Merge apache2 from Debian unstable for kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
Upstream: 2.4.53
Debian: 2.4.53-2
Ubuntu: 2.4.52-1ubuntu4
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
apache2 (2.4.53-2) unstable; urgency=medium
* Clean useless Conflicts/Replace
* apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254)
-- Yadd <email address hidden> Tue, 15 Mar 2022 15:27:39 +0100
apache2 (2.4.53-1) unstable; urgency=medium
* New upstream version 2.4.53 (Closes: CVE-2022-22719,
CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
* Update copyright
* Patches:
+ Drop fix-2.4.
+ Refresh fhs_compliance.
+ Update and disable child_processes
* Update test framework
* Back to unstable
-- Yadd <email address hidden> Mon, 14 Mar 2022 17:10:39 +0100
apache2 (2.4.52-3) experimental; urgency=medium
* Fix autopkgtest with libpcre2 (autopkgtest still fails due to an SSL
error)
* Set hardening=+all instead of hardening=+bindnow
-- Yadd <email address hidden> Tue, 28 Dec 2021 21:20:05 +0100
apache2 (2.4.52-2) experimental; urgency=medium
* Build with pcre2 (Closes: #1000114)
-- Yadd <email address hidden> Tue, 28 Dec 2021 20:01:43 +0100
apache2 (2.4.52-1) unstable; urgency=medium
* Refresh suexec-custom.patch
* Update lintian overrides
* Wrap long lines in changelog entries: 2.4.51-2.
* New upstream version 2.4.52 (Closes: CVE-2021-44224, CVE-2021-44790)
* Refresh patches
-- Yadd <email address hidden> Mon, 20 Dec 2021 18:42:09 +0100
apache2 (2.4.51-2) unstable; urgency=medium
* Add patch to have new macro_ignore_empty and macro_ignore_
parameters
-- Yadd <email address hidden> Mon, 25 Oct 2021 18:37:03 +0200
apache2 (2.4.51-1) unstable; urgency=medium
* New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
* Fix apache2ctl (see https:/
-- Yadd <email address hidden> Thu, 07 Oct 2021 20:35:33 +0200
apache2 (2.4.50-1) unstable; urgency=high
* New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
* Remove patches already merged upstream
-- Ondřej Surý <email address hidden> Tue, 05 Oct 2021 13:25:23 +0200
apache2 (2.4.49-4) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patch to fix crash in 2.4.49
-- Yadd <email address hidden> Fri, 01 Oct 2021 11:34:24 +0200
apache2 (2.4.49-3) unstable; urgency=medium
[ Yadd ]
* Re-export upstream signing key without extra signatures.
* Drop transition for old debug package migration.
[ Moritz Muehlenhoff ]
* Fix CVE-2021-40438 regression
-- Yadd <email address hidden> Thu, 30 Sep 2021 06:00:06 +0200
apache2 (2.4.49-2) unstable; urgency=medium
[ Michiel Hazelhof ]
* Fix multi instance issue (Closes: #868861)
[ Philippe Ombredanne ]
* Fix GPL version typo in copyright file
-- Yadd <email address hidden> Thu, 23 Sep 2021 13:55:55 +0200
apache2 (2.4.49-1) unstable; urgency=medium
* Update upstream GPG keys
* New upstream version 2.4.51. Closes: CVE-2021-33193, CVE-2021-34798,
CVE-2021-36160, CVE-2021-39275, CVE-2021-40438, CVE-2021-41524,
CVE-2021-41773, CVE-2021-42013)
### Old Ubuntu Delta ###
apache2 (2.4.52-1ubuntu4) jammy; urgency=medium
* d/apache2.postrm: Include md5 sum for updated index.html
-- Bryce Harrington <email address hidden> Thu, 24 Mar 2022 17:35:40 -0700
apache2 (2.4.52-1ubuntu3) jammy; urgency=medium
* d/index.html:
- Redesign page's heading for the new logo
- Use the Ubuntu font where available
- Update service management directions
- Copyedit grammar
- Light reformatting and whitespace cleanup
* d/icons/
(LP: #1966004)
-- Bryce Harrington <email address hidden> Wed, 23 Mar 2022 16:18:11 -0700
apache2 (2.4.52-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: OOB read in mod_lua via crafted request body
- debian/
lua_
- CVE-2022-22719
* SECURITY UPDATE: HTTP Request Smuggling via error discarding the
request body
- debian/
if discarding the request body fails in modules/
server/
- CVE-2022-22720
* SECURITY UPDATE: overflow via large LimitXMLRequestBody
- debian/
LimitXMLR
server/
- CVE-2022-22721
* SECURITY UPDATE: out-of-bounds write in mod_sed
- debian/
buffer sizes and unsigned arithmetics in modules/
modules/
- debian/
modules/
- CVE-2022-23943
-- Marc Deslauriers <email address hidden> Thu, 17 Mar 2022 09:39:54 -0400
apache2 (2.4.52-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1959924). Remaining changes:
- debian/{control, apache2.install, apache2-
apache2.
(LP 261198)
- debian/apache2.py, debian/
(LP 609177)
- d/index.html, d/icons/
d/
page and add Ubuntu icon file.
(LP 1288690)
* Dropped:
- d/p/support-
https:/
failure to load when using OpenSSL 3.
(LP #1951476)
[Included in upstream release 2.4.52]
- d/apache2ctl: Also use systemd for graceful if it is in use.
(LP 1832182)
[This introduced a performance regression.]
- d/apache2ctl: Also use /run/systemd to check for systemd usage.
(LP 1918209)
[Not needed]
-- Bryce Harrington <email address hidden> Thu, 03 Feb 2022 10:25:47 -0800
Changed in apache2 (Ubuntu): | |
importance: | Undecided → Wishlist |
milestone: | none → ubuntu-22.07 |
status: | New → Invalid |