enterprise-support team mailing list archive

Thread
Date
[Bug 2085206] [NEW] Merge apache2 from Debian unstable for jammy

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <2085206@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Oct 2024 03:15:10 -0000
Reply-to: Bug 2085206 <2085206@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: 2.4.62
Debian:   2.4.62-3    2.4.62-4
Ubuntu:   2.4.62-1ubuntu1


Debian new has 2.4.62-4, which may be available for merge soon.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38


### New Debian Changes ###

apache2 (2.4.62-3) unstable; urgency=medium

  * Fix debian/changelog

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Fri, 04 Oct 2024 13:35:02
+0000

apache2 (2.4.62-2) unstable; urgency=medium

  * Add myself as maintainer with yadd agreement.
  * Fix CVE-2024-38474 regression:
    Better question mark tracking to avoid UnsafeAllow3F
    (Closes: #1079172)
  * Fix CVE-2024-39884 regression:
    Trust strings from configuration in mod_proxy
    (Closes: #1079206)

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Sun, 29 Sep 2024 18:47:03
+0000

apache2 (2.4.62-1) unstable; urgency=medium

  * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 18 Jul 2024 06:56:52 +0400

apache2 (2.4.61-1) unstable; urgency=medium

  * New upstream version 2.4.61 (Closes: CVE-2024-39884)

 -- Yadd <yadd@xxxxxxxxxx>  Wed, 03 Jul 2024 19:22:29 +0400

apache2 (2.4.60-1) unstable; urgency=medium

  [ Bastien Roucariès ]
  * Forward port CVE-2023-25690 uwsgi tests
  * Fix depends of uwsgi test
  * Use python3 uwsgi plugin
  * Encode bytes for uwsgi test

  [ Bryce Harrington ]
  * Add UFW profile integration (Closes: #1071705)

  [Chris Murray]
  * Use https instead of http in doc (LP: #2045055)

  [ Yadd ]
  * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
  * Update test framework
  * releasing package apache2 version 2.4.59-1~deb12u1
  * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
    CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
    CVE-2024-38477, CVE-2024-39573)
  * Unfuzz patches

 -- Yadd <yadd@xxxxxxxxxx>  Mon, 01 Jul 2024 18:04:08 +0400

apache2 (2.4.59-2) unstable; urgency=medium

  * Breaks against fossil due to CVE-2024-24795 follows up

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Mon, 29 Apr 2024 21:55:28
+0000

apache2 (2.4.59-1) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Remove old transitional packages libapache2-mod-md and
    libapache2-mod-proxy-uwsgi. Closes: #1032628

  [ Yadd ]
  * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
  * Refresh patches
  * New upstream version 2.4.59
    (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
  * Refresh patches
  * Update patches
  * Update test framework

 -- Yadd <yadd@xxxxxxxxxx>  Fri, 05 Apr 2024 08:08:11 +0400

apache2 (2.4.58-1) unstable; urgency=medium

  [ Bas Couwenberg ]
  * Provide dh-sequence-apache2 (Closes: #1050870)

  [ Yadd ]
  * Drop dependency to obsolete lsb-base
  * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
    CVE-2023-45802)
  * Refresh patches

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 19 Oct 2023 14:56:29 +0400

apache2 (2.4.57-3) unstable; urgency=medium

  * Update a2enmod to drop given/when (Closes: #1050458)
  * Restore changes not included in Bookworm (set -e in apache2ctl)

 -- Yadd <yadd@xxxxxxxxxx>  Tue, 29 Aug 2023 11:39:32 +0400

apache2 (2.4.57-2) unstable; urgency=medium


### Old Ubuntu Delta ###

apache2 (2.4.62-1ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2077060). Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries, d/t/check-ubuntu-branding: Replace
      Debian with Ubuntu on default homepage.
      (LP #1966004, LP #1947459)
    - d/apache2.py, d/apache2-bin.install: Add apport hook
      (LP #609177)
    - d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
      dolphin and Konqueror/5 careful redirection so that directories can be
      deleted via webdav.
      (LP #1927742)
    - d/debhelper/apache2-maintscript-helper: Allow execution when called from a
      postinst script through a trigger (i.e., postinst triggered).
      Thanks to Roel van Meer. (Closes: #1060450)
      (LP #2038912)
    - d/index.html, d/apache2.postrm: Fix https link to apache
      documentation.
      (LP #2045055)
  * Dropped:
    - d/control, d/apache2.install, d/apache2-utils.ufw.profile,
      d/apache2.dirs: Add ufw profiles
      (LP #261198)
      [Included in Debian 2.4.60-1]
    - d/control: Upgrade lua build dependency to 5.4
      (LP #1910372)
      [Included in Debian 2.4.60-1]
  
 -- Bryce Harrington <bryce@xxxxxxxxxxxxx>  Thu, 15 Aug 2024 00:32:14 -0700

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: apache2 (Ubuntu)
    Milestone: None => ubuntu-24.12

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2085206

Title:
  Merge apache2 from Debian unstable for jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2085206/+subscriptions
Follow ups

[Bug 2085206] Re: Merge apache2 from Debian unstable for plucky
From: Launchpad Bug Tracker, 2024-12-04