Looking for testers for Debian 9/stretch apache2/mod_http2 update (including security fix)

To: debian-apache@lists.debian.org
Cc: Hosted Power Sales <sales@hosted-power.com>, Tehnic <tehnic@take3.ro>, Thomas <thomas@shadowweb.org>, hp <hp@localhorst.org>, Markus Martinet <generalstone@generalstone.net>
Subject: Looking for testers for Debian 9/stretch apache2/mod_http2 update (including security fix)
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 13 May 2018 19:27:08 +0200
Message-id: <[🔎] 9613477.3RMLR5fHfo@k>
Reply-to: debian-apache@lists.debian.org

Hi,

I have prepared a big update of the stretch apache2 package that ships the 
mod_http2 version from 2.4.33. I hope it will be included in the next stable 
point release. It would be great if interested people could give it some 
testing.

The list of changes is:

 * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This
    fixes
    - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2
    - Segfaults in mod_http2 (Closes: #873945)
    - mod_http2 issue with option "Indexes" and directive "HeaderName"
      (Closes: #850947)
  * mod_http2: Avoid high memory usage with large files, causing crashes on
    32bit archs. Closes: #897218
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. Closes: #898563

amd64 and source Packages are available at [1].

Thanks in advance.

Cheers,
Stefan

[1] https://www.sfritsch.de/~stf/apache2_2.4.25-3+deb9u5~test1/

sha256sums:
aca9dc0db14876c597d9c9455d205612eac341b8885064b83bf43f8ec0f5af47  
apache2_2.4.25-3+deb9u5.debdiff
c173647748c1344f3add1d22bf89d7a8010535a7a0e041f4eccd1d5e2d454a2d  
apache2_2.4.25-3+deb9u5.part.debdiff
e5361e3cf67657fb3ccfc49fc59c84c35991bfb75f9d47552ae68a8220339c3a  
apache2_2.4.25-3+deb9u5~test1_amd64.build
43f18b02eec98190d7318f04fcaf317cb4599bc2f7c37b1fe1acaa0880799876  
apache2_2.4.25-3+deb9u5~test1_amd64.buildinfo
9764c2a17c1deafb7d60d96438428ebbb7115528a1530ee1536d9fbde2deca0f  
apache2_2.4.25-3+deb9u5~test1_amd64.changes
4e214344fe4b05f09ae5bd084ca1d873b7d3a999668eb6679334873851f9e4b8  
apache2_2.4.25-3+deb9u5~test1_amd64.deb
ccba79468e99cab477c44548bd1665ac541d22ac8cb8e59962b6711cbaddd0ff  
apache2_2.4.25-3+deb9u5~test1.debian.tar.xz
2a9f588a444660f56702993240db37019f3cb0215f34bb5d314485a959ed1d96  
apache2_2.4.25-3+deb9u5~test1.dsc
fa9ad94a92ce4dad96ad8ddc1564c61513744afa306167672b434b4232f6bbd4  apache2-
bin_2.4.25-3+deb9u5~test1_amd64.deb
707fe797040eadbfb1a3c43333b1e6931416338b90615583fe939e7b79421ee8  apache2-
data_2.4.25-3+deb9u5~test1_all.deb
7bb263b909c2aa428b10a1bb5c03d3d8c851908484a09e7971ceddaa734917a2  apache2-
dbg_2.4.25-3+deb9u5~test1_amd64.deb
e79bdc9105a7b2f4bc8d0d7d7e53008636d756db45cc323a4ca2b900e19b4e03  apache2-
dev_2.4.25-3+deb9u5~test1_amd64.deb
e90b9838b1c9d041b2177830c0c8f3f9fab87b820af28400dcb85bffd4742140  apache2-
doc_2.4.25-3+deb9u5~test1_all.deb
43eaf4b141c0d8f23ef5781e2a01187aedd59cb4455a2aa3b66777edcf98677c  apache2-ssl-
dev_2.4.25-3+deb9u5~test1_amd64.deb
89b4a9221c72e8357cd3683403de1575fb2ee548654208427b9fca6e5945005c  apache2-
suexec-custom_2.4.25-3+deb9u5~test1_amd64.deb
2fd411454962beb7176684b9b7b932ac349f7ba191ac545b14aa439cb7eb44ea  apache2-
suexec-pristine_2.4.25-3+deb9u5~test1_amd64.deb
927b1742b47a7190b8fdfabfb456f0ea63e357db5e13861a55097a003ec55796  apache2-
utils_2.4.25-3+deb9u5~test1_amd64.deb
e2905a7f0fc18bb3d7021d596861ce19c313d832205fe890e68e583092b8fcd9  mod_http2-upgrade-to-2.4.33.diffstat
ccaefad14dd2f33733c1707f2a6a97bf6e8bf06f3c32e975a5f14f8e6dc7f64c  
SHA256SUM.asc

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Re: Bug#894713: stretch-pu: apache2/2.4.25-3+deb9u5
Next by Date: Bug#894785: marked as done (apache2: File conflict with libapache2-mod-proxy-uwsgi)
Previous by thread: Re: Bug#894713: stretch-pu: apache2/2.4.25-3+deb9u5
Next by thread: Bug#894588: "apache2ctl start" leads to severe errors in cgi scripts
Index(es):
- Date
- Thread