enterprise-support team mailing list archive

Thread
Date
[Bug 2040357] [NEW] Merge apache2 from Debian unstable for noble

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <2040357@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Oct 2023 04:19:20 -0000
Reply-to: Bug 2040357 <2040357@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: 2.4.58
Debian:   2.4.58-1    
Ubuntu:   2.4.57-2ubuntu2


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.


### New Debian Changes ###

apache2 (2.4.58-1) unstable; urgency=medium

  [ Bas Couwenberg ]
  * Provide dh-sequence-apache2 (Closes: #1050870)

  [ Yadd ]
  * Drop dependency to obsolete lsb-base
  * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
    CVE-2023-45802)
  * Refresh patches

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 19 Oct 2023 14:56:29 +0400

apache2 (2.4.57-3) unstable; urgency=medium

  * Update a2enmod to drop given/when (Closes: #1050458)
  * Restore changes not included in Bookworm (set -e in apache2ctl)

 -- Yadd <yadd@xxxxxxxxxx>  Tue, 29 Aug 2023 11:39:32 +0400

apache2 (2.4.57-2) unstable; urgency=medium

  * Revert debian/* changes (Bookworm freeze)

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 13 Apr 2023 07:26:51 +0400

apache2 (2.4.57-1) unstable; urgency=medium

  * New upstream version 2.4.57
  * Drop 2.4.56-regression patches

 -- Yadd <yadd@xxxxxxxxxx>  Sat, 08 Apr 2023 06:57:16 +0400

apache2 (2.4.56-2) unstable; urgency=medium

  * Fix regression in mod_rewrite introduced in version 2.4.56
    (Closes: #1033284)
  * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)

 -- Yadd <yadd@xxxxxxxxxx>  Sun, 02 Apr 2023 06:54:25 +0400

apache2 (2.4.56-1) unstable; urgency=medium

  * New upstream version (Closes: #1032476, CVE-2023-27522,
CVE-2023-25690)

 -- Yadd <yadd@xxxxxxxxxx>  Wed, 08 Mar 2023 06:44:05 +0400

apache2 (2.4.55-1) unstable; urgency=medium

  [ Hendrik Jäger ]
  * disable ssl session tickets
  * redundant example as already enabled in the default config
  * logrotate indentation
  * Update example how to prevent access to VCS directories

  [ lintian-brush ]
  * Update lintian override info to new format:
    + debian/source/lintian-overrides: line 2, 4-5, 8
    + debian/apache2-data.lintian-overrides: line 2-5
    + debian/apache2-bin.lintian-overrides: line 3
    + debian/apache2-doc.lintian-overrides: line 2
    + debian/apache2.lintian-overrides: line 6
  * Set upstream metadata fields: Repository-Browse.
  * Update standards version to 4.6.2, no changes needed.

  [ Yadd ]
  * New upstream version (Closes: CVE-2006-20001, CVE-2022-36760,
    CVE-2022-37436)

 -- Yadd <yadd@xxxxxxxxxx>  Wed, 18 Jan 2023 07:41:55 +0400

apache2 (2.4.54-5) unstable; urgency=medium

  [ Hendrik Jäger ]
  * fix: one oom-killed thread should not take down the whole service
  * fix: remove modelines
  * fix: update clickjacking protection example
  * fix: use tab for indentation, even in commented examples

  [ Yadd ]
  * Revert 'Fix: confusing and impractical naming' (unbreak squid and haproxy
    tests)

 -- Yadd <yadd@xxxxxxxxxx>  Tue, 29 Nov 2022 15:56:10 +0100

apache2 (2.4.54-4) unstable; urgency=medium

  [ Charles Plessy ]
  * Replace mime-support transition package with media-types (Closes: #980275)

  [ Hendrik Jäger ]
  * fix mislead safety precautions: don't hide errors when enabling a module.
    MR !20
  * fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
  * Fix confusing and impractical naming: rename default-ssl.conf into
    000-default-ssl.conf. MR !23
  * Fix confusing keyword: replace _default_ by *. MR !24

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 24 Nov 2022 10:45:00 +0100


### Old Ubuntu Delta ###

apache2 (2.4.57-2ubuntu2) mantic; urgency=medium

  * d/control: Upgrade lua build dependency to 5.4

 -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Fri, 21 Jul 2023 14:17:42
-0700

apache2 (2.4.57-2ubuntu1) mantic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries: Replace Debian with Ubuntu on default
      homepage.
    - d/apache2.py, d/apache2-bin.install: Add apport hook
    - d/control, d/apache2.install, d/apache2-utils.ufw.profile,
      d/apache2.dirs: Add ufw profiles
  * Dropped changes included in new version:
    - debian/patches/CVE-2023-25690-1.patch
    - debian/patches/CVE-2023-25690-2.patch
    - debian/patches/CVE-2023-27522.patch

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Wed, 07 Jun 2023
14:02:48 -0400

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: apache2 (Ubuntu)
    Milestone: None => ubuntu-24.01

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2040357

Title:
  Merge apache2 from Debian unstable for noble

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2040357/+subscriptions
Follow ups

[Bug 2040357] Re: Merge apache2 from Debian unstable for noble
From: Launchpad Bug Tracker, 2023-12-16