[ubuntu/xenial-proposed] apache2 2.4.17-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Oct 30 15:37:15 UTC 2015
apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing
DEB_{HOST,BUILD}_GNU_TYPE to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html: replace Debian with Ubuntu on default page.
* Drop patches (applied upstream):
- debian/patches/CVE-2015-3183.patch
- debian/patches/CVE-2015-3185.patch
* Drop changes (adopted in Debian):
- Allow "triggers-awaited" and "triggers-pending" states in addition
to "installed" when determining whether to defer actions or
process deferred actions.
* Don't build experimental http2 module for LTS
- debian/control: removed libnghttp2-dev Build-Depends (in universe).
- debian/config-dir/mods-available/http2.load: removed.
apache2 (2.4.17-1) unstable; urgency=medium
[ Stefan Fritsch ]
* New upstream release:
- New experimental http2 module
* reproducible build: Make symbol sorting consistent over different locales
* Conflict with apache2.2-common and apache2.2-bin to get the transitional
packages removed. Closes: #768815
* Don't treat mpm_itk as MPM module in a2query. Closes: #791902
* Don't treat mpm_itk as MPM module in deferred actions in postinst.
Hopefully really closes: #789914
* Don't treat mpm_itk as MPM module in a2enmod.
[ Jean-Michel Vourgère ]
* Updated upstream keyring used to check source authenticity.
apache2 (2.4.16-3) unstable; urgency=medium
[ Jean-Michel Vourgère ]
* Have apache2.postrm removes content of /var/lib/apache2, not the
directory itself. Closes: #793862
* d/p/reproducible_builds.diff: Sort exported symbols list.
[ Stefan Fritsch ]
* apxs: Don't pass --silent to libtool. Closes: #795820
* Remove default /var/www/html/index.html on package purge.
apache2 (2.4.16-2) unstable; urgency=medium
* Make dh_apache2 add a versioned dependency on apache2-bin, for the
new symbols required for the CVE-2015-3185 fix.
apache2 (2.4.16-1) unstable; urgency=medium
[ Stefan Fritsch ]
* New upstream version, fixing the following security issues:
+ CVE-2015-3183: Fix chunk header parsing defect.
+ CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an
unfixable way. Add a new replacement API ap_some_authn_required()
and ap_force_authn hook.
[ Jean-Michel Vourgère ]
* Allow "triggers-awaited" and "triggers-pending" states in addition to
"installed" when determining whether to defer actions or process
deferred actions. Thanks Colin Watson. Closes: #787103
* Allow a2dismod cgi on threaded mpms. Thanks Raul Dias. Closes:
#733979
* Remove pre-Jessie transition scripts, and remaining breaks.
* Made builds reproducible: d/rules set the date from the changelog in
CPPFLAGS, new reproducible_builds.diff patch to use it.
* Moved bash_completion from /etc to /usr/share/bash_completion. Added
links there for dynamic loading.
* Upgrade security.conf comments to 2.4 auth format. Thanks Werner
Detter. Closes: #789788
* apache2.postinst: Fixed tests on deferred mpm switch. Closes:
#789914
Date: Fri, 30 Oct 2015 09:35:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.17-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 Oct 2015 09:35:46 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.17-1ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 733979 768815 787103 789788 789914 791902 793862 795820
Changes:
apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- Add dep8 tests.
- debian/rules: Fix cross-building by passing
DEB_{HOST,BUILD}_GNU_TYPE to configure.
- debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
- d/index.html: replace Debian with Ubuntu on default page.
* Drop patches (applied upstream):
- debian/patches/CVE-2015-3183.patch
- debian/patches/CVE-2015-3185.patch
* Drop changes (adopted in Debian):
- Allow "triggers-awaited" and "triggers-pending" states in addition
to "installed" when determining whether to defer actions or
process deferred actions.
* Don't build experimental http2 module for LTS
- debian/control: removed libnghttp2-dev Build-Depends (in universe).
- debian/config-dir/mods-available/http2.load: removed.
.
apache2 (2.4.17-1) unstable; urgency=medium
.
[ Stefan Fritsch ]
* New upstream release:
- New experimental http2 module
* reproducible build: Make symbol sorting consistent over different locales
* Conflict with apache2.2-common and apache2.2-bin to get the transitional
packages removed. Closes: #768815
* Don't treat mpm_itk as MPM module in a2query. Closes: #791902
* Don't treat mpm_itk as MPM module in deferred actions in postinst.
Hopefully really closes: #789914
* Don't treat mpm_itk as MPM module in a2enmod.
.
[ Jean-Michel Vourgère ]
* Updated upstream keyring used to check source authenticity.
.
apache2 (2.4.16-3) unstable; urgency=medium
.
[ Jean-Michel Vourgère ]
* Have apache2.postrm removes content of /var/lib/apache2, not the
directory itself. Closes: #793862
* d/p/reproducible_builds.diff: Sort exported symbols list.
.
[ Stefan Fritsch ]
* apxs: Don't pass --silent to libtool. Closes: #795820
* Remove default /var/www/html/index.html on package purge.
.
apache2 (2.4.16-2) unstable; urgency=medium
.
* Make dh_apache2 add a versioned dependency on apache2-bin, for the
new symbols required for the CVE-2015-3185 fix.
.
apache2 (2.4.16-1) unstable; urgency=medium
.
[ Stefan Fritsch ]
* New upstream version, fixing the following security issues:
+ CVE-2015-3183: Fix chunk header parsing defect.
+ CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an
unfixable way. Add a new replacement API ap_some_authn_required()
and ap_force_authn hook.
.
[ Jean-Michel Vourgère ]
* Allow "triggers-awaited" and "triggers-pending" states in addition to
"installed" when determining whether to defer actions or process
deferred actions. Thanks Colin Watson. Closes: #787103
* Allow a2dismod cgi on threaded mpms. Thanks Raul Dias. Closes:
#733979
* Remove pre-Jessie transition scripts, and remaining breaks.
* Made builds reproducible: d/rules set the date from the changelog in
CPPFLAGS, new reproducible_builds.diff patch to use it.
* Moved bash_completion from /etc to /usr/share/bash_completion. Added
links there for dynamic loading.
* Upgrade security.conf comments to 2.4 auth format. Thanks Werner
Detter. Closes: #789788
* apache2.postinst: Fixed tests on deferred mpm switch. Closes:
#789914
Checksums-Sha1:
2315d982107ebc4c7f47279a84f5bd94b4769aef 2765 apache2_2.4.17-1ubuntu1.dsc
3a1b0db8b6c71b9c9ac507ba8723b95a8d3da1df 5157721 apache2_2.4.17.orig.tar.bz2
fb2bcb06be1566ed1d0016ae2d93d83d3cae4400 359840 apache2_2.4.17-1ubuntu1.debian.tar.xz
Checksums-Sha256:
10248c0eb6908c83941089c81d2e05e0e0ef82805d82bceabcf9e9ad38c13b7f 2765 apache2_2.4.17-1ubuntu1.dsc
331e035dec81d3db95b048f036f4d7b1a97ec8daa5b377bde42d4ccf1f2eb798 5157721 apache2_2.4.17.orig.tar.bz2
00b2553d38ebad5a2d461e4f52053acf6c21c3ad6a5257bd132c7bda8f1646f8 359840 apache2_2.4.17-1ubuntu1.debian.tar.xz
Files:
0b0bc143af471b57eda582fc07f927c7 2765 httpd optional apache2_2.4.17-1ubuntu1.dsc
cf4dfee11132cde836022f196611a8b7 5157721 httpd optional apache2_2.4.17.orig.tar.bz2
43a4974464caaeb079b9c22274dff963 359840 httpd optional apache2_2.4.17-1ubuntu1.debian.tar.xz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWM32OAAoJEGVp2FWnRL6T81EP/i1jr3fPcnpn3H7xNGRFLnnY
CO1OVVRUaV0jTCPtOc9WgZ2IlrcmlnvI5JkcdMhR0PFnZyasiaibRaB5uSDZBqLP
owhtWEgyZ51s3EuzJX9rKGbErJw6bNOKOxoALMOhwkZOC5Gyv13ixfrD/6jc37hg
OPjHznra8NEqDsizZRQbTY/MCBtSJUNOOxRP+ZtW9i1cFHZvAm88F3GBzvCQC6UM
hVfMD+ktwK6ij5Mz4VueRN/0LGrMluTYps3TgczzCm+yUC43EKrXF/QDF70sAseC
AZhO4GXe8+t7yyn9L7N/PC/oI3/eCGT9+I1ULU7ewuBnFC71slsE5kDfE1JKERXF
TOEeyXgCuE+HHlf8aLwSwxxnhVa5H+hIA3H+R/RsfPNfDE8K7mrtlc61gxalVzu5
89irTnNpIeOpy/Ia6C3Ih/nNL5xCkAhIzmRiPLbiyy+KXFk+X+VHg3Avo1Dx3OKR
QYPYYi2W0nt5v/v1JKUabxwyM+hvGhvJwqkLgRv3bQrA22fufmmllAiH6iZRei4B
zOzNxRC+pedXNkYek+cSPUAwxhV1k0bxE11fc6tyovjk8QoTYgyucY5ON9OB3B76
kXB4HjR/orBNo3ZenNubaUg7dyDiRtZPWaOZigmPhRLbiOCQB/RC6iXBZogJN2ZR
nxA6Lz1xSmj0jI33yKrY
=7MfE
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list