[ubuntu/jammy-proposed] apache2 2.4.51-2ubuntu1 (Accepted)

Bryce Harrington bryce at canonical.com
Fri Dec 17 22:28:13 UTC 2021 

apache2 (2.4.51-2ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
      (LP 261198)
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
      (LP 609177)
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/s/include-binaries: replace Debian with Ubuntu on default
      page and add Ubuntu icon file.
      (LP 1288690)
    - d/p/support-openssl3-*.patch: Backport various patches from
      https://github.com/apache/httpd/pull/258 in order to fix mod_ssl's
      failure to load when using OpenSSL 3.
      (LP #1951476)
  * Dropped:
    - d/apache2ctl: Also use systemd for graceful if it is in use.
      (LP: 1832182)
      [This introduced a performance regression.]
    - d/apache2ctl: Also use /run/systemd to check for systemd usage.
      (LP 1918209)
      [Not needed]
    - debian/patches/CVE-2021-33193.patch: refactor request parsing in
      include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
      include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
      server/core_filters.c, server/protocol.c, server/vhost.c.
      [Fixed in 2.4.48-4]
    - debian/patches/CVE-2021-34798.patch: add NULL check in
      server/scoreboard.c.
      [Fixed in 2.4.49-1]
    - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
      generic worker in modules/proxy/mod_proxy_uwsgi.c.
      [Fixed in 2.4.49-1]
    - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
      substitution logic in server/util.c.
      [Fixed in 2.4.49-1]
    - arbitrary origin server via crafted request uri-path
      + debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
        parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
        modules/proxy/proxy_util.c.
      + debian/patches/CVE-2021-40438.patch: add sanity checks on the
        configured UDS path in modules/proxy/proxy_util.c.
      [Fixed in 2.4.49-3]
    - SECURITY REGRESSION: Issues in UDS URIs.  (LP #1945311)
      + debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
        rules in modules/mappers/mod_rewrite.c.
      + debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
        hostname in modules/mappers/mod_rewrite.c,
        modules/proxy/proxy_util.c.
      [Fixed in 2.4.49-3]

Date: Thu, 16 Dec 2021 14:09:26 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.51-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 16 Dec 2021 14:09:26 -0800
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.51-2ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Changes:
 apache2 (2.4.51-2ubuntu1) jammy; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
       (LP 261198)
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
       (LP 609177)
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
       d/s/include-binaries: replace Debian with Ubuntu on default
       page and add Ubuntu icon file.
       (LP 1288690)
     - d/p/support-openssl3-*.patch: Backport various patches from
       https://github.com/apache/httpd/pull/258 in order to fix mod_ssl's
       failure to load when using OpenSSL 3.
       (LP #1951476)
   * Dropped:
     - d/apache2ctl: Also use systemd for graceful if it is in use.
       (LP: 1832182)
       [This introduced a performance regression.]
     - d/apache2ctl: Also use /run/systemd to check for systemd usage.
       (LP 1918209)
       [Not needed]
     - debian/patches/CVE-2021-33193.patch: refactor request parsing in
       include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
       include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
       server/core_filters.c, server/protocol.c, server/vhost.c.
       [Fixed in 2.4.48-4]
     - debian/patches/CVE-2021-34798.patch: add NULL check in
       server/scoreboard.c.
       [Fixed in 2.4.49-1]
     - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
       generic worker in modules/proxy/mod_proxy_uwsgi.c.
       [Fixed in 2.4.49-1]
     - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
       substitution logic in server/util.c.
       [Fixed in 2.4.49-1]
     - arbitrary origin server via crafted request uri-path
       + debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
         parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
         modules/proxy/proxy_util.c.
       + debian/patches/CVE-2021-40438.patch: add sanity checks on the
         configured UDS path in modules/proxy/proxy_util.c.
       [Fixed in 2.4.49-3]
     - SECURITY REGRESSION: Issues in UDS URIs.  (LP #1945311)
       + debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
         rules in modules/mappers/mod_rewrite.c.
       + debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
         hostname in modules/mappers/mod_rewrite.c,
         modules/proxy/proxy_util.c.
       [Fixed in 2.4.49-3]
Checksums-Sha1:
 26c9e157a6be23014c5e3fad1cc80fc4be436026 3334 apache2_2.4.51-2ubuntu1.dsc
 516128e5acb7311e6e4d32d600664deb0d12e61f 9873874 apache2_2.4.51.orig.tar.gz
 c78fff5b4de23fa62bedd32250a2baec8063c940 911072 apache2_2.4.51-2ubuntu1.debian.tar.xz
 a97bead3cf6513d64ca409bbbd5223937e469643 8474 apache2_2.4.51-2ubuntu1_source.buildinfo
Checksums-Sha256:
 5c7c1015898ed23c9d109b2a7258e6568f8ce501bb2ccb2cb8790c8c6bfd49d9 3334 apache2_2.4.51-2ubuntu1.dsc
 c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 9873874 apache2_2.4.51.orig.tar.gz
 a58778a9591272fc5038598966c76c6db71a47b6059b63d1290ed420a5e3aaaa 911072 apache2_2.4.51-2ubuntu1.debian.tar.xz
 503bc98de56312ca808d0ff958457491ce10954087cbb80113ec53ee47180227 8474 apache2_2.4.51-2ubuntu1_source.buildinfo
Files:
 dd6080d0d99eab8f398ccb1866433afa 3334 httpd optional apache2_2.4.51-2ubuntu1.dsc
 35de73fe4ffefc1cfc4e3841afe567a9 9873874 httpd optional apache2_2.4.51.orig.tar.gz
 05adf9e81a5558e859380400a38c3e7b 911072 httpd optional apache2_2.4.51-2ubuntu1.debian.tar.xz
 1701053a7f0ea3fe8987226cb9e6e579 8474 httpd optional apache2_2.4.51-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/apache2
Vcs-Git-Commit: e249e4c816da6f89181fa734e8f324ed03a10eef
Vcs-Git-Ref: refs/heads/merge-v2.4.51-2-jammy

More information about the jammy-changes mailing list