apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium
* New upstream version 2.4.58
(Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
* New upstream version 2.4.59
(Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
* Refresh patches
* Update test framework
-- Yadd <yadd@debian.org> Fri, 05 Apr 2024 16:02:26 +0400
apache2 (2.4.57-2) unstable; urgency=medium
* Revert debian/* changes (Bookworm freeze)
-- Yadd <yadd@debian.org> Thu, 13 Apr 2023 07:26:51 +0400
apache2 (2.4.57-1) unstable; urgency=medium
* New upstream version 2.4.57
* Drop 2.4.56-regression patches
-- Yadd <yadd@debian.org> Sat, 08 Apr 2023 06:57:16 +0400
apache2 (2.4.56-2) unstable; urgency=medium
* Fix regression in mod_rewrite introduced in version 2.4.56
(Closes: #1033284)
* Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)
-- Yadd <yadd@debian.org> Sun, 02 Apr 2023 06:54:25 +0400
apache2 (2.4.56-1) unstable; urgency=medium
* New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690)
-- Yadd <yadd@debian.org> Wed, 08 Mar 2023 06:44:05 +0400
apache2 (2.4.55-1) unstable; urgency=medium
[ Hendrik Jäger ]
* disable ssl session tickets
* redundant example as already enabled in the default config
* logrotate indentation
* Update example how to prevent access to VCS directories
[ lintian-brush ]
* Update lintian override info to new format:
+ debian/source/lintian-overrides: line 2, 4-5, 8
+ debian/apache2-data.lintian-overrides: line 2-5
+ debian/apache2-bin.lintian-overrides: line 3
+ debian/apache2-doc.lintian-overrides: line 2
+ debian/apache2.lintian-overrides: line 6
* Set upstream metadata fields: Repository-Browse.
* Update standards version to 4.6.2, no changes needed.
[ Yadd ]
* New upstream version (Closes: CVE-2006-20001, CVE-2022-36760,
CVE-2022-37436)
-- Yadd <yadd@debian.org> Wed, 18 Jan 2023 07:41:55 +0400
apache2 (2.4.54-5) unstable; urgency=medium
[ Hendrik Jäger ]
* fix: one oom-killed thread should not take down the whole service
* fix: remove modelines
* fix: update clickjacking protection example
* fix: use tab for indentation, even in commented examples
[ Yadd ]
* Revert "Fix: confusing and impractical naming" (unbreak squid and haproxy
tests)
-- Yadd <yadd@debian.org> Tue, 29 Nov 2022 15:56:10 +0100
apache2 (2.4.54-4) unstable; urgency=medium
[ Charles Plessy ]
* Replace mime-support transition package with media-types (Closes: #980275)
[ Hendrik Jäger ]
* fix mislead safety precautions: don't hide errors when enabling a module.
MR !20
* fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
* Fix confusing and impractical naming: rename default-ssl.conf into
000-default-ssl.conf. MR !23
* Fix confusing keyword: replace _default_ by *. MR !24
-- Yadd <yadd@debian.org> Thu, 24 Nov 2022 10:45:00 +0100
apache2 (2.4.54-3) unstable; urgency=medium
[ Hendrik Jäger ]
* Do not enable global alias /manual
* mention not enabling /manual for the docs in the NEWS
-- Yadd <yadd@debian.org> Wed, 12 Oct 2022 09:20:52 +0200
apache2 (2.4.54-2) unstable; urgency=medium
* Move cgid socket into a writeable directory (Closes: #1014056)
* Update lintian overrides
* Declare compliance with policy 4.6.1
* Install NOTICE in each package
-- Yadd <yadd@debian.org> Tue, 05 Jul 2022 15:49:58 +0200
apache2 (2.4.54-1) unstable; urgency=medium
[ Simon Deziel ]
* Escape literal "." for BrowserMatch directives in setenvif.conf
* Use non-capturing regex with FilesMatch directive in default-ssl.conf
[ Ondřej Surý ]
* New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
[ Yadd ]
* Fix htcacheclean doc (Closes: #1010455)
* New upstream version 2.4.54
-- Yadd <yadd@debian.org> Thu, 09 Jun 2022 06:33:53 +0200
apache2 (2.4.53-2) unstable; urgency=medium
* Clean useless Conflicts/Replace
* apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254)
-- Yadd <yadd@debian.org> Tue, 15 Mar 2022 15:27:39 +0100
apache2 (2.4.53-1) unstable; urgency=medium
* New upstream version 2.4.53 (Closes: CVE-2022-22719,
CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
* Update copyright
* Patches:
+ Drop fix-2.4.52-regression.patch, now included in upstream
+ Refresh fhs_compliance.patch
+ Update and disable child_processes_fail_to_start.patch
* Update test framework
* Back to unstable
-- Yadd <yadd@debian.org> Mon, 14 Mar 2022 17:10:39 +0100
apache2 (2.4.52-3) experimental; urgency=medium
* Fix autopkgtest with libpcre2 (autopkgtest still fails due to an SSL
error)
* Set hardening=+all instead of hardening=+bindnow
-- Yadd <yadd@debian.org> Tue, 28 Dec 2021 21:20:05 +0100
apache2 (2.4.52-2) experimental; urgency=medium
* Build with pcre2 (Closes: #1000114)
-- Yadd <yadd@debian.org> Tue, 28 Dec 2021 20:01:43 +0100
apache2 (2.4.52-1) unstable; urgency=medium
* Refresh suexec-custom.patch
* Update lintian overrides
* Wrap long lines in changelog entries: 2.4.51-2.
* New upstream version 2.4.52 (Closes: CVE-2021-44224, CVE-2021-44790)
* Refresh patches
-- Yadd <yadd@debian.org> Mon, 20 Dec 2021 18:42:09 +0100
apache2 (2.4.51-2) unstable; urgency=medium
* Add patch to have new macro_ignore_empty and macro_ignore_bad_nesting
parameters
-- Yadd <yadd@debian.org> Mon, 25 Oct 2021 18:37:03 +0200
apache2 (2.4.51-1) unstable; urgency=medium
* New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
* Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659)
-- Yadd <yadd@debian.org> Thu, 07 Oct 2021 20:35:33 +0200
apache2 (2.4.50-1) unstable; urgency=high
* New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
* Remove patches already merged upstream
-- Ondřej Surý <ondrej@debian.org> Tue, 05 Oct 2021 13:25:23 +0200
apache2 (2.4.49-4) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patch to fix crash in 2.4.49
-- Yadd <yadd@debian.org> Fri, 01 Oct 2021 11:34:24 +0200
apache2 (2.4.49-3) unstable; urgency=medium
[ Yadd ]
* Re-export upstream signing key without extra signatures.
* Drop transition for old debug package migration.
[ Moritz Muehlenhoff ]
* Fix CVE-2021-40438 regression
-- Yadd <yadd@debian.org> Thu, 30 Sep 2021 06:00:06 +0200
apache2 (2.4.49-2) unstable; urgency=medium
[ Michiel Hazelhof ]
* Fix multi instance issue (Closes: #868861)
[ Philippe Ombredanne ]
* Fix GPL version typo in copyright file
-- Yadd <yadd@debian.org> Thu, 23 Sep 2021 13:55:55 +0200
apache2 (2.4.49-1) unstable; urgency=medium
* Update upstream GPG keys
* New upstream version 2.4.51. Closes: CVE-2021-33193, CVE-2021-34798,
CVE-2021-36160, CVE-2021-39275, CVE-2021-40438, CVE-2021-41524,
CVE-2021-41773, CVE-2021-42013)
* Refresh patches
-- Yadd <yadd@debian.org> Thu, 16 Sep 2021 06:22:23 +0200
apache2 (2.4.48-4) unstable; urgency=medium
* Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193)
-- Yadd <yadd@debian.org> Thu, 12 Aug 2021 11:37:43 +0200
apache2 (2.4.48-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Direct init script reload output from logrotate to syslog, to
avoid mail-spamming the local admin (Closes: #990580)
-- Thorsten Glaser <tg@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200
apache2 (2.4.48-3) unstable; urgency=medium
* Fix debian/changelog
-- Yadd <yadd@debian.org> Sun, 20 Jun 2021 16:39:33 +0200
apache2 (2.4.48-2) unstable; urgency=medium
* Back to unstable: Apache2 will follow upstream changes for Bullseye
[ Christian Ehrhardt ]
* d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
-- Yadd <yadd@debian.org> Sat, 19 Jun 2021 17:50:29 +0200
apache2 (2.4.48-1) experimental; urgency=medium
[ Daniel Lewart ]
* Update apache2.logrotate (Closes: #979813)
[ Andreas Hasenack ]
* Avoid test suite failure (Closes: #985012)
[ Yadd ]
* Update lintian overrides
* Re-export upstream signing key without extra signatures.
[ Ondřej Surý ]
* New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
CVE-2021-30641, CVE-2021-31618)
-- Ondřej Surý <ondrej@debian.org> Tue, 08 Jun 2021 08:29:35 +0200
apache2 (2.4.47-1) experimental; urgency=medium
* Update upstream keys file
* New upstream version 2.4.47
* Refresh patches
-- Yadd <yadd@debian.org> Thu, 29 Apr 2021 08:03:33 +0200
apache2 (2.4.46-6) unstable; urgency=medium
* Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452,
CVE-2021-26690, CVE-2021-26691, CVE-2021-30641)
-- Yadd <yadd@debian.org> Thu, 10 Jun 2021 13:40:11 +0200
apache2 (2.4.46-5) unstable; urgency=medium
* Fix "NULL pointer dereference on specially crafted HTTP/2 request"
(Closes: #989562, CVE-2021-31618)
-- Yadd <yadd@debian.org> Thu, 10 Jun 2021 11:57:38 +0200
apache2 (2.4.46-4) unstable; urgency=medium
* Ignore other random another test failures (Closes: #979664)
-- Xavier Guimard <yadd@debian.org> Mon, 11 Jan 2021 11:58:23 +0100
apache2 (2.4.46-3) unstable; urgency=medium
* Remove postinst/preinst hooks concerning old versions
* Clean include-binaries
* Enable verbose test output during autopkgtest
* Declare compliance with policy 4.5.1
* Add debian/gbp.conf
* Disable temporary 3 subtests (Closes: #979664)
-- Xavier Guimard <yadd@debian.org> Sun, 10 Jan 2021 22:43:21 +0100
apache2 (2.4.46-2) unstable; urgency=medium
[ Jean-Michel Vourgère ]
* Man: Add missing options and see also in a2en*(8)
[ Xavier Guimard ]
* Bump debhelper compatibility level to 13
+ Set debhelper-compat version in Build-Depends.
* Use dh_installsystemd rather than deprecated dh_systemd_enable
* Add extension .da for danish language in mime.conf (Closes: #972398)
* Automatically deflate application/wasm files (Closes: #972400)
* Use "graceful-stop" in systemd ExecStop (Closes: #974665)
* Re-export upstream signing key without extra signatures.
* Ignore lintian's national-encoding tag in test framework
* Add ${misc:Pre-Depends} in apache2 package
* Update lintian overrides
* Refresh patches
* Fix little spelling errors
-- Xavier Guimard <yadd@debian.org> Fri, 13 Nov 2020 16:59:01 +0100
apache2 (2.4.46-1) unstable; urgency=medium
[ Xavier Guimard ]
* Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md
[ Timo Tijhof ]
* Compress text/javascript with mod_deflate by default (Closes: #959195)
[ Xavier Guimard ]
* Add "Multi-Arch: same" to apache2-ssl-dev and libapache2-mod-md
* Update upstream keys
* New upstream version 2.4.46 (Closes: CVE-2020-11984, CVE-2020-11993,
CVE-2020-9490)
-- Xavier Guimard <yadd@debian.org> Sat, 08 Aug 2020 08:33:36 +0200
apache2 (2.4.43-1) unstable; urgency=medium
[ Timo Aaltonen ]
* mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST
requests (Closes: #955348)
[ Moritz Schlarb ]
* Fix logrotate script for multi-instance (Closes: #914606)
[ Xavier Guimard ]
* New upstream version 2.4.43 (Closes: CVE-2020-1927, CVE-2020-1934)
* Refresh patches
-- Xavier Guimard <yadd@debian.org> Tue, 31 Mar 2020 08:02:12 +0200
apache2 (2.4.41-5) unstable; urgency=medium
[ Xavier Guimard ]
* Avoid double mod_dav load (Closes: #951753)
[ Timo Aaltonen ]
* mod_proxy_ajp-add-secret-parameter.diff: Apply a patch from 2.4.x to fix
AJP with current tomcat.
(Closes: #954201)
-- Xavier Guimard <yadd@debian.org> Wed, 18 Mar 2020 21:06:49 +0100
apache2 (2.4.41-4) unstable; urgency=medium
* Add gcc in chroot autopkgtest (fixes debci)
-- Xavier Guimard <yadd@debian.org> Fri, 07 Feb 2020 06:14:33 +0100
apache2 (2.4.41-3) unstable; urgency=medium
* Don't use hardcoded libgcc_s.so.1 path in autopkgtest files. Thanks to
Aurelien Jarno (Closes: #950711)
-- Xavier Guimard <yadd@debian.org> Wed, 05 Feb 2020 13:18:04 +0100
apache2 (2.4.41-2) unstable; urgency=medium
[ Stefan Fritsch ]
* Add *.load file for mod_socache_redis
[ Vagrant Cascadian ]
* Embeds path to EGREP in config_vars.mk (Closes: #948757)
* Sanitize CXXFLAGS/-ffile-prefix-map in config_vars.mk (Closes: #948759)
-- Xavier Guimard <yadd@debian.org> Mon, 13 Jan 2020 06:14:45 +0100
apache2 (2.4.41-1) unstable; urgency=medium
* New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081,
CVE-2019-10082, CVE-2019-10092, CVE-2019-10098)
* Update lintian overrides
* Remove README in usr/share/apache2
* Move httxt2dbm manpage in section 8
* Update test framework
-- Xavier Guimard <yadd@debian.org> Wed, 14 Aug 2019 06:42:29 +0200
apache2 (2.4.39-2) unstable; urgency=medium
* Fix bad call of dh_link. Thanks to Daniel Baumann (Closes: #934640)
-- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 22:52:47 +0200
apache2 (2.4.39-1) unstable; urgency=medium
[ Helmut Grohne ]
* Do not install /usr/share/apache2/build/config.nice (Closes: #929510)
[ Xavier Guimard ]
* New upstream version 2.4.39 (Closes: CVE-2019-0196, CVE-2019-0197,
CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)
* Refresh patches
* Remove patches now included in upstream
* Replace duplicate doc files by links using jdupes
* Add bison in build dependencies
-- Xavier Guimard <yadd@debian.org> Mon, 12 Aug 2019 21:30:33 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog apache2`.
Generated by dwww version 1.15 on Sat May 18 09:37:58 CEST 2024.