apache2 (2.4.65-3)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 2.4.65-4 > 2.4.65-3
- Git: https://salsa.debian.org/apache-team/apache2.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 6148096
- Browser: https://salsa.debian.org/apache-team/apache2
- Last scan: 2025-09-10 16:15:04+00
- Next scan: 2025-09-18 05:45:00+00
- Merge requests: 2
- CI pipeline status: failed
- Debian changelog in Git:
apache2 (2.4.65-4) UNRELEASED; urgency=medium
[ Laurent Bigonville ]
* Enable systemd module (Closes: #860087).
* debian/apache2ctl: Fix the restart and greceful when using system.
When apache is not running and restart or greceful is called, apache
was running in the user cgroup and system was be confused
(Closes: #927302).
This will also avoid to leak fd to apache
(Closes: #713967).
[ Helmut Grohne ]
* Fix FTCBFS: (Closes: #913094)
+ Annotate perl build dependency with :any.
+ cross.patch: Use AC_PATH_TOOL to find pkg-config.
+ Generate server/test_char.h ahead of the build
[ Jason Perrin ]
* Fix packaging steps undo setting of setuid bit
(Closes: #900612)
[ Bastien Roucariès]
* Harden systemd services. Set ProtectSystem=full
ProtectHome=read-only, RestrictSUIDSGID=yes.
This may break read-write CGI script to /home and
WebDaV or other CGI/php/lua uses.
* Move /var/run to /run and /var/lock to /run/lock
* Allow CAP_SYS_CHROOT for chroot
(Closes: #1091855)
-- Bastien Roucariès <rouca@debian.org> Mon, 11 Aug 2025 19:41:40 +0200
- This branch is 28 commits ahead of tag debian/2.4.65-3
- Git log:
commit c84a3f52d3fdf49977aa3192d3eec3b756efa1b9
Author: Bastien Roucariès <rouca@debian.org>
Date: Wed Aug 20 23:54:34 2025 +0200
Remove apache2 IPC
commit 9f9a5d750932dbe5aa281f8a0f3b6b46bd9930d6
Author: Bastien Roucariès <rouca@debian.org>
Date: Mon Aug 18 12:55:15 2025 +0200
Fix a typo in pid file
commit bcfffe9d6f13ae1f1dfe485039146c3dd493445c
Author: Bastien Roucariès <rouca@debian.org>
Date: Mon Aug 18 12:52:11 2025 +0200
Move /var/lock to /run/lock
commit c6818c12e2f4a6a34292b7529a4864395f3939e7
Author: Bastien Roucariès <rouca@debian.org>
Date: Mon Aug 18 12:35:36 2025 +0200
Move /var/run to /run
commit e0ae0c674d1e5e187a93357097f269c88fad5e12
Author: Bastien Roucariès <rouca@debian.org>
Date: Mon Aug 18 11:47:57 2025 +0200
Add changelog entry for #713967
commit 39e7995f937c06d3222256e7b8f4c83ac6f50198
Author: Bastien Roucariès <rouca@debian.org>
Date: Sun Aug 17 14:55:43 2025 +0200
Remove spurious test of systemdintegration
commit 0121eabb37b9f589e2a56324f9277f39280ae37d
Author: Bastien Roucariès <rouca@debian.org>
Date: Sun Aug 17 12:57:45 2025 +0200
Unregister trap exit in test
commit 6da1308ffbc589e52f7a2b68b67ddcc2ba7d44a4
Author: Bastien Roucariès <rouca@debian.org>
Date: Sun Aug 17 00:10:21 2025 +0200
Add mod cache dir as rw
commit f26606d1480fb06311fa36f7307760e0a3e018ad
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Aug 16 22:39:40 2025 +0200
Use systemctl reset-failed
Even during manual restart it count against the counter. So reset the counter
commit 67d2ef5340d26b16738494b12eb822d07e290888
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Aug 16 14:01:35 2025 +0200
Fix read write path for logging apache2@
commit b0c06f5502e586c0602e94ee68bc4f8e57dc4729
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Aug 16 13:34:39 2025 +0200
Add exception for /var/log/apache2 directory
commit ac892026b1a22bd9b43c5c5a50140e81cd45d41b
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Aug 16 13:25:43 2025 +0200
Improve hardening
commit df38a6e94822853c5630aeb4c9520cf8f17a5f9c
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Aug 16 11:46:31 2025 +0200
Remove RestrictSUIDSGID=yes to apache2.NEWS
It is only about setting SUID bit so seems safe
commit 7e6ef3b8f7ccdabef379f5c09b4cf84196bf6337
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 17:52:39 2025 +0200
Add test of systemd integration
commit 99b7d3939090541c303f4c245c66fa0d859b8d0c
Author: Laurent Bigonville <bigon@debian.org>
Date: Fri Aug 15 12:26:05 2025 +0200
debian/apache2ctl: Fix the restart and greceful when using systemd
When apache is not running and restart or greceful is called, apache
was running in the user cgroup and system was be confused
Closes: #927302
Gbp-Dch: Full
commit 5456f93501dbaa37c29f269bc44a3acf62175643
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 16:07:56 2025 +0200
Add a section about libapache2-mpm-itk
commit 892dd1af569da57eb01df0acd156d88f6672d140
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 15:55:48 2025 +0200
Fix chroot without being root
Closes: #1091855
commit e6dc62dbefded4147393399880f9b94feb3f18b2
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 15:55:17 2025 +0200
Improve cross patch
commit cf4686d5e0de6707cfce82e066d8b7fd38ba4655
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 12:28:58 2025 +0200
Improve apache2.NEWS
commit 10aa95e42cd121a605dbc6cd7cf15971266248a8
Author: Bastien Roucariès <rouca@debian.org>
Date: Fri Aug 15 12:28:58 2025 +0200
Improve apache2.NEWS
commit 040a1d5c5f0f4dd8c1c1874a966ad713e0ae329b
Author: Bastien Roucariès <rouca@debian.org>
Date: Thu Aug 14 17:50:13 2025 +0200
Document breaking changes for systemd
commit a5f0cfa012e7ade0e61e08411642a0f399193f17
Author: Bastien Roucariès <rouca@debian.org>
Date: Thu Aug 14 13:32:41 2025 +0200
Harden systemd
commit 22a143f56a158aa67a0d362ff90378fa234d3de8
Author: Bastien Roucariès <rouca@debian.org>
Date: Thu Aug 14 13:32:26 2025 +0200
Add signal documentation for apache
commit 3654d342b379b89b1d835019e4315b8aaa600584
Author: Bastien Roucariès <rouca@debian.org>
Date: Thu Aug 14 11:29:23 2025 +0200
Fix packaging steps undo setting of setuid bit
Closes: #900612
commit ba9ecc2b1a2b5451bce9fa97e6353df428be2a73
Author: Bastien Roucariès <rouca@debian.org>
Date: Wed Aug 13 16:42:28 2025 +0200
Fix apache2.NEWS as released
commit c55bf2b9087a871a5edf6fcfeb773f080b5a058d
Author: Bastien Roucariès <rouca@debian.org>
Date: Wed Aug 13 16:41:40 2025 +0200
Fix target version for apache
commit a3e0a3e35eff7f0acb5da5b67d7640bb129244a8
Author: Helmut Grohne <helmut@subdivi.de>
Date: Wed Aug 13 12:01:18 2025 +0200
apache2 FTCBFS: multiple reasons
apache2 fails to cross build from source. Let me explain the individual
subproblems.
* The build dependency on the host architecture perl conflicts with the
essential build architecture perl. It turns out, apache2 wants to run
perl during build, so it actually needs the build architecture perl.
Annotating the dependency with :any fixes that.
* ./configure fails finding .pc files, because it uses the build
architecture pkg-config. It should be using AC_PATH_TOOL (or better
PKG_PROG_PKG_CONFIG) rather than AC_PATH_PROG.
* Fixing configure.ac does not influence the build as ./configure is
not built from source. dh-autoreconf fixes that.
* Finally, the build fails running ./server/gen_test_char. It should be
built with the build architecture compiler, but the build system is
incapable of doing so. The mailing list suggests just compiling and
running that file ahead of the actual build.
After applying the attached patch, apache2 cross builds successfully.
Please consider using it.
commit 63853f40d2a24670447e7d265c564fcac3ce2ac7
Author: Laurent Bigonville <bigon@debian.org>
Date: Mon Jul 7 11:53:55 2025 +0200
Enable systemd module
The systemd .service files have been changed to Type=notify
The module is statically linked.
Closes: #860087
