apache2 2.4.38-3ubuntu1 source package in Ubuntu

Changelog

apache2 (2.4.38-3ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Cherrypick upstream testsuite fix:
      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
      as such).
    - Similarly use TLSv1.2 for pr12355 and pr43738.
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
      [Removed configure chunk, not needed since configure.in is being
       patched.]
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - d/t/control, d/t/check-http2: add basic test for http2 support

apache2 (2.4.38-3) unstable; urgency=high

  [ Marc Deslauriers ]
  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
      request method in modules/http2/h2_request.c.
    - CVE-2019-0196
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
      server/mpm/worker/worker.c.
    - CVE-2019-0211
  * SECURITY UPDATE: mod_ssl access control bypass
    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
    - CVE-2019-0215
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
      server/util.c.
    - CVE-2019-0220

  [ Stefan Fritsch ]
  * Pull security fixes from 2.4.39 via Ubuntu
  * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade

 -- Dimitri John Ledkov <email address hidden>  Mon, 10 Jun 2019 19:17:38 +0100

Upload details

Uploaded by:
Dimitri John Ledkov on 2019-06-10
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.4.38.orig.tar.gz 8.8 MiB 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6
apache2_2.4.38.orig.tar.gz.asc 488 bytes 4931fdd5833dc79592edd351047b9f153e3bac4323157e3f5d733d276d2a4997
apache2_2.4.38-3ubuntu1.debian.tar.xz 1012.8 KiB 0798e9f56f670f972783b1a2d9545f48e2739733113d4d68681c6d68fca273ed
apache2_2.4.38-3ubuntu1.dsc 3.5 KiB fa0ea1d5eca04b5a9f98d3aa4d2e3216dded73fcf0279c21579a7b962cca522d

View changes file

Binary packages built by this source

apache2: Apache HTTP Server

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 Installing this package results in a full installation, including the
 configuration files, init scripts and support scripts.

apache2-bin: Apache HTTP Server (modules and other binary files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains the binaries only and does not set up a working
 web-server instance. Install the "apache2" package to get a fully working
 instance.

apache2-bin-dbgsym: debug symbols for apache2-bin
apache2-data: Apache HTTP Server (common files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains architecture-independent common files such as icons,
 error pages and static index files.

apache2-dev: Apache HTTP Server (development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides development headers and the apxs2 binary for the Apache
 2 HTTP server, useful to develop and link third party additions to the Debian
 Apache HTTP server package.
 .
 It also provides dh_apache2 and dh sequence addons useful to install various
 Debian Apache2 extensions with debhelper. It supports
  - Apache 2 module configurations and shared objects
  - Site configuration files
  - Global configuration files

apache2-doc: Apache HTTP Server (on-site documentation)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the documentation for the Apache 2 HTTP server. The
 documentation is shipped in HTML format and can be accessed from a local
 running Apache HTTP server instance or by browsing the file system directly.

apache2-ssl-dev: Apache HTTP Server (mod_ssl development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the development header and the dependencies for
 modules that interact with mod_ssl's internal openssl state.

apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec

 Provides a customizable version of the suexec helper program for mod_suexec.
 This is not the version from upstream, but can be configured with a
 configuration file.
 .
 If you do not need non-standard document root or userdir settings, it is
 recommended that you use the standard suexec helper program from the
 apache2-suexec-pristine package instead.

apache2-suexec-custom-dbgsym: debug symbols for apache2-suexec-custom
apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec

 Provides the standard suexec helper program for mod_suexec. This version is
 compiled with document root /var/www and userdir suffix public_html. If you
 need different settings, use the package apache2-suexec-custom.

apache2-suexec-pristine-dbgsym: debug symbols for apache2-suexec-pristine
apache2-utils: Apache HTTP Server (utility programs for web servers)

 Provides some add-on programs useful for any web server. These include:
  - ab (Apache benchmark tool)
  - fcgistarter (Start a FastCGI program)
  - logresolve (Resolve IP addresses to hostnames in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - htcacheclean (Clean up the disk cache)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from Apache log files)
  - httxt2dbm (Generate dbm files for use with RewriteMap)

apache2-utils-dbgsym: debug symbols for apache2-utils
libapache2-mod-md: transitional package

 This is a transitional package to apache2 for users of libapache2-mod-md.
 It can be safely removed after the installation is complete.

libapache2-mod-proxy-uwsgi: transitional package

 This is a transitional package to apache2 for users of
 libapache2-mod-proxy-uwsgi.
 It can be safely removed after the installation is complete.