Format: 1.8
Date: Tue, 15 May 2018 11:03:34 -0300
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: arm64
Version: 2.4.33-3ubuntu1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-030.buildd>
Changed-By: Andreas Hasenack <andreas@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1770242
Changes:
 apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1770242). Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
     - debian/patches/086_svn_cross_compiles: Backport several cross
       fixes from upstream
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
       Debian with Ubuntu on default page.
       + d/source/include-binaries: add Ubuntu icon file
     - d/t/control, d/t/check-http2: add basic test for http2 support
   * Drop:
     - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
       + debian/patches/CVE-2017-15710.patch: fix language long names
         detection as short name in modules/aaa/mod_authnz_ldap.c.
       + CVE-2017-15710
     - SECURITY UPDATE: incorrect <FilesMatch> matching
       + debian/patches/CVE-2017-15715.patch: allow to configure
         global/default options for regexes, like caseless matching or
         extended format in include/ap_regex.h, server/core.c,
         server/util_pcre.c.
       + CVE-2017-15715
     - SECURITY UPDATE: mod_session header manipulation
       + debian/patches/CVE-2018-1283.patch: strip Session header when
         SessionEnv is on in modules/session/mod_session.c.
       + CVE-2018-1283
     - SECURITY UPDATE: DoS via specially-crafted request
       + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
         terminated on any error, not only on buffer full in
         server/protocol.c.
       + CVE-2018-1301
     - SECURITY UPDATE: mod_cache_socache DoS
       + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
         to carriage return in modules/cache/mod_cache_socache.c.
       + CVE-2018-1303
     - SECURITY UPDATE: insecure nonce generation
       + debian/patches/CVE-2018-1312.patch: actually use the secret when
         generating nonces in modules/aaa/mod_auth_digest.c.
       + CVE-2018-1312
     - Correct systemd-sysv-generator behavior by customizing some
       parameters:
       + d/apache2-systemd.conf: add a drop-in file to specify some
         parameters for the systemd unit (type=Forking and
         RemainsAfterExit=no), this allow a correct state synchronisation
         between systemctl status and actual state of apache2 daemon.
       + d/apache2.install: place the apache2-systemd.conf file in the
         correct location.
       [type=Forking already in the base systemd service file, and
        RemainsAfterExit=no is the default value, so no need to
        customize these anymore.]
     - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
       + added debian/patches/util_ldap_cache_lock_fix.patch
       [Already applied upstream]
Checksums-Sha1:
 e5436250ad9629f7b8a4beeceb41ac3b3e0f4e5d 971928 apache2-bin_2.4.33-3ubuntu1_arm64.deb
 453b7be152b655382defbf571d30ba0de1cfcddf 4404688 apache2-dbg_2.4.33-3ubuntu1_arm64.deb
 59fc3e287293f4281e672afc365040e57282d104 178116 apache2-dev_2.4.33-3ubuntu1_arm64.deb
 c3773929189696987d9add2fb039ebc21529b633 2396 apache2-ssl-dev_2.4.33-3ubuntu1_arm64.deb
 54339892e767a9e762dfb83543771440a7fc665c 14832 apache2-suexec-custom_2.4.33-3ubuntu1_arm64.deb
 ee370363f33778c694411bc0ea9437876b74ff97 13352 apache2-suexec-pristine_2.4.33-3ubuntu1_arm64.deb
 33b63023bae71961263c3468a1c4ec156fad353d 79152 apache2-utils_2.4.33-3ubuntu1_arm64.deb
 850da6ed7e081f5c490c2577665b05c330a02dc6 10704 apache2_2.4.33-3ubuntu1_arm64.buildinfo
 c26efb6a81b18274162facc012a1a00fd0958b26 95100 apache2_2.4.33-3ubuntu1_arm64.deb
 dbe73ee59bf41f754a31f302257439b705958b6e 968 libapache2-mod-md_2.4.33-3ubuntu1_arm64.deb
 8a2f6dec0bd871817f4fff387da2238494c3190d 984 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_arm64.deb
Checksums-Sha256:
 994da20a5ded8ef59846c59e289e33d761461243b4801673397b1ac0dc73da0e 971928 apache2-bin_2.4.33-3ubuntu1_arm64.deb
 5de8226e42c7fd263bcff6f5b0919657627ed6e3adc6cb1477fd1c812474d33a 4404688 apache2-dbg_2.4.33-3ubuntu1_arm64.deb
 26fbf60613ba9a093011cb6ebfe05a30d3681bdad8d859ac8a63c2ea59a29d3f 178116 apache2-dev_2.4.33-3ubuntu1_arm64.deb
 89c7ab9af0c69407732b4936b34f71f23e97d3561e043b124a0c1237d5329619 2396 apache2-ssl-dev_2.4.33-3ubuntu1_arm64.deb
 0c94fa7e6d04dc2e2f85dd2f0c1631b9e9972b5c065e072a0ed729ac0ba831a3 14832 apache2-suexec-custom_2.4.33-3ubuntu1_arm64.deb
 62896515e90a8e2539ff52bfe643e9e46d0c4b21168fc5b3d2c4aee8c8ef2278 13352 apache2-suexec-pristine_2.4.33-3ubuntu1_arm64.deb
 d4cae7fe465fbd39fa8f34b9cdb03a39bcf20e2ee9c77cb341b74450ce5a01b6 79152 apache2-utils_2.4.33-3ubuntu1_arm64.deb
 9b6f8a2065b5152efd774db05c52b5575078805421f3fb17312cfa0d97ebd64b 10704 apache2_2.4.33-3ubuntu1_arm64.buildinfo
 8e3b40e9a2e6d782d6c46f3a8a28690fe29f03457d5cade6460493c98beadec9 95100 apache2_2.4.33-3ubuntu1_arm64.deb
 7a1c17bc8423a195a57ec85f2394450b50dddbf014204e20dec55de5183b7bbc 968 libapache2-mod-md_2.4.33-3ubuntu1_arm64.deb
 42ce45a588f9df1afb3a00738f1a72d930933276da83dba0484b85063f0e47ab 984 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_arm64.deb
Files:
 a9a42ee33c05c29d4b6a9c94c69f49cb 971928 httpd optional apache2-bin_2.4.33-3ubuntu1_arm64.deb
 044179f75c52db86def124697e5c82ce 4404688 debug optional apache2-dbg_2.4.33-3ubuntu1_arm64.deb
 6056374b6d7d4e856a4238330bcd6d90 178116 httpd optional apache2-dev_2.4.33-3ubuntu1_arm64.deb
 5b9f60b8581cffd7436710dac5fdf736 2396 httpd optional apache2-ssl-dev_2.4.33-3ubuntu1_arm64.deb
 08b5f13a92307226d1773f1394a18be6 14832 httpd optional apache2-suexec-custom_2.4.33-3ubuntu1_arm64.deb
 77da7568b1e0b014894cfcaa0cbb060b 13352 httpd optional apache2-suexec-pristine_2.4.33-3ubuntu1_arm64.deb
 78fc74751c1d52ae6a114038e9d35685 79152 httpd optional apache2-utils_2.4.33-3ubuntu1_arm64.deb
 1426c76482e0851f48226e97a8c04151 10704 httpd optional apache2_2.4.33-3ubuntu1_arm64.buildinfo
 0958dc860c7c4386484718725fe6e766 95100 httpd optional apache2_2.4.33-3ubuntu1_arm64.deb
 807eb31cf2c61ebc1a2c50d298f47ab9 968 oldlibs optional libapache2-mod-md_2.4.33-3ubuntu1_arm64.deb
 1a73ebd5af63b13e82074801f2ed0b2a 984 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_arm64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>