enterprise-support team mailing list archive

[Bryce Harrington <2125988@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Scheduled-For: ubuntu-25.11
Ubuntu: 2.4.64-1ubuntu3
Debian Unstable: 2.4.65-3

A new release of apache2 is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tagging from ['needs-merge', 'upgrade-software-version'] to ['needs-
sync', 'upgrade-software-version'], and (optionally) update the title as
desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the r-series Release Notes:
https://discourse.ubuntu.com/c/project/release/38

### New Debian Changes ###

apache2 (2.4.65-3) unstable; urgency=medium

  * Change default LANG in envvars from C to C.UTF-8
    (Closes: #787584)
  * systemd service apache2 is aliased to httpd
    (Closes: #915855)
  * document a2* environment files in man page
    (Closes: #880421)
  * Failing test in its test suite
    (Closes: #1107289, LP: #2112429)
  * Restart on-abnormal instead of on-abort
    (Closes: #1106280)
  * Allow triggers to use maintscript helper to restart apache
    (LP: #2038912)

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Mon, 11 Aug 2025 19:07:56
+0200

apache2 (2.4.65-2) unstable; urgency=high

  * Fix SSLProtocol has a duplicate "all"
    (Closes: #1109839)
  * Warn about misconfigured load balancer following fix of
    CVE-2025-23048.

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Tue, 29 Jul 2025 19:52:31
+0200

apache2 (2.4.65-1) unstable; urgency=medium

  * New upstream version 2.4.65 (Closes: CVE-2025-54090)
  * Unfuzz patch

 -- Yadd <yadd@xxxxxxxxxx>  Wed, 23 Jul 2025 16:05:45 +0200

apache2 (2.4.64-2) UNRELEASED; urgency=medium

  * Per RFC 8996 disable by default TLS 1.0 and TLS 1.1
    (Closes: #943415)

 -- Bastien Roucariès <rouca@xxxxxxxxxx>  Thu, 17 Jul 2025 18:03:42
+0200


### Old Ubuntu Delta ###

apache2 (2.4.64-1ubuntu3) questing; urgency=medium

  * Rebuild to include updated RISC-V base ISA RVA23

 -- Heinrich Schuchardt <heinrich.schuchardt@xxxxxxxxxxxxx>  Wed, 03 Sep
2025 14:58:51 +0000

apache2 (2.4.64-1ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: incorrect RewriteCond expr handling
    - debian/patches/CVE-2025-54090.patch: fix return code in
      modules/mappers/mod_rewrite.c.
    - CVE-2025-54090

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Wed, 23 Jul 2025
14:22:41 -0400

apache2 (2.4.64-1ubuntu1) questing; urgency=medium

  * Merge with Debian Unstable. Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries, d/t/check-ubuntu-branding: Replace
      Debian with Ubuntu on default homepage (LP: 1966004, LP: 1947459).
    - d/apache2.py, d/apache2-bin.install: Add apport hook (LP: 609177).
    - d/debhelper/apache2-maintscript-helper: Allow execution when called from
      a postinst script through a trigger (i.e., postinst triggered). Thanks
      to Roel van Meer (Closes: 1060450, LP: 2038912).
    - d/index.html, d/apache2.postrm: Fix HTTPS link to Apache
      documentation (LP: 2045055).
    - d/perl-framework/t/apache/pr64339.t: Fix tests per upstream testsuite
      revisions to address changes in libxml2 changes. (LP: 2112429)

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Wed, 16 Jul 2025
17:30:33 -0400

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2125988

Title:
  Merge apache2 from Debian Unstable for r-series

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2125988/+subscriptions