Format: 1.8
Date: Tue, 15 May 2018 11:03:34 -0300
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: ppc64el
Version: 2.4.33-3ubuntu1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-008.buildd>
Changed-By: Andreas Hasenack <andreas@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1770242
Changes:
 apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1770242). Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
     - debian/patches/086_svn_cross_compiles: Backport several cross
       fixes from upstream
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
       Debian with Ubuntu on default page.
       + d/source/include-binaries: add Ubuntu icon file
     - d/t/control, d/t/check-http2: add basic test for http2 support
   * Drop:
     - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
       + debian/patches/CVE-2017-15710.patch: fix language long names
         detection as short name in modules/aaa/mod_authnz_ldap.c.
       + CVE-2017-15710
     - SECURITY UPDATE: incorrect <FilesMatch> matching
       + debian/patches/CVE-2017-15715.patch: allow to configure
         global/default options for regexes, like caseless matching or
         extended format in include/ap_regex.h, server/core.c,
         server/util_pcre.c.
       + CVE-2017-15715
     - SECURITY UPDATE: mod_session header manipulation
       + debian/patches/CVE-2018-1283.patch: strip Session header when
         SessionEnv is on in modules/session/mod_session.c.
       + CVE-2018-1283
     - SECURITY UPDATE: DoS via specially-crafted request
       + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
         terminated on any error, not only on buffer full in
         server/protocol.c.
       + CVE-2018-1301
     - SECURITY UPDATE: mod_cache_socache DoS
       + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
         to carriage return in modules/cache/mod_cache_socache.c.
       + CVE-2018-1303
     - SECURITY UPDATE: insecure nonce generation
       + debian/patches/CVE-2018-1312.patch: actually use the secret when
         generating nonces in modules/aaa/mod_auth_digest.c.
       + CVE-2018-1312
     - Correct systemd-sysv-generator behavior by customizing some
       parameters:
       + d/apache2-systemd.conf: add a drop-in file to specify some
         parameters for the systemd unit (type=Forking and
         RemainsAfterExit=no), this allow a correct state synchronisation
         between systemctl status and actual state of apache2 daemon.
       + d/apache2.install: place the apache2-systemd.conf file in the
         correct location.
       [type=Forking already in the base systemd service file, and
        RemainsAfterExit=no is the default value, so no need to
        customize these anymore.]
     - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
       + added debian/patches/util_ldap_cache_lock_fix.patch
       [Already applied upstream]
Checksums-Sha1:
 9798b2d0ef149d05c92bfd50a8496e379bdc173e 1179300 apache2-bin_2.4.33-3ubuntu1_ppc64el.deb
 7f0c88a43ea77ddf27af3d6d812e45a0d71e812e 4769472 apache2-dbg_2.4.33-3ubuntu1_ppc64el.deb
 d652cc30c1cd7480d1862e518c5590a1945a46ba 178124 apache2-dev_2.4.33-3ubuntu1_ppc64el.deb
 b5341251d87eaaabdf1b3ffe8321ea5829dc59c7 2396 apache2-ssl-dev_2.4.33-3ubuntu1_ppc64el.deb
 12de7ecc2a874184343569e36c078642e41ab7ea 15208 apache2-suexec-custom_2.4.33-3ubuntu1_ppc64el.deb
 b45c1274f48ea103dfb6ef845633f1621be53a00 13608 apache2-suexec-pristine_2.4.33-3ubuntu1_ppc64el.deb
 ec4d755760981fa750bcf867e1387c0064db2950 85124 apache2-utils_2.4.33-3ubuntu1_ppc64el.deb
 92f2a7ce03054a72507d8d40e1e0c5b422d57722 10775 apache2_2.4.33-3ubuntu1_ppc64el.buildinfo
 f6bfbc172bc7937c34f74596c7f674ef35f5968d 95100 apache2_2.4.33-3ubuntu1_ppc64el.deb
 8d909557b69b8ec24607461cfd0b76ace4da1e36 968 libapache2-mod-md_2.4.33-3ubuntu1_ppc64el.deb
 66b476b029800cab75da850664298c541d15755d 988 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_ppc64el.deb
Checksums-Sha256:
 28478b5b728e5c2d91447d159eb36bde9862b35b3f8a08eafda4ad6049b53920 1179300 apache2-bin_2.4.33-3ubuntu1_ppc64el.deb
 8ae17688896383251949525c8f7c59ec3a61dd93d8f0a975405ef156251ac2df 4769472 apache2-dbg_2.4.33-3ubuntu1_ppc64el.deb
 408f714830755f92aff7fa07fdbb5ac36a161ce3f929af280ab9be630e00aa2e 178124 apache2-dev_2.4.33-3ubuntu1_ppc64el.deb
 3474f0399df671cbea528a503d4a91348cda49a6a585d1bcb538acb7491a6e6a 2396 apache2-ssl-dev_2.4.33-3ubuntu1_ppc64el.deb
 d6af16f0fd0b6ceb389f7fb30a9549c56d7edce286f3c9c46a039236fd08474d 15208 apache2-suexec-custom_2.4.33-3ubuntu1_ppc64el.deb
 8c53be8051d6bbe9775277033c196cc88fb5e80e273eb8ca4ccb9486a3927ea8 13608 apache2-suexec-pristine_2.4.33-3ubuntu1_ppc64el.deb
 1faede2f7dd2e73344babb5baa428b32edf82eb514e3b90a3899089fe346b3bc 85124 apache2-utils_2.4.33-3ubuntu1_ppc64el.deb
 26ea62bd72b6c844331106f98fad89f047a7d5cf9b8cdf0a8537f3b003aca473 10775 apache2_2.4.33-3ubuntu1_ppc64el.buildinfo
 b0f1dee4b42c4a82801f21a0fa58b12c2269de3bdbce3782e06103a0d0474081 95100 apache2_2.4.33-3ubuntu1_ppc64el.deb
 179ceff59f9d6cd1c1f31113f1cf2a430525148eb8fc6886239d06431f3a1abb 968 libapache2-mod-md_2.4.33-3ubuntu1_ppc64el.deb
 b82e61d1dda08e55476620e0d3f3c0d46b3dee2d2a18e4350ed6fc87fe6316bb 988 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_ppc64el.deb
Files:
 50f87c16be547a7bcbc1ac39655a8a35 1179300 httpd optional apache2-bin_2.4.33-3ubuntu1_ppc64el.deb
 6d5195ca0c8ee3558fcf9e22a6e9c679 4769472 debug optional apache2-dbg_2.4.33-3ubuntu1_ppc64el.deb
 ec5058fd4d835a1241cbd8f35559b979 178124 httpd optional apache2-dev_2.4.33-3ubuntu1_ppc64el.deb
 28f903993b6780cc62ade4074b24db88 2396 httpd optional apache2-ssl-dev_2.4.33-3ubuntu1_ppc64el.deb
 8bae05a86d28ec3034843b01b69c1d89 15208 httpd optional apache2-suexec-custom_2.4.33-3ubuntu1_ppc64el.deb
 c1d15c924213e1563c9d21b833b9d6fc 13608 httpd optional apache2-suexec-pristine_2.4.33-3ubuntu1_ppc64el.deb
 448eb85cd938092ab9370518d95c59c2 85124 httpd optional apache2-utils_2.4.33-3ubuntu1_ppc64el.deb
 caee08fcdf70dce691291f97e253118b 10775 httpd optional apache2_2.4.33-3ubuntu1_ppc64el.buildinfo
 0ec8029533a833a05888ca5886bea69a 95100 httpd optional apache2_2.4.33-3ubuntu1_ppc64el.deb
 435dedda73e764e333a5d99046256cca 968 oldlibs optional libapache2-mod-md_2.4.33-3ubuntu1_ppc64el.deb
 2f6877d715ec5a0d720065fb9c3872b1 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_ppc64el.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>