ubuntu/+source/apache2:applied/ubuntu/cosmic

Last commit made on 2018-04-30
Get this branch:
git clone -b applied/ubuntu/cosmic https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/cosmic
Repository:
lp:ubuntu/+source/apache2

Recent commits

f0d7f7c... by Marc Deslauriers on 2018-04-25

Import patches-applied version 2.4.29-1ubuntu4.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9c89ce13486f9c46d565b509ae545885b4635160
Unapplied parent: b92c71068b776e47776f122c8227475ecf83ce9c

New changelog entries:
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

b92c710... by Marc Deslauriers on 2018-04-25

fix insecure nonce generation

Gbp-Pq: CVE-2018-1312.patch.

3f16250... by Marc Deslauriers on 2018-04-25

fix mod_cache_socache DoS

Gbp-Pq: CVE-2018-1303.patch.

63dab0f... by Marc Deslauriers on 2018-04-25

fix DoS via specially-crafted request

Gbp-Pq: CVE-2018-1301.patch.

424c5a4... by Marc Deslauriers on 2018-04-25

fix mod_session header manipulation

Gbp-Pq: CVE-2018-1283.patch.

771930b... by Marc Deslauriers on 2018-04-25

fix incorrect <FilesMatch> matching

Gbp-Pq: CVE-2017-15715.patch.

61a9cb6... by Marc Deslauriers on 2018-04-25

fix DoS via missing header with AuthLDAPCharsetConfig

Gbp-Pq: CVE-2017-15710.patch.

a306bcb... by Marc Deslauriers on 2018-04-25

[PATCH] Merge r1824811 from trunk:

Gbp-Pq: util_ldap_cache_lock_fix.patch.

ccebb21... by Marc Deslauriers on 2018-04-25

Pull upstream fixes for autotools for cross-compiling

Gbp-Pq: 086_svn_cross_compiles.

6779bb3... by Marc Deslauriers on 2018-04-25

Signals and hooks cleanup on exit (v3, 2.4.x) for bug #61558

Gbp-Pq: 0011-Signals-and-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch.