[ubuntu/utopic-proposed] apache2 2.4.9-1ubuntu1 (Accepted)

Robie Basak robie.basak at ubuntu.com
Fri May 9 19:36:14 UTC 2014 

apache2 (2.4.9-1ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
      dialog program ask-for-passphrase.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - Build using lua5.2.
    - d/tests/chroot: dep8 test for ChrootDir case.
    - d/tests/ssl-passphrase: update for new default path /var/www/html.
    - d/tests/duplicate-module-load: check for duplicate module loads.
    - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
    - d/p/split-logfile.patch: fix completely broken split-logfile command
      (LP: #1299162). Thanks to Holger Mauermann.
  * Drop changes (upstreamed):
    - d/p/ignore-quilt-dir: adjust build system so that it does not use
      files find inside the .pc directory. This stops a double module load
      causing later havoc, including "ChrootDir" directive failure.
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
  * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.

apache2 (2.4.9-1) unstable; urgency=medium

  * New upstream version.
    Security fixes:
    - CVE-2013-6438: mod_dav: Fix DoS from crafted DAV WRITE requests.
    - CVE-2014-0098: mod_log_config: Fix segfaults when logging truncated
                     cookies.
    Notable new features:
    - Support named groups and backreferences within the LocationMatch,
      DirectoryMatch, FilesMatch and ProxyMatch directives.
    - mod_proxy: Added support for unix domain sockets as the backend server
      endpoint.
    - mod_ssl: Add support for OpenSSL configuration commands by introducing
      the SSLOpenSSLConfCmd directive.
    - mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
      mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
      require directives.
    - mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
      and IgnoreInherit.
    - Bugfix in the build system to avoid problems with patched config.m4
      files as in LP #1251939.
  * Make default cipher list in ssl.conf more secure:
    - Remove 'MEDIUM'. This disables RC4 and SEED. Also remove '!MD5' because
      'HIGH' does not include MD5.
    - Remove the 'Speed-optimized SSL Cipher' configuration example because
      it depends on RC4, which is considered insecure.
  * Change init script short description to describe the service, not the
    script.  Closes: #738315
  * Bump Standards-Version (no changes).

Date: Fri, 09 May 2014 19:30:04 +0000
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/apache2/2.4.9-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 May 2014 19:30:04 +0000
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.9-1ubuntu1
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Robie Basak <robie.basak at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (binary files and modules)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-mpm-event - transitional event MPM package for apache2
 apache2-mpm-itk - transitional itk MPM package for apache2
 apache2-mpm-prefork - transitional prefork MPM package for apache2
 apache2-mpm-worker - transitional worker MPM package for apache2
 apache2-suexec - transitional package for apache2-suexec-pristine
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 apache2.2-bin - Transitional package for apache2-bin
 libapache2-mod-macro - Transitional package for apache2-bin
 libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 738315
Launchpad-Bugs-Fixed: 1288690 1299162
Changes: 
 apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
 .
   * Merge from Debian unstable. Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
     - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
       d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
       dialog program ask-for-passphrase.
     - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
       configure.
     - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
       upstream
     - Build using lua5.2.
     - d/tests/chroot: dep8 test for ChrootDir case.
     - d/tests/ssl-passphrase: update for new default path /var/www/html.
     - d/tests/duplicate-module-load: check for duplicate module loads.
     - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
     - d/p/split-logfile.patch: fix completely broken split-logfile command
       (LP: #1299162). Thanks to Holger Mauermann.
   * Drop changes (upstreamed):
     - d/p/ignore-quilt-dir: adjust build system so that it does not use
       files find inside the .pc directory. This stops a double module load
       causing later havoc, including "ChrootDir" directive failure.
     - debian/patches/CVE-2013-6438.patch: properly calculate correct length
       in modules/dav/main/util.c.
     - debian/patches/CVE-2014-0098.patch: properly parse tokens in
       modules/loggers/mod_log_config.c.
   * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
 .
 apache2 (2.4.9-1) unstable; urgency=medium
 .
   * New upstream version.
     Security fixes:
     - CVE-2013-6438: mod_dav: Fix DoS from crafted DAV WRITE requests.
     - CVE-2014-0098: mod_log_config: Fix segfaults when logging truncated
                      cookies.
     Notable new features:
     - Support named groups and backreferences within the LocationMatch,
       DirectoryMatch, FilesMatch and ProxyMatch directives.
     - mod_proxy: Added support for unix domain sockets as the backend server
       endpoint.
     - mod_ssl: Add support for OpenSSL configuration commands by introducing
       the SSLOpenSSLConfCmd directive.
     - mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
       mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
       require directives.
     - mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
       and IgnoreInherit.
     - Bugfix in the build system to avoid problems with patched config.m4
       files as in LP #1251939.
   * Make default cipher list in ssl.conf more secure:
     - Remove 'MEDIUM'. This disables RC4 and SEED. Also remove '!MD5' because
       'HIGH' does not include MD5.
     - Remove the 'Speed-optimized SSL Cipher' configuration example because
       it depends on RC4, which is considered insecure.
   * Change init script short description to describe the service, not the
     script.  Closes: #738315
   * Bump Standards-Version (no changes).
Checksums-Sha1: 
 194a605eb66984ced3117710b5e9365be36e4147 3159 apache2_2.4.9-1ubuntu1.dsc
 646aedbf59519e914c424b3a85d846bf189be3f4 4994460 apache2_2.4.9.orig.tar.bz2
 3d6dfa573b93477fce2d40d5bf293ae0b3426792 497518 apache2_2.4.9-1ubuntu1.debian.tar.gz
Checksums-Sha256: 
 d4d0ec1f939f2f2953dec0812fde5c8fe4d7e6b3a6e1732f97aa9775fd11b745 3159 apache2_2.4.9-1ubuntu1.dsc
 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 4994460 apache2_2.4.9.orig.tar.bz2
 8663b047a990b71e50287e8ae10a2b62a442fa0d3ce5cfa67bb895c0aa3edaaf 497518 apache2_2.4.9-1ubuntu1.debian.tar.gz
Files: 
 9ffab24a14d0fe21c7ca900aa043e70d 3159 httpd optional apache2_2.4.9-1ubuntu1.dsc
 2ef4e65353497606b24fa9bb3e5a3c40 4994460 httpd optional apache2_2.4.9.orig.tar.bz2
 889f65542d25b0adf98fa6500baca4c6 497518 httpd optional apache2_2.4.9-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTbS39AAoJEOVkucJ1vdUuBWkP/R/yFaV3t3TZLiEMh5U0o0M2
ZfsZi6DNAseRpmhzJvAGUpW28Fn7dQDmhJmmesTK7DGNs2SGv4m9GG7CuhGieS2Q
7lAwaOWxAYDaDDNd2TlzXDJwJmH4dLKOa5AGfMkg9FPQuGMo6S2Px4lt/PopDhRz
/amMoDy3nUpytP69gsitOrNhaGxaibOMlWca7UR6ydR6BgYDyA5jgv35QPDebTsv
xH4WdxJYkrKqlf0Iuo23GotV8m/jO6NAExeR989VBMeV7CianNhSIx0C1yRlfz1m
+WUoUHLoinacw1mfhNdwCi4tkmJE3+XBMdfdE7p2WZtFLAG+l1bKyh15Zz31IF/Y
Pl84ltPb9bSCfouUeLg/MMs2HiR5IPf+7SNWOHo1ibMBuiopvZg5Qi+rewlamhXz
usY4ayReuERJyYVuZ9HJ4N6K5o/B/Lqcr1vOvLcxadcLS8VtlYsq8zuWh0gxsGF1
boI+/qe7E/z5IfD1EUxRHMV4l4ZKrVxePDUI6HBqyMX0325Xz5OHb+wioVevtdDC
AmIVEegkkHsXY3x3m94KFQrtzjd5zZuehJ10hzla6qbT6INxdlflViSoQJ0l58ZU
uQs8nZoyIS9uQs+j0BL6Dfveq5wRarj9pvu/OsA+VMr7DWQCP8p/cc4E+hyHn6H9
zPZcN0NeeWioRu9dVeqk
=5fxa
-----END PGP SIGNATURE-----

More information about the Utopic-changes mailing list