This bug was fixed in the package apache2 - 2.4.23-7ubuntu1 --------------- apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
* Merge from Debian unstable. Remaining changes: - debian/{control, apache2.install, apache2-utils.ufw.profile, apache2.dirs}: Add ufw profiles. - debian/apache2.py, debian/apache2-bin.install: Add apport hook. - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure. - debian/patches/086_svn_cross_compiles: Backport several cross fixes from upstream - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace Debian with Ubuntu on default page. - Don't build experimental http2 module for LTS: + debian/control: removed libnghttp2-dev Build-Depends (in universe). + debian/config-dir/mods-available/http2.load: removed. + debian/rules: removed proxy_http2 from configure. - Correct systemd-sysv-generator behavior by customizing some parameters: + d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation between systemctl status and actual state of apache2 daemon. + d/apache2.install: place the apache2-systemd.conf file in the correct location. apache2 (2.4.23-7) unstable; urgency=medium * Make apache2-dev depend on openssl 1.0, too. Closes: #844160 * Move DefaultRuntimeDir and pid file for multi-instances to /var/run/apache2-xxx. Thanks to Horst Platz for the debugging. Closes: #838932 LP: #1627339 * Fix systemd unit naming for multi-instances. * Tweak embedded .tar.gz some more to build reproducibly. apache2 (2.4.23-6) unstable; urgency=medium * One more tweak for reproducible build. Thanks to Daniel Shahaf for the patch. Closes: #839977 * Avoid building with openssl 1.1 for now. See #828236 apache2 (2.4.23-5) unstable; urgency=low * Team upload. [ Stefan Fritsch ] * Tweak creation of .tar.gz embedded in preinst to get reproducible build. [ Raphaël Hertzog ] * Add systemd unit files. Closes: #798430 * Improve a2enmod to enable apache-htcacheclean with systemctl and let it enable 'apache-htcacheclean@instance.service' for multi-instance support. * Improve setup-instance to rely on the systemd apache2@instance.service for multi-instance support. * Drop /lib/systemd/system/apache2.service.d/forking.conf now that we have proper native systemd support. * Modify handling of /etc/init.d/apache-htcacheclean to have a usual Default-Start value but instead we disable it manually in the postinst. That way "systemctl enable apache-htcacheclean" works. * Add some lintian overrides for non-problems (two update-rc.d calls in postinst, and a .js file with a very long line). apache2 (2.4.23-4) unstable; urgency=medium * Fix pre-inst script for new installations. Closes: #834169 apache2 (2.4.23-3) unstable; urgency=low * Fix conffiles that may have got the wrong content during upgrade from wheezy to early jessie versions. Closes: #794933 * Also restore re-introduced *.load files for mod_ident, mod_imagemap, and mod_cern_meta. These may have gone missing due to dpkg thinking they still belong to apache2.2-common. Reported by Markus Waldeck. * apache2-maintscript-helper: Make apache2_switch_mpm do nothing if the local admin has disabled the requested mpm manually. Closes: #827446, #799630 * Make mod_proxy_html depend on mod_xml2enc. * dh_apache2: Make versioned recommends on apache2 less strict. There is no advantage in recommending the current version. Closes: #784290 apache2 (2.4.23-2) unstable; urgency=high * CVE-2016-5387: Sets environmental variable based on user supplied Proxy request header. Don't pass through HTTP_PROXY in server/util_script.c apache2 (2.4.23-1) unstable; urgency=high * New upstream release - Security: CVE-2016-4979: Fix bypass of TLS client certificate verification in mod_http2. - new modules mod_proxy_http2 (experimental) and mod_proxy_hcheck * Re-introduce mod_imagemap and mod_cern_meta. Closes: #786657 * Set SHELL=/bin/bash during configure to get reproducible builds regardless of where /bin/sh points to. * Use 'Require method' instead of Limit/LimitExcept in userdir.conf. apache2 (2.4.20-2) unstable; urgency=medium * Fix crash in ap_get_useragent_host() triggered by mod_perl test. Closes: #820824 * Fix race condition and logical error in init script. Thanks to Thomas Stangner for the patch. Closes: #822144 * Remove links to manpages.debian.org in default index.html to avoid broken robots doing a DoS on the site. Closes: #821313 * Fix a2enmod to run on perl 5.14 to simplify backports. Closes: #821956 * Bump Standards-Version (no changes necessary). * Fix segfault with logresolve -c. Closes: #823259 apache2 (2.4.20-1) unstable; urgency=medium * New upstream release - mostly bugfixes and HTTP/2 improvements * Build against lua 5.2 instead of 5.1. Closes: #820243 * Correct systemd-sysv-generator behavior by customizing some parameters. This fixes 'systemctl status' returning incorrect results. Thanks to Pierre-André MOREY for the patch. LP: #1488962 * On Linux, use pthread mutexes. On kfreebsd/hurd, continue using fctnl because they lack robust pthred mutexes. LP: #1565744, #1527044 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 16 Nov 2016 09:17:24 -0500 ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4979 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5387 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1527044 Title: Update mutex from file to pthread To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1527044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs