Ubuntu
apache2 package

Merge ~ahasenack/ubuntu/+source/apache2:focal-apache2-last-merge into ubuntu/+source/apache2:debian/sid

Proposed by Andreas Hasenack on 2020-02-26

Status:	Merged
Approved by:	Andreas Hasenack on 2020-02-26
Approved revision:	6fcdaf1e989884527707ad999af33c2bbcfbdba6
Merge reported by:	Andreas Hasenack
Merged at revision:	6fcdaf1e989884527707ad999af33c2bbcfbdba6
Proposed branch:	~ahasenack/ubuntu/+source/apache2:focal-apache2-last-merge
Merge into:	ubuntu/+source/apache2:debian/sid
Diff against target:	2356 lines (+1773/-17) 15 files modified debian/apache2-bin.install (+1/-0) debian/apache2-utils.ufw.profile (+14/-0) debian/apache2.dirs (+1/-0) debian/apache2.install (+1/-0) debian/apache2.postrm (+1/-0) debian/apache2.py (+48/-0) debian/changelog (+1566/-2) debian/control (+4/-2) debian/index.html (+19/-12) debian/patches/086_svn_cross_compiles (+69/-0) debian/patches/series (+3/-0) debian/perl-framework/t/modules/allowmethods.t (+0/-1) debian/source/include-binaries (+1/-0) debian/tests/check-http2 (+41/-0) debian/tests/control (+4/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Bryce Harrington (community)		2020-02-26	Approve on 2020-02-26
Review via email: mp+379894@code.launchpad.net

Description of the change

Merge from debian, no delta dropped or added. I checked the dep8 delta again, and the dep8 tests fail for us without it. They seem to pass on ci.debian.net, I don't know why. When I reported it to debian (the linked bug), they just removed the test (that was the fix).

Revision history for this message

Bryce Harrington (bryce) wrote on 2020-02-26:

* Changelog:
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [√] update-maintainer has been run

* Actual changes:
  - [-] no upstream changes to consider
  - [√] no further upstream version to consider
  - [√] debian changes look safe

* Old Delta:
  - [-] dropped changes are ok to be dropped
  - [√] nothing else to drop
  - [√] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [√] no new patches added
  - [-] patches match what was proposed upstream
  - [-] patches correctly included in debian/patches/series
  - [-] patches have correct DEP3 metadata

* Build/Test:
  - [ ] build is ok
  - [ ] verified PPA package installs/uninstalls
  - [ ] autopkgtest against the PPA package passes
  - [ ] sanity checks test fine

Just need to verify the testing, the rest LGTM.

I'm kind of curious if these two items could be landed to Debian, but assume if they could they would have already:
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/t/control, d/t/check-http2: add basic test for http2 support

review: Needs Information

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2020-02-26:

PPA for testing (currently building): https://launchpad.net/~ahasenack/+archive/ubuntu/apache2-241-last-merge

all arches enabled, and using focal proposed.

a) 086_svn_cross_compiles: this is merged in apache trunk, but not in any release yet. It's supposed to be in 2.5.x. I could try pushing it to debian, but there is some history here I don't have. Maybe back then for some reason debian wasn't hitting a problem. I can ask Infinity (patch author?)

b) check-http2: it was sent to debian via a bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884068
Most recent comments seem to be spam...

Revision history for this message

Bryce Harrington (bryce) wrote on 2020-02-26:

Thanks for the PPA, everything runs and passes ok:

* Build/Test:
  - [√] build is ok
  - [√] verified PPA package installs/uninstalls
  - [√] autopkgtest against the PPA package passes
  - [√] sanity checks test fine

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2020-02-26:

Thanks! I checked with infinity, and indeed he never sent that to debian because he thought it would have beeen in an apache release by now. To be honest I don't know how I would justify that patch to debian now, I mean, "cross compiling fixes", but no concrete case at hand... Just the fact that upstream took it in the never released 2.5 branch/code.

Tagging and uploading 6fcdaf1e989884527707ad999af33c2bbcfbdba6

$ git push pkg upload/2.4.41-4ubuntu1
Enumerating objects: 89, done.
Counting objects: 100% (89/89), done.
Delta compression using up to 4 threads
Compressing objects: 100% (54/54), done.
Writing objects: 100% (62/62), 25.97 KiB | 436.00 KiB/s, done.
Total 62 (delta 45), reused 12 (delta 8)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/apache2
* [new tag] upload/2.4.41-4ubuntu1 -> upload/2.4.41-4ubuntu1

$ dput ubuntu ../apache2_2.4.41-4ubuntu1_source.changes
Checking signature on .changes
gpg: ../apache2_2.4.41-4ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../apache2_2.4.41-4ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.41-4ubuntu1.dsc: done.
  Uploading apache2_2.4.41.orig.tar.gz: done.
  Uploading apache2_2.4.41-4ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.41-4ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.41-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2020-03-05:

This migrated.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

git-ubuntu developers

 diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
 index 63c573f..3d1bdf1 100644
 --- a/debian/apache2-bin.install
 +++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
  /usr/lib/apache2/modules/
  /usr/sbin/apache2
++debian/apache2.py usr/share/apport/package-hooks
 diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
 new file mode 100644
 index 0000000..974a655
 --- /dev/null
 +++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
++[Apache]
++title=Web Server
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80/tcp
++
++[Apache Secure]
++title=Web Server (HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=443/tcp
++
++[Apache Full]
++title=Web Server (HTTP,HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80,443/tcp
 diff --git a/debian/apache2.dirs b/debian/apache2.dirs
 index 6089013..1aa6d3c 100644
 --- a/debian/apache2.dirs
 +++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
  var/lib/apache2
  var/log/apache2
  var/www/html
++/etc/ufw/applications.d/apache2
 diff --git a/debian/apache2.install b/debian/apache2.install
 index b6ad789..92865fc 100644
 --- a/debian/apache2.install
 +++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf			/etc/apache2
  debian/config-dir/envvars			/etc/apache2
  debian/config-dir/magic				/etc/apache2
  debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
++debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
 diff --git a/debian/apache2.postrm b/debian/apache2.postrm
 index a68583c..b0e5d7b 100644
 --- a/debian/apache2.postrm
 +++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
 a94e5a174dc2396c0f3f6b6a74
  		c481228d439cbb54bdcedbaec5bbb11a
  		e2620d4a5a0f8d80dd4b16de59af981f
++		3526531ccd6c6a1d2340574a305a18f8
  	EOF
+ }
 diff --git a/debian/apache2.py b/debian/apache2.py
 new file mode 100644
 index 0000000..a9fb9d8
 --- /dev/null
 +++ b/debian/apache2.py
@@ -0,0 +1,48 @@
++#!/usr/bin/python
++
++'''apport hook for apache2
++
++(c) 2010 Adam Sommer.
++Author: Adam Sommer <asommer@ubuntu.com>
++
++This program is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published by the
++Free Software Foundation; either version 2 of the License, or (at your
++option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
++the full text of the license.
++'''
++
++from apport.hookutils import *
++import os
++
++SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
++
++def add_info(report, ui):
++    if os.path.isdir(SITES_ENABLED_DIR):
++        response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
++                            "may help developers diagnose your bug more "
++                            "quickly.  However, it may contain sensitive "
++                            "information.  Do you want to include it in your "
++                            "bug report?")
++
++        if response == None: # user cancelled
++            raise StopIteration
++
++        elif response == True:
++            # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
++            for conf_file in os.listdir(SITES_ENABLED_DIR):
++                attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
++
++    try:
++        report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
++    except OSError:
++        report['Apache2ConfdDirListing'] = str(False)
++
++    # Attach default config files if changed.
++    attach_conffiles(report, 'apache2', conffiles=None)
++
++    # Attach the error.log file.
++    attach_file(report, '/var/log/apache2/error.log', key='error.log')
++
++    # Get loaded modules.
++    report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
 diff --git a/debian/changelog b/debian/changelog
 index 7611c19..b23967b 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,20 @@
++apache2 (2.4.41-4ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 26 Feb 2020 10:36:13 -0300
++
  apache2 (2.4.41-4) unstable; urgency=medium
    * Add gcc in chroot autopkgtest (fixes debci)
@@ -22,6 +39,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 13 Jan 2020 06:14:45 +0100
++apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++      + Similarly use TLSv1.2 for pr12355 and pr43738.
++        [Test suite updated in 2.4.41-1]
++    - Cherrypick upstream test suite fix for buffer.
++      [Included in 2.4.41-1]
++    - d/p/spelling-errors.patch: removed hunks already fixed upstream
++      [Included in 2.4.39-1]
++    - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
++      + d/p/CVE-2019-0196.patch
++      + d/p/CVE-2019-0211.patch
++      + d/p/CVE-2019-0215.patch
++      + d/p/CVE-2019-0217.patch
++      + d/p/CVE-2019-0220-*.patch
++      + d/p/CVE-2019-0197.patch
++  * Added:
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes: #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 14 Aug 2019 11:36:32 -0300
++
  apache2 (2.4.41-1) unstable; urgency=medium
    * New upstream version 2.4.41
@@ -52,6 +104,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 12 Aug 2019 21:30:33 +0200
++apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
++
++  * New upstream version: 2.4.39
++  * d/p/spelling-errors.patch: removed hunks already fixed upstream
++  * Remaining changes:
++    - Cherrypick upstream test suite fix for buffer.
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped patches (fixed upstream):
++    - d/p/CVE-2019-0196.patch
++    - d/p/CVE-2019-0211.patch
++    - d/p/CVE-2019-0215.patch
++    - d/p/CVE-2019-0217.patch
++    - d/p/CVE-2019-0220-*.patch
++    - d/p/CVE-2019-0197.patch
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 05 Aug 2019 18:09:08 -0300
++
++apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
++
++  * Cherrypick upstream test suite fix for buffer.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 13 Jun 2019 11:08:24 +0100
++
++apache2 (2.4.38-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++      [Removed configure chunk, not needed since configure.in is being
++       patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 10 Jun 2019 19:17:38 +0100
++
  apache2 (2.4.38-3) unstable; urgency=high
    [ Marc Deslauriers ]
@@ -89,6 +197,79 @@ apache2 (2.4.38-3) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Apr 2019 20:15:40 +0200
++apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
++
++  * Cherrypick upstream testsuite fix:
++    - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++  * Similarly use TLSv1.2 for pr12355 and pr43738.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 07 May 2019 10:39:47 +0100
++
++apache2 (2.4.38-2ubuntu2) disco; urgency=medium
++
++  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
++    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
++      request method in modules/http2/h2_request.c.
++    - CVE-2019-0196
++  * SECURITY UPDATE: privilege escalation from modules' scripts
++    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
++      child to its slot number in include/scoreboard.h,
++      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
++      server/mpm/worker/worker.c.
++    - CVE-2019-0211
++  * SECURITY UPDATE: mod_ssl access control bypass
++    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
++      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
++    - CVE-2019-0215
++  * SECURITY UPDATE: mod_auth_digest access control bypass
++    - debian/patches/CVE-2019-0217.patch: fix a race condition in
++      modules/aaa/mod_auth_digest.c.
++    - CVE-2019-0217
++  * SECURITY UPDATE: URL normalization inconsistincy
++    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
++      the path in include/http_core.h, include/httpd.h, server/core.c,
++      server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
++      in server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
++      server/util.c.
++    - CVE-2019-0220
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Apr 2019 14:31:46 -0400
++
++apache2 (2.4.38-2ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++   - debian/patches/086_svn_cross_compiles: Backport several cross
++     fixes from upstream
++     [Removed configure chunk, not needed since configure.in is being
++      patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++      [This has been resolved in Disco, where libxmltooling8 is built with
++      openssl 1.1]
++    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++      + debian/patches/CVE-2018-11763.patch: rework connection IO event
++        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++        modules/http2/h2_version.h.
++        - CVE-2018-11763
++        [Fixed in 2.4.35]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sun, 03 Feb 2019 14:57:13 -0200
++
  apache2 (2.4.38-2) unstable; urgency=medium
    * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -170,6 +351,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Oct 2018 12:54:58 +0200
++apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
++
++  * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++    - debian/patches/CVE-2018-11763.patch: rework connection IO event
++      handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++      modules/http2/h2_version.h.
++    - CVE-2018-11763
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 09:57:22 -0400
++
++apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 03 Aug 2018 17:09:27 -0300
++
  apache2 (2.4.34-1) unstable; urgency=medium
    [ Ondřej Surý ]
@@ -188,6 +400,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 27 Jul 2018 21:37:37 +0200
++apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
++
++  * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
++    re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 28 Jun 2018 10:07:06 -0300
++
++apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
++
++  * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
++    libapache2-mod-md until we figure out their transitions.  libapache2-mod-md
++    in particular is problematic because that makes apache2-bin pull in
++    libcurl4 which cannot be coinstalled with libcurl3.  That situation breaks
++    the installation of libapache2-mod-shib2.  See
++    https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++    for details.
++    - Don't ship md.load and remove build-requires that were added because of
++      mod-md (see
++      https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
++    - Remove proxy_uwsgi.load as we are not building it for now (see
++      https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 May 2018 14:46:19 +0000
++
++apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1770242). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Drop:
++    - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++      + debian/patches/CVE-2017-15710.patch: fix language long names
++        detection as short name in modules/aaa/mod_authnz_ldap.c.
++      + CVE-2017-15710
++    - SECURITY UPDATE: incorrect <FilesMatch> matching
++      + debian/patches/CVE-2017-15715.patch: allow to configure
++        global/default options for regexes, like caseless matching or
++        extended format in include/ap_regex.h, server/core.c,
++        server/util_pcre.c.
++      + CVE-2017-15715
++    - SECURITY UPDATE: mod_session header manipulation
++      + debian/patches/CVE-2018-1283.patch: strip Session header when
++        SessionEnv is on in modules/session/mod_session.c.
++      + CVE-2018-1283
++    - SECURITY UPDATE: DoS via specially-crafted request
++      + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++        terminated on any error, not only on buffer full in
++        server/protocol.c.
++      + CVE-2018-1301
++    - SECURITY UPDATE: mod_cache_socache DoS
++      + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++        to carriage return in modules/cache/mod_cache_socache.c.
++      + CVE-2018-1303
++    - SECURITY UPDATE: insecure nonce generation
++      + debian/patches/CVE-2018-1312.patch: actually use the secret when
++        generating nonces in modules/aaa/mod_auth_digest.c.
++      + CVE-2018-1312
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++      [type=Forking already in the base systemd service file, and
++       RemainsAfterExit=no is the default value, so no need to
++       customize these anymore.]
++    - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
++      + added debian/patches/util_ldap_cache_lock_fix.patch
++      [Already applied upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 15 May 2018 11:03:34 -0300
++
  apache2 (2.4.33-3) unstable; urgency=medium
    * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -260,6 +553,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Sun, 14 Jan 2018 11:01:58 +0000
++apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++    - debian/patches/CVE-2017-15710.patch: fix language long names
++      detection as short name in modules/aaa/mod_authnz_ldap.c.
++    - CVE-2017-15710
++  * SECURITY UPDATE: incorrect <FilesMatch> matching
++    - debian/patches/CVE-2017-15715.patch: allow to configure
++      global/default options for regexes, like caseless matching or
++      extended format in include/ap_regex.h, server/core.c,
++      server/util_pcre.c.
++    - CVE-2017-15715
++  * SECURITY UPDATE: mod_session header manipulation
++    - debian/patches/CVE-2018-1283.patch: strip Session header when
++      SessionEnv is on in modules/session/mod_session.c.
++    - CVE-2018-1283
++  * SECURITY UPDATE: DoS via specially-crafted request
++    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++      terminated on any error, not only on buffer full in
++      server/protocol.c.
++    - CVE-2018-1301
++  * SECURITY UPDATE: mod_cache_socache DoS
++    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++      to carriage return in modules/cache/mod_cache_socache.c.
++    - CVE-2018-1303
++  * SECURITY UPDATE: insecure nonce generation
++    - debian/patches/CVE-2018-1312.patch: actually use the secret when
++      generating nonces in modules/aaa/mod_auth_digest.c.
++    - CVE-2018-1312
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Apr 2018 07:38:24 -0400
++
++apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
++
++  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
++    - added debian/patches/util_ldap_cache_lock_fix.patch
++
++ -- Rafael David Tinoco <rafael.tinoco@canonical.com>  Fri, 02 Mar 2018 02:19:31 +0000
++
++apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
++
++  * Switch back to OpenSSL 1.1.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 06 Feb 2018 11:57:20 +0000
++
++apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
++
++  * enable http2 (LP: #1687454) by stopping to disable it
++    - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: no more removed.
++    - debian/rules: no more removed proxy_http2 from configure.
++  * d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 05 Dec 2017 17:25:39 +0100
++
++apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
++    - debian/control: switch BuildDepends to libssl1.0-dev
++    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
++    - debian/rules: remove openssl virtual package and logic
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Nov 2017 10:51:46 -0500
++
  apache2 (2.4.29-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -324,6 +702,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 16 Jul 2017 23:11:07 +0200
++apache2 (2.4.27-2ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: optionsbleed information leak
++    - debian/patches/CVE-2017-9798.patch: disallow method registration
++      at run time in server/core.c.
++    - CVE-2017-9798
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Sep 2017 11:05:48 -0400
++
++apache2 (2.4.27-2ubuntu2) artful; urgency=medium
++
++  * Undrop (LP 1658469):
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Aug 2017 13:04:45 -0400
++
++apache2 (2.4.27-2ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1702582). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 27 Jul 2017 13:38:39 -0700
++
  apache2 (2.4.27-2) unstable; urgency=medium
    * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -353,6 +772,55 @@ apache2 (2.4.25-4) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Tue, 20 Jun 2017 21:31:51 +0200
++apache2 (2.4.25-3ubuntu3) artful; urgency=medium
++
++  * Re-Drop (LP: #1658469):
++    - Don't build experimental http2 module for LTS:
++     + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++     + debian/config-dir/mods-available/http2.load: removed.
++     + debian/rules: removed proxy_http2 from configure.
++     + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 01 May 2017 09:55:11 -0700
++
++apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
++  * Undrop (LP 1658469):
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 10 Feb 2017 08:53:43 -0800
++
++apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1663425). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++   * Drop (LP: #1658469):
++     - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 09 Feb 2017 15:48:28 -0800
++
  apache2 (2.4.25-3) unstable; urgency=medium
    * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -414,6 +882,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Wed, 21 Dec 2016 23:46:06 +0100
++apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
++      d/source/include-binaries: replace Debian with Ubuntu on default
++      page.
++      [ include-binaries change previously undocumented ]
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++        [ Previously undocumented ]
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++  * Drop:
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 09 Dec 2016 11:02:38 +0100
++
  apache2 (2.4.23-8) unstable; urgency=medium
    * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -424,6 +925,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 20 Nov 2016 00:33:13 +0100
++apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Nov 2016 09:17:24 -0500
++
  apache2 (2.4.23-7) unstable; urgency=medium
    * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -538,6 +1066,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 10 Apr 2016 14:03:41 +0200
++apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
++
++  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
++    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
++      server/util_script.c.
++    - CVE-2016-5387
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Jul 2016 14:32:02 -0400
++
++apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
++
++  [ Ryan Harper ]
++  * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
++    introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
++    all, since http2 support is intentionally disabled (see LP 1531864).
++  * d/apache2.maintscript: handle removal of http2.load conffile.
++
++  [ Robie Basak ]
++  * Re-write Ryan's changelog entry.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 15 Apr 2016 18:00:57 +0000
++
++apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
++
++  * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
++    - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
++      unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
++      between systemctl status and actual state of apache2 daemon.
++    - d/apache2.install: place the apache2-systemd.conf file in the correct location.
++
++ -- Pierre-André MOREY <pierre-andre.morey@canonical.com>  Fri, 08 Apr 2016 11:48:00 +0200
++
++apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 06 Apr 2016 00:18:31 +0300
++
  apache2 (2.4.18-2) unstable; urgency=low
    * htcacheclean:
@@ -563,6 +1140,24 @@ apache2 (2.4.18-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 28 Mar 2016 21:58:54 +0200
++apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Jan 2016 15:15:22 -0500
++
  apache2 (2.4.18-1) unstable; urgency=medium
    * New upstream release:
@@ -570,12 +1165,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 19 Dec 2015 09:26:14 +0100
++apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 03 Dec 2015 10:07:35 -0500
++
  apache2 (2.4.17-3) unstable; urgency=medium
    * mpm_prefork: Fix segfault if started with -X. Closes: #805737
   -- Stefan Fritsch <sf@debian.org>  Mon, 23 Nov 2015 19:52:09 +0100
++apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Nov 2015 09:11:52 -0500
++
  apache2 (2.4.17-2) unstable; urgency=medium
    * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -586,6 +1217,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 31 Oct 2015 23:17:11 +0100
++apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++  * Drop patches (applied upstream):
++    - debian/patches/CVE-2015-3183.patch
++    - debian/patches/CVE-2015-3185.patch
++  * Drop changes (adopted in Debian):
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Don't build experimental http2 module for LTS
++    - debian/control: removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 30 Oct 2015 09:35:46 -0400
++
  apache2 (2.4.17-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -651,6 +1307,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 02 Aug 2015 00:44:07 +0200
++apache2 (2.4.12-2ubuntu2) wily; urgency=medium
++
++  * SECURITY UPDATE: request smuggling via chunked transfer encoding
++    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
++      modules/http/http_filters.c.
++    - CVE-2015-3183
++  * SECURITY UPDATE: access restriction bypass via deprecated API
++    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
++      in include/http_request.h, server/request.c.
++    - CVE-2015-3185
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Jul 2015 09:56:09 -0400
++
++apache2 (2.4.12-2ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Drop patches (applied upstream):
++    - d/p/split-logfile.patch
++    - d/p/CVE-2015-0228.patch
++  * Drop changes (superceded in Debian):
++    - Cherry-pick versioned build-depend on dpkg from Debian for correct
++      dpkg-maintscript-helper symlink_to_dir support.
++  * Drop changes (adopted in Debian):
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++  * Fix cross-building configure line in d/rules, which had bit-rotted in
++    previous merges.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 May 2015 16:34:00 +0000
++
  apache2 (2.4.12-2) unstable; urgency=medium
    [ Jean-Michel Nirgal Vourgère ]
@@ -700,6 +1399,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 15 Mar 2015 10:47:36 +0100
++apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
++      denial of service in mod_lua via websockets PING
++  * debian/tests/ssl-passphrase: Add password responder for
++    systemd-ask-passphrase.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 09 Mar 2015 12:03:16 +0100
++
  apache2 (2.4.10-9) unstable; urgency=medium
    * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -714,6 +1435,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Mon, 22 Dec 2014 20:24:36 +0100
++apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
++
++  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
++    directives
++    - debian/patches/CVE-2014-8109.patch: handle multiple Require
++      directives with different arguments in modules/lua/mod_lua.c.
++    - CVE-2014-8109
++  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
++    - debian/patches/CVE-2015-0228.patch: fix logic in
++      modules/lua/lua_request.c.
++    - CVE-2015-0228
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Mar 2015 10:56:34 -0500
++
++apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
++
++  * Allow "triggers-awaited" and "triggers-pending" states in addition to
++    "installed" when determining whether to defer actions or process
++    deferred actions (LP: #1393832).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 26 Nov 2014 11:31:44 +0000
++
++apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++  * Fixes from Debian included in merge:
++    - Crash caused by OCSP stapling code; this was erroneously
++      attributed to Debian in my previous merge, but actually only
++      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
++  * Cherry-pick versioned build-depend on dpkg from Debian for correct
++    dpkg-maintscript-helper symlink_to_dir support.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 21 Nov 2014 15:15:58 +0000
++
  apache2 (2.4.10-8) unstable; urgency=medium
    * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -728,6 +1497,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Tue, 18 Nov 2014 15:18:18 +0100
++apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++  * Fixes from Debian included in merge:
++    - Don't use a2query in preinst, as it may not be available yet
++      (LP: #1312533).
++    - Crash caused by OCSP stapling code (LP: #1366174).
++    - Disable SSLv3 in default config (LP: #1358305).
++    - If apache2 is not configured yet, defer actions executed via
++      apache2-maintscript-helper. This fixes installation failures if a
++      module package is configured first (LP: #1312854).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Mon, 17 Nov 2014 18:04:40 +0000
++
  apache2 (2.4.10-7) unstable; urgency=medium
    * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -811,6 +1607,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 21 Sep 2014 22:58:33 +0200
++apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install: Plymouth aware passphrase dialog program
++      ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 24 Jul 2014 15:13:16 +0000
++
  apache2 (2.4.10-1) unstable; urgency=medium
    [ Arno Töll ]
@@ -858,6 +1673,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 08 Jun 2014 10:38:04 +0200
++apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
++
++  * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
++    yet support building against lua 5.2 (LP: #1323930).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 28 May 2014 08:55:25 +0000
++
++apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/tests/ssl-passphrase: update for new default path /var/www/html.
++    - d/tests/duplicate-module-load: check for duplicate module loads.
++    - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
++    - d/p/split-logfile.patch: fix completely broken split-logfile command
++      (LP: #1299162). Thanks to Holger Mauermann.
++  * Drop changes (upstreamed):
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++  * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 May 2014 19:30:04 +0000
++
  apache2 (2.4.9-1) unstable; urgency=medium
    * New upstream version.
@@ -890,6 +1744,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 29 Mar 2014 22:50:32 +0100
++apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
++
++  * d/p/split-logfile.patch: fix completely broken split-logfile command
++    (LP: #1299162). Thanks to Holger Mauermann.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 03 Apr 2014 11:21:22 +0000
++
++apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
++
++  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
++    calculation
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - CVE-2013-6438
++  * SECURITY UPDATE: denial of service via truncated cookie and
++    mod_log_config
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++    - CVE-2014-0098
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Mar 2014 08:34:10 -0400
++
++apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
++
++  * d/index.html: replace Debian with Ubuntu on default page
++    (LP: #1288690).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 19 Mar 2014 11:04:21 +0000
++
++apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++  * Drop changes:
++    - debian/{control, rules}: Enable PIE hardening: no longer required;
++      2.4.7-1 is already hardened.
++    - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
++      out of this package.
++  * d/tests/ssl-passphrase: update for new default path /var/www/html.
++  * d/tests/duplicate-module-load: check for duplicate module loads.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Tue, 14 Jan 2014 17:23:47 +0000
++
  apache2 (2.4.7-1) unstable; urgency=low
    New upstream version
@@ -953,6 +1864,53 @@ apache2 (2.4.6-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 12 Aug 2013 20:15:38 +0200
++apache2 (2.4.6-2ubuntu4) trusty; urgency=low
++
++  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
++    that it does not use files find inside the .pc directory. This stops a
++    double module load causing later havoc, including "ChrootDir" directive
++    failure (LP: #1251939). Thanks to Stefan Fritsch.
++  * d/tests/chroot: dep8 test for ChrootDir case.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 Nov 2013 16:21:51 +0000
++
++apache2 (2.4.6-2ubuntu3) trusty; urgency=low
++
++  * debian/apache2.install: Correct path for ufw.
++    (LP: #1252722)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 19 Nov 2013 08:59:54 -0500
++
++apache2 (2.4.6-2ubuntu2) saucy; urgency=low
++
++  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
++    passphrase prompting for SSL certificates that are passphrase protected.
++  * Add dep8 test for SSL passphrase prompting.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 Aug 2013 13:08:52 +0000
++
++apache2 (2.4.6-2ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/control, debian/config-dir/mods-available/ssl.conf,
++      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
++      passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++  * Dropped changes:
++    - debian/patches/CVE-2013-1896.patch: upstream
++  * Fixed module dependencies (LP: #1205314)
++    - debian/config-dir/mods-available/lbmethod_*: properly specify
++      proxy_balancer, not mod_proxy_balancer.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 Jul 2013 08:31:33 -0400
++
  apache2 (2.4.6-2) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -1005,6 +1963,56 @@ apache2 (2.4.6-1) unstable; urgency=low
   -- Arno Töll <arno@debian.org>  Sun, 21 Jul 2013 18:44:42 +0200
++apache2 (2.4.4-6ubuntu5) saucy; urgency=low
++
++  * SECURITY UPDATE: denial of service via MERGE request
++    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
++      in modules/dav/main/mod_dav.c.
++    - CVE-2013-1896
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Jul 2013 11:20:47 -0400
++
++apache2 (2.4.4-6ubuntu4) saucy; urgency=low
++
++  * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
++    apache2-bin. apache2-utils is only suggested by apache2, so may not
++    always be installed by bug reporters. However, apache2-bin will always
++    need to be installed for Apache to be functional, so this is a better
++    place for the apport hook. apache2-bin already Conflicts/Replaces
++    apache2.2-common, so this also fixes (LP: #1199318).
++  * d/apache2.py: adjust apport hook for new location of configuration
++    files in apache2 >= 2.4: they have moved from apache2.2-common to
++    apache2.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 17 Jul 2013 17:54:22 +0000
++
++apache2 (2.4.4-6ubuntu3) saucy; urgency=low
++
++  * Build using lua5.2.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Jul 2013 14:24:42 +0200
++
++apache2 (2.4.4-6ubuntu2) saucy; urgency=low
++
++  * debian/rules: Fix FTBFS while installing ufw.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 10:10:14 -0500
++
++apache2 (2.4.4-6ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 08:34:01 -0500
++
  apache2 (2.4.4-6) unstable; urgency=low
    * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1476,6 +2484,122 @@ apache2 (2.4.1-1) experimental; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 19 Mar 2012 10:46:02 +0100
++apache2 (2.2.22-6ubuntu5) raring; urgency=low
++
++  * SECURITY UPDATE: multiple cross-site scripting issues
++    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
++      modules/generators/{mod_info.c,mod_status.c},
++      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
++      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
++    - CVE-2012-3499
++    - CVE-2012-4558
++  * SECURITY UPDATE: symlink attack in apache2ctl script
++    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
++    - Thanks to Stefan Fritsch for the fix.
++    - CVE-2013-1048
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 15 Mar 2013 07:59:58 -0400
++
++apache2 (2.2.22-6ubuntu4) raring; urgency=low
++
++  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
++  * Skip module sanity check between MPMs if cross-building without the
++    kernel/binfmt support to run our target binaries on the build system.
++  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 05 Dec 2012 02:21:46 -0700
++
++apache2 (2.2.22-6ubuntu3) raring; urgency=low
++
++  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
++    - debian/patches/CVE-2012-2687.patch: escape filenames in
++      modules/mappers/mod_negotiation.c.
++    - CVE-2012-2687
++  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
++    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
++      directive. Defaults to off as enabling compression enables the CRIME
++      attack.
++    - CVE-2012-4929
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 08 Nov 2012 17:56:24 -0500
++
++apache2 (2.2.22-6ubuntu2) quantal; urgency=low
++
++  * debian/apache2.py
++   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
++   - Check if this directory exists: /etc/apache2/sites-enabled/
++
++ -- Matthieu Baerts (matttbe) <matttbe@gmail.com>  Mon, 16 Jul 2012 10:02:18 +0200
++
++apache2 (2.2.22-6ubuntu1) quantal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/control: Add bzr tag and point it to our tree; this is not
++      really required and just increases the delta.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 08 Jun 2012 11:37:31 +0100
++
++apache2 (2.2.22-6) unstable; urgency=low
++
++  [ Stefan Fritsch ]
++  * Fix regression causing apache2 to cache "206 partial content" responses,
++    and then serving these partial responses when replying to normal requests.
++    Closes: #671204
++  * Add section to security.conf that shows how to forbid access to VCS
++    directories. Closes: #548213
++  * Update ssl default cipher config, add alternative speed optimized config.
++    Closes: #649020
++  * Add "AddCharset" for .brf files in default mod_mime config.
++    Closes: #402567
++  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
++    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
++  * Port some of the comments in apache2.conf from the 2.4 package.
++  * Compile mod_version statically, drop associated module load file.
++  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
++    configtest.
++  * Note in README.Debian that future versions of the package will have the
++    include statements changed to include only *.conf.
++  * Change compiled-in document root to /var/www, to avoid strange error
++    messages.
++  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
++
++  [ Arno Töll ]
++  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
++    to override LDFLAGS at compile time by defining LDLAGS in the environment,
++    just like it is possible for CFLAGS. This also means, config_vars.mk now
++    exports hardening build flags by default.
++  * Update doc-base metadata for the apache2-doc package.
++
++ -- Stefan Fritsch <sf@debian.org>  Tue, 29 May 2012 22:05:48 +0200
++
++apache2 (2.2.22-5) unstable; urgency=low
++
++  * Make LoadFile and LoadModule look in the standard search paths if the
++    dso file name is given as a pure filename. This helps with the multi-arch
++    transition.
++
++ -- Stefan Fritsch <sf@debian.org>  Mon, 30 Apr 2012 23:38:33 +0200
++
++apache2 (2.2.22-4) unstable; urgency=high
++
++  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
++    hosts' config files.
++    If scripting modules like mod_php or mod_rivet are enabled on systems
++    where either 1) some frontend server forwards connections to an apache2
++    backend server on the localhost address, or 2) the machine running
++    apache2 is also used for web browsing, this could allow a remote
++    attacker to execute example scripts stored under /usr/share/doc.
++    Depending on the installed packages, this could lead to issues like cross
++    site scripting, code execution, or leakage of sensitive data.
++
++ -- Stefan Fritsch <sf@debian.org>  Sun, 15 Apr 2012 23:41:43 +0200
++
  apache2 (2.2.22-3) unstable; urgency=low
    * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1496,6 +2620,18 @@ apache2 (2.2.22-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 15 Mar 2012 00:02:31 +0100
++apache2 (2.2.22-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 12 Feb 2012 20:06:35 -0500
++
  apache2 (2.2.22-1) unstable; urgency=low
     [ Stefan Fritsch ]
@@ -1513,6 +2649,18 @@ apache2 (2.2.22-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 01 Feb 2012 21:49:04 +0100
++apache2 (2.2.21-5ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++
  apache2 (2.2.21-5) unstable; urgency=low
    [ Arno Töll ]
@@ -1566,6 +2714,26 @@ apache2 (2.2.21-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 29 Dec 2011 12:09:14 +0100
++apache2 (2.2.21-3ubuntu2) precise; urgency=low
++
++  * d/ask-for-passphrase: Flip the logic of this script so that it checks
++    first to see if apache is being started from a TTY, and then if not,
++    tries plymouth. (LP: #887410)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 06 Dec 2011 16:49:33 -0800
++
++apache2 (2.2.21-3ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 05:20:43 +0000
++
  apache2 (2.2.21-3) unstable; urgency=medium
    * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1580,6 +2748,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 03 Dec 2011 18:54:03 +0100
++apache2 (2.2.21-2ubuntu2) precise; urgency=low
++
++  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 02 Dec 2011 17:36:28 -0700
++
++apache2 (2.2.21-2ubuntu1) precise; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 14 Oct 2011 16:01:29 +0000
++
  apache2 (2.2.21-2) unstable; urgency=high
    * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1597,6 +2783,19 @@ apache2 (2.2.21-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 26 Sep 2011 18:16:11 +0200
++apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
++    Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 06 Sep 2011 01:17:15 -0700
++
  apache2 (2.2.20-1) unstable; urgency=low
    * New upstream release.
@@ -1619,6 +2818,18 @@ apache2 (2.2.19-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 29 Aug 2011 17:08:17 +0200
++apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable (LP: #787013). Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Andres Rodriguez <andreserl@ubuntu.com>  Mon, 23 May 2011 10:16:09 -0400
++
  apache2 (2.2.19-1) unstable; urgency=low
    * New upstream release.
@@ -1636,6 +2847,18 @@ apache2 (2.2.19-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 22 May 2011 10:21:21 +0200
++apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 11 Apr 2011 02:13:30 +0100
++
  apache2 (2.2.17-3) unstable; urgency=low
    * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1662,6 +2885,18 @@ apache2 (2.2.17-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 21 Mar 2011 23:01:17 +0100
++apache2 (2.2.17-1ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 22 Feb 2011 13:02:08 -0500
++
  apache2 (2.2.17-1) unstable; urgency=low
    * New upstream version
@@ -1670,6 +2905,32 @@ apache2 (2.2.17-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 15 Feb 2011 23:30:18 +0100
++apache2 (2.2.16-6ubuntu3) natty; urgency=low
++
++  * debian/rules: Don't use "-fno-strict-aliasing" since it causes
++    apache FTBFS on amd64. (LP: #711293)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 01 Feb 2011 10:19:55 -0500
++
++apache2 (2.2.16-6ubuntu2) natty; urgency=low
++
++  * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
++   (LP: #697105)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 25 Jan 2011 11:14:58 -0500
++
++apache2 (2.2.16-6ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 02 Jan 2011 06:05:51 +0000
++
  apache2 (2.2.16-6) unstable; urgency=low
    * Also add $named to the secondary-init-script example.
@@ -1685,6 +2946,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 31 Dec 2010 01:22:19 +0100
++apache2 (2.2.16-4ubuntu2) natty; urgency=low
++
++  [Clint Byrum]
++  * Adding plymouth aware passphrase dialog program ask-for-passphrase.
++    (LP: #582963)
++    + debian/control: apache2.2-common depends on bash for ask-for-passphrase
++    + debian/config-dir/mods-available/ssl.conf:
++      - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
++
++  [Chuck Short]
++  * Add apport hook. (LP: #609177)
++    + debian/apache2.py, debian/apache2.2-common.install
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:43 -0500
++
++apache2 (2.2.16-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:41 -0500
++
  apache2 (2.2.16-4) unstable; urgency=medium
    * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1695,6 +2980,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Nov 2010 19:05:55 +0100
++apache2 (2.2.16-3ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 12 Oct 2010 11:54:48 +0100
++
  apache2 (2.2.16-3) unstable; urgency=high
    * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1717,6 +3011,30 @@ apache2 (2.2.16-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 29 Aug 2010 15:29:21 +0200
++apache2 (2.2.16-1ubuntu3) maverick; urgency=low
++
++  * Revert "stty sane" to unbreak apache starting, this will have to be
++    fixed a different way. (LP: #626723)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 08 Sep 2010 08:33:17 -0400
++
++apache2 (2.2.16-1ubuntu2) maverick; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
++    password prompt when using apache-ssl. (LP: #582963)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 25 Aug 2010 09:25:05 -0400
++
++apache2 (2.2.16-1ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Jul 2010 20:21:37 +0100
++
  apache2 (2.2.16-1) unstable; urgency=medium
    * Urgency medium for security fix.
@@ -1749,6 +3067,24 @@ apache2 (2.2.15-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jul 2010 23:41:08 +0200
++apache2 (2.2.15-5ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++    + Dropped:
++      - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
++      - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
++      - debian/config-dir/apache2.conf: Merged back from debian.
++      - mod-reqtimeout functionality: Merge back from debian.
++      - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
++      - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
++      - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 May 2010 01:28:04 +0100
++
  apache2 (2.2.15-5) unstable; urgency=low
    * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -1869,6 +3205,80 @@ apache2 (2.2.14-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Feb 2010 17:29:45 +0100
++apache2 (2.2.14-5ubuntu8) lucid; urgency=low
++
++  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
++    (LP: #562370)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 13 Apr 2010 15:09:57 -0400
++
++apache2 (2.2.14-5ubuntu7) lucid; urgency=low
++
++  * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
++    leaks by making sure to not destroy bucket brigades that have been created
++    by earlier filters. Backported from 2.2.15.
++  * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
++    has reached MaxClients until it has. Backported from 2.2.15
++  * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
++    more secure by adding Satisfy all. (Debian bug: #572075)
++  * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
++    debian/config2-dir/mods-available/reqtimeout.load,
++    debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
++    mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
++    bug in apache. Enable it by default. (LP: #392759)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 05 Apr 2010 09:53:35 -0400
++
++apache2 (2.2.14-5ubuntu6) lucid; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 09:41:11 -0400
++
++apache2 (2.2.14-5ubuntu5) lucid; urgency=low
++
++  * Revert 99-fix-mod-dav-permissions.dpatch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 07:55:46 -0400
++
++apache2 (2.2.14-5ubuntu4) lucid; urgency=low
++
++  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
++    downloading files from webdav (LP: #540747)
++  * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 29 Mar 2010 13:37:39 -0400
++
++apache2 (2.2.14-5ubuntu3) lucid; urgency=low
++
++  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
++    - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
++      in modules/proxy/mod_proxy_ajp.c.
++    - CVE-2010-0408
++  * SECURITY UPDATE: information disclosure via improper handling of
++    headers in subrequests
++    - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
++      in server/protocol.c.
++    - CVE-2010-0434
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Mar 2010 14:48:48 -0500
++
++apache2 (2.2.14-5ubuntu2) lucid; urgency=low
++
++  * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
++    wacky options. (LP: #450501)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 08 Mar 2010 14:53:17 -0500
++
++apache2 (2.2.14-5ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing.  Remaining changes: LP: #506862
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Wed, 13 Jan 2010 14:28:41 +0530
++
  apache2 (2.2.14-5) unstable; urgency=low
    * Security: Further mitigation for the TLS renegotation attack
@@ -1892,6 +3302,15 @@ apache2 (2.2.14-5) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sat, 02 Jan 2010 22:44:15 +0100
++apache2 (2.2.14-4ubuntu1) lucid; urgency=low
++
++  * Resynchronzie with Debian, remaining changes are:
++   - debian/{control, rules}: Enable PIE hardening.
++   - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++   - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 23 Dec 2009 14:44:51 -0500
++
  apache2 (2.2.14-4) unstable; urgency=low
    * Disable localized error pages again by default because they break
@@ -1942,6 +3361,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 07 Nov 2009 14:37:37 +0100
++apache2 (2.2.14-1ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/conrol: Add bzr tag and point it to our tree.
++    - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++      Already applied upstream.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Nov 2009 00:29:03 +0000
++
  apache2 (2.2.14-1) unstable; urgency=low
    * New upstream version:
@@ -1976,6 +3406,24 @@ apache2 (2.2.13-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 31 Aug 2009 20:28:56 +0200
++apache2 (2.2.12-1ubuntu2) karmic; urgency=low
++
++  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++    - Fix potential segfaults with the use of the legacy ap_rputs() etc
++      interfaces, in cases where an output filter fails. This happens
++      frequently after CVE-2009-1891 got fixed. (LP: #409987)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Aug 2009 15:38:47 -0400
++
++apache2 (2.2.12-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++    - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 04 Aug 2009 20:04:24 +0100
++
  apache2 (2.2.12-1) unstable; urgency=low
    * New upstream release:
@@ -2023,6 +3471,16 @@ apache2 (2.2.12-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 04 Aug 2009 11:02:34 +0200
++apache2 (2.2.11-7ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes: LP: #398130
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 11 Jul 2009 16:34:32 +0530
++
  apache2 (2.2.11-7) unstable; urgency=low
    * Security fixes:
@@ -2037,6 +3495,16 @@ apache2 (2.2.11-7) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 10 Jul 2009 22:42:57 +0200
++apache2 (2.2.11-6ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 09 Jun 2009 01:01:23 +0100
++
  apache2 (2.2.11-6) unstable; urgency=high
    * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2045,6 +3513,16 @@ apache2 (2.2.11-6) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 08 Jun 2009 19:22:58 +0200
++apache2 (2.2.11-5ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Wed, 03 Jun 2009 14:10:54 +1200
++
  apache2 (2.2.11-5) unstable; urgency=low
    * Move all binaries into a new package apache2.2-bin and make
@@ -2093,6 +3571,16 @@ apache2 (2.2.11-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 19 May 2009 22:55:27 +0200
++apache2 (2.2.11-3ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Tue, 12 May 2009 16:15:34 +1200
++
  apache2 (2.2.11-3) unstable; urgency=low
    * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2101,6 +3589,21 @@ apache2 (2.2.11-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 31 Mar 2009 21:07:26 +0200
++apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
++
++  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 01 Apr 2009 11:39:17 -0400
++
++apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{contro,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sat, 17 Jan 2009 00:02:55 +0000
++
  apache2 (2.2.11-2) unstable; urgency=low
    * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2110,6 +3613,14 @@ apache2 (2.2.11-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jan 2009 19:01:59 +0100
++apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 15 Dec 2008 00:06:50 +0000
++
  apache2 (2.2.11-1) unstable; urgency=low
    [Thom May]
@@ -2124,6 +3635,14 @@ apache2 (2.2.11-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Dec 2008 09:34:24 +0100
++apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes: (LP: #303375)
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 29 Nov 2008 14:02:31 +0530
++
  apache2 (2.2.9-11) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy:
@@ -2138,6 +3657,14 @@ apache2 (2.2.9-11) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 26 Nov 2008 23:10:22 +0100
++apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 Nov 2008 02:23:18 -0400
++
  apache2 (2.2.9-10) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy_http:
@@ -2168,6 +3695,27 @@ apache2 (2.2.9-8) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 11 Sep 2008 09:17:33 +0200
++apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
++
++  * Revert logrotate change since it will break it for everyone.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 19 Sep 2008 09:32:01 -0400
++
++apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
++
++  * debian/logrotate: Restart rather than reload for busy websites.
++    (LP: #270899)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 18 Sep 2008 08:42:22 -0400
++
++apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 28 Aug 2008 08:10:59 -0700
++
  apache2 (2.2.9-7) unstable; urgency=low
    * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2210,6 +3758,23 @@ apache2 (2.2.9-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 06 Jul 2008 10:38:37 +0200
++apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
++
++  * add ufw integration (see
++    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
++    (LP: #261198)
++    - debian/control: suggest ufw for apache2.2-common
++    - add apache2.2-common.ufw.profile with 3 profiles and install it to
++      /etc/ufw/applications.d/apache2.2-common
++
++ -- Didier Roche <didrocks@ubuntu-fr.org>  Tue, 26 Aug 2008 19:03:42 +0200
++
++apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
++
++  * debian/{control,rules}: enable PIE hardening
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 20 Aug 2008 15:45:00 -0700
++
  apache2 (2.2.9-3) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -3780,9 +5345,7 @@ apache2 (2.0.37-1) unstable; urgency=low
   -- Thom May <thom@debian.org>  Thu, 13 Jun 2002 17:47:12 +0100
  apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
--
    * New upstream release
--
   -- Thom May <thom@debian.org>  Wed,  5 Jun 2002 12:42:34 +0100
  apache2 (2.0.36-2) unstable; urgency=low
@@ -4290,3 +5853,4 @@ apache2 (2.0.18-1) unstable; urgency=low
    * Initial Release.
   -- Daniel Stone <daniel@sfarc.net>  Wed,  4 Jul 2001 21:29:29 +1000
++
 diff --git a/debian/control b/debian/control
 index 519edd9..7867639 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,5 +1,6 @@
  Source: apache2
--Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
  Uploaders: Stefan Fritsch <sf@debian.org>,
             Arno Töll <arno@debian.org>,
             Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
  Recommends: ssl-cert
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
--          www-browser
++          www-browser,
++          ufw
  Pre-Depends: dpkg (>= 1.17.14)
  Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
  Conflicts: apache2.2-bin,
 diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
 new file mode 100644
 index 0000000..4db2fa1
 Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
 diff --git a/debian/index.html b/debian/index.html
 index 766401d..96ed444 100644
 --- a/debian/index.html
 +++ b/debian/index.html
@@ -1,9 +1,14 @@
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
++  <!--
++    Modified from the Debian original for Ubuntu
++    Last updated: 2016-11-16
++    See: https://launchpad.net/bugs/1288690
++  -->
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
--    <title>Apache2 Debian Default Page: It works</title>
++    <title>Apache2 Ubuntu Default Page: It works</title>
      <style type="text/css" media="screen">
    * {
      margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
    <body>
      <div class="main_page">
        <div class="page_header floating_element">
--        <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>
++        <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
          <span class="floating_element">
--          Apache2 Debian Default Page
++          Apache2 Ubuntu Default Page
          </span>
        </div>
  <!--      <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
          <div class="content_section_text">
            <p>
                  This is the default welcome page used to test the correct
--                operation of the Apache2 server after installation on Debian systems.
++                operation of the Apache2 server after installation on Ubuntu systems.
++                It is based on the equivalent page on Debian, from which the Ubuntu Apache
++                packaging is derived.
                  If you can read this page, it means that the Apache HTTP server installed at
                  this site is working properly. You should <b>replace this file</b> (located at
                  <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Debian's Apache2 default configuration is different from the
++                Ubuntu's Apache2 default configuration is different from the
                  upstream default configuration, and split into several files optimized for
--                interaction with Debian tools. The configuration system is
++                interaction with Ubuntu tools. The configuration system is
                  <b>fully documented in
                  /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
                  documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
            </p>
            <p>
--                The configuration layout for an Apache2 web server installation on Debian systems is as follows:
++                The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
            </p>
            <pre>
  /etc/apache2/
@@ -324,7 +331,7 @@
          <div class="content_section_text">
              <p>
--                By default, Debian does not allow access through the web browser to
++                By default, Ubuntu does not allow access through the web browser to
                  <em>any</em> file apart of those located in <tt>/var/www</tt>,
                  <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
                  directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
                  document root directory in <tt>/etc/apache2/apache2.conf</tt>.
              </p>
              <p>
--                The default Debian document root is <tt>/var/www/html</tt>. You
++                The default Ubuntu document root is <tt>/var/www/html</tt>. You
                  can make your own virtual hosts under /var/www. This is different
                  to previous releases which provides better security out of the box.
              </p>
@@ -345,9 +352,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Please use the <tt>reportbug</tt> tool to report bugs in the
--                Apache2 package with Debian. However, check <a
--                href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"
++                Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
++                Apache2 package with Ubuntu. However, check <a
++                href="https://bugs.launchpad.net/ubuntu/+source/apache2"
                  rel="nofollow">existing bug reports</a> before reporting a new bug.
            </p>
            <p>
 diff --git a/debian/patches/086_svn_cross_compiles b/debian/patches/086_svn_cross_compiles
 new file mode 100644
 index 0000000..fca288e
 --- /dev/null
 +++ b/debian/patches/086_svn_cross_compiles
@@ -0,0 +1,69 @@
++Description: Pull upstream fixes for autotools for cross-compiling
++Author: Adam Conrad <adconrad@ubuntu.com>
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328445
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1327907
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328390
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328714
++Forwarded: not-needed
++Last-Update: 2019-02-03
++
++Index: apache2-2.4.29/acinclude.m4
++===================================================================
++--- apache2-2.4.29.orig/acinclude.m4	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/acinclude.m4	2017-11-10 10:56:51.484205199 -0500
++@@ -55,6 +55,8 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
++   APACHE_SUBST(CPPFLAGS)
++   APACHE_SUBST(CFLAGS)
++   APACHE_SUBST(CXXFLAGS)
+++  APACHE_SUBST(CC_FOR_BUILD)
+++  APACHE_SUBST(CFLAGS_FOR_BUILD)
++   APACHE_SUBST(LTFLAGS)
++   APACHE_SUBST(LDFLAGS)
++   APACHE_SUBST(LT_LDFLAGS)
++@@ -697,7 +699,7 @@ int main(void)
++ {
++     return sizeof(void *) < sizeof(long);
++ }], [ap_cv_void_ptr_lt_long=no], [ap_cv_void_ptr_lt_long=yes],
++-    [ap_cv_void_ptr_lt_long=yes])])
+++    [ap_cv_void_ptr_lt_long="cross compile - not checked"])])
++
++ if test "$ap_cv_void_ptr_lt_long" = "yes"; then
++     AC_MSG_ERROR([Size of "void *" is less than size of "long"])
++Index: apache2-2.4.29/configure.in
++===================================================================
++--- apache2-2.4.29.orig/configure.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/configure.in	2017-11-10 10:56:51.488205250 -0500
++@@ -206,6 +206,14 @@ AC_PROG_CPP
++ dnl Try to get c99 support for variadic macros
++ ifdef([AC_PROG_CC_C99], [AC_PROG_CC_C99])
++
+++dnl In case of cross compilation we set CC_FOR_BUILD to cc unless
+++dnl we got already CC_FOR_BUILD from environment.
+++if test "x${build_alias}" != "x${host_alias}"; then
+++  if test "x${CC_FOR_BUILD}" = "x"; then
+++    CC_FOR_BUILD=cc
+++  fi
+++fi
+++
++ if test "x${cache_file}" = "x/dev/null"; then
++   # Likewise, ensure that CC and CPP are passed through to the pcre
++   # configure script iff caching is disabled (the autoconf 2.5x default).
++Index: apache2-2.4.29/server/Makefile.in
++===================================================================
++--- apache2-2.4.29.orig/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
++@@ -24,9 +24,14 @@ TARGETS = delete-exports $(LTLIBRARY_NAM
++ include $(top_builddir)/build/rules.mk
++ include $(top_srcdir)/build/library.mk
++
+++ifdef CC_FOR_BUILD
+++gen_test_char: gen_test_char.c
+++	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<
+++else
++ gen_test_char_OBJECTS = gen_test_char.lo
++ gen_test_char: $(gen_test_char_OBJECTS)
++ 	$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
+++endif
++
++ test_char.h: gen_test_char
++ 	./gen_test_char > test_char.h
 diff --git a/debian/patches/series b/debian/patches/series
 index b82297b..207d9c8 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -8,3 +8,6 @@ reproducible_builds.diff
  # This patch is applied manually
  #suexec-custom.patch
  spelling-errors.patch
++
++# Patches added by Ubuntu
++086_svn_cross_compiles
 diff --git a/debian/perl-framework/t/modules/allowmethods.t b/debian/perl-framework/t/modules/allowmethods.t
 index ad34959..6e2e815 100644
 --- a/debian/perl-framework/t/modules/allowmethods.t
 +++ b/debian/perl-framework/t/modules/allowmethods.t
@@ -23,7 +23,6 @@ my @test_cases = (
      [ $get, $post, 405 ],
      [ $head, $post, 405 ],
      [ $post, $post, 200 ],
--    [ $get, $post . '/reset', 200 ],
  );
  plan tests => (scalar @test_cases), have_module 'allowmethods';
 diff --git a/debian/source/include-binaries b/debian/source/include-binaries
 index ff777a2..b32d256 100644
 --- a/debian/source/include-binaries
 +++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
  debian/icons/odf6ots-20x22.png
  debian/icons/odf6ott-20x22.png
  debian/icons/openlogo-75.png
++debian/icons/ubuntu-logo.png
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
 diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
 new file mode 100644
 index 0000000..6bc9125
 --- /dev/null
 +++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
++#!/bin/sh
++set -uxe
++
++# http2 is rather new, check that it at least generally works
++# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
++
++a2enmod http2
++a2enmod ssl
++a2ensite default-ssl
++# Enable globally
++echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
++service apache2 restart
++
++# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
++# wget on Debian gives me:
++#    GnuTLS: A TLS warning alert has been received.
++#    Unable to establish SSL connection.
++# Presumably this is due to the self-signed certificate, but I'm not sure how
++# to skip the warning with wget. curl will do for now.
++echo "Hello, world!" > /var/www/html/hello.txt
++
++testapache () {
++    cmd="${1}"
++    result=$(${cmd})
++
++    if [ "$result" != "Hello, world!" ]; then
++        echo "Unexpected result: ${result}" >&2
++        exit 1
++    else
++        echo OK
++    fi
++}
++
++# https shall not affect http
++testapache "curl -s -k http://localhost/hello.txt"
++# https shall not affect https
++testapache "curl -s -k https://localhost/hello.txt"
++#plain http2
++testapache "nghttp --no-verify-peer https://localhost/hello.txt"
++#http2 upgrade
++testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
 diff --git a/debian/tests/control b/debian/tests/control
 index be79f60..37ae2ca 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -23,6 +23,10 @@ Tests: ssl-passphrase
  Restrictions: needs-root allow-stderr breaks-testbed
  Depends: apache2, curl, expect, ssl-cert
++Tests: check-http2
++Restrictions: needs-root allow-stderr breaks-testbed
++Depends: apache2, curl, ssl-cert, nghttp2-client
++
  Tests: chroot
  Features: no-build-needed
  Restrictions: needs-root allow-stderr breaks-testbed

Ubuntuapache2 package

Merge ~ahasenack/ubuntu/+source/apache2:focal-apache2-last-merge into ubuntu/+source/apache2:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
apache2 package