) unstable; urgency=medium
- [ Stefan Fritsch ]
- * Remove old transitional packages libapache2-mod-md and
- libapache2-mod-proxy-uwsgi. Closes: #1032628
+ [ Stefan Fritsch ]
+ * Remove old transitional packages libapache2-mod-md and
+ libapache2-mod-proxy-uwsgi. Closes: #1032628
- [ Yadd ]
- * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
- * Refresh patches
- * New upstream version 2.4.59
- (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
- * Refresh patches
- * Update patches
- * Update test framework
+ [ Yadd ]
+ * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
+ * Refresh patches
+ * New upstream version 2.4.59
+ (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
+ * Refresh patches
+ * Update patches
+ * Update test framework
- -- Yadd <[email protected]> Fri, 05 Apr 2024 08:08:11 +0400
+ -- Yadd <[email protected]> Fri, 05 Apr 2024 08:08:11 +0400
apache2 (2.4.58-1) unstable; urgency=medium
- [ Bas Couwenberg ]
- * Provide dh-sequence-apache2 (Closes: #1050870)
+ [ Bas Couwenberg ]
+ * Provide dh-sequence-apache2 (Closes: #1050870)
- [ Yadd ]
- * Drop dependency to obsolete lsb-base
- * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
- CVE-2023-45802)
- * Refresh patches
+ [ Yadd ]
+ * Drop dependency to obsolete lsb-base
+ * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
+ CVE-2023-45802)
+ * Refresh patches
- -- Yadd <[email protected]> Thu, 19 Oct 2023 14:56:29 +0400
+ -- Yadd <[email protected]> Thu, 19 Oct 2023 14:56:29 +0400
apache2 (2.4.57-3) unstable; urgency=medium
- * Update a2enmod to drop given/when (Closes: #1050458)
- * Restore changes not included in Bookworm (set -e in apache2ctl)
+ * Update a2enmod to drop given/when (Closes: #1050458)
+ * Restore changes not included in Bookworm (set -e in apache2ctl)
- -- Yadd <[email protected]> Tue, 29 Aug 2023 11:39:32 +0400
+ -- Yadd <[email protected]> Tue, 29 Aug 2023 11:39:32 +0400
apache2 (2.4.57-2) unstable; urgency=medium
-
-
### Old Ubuntu Delta ###
apache2 (2.4.62-1ubuntu1) oracular; urgency=medium
- * Merge with Debian unstable (LP: #2077060). Remaining changes:
- - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
- d/source/include-binaries, d/t/check-ubuntu-branding: Replace
- Debian with Ubuntu on default homepage.
- (LP #1966004, LP #1947459)
- - d/apache2.py, d/apache2-bin.install: Add apport hook
- (LP #609177)
- - d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
- dolphin and Konqueror/5 careful redirection so that directories can be
- deleted via webdav.
- (LP #1927742)
- - d/debhelper/apache2-maintscript-helper: Allow execution when called
from a
- postinst script through a trigger (i.e., postinst triggered).
- Thanks to Roel van Meer. (Closes: #1060450)
- (LP #2038912)
- - d/index.html, d/apache2.postrm: Fix https link to apache
- documentation.
- (LP #2045055)
- * Dropped:
- - d/control, d/apache2.install, d/apache2-utils.ufw.profile,
- d/apache2.dirs: Add ufw profiles
- (LP #261198)
- [Included in Debian 2.4.60-1]
- - d/control: Upgrade lua build dependency to 5.4
- (LP #1910372)
- [Included in Debian 2.4.60-1]
-
- -- Bryce Harrington <[email protected]> Thu, 15 Aug 2024 00:32:14 -0700
+ * Merge with Debian unstable (LP: #2077060). Remaining changes:
+ - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
+ d/source/include-binaries, d/t/check-ubuntu-branding: Replace
+ Debian with Ubuntu on default homepage.
+ (LP #1966004, LP #1947459)
+ - d/apache2.py, d/apache2-bin.install: Add apport hook
+ (LP #609177)
+ - d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
+ dolphin and Konqueror/5 careful redirection so that directories can be
+ deleted via webdav.
+ (LP #1927742)
+ - d/debhelper/apache2-maintscript-helper: Allow execution when called
from a
+ postinst script through a trigger (i.e., postinst triggered).
+ Thanks to Roel van Meer. (Closes: #1060450)
+ (LP #2038912)
+ - d/index.html, d/apache2.postrm: Fix https link to apache
+ documentation.
+ (LP #2045055)
+ * Dropped:
+ - d/control, d/apache2.install, d/apache2-utils.ufw.profile,
+ d/apache2.dirs: Add ufw profiles
+ (LP #261198)
+ [Included in Debian 2.4.60-1]
+ - d/control: Upgrade lua build dependency to 5.4
+ (LP #1910372)
+ [Included in Debian 2.4.60-1]
+
+ -- Bryce Harrington <[email protected]> Thu, 15 Aug 2024 00:32:14
+ -0700
** Description changed:
Upstream: 2.4.62
Debian: 2.4.62-3 2.4.62-4
Ubuntu: 2.4.62-1ubuntu1
Debian new has 2.4.62-4, which may be available for merge soon.
-
- If it turns out this needs a sync rather than a merge, please change the
- tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
- desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the Plucky Release Notes:
https://discourse.ubuntu.com/c/release/38
### New Debian Changes ###
apache2 (2.4.62-3) unstable; urgency=medium
* Fix debian/changelog
-- Bastien Roucariès <[email protected]> Fri, 04 Oct 2024 13:35:02
+0000
apache2 (2.4.62-2) unstable; urgency=medium
* Add myself as maintainer with yadd agreement.
* Fix CVE-2024-38474 regression:
Better question mark tracking to avoid UnsafeAllow3F
(Closes: #1079172)
* Fix CVE-2024-39884 regression:
Trust strings from configuration in mod_proxy
(Closes: #1079206)
-- Bastien Roucariès <[email protected]> Sun, 29 Sep 2024 18:47:03
+0000
apache2 (2.4.62-1) unstable; urgency=medium
* New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)
-- Yadd <[email protected]> Thu, 18 Jul 2024 06:56:52 +0400
apache2 (2.4.61-1) unstable; urgency=medium
* New upstream version 2.4.61 (Closes: CVE-2024-39884)
-- Yadd <[email protected]> Wed, 03 Jul 2024 19:22:29 +0400
apache2 (2.4.60-1) unstable; urgency=medium
[ Bastien Roucariès ]
* Forward port CVE-2023-25690 uwsgi tests
* Fix depends of uwsgi test
* Use python3 uwsgi plugin
* Encode bytes for uwsgi test
[ Bryce Harrington ]
* Add UFW profile integration (Closes: #1071705)
[Chris Murray]
* Use https instead of http in doc (LP: #2045055)
[ Yadd ]
* Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
* Update test framework
* releasing package apache2 version 2.4.59-1~deb12u1
* New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
CVE-2024-38477, CVE-2024-39573)
* Unfuzz patches
-- Yadd <[email protected]> Mon, 01 Jul 2024 18:04:08 +0400
apache2 (2.4.59-2) unstable; urgency=medium
* Breaks against fossil due to CVE-2024-24795 follows up
-- Bastien Roucariès <[email protected]> Mon, 29 Apr 2024 21:55:28
+0000
apache2 (2.4.59-1) unstable; urgency=medium
[ Stefan Fritsch ]
* Remove old transitional packages libapache2-mod-md and
libapache2-mod-proxy-uwsgi. Closes: #1032628
[ Yadd ]
* mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
* Refresh patches
* New upstream version 2.4.59
(Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
* Refresh patches
* Update patches
* Update test framework
-- Yadd <[email protected]> Fri, 05 Apr 2024 08:08:11 +0400
apache2 (2.4.58-1) unstable; urgency=medium
[ Bas Couwenberg ]
* Provide dh-sequence-apache2 (Closes: #1050870)
[ Yadd ]
* Drop dependency to obsolete lsb-base
* New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
CVE-2023-45802)
* Refresh patches
-- Yadd <[email protected]> Thu, 19 Oct 2023 14:56:29 +0400
apache2 (2.4.57-3) unstable; urgency=medium
* Update a2enmod to drop given/when (Closes: #1050458)
* Restore changes not included in Bookworm (set -e in apache2ctl)
-- Yadd <[email protected]> Tue, 29 Aug 2023 11:39:32 +0400
apache2 (2.4.57-2) unstable; urgency=medium
### Old Ubuntu Delta ###
apache2 (2.4.62-1ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2077060). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries, d/t/check-ubuntu-branding: Replace
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-bin.install: Add apport hook
(LP #609177)
- d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
dolphin and Konqueror/5 careful redirection so that directories can be
deleted via webdav.
(LP #1927742)
- d/debhelper/apache2-maintscript-helper: Allow execution when called
from a
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (Closes: #1060450)
(LP #2038912)
- d/index.html, d/apache2.postrm: Fix https link to apache
documentation.
(LP #2045055)
* Dropped:
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
d/apache2.dirs: Add ufw profiles
(LP #261198)
[Included in Debian 2.4.60-1]
- d/control: Upgrade lua build dependency to 5.4
(LP #1910372)
[Included in Debian 2.4.60-1]
-- Bryce Harrington <[email protected]> Thu, 15 Aug 2024 00:32:14
-0700
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085206
Title:
Merge apache2 from Debian unstable for plucky
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2085206/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
