Ubuntu
apache2 package

debian/apache2-bin.install (+1/-0)
debian/apache2-utils.ufw.profile (+14/-0)
debian/apache2.dirs (+1/-0)
debian/apache2.install (+1/-0)
debian/apache2.postrm (+1/-0)
debian/apache2.py (+48/-0)
debian/apache2ctl (+33/-18)
debian/changelog (+1697/-2)
debian/control (+4/-2)
debian/index.html (+19/-12)
debian/perl-framework/t/apache/expr_string.t (+4/-0)
debian/source/include-binaries (+1/-0)
debian/tests/check-http2 (+41/-0)
debian/tests/control (+4/-0)

Related bugs:

Bug #1910372: Support more modern Lua versions - to keep only one in main	Undecided	Fix Released
Bug #1918209: Detection of systemd breaks building in docker	High	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Christian Ehrhardt  (community)	2021-03-04	Approve on 2021-03-09
Canonical Server	2021-03-04	Pending
git-ubuntu developers	2021-03-04	Pending
Review via email: mp+399177@code.launchpad.net

Description of the change

This is a minor merge from Debian to help resolve LP: #1910372 which seeks to drop lua5.2 in favor of lua 5.3. Debian has already made this change, so doing the merge allows us to do as well.

The lua version change was not mentioned in Debian's changelog, but can be seen in the diff. To make sure there were not other undocumented changes that might violate our FFe policy, I did a commit-by-commit review of all changes in the -3 and -4 releases from Debian. There were no substantial changes to the software itself other than lua5.3 afaict. A report on this analysis is below.

Debian has disabled several test cases which I think are not broken for us. I considered re-enabling them for us, but I don't think that would gain us much. One of the commit messages uses the word 'temporary' so perhaps Debian and/or upstream will be working on fixes to them.

One piece of our delta is now in Debian. The remainder has been with us for quite some time and still looks to me like it should stay with us.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/apache2-merge-v2.4.46-4

### Additional Note ###

Historically, the split changes aren't available via git-ubuntu due to a bug. As a work-around to that, I started from Paride's merge branch. The aforementioned dropped delta was the only merge conflict.

Also, Apache2 hits the 'empty directories' problem with git, and so requires passing --no-verify to various git commands. Because of this, `git ubuntu merge finish pkg/ubuntu/devel` errors with a stack trace. The workaround I used for that was as follows:

$ git commit -m merge-changelogs --no-verify debian/changelog
[detached HEAD 4180b2f0f] merge-changelogs
1 file changed, 1670 insertions(+), 2 deletions(-)
$ commit_message=$(for rev in $(git rev-list --reverse 'new/debian..HEAD^'); do git log --pretty=%B -n 1 $rev | sed '/^\
[[:space:]]*$/d'; done)
$ awk -v r="$commit_message" '{gsub(/* PLACEHOLDER/,r)}1' debian/changelog > debian/changelog.tmp
$ mv debian/changelog.tmp debian/changelog
$ git commit --no-verify -m reconstruct-changelog debian/changelog
$ update-maintainer
$ git commit --no-verify -m update-maintainer debian/control

I think this provided equivalent results to what git ubuntu does (I took the steps directly from the git-ubuntu codebase). I couldn't find these steps documented anywhere, although I suspect it's what others have had to do in the past. Anyway, I include them here for reference if someone needs them for future apache merges. (But sounds like Robie has a better way to work around this that might be better to try next time.)

### Analysis of Debian changes ###

c4345ed5 releasing package apache2 version 2.4.46-4
- changelog only

91ec8581 Ignore another test
- Identical to one of the changes in the ubuntu delta,
which we can drop now.

b4b14a64 Ignore another random another test failure
- Disables test case for png content. Reason not mentioned.

a55c97f6 releasing package apache2 version 2.4.46-3
- changelog only

ac6936d8 Disable temporary 3 subtests
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979664
  - Disables an xml filter test case and two session module test cases.
    Reason not mentioned, just that they fail CI.

a0088e23 Update d/ch
- changelog only

8753f5b5 Add debian/gbp.conf
- Adds gbp config, which we don't use for maintaining apache.

115d3084 Declare compliance with policy 4.5.1
- Just a housekeeping cleanup

647d73b6 Fix day-of-week for changelog entry 2.0.42-2.
- changelog only

809ce169 Build against lua5.3 instead of lua5.2
- This is a substantive change as it alters build dependencies, but
this is a change we actively want.

920ac47a Update lintian overrides
- Just a housekeeping cleanup

1883ce71 Update d/ch
- changelog only

52c6d77a Enable verbose test output during autopkgtest
- More verbosity during autopkgtest should be fine + helpful

58945288 Clean include-binaries
  - Drops debian/upstream/signing-key.pgp from the list of
    include-binaries. This file was converted to signing-key.asc back
    in 2.4.38-1.
  - So this is just cleanup

42d6a1de Remove postinst/preinst hooks concerning old versions
cb7db4b5 Partial revert of 42d6a1de
  - Drops some various cleanups for old versions of Apache2, that we
    haven't shipped since before bionic. Users upgrading from such old
    versions would have to go through at least bionic and focal, which
    will have cleaned the files up.
  - So this cleanup should also be safe for us

27377967 Spelling error in (c)
- Just a sp. fix for debian/copyright

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-03-08:

This is still marked as WIP, is it or shall this be reviewed?
Since I was missing last week I might miss some context here and not waste time reviewing if it might be not the right next step.

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-08:

Yes, this is ready to be reviewed.

The reason I set to WIP was anticipating there might be ideas from the "git ubuntu empty dirs" meeting that I'd need to redo the merge for, but there weren't, so this is good to go as is.

~bryce/ubuntu/+source/apache2:merge-v2.4.46-4-hirsute updated on 2021-03-09

2f86ed6... by Bryce Harrington on 2021-03-09: * d/apache2ctl: Also use /run/systemd to check for systemd usage
(LP: #1918209)
b9374b4... by Bryce Harrington on 2021-03-09: merge-changelogs
5e1e6b6... by Bryce Harrington on 2021-03-09: reconstruct-changelog
04405d0... by Bryce Harrington on 2021-03-09: update-maintainer
e9e339c... by Bryce Harrington on 2021-03-09: changelog add'l details about merge

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-09:

Btw, I've also tacked on a bugfix for an issue we think causes OCI build failures.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-03-09:

Changelog:
- [✓] old content match as expected (I also have parides branch)
- [✓] changelog entry correct version and targeted codename
- [?] changelog entries correct (almost - IMHO the extra entry for 1918209 would go under an "* Added Changes", but that is optional and up to you
- [✓] update-maintainer has been run

Actual changes:
- [✓] no major upstream changes to consider
- [✓] no further upstream version to consider
- [✓] debian changes look safe (I've went through the changes in salsa just like you did and agree)

Old Delta:
- [✓] dropped changes are ok to be dropped
- [✓] nothing else to drop
- [?] changes forwarded upstream/debian
Since Debian recently seems to be big on "disabling random fail tests" I wonder if it might be a good time to forward our delta for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1890302 ?

New Delta:
- [✓] new are good
- [?] new change submitted to Debian? I've not seen a reference for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1918209
I agree it is a common pattern https://codesearch.debian.net/search?q=%2Frun%2Fsystemd%2Fsystem&literal=1 and ok to add, but maybe file it with Debian as well to some day be able to drop the Delta?

Build/Test:
- [✓] build is ok
- [✓] verified PPA package installs/uninstalls

Revision history for this message

Christian Ehrhardt  (paelzer) on 2021-03-09:

review: Approve

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-11:

Thanks for the review. I've gone ahead and uploaded it (so we can get the fix for the OCIs in play), and will forward the delta to Debian later this week. I can't do the upload tag yet due to a git-ubuntu bug but will do so once there's a solution for that.

$ dput ubuntu apache2_2.4.46-4ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: /home/bryce/pkg/Apache2/merge-v2.4.46-4/apache2_2.4.46-4ubuntu1_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: /home/bryce/pkg/Apache2/merge-v2.4.46-4/apache2_2.4.46-4ubuntu1.dsc: Valid signature from E603B2578FB8F0FB
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.46-4ubuntu1.dsc: done.
  Uploading apache2_2.4.46-4ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.46-4ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.46-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-11:

This has now migrated. (There was one perl test failure on amd64 but it appears to have been just a timing issue; I re-triggered it and it passed.)

  - Current Version: 2.4.46-4ubuntu1
  - Proposed Version: None
  - Debian Version: 2.4.46-4
  - New Version: 2.4.46-4ubuntu1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Bryce Harrington

git-ubuntu developers

 diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
 index 63c573f..3d1bdf1 100644
 --- a/debian/apache2-bin.install
 +++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
  /usr/lib/apache2/modules/
  /usr/sbin/apache2
++debian/apache2.py usr/share/apport/package-hooks
 diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
 new file mode 100644
 index 0000000..974a655
 --- /dev/null
 +++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
++[Apache]
++title=Web Server
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80/tcp
++
++[Apache Secure]
++title=Web Server (HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=443/tcp
++
++[Apache Full]
++title=Web Server (HTTP,HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80,443/tcp
 diff --git a/debian/apache2.dirs b/debian/apache2.dirs
 index 6089013..1aa6d3c 100644
 --- a/debian/apache2.dirs
 +++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
  var/lib/apache2
  var/log/apache2
  var/www/html
++/etc/ufw/applications.d/apache2
 diff --git a/debian/apache2.install b/debian/apache2.install
 index b6ad789..92865fc 100644
 --- a/debian/apache2.install
 +++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf			/etc/apache2
  debian/config-dir/envvars			/etc/apache2
  debian/config-dir/magic				/etc/apache2
  debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
++debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
 diff --git a/debian/apache2.postrm b/debian/apache2.postrm
 index a68583c..b0e5d7b 100644
 --- a/debian/apache2.postrm
 +++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
 a94e5a174dc2396c0f3f6b6a74
  		c481228d439cbb54bdcedbaec5bbb11a
  		e2620d4a5a0f8d80dd4b16de59af981f
++		3526531ccd6c6a1d2340574a305a18f8
  	EOF
+ }
 diff --git a/debian/apache2.py b/debian/apache2.py
 new file mode 100644
 index 0000000..a9fb9d8
 --- /dev/null
 +++ b/debian/apache2.py
@@ -0,0 +1,48 @@
++#!/usr/bin/python
++
++'''apport hook for apache2
++
++(c) 2010 Adam Sommer.
++Author: Adam Sommer <asommer@ubuntu.com>
++
++This program is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published by the
++Free Software Foundation; either version 2 of the License, or (at your
++option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
++the full text of the license.
++'''
++
++from apport.hookutils import *
++import os
++
++SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
++
++def add_info(report, ui):
++    if os.path.isdir(SITES_ENABLED_DIR):
++        response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
++                            "may help developers diagnose your bug more "
++                            "quickly.  However, it may contain sensitive "
++                            "information.  Do you want to include it in your "
++                            "bug report?")
++
++        if response == None: # user cancelled
++            raise StopIteration
++
++        elif response == True:
++            # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
++            for conf_file in os.listdir(SITES_ENABLED_DIR):
++                attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
++
++    try:
++        report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
++    except OSError:
++        report['Apache2ConfdDirListing'] = str(False)
++
++    # Attach default config files if changed.
++    attach_conffiles(report, 'apache2', conffiles=None)
++
++    # Attach the error.log file.
++    attach_file(report, '/var/log/apache2/error.log', key='error.log')
++
++    # Get loaded modules.
++    report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
 diff --git a/debian/apache2ctl b/debian/apache2ctl
 index 404b9f9..02f3bca 100755
 --- a/debian/apache2ctl
 +++ b/debian/apache2ctl
@@ -143,6 +143,21 @@ mkdir_chown () {
      fi
+ }
++need_systemd () {
++    # Detect if systemd is in use and should be used for managing
++    # the Apache2 httpd service.  Returns 0 if so, 1 otherwise.
++    if [ -z "${APACHE_STARTED_BY_SYSTEMD}" ]; then
++	case "$(readlink -f /proc/1/exe)" in
++	    *systemd*)
++		return 0
++		;;
++	esac
++	# With Docker, /proc/1 is not necessarily an init system,
++	# so fallback to checking in /run.
++        [ -d /run/systemd/system ]
++    fi
++    return 1
++}
  [ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
  [ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
@@ -153,38 +168,38 @@ start)
      # (this is bad if there are several apache2 instances running)
      rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*
--    need_systemd=false
--    if [ -z "$APACHE_STARTED_BY_SYSTEMD" ] ; then
--        case "$(readlink -f /proc/1/exe)" in
--        *systemd*)
--            need_systemd=true
--            ;;
--        *)
--            ;;
--        esac
--    fi
--    if $need_systemd ; then
++    if need_systemd; then
          # If running on systemd we should not start httpd without systemd
          # or systemd will get confused about the status of httpd.
--        echo "Invoking 'systemctl start $APACHE_SYSTEMD_SERVICE'."
--        echo "Use 'systemctl status $APACHE_SYSTEMD_SERVICE' for more info."
--        systemctl start "$APACHE_SYSTEMD_SERVICE"
++        echo "Invoking 'systemctl start ${APACHE_SYSTEMD_SERVICE}'."
++        echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
++        systemctl start "${APACHE_SYSTEMD_SERVICE}"
      else
          unset APACHE_STARTED_BY_SYSTEMD
--        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++        ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
      fi
      ERROR=$?
      ;;
  stop|graceful-stop)
--    $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++    ${HTTPD} ${APACHE_ARGUMENTS} -k "$ARGV"
      ERROR=$?
      ;;
  restart|graceful)
      if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
--        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++        if need_systemd; then
++            # If running on systemd we should not directly restart httpd since
++            # systemd would be confused about httpd's status.
++            # (See LP: #1832182)
++            echo "Invoking 'systemctl restart ${APACHE_SYSTEMD_SERVICE}'."
++            echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
++            systemctl restart "${APACHE_SYSTEMD_SERVICE}"
++        else
++            unset APACHE_STARTED_BY_SYSTEMD
++            ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
++        fi
      else
--        $HTTPD ${APACHE_ARGUMENTS} -t
++        ${HTTPD} ${APACHE_ARGUMENTS} -t
      fi
      ERROR=$?
      ;;
 diff --git a/debian/changelog b/debian/changelog
 index 8a02325..19b4857 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,30 @@
++apache2 (2.4.46-4ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable, to allow moving from lua5.2 to
++    lua5.3 (LP: #1910372). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++    - d/apache2ctl: Also use systemd for graceful if it is in use.
++      This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++  * Drop:
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++      [Included in Debian 2.4.46-3]
++  * d/apache2ctl: Also use /run/systemd to check for systemd usage
++    (LP: #1918209)
++
++ -- Bryce Harrington <bryce@canonical.com>  Tue, 09 Mar 2021 00:45:35 +0000
++
  apache2 (2.4.46-4) unstable; urgency=medium
    * Ignore other random another test failures (Closes: #979664)
@@ -15,6 +42,28 @@ apache2 (2.4.46-3) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Sun, 10 Jan 2021 22:43:21 +0100
++apache2 (2.4.46-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++    - d/apache2ctl: Also use systemd for graceful if it is in use.
++      This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++
++ -- Paride Legovini <paride.legovini@canonical.com>  Mon, 14 Dec 2020 18:12:15 +0100
++
  apache2 (2.4.46-2) unstable; urgency=medium
    [ Jean-Michel Vourgère ]
@@ -36,6 +85,39 @@ apache2 (2.4.46-2) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Fri, 13 Nov 2020 16:59:01 +0100
++apache2 (2.4.46-1ubuntu2) hirsute; urgency=medium
++
++  * d/apache2ctl: Also use systemd for graceful if it is in use.
++    (LP: #1832182)
++    - This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++
++ -- Bryce Harrington <bryce@canonical.com>  Mon, 05 Oct 2020 16:06:32 -0700
++
++apache2 (2.4.46-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++  * Dropped:
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++      [Unclear if it's still necessary, and upstream hasn't made a
++      release with it yet]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 25 Aug 2020 09:13:38 -0300
++
  apache2 (2.4.46-1) unstable; urgency=medium
    [ Xavier Guimard ]
@@ -52,6 +134,39 @@ apache2 (2.4.46-1) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Sat, 08 Aug 2020 08:33:36 +0200
++apache2 (2.4.43-1ubuntu2) groovy; urgency=medium
++
++  * d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++    issue reading error log too quickly after request, by adding a sleep.
++    (LP: #1890302)
++
++ -- Bryce Harrington <bryce@canonical.com>  Wed, 05 Aug 2020 12:44:59 -0700
++
++apache2 (2.4.43-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++  * Dropped:
++    - d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
++      parameter to mod_proxy_ajp (LP #1865340)
++      [Fixed upstream]
++    - d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
++      mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
++      Closes #955348, LP #1872478
++      [In 2.4.43-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 21 Jul 2020 10:22:42 -0300
++
  apache2 (2.4.43-1) unstable; urgency=medium
    [ Timo Aaltonen ]
@@ -79,6 +194,39 @@ apache2 (2.4.41-5) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Wed, 18 Mar 2020 21:06:49 +0100
++apache2 (2.4.41-4ubuntu3) focal; urgency=medium
++
++  [ Timo Aaltonen ]
++  * d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
++    mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
++    Closes: #955348, LP: #1872478
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 13 Apr 2020 14:19:17 -0300
++
++apache2 (2.4.41-4ubuntu2) focal; urgency=medium
++
++  * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
++    parameter to mod_proxy_ajp (LP: #1865340)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 05 Mar 2020 15:51:00 -0300
++
++apache2 (2.4.41-4ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 26 Feb 2020 10:36:13 -0300
++
  apache2 (2.4.41-4) unstable; urgency=medium
    * Add gcc in chroot autopkgtest (fixes debci)
@@ -103,6 +251,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 13 Jan 2020 06:14:45 +0100
++apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++      + Similarly use TLSv1.2 for pr12355 and pr43738.
++        [Test suite updated in 2.4.41-1]
++    - Cherrypick upstream test suite fix for buffer.
++      [Included in 2.4.41-1]
++    - d/p/spelling-errors.patch: removed hunks already fixed upstream
++      [Included in 2.4.39-1]
++    - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
++      + d/p/CVE-2019-0196.patch
++      + d/p/CVE-2019-0211.patch
++      + d/p/CVE-2019-0215.patch
++      + d/p/CVE-2019-0217.patch
++      + d/p/CVE-2019-0220-*.patch
++      + d/p/CVE-2019-0197.patch
++  * Added:
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes: #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 14 Aug 2019 11:36:32 -0300
++
  apache2 (2.4.41-1) unstable; urgency=medium
    * New upstream version 2.4.41
@@ -133,6 +316,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 12 Aug 2019 21:30:33 +0200
++apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
++
++  * New upstream version: 2.4.39
++  * d/p/spelling-errors.patch: removed hunks already fixed upstream
++  * Remaining changes:
++    - Cherrypick upstream test suite fix for buffer.
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped patches (fixed upstream):
++    - d/p/CVE-2019-0196.patch
++    - d/p/CVE-2019-0211.patch
++    - d/p/CVE-2019-0215.patch
++    - d/p/CVE-2019-0217.patch
++    - d/p/CVE-2019-0220-*.patch
++    - d/p/CVE-2019-0197.patch
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 05 Aug 2019 18:09:08 -0300
++
++apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
++
++  * Cherrypick upstream test suite fix for buffer.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 13 Jun 2019 11:08:24 +0100
++
++apache2 (2.4.38-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++      [Removed configure chunk, not needed since configure.in is being
++       patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 10 Jun 2019 19:17:38 +0100
++
  apache2 (2.4.38-3) unstable; urgency=high
    [ Marc Deslauriers ]
@@ -170,6 +409,79 @@ apache2 (2.4.38-3) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Apr 2019 20:15:40 +0200
++apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
++
++  * Cherrypick upstream testsuite fix:
++    - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++  * Similarly use TLSv1.2 for pr12355 and pr43738.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 07 May 2019 10:39:47 +0100
++
++apache2 (2.4.38-2ubuntu2) disco; urgency=medium
++
++  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
++    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
++      request method in modules/http2/h2_request.c.
++    - CVE-2019-0196
++  * SECURITY UPDATE: privilege escalation from modules' scripts
++    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
++      child to its slot number in include/scoreboard.h,
++      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
++      server/mpm/worker/worker.c.
++    - CVE-2019-0211
++  * SECURITY UPDATE: mod_ssl access control bypass
++    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
++      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
++    - CVE-2019-0215
++  * SECURITY UPDATE: mod_auth_digest access control bypass
++    - debian/patches/CVE-2019-0217.patch: fix a race condition in
++      modules/aaa/mod_auth_digest.c.
++    - CVE-2019-0217
++  * SECURITY UPDATE: URL normalization inconsistincy
++    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
++      the path in include/http_core.h, include/httpd.h, server/core.c,
++      server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
++      in server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
++      server/util.c.
++    - CVE-2019-0220
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Apr 2019 14:31:46 -0400
++
++apache2 (2.4.38-2ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++   - debian/patches/086_svn_cross_compiles: Backport several cross
++     fixes from upstream
++     [Removed configure chunk, not needed since configure.in is being
++      patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++      [This has been resolved in Disco, where libxmltooling8 is built with
++      openssl 1.1]
++    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++      + debian/patches/CVE-2018-11763.patch: rework connection IO event
++        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++        modules/http2/h2_version.h.
++        - CVE-2018-11763
++        [Fixed in 2.4.35]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sun, 03 Feb 2019 14:57:13 -0200
++
  apache2 (2.4.38-2) unstable; urgency=medium
    * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -251,6 +563,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Oct 2018 12:54:58 +0200
++apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
++
++  * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++    - debian/patches/CVE-2018-11763.patch: rework connection IO event
++      handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++      modules/http2/h2_version.h.
++    - CVE-2018-11763
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 09:57:22 -0400
++
++apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 03 Aug 2018 17:09:27 -0300
++
  apache2 (2.4.34-1) unstable; urgency=medium
    [ Ondřej Surý ]
@@ -269,6 +612,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 27 Jul 2018 21:37:37 +0200
++apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
++
++  * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
++    re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 28 Jun 2018 10:07:06 -0300
++
++apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
++
++  * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
++    libapache2-mod-md until we figure out their transitions.  libapache2-mod-md
++    in particular is problematic because that makes apache2-bin pull in
++    libcurl4 which cannot be coinstalled with libcurl3.  That situation breaks
++    the installation of libapache2-mod-shib2.  See
++    https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++    for details.
++    - Don't ship md.load and remove build-requires that were added because of
++      mod-md (see
++      https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
++    - Remove proxy_uwsgi.load as we are not building it for now (see
++      https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 May 2018 14:46:19 +0000
++
++apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1770242). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Drop:
++    - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++      + debian/patches/CVE-2017-15710.patch: fix language long names
++        detection as short name in modules/aaa/mod_authnz_ldap.c.
++      + CVE-2017-15710
++    - SECURITY UPDATE: incorrect <FilesMatch> matching
++      + debian/patches/CVE-2017-15715.patch: allow to configure
++        global/default options for regexes, like caseless matching or
++        extended format in include/ap_regex.h, server/core.c,
++        server/util_pcre.c.
++      + CVE-2017-15715
++    - SECURITY UPDATE: mod_session header manipulation
++      + debian/patches/CVE-2018-1283.patch: strip Session header when
++        SessionEnv is on in modules/session/mod_session.c.
++      + CVE-2018-1283
++    - SECURITY UPDATE: DoS via specially-crafted request
++      + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++        terminated on any error, not only on buffer full in
++        server/protocol.c.
++      + CVE-2018-1301
++    - SECURITY UPDATE: mod_cache_socache DoS
++      + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++        to carriage return in modules/cache/mod_cache_socache.c.
++      + CVE-2018-1303
++    - SECURITY UPDATE: insecure nonce generation
++      + debian/patches/CVE-2018-1312.patch: actually use the secret when
++        generating nonces in modules/aaa/mod_auth_digest.c.
++      + CVE-2018-1312
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++      [type=Forking already in the base systemd service file, and
++       RemainsAfterExit=no is the default value, so no need to
++       customize these anymore.]
++    - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
++      + added debian/patches/util_ldap_cache_lock_fix.patch
++      [Already applied upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 15 May 2018 11:03:34 -0300
++
  apache2 (2.4.33-3) unstable; urgency=medium
    * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -341,6 +765,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Sun, 14 Jan 2018 11:01:58 +0000
++apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++    - debian/patches/CVE-2017-15710.patch: fix language long names
++      detection as short name in modules/aaa/mod_authnz_ldap.c.
++    - CVE-2017-15710
++  * SECURITY UPDATE: incorrect <FilesMatch> matching
++    - debian/patches/CVE-2017-15715.patch: allow to configure
++      global/default options for regexes, like caseless matching or
++      extended format in include/ap_regex.h, server/core.c,
++      server/util_pcre.c.
++    - CVE-2017-15715
++  * SECURITY UPDATE: mod_session header manipulation
++    - debian/patches/CVE-2018-1283.patch: strip Session header when
++      SessionEnv is on in modules/session/mod_session.c.
++    - CVE-2018-1283
++  * SECURITY UPDATE: DoS via specially-crafted request
++    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++      terminated on any error, not only on buffer full in
++      server/protocol.c.
++    - CVE-2018-1301
++  * SECURITY UPDATE: mod_cache_socache DoS
++    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++      to carriage return in modules/cache/mod_cache_socache.c.
++    - CVE-2018-1303
++  * SECURITY UPDATE: insecure nonce generation
++    - debian/patches/CVE-2018-1312.patch: actually use the secret when
++      generating nonces in modules/aaa/mod_auth_digest.c.
++    - CVE-2018-1312
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Apr 2018 07:38:24 -0400
++
++apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
++
++  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
++    - added debian/patches/util_ldap_cache_lock_fix.patch
++
++ -- Rafael David Tinoco <rafael.tinoco@canonical.com>  Fri, 02 Mar 2018 02:19:31 +0000
++
++apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
++
++  * Switch back to OpenSSL 1.1.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 06 Feb 2018 11:57:20 +0000
++
++apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
++
++  * enable http2 (LP: #1687454) by stopping to disable it
++    - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: no more removed.
++    - debian/rules: no more removed proxy_http2 from configure.
++  * d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 05 Dec 2017 17:25:39 +0100
++
++apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
++    - debian/control: switch BuildDepends to libssl1.0-dev
++    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
++    - debian/rules: remove openssl virtual package and logic
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Nov 2017 10:51:46 -0500
++
  apache2 (2.4.29-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -405,6 +914,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 16 Jul 2017 23:11:07 +0200
++apache2 (2.4.27-2ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: optionsbleed information leak
++    - debian/patches/CVE-2017-9798.patch: disallow method registration
++      at run time in server/core.c.
++    - CVE-2017-9798
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Sep 2017 11:05:48 -0400
++
++apache2 (2.4.27-2ubuntu2) artful; urgency=medium
++
++  * Undrop (LP 1658469):
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Aug 2017 13:04:45 -0400
++
++apache2 (2.4.27-2ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1702582). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 27 Jul 2017 13:38:39 -0700
++
  apache2 (2.4.27-2) unstable; urgency=medium
    * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -434,6 +984,55 @@ apache2 (2.4.25-4) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Tue, 20 Jun 2017 21:31:51 +0200
++apache2 (2.4.25-3ubuntu3) artful; urgency=medium
++
++  * Re-Drop (LP: #1658469):
++    - Don't build experimental http2 module for LTS:
++     + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++     + debian/config-dir/mods-available/http2.load: removed.
++     + debian/rules: removed proxy_http2 from configure.
++     + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 01 May 2017 09:55:11 -0700
++
++apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
++  * Undrop (LP 1658469):
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 10 Feb 2017 08:53:43 -0800
++
++apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1663425). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++   * Drop (LP: #1658469):
++     - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 09 Feb 2017 15:48:28 -0800
++
  apache2 (2.4.25-3) unstable; urgency=medium
    * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -495,6 +1094,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Wed, 21 Dec 2016 23:46:06 +0100
++apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
++      d/source/include-binaries: replace Debian with Ubuntu on default
++      page.
++      [ include-binaries change previously undocumented ]
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++        [ Previously undocumented ]
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++  * Drop:
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 09 Dec 2016 11:02:38 +0100
++
  apache2 (2.4.23-8) unstable; urgency=medium
    * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -505,6 +1137,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 20 Nov 2016 00:33:13 +0100
++apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Nov 2016 09:17:24 -0500
++
  apache2 (2.4.23-7) unstable; urgency=medium
    * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -619,6 +1278,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 10 Apr 2016 14:03:41 +0200
++apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
++
++  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
++    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
++      server/util_script.c.
++    - CVE-2016-5387
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Jul 2016 14:32:02 -0400
++
++apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
++
++  [ Ryan Harper ]
++  * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
++    introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
++    all, since http2 support is intentionally disabled (see LP 1531864).
++  * d/apache2.maintscript: handle removal of http2.load conffile.
++
++  [ Robie Basak ]
++  * Re-write Ryan's changelog entry.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 15 Apr 2016 18:00:57 +0000
++
++apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
++
++  * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
++    - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
++      unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
++      between systemctl status and actual state of apache2 daemon.
++    - d/apache2.install: place the apache2-systemd.conf file in the correct location.
++
++ -- Pierre-André MOREY <pierre-andre.morey@canonical.com>  Fri, 08 Apr 2016 11:48:00 +0200
++
++apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 06 Apr 2016 00:18:31 +0300
++
  apache2 (2.4.18-2) unstable; urgency=low
    * htcacheclean:
@@ -644,6 +1352,24 @@ apache2 (2.4.18-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 28 Mar 2016 21:58:54 +0200
++apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Jan 2016 15:15:22 -0500
++
  apache2 (2.4.18-1) unstable; urgency=medium
    * New upstream release:
@@ -651,12 +1377,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 19 Dec 2015 09:26:14 +0100
++apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 03 Dec 2015 10:07:35 -0500
++
  apache2 (2.4.17-3) unstable; urgency=medium
    * mpm_prefork: Fix segfault if started with -X. Closes: #805737
   -- Stefan Fritsch <sf@debian.org>  Mon, 23 Nov 2015 19:52:09 +0100
++apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Nov 2015 09:11:52 -0500
++
  apache2 (2.4.17-2) unstable; urgency=medium
    * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -667,6 +1429,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 31 Oct 2015 23:17:11 +0100
++apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++  * Drop patches (applied upstream):
++    - debian/patches/CVE-2015-3183.patch
++    - debian/patches/CVE-2015-3185.patch
++  * Drop changes (adopted in Debian):
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Don't build experimental http2 module for LTS
++    - debian/control: removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 30 Oct 2015 09:35:46 -0400
++
  apache2 (2.4.17-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -732,6 +1519,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 02 Aug 2015 00:44:07 +0200
++apache2 (2.4.12-2ubuntu2) wily; urgency=medium
++
++  * SECURITY UPDATE: request smuggling via chunked transfer encoding
++    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
++      modules/http/http_filters.c.
++    - CVE-2015-3183
++  * SECURITY UPDATE: access restriction bypass via deprecated API
++    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
++      in include/http_request.h, server/request.c.
++    - CVE-2015-3185
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Jul 2015 09:56:09 -0400
++
++apache2 (2.4.12-2ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Drop patches (applied upstream):
++    - d/p/split-logfile.patch
++    - d/p/CVE-2015-0228.patch
++  * Drop changes (superceded in Debian):
++    - Cherry-pick versioned build-depend on dpkg from Debian for correct
++      dpkg-maintscript-helper symlink_to_dir support.
++  * Drop changes (adopted in Debian):
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++  * Fix cross-building configure line in d/rules, which had bit-rotted in
++    previous merges.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 May 2015 16:34:00 +0000
++
  apache2 (2.4.12-2) unstable; urgency=medium
    [ Jean-Michel Nirgal Vourgère ]
@@ -781,6 +1611,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 15 Mar 2015 10:47:36 +0100
++apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
++      denial of service in mod_lua via websockets PING
++  * debian/tests/ssl-passphrase: Add password responder for
++    systemd-ask-passphrase.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 09 Mar 2015 12:03:16 +0100
++
  apache2 (2.4.10-9) unstable; urgency=medium
    * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -795,6 +1647,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Mon, 22 Dec 2014 20:24:36 +0100
++apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
++
++  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
++    directives
++    - debian/patches/CVE-2014-8109.patch: handle multiple Require
++      directives with different arguments in modules/lua/mod_lua.c.
++    - CVE-2014-8109
++  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
++    - debian/patches/CVE-2015-0228.patch: fix logic in
++      modules/lua/lua_request.c.
++    - CVE-2015-0228
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Mar 2015 10:56:34 -0500
++
++apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
++
++  * Allow "triggers-awaited" and "triggers-pending" states in addition to
++    "installed" when determining whether to defer actions or process
++    deferred actions (LP: #1393832).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 26 Nov 2014 11:31:44 +0000
++
++apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++  * Fixes from Debian included in merge:
++    - Crash caused by OCSP stapling code; this was erroneously
++      attributed to Debian in my previous merge, but actually only
++      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
++  * Cherry-pick versioned build-depend on dpkg from Debian for correct
++    dpkg-maintscript-helper symlink_to_dir support.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 21 Nov 2014 15:15:58 +0000
++
  apache2 (2.4.10-8) unstable; urgency=medium
    * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -809,6 +1709,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Tue, 18 Nov 2014 15:18:18 +0100
++apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++  * Fixes from Debian included in merge:
++    - Don't use a2query in preinst, as it may not be available yet
++      (LP: #1312533).
++    - Crash caused by OCSP stapling code (LP: #1366174).
++    - Disable SSLv3 in default config (LP: #1358305).
++    - If apache2 is not configured yet, defer actions executed via
++      apache2-maintscript-helper. This fixes installation failures if a
++      module package is configured first (LP: #1312854).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Mon, 17 Nov 2014 18:04:40 +0000
++
  apache2 (2.4.10-7) unstable; urgency=medium
    * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -892,6 +1819,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 21 Sep 2014 22:58:33 +0200
++apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install: Plymouth aware passphrase dialog program
++      ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 24 Jul 2014 15:13:16 +0000
++
  apache2 (2.4.10-1) unstable; urgency=medium
    [ Arno Töll ]
@@ -939,6 +1885,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 08 Jun 2014 10:38:04 +0200
++apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
++
++  * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
++    yet support building against lua 5.2 (LP: #1323930).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 28 May 2014 08:55:25 +0000
++
++apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/tests/ssl-passphrase: update for new default path /var/www/html.
++    - d/tests/duplicate-module-load: check for duplicate module loads.
++    - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
++    - d/p/split-logfile.patch: fix completely broken split-logfile command
++      (LP: #1299162). Thanks to Holger Mauermann.
++  * Drop changes (upstreamed):
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++  * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 May 2014 19:30:04 +0000
++
  apache2 (2.4.9-1) unstable; urgency=medium
    * New upstream version.
@@ -971,6 +1956,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 29 Mar 2014 22:50:32 +0100
++apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
++
++  * d/p/split-logfile.patch: fix completely broken split-logfile command
++    (LP: #1299162). Thanks to Holger Mauermann.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 03 Apr 2014 11:21:22 +0000
++
++apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
++
++  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
++    calculation
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - CVE-2013-6438
++  * SECURITY UPDATE: denial of service via truncated cookie and
++    mod_log_config
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++    - CVE-2014-0098
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Mar 2014 08:34:10 -0400
++
++apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
++
++  * d/index.html: replace Debian with Ubuntu on default page
++    (LP: #1288690).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 19 Mar 2014 11:04:21 +0000
++
++apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++  * Drop changes:
++    - debian/{control, rules}: Enable PIE hardening: no longer required;
++      2.4.7-1 is already hardened.
++    - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
++      out of this package.
++  * d/tests/ssl-passphrase: update for new default path /var/www/html.
++  * d/tests/duplicate-module-load: check for duplicate module loads.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Tue, 14 Jan 2014 17:23:47 +0000
++
  apache2 (2.4.7-1) unstable; urgency=low
    New upstream version
@@ -1034,6 +2076,53 @@ apache2 (2.4.6-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 12 Aug 2013 20:15:38 +0200
++apache2 (2.4.6-2ubuntu4) trusty; urgency=low
++
++  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
++    that it does not use files find inside the .pc directory. This stops a
++    double module load causing later havoc, including "ChrootDir" directive
++    failure (LP: #1251939). Thanks to Stefan Fritsch.
++  * d/tests/chroot: dep8 test for ChrootDir case.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 Nov 2013 16:21:51 +0000
++
++apache2 (2.4.6-2ubuntu3) trusty; urgency=low
++
++  * debian/apache2.install: Correct path for ufw.
++    (LP: #1252722)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 19 Nov 2013 08:59:54 -0500
++
++apache2 (2.4.6-2ubuntu2) saucy; urgency=low
++
++  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
++    passphrase prompting for SSL certificates that are passphrase protected.
++  * Add dep8 test for SSL passphrase prompting.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 Aug 2013 13:08:52 +0000
++
++apache2 (2.4.6-2ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/control, debian/config-dir/mods-available/ssl.conf,
++      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
++      passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++  * Dropped changes:
++    - debian/patches/CVE-2013-1896.patch: upstream
++  * Fixed module dependencies (LP: #1205314)
++    - debian/config-dir/mods-available/lbmethod_*: properly specify
++      proxy_balancer, not mod_proxy_balancer.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 Jul 2013 08:31:33 -0400
++
  apache2 (2.4.6-2) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -1086,6 +2175,56 @@ apache2 (2.4.6-1) unstable; urgency=low
   -- Arno Töll <arno@debian.org>  Sun, 21 Jul 2013 18:44:42 +0200
++apache2 (2.4.4-6ubuntu5) saucy; urgency=low
++
++  * SECURITY UPDATE: denial of service via MERGE request
++    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
++      in modules/dav/main/mod_dav.c.
++    - CVE-2013-1896
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Jul 2013 11:20:47 -0400
++
++apache2 (2.4.4-6ubuntu4) saucy; urgency=low
++
++  * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
++    apache2-bin. apache2-utils is only suggested by apache2, so may not
++    always be installed by bug reporters. However, apache2-bin will always
++    need to be installed for Apache to be functional, so this is a better
++    place for the apport hook. apache2-bin already Conflicts/Replaces
++    apache2.2-common, so this also fixes (LP: #1199318).
++  * d/apache2.py: adjust apport hook for new location of configuration
++    files in apache2 >= 2.4: they have moved from apache2.2-common to
++    apache2.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 17 Jul 2013 17:54:22 +0000
++
++apache2 (2.4.4-6ubuntu3) saucy; urgency=low
++
++  * Build using lua5.2.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Jul 2013 14:24:42 +0200
++
++apache2 (2.4.4-6ubuntu2) saucy; urgency=low
++
++  * debian/rules: Fix FTBFS while installing ufw.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 10:10:14 -0500
++
++apache2 (2.4.4-6ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 08:34:01 -0500
++
  apache2 (2.4.4-6) unstable; urgency=low
    * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1557,6 +2696,122 @@ apache2 (2.4.1-1) experimental; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 19 Mar 2012 10:46:02 +0100
++apache2 (2.2.22-6ubuntu5) raring; urgency=low
++
++  * SECURITY UPDATE: multiple cross-site scripting issues
++    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
++      modules/generators/{mod_info.c,mod_status.c},
++      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
++      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
++    - CVE-2012-3499
++    - CVE-2012-4558
++  * SECURITY UPDATE: symlink attack in apache2ctl script
++    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
++    - Thanks to Stefan Fritsch for the fix.
++    - CVE-2013-1048
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 15 Mar 2013 07:59:58 -0400
++
++apache2 (2.2.22-6ubuntu4) raring; urgency=low
++
++  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
++  * Skip module sanity check between MPMs if cross-building without the
++    kernel/binfmt support to run our target binaries on the build system.
++  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 05 Dec 2012 02:21:46 -0700
++
++apache2 (2.2.22-6ubuntu3) raring; urgency=low
++
++  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
++    - debian/patches/CVE-2012-2687.patch: escape filenames in
++      modules/mappers/mod_negotiation.c.
++    - CVE-2012-2687
++  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
++    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
++      directive. Defaults to off as enabling compression enables the CRIME
++      attack.
++    - CVE-2012-4929
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 08 Nov 2012 17:56:24 -0500
++
++apache2 (2.2.22-6ubuntu2) quantal; urgency=low
++
++  * debian/apache2.py
++   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
++   - Check if this directory exists: /etc/apache2/sites-enabled/
++
++ -- Matthieu Baerts (matttbe) <matttbe@gmail.com>  Mon, 16 Jul 2012 10:02:18 +0200
++
++apache2 (2.2.22-6ubuntu1) quantal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/control: Add bzr tag and point it to our tree; this is not
++      really required and just increases the delta.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 08 Jun 2012 11:37:31 +0100
++
++apache2 (2.2.22-6) unstable; urgency=low
++
++  [ Stefan Fritsch ]
++  * Fix regression causing apache2 to cache "206 partial content" responses,
++    and then serving these partial responses when replying to normal requests.
++    Closes: #671204
++  * Add section to security.conf that shows how to forbid access to VCS
++    directories. Closes: #548213
++  * Update ssl default cipher config, add alternative speed optimized config.
++    Closes: #649020
++  * Add "AddCharset" for .brf files in default mod_mime config.
++    Closes: #402567
++  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
++    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
++  * Port some of the comments in apache2.conf from the 2.4 package.
++  * Compile mod_version statically, drop associated module load file.
++  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
++    configtest.
++  * Note in README.Debian that future versions of the package will have the
++    include statements changed to include only *.conf.
++  * Change compiled-in document root to /var/www, to avoid strange error
++    messages.
++  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
++
++  [ Arno Töll ]
++  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
++    to override LDFLAGS at compile time by defining LDLAGS in the environment,
++    just like it is possible for CFLAGS. This also means, config_vars.mk now
++    exports hardening build flags by default.
++  * Update doc-base metadata for the apache2-doc package.
++
++ -- Stefan Fritsch <sf@debian.org>  Tue, 29 May 2012 22:05:48 +0200
++
++apache2 (2.2.22-5) unstable; urgency=low
++
++  * Make LoadFile and LoadModule look in the standard search paths if the
++    dso file name is given as a pure filename. This helps with the multi-arch
++    transition.
++
++ -- Stefan Fritsch <sf@debian.org>  Mon, 30 Apr 2012 23:38:33 +0200
++
++apache2 (2.2.22-4) unstable; urgency=high
++
++  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
++    hosts' config files.
++    If scripting modules like mod_php or mod_rivet are enabled on systems
++    where either 1) some frontend server forwards connections to an apache2
++    backend server on the localhost address, or 2) the machine running
++    apache2 is also used for web browsing, this could allow a remote
++    attacker to execute example scripts stored under /usr/share/doc.
++    Depending on the installed packages, this could lead to issues like cross
++    site scripting, code execution, or leakage of sensitive data.
++
++ -- Stefan Fritsch <sf@debian.org>  Sun, 15 Apr 2012 23:41:43 +0200
++
  apache2 (2.2.22-3) unstable; urgency=low
    * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1577,6 +2832,18 @@ apache2 (2.2.22-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 15 Mar 2012 00:02:31 +0100
++apache2 (2.2.22-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 12 Feb 2012 20:06:35 -0500
++
  apache2 (2.2.22-1) unstable; urgency=low
     [ Stefan Fritsch ]
@@ -1594,6 +2861,18 @@ apache2 (2.2.22-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 01 Feb 2012 21:49:04 +0100
++apache2 (2.2.21-5ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++
  apache2 (2.2.21-5) unstable; urgency=low
    [ Arno Töll ]
@@ -1647,6 +2926,26 @@ apache2 (2.2.21-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 29 Dec 2011 12:09:14 +0100
++apache2 (2.2.21-3ubuntu2) precise; urgency=low
++
++  * d/ask-for-passphrase: Flip the logic of this script so that it checks
++    first to see if apache is being started from a TTY, and then if not,
++    tries plymouth. (LP: #887410)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 06 Dec 2011 16:49:33 -0800
++
++apache2 (2.2.21-3ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 05:20:43 +0000
++
  apache2 (2.2.21-3) unstable; urgency=medium
    * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1661,6 +2960,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 03 Dec 2011 18:54:03 +0100
++apache2 (2.2.21-2ubuntu2) precise; urgency=low
++
++  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 02 Dec 2011 17:36:28 -0700
++
++apache2 (2.2.21-2ubuntu1) precise; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 14 Oct 2011 16:01:29 +0000
++
  apache2 (2.2.21-2) unstable; urgency=high
    * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1678,6 +2995,19 @@ apache2 (2.2.21-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 26 Sep 2011 18:16:11 +0200
++apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
++    Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 06 Sep 2011 01:17:15 -0700
++
  apache2 (2.2.20-1) unstable; urgency=low
    * New upstream release.
@@ -1700,6 +3030,18 @@ apache2 (2.2.19-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 29 Aug 2011 17:08:17 +0200
++apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable (LP: #787013). Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Andres Rodriguez <andreserl@ubuntu.com>  Mon, 23 May 2011 10:16:09 -0400
++
  apache2 (2.2.19-1) unstable; urgency=low
    * New upstream release.
@@ -1717,6 +3059,18 @@ apache2 (2.2.19-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 22 May 2011 10:21:21 +0200
++apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 11 Apr 2011 02:13:30 +0100
++
  apache2 (2.2.17-3) unstable; urgency=low
    * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1743,6 +3097,18 @@ apache2 (2.2.17-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 21 Mar 2011 23:01:17 +0100
++apache2 (2.2.17-1ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 22 Feb 2011 13:02:08 -0500
++
  apache2 (2.2.17-1) unstable; urgency=low
    * New upstream version
@@ -1751,6 +3117,32 @@ apache2 (2.2.17-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 15 Feb 2011 23:30:18 +0100
++apache2 (2.2.16-6ubuntu3) natty; urgency=low
++
++  * debian/rules: Don't use "-fno-strict-aliasing" since it causes
++    apache FTBFS on amd64. (LP: #711293)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 01 Feb 2011 10:19:55 -0500
++
++apache2 (2.2.16-6ubuntu2) natty; urgency=low
++
++  * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
++   (LP: #697105)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 25 Jan 2011 11:14:58 -0500
++
++apache2 (2.2.16-6ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 02 Jan 2011 06:05:51 +0000
++
  apache2 (2.2.16-6) unstable; urgency=low
    * Also add $named to the secondary-init-script example.
@@ -1766,6 +3158,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 31 Dec 2010 01:22:19 +0100
++apache2 (2.2.16-4ubuntu2) natty; urgency=low
++
++  [Clint Byrum]
++  * Adding plymouth aware passphrase dialog program ask-for-passphrase.
++    (LP: #582963)
++    + debian/control: apache2.2-common depends on bash for ask-for-passphrase
++    + debian/config-dir/mods-available/ssl.conf:
++      - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
++
++  [Chuck Short]
++  * Add apport hook. (LP: #609177)
++    + debian/apache2.py, debian/apache2.2-common.install
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:43 -0500
++
++apache2 (2.2.16-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:41 -0500
++
  apache2 (2.2.16-4) unstable; urgency=medium
    * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1776,6 +3192,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Nov 2010 19:05:55 +0100
++apache2 (2.2.16-3ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 12 Oct 2010 11:54:48 +0100
++
  apache2 (2.2.16-3) unstable; urgency=high
    * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1798,6 +3223,30 @@ apache2 (2.2.16-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 29 Aug 2010 15:29:21 +0200
++apache2 (2.2.16-1ubuntu3) maverick; urgency=low
++
++  * Revert "stty sane" to unbreak apache starting, this will have to be
++    fixed a different way. (LP: #626723)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 08 Sep 2010 08:33:17 -0400
++
++apache2 (2.2.16-1ubuntu2) maverick; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
++    password prompt when using apache-ssl. (LP: #582963)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 25 Aug 2010 09:25:05 -0400
++
++apache2 (2.2.16-1ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Jul 2010 20:21:37 +0100
++
  apache2 (2.2.16-1) unstable; urgency=medium
    * Urgency medium for security fix.
@@ -1830,6 +3279,24 @@ apache2 (2.2.15-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jul 2010 23:41:08 +0200
++apache2 (2.2.15-5ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++    + Dropped:
++      - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
++      - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
++      - debian/config-dir/apache2.conf: Merged back from debian.
++      - mod-reqtimeout functionality: Merge back from debian.
++      - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
++      - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
++      - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 May 2010 01:28:04 +0100
++
  apache2 (2.2.15-5) unstable; urgency=low
    * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -1950,6 +3417,80 @@ apache2 (2.2.14-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Feb 2010 17:29:45 +0100
++apache2 (2.2.14-5ubuntu8) lucid; urgency=low
++
++  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
++    (LP: #562370)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 13 Apr 2010 15:09:57 -0400
++
++apache2 (2.2.14-5ubuntu7) lucid; urgency=low
++
++  * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
++    leaks by making sure to not destroy bucket brigades that have been created
++    by earlier filters. Backported from 2.2.15.
++  * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
++    has reached MaxClients until it has. Backported from 2.2.15
++  * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
++    more secure by adding Satisfy all. (Debian bug: #572075)
++  * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
++    debian/config2-dir/mods-available/reqtimeout.load,
++    debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
++    mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
++    bug in apache. Enable it by default. (LP: #392759)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 05 Apr 2010 09:53:35 -0400
++
++apache2 (2.2.14-5ubuntu6) lucid; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 09:41:11 -0400
++
++apache2 (2.2.14-5ubuntu5) lucid; urgency=low
++
++  * Revert 99-fix-mod-dav-permissions.dpatch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 07:55:46 -0400
++
++apache2 (2.2.14-5ubuntu4) lucid; urgency=low
++
++  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
++    downloading files from webdav (LP: #540747)
++  * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 29 Mar 2010 13:37:39 -0400
++
++apache2 (2.2.14-5ubuntu3) lucid; urgency=low
++
++  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
++    - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
++      in modules/proxy/mod_proxy_ajp.c.
++    - CVE-2010-0408
++  * SECURITY UPDATE: information disclosure via improper handling of
++    headers in subrequests
++    - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
++      in server/protocol.c.
++    - CVE-2010-0434
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Mar 2010 14:48:48 -0500
++
++apache2 (2.2.14-5ubuntu2) lucid; urgency=low
++
++  * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
++    wacky options. (LP: #450501)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 08 Mar 2010 14:53:17 -0500
++
++apache2 (2.2.14-5ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing.  Remaining changes: LP: #506862
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Wed, 13 Jan 2010 14:28:41 +0530
++
  apache2 (2.2.14-5) unstable; urgency=low
    * Security: Further mitigation for the TLS renegotation attack
@@ -1973,6 +3514,15 @@ apache2 (2.2.14-5) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sat, 02 Jan 2010 22:44:15 +0100
++apache2 (2.2.14-4ubuntu1) lucid; urgency=low
++
++  * Resynchronzie with Debian, remaining changes are:
++   - debian/{control, rules}: Enable PIE hardening.
++   - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++   - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 23 Dec 2009 14:44:51 -0500
++
  apache2 (2.2.14-4) unstable; urgency=low
    * Disable localized error pages again by default because they break
@@ -2023,6 +3573,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 07 Nov 2009 14:37:37 +0100
++apache2 (2.2.14-1ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/conrol: Add bzr tag and point it to our tree.
++    - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++      Already applied upstream.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Nov 2009 00:29:03 +0000
++
  apache2 (2.2.14-1) unstable; urgency=low
    * New upstream version:
@@ -2057,6 +3618,24 @@ apache2 (2.2.13-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 31 Aug 2009 20:28:56 +0200
++apache2 (2.2.12-1ubuntu2) karmic; urgency=low
++
++  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++    - Fix potential segfaults with the use of the legacy ap_rputs() etc
++      interfaces, in cases where an output filter fails. This happens
++      frequently after CVE-2009-1891 got fixed. (LP: #409987)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Aug 2009 15:38:47 -0400
++
++apache2 (2.2.12-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++    - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 04 Aug 2009 20:04:24 +0100
++
  apache2 (2.2.12-1) unstable; urgency=low
    * New upstream release:
@@ -2104,6 +3683,16 @@ apache2 (2.2.12-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 04 Aug 2009 11:02:34 +0200
++apache2 (2.2.11-7ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes: LP: #398130
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 11 Jul 2009 16:34:32 +0530
++
  apache2 (2.2.11-7) unstable; urgency=low
    * Security fixes:
@@ -2118,6 +3707,16 @@ apache2 (2.2.11-7) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 10 Jul 2009 22:42:57 +0200
++apache2 (2.2.11-6ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 09 Jun 2009 01:01:23 +0100
++
  apache2 (2.2.11-6) unstable; urgency=high
    * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2126,6 +3725,16 @@ apache2 (2.2.11-6) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 08 Jun 2009 19:22:58 +0200
++apache2 (2.2.11-5ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Wed, 03 Jun 2009 14:10:54 +1200
++
  apache2 (2.2.11-5) unstable; urgency=low
    * Move all binaries into a new package apache2.2-bin and make
@@ -2174,6 +3783,16 @@ apache2 (2.2.11-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 19 May 2009 22:55:27 +0200
++apache2 (2.2.11-3ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Tue, 12 May 2009 16:15:34 +1200
++
  apache2 (2.2.11-3) unstable; urgency=low
    * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2182,6 +3801,21 @@ apache2 (2.2.11-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 31 Mar 2009 21:07:26 +0200
++apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
++
++  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 01 Apr 2009 11:39:17 -0400
++
++apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{contro,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sat, 17 Jan 2009 00:02:55 +0000
++
  apache2 (2.2.11-2) unstable; urgency=low
    * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2191,6 +3825,14 @@ apache2 (2.2.11-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jan 2009 19:01:59 +0100
++apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 15 Dec 2008 00:06:50 +0000
++
  apache2 (2.2.11-1) unstable; urgency=low
    [Thom May]
@@ -2205,6 +3847,14 @@ apache2 (2.2.11-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Dec 2008 09:34:24 +0100
++apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes: (LP: #303375)
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 29 Nov 2008 14:02:31 +0530
++
  apache2 (2.2.9-11) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy:
@@ -2219,6 +3869,14 @@ apache2 (2.2.9-11) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 26 Nov 2008 23:10:22 +0100
++apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 Nov 2008 02:23:18 -0400
++
  apache2 (2.2.9-10) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy_http:
@@ -2249,6 +3907,27 @@ apache2 (2.2.9-8) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 11 Sep 2008 09:17:33 +0200
++apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
++
++  * Revert logrotate change since it will break it for everyone.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 19 Sep 2008 09:32:01 -0400
++
++apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
++
++  * debian/logrotate: Restart rather than reload for busy websites.
++    (LP: #270899)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 18 Sep 2008 08:42:22 -0400
++
++apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 28 Aug 2008 08:10:59 -0700
++
  apache2 (2.2.9-7) unstable; urgency=low
    * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2291,6 +3970,23 @@ apache2 (2.2.9-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 06 Jul 2008 10:38:37 +0200
++apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
++
++  * add ufw integration (see
++    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
++    (LP: #261198)
++    - debian/control: suggest ufw for apache2.2-common
++    - add apache2.2-common.ufw.profile with 3 profiles and install it to
++      /etc/ufw/applications.d/apache2.2-common
++
++ -- Didier Roche <didrocks@ubuntu-fr.org>  Tue, 26 Aug 2008 19:03:42 +0200
++
++apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
++
++  * debian/{control,rules}: enable PIE hardening
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 20 Aug 2008 15:45:00 -0700
++
  apache2 (2.2.9-3) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -3861,9 +5557,7 @@ apache2 (2.0.37-1) unstable; urgency=low
   -- Thom May <thom@debian.org>  Thu, 13 Jun 2002 17:47:12 +0100
  apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
--
    * New upstream release
--
   -- Thom May <thom@debian.org>  Wed,  5 Jun 2002 12:42:34 +0100
  apache2 (2.0.36-2) unstable; urgency=low
@@ -4371,3 +6065,4 @@ apache2 (2.0.18-1) unstable; urgency=low
    * Initial Release.
   -- Daniel Stone <daniel@sfarc.net>  Wed,  4 Jul 2001 21:29:29 +1000
++
 diff --git a/debian/control b/debian/control
 index 11d92ea..a86d804 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,5 +1,6 @@
  Source: apache2
--Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
  Uploaders: Stefan Fritsch <sf@debian.org>,
             Arno Töll <arno@debian.org>,
             Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
  Recommends: ssl-cert
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
--          www-browser
++          www-browser,
++          ufw
  Pre-Depends: dpkg (>= 1.17.14),
               ${misc:Pre-Depends}
  Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
 diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
 new file mode 100644
 index 0000000..4db2fa1
 Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
 diff --git a/debian/index.html b/debian/index.html
 index 766401d..96ed444 100644
 --- a/debian/index.html
 +++ b/debian/index.html
@@ -1,9 +1,14 @@
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
++  <!--
++    Modified from the Debian original for Ubuntu
++    Last updated: 2016-11-16
++    See: https://launchpad.net/bugs/1288690
++  -->
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
--    <title>Apache2 Debian Default Page: It works</title>
++    <title>Apache2 Ubuntu Default Page: It works</title>
      <style type="text/css" media="screen">
    * {
      margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
    <body>
      <div class="main_page">
        <div class="page_header floating_element">
--        <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>
++        <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
          <span class="floating_element">
--          Apache2 Debian Default Page
++          Apache2 Ubuntu Default Page
          </span>
        </div>
  <!--      <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
          <div class="content_section_text">
            <p>
                  This is the default welcome page used to test the correct
--                operation of the Apache2 server after installation on Debian systems.
++                operation of the Apache2 server after installation on Ubuntu systems.
++                It is based on the equivalent page on Debian, from which the Ubuntu Apache
++                packaging is derived.
                  If you can read this page, it means that the Apache HTTP server installed at
                  this site is working properly. You should <b>replace this file</b> (located at
                  <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Debian's Apache2 default configuration is different from the
++                Ubuntu's Apache2 default configuration is different from the
                  upstream default configuration, and split into several files optimized for
--                interaction with Debian tools. The configuration system is
++                interaction with Ubuntu tools. The configuration system is
                  <b>fully documented in
                  /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
                  documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
            </p>
            <p>
--                The configuration layout for an Apache2 web server installation on Debian systems is as follows:
++                The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
            </p>
            <pre>
  /etc/apache2/
@@ -324,7 +331,7 @@
          <div class="content_section_text">
              <p>
--                By default, Debian does not allow access through the web browser to
++                By default, Ubuntu does not allow access through the web browser to
                  <em>any</em> file apart of those located in <tt>/var/www</tt>,
                  <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
                  directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
                  document root directory in <tt>/etc/apache2/apache2.conf</tt>.
              </p>
              <p>
--                The default Debian document root is <tt>/var/www/html</tt>. You
++                The default Ubuntu document root is <tt>/var/www/html</tt>. You
                  can make your own virtual hosts under /var/www. This is different
                  to previous releases which provides better security out of the box.
              </p>
@@ -345,9 +352,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Please use the <tt>reportbug</tt> tool to report bugs in the
--                Apache2 package with Debian. However, check <a
--                href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"
++                Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
++                Apache2 package with Ubuntu. However, check <a
++                href="https://bugs.launchpad.net/ubuntu/+source/apache2"
                  rel="nofollow">existing bug reports</a> before reporting a new bug.
            </p>
            <p>
 diff --git a/debian/perl-framework/t/apache/expr_string.t b/debian/perl-framework/t/apache/expr_string.t
 index a9115ee..66b0903 100644
 --- a/debian/perl-framework/t/apache/expr_string.t
 +++ b/debian/perl-framework/t/apache/expr_string.t
@@ -7,6 +7,8 @@ use Apache::TestUtil qw(t_write_file t_start_error_log_watch t_finish_error_log_
  use File::Spec;
++use Time::HiRes qw(usleep);
++
  # test ap_expr
  Apache::TestRequest::user_agent(keep_alive => 1);
@@ -62,6 +64,8 @@ foreach my $t (@test_cases) {
                         'SomeHeader' => 'SomeValue',
                         'User-Agent' => 'SomeAgent',
                         'Referer'    => 'SomeReferer');
++    ### Sleep here, attempt to avoid intermittent failures. (LP: #1890302)
++    usleep(250000);
      my @loglines = t_finish_error_log_watch();
      my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i
 diff --git a/debian/source/include-binaries b/debian/source/include-binaries
 index d617b1d..823d9c0 100644
 --- a/debian/source/include-binaries
 +++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
  debian/icons/odf6ots-20x22.png
  debian/icons/odf6ott-20x22.png
  debian/icons/openlogo-75.png
++debian/icons/ubuntu-logo.png
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml
 diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
 new file mode 100644
 index 0000000..6bc9125
 --- /dev/null
 +++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
++#!/bin/sh
++set -uxe
++
++# http2 is rather new, check that it at least generally works
++# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
++
++a2enmod http2
++a2enmod ssl
++a2ensite default-ssl
++# Enable globally
++echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
++service apache2 restart
++
++# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
++# wget on Debian gives me:
++#    GnuTLS: A TLS warning alert has been received.
++#    Unable to establish SSL connection.
++# Presumably this is due to the self-signed certificate, but I'm not sure how
++# to skip the warning with wget. curl will do for now.
++echo "Hello, world!" > /var/www/html/hello.txt
++
++testapache () {
++    cmd="${1}"
++    result=$(${cmd})
++
++    if [ "$result" != "Hello, world!" ]; then
++        echo "Unexpected result: ${result}" >&2
++        exit 1
++    else
++        echo OK
++    fi
++}
++
++# https shall not affect http
++testapache "curl -s -k http://localhost/hello.txt"
++# https shall not affect https
++testapache "curl -s -k https://localhost/hello.txt"
++#plain http2
++testapache "nghttp --no-verify-peer https://localhost/hello.txt"
++#http2 upgrade
++testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
 diff --git a/debian/tests/control b/debian/tests/control
 index be79f60..37ae2ca 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -23,6 +23,10 @@ Tests: ssl-passphrase
  Restrictions: needs-root allow-stderr breaks-testbed
  Depends: apache2, curl, expect, ssl-cert
++Tests: check-http2
++Restrictions: needs-root allow-stderr breaks-testbed
++Depends: apache2, curl, ssl-cert, nghttp2-client
++
  Tests: chroot
  Features: no-build-needed
  Restrictions: needs-root allow-stderr breaks-testbed

Ubuntuapache2 package

Merge ~bryce/ubuntu/+source/apache2:merge-v2.4.46-4-hirsute into ubuntu/+source/apache2:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
apache2 package