Format: 1.8
Date: Tue, 15 May 2018 11:03:34 -0300
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: armhf
Version: 2.4.33-3ubuntu1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-031.buildd>
Changed-By: Andreas Hasenack <andreas@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1770242
Changes:
 apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1770242). Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
     - debian/patches/086_svn_cross_compiles: Backport several cross
       fixes from upstream
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
       Debian with Ubuntu on default page.
       + d/source/include-binaries: add Ubuntu icon file
     - d/t/control, d/t/check-http2: add basic test for http2 support
   * Drop:
     - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
       + debian/patches/CVE-2017-15710.patch: fix language long names
         detection as short name in modules/aaa/mod_authnz_ldap.c.
       + CVE-2017-15710
     - SECURITY UPDATE: incorrect <FilesMatch> matching
       + debian/patches/CVE-2017-15715.patch: allow to configure
         global/default options for regexes, like caseless matching or
         extended format in include/ap_regex.h, server/core.c,
         server/util_pcre.c.
       + CVE-2017-15715
     - SECURITY UPDATE: mod_session header manipulation
       + debian/patches/CVE-2018-1283.patch: strip Session header when
         SessionEnv is on in modules/session/mod_session.c.
       + CVE-2018-1283
     - SECURITY UPDATE: DoS via specially-crafted request
       + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
         terminated on any error, not only on buffer full in
         server/protocol.c.
       + CVE-2018-1301
     - SECURITY UPDATE: mod_cache_socache DoS
       + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
         to carriage return in modules/cache/mod_cache_socache.c.
       + CVE-2018-1303
     - SECURITY UPDATE: insecure nonce generation
       + debian/patches/CVE-2018-1312.patch: actually use the secret when
         generating nonces in modules/aaa/mod_auth_digest.c.
       + CVE-2018-1312
     - Correct systemd-sysv-generator behavior by customizing some
       parameters:
       + d/apache2-systemd.conf: add a drop-in file to specify some
         parameters for the systemd unit (type=Forking and
         RemainsAfterExit=no), this allow a correct state synchronisation
         between systemctl status and actual state of apache2 daemon.
       + d/apache2.install: place the apache2-systemd.conf file in the
         correct location.
       [type=Forking already in the base systemd service file, and
        RemainsAfterExit=no is the default value, so no need to
        customize these anymore.]
     - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
       + added debian/patches/util_ldap_cache_lock_fix.patch
       [Already applied upstream]
Checksums-Sha1:
 09443f8653603bc1259020ce272e24d3dfd9971f 1003872 apache2-bin_2.4.33-3ubuntu1_armhf.deb
 c6b81c635ae8d0beed91f58bcdcf37c84d84da1e 4191040 apache2-dbg_2.4.33-3ubuntu1_armhf.deb
 a7a8fee9a97128dc44574e84f83839a35011e2ae 178120 apache2-dev_2.4.33-3ubuntu1_armhf.deb
 1eb8cf3ffb5c6c7490236e4464f8e3fc3276cbc3 2396 apache2-ssl-dev_2.4.33-3ubuntu1_armhf.deb
 415b9930e2b811007dd711e742403d76bf7c5c76 14520 apache2-suexec-custom_2.4.33-3ubuntu1_armhf.deb
 cb2d5d6f5634d4c8126f8f43d05e648363b17e1e 13032 apache2-suexec-pristine_2.4.33-3ubuntu1_armhf.deb
 2ffc030c90e5ffcd680c7ef14e08e3df0b6e1430 84312 apache2-utils_2.4.33-3ubuntu1_armhf.deb
 fba5c8e290309a5cfd3b92014ce77bc397bb3877 10668 apache2_2.4.33-3ubuntu1_armhf.buildinfo
 e2287140e6aea49d43e22d28d65bd6cf6bf1a554 95092 apache2_2.4.33-3ubuntu1_armhf.deb
 d02f41d4f91dd2902db23b85e32662ba003cc093 968 libapache2-mod-md_2.4.33-3ubuntu1_armhf.deb
 1b1cd7aaee08b7c4e1025c82912934622227ad87 984 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_armhf.deb
Checksums-Sha256:
 a0419a978becda9ced646079ff73e7afe81afec071c582be772bbfbac33c29ad 1003872 apache2-bin_2.4.33-3ubuntu1_armhf.deb
 a72dcedf2a2eb60bf5af7c56ff8180a314bbac3fc4c7867da7cb3497b5b8fab2 4191040 apache2-dbg_2.4.33-3ubuntu1_armhf.deb
 c357cdce0f5f5b93f5defbf7c92a5a286e61d52603a8837cf642ebfc38a79a4e 178120 apache2-dev_2.4.33-3ubuntu1_armhf.deb
 923b56c6b5d3103d4179cafb708ea4424df3b25bbd83f94de5d8e5667fa134aa 2396 apache2-ssl-dev_2.4.33-3ubuntu1_armhf.deb
 3aa8930c38479a1121fbf714758a791a8da3dac542d36e8b524157f011735742 14520 apache2-suexec-custom_2.4.33-3ubuntu1_armhf.deb
 86519fc24ec285ea2858a000b487861e09290ecd24ed943b754caba6feab79b9 13032 apache2-suexec-pristine_2.4.33-3ubuntu1_armhf.deb
 99d736e374bfd8ebd3b103361f44e5f8747ff89b3363a6079992c3c184b4dd53 84312 apache2-utils_2.4.33-3ubuntu1_armhf.deb
 e5837844d26a74e938502e3eeb770d4b2476578d917174adb29d2ccce9efa76d 10668 apache2_2.4.33-3ubuntu1_armhf.buildinfo
 09672b1ef2fe9edccf550b75fade1c8a3363c10601956f24e20585971e8ecfdc 95092 apache2_2.4.33-3ubuntu1_armhf.deb
 f55f3f03caab512fbae3a8384b451efbde5bac2c0bff85c0f0aba1561369aa2f 968 libapache2-mod-md_2.4.33-3ubuntu1_armhf.deb
 14687a28da5c3873db955562f2596c59ad6f86feed70260a8ce0eff7213b31fe 984 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_armhf.deb
Files:
 dfcc6043288d82c3ba0e91e92baa6931 1003872 httpd optional apache2-bin_2.4.33-3ubuntu1_armhf.deb
 e67b3a0888da795bc0f40a59f08e6f6d 4191040 debug optional apache2-dbg_2.4.33-3ubuntu1_armhf.deb
 19d33ec2bd43ddbd05d7aeee104f2873 178120 httpd optional apache2-dev_2.4.33-3ubuntu1_armhf.deb
 fb6133013ee7e608b24f2fbd53fbd066 2396 httpd optional apache2-ssl-dev_2.4.33-3ubuntu1_armhf.deb
 6691e76fde237c8e44e4c70a15cf601d 14520 httpd optional apache2-suexec-custom_2.4.33-3ubuntu1_armhf.deb
 5db0a1dae7b9622473bd3d38fc52ddcf 13032 httpd optional apache2-suexec-pristine_2.4.33-3ubuntu1_armhf.deb
 439369a8b65d289658497a8fd2a54281 84312 httpd optional apache2-utils_2.4.33-3ubuntu1_armhf.deb
 8f60105cc0c2d2c6b86334b55e9281c9 10668 httpd optional apache2_2.4.33-3ubuntu1_armhf.buildinfo
 c3a0d4ace1ce2606fb1a50c6e92147d8 95092 httpd optional apache2_2.4.33-3ubuntu1_armhf.deb
 2a182cef4ceaf4c3523065597afc7006 968 oldlibs optional libapache2-mod-md_2.4.33-3ubuntu1_armhf.deb
 d842185aa1a96a195b8aade85af74f53 984 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_armhf.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>