apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework -- Yadd <yadd@debian.org> Fri, 05 Apr 2024 16:02:26 +0400 apache2 (2.4.57-2) unstable; urgency=medium * Revert debian/* changes (Bookworm freeze) -- Yadd <yadd@debian.org> Thu, 13 Apr 2023 07:26:51 +0400 apache2 (2.4.57-1) unstable; urgency=medium * New upstream version 2.4.57 * Drop 2.4.56-regression patches -- Yadd <yadd@debian.org> Sat, 08 Apr 2023 06:57:16 +0400 apache2 (2.4.56-2) unstable; urgency=medium * Fix regression in mod_rewrite introduced in version 2.4.56 (Closes: #1033284) * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408) -- Yadd <yadd@debian.org> Sun, 02 Apr 2023 06:54:25 +0400 apache2 (2.4.56-1) unstable; urgency=medium * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690) -- Yadd <yadd@debian.org> Wed, 08 Mar 2023 06:44:05 +0400 apache2 (2.4.55-1) unstable; urgency=medium [ Hendrik Jäger ] * disable ssl session tickets * redundant example as already enabled in the default config * logrotate indentation * Update example how to prevent access to VCS directories [ lintian-brush ] * Update lintian override info to new format: + debian/source/lintian-overrides: line 2, 4-5, 8 + debian/apache2-data.lintian-overrides: line 2-5 + debian/apache2-bin.lintian-overrides: line 3 + debian/apache2-doc.lintian-overrides: line 2 + debian/apache2.lintian-overrides: line 6 * Set upstream metadata fields: Repository-Browse. * Update standards version to 4.6.2, no changes needed. [ Yadd ] * New upstream version (Closes: CVE-2006-20001, CVE-2022-36760, CVE-2022-37436) -- Yadd <yadd@debian.org> Wed, 18 Jan 2023 07:41:55 +0400 apache2 (2.4.54-5) unstable; urgency=medium [ Hendrik Jäger ] * fix: one oom-killed thread should not take down the whole service * fix: remove modelines * fix: update clickjacking protection example * fix: use tab for indentation, even in commented examples [ Yadd ] * Revert "Fix: confusing and impractical naming" (unbreak squid and haproxy tests) -- Yadd <yadd@debian.org> Tue, 29 Nov 2022 15:56:10 +0100 apache2 (2.4.54-4) unstable; urgency=medium [ Charles Plessy ] * Replace mime-support transition package with media-types (Closes: #980275) [ Hendrik Jäger ] * fix mislead safety precautions: don't hide errors when enabling a module. MR !20 * fix trailing spaces and indentation inconsistencies. MR !19 !21 !22 * Fix confusing and impractical naming: rename default-ssl.conf into 000-default-ssl.conf. MR !23 * Fix confusing keyword: replace _default_ by *. MR !24 -- Yadd <yadd@debian.org> Thu, 24 Nov 2022 10:45:00 +0100 apache2 (2.4.54-3) unstable; urgency=medium [ Hendrik Jäger ] * Do not enable global alias /manual * mention not enabling /manual for the docs in the NEWS -- Yadd <yadd@debian.org> Wed, 12 Oct 2022 09:20:52 +0200 apache2 (2.4.54-2) unstable; urgency=medium * Move cgid socket into a writeable directory (Closes: #1014056) * Update lintian overrides * Declare compliance with policy 4.6.1 * Install NOTICE in each package -- Yadd <yadd@debian.org> Tue, 05 Jul 2022 15:49:58 +0200 apache2 (2.4.54-1) unstable; urgency=medium [ Simon Deziel ] * Escape literal "." for BrowserMatch directives in setenvif.conf * Use non-capturing regex with FilesMatch directive in default-ssl.conf [ Ondřej Surý ] * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-28330) [ Yadd ] * Fix htcacheclean doc (Closes: #1010455) * New upstream version 2.4.54 -- Yadd <yadd@debian.org> Thu, 09 Jun 2022 06:33:53 +0200 apache2 (2.4.53-2) unstable; urgency=medium * Clean useless Conflicts/Replace * apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254) -- Yadd <yadd@debian.org> Tue, 15 Mar 2022 15:27:39 +0100 apache2 (2.4.53-1) unstable; urgency=medium * New upstream version 2.4.53 (Closes: CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943) * Update copyright * Patches: + Drop fix-2.4.52-regression.patch, now included in upstream + Refresh fhs_compliance.patch + Update and disable child_processes_fail_to_start.patch * Update test framework * Back to unstable -- Yadd <yadd@debian.org> Mon, 14 Mar 2022 17:10:39 +0100 apache2 (2.4.52-3) experimental; urgency=medium * Fix autopkgtest with libpcre2 (autopkgtest still fails due to an SSL error) * Set hardening=+all instead of hardening=+bindnow -- Yadd <yadd@debian.org> Tue, 28 Dec 2021 21:20:05 +0100 apache2 (2.4.52-2) experimental; urgency=medium * Build with pcre2 (Closes: #1000114) -- Yadd <yadd@debian.org> Tue, 28 Dec 2021 20:01:43 +0100 apache2 (2.4.52-1) unstable; urgency=medium * Refresh suexec-custom.patch * Update lintian overrides * Wrap long lines in changelog entries: 2.4.51-2. * New upstream version 2.4.52 (Closes: CVE-2021-44224, CVE-2021-44790) * Refresh patches -- Yadd <yadd@debian.org> Mon, 20 Dec 2021 18:42:09 +0100 apache2 (2.4.51-2) unstable; urgency=medium * Add patch to have new macro_ignore_empty and macro_ignore_bad_nesting parameters -- Yadd <yadd@debian.org> Mon, 25 Oct 2021 18:37:03 +0200 apache2 (2.4.51-1) unstable; urgency=medium * New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013) * Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659) -- Yadd <yadd@debian.org> Thu, 07 Oct 2021 20:35:33 +0200 apache2 (2.4.50-1) unstable; urgency=high * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524) * Remove patches already merged upstream -- Ondřej Surý <ondrej@debian.org> Tue, 05 Oct 2021 13:25:23 +0200 apache2 (2.4.49-4) unstable; urgency=medium [ Ondřej Surý ] * Add upstream patch to fix crash in 2.4.49 -- Yadd <yadd@debian.org> Fri, 01 Oct 2021 11:34:24 +0200 apache2 (2.4.49-3) unstable; urgency=medium [ Yadd ] * Re-export upstream signing key without extra signatures. * Drop transition for old debug package migration. [ Moritz Muehlenhoff ] * Fix CVE-2021-40438 regression -- Yadd <yadd@debian.org> Thu, 30 Sep 2021 06:00:06 +0200 apache2 (2.4.49-2) unstable; urgency=medium [ Michiel Hazelhof ] * Fix multi instance issue (Closes: #868861) [ Philippe Ombredanne ] * Fix GPL version typo in copyright file -- Yadd <yadd@debian.org> Thu, 23 Sep 2021 13:55:55 +0200 apache2 (2.4.49-1) unstable; urgency=medium * Update upstream GPG keys * New upstream version 2.4.51. Closes: CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438, CVE-2021-41524, CVE-2021-41773, CVE-2021-42013) * Refresh patches -- Yadd <yadd@debian.org> Thu, 16 Sep 2021 06:22:23 +0200 apache2 (2.4.48-4) unstable; urgency=medium * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193) -- Yadd <yadd@debian.org> Thu, 12 Aug 2021 11:37:43 +0200 apache2 (2.4.48-3.1) unstable; urgency=medium * Non-maintainer upload. * Direct init script reload output from logrotate to syslog, to avoid mail-spamming the local admin (Closes: #990580) -- Thorsten Glaser <tg@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200 apache2 (2.4.48-3) unstable; urgency=medium * Fix debian/changelog -- Yadd <yadd@debian.org> Sun, 20 Jun 2021 16:39:33 +0200 apache2 (2.4.48-2) unstable; urgency=medium * Back to unstable: Apache2 will follow upstream changes for Bullseye [ Christian Ehrhardt ] * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068) -- Yadd <yadd@debian.org> Sat, 19 Jun 2021 17:50:29 +0200 apache2 (2.4.48-1) experimental; urgency=medium [ Daniel Lewart ] * Update apache2.logrotate (Closes: #979813) [ Andreas Hasenack ] * Avoid test suite failure (Closes: #985012) [ Yadd ] * Update lintian overrides * Re-export upstream signing key without extra signatures. [ Ondřej Surý ] * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-31618) -- Ondřej Surý <ondrej@debian.org> Tue, 08 Jun 2021 08:29:35 +0200 apache2 (2.4.47-1) experimental; urgency=medium * Update upstream keys file * New upstream version 2.4.47 * Refresh patches -- Yadd <yadd@debian.org> Thu, 29 Apr 2021 08:03:33 +0200 apache2 (2.4.46-6) unstable; urgency=medium * Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641) -- Yadd <yadd@debian.org> Thu, 10 Jun 2021 13:40:11 +0200 apache2 (2.4.46-5) unstable; urgency=medium * Fix "NULL pointer dereference on specially crafted HTTP/2 request" (Closes: #989562, CVE-2021-31618) -- Yadd <yadd@debian.org> Thu, 10 Jun 2021 11:57:38 +0200 apache2 (2.4.46-4) unstable; urgency=medium * Ignore other random another test failures (Closes: #979664) -- Xavier Guimard <yadd@debian.org> Mon, 11 Jan 2021 11:58:23 +0100 apache2 (2.4.46-3) unstable; urgency=medium * Remove postinst/preinst hooks concerning old versions * Clean include-binaries * Enable verbose test output during autopkgtest * Declare compliance with policy 4.5.1 * Add debian/gbp.conf * Disable temporary 3 subtests (Closes: #979664) -- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +0100 apache2 (2.4.46-2) unstable; urgency=medium [ Jean-Michel Vourgère ] * Man: Add missing options and see also in a2en*(8) [ Xavier Guimard ] * Bump debhelper compatibility level to 13 + Set debhelper-compat version in Build-Depends. * Use dh_installsystemd rather than deprecated dh_systemd_enable * Add extension .da for danish language in mime.conf (Closes: #972398) * Automatically deflate application/wasm files (Closes: #972400) * Use "graceful-stop" in systemd ExecStop (Closes: #974665) * Re-export upstream signing key without extra signatures. * Ignore lintian's national-encoding tag in test framework * Add ${misc:Pre-Depends} in apache2 package * Update lintian overrides * Refresh patches * Fix little spelling errors -- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +0100 apache2 (2.4.46-1) unstable; urgency=medium [ Xavier Guimard ] * Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md [ Timo Tijhof ] * Compress text/javascript with mod_deflate by default (Closes: #959195) [ Xavier Guimard ] * Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md * Update upstream keys * New upstream version 2.4.46 (Closes: CVE-2020-11984, CVE-2020-11993, CVE-2020-9490) -- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200 apache2 (2.4.43-1) unstable; urgency=medium [ Timo Aaltonen ] * mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests (Closes: #955348) [ Moritz Schlarb ] * Fix logrotate script for multi-instance (Closes: #914606) [ Xavier Guimard ] * New upstream version 2.4.43 (Closes: CVE-2020-1927, CVE-2020-1934) * Refresh patches -- Xavier Guimard <yadd@debian.org> Tue, 31 Mar 2020 08:02:12 +0200 apache2 (2.4.41-5) unstable; urgency=medium [ Xavier Guimard ] * Avoid double mod_dav load (Closes: #951753) [ Timo Aaltonen ] * mod_proxy_ajp-add-secret-parameter.diff: Apply a patch from 2.4.x to fix AJP with current tomcat. (Closes: #954201) -- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100 apache2 (2.4.41-4) unstable; urgency=medium * Add gcc in chroot autopkgtest (fixes debci) -- Xavier Guimard <yadd@debian.org> Fri, 07 Feb 2020 06:14:33 +0100 apache2 (2.4.41-3) unstable; urgency=medium * Don't use hardcoded libgcc_s.so.1 path in autopkgtest files. Thanks to Aurelien Jarno (Closes: #950711) -- Xavier Guimard <yadd@debian.org> Wed, 05 Feb 2020 13:18:04 +0100 apache2 (2.4.41-2) unstable; urgency=medium [ Stefan Fritsch ] * Add *.load file for mod_socache_redis [ Vagrant Cascadian ] * Embeds path to EGREP in config_vars.mk (Closes: #948757) * Sanitize CXXFLAGS/-ffile-prefix-map in config_vars.mk (Closes: #948759) -- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100 apache2 (2.4.41-1) unstable; urgency=medium * New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098) * Update lintian overrides * Remove README in usr/share/apache2 * Move httxt2dbm manpage in section 8 * Update test framework -- Xavier Guimard <yadd@debian.org> Wed, 14 Aug 2019 06:42:29 +0200 apache2 (2.4.39-2) unstable; urgency=medium * Fix bad call of dh_link. Thanks to Daniel Baumann (Closes: #934640) -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 22:52:47 +0200 apache2 (2.4.39-1) unstable; urgency=medium [ Helmut Grohne ] * Do not install /usr/share/apache2/build/config.nice (Closes: #929510) [ Xavier Guimard ] * New upstream version 2.4.39 (Closes: CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220) * Refresh patches * Remove patches now included in upstream * Replace duplicate doc files by links using jdupes * Add bison in build dependencies -- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog apache2-bin`.
Generated by dwww version 1.15 on Sat May 18 15:27:31 CEST 2024.