[ubuntu/jammy-proposed] apache2 2.4.51-2ubuntu1 (Accepted)
Bryce Harrington
bryce at canonical.com
Fri Dec 17 22:28:13 UTC 2021
apache2 (2.4.51-2ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
(LP 261198)
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
(LP 609177)
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/s/include-binaries: replace Debian with Ubuntu on default
page and add Ubuntu icon file.
(LP 1288690)
- d/p/support-openssl3-*.patch: Backport various patches from
https://github.com/apache/httpd/pull/258 in order to fix mod_ssl's
failure to load when using OpenSSL 3.
(LP #1951476)
* Dropped:
- d/apache2ctl: Also use systemd for graceful if it is in use.
(LP: 1832182)
[This introduced a performance regression.]
- d/apache2ctl: Also use /run/systemd to check for systemd usage.
(LP 1918209)
[Not needed]
- debian/patches/CVE-2021-33193.patch: refactor request parsing in
include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
server/core_filters.c, server/protocol.c, server/vhost.c.
[Fixed in 2.4.48-4]
- debian/patches/CVE-2021-34798.patch: add NULL check in
server/scoreboard.c.
[Fixed in 2.4.49-1]
- debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
generic worker in modules/proxy/mod_proxy_uwsgi.c.
[Fixed in 2.4.49-1]
- debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
substitution logic in server/util.c.
[Fixed in 2.4.49-1]
- arbitrary origin server via crafted request uri-path
+ debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c.
+ debian/patches/CVE-2021-40438.patch: add sanity checks on the
configured UDS path in modules/proxy/proxy_util.c.
[Fixed in 2.4.49-3]
- SECURITY REGRESSION: Issues in UDS URIs. (LP #1945311)
+ debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
rules in modules/mappers/mod_rewrite.c.
+ debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
hostname in modules/mappers/mod_rewrite.c,
modules/proxy/proxy_util.c.
[Fixed in 2.4.49-3]
Date: Thu, 16 Dec 2021 14:09:26 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.51-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 16 Dec 2021 14:09:26 -0800
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.51-2ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Changes:
apache2 (2.4.51-2ubuntu1) jammy; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.
(LP 261198)
- debian/apache2.py, debian/apache2-bin.install: Add apport hook.
(LP 609177)
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/s/include-binaries: replace Debian with Ubuntu on default
page and add Ubuntu icon file.
(LP 1288690)
- d/p/support-openssl3-*.patch: Backport various patches from
https://github.com/apache/httpd/pull/258 in order to fix mod_ssl's
failure to load when using OpenSSL 3.
(LP #1951476)
* Dropped:
- d/apache2ctl: Also use systemd for graceful if it is in use.
(LP: 1832182)
[This introduced a performance regression.]
- d/apache2ctl: Also use /run/systemd to check for systemd usage.
(LP 1918209)
[Not needed]
- debian/patches/CVE-2021-33193.patch: refactor request parsing in
include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
server/core_filters.c, server/protocol.c, server/vhost.c.
[Fixed in 2.4.48-4]
- debian/patches/CVE-2021-34798.patch: add NULL check in
server/scoreboard.c.
[Fixed in 2.4.49-1]
- debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
generic worker in modules/proxy/mod_proxy_uwsgi.c.
[Fixed in 2.4.49-1]
- debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
substitution logic in server/util.c.
[Fixed in 2.4.49-1]
- arbitrary origin server via crafted request uri-path
+ debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c.
+ debian/patches/CVE-2021-40438.patch: add sanity checks on the
configured UDS path in modules/proxy/proxy_util.c.
[Fixed in 2.4.49-3]
- SECURITY REGRESSION: Issues in UDS URIs. (LP #1945311)
+ debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
rules in modules/mappers/mod_rewrite.c.
+ debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
hostname in modules/mappers/mod_rewrite.c,
modules/proxy/proxy_util.c.
[Fixed in 2.4.49-3]
Checksums-Sha1:
26c9e157a6be23014c5e3fad1cc80fc4be436026 3334 apache2_2.4.51-2ubuntu1.dsc
516128e5acb7311e6e4d32d600664deb0d12e61f 9873874 apache2_2.4.51.orig.tar.gz
c78fff5b4de23fa62bedd32250a2baec8063c940 911072 apache2_2.4.51-2ubuntu1.debian.tar.xz
a97bead3cf6513d64ca409bbbd5223937e469643 8474 apache2_2.4.51-2ubuntu1_source.buildinfo
Checksums-Sha256:
5c7c1015898ed23c9d109b2a7258e6568f8ce501bb2ccb2cb8790c8c6bfd49d9 3334 apache2_2.4.51-2ubuntu1.dsc
c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 9873874 apache2_2.4.51.orig.tar.gz
a58778a9591272fc5038598966c76c6db71a47b6059b63d1290ed420a5e3aaaa 911072 apache2_2.4.51-2ubuntu1.debian.tar.xz
503bc98de56312ca808d0ff958457491ce10954087cbb80113ec53ee47180227 8474 apache2_2.4.51-2ubuntu1_source.buildinfo
Files:
dd6080d0d99eab8f398ccb1866433afa 3334 httpd optional apache2_2.4.51-2ubuntu1.dsc
35de73fe4ffefc1cfc4e3841afe567a9 9873874 httpd optional apache2_2.4.51.orig.tar.gz
05adf9e81a5558e859380400a38c3e7b 911072 httpd optional apache2_2.4.51-2ubuntu1.debian.tar.xz
1701053a7f0ea3fe8987226cb9e6e579 8474 httpd optional apache2_2.4.51-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/apache2
Vcs-Git-Commit: e249e4c816da6f89181fa734e8f324ed03a10eef
Vcs-Git-Ref: refs/heads/merge-v2.4.51-2-jammy
More information about the jammy-changes
mailing list