Ubuntu
apache2 package

Merge ~ahasenack/ubuntu/+source/apache2:disco-apache2-2.4.37-merge into ubuntu/+source/apache2:debian/sid

Proposed by Andreas Hasenack on 2019-01-18

Status:	Rejected
Rejected by:	Andreas Hasenack on 2019-02-04
Proposed branch:	~ahasenack/ubuntu/+source/apache2:disco-apache2-2.4.37-merge
Merge into:	ubuntu/+source/apache2:debian/sid
Diff against target:	2286 lines (+1674/-33) 16 files modified debian/apache2-bin.install (+1/-0) debian/apache2-utils.ufw.profile (+14/-0) debian/apache2.dirs (+1/-0) debian/apache2.install (+1/-0) debian/apache2.postrm (+1/-0) debian/apache2.py (+48/-0) debian/changelog (+1413/-0) debian/control (+7/-19) debian/index.html (+19/-12) debian/patches/086_svn_cross_compiles (+118/-0) debian/patches/series (+3/-0) debian/rules (+2/-1) debian/source/include-binaries (+1/-0) debian/tests/check-http2 (+41/-0) debian/tests/control (+4/-0) dev/null (+0/-1)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Robie Basak	2019-01-18	Needs Information on 2019-01-22
Canonical Server	2019-01-18	Pending
Review via email: mp+361977@code.launchpad.net

Description of the change

Merge 2.4.37 from debian, dropping a security patch for CVE-2018-11763 that was incorporated in 2.4.35 (https://httpd.apache.org/security/vulnerabilities_24.html).

Apache is affected by the git-empty-dir bug (https://bugs.launchpad.net/usd-importer/+bug/1687057) and as such we lose the rich history each time. I believe I recovered it correctly, but please keep an eye out about that.

Bileto ticket (still running): https://bileto.ubuntu.com/#/ticket/3604

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-01-22:

Retriggering tests with proposed

Revision history for this message

Robie Basak (racb) wrote on 2019-01-22:

1: 00dac52b = 1: bbac7661 - debian/{control, apache2.install, apache2-utils.ufw.profile, apache2.dirs}: Add ufw profiles.
2: 890bfeaa = 2: 1f6fa5f0 - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
3: 54f028d1 ! 3: f7c44b9e - debian/patches/086_svn_cross_compiles: Backport several cross fixes from upstream
    @@ -131,9 +131,9 @@
     --- a/debian/patches/series
     +++ b/debian/patches/series
     @@
    + # This patch is applied manually
      #suexec-custom.patch
    -
    - remove_mod_lbmethod_load_order_dependency.diff
    + setenvifexpr.diff
     +
     +# Patches added by Ubuntu
     +086_svn_cross_compiles
4: 676a9a6e ! 4: 92420b0b - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace Debian with Ubuntu on default page. + d/source/include-binaries: add Ubuntu icon file
    @@ -119,10 +119,10 @@
     --- a/debian/source/include-binaries
     +++ b/debian/source/include-binaries
     @@
    - debian/icons/odf6otp-20x22.png
    - debian/icons/odf6oth-20x22.png
    + debian/icons/odf6ots-20x22.png
    + debian/icons/odf6ott-20x22.png
      debian/icons/openlogo-75.png
     +debian/icons/ubuntu-logo.png
    - debian/upstream/signing-key.pgp
      debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
      debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
    + debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
5: 6ae6dc28 = 5: 7faffea9 - d/t/control, d/t/check-http2: add basic test for http2 support
6: a57862f3 = 6: 3c4eef85 - d/control, d/rules, d/config-dir/mods-available/md.load: don't build libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which cannot be coinstalled with libcurl3. That situation breaks the installation of libapache2-mod-shib2. See https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1 for details.
7: 08b68c8f < -: -------- * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames - debian/patches/CVE-2018-11763.patch: rework connection IO event handling in modules/http2/h2_session.c, modules/http2/h2_session.h, modules/http2/h2_version.h. - CVE-2018-11763
-: -------- > 7: b0015c49 * Dropped: - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames + debian/patches/CVE-2018-11763.patch: rework connection IO event handling in modules/http2/h2_session.c, modules/http2/h2_session.h, modules/http2/h2_version.h. - CVE-2018-11763 [Fixed in 2.4.35]
-: -------- > 8: 64a15d34 merge-changelogs
-: -------- > 9: 2b0bae73 reconstruct-changelog
-: -------- > 10: bad3cd6e update-maintainer

1:  00dac52b =  1:  bbac7661     - debian/{control, apache2.install, apache2-utils.ufw.profile,       apache2.dirs}: Add ufw profiles.
 2:  890bfeaa =  2:  1f6fa5f0     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
 3:  54f028d1 !  3:  f7c44b9e     - debian/patches/086_svn_cross_compiles: Backport several cross       fixes from upstream
    @@ -131,9 +131,9 @@
     --- a/debian/patches/series
     +++ b/debian/patches/series
     @@
    + # This patch is applied manually
      #suexec-custom.patch
    - 
    - remove_mod_lbmethod_load_order_dependency.diff
    + setenvifexpr.diff
     +
     +# Patches added by Ubuntu
     +086_svn_cross_compiles
 4:  676a9a6e !  4:  92420b0b     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace       Debian with Ubuntu on default page.       + d/source/include-binaries: add Ubuntu icon file
    @@ -119,10 +119,10 @@
     --- a/debian/source/include-binaries
     +++ b/debian/source/include-binaries
     @@
    - debian/icons/odf6otp-20x22.png
    - debian/icons/odf6oth-20x22.png
    + debian/icons/odf6ots-20x22.png
    + debian/icons/odf6ott-20x22.png
      debian/icons/openlogo-75.png
     +debian/icons/ubuntu-logo.png
    - debian/upstream/signing-key.pgp
      debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
      debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
    + debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
 5:  6ae6dc28 =  5:  7faffea9     - d/t/control, d/t/check-http2: add basic test for http2 support
 6:  a57862f3 =  6:  3c4eef85     - d/control, d/rules, d/config-dir/mods-available/md.load: don't build       libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which       cannot be coinstalled with libcurl3. That situation breaks the       installation of libapache2-mod-shib2.  See       https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1       for details.
 7:  08b68c8f <  -:  --------   * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames     - debian/patches/CVE-2018-11763.patch: rework connection IO event       handling in modules/http2/h2_session.c, modules/http2/h2_session.h,       modules/http2/h2_version.h.     - CVE-2018-11763
 -:  -------- >  7:  b0015c49   * Dropped:     - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames       + debian/patches/CVE-2018-11763.patch: rework connection IO event         handling in modules/http2/h2_session.c, modules/http2/h2_session.h,         modules/http2/h2_version.h.         - CVE-2018-11763         [Fixed in 2.4.35]
 -:  -------- >  8:  64a15d34 merge-changelogs
 -:  -------- >  9:  2b0bae73 reconstruct-changelog 
 -:  -------- > 10:  bad3cd6e update-maintainer

Revision history for this message

Robie Basak (racb) wrote on 2019-01-22:

range-diff mismatches 3 and 4 are context only. 7 is correctly dropped (verified in Ubuntu and Debian's CVE tracker). All delta therefore transferred correctly.

Changes in Debian and upstream don't look like they'll affect our delta.

update-maintainer and changelog entries look good.

I'll leave with you, doesn't affect review outcome: does the http2 dep8 test want sending upstream? Or is that already done, or not appropriate?

Needs Information: Is the 3c4eef8 delta ("don't build libapache2-mod-md") still required? libapache2-mod-shib2 -> libapache2-mod-shib -> libxmltooling8 -> libcurl4 now. Rather than libcurl3 as described at https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1. So is there still a conflict with libcurl3 or is that situation gone?

All other delta looks appropriate to keep.

review: Needs Information

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-01-22:

Christian filed a bug for the http2 dep8 test with debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884068

Checking the mod-md delta will take more time. I have a card for it (https://trello.com/c/oDFhW91u), but will take a look now.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-01-31:

Debian since released 2.4.38, and I rebased. Problem is that 2.4.38 fails dep8, whereas 2.4.37 was fine. I filed a bug with debian for now (http://bugs.debian.org/921024) and am trying to investigate, but this test suite is complicated.

Unmerged commits

bad3cd6... by Andreas Hasenack on 2019-01-18: update-maintainer
2b0bae7... by Andreas Hasenack on 2019-01-18: reconstruct-changelog
64a15d3... by Andreas Hasenack on 2019-01-18: merge-changelogs
b0015c4... by Andreas Hasenack on 2019-01-18:   * Dropped:
    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
      + debian/patches/CVE-2018-11763.patch: rework connection IO event
        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
        modules/http2/h2_version.h.
        - CVE-2018-11763
        [Fixed in 2.4.35]
3c4eef8... by Andreas Hasenack on 2018-05-17:     - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
      cannot be coinstalled with libcurl3. That situation breaks the
      installation of libapache2-mod-shib2. See
      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
      for details.
7faffea... by Andreas Hasenack on 2018-05-08: - d/t/control, d/t/check-http2: add basic test for http2 support
92420b0... by Andreas Hasenack on 2018-05-08:     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
f7c44b9... by Andreas Hasenack on 2018-05-08: - debian/patches/086_svn_cross_compiles: Backport several cross
fixes from upstream
1f6fa5f... by Andreas Hasenack on 2018-05-08: - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
bbac766... by Andreas Hasenack on 2018-05-08: - debian/{control, apache2.install, apache2-utils.ufw.profile,
apache2.dirs}: Add ufw profiles.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

git-ubuntu developers

 diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
 index 63c573f..3d1bdf1 100644
 --- a/debian/apache2-bin.install
 +++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
  /usr/lib/apache2/modules/
  /usr/sbin/apache2
++debian/apache2.py usr/share/apport/package-hooks
 diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
 new file mode 100644
 index 0000000..974a655
 --- /dev/null
 +++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
++[Apache]
++title=Web Server
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80/tcp
++
++[Apache Secure]
++title=Web Server (HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=443/tcp
++
++[Apache Full]
++title=Web Server (HTTP,HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80,443/tcp
 diff --git a/debian/apache2.dirs b/debian/apache2.dirs
 index 6089013..1aa6d3c 100644
 --- a/debian/apache2.dirs
 +++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
  var/lib/apache2
  var/log/apache2
  var/www/html
++/etc/ufw/applications.d/apache2
 diff --git a/debian/apache2.install b/debian/apache2.install
 index b6ad789..92865fc 100644
 --- a/debian/apache2.install
 +++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf			/etc/apache2
  debian/config-dir/envvars			/etc/apache2
  debian/config-dir/magic				/etc/apache2
  debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
++debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
 diff --git a/debian/apache2.postrm b/debian/apache2.postrm
 index a68583c..b0e5d7b 100644
 --- a/debian/apache2.postrm
 +++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
 a94e5a174dc2396c0f3f6b6a74
  		c481228d439cbb54bdcedbaec5bbb11a
  		e2620d4a5a0f8d80dd4b16de59af981f
++		3526531ccd6c6a1d2340574a305a18f8
  	EOF
+ }
 diff --git a/debian/apache2.py b/debian/apache2.py
 new file mode 100644
 index 0000000..a9fb9d8
 --- /dev/null
 +++ b/debian/apache2.py
@@ -0,0 +1,48 @@
++#!/usr/bin/python
++
++'''apport hook for apache2
++
++(c) 2010 Adam Sommer.
++Author: Adam Sommer <asommer@ubuntu.com>
++
++This program is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published by the
++Free Software Foundation; either version 2 of the License, or (at your
++option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
++the full text of the license.
++'''
++
++from apport.hookutils import *
++import os
++
++SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
++
++def add_info(report, ui):
++    if os.path.isdir(SITES_ENABLED_DIR):
++        response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
++                            "may help developers diagnose your bug more "
++                            "quickly.  However, it may contain sensitive "
++                            "information.  Do you want to include it in your "
++                            "bug report?")
++
++        if response == None: # user cancelled
++            raise StopIteration
++
++        elif response == True:
++            # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
++            for conf_file in os.listdir(SITES_ENABLED_DIR):
++                attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
++
++    try:
++        report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
++    except OSError:
++        report['Apache2ConfdDirListing'] = str(False)
++
++    # Attach default config files if changed.
++    attach_conffiles(report, 'apache2', conffiles=None)
++
++    # Attach the error.log file.
++    attach_file(report, '/var/log/apache2/error.log', key='error.log')
++
++    # Get loaded modules.
++    report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
 diff --git a/debian/changelog b/debian/changelog
 index 82e246d..c2ae1d1 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,31 @@
++apache2 (2.4.37-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++  * Dropped:
++    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++      + debian/patches/CVE-2018-11763.patch: rework connection IO event
++        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++        modules/http2/h2_version.h.
++        - CVE-2018-11763
++        [Fixed in 2.4.35]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 18 Jan 2019 11:05:15 -0200
++
  apache2 (2.4.37-1) unstable; urgency=medium
    * New upstream version
@@ -24,6 +52,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Oct 2018 12:54:58 +0200
++apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
++
++  * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++    - debian/patches/CVE-2018-11763.patch: rework connection IO event
++      handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++      modules/http2/h2_version.h.
++    - CVE-2018-11763
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 09:57:22 -0400
++
++apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 03 Aug 2018 17:09:27 -0300
++
  apache2 (2.4.34-1) unstable; urgency=medium
    [ Ondřej Surý ]
@@ -42,6 +101,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 27 Jul 2018 21:37:37 +0200
++apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
++
++  * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
++    re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 28 Jun 2018 10:07:06 -0300
++
++apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
++
++  * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
++    libapache2-mod-md until we figure out their transitions.  libapache2-mod-md
++    in particular is problematic because that makes apache2-bin pull in
++    libcurl4 which cannot be coinstalled with libcurl3.  That situation breaks
++    the installation of libapache2-mod-shib2.  See
++    https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++    for details.
++    - Don't ship md.load and remove build-requires that were added because of
++      mod-md (see
++      https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
++    - Remove proxy_uwsgi.load as we are not building it for now (see
++      https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 May 2018 14:46:19 +0000
++
++apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1770242). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Drop:
++    - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++      + debian/patches/CVE-2017-15710.patch: fix language long names
++        detection as short name in modules/aaa/mod_authnz_ldap.c.
++      + CVE-2017-15710
++    - SECURITY UPDATE: incorrect <FilesMatch> matching
++      + debian/patches/CVE-2017-15715.patch: allow to configure
++        global/default options for regexes, like caseless matching or
++        extended format in include/ap_regex.h, server/core.c,
++        server/util_pcre.c.
++      + CVE-2017-15715
++    - SECURITY UPDATE: mod_session header manipulation
++      + debian/patches/CVE-2018-1283.patch: strip Session header when
++        SessionEnv is on in modules/session/mod_session.c.
++      + CVE-2018-1283
++    - SECURITY UPDATE: DoS via specially-crafted request
++      + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++        terminated on any error, not only on buffer full in
++        server/protocol.c.
++      + CVE-2018-1301
++    - SECURITY UPDATE: mod_cache_socache DoS
++      + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++        to carriage return in modules/cache/mod_cache_socache.c.
++      + CVE-2018-1303
++    - SECURITY UPDATE: insecure nonce generation
++      + debian/patches/CVE-2018-1312.patch: actually use the secret when
++        generating nonces in modules/aaa/mod_auth_digest.c.
++      + CVE-2018-1312
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++      [type=Forking already in the base systemd service file, and
++       RemainsAfterExit=no is the default value, so no need to
++       customize these anymore.]
++    - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
++      + added debian/patches/util_ldap_cache_lock_fix.patch
++      [Already applied upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 15 May 2018 11:03:34 -0300
++
  apache2 (2.4.33-3) unstable; urgency=medium
    * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -114,6 +254,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Sun, 14 Jan 2018 11:01:58 +0000
++apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++    - debian/patches/CVE-2017-15710.patch: fix language long names
++      detection as short name in modules/aaa/mod_authnz_ldap.c.
++    - CVE-2017-15710
++  * SECURITY UPDATE: incorrect <FilesMatch> matching
++    - debian/patches/CVE-2017-15715.patch: allow to configure
++      global/default options for regexes, like caseless matching or
++      extended format in include/ap_regex.h, server/core.c,
++      server/util_pcre.c.
++    - CVE-2017-15715
++  * SECURITY UPDATE: mod_session header manipulation
++    - debian/patches/CVE-2018-1283.patch: strip Session header when
++      SessionEnv is on in modules/session/mod_session.c.
++    - CVE-2018-1283
++  * SECURITY UPDATE: DoS via specially-crafted request
++    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++      terminated on any error, not only on buffer full in
++      server/protocol.c.
++    - CVE-2018-1301
++  * SECURITY UPDATE: mod_cache_socache DoS
++    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++      to carriage return in modules/cache/mod_cache_socache.c.
++    - CVE-2018-1303
++  * SECURITY UPDATE: insecure nonce generation
++    - debian/patches/CVE-2018-1312.patch: actually use the secret when
++      generating nonces in modules/aaa/mod_auth_digest.c.
++    - CVE-2018-1312
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Apr 2018 07:38:24 -0400
++
++apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
++
++  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
++    - added debian/patches/util_ldap_cache_lock_fix.patch
++
++ -- Rafael David Tinoco <rafael.tinoco@canonical.com>  Fri, 02 Mar 2018 02:19:31 +0000
++
++apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
++
++  * Switch back to OpenSSL 1.1.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 06 Feb 2018 11:57:20 +0000
++
++apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
++
++  * enable http2 (LP: #1687454) by stopping to disable it
++    - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: no more removed.
++    - debian/rules: no more removed proxy_http2 from configure.
++  * d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 05 Dec 2017 17:25:39 +0100
++
++apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
++    - debian/control: switch BuildDepends to libssl1.0-dev
++    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
++    - debian/rules: remove openssl virtual package and logic
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Nov 2017 10:51:46 -0500
++
  apache2 (2.4.29-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -178,6 +403,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 16 Jul 2017 23:11:07 +0200
++apache2 (2.4.27-2ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: optionsbleed information leak
++    - debian/patches/CVE-2017-9798.patch: disallow method registration
++      at run time in server/core.c.
++    - CVE-2017-9798
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Sep 2017 11:05:48 -0400
++
++apache2 (2.4.27-2ubuntu2) artful; urgency=medium
++
++  * Undrop (LP 1658469):
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Aug 2017 13:04:45 -0400
++
++apache2 (2.4.27-2ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1702582). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 27 Jul 2017 13:38:39 -0700
++
  apache2 (2.4.27-2) unstable; urgency=medium
    * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -207,6 +473,55 @@ apache2 (2.4.25-4) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Tue, 20 Jun 2017 21:31:51 +0200
++apache2 (2.4.25-3ubuntu3) artful; urgency=medium
++
++  * Re-Drop (LP: #1658469):
++    - Don't build experimental http2 module for LTS:
++     + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++     + debian/config-dir/mods-available/http2.load: removed.
++     + debian/rules: removed proxy_http2 from configure.
++     + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 01 May 2017 09:55:11 -0700
++
++apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
++  * Undrop (LP 1658469):
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 10 Feb 2017 08:53:43 -0800
++
++apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1663425). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++   * Drop (LP: #1658469):
++     - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 09 Feb 2017 15:48:28 -0800
++
  apache2 (2.4.25-3) unstable; urgency=medium
    * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -268,6 +583,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Wed, 21 Dec 2016 23:46:06 +0100
++apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
++      d/source/include-binaries: replace Debian with Ubuntu on default
++      page.
++      [ include-binaries change previously undocumented ]
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++        [ Previously undocumented ]
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++  * Drop:
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 09 Dec 2016 11:02:38 +0100
++
  apache2 (2.4.23-8) unstable; urgency=medium
    * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -278,6 +626,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 20 Nov 2016 00:33:13 +0100
++apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Nov 2016 09:17:24 -0500
++
  apache2 (2.4.23-7) unstable; urgency=medium
    * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -392,6 +767,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 10 Apr 2016 14:03:41 +0200
++apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
++
++  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
++    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
++      server/util_script.c.
++    - CVE-2016-5387
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Jul 2016 14:32:02 -0400
++
++apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
++
++  [ Ryan Harper ]
++  * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
++    introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
++    all, since http2 support is intentionally disabled (see LP 1531864).
++  * d/apache2.maintscript: handle removal of http2.load conffile.
++
++  [ Robie Basak ]
++  * Re-write Ryan's changelog entry.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 15 Apr 2016 18:00:57 +0000
++
++apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
++
++  * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
++    - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
++      unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
++      between systemctl status and actual state of apache2 daemon.
++    - d/apache2.install: place the apache2-systemd.conf file in the correct location.
++
++ -- Pierre-André MOREY <pierre-andre.morey@canonical.com>  Fri, 08 Apr 2016 11:48:00 +0200
++
++apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 06 Apr 2016 00:18:31 +0300
++
  apache2 (2.4.18-2) unstable; urgency=low
    * htcacheclean:
@@ -417,6 +841,24 @@ apache2 (2.4.18-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 28 Mar 2016 21:58:54 +0200
++apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Jan 2016 15:15:22 -0500
++
  apache2 (2.4.18-1) unstable; urgency=medium
    * New upstream release:
@@ -424,12 +866,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 19 Dec 2015 09:26:14 +0100
++apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 03 Dec 2015 10:07:35 -0500
++
  apache2 (2.4.17-3) unstable; urgency=medium
    * mpm_prefork: Fix segfault if started with -X. Closes: #805737
   -- Stefan Fritsch <sf@debian.org>  Mon, 23 Nov 2015 19:52:09 +0100
++apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Nov 2015 09:11:52 -0500
++
  apache2 (2.4.17-2) unstable; urgency=medium
    * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -440,6 +918,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 31 Oct 2015 23:17:11 +0100
++apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++  * Drop patches (applied upstream):
++    - debian/patches/CVE-2015-3183.patch
++    - debian/patches/CVE-2015-3185.patch
++  * Drop changes (adopted in Debian):
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Don't build experimental http2 module for LTS
++    - debian/control: removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 30 Oct 2015 09:35:46 -0400
++
  apache2 (2.4.17-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -505,6 +1008,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 02 Aug 2015 00:44:07 +0200
++apache2 (2.4.12-2ubuntu2) wily; urgency=medium
++
++  * SECURITY UPDATE: request smuggling via chunked transfer encoding
++    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
++      modules/http/http_filters.c.
++    - CVE-2015-3183
++  * SECURITY UPDATE: access restriction bypass via deprecated API
++    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
++      in include/http_request.h, server/request.c.
++    - CVE-2015-3185
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Jul 2015 09:56:09 -0400
++
++apache2 (2.4.12-2ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Drop patches (applied upstream):
++    - d/p/split-logfile.patch
++    - d/p/CVE-2015-0228.patch
++  * Drop changes (superceded in Debian):
++    - Cherry-pick versioned build-depend on dpkg from Debian for correct
++      dpkg-maintscript-helper symlink_to_dir support.
++  * Drop changes (adopted in Debian):
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++  * Fix cross-building configure line in d/rules, which had bit-rotted in
++    previous merges.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 May 2015 16:34:00 +0000
++
  apache2 (2.4.12-2) unstable; urgency=medium
    [ Jean-Michel Nirgal Vourgère ]
@@ -554,6 +1100,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 15 Mar 2015 10:47:36 +0100
++apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
++      denial of service in mod_lua via websockets PING
++  * debian/tests/ssl-passphrase: Add password responder for
++    systemd-ask-passphrase.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 09 Mar 2015 12:03:16 +0100
++
  apache2 (2.4.10-9) unstable; urgency=medium
    * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -568,6 +1136,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Mon, 22 Dec 2014 20:24:36 +0100
++apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
++
++  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
++    directives
++    - debian/patches/CVE-2014-8109.patch: handle multiple Require
++      directives with different arguments in modules/lua/mod_lua.c.
++    - CVE-2014-8109
++  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
++    - debian/patches/CVE-2015-0228.patch: fix logic in
++      modules/lua/lua_request.c.
++    - CVE-2015-0228
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Mar 2015 10:56:34 -0500
++
++apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
++
++  * Allow "triggers-awaited" and "triggers-pending" states in addition to
++    "installed" when determining whether to defer actions or process
++    deferred actions (LP: #1393832).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 26 Nov 2014 11:31:44 +0000
++
++apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++  * Fixes from Debian included in merge:
++    - Crash caused by OCSP stapling code; this was erroneously
++      attributed to Debian in my previous merge, but actually only
++      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
++  * Cherry-pick versioned build-depend on dpkg from Debian for correct
++    dpkg-maintscript-helper symlink_to_dir support.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 21 Nov 2014 15:15:58 +0000
++
  apache2 (2.4.10-8) unstable; urgency=medium
    * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -582,6 +1198,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Tue, 18 Nov 2014 15:18:18 +0100
++apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++  * Fixes from Debian included in merge:
++    - Don't use a2query in preinst, as it may not be available yet
++      (LP: #1312533).
++    - Crash caused by OCSP stapling code (LP: #1366174).
++    - Disable SSLv3 in default config (LP: #1358305).
++    - If apache2 is not configured yet, defer actions executed via
++      apache2-maintscript-helper. This fixes installation failures if a
++      module package is configured first (LP: #1312854).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Mon, 17 Nov 2014 18:04:40 +0000
++
  apache2 (2.4.10-7) unstable; urgency=medium
    * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -665,6 +1308,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 21 Sep 2014 22:58:33 +0200
++apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install: Plymouth aware passphrase dialog program
++      ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 24 Jul 2014 15:13:16 +0000
++
  apache2 (2.4.10-1) unstable; urgency=medium
    [ Arno Töll ]
@@ -712,6 +1374,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 08 Jun 2014 10:38:04 +0200
++apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
++
++  * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
++    yet support building against lua 5.2 (LP: #1323930).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 28 May 2014 08:55:25 +0000
++
++apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/tests/ssl-passphrase: update for new default path /var/www/html.
++    - d/tests/duplicate-module-load: check for duplicate module loads.
++    - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
++    - d/p/split-logfile.patch: fix completely broken split-logfile command
++      (LP: #1299162). Thanks to Holger Mauermann.
++  * Drop changes (upstreamed):
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++  * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 May 2014 19:30:04 +0000
++
  apache2 (2.4.9-1) unstable; urgency=medium
    * New upstream version.
@@ -744,6 +1445,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 29 Mar 2014 22:50:32 +0100
++apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
++
++  * d/p/split-logfile.patch: fix completely broken split-logfile command
++    (LP: #1299162). Thanks to Holger Mauermann.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 03 Apr 2014 11:21:22 +0000
++
++apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
++
++  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
++    calculation
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - CVE-2013-6438
++  * SECURITY UPDATE: denial of service via truncated cookie and
++    mod_log_config
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++    - CVE-2014-0098
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Mar 2014 08:34:10 -0400
++
++apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
++
++  * d/index.html: replace Debian with Ubuntu on default page
++    (LP: #1288690).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 19 Mar 2014 11:04:21 +0000
++
++apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++  * Drop changes:
++    - debian/{control, rules}: Enable PIE hardening: no longer required;
++      2.4.7-1 is already hardened.
++    - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
++      out of this package.
++  * d/tests/ssl-passphrase: update for new default path /var/www/html.
++  * d/tests/duplicate-module-load: check for duplicate module loads.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Tue, 14 Jan 2014 17:23:47 +0000
++
  apache2 (2.4.7-1) unstable; urgency=low
    New upstream version
@@ -807,6 +1565,53 @@ apache2 (2.4.6-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 12 Aug 2013 20:15:38 +0200
++apache2 (2.4.6-2ubuntu4) trusty; urgency=low
++
++  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
++    that it does not use files find inside the .pc directory. This stops a
++    double module load causing later havoc, including "ChrootDir" directive
++    failure (LP: #1251939). Thanks to Stefan Fritsch.
++  * d/tests/chroot: dep8 test for ChrootDir case.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 Nov 2013 16:21:51 +0000
++
++apache2 (2.4.6-2ubuntu3) trusty; urgency=low
++
++  * debian/apache2.install: Correct path for ufw.
++    (LP: #1252722)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 19 Nov 2013 08:59:54 -0500
++
++apache2 (2.4.6-2ubuntu2) saucy; urgency=low
++
++  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
++    passphrase prompting for SSL certificates that are passphrase protected.
++  * Add dep8 test for SSL passphrase prompting.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 Aug 2013 13:08:52 +0000
++
++apache2 (2.4.6-2ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/control, debian/config-dir/mods-available/ssl.conf,
++      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
++      passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++  * Dropped changes:
++    - debian/patches/CVE-2013-1896.patch: upstream
++  * Fixed module dependencies (LP: #1205314)
++    - debian/config-dir/mods-available/lbmethod_*: properly specify
++      proxy_balancer, not mod_proxy_balancer.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 Jul 2013 08:31:33 -0400
++
  apache2 (2.4.6-2) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -859,6 +1664,56 @@ apache2 (2.4.6-1) unstable; urgency=low
   -- Arno Töll <arno@debian.org>  Sun, 21 Jul 2013 18:44:42 +0200
++apache2 (2.4.4-6ubuntu5) saucy; urgency=low
++
++  * SECURITY UPDATE: denial of service via MERGE request
++    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
++      in modules/dav/main/mod_dav.c.
++    - CVE-2013-1896
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Jul 2013 11:20:47 -0400
++
++apache2 (2.4.4-6ubuntu4) saucy; urgency=low
++
++  * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
++    apache2-bin. apache2-utils is only suggested by apache2, so may not
++    always be installed by bug reporters. However, apache2-bin will always
++    need to be installed for Apache to be functional, so this is a better
++    place for the apport hook. apache2-bin already Conflicts/Replaces
++    apache2.2-common, so this also fixes (LP: #1199318).
++  * d/apache2.py: adjust apport hook for new location of configuration
++    files in apache2 >= 2.4: they have moved from apache2.2-common to
++    apache2.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 17 Jul 2013 17:54:22 +0000
++
++apache2 (2.4.4-6ubuntu3) saucy; urgency=low
++
++  * Build using lua5.2.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Jul 2013 14:24:42 +0200
++
++apache2 (2.4.4-6ubuntu2) saucy; urgency=low
++
++  * debian/rules: Fix FTBFS while installing ufw.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 10:10:14 -0500
++
++apache2 (2.4.4-6ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 08:34:01 -0500
++
  apache2 (2.4.4-6) unstable; urgency=low
    * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1330,6 +2185,122 @@ apache2 (2.4.1-1) experimental; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 19 Mar 2012 10:46:02 +0100
++apache2 (2.2.22-6ubuntu5) raring; urgency=low
++
++  * SECURITY UPDATE: multiple cross-site scripting issues
++    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
++      modules/generators/{mod_info.c,mod_status.c},
++      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
++      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
++    - CVE-2012-3499
++    - CVE-2012-4558
++  * SECURITY UPDATE: symlink attack in apache2ctl script
++    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
++    - Thanks to Stefan Fritsch for the fix.
++    - CVE-2013-1048
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 15 Mar 2013 07:59:58 -0400
++
++apache2 (2.2.22-6ubuntu4) raring; urgency=low
++
++  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
++  * Skip module sanity check between MPMs if cross-building without the
++    kernel/binfmt support to run our target binaries on the build system.
++  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 05 Dec 2012 02:21:46 -0700
++
++apache2 (2.2.22-6ubuntu3) raring; urgency=low
++
++  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
++    - debian/patches/CVE-2012-2687.patch: escape filenames in
++      modules/mappers/mod_negotiation.c.
++    - CVE-2012-2687
++  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
++    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
++      directive. Defaults to off as enabling compression enables the CRIME
++      attack.
++    - CVE-2012-4929
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 08 Nov 2012 17:56:24 -0500
++
++apache2 (2.2.22-6ubuntu2) quantal; urgency=low
++
++  * debian/apache2.py
++   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
++   - Check if this directory exists: /etc/apache2/sites-enabled/
++
++ -- Matthieu Baerts (matttbe) <matttbe@gmail.com>  Mon, 16 Jul 2012 10:02:18 +0200
++
++apache2 (2.2.22-6ubuntu1) quantal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/control: Add bzr tag and point it to our tree; this is not
++      really required and just increases the delta.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 08 Jun 2012 11:37:31 +0100
++
++apache2 (2.2.22-6) unstable; urgency=low
++
++  [ Stefan Fritsch ]
++  * Fix regression causing apache2 to cache "206 partial content" responses,
++    and then serving these partial responses when replying to normal requests.
++    Closes: #671204
++  * Add section to security.conf that shows how to forbid access to VCS
++    directories. Closes: #548213
++  * Update ssl default cipher config, add alternative speed optimized config.
++    Closes: #649020
++  * Add "AddCharset" for .brf files in default mod_mime config.
++    Closes: #402567
++  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
++    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
++  * Port some of the comments in apache2.conf from the 2.4 package.
++  * Compile mod_version statically, drop associated module load file.
++  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
++    configtest.
++  * Note in README.Debian that future versions of the package will have the
++    include statements changed to include only *.conf.
++  * Change compiled-in document root to /var/www, to avoid strange error
++    messages.
++  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
++
++  [ Arno Töll ]
++  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
++    to override LDFLAGS at compile time by defining LDLAGS in the environment,
++    just like it is possible for CFLAGS. This also means, config_vars.mk now
++    exports hardening build flags by default.
++  * Update doc-base metadata for the apache2-doc package.
++
++ -- Stefan Fritsch <sf@debian.org>  Tue, 29 May 2012 22:05:48 +0200
++
++apache2 (2.2.22-5) unstable; urgency=low
++
++  * Make LoadFile and LoadModule look in the standard search paths if the
++    dso file name is given as a pure filename. This helps with the multi-arch
++    transition.
++
++ -- Stefan Fritsch <sf@debian.org>  Mon, 30 Apr 2012 23:38:33 +0200
++
++apache2 (2.2.22-4) unstable; urgency=high
++
++  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
++    hosts' config files.
++    If scripting modules like mod_php or mod_rivet are enabled on systems
++    where either 1) some frontend server forwards connections to an apache2
++    backend server on the localhost address, or 2) the machine running
++    apache2 is also used for web browsing, this could allow a remote
++    attacker to execute example scripts stored under /usr/share/doc.
++    Depending on the installed packages, this could lead to issues like cross
++    site scripting, code execution, or leakage of sensitive data.
++
++ -- Stefan Fritsch <sf@debian.org>  Sun, 15 Apr 2012 23:41:43 +0200
++
  apache2 (2.2.22-3) unstable; urgency=low
    * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1350,6 +2321,18 @@ apache2 (2.2.22-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 15 Mar 2012 00:02:31 +0100
++apache2 (2.2.22-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 12 Feb 2012 20:06:35 -0500
++
  apache2 (2.2.22-1) unstable; urgency=low
     [ Stefan Fritsch ]
@@ -1367,6 +2350,18 @@ apache2 (2.2.22-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 01 Feb 2012 21:49:04 +0100
++apache2 (2.2.21-5ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++
  apache2 (2.2.21-5) unstable; urgency=low
    [ Arno Töll ]
@@ -1420,6 +2415,26 @@ apache2 (2.2.21-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 29 Dec 2011 12:09:14 +0100
++apache2 (2.2.21-3ubuntu2) precise; urgency=low
++
++  * d/ask-for-passphrase: Flip the logic of this script so that it checks
++    first to see if apache is being started from a TTY, and then if not,
++    tries plymouth. (LP: #887410)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 06 Dec 2011 16:49:33 -0800
++
++apache2 (2.2.21-3ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 05:20:43 +0000
++
  apache2 (2.2.21-3) unstable; urgency=medium
    * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1434,6 +2449,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 03 Dec 2011 18:54:03 +0100
++apache2 (2.2.21-2ubuntu2) precise; urgency=low
++
++  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 02 Dec 2011 17:36:28 -0700
++
++apache2 (2.2.21-2ubuntu1) precise; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 14 Oct 2011 16:01:29 +0000
++
  apache2 (2.2.21-2) unstable; urgency=high
    * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1451,6 +2484,19 @@ apache2 (2.2.21-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 26 Sep 2011 18:16:11 +0200
++apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
++    Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 06 Sep 2011 01:17:15 -0700
++
  apache2 (2.2.20-1) unstable; urgency=low
    * New upstream release.
@@ -1473,6 +2519,18 @@ apache2 (2.2.19-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 29 Aug 2011 17:08:17 +0200
++apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable (LP: #787013). Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Andres Rodriguez <andreserl@ubuntu.com>  Mon, 23 May 2011 10:16:09 -0400
++
  apache2 (2.2.19-1) unstable; urgency=low
    * New upstream release.
@@ -1490,6 +2548,18 @@ apache2 (2.2.19-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 22 May 2011 10:21:21 +0200
++apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 11 Apr 2011 02:13:30 +0100
++
  apache2 (2.2.17-3) unstable; urgency=low
    * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1516,6 +2586,18 @@ apache2 (2.2.17-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 21 Mar 2011 23:01:17 +0100
++apache2 (2.2.17-1ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 22 Feb 2011 13:02:08 -0500
++
  apache2 (2.2.17-1) unstable; urgency=low
    * New upstream version
@@ -1524,6 +2606,32 @@ apache2 (2.2.17-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 15 Feb 2011 23:30:18 +0100
++apache2 (2.2.16-6ubuntu3) natty; urgency=low
++
++  * debian/rules: Don't use "-fno-strict-aliasing" since it causes
++    apache FTBFS on amd64. (LP: #711293)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 01 Feb 2011 10:19:55 -0500
++
++apache2 (2.2.16-6ubuntu2) natty; urgency=low
++
++  * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
++   (LP: #697105)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 25 Jan 2011 11:14:58 -0500
++
++apache2 (2.2.16-6ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 02 Jan 2011 06:05:51 +0000
++
  apache2 (2.2.16-6) unstable; urgency=low
    * Also add $named to the secondary-init-script example.
@@ -1539,6 +2647,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 31 Dec 2010 01:22:19 +0100
++apache2 (2.2.16-4ubuntu2) natty; urgency=low
++
++  [Clint Byrum]
++  * Adding plymouth aware passphrase dialog program ask-for-passphrase.
++    (LP: #582963)
++    + debian/control: apache2.2-common depends on bash for ask-for-passphrase
++    + debian/config-dir/mods-available/ssl.conf:
++      - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
++
++  [Chuck Short]
++  * Add apport hook. (LP: #609177)
++    + debian/apache2.py, debian/apache2.2-common.install
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:43 -0500
++
++apache2 (2.2.16-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:41 -0500
++
  apache2 (2.2.16-4) unstable; urgency=medium
    * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1549,6 +2681,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Nov 2010 19:05:55 +0100
++apache2 (2.2.16-3ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 12 Oct 2010 11:54:48 +0100
++
  apache2 (2.2.16-3) unstable; urgency=high
    * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1571,6 +2712,30 @@ apache2 (2.2.16-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 29 Aug 2010 15:29:21 +0200
++apache2 (2.2.16-1ubuntu3) maverick; urgency=low
++
++  * Revert "stty sane" to unbreak apache starting, this will have to be
++    fixed a different way. (LP: #626723)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 08 Sep 2010 08:33:17 -0400
++
++apache2 (2.2.16-1ubuntu2) maverick; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
++    password prompt when using apache-ssl. (LP: #582963)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 25 Aug 2010 09:25:05 -0400
++
++apache2 (2.2.16-1ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Jul 2010 20:21:37 +0100
++
  apache2 (2.2.16-1) unstable; urgency=medium
    * Urgency medium for security fix.
@@ -1603,6 +2768,24 @@ apache2 (2.2.15-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jul 2010 23:41:08 +0200
++apache2 (2.2.15-5ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++    + Dropped:
++      - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
++      - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
++      - debian/config-dir/apache2.conf: Merged back from debian.
++      - mod-reqtimeout functionality: Merge back from debian.
++      - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
++      - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
++      - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 May 2010 01:28:04 +0100
++
  apache2 (2.2.15-5) unstable; urgency=low
    * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -1723,6 +2906,80 @@ apache2 (2.2.14-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Feb 2010 17:29:45 +0100
++apache2 (2.2.14-5ubuntu8) lucid; urgency=low
++
++  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
++    (LP: #562370)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 13 Apr 2010 15:09:57 -0400
++
++apache2 (2.2.14-5ubuntu7) lucid; urgency=low
++
++  * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
++    leaks by making sure to not destroy bucket brigades that have been created
++    by earlier filters. Backported from 2.2.15.
++  * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
++    has reached MaxClients until it has. Backported from 2.2.15
++  * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
++    more secure by adding Satisfy all. (Debian bug: #572075)
++  * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
++    debian/config2-dir/mods-available/reqtimeout.load,
++    debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
++    mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
++    bug in apache. Enable it by default. (LP: #392759)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 05 Apr 2010 09:53:35 -0400
++
++apache2 (2.2.14-5ubuntu6) lucid; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 09:41:11 -0400
++
++apache2 (2.2.14-5ubuntu5) lucid; urgency=low
++
++  * Revert 99-fix-mod-dav-permissions.dpatch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 07:55:46 -0400
++
++apache2 (2.2.14-5ubuntu4) lucid; urgency=low
++
++  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
++    downloading files from webdav (LP: #540747)
++  * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 29 Mar 2010 13:37:39 -0400
++
++apache2 (2.2.14-5ubuntu3) lucid; urgency=low
++
++  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
++    - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
++      in modules/proxy/mod_proxy_ajp.c.
++    - CVE-2010-0408
++  * SECURITY UPDATE: information disclosure via improper handling of
++    headers in subrequests
++    - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
++      in server/protocol.c.
++    - CVE-2010-0434
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Mar 2010 14:48:48 -0500
++
++apache2 (2.2.14-5ubuntu2) lucid; urgency=low
++
++  * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
++    wacky options. (LP: #450501)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 08 Mar 2010 14:53:17 -0500
++
++apache2 (2.2.14-5ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing.  Remaining changes: LP: #506862
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Wed, 13 Jan 2010 14:28:41 +0530
++
  apache2 (2.2.14-5) unstable; urgency=low
    * Security: Further mitigation for the TLS renegotation attack
@@ -1746,6 +3003,15 @@ apache2 (2.2.14-5) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sat, 02 Jan 2010 22:44:15 +0100
++apache2 (2.2.14-4ubuntu1) lucid; urgency=low
++
++  * Resynchronzie with Debian, remaining changes are:
++   - debian/{control, rules}: Enable PIE hardening.
++   - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++   - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 23 Dec 2009 14:44:51 -0500
++
  apache2 (2.2.14-4) unstable; urgency=low
    * Disable localized error pages again by default because they break
@@ -1796,6 +3062,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 07 Nov 2009 14:37:37 +0100
++apache2 (2.2.14-1ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/conrol: Add bzr tag and point it to our tree.
++    - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++      Already applied upstream.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Nov 2009 00:29:03 +0000
++
  apache2 (2.2.14-1) unstable; urgency=low
    * New upstream version:
@@ -1830,6 +3107,24 @@ apache2 (2.2.13-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 31 Aug 2009 20:28:56 +0200
++apache2 (2.2.12-1ubuntu2) karmic; urgency=low
++
++  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++    - Fix potential segfaults with the use of the legacy ap_rputs() etc
++      interfaces, in cases where an output filter fails. This happens
++      frequently after CVE-2009-1891 got fixed. (LP: #409987)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Aug 2009 15:38:47 -0400
++
++apache2 (2.2.12-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++    - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 04 Aug 2009 20:04:24 +0100
++
  apache2 (2.2.12-1) unstable; urgency=low
    * New upstream release:
@@ -1877,6 +3172,16 @@ apache2 (2.2.12-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 04 Aug 2009 11:02:34 +0200
++apache2 (2.2.11-7ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes: LP: #398130
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 11 Jul 2009 16:34:32 +0530
++
  apache2 (2.2.11-7) unstable; urgency=low
    * Security fixes:
@@ -1891,6 +3196,16 @@ apache2 (2.2.11-7) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 10 Jul 2009 22:42:57 +0200
++apache2 (2.2.11-6ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 09 Jun 2009 01:01:23 +0100
++
  apache2 (2.2.11-6) unstable; urgency=high
    * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -1899,6 +3214,16 @@ apache2 (2.2.11-6) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 08 Jun 2009 19:22:58 +0200
++apache2 (2.2.11-5ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Wed, 03 Jun 2009 14:10:54 +1200
++
  apache2 (2.2.11-5) unstable; urgency=low
    * Move all binaries into a new package apache2.2-bin and make
@@ -1947,6 +3272,16 @@ apache2 (2.2.11-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 19 May 2009 22:55:27 +0200
++apache2 (2.2.11-3ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Tue, 12 May 2009 16:15:34 +1200
++
  apache2 (2.2.11-3) unstable; urgency=low
    * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -1955,6 +3290,21 @@ apache2 (2.2.11-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 31 Mar 2009 21:07:26 +0200
++apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
++
++  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 01 Apr 2009 11:39:17 -0400
++
++apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{contro,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sat, 17 Jan 2009 00:02:55 +0000
++
  apache2 (2.2.11-2) unstable; urgency=low
    * Report an error instead instead of segfaulting when apr_pollset_create
@@ -1964,6 +3314,14 @@ apache2 (2.2.11-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jan 2009 19:01:59 +0100
++apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 15 Dec 2008 00:06:50 +0000
++
  apache2 (2.2.11-1) unstable; urgency=low
    [Thom May]
@@ -1978,6 +3336,14 @@ apache2 (2.2.11-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Dec 2008 09:34:24 +0100
++apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes: (LP: #303375)
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 29 Nov 2008 14:02:31 +0530
++
  apache2 (2.2.9-11) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy:
@@ -1992,6 +3358,14 @@ apache2 (2.2.9-11) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 26 Nov 2008 23:10:22 +0100
++apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 Nov 2008 02:23:18 -0400
++
  apache2 (2.2.9-10) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy_http:
@@ -2022,6 +3396,27 @@ apache2 (2.2.9-8) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 11 Sep 2008 09:17:33 +0200
++apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
++
++  * Revert logrotate change since it will break it for everyone.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 19 Sep 2008 09:32:01 -0400
++
++apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
++
++  * debian/logrotate: Restart rather than reload for busy websites.
++    (LP: #270899)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 18 Sep 2008 08:42:22 -0400
++
++apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 28 Aug 2008 08:10:59 -0700
++
  apache2 (2.2.9-7) unstable; urgency=low
    * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2064,6 +3459,23 @@ apache2 (2.2.9-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 06 Jul 2008 10:38:37 +0200
++apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
++
++  * add ufw integration (see
++    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
++    (LP: #261198)
++    - debian/control: suggest ufw for apache2.2-common
++    - add apache2.2-common.ufw.profile with 3 profiles and install it to
++      /etc/ufw/applications.d/apache2.2-common
++
++ -- Didier Roche <didrocks@ubuntu-fr.org>  Tue, 26 Aug 2008 19:03:42 +0200
++
++apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
++
++  * debian/{control,rules}: enable PIE hardening
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 20 Aug 2008 15:45:00 -0700
++
  apache2 (2.2.9-3) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -4144,3 +5556,4 @@ apache2 (2.0.18-1) unstable; urgency=low
    * Initial Release.
   -- Daniel Stone <daniel@sfarc.net>  Wed,  4 Jul 2001 21:29:29 +1000
++
 diff --git a/debian/config-dir/mods-available/md.load b/debian/config-dir/mods-available/md.load
 deleted file mode 100644
 index 812a6a6..0000000
 --- a/debian/config-dir/mods-available/md.load
 +++ /dev/null
@@ -1 +0,0 @@
--LoadModule md_module /usr/lib/apache2/modules/mod_md.so
 diff --git a/debian/control b/debian/control
 index 5bddb33..15957e5 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: apache2
  Section: httpd
  Priority: optional
--Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
  Uploaders: Stefan Fritsch <sf@debian.org>,
             Arno Töll <arno@debian.org>,
             Ondřej Surý <ondrej@debian.org>
@@ -18,9 +19,7 @@ Build-Depends: debhelper (>= 9.20160709~),
                 libxml2-dev,
                 lsb-release,
                 perl,
--               zlib1g-dev,
--               libcurl4-openssl-dev | libcurl4-dev,
--               libjansson-dev
++               zlib1g-dev
  Build-Conflicts: autoconf2.13
  Standards-Version: 4.1.2
  Vcs-Browser: https://salsa.debian.org/apache-team/apache2
@@ -44,15 +43,14 @@ Provides: httpd,
  Recommends: ssl-cert
  Conflicts: apache2.2-bin,
             apache2.2-common
--Breaks: libapache2-mod-md (<< 2.4.33),
--        libapache2-mod-proxy-uwsgi (<< 2.4.33)
++Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
  Replaces: apache2.2-bin,
            apache2.2-common,
--          libapache2-mod-md (<< 2.4.33),
            libapache2-mod-proxy-uwsgi (<< 2.4.33)
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
--          www-browser
++          www-browser,
++          ufw
  Description: Apache HTTP Server
   The Apache HTTP Server Project's goal is to build a secure, efficient and
   extensible HTTP server as standards-compliant open source software. The
@@ -81,10 +79,8 @@ Depends: ${misc:Depends},
  Provides: ${apache2:API}
  Breaks: gridsite (<< 3.0.0~20170225gitd51b2fd-1~),
          libapache2-mod-dacs (<= 1.4.38a-2),
--        libapache2-mod-md (<< 2.4.33),
          libapache2-mod-proxy-uwsgi (<< 2.4.33)
--Replaces: libapache2-mod-md (<< 2.4.33),
--          libapache2-mod-proxy-uwsgi (<< 2.4.33)
++Replaces: libapache2-mod-proxy-uwsgi (<< 2.4.33)
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
            www-browser
@@ -210,14 +206,6 @@ Description: Apache debugging symbols
   crashing server instances and modules.  See
   /usr/share/doc/apache2/README.backtrace for more information.
--Package: libapache2-mod-md
--Architecture: any
--Section: oldlibs
--Depends: ${misc:Depends}, apache2 (= ${binary:Version})
--Description: transitional package
-- This is a transitional package to apache2 for users of libapache2-mod-md.
-- It can be safely removed after the installation is complete.
--
  Package: libapache2-mod-proxy-uwsgi
  Architecture: any
  Section: oldlibs
 diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
 new file mode 100644
 index 0000000..4db2fa1
 Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
 diff --git a/debian/index.html b/debian/index.html
 index 766401d..96ed444 100644
 --- a/debian/index.html
 +++ b/debian/index.html
@@ -1,9 +1,14 @@
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
++  <!--
++    Modified from the Debian original for Ubuntu
++    Last updated: 2016-11-16
++    See: https://launchpad.net/bugs/1288690
++  -->
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
--    <title>Apache2 Debian Default Page: It works</title>
++    <title>Apache2 Ubuntu Default Page: It works</title>
      <style type="text/css" media="screen">
    * {
      margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
    <body>
      <div class="main_page">
        <div class="page_header floating_element">
--        <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>
++        <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
          <span class="floating_element">
--          Apache2 Debian Default Page
++          Apache2 Ubuntu Default Page
          </span>
        </div>
  <!--      <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
          <div class="content_section_text">
            <p>
                  This is the default welcome page used to test the correct
--                operation of the Apache2 server after installation on Debian systems.
++                operation of the Apache2 server after installation on Ubuntu systems.
++                It is based on the equivalent page on Debian, from which the Ubuntu Apache
++                packaging is derived.
                  If you can read this page, it means that the Apache HTTP server installed at
                  this site is working properly. You should <b>replace this file</b> (located at
                  <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Debian's Apache2 default configuration is different from the
++                Ubuntu's Apache2 default configuration is different from the
                  upstream default configuration, and split into several files optimized for
--                interaction with Debian tools. The configuration system is
++                interaction with Ubuntu tools. The configuration system is
                  <b>fully documented in
                  /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
                  documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
            </p>
            <p>
--                The configuration layout for an Apache2 web server installation on Debian systems is as follows:
++                The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
            </p>
            <pre>
  /etc/apache2/
@@ -324,7 +331,7 @@
          <div class="content_section_text">
              <p>
--                By default, Debian does not allow access through the web browser to
++                By default, Ubuntu does not allow access through the web browser to
                  <em>any</em> file apart of those located in <tt>/var/www</tt>,
                  <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
                  directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
                  document root directory in <tt>/etc/apache2/apache2.conf</tt>.
              </p>
              <p>
--                The default Debian document root is <tt>/var/www/html</tt>. You
++                The default Ubuntu document root is <tt>/var/www/html</tt>. You
                  can make your own virtual hosts under /var/www. This is different
                  to previous releases which provides better security out of the box.
              </p>
@@ -345,9 +352,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Please use the <tt>reportbug</tt> tool to report bugs in the
--                Apache2 package with Debian. However, check <a
--                href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"
++                Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
++                Apache2 package with Ubuntu. However, check <a
++                href="https://bugs.launchpad.net/ubuntu/+source/apache2"
                  rel="nofollow">existing bug reports</a> before reporting a new bug.
            </p>
            <p>
 diff --git a/debian/patches/086_svn_cross_compiles b/debian/patches/086_svn_cross_compiles
 new file mode 100644
 index 0000000..b237908
 --- /dev/null
 +++ b/debian/patches/086_svn_cross_compiles
@@ -0,0 +1,118 @@
++Description: Pull upstream fixes for autotools for cross-compiling
++Author: Adam Conrad <adconrad@ubuntu.com>
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328445
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1327907
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328390
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328714
++Forwarded: not-needed
++
++Index: apache2-2.4.29/acinclude.m4
++===================================================================
++--- apache2-2.4.29.orig/acinclude.m4	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/acinclude.m4	2017-11-10 10:56:51.484205199 -0500
++@@ -55,6 +55,8 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
++   APACHE_SUBST(CPPFLAGS)
++   APACHE_SUBST(CFLAGS)
++   APACHE_SUBST(CXXFLAGS)
+++  APACHE_SUBST(CC_FOR_BUILD)
+++  APACHE_SUBST(CFLAGS_FOR_BUILD)
++   APACHE_SUBST(LTFLAGS)
++   APACHE_SUBST(LDFLAGS)
++   APACHE_SUBST(LT_LDFLAGS)
++@@ -697,7 +699,7 @@ int main(void)
++ {
++     return sizeof(void *) < sizeof(long);
++ }], [ap_cv_void_ptr_lt_long=no], [ap_cv_void_ptr_lt_long=yes],
++-    [ap_cv_void_ptr_lt_long=yes])])
+++    [ap_cv_void_ptr_lt_long="cross compile - not checked"])])
++
++ if test "$ap_cv_void_ptr_lt_long" = "yes"; then
++     AC_MSG_ERROR([Size of "void *" is less than size of "long"])
++Index: apache2-2.4.29/configure
++===================================================================
++--- apache2-2.4.29.orig/configure	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/configure	2017-11-10 10:56:51.488205250 -0500
++@@ -662,6 +662,8 @@ HTTPD_LDFLAGS
++ SH_LDFLAGS
++ LT_LDFLAGS
++ LTFLAGS
+++CFLAGS_FOR_BUILD
+++CC_FOR_BUILD
++ CXXFLAGS
++ CXX
++ other_targets
++@@ -6071,6 +6073,12 @@ fi
++
++
++
+++if test "x${build_alias}" != "x${host_alias}"; then
+++  if test "x${CC_FOR_BUILD}" = "x"; then
+++    CC_FOR_BUILD=cc
+++  fi
+++fi
+++
++ if test "x${cache_file}" = "x/dev/null"; then
++   # Likewise, ensure that CC and CPP are passed through to the pcre
++   # configure script iff caching is disabled (the autoconf 2.5x default).
++@@ -7698,7 +7706,7 @@ if ${ap_cv_void_ptr_lt_long+:} false; th
++   $as_echo_n "(cached) " >&6
++ else
++   if test "$cross_compiling" = yes; then :
++-  ap_cv_void_ptr_lt_long=yes
+++  ap_cv_void_ptr_lt_long="cross compile - not checked"
++ else
++   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++ /* end confdefs.h.  */
++@@ -37522,6 +37530,14 @@ $as_echo "$as_me: " >&6;}
++
++
++
+++  APACHE_VAR_SUBST="$APACHE_VAR_SUBST CC_FOR_BUILD"
+++
+++
+++
+++  APACHE_VAR_SUBST="$APACHE_VAR_SUBST CFLAGS_FOR_BUILD"
+++
+++
+++
++   APACHE_VAR_SUBST="$APACHE_VAR_SUBST LTFLAGS"
++
++
++Index: apache2-2.4.29/configure.in
++===================================================================
++--- apache2-2.4.29.orig/configure.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/configure.in	2017-11-10 10:56:51.488205250 -0500
++@@ -206,6 +206,14 @@ AC_PROG_CPP
++ dnl Try to get c99 support for variadic macros
++ ifdef([AC_PROG_CC_C99], [AC_PROG_CC_C99])
++
+++dnl In case of cross compilation we set CC_FOR_BUILD to cc unless
+++dnl we got already CC_FOR_BUILD from environment.
+++if test "x${build_alias}" != "x${host_alias}"; then
+++  if test "x${CC_FOR_BUILD}" = "x"; then
+++    CC_FOR_BUILD=cc
+++  fi
+++fi
+++
++ if test "x${cache_file}" = "x/dev/null"; then
++   # Likewise, ensure that CC and CPP are passed through to the pcre
++   # configure script iff caching is disabled (the autoconf 2.5x default).
++Index: apache2-2.4.29/server/Makefile.in
++===================================================================
++--- apache2-2.4.29.orig/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
++@@ -24,9 +24,14 @@ TARGETS = delete-exports $(LTLIBRARY_NAM
++ include $(top_builddir)/build/rules.mk
++ include $(top_srcdir)/build/library.mk
++
+++ifdef CC_FOR_BUILD
+++gen_test_char: gen_test_char.c
+++	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<
+++else
++ gen_test_char_OBJECTS = gen_test_char.lo
++ gen_test_char: $(gen_test_char_OBJECTS)
++ 	$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
+++endif
++
++ test_char.h: gen_test_char
++ 	./gen_test_char > test_char.h
 diff --git a/debian/patches/series b/debian/patches/series
 index 3073444..e1f544d 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -8,3 +8,6 @@ reproducible_builds.diff
  # This patch is applied manually
  #suexec-custom.patch
  setenvifexpr.diff
++
++# Patches added by Ubuntu
++086_svn_cross_compiles
 diff --git a/debian/rules b/debian/rules
 index ddd01e5..49ec37a 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -113,6 +113,7 @@ configure-stamp: prebuild-checks-stamp support/suexec-custom.c
  		--with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config \
  		--with-pcre=yes \
  		--enable-pie \
++		--disable-md \
  		--enable-mpms-shared=all \
  		--enable-mods-shared="all brotli cgi ident authnz_fcgi imagemap cern_meta proxy_fdpass proxy_http2 bucketeer case_filter case_filter_in" \
  		--enable-mods-static="unixd logio watchdog version" \
@@ -177,7 +178,7 @@ override_dh_installdocs-indep:
  	dh_installdocs -i
  override_dh_installdocs-arch:
--	dh_installdocs --link-doc=apache2 -papache2 -papache2-dbg -plibapache2-mod-md -plibapache2-mod-proxy-uwsgi
++	dh_installdocs --link-doc=apache2 -papache2 -papache2-dbg -plibapache2-mod-proxy-uwsgi
  	dh_installdocs --link-doc=apache2-dev -papache2-ssl-dev
  	dh_installdocs -a
 diff --git a/debian/source/include-binaries b/debian/source/include-binaries
 index ff777a2..b32d256 100644
 --- a/debian/source/include-binaries
 +++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
  debian/icons/odf6ots-20x22.png
  debian/icons/odf6ott-20x22.png
  debian/icons/openlogo-75.png
++debian/icons/ubuntu-logo.png
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
 diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
 new file mode 100644
 index 0000000..6bc9125
 --- /dev/null
 +++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
++#!/bin/sh
++set -uxe
++
++# http2 is rather new, check that it at least generally works
++# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
++
++a2enmod http2
++a2enmod ssl
++a2ensite default-ssl
++# Enable globally
++echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
++service apache2 restart
++
++# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
++# wget on Debian gives me:
++#    GnuTLS: A TLS warning alert has been received.
++#    Unable to establish SSL connection.
++# Presumably this is due to the self-signed certificate, but I'm not sure how
++# to skip the warning with wget. curl will do for now.
++echo "Hello, world!" > /var/www/html/hello.txt
++
++testapache () {
++    cmd="${1}"
++    result=$(${cmd})
++
++    if [ "$result" != "Hello, world!" ]; then
++        echo "Unexpected result: ${result}" >&2
++        exit 1
++    else
++        echo OK
++    fi
++}
++
++# https shall not affect http
++testapache "curl -s -k http://localhost/hello.txt"
++# https shall not affect https
++testapache "curl -s -k https://localhost/hello.txt"
++#plain http2
++testapache "nghttp --no-verify-peer https://localhost/hello.txt"
++#http2 upgrade
++testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
 diff --git a/debian/tests/control b/debian/tests/control
 index fb913b5..230f19e 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -23,6 +23,10 @@ Tests: ssl-passphrase
  Restrictions: needs-root allow-stderr breaks-testbed
  Depends: apache2, curl, expect, ssl-cert
++Tests: check-http2
++Restrictions: needs-root allow-stderr breaks-testbed
++Depends: apache2, curl, ssl-cert, nghttp2-client
++
  Tests: chroot
  Features: no-build-needed
  Restrictions: needs-root allow-stderr breaks-testbed

Ubuntuapache2 package

Merge ~ahasenack/ubuntu/+source/apache2:disco-apache2-2.4.37-merge into ubuntu/+source/apache2:debian/sid

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers

Ubuntu
apache2 package