Ubuntu
apache2 package

Merge ~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish into ubuntu/+source/apache2:debian/sid

Proposed by Bryce Harrington on 2021-07-09

Status:	Merged
Approved by:	Bryce Harrington on 2021-07-14
Approved revision:	ed8d6792d1bff487a02b67f2995ad030e05a42c2
Merge reported by:	Bryce Harrington
Merged at revision:	ed8d6792d1bff487a02b67f2995ad030e05a42c2
Proposed branch:	~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish
Merge into:	ubuntu/+source/apache2:debian/sid
Diff against target:	2517 lines (+1892/-34) 11 files modified debian/apache2-bin.install (+1/-0) debian/apache2-utils.ufw.profile (+14/-0) debian/apache2.dirs (+1/-0) debian/apache2.install (+1/-0) debian/apache2.postrm (+1/-0) debian/apache2.py (+48/-0) debian/apache2ctl (+33/-18) debian/changelog (+1769/-2) debian/control (+4/-2) debian/index.html (+19/-12) debian/source/include-binaries (+1/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Utkarsh Gupta (community)	2021-07-09	Approve on 2021-07-14
Canonical Server	2021-07-09	Pending
Canonical Server packageset reviewers	2021-07-09	Pending
Review via email: mp+405429@code.launchpad.net

Description of the change

Pretty standard merge of apache, good chunk of the delta is able to drop. Remainder of delta is ubuntu-specific, but I've added bug #'s for each change to facilitate future review in case we want to look at it more. Debian has been active at pulling the changes they care about from us proactively.

I verified the package builds and the autopkgtests pass locally for me, and that the usual tags are pushed:
https://git.launchpad.net/~bryce/ubuntu/+source/apache2?h=merge-v2.4.48-3-impish

PPA: https://launchpad.net/~bryce/+archive/ubuntu/apache2-merge-v2.4.48-3

Revision history for this message

Utkarsh Gupta (utkarsh) wrote on 2021-07-10:

[Since I started to take a look at it, I'll complete this on Monday]

Revision history for this message

Utkarsh Gupta (utkarsh) wrote on 2021-07-14:

* Changelog:
  - [✓] old/ubuntu and the split tag match as expected
  - [✓] changelog entry correct version and targeted codename
  - [✓] changelog entries correct

Although I'd personally prefer to squash the last commit with the 3rd last one, that is, "changelog reformatting for release" with "reconstruct-changelog". This is also noted in the PackageMerging.md in the maintainer's handbook. That said, it's really trivial so I'll let you decide if you want to do that or not.

- [✓] update-maintainer has been run

* Old Delta:
  - [✓] dropped changes are ok to be dropped
  - [?] nothing else to drop
  - [?] changes forwarded upstream/debian (if appropriate)

For the last two points here, the remaining delta isn't forwarded but you have mentioned that all of it is Ubuntu-specific, so I believe ya. And indeed, apport stuff and f4b8b766a27bc06df1f2149738c0022b53d33735 are indeed Ubuntu-specific. I haven't checked the rest but I assume you already did and so it's not worth forwarding!

* Build/Test:
  - [✓] build is ok
  - [✓] verified PPA package installs/uninstalls
  - [✓] autopkgtest against the PPA package passes
  - [-] sanity checks test fine

Except for 1 trivial comment about the d/ch entry, things look good. +1. Thank you! \o/

review: Approve

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-07-14:

I'm experimenting with keeping my manual changelog changes separated from the ones mechanically generated by git-ubuntu. So, I squashed all my hand edits into that last commit. Ultimately, all the "changelog*" commits will get deleted next merge, so it's a bit irrelevant how they're organized, except if it makes reviewing easier or harder.

As to the forwarding, yeah like I mention Debian seems to give good attention at proactively pulling what they want from us for this package. From what I can see, the items in our delta would at least need some generalization/rework to make them worth carrying for Debian.

Thanks for the review!

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-07-14:

$ git ubuntu tag --upload
$ git push pkg upload/2.4.48-3ubuntu1
Enumerating objects: 70, done.
Counting objects: 100% (70/70), done.
Delta compression using up to 12 threads
Compressing objects: 100% (47/47), done.
Writing objects: 100% (54/54), 27.41 KiB | 2.11 MiB/s, done.
Total 54 (delta 36), reused 11 (delta 7)
To ssh://git.launchpad.net/ubuntu/+source/apache2
* [new tag] upload/2.4.48-3ubuntu1 -> upload/2.4.48-3ubuntu1

$ dput ubuntu apache2_2.4.48-3ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: /home/bryce/pkg/Apache2/merge-v2.4.48-3/apache2_2.4.48-3ubuntu1_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: /home/bryce/pkg/Apache2/merge-v2.4.48-3/apache2_2.4.48-3ubuntu1.dsc: Valid signature from E603B2578FB8F0FB
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.48-3ubuntu1.dsc: done.
  Uploading apache2_2.4.48.orig.tar.gz: done.
  Uploading apache2_2.4.48-3ubuntu1.debian.tar.xz: done.
  Uploading apache2_2.4.48-3ubuntu1_source.buildinfo: done.
  Uploading apache2_2.4.48-3ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-07-23:

apache2 | 2.4.48-3ubuntu1 | impish | source

This has transitioned.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Bryce Harrington

git-ubuntu developers

 diff --git a/debian/apache2-bin.install b/debian/apache2-bin.install
 index 63c573f..3d1bdf1 100644
 --- a/debian/apache2-bin.install
 +++ b/debian/apache2-bin.install
@@ -1,2 +1,3 @@
  /usr/lib/apache2/modules/
  /usr/sbin/apache2
++debian/apache2.py usr/share/apport/package-hooks
 diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
 new file mode 100644
 index 0000000..974a655
 --- /dev/null
 +++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
++[Apache]
++title=Web Server
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80/tcp
++
++[Apache Secure]
++title=Web Server (HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=443/tcp
++
++[Apache Full]
++title=Web Server (HTTP,HTTPS)
++description=Apache v2 is the next generation of the omnipresent Apache web server.
++ports=80,443/tcp
 diff --git a/debian/apache2.dirs b/debian/apache2.dirs
 index 6089013..1aa6d3c 100644
 --- a/debian/apache2.dirs
 +++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
  var/lib/apache2
  var/log/apache2
  var/www/html
++/etc/ufw/applications.d/apache2
 diff --git a/debian/apache2.install b/debian/apache2.install
 index b6ad789..92865fc 100644
 --- a/debian/apache2.install
 +++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf			/etc/apache2
  debian/config-dir/envvars			/etc/apache2
  debian/config-dir/magic				/etc/apache2
  debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
++debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
 diff --git a/debian/apache2.postrm b/debian/apache2.postrm
 index a68583c..b0e5d7b 100644
 --- a/debian/apache2.postrm
 +++ b/debian/apache2.postrm
@@ -33,6 +33,7 @@ is_default_index_html () {
 a94e5a174dc2396c0f3f6b6a74
  		c481228d439cbb54bdcedbaec5bbb11a
  		e2620d4a5a0f8d80dd4b16de59af981f
++		3526531ccd6c6a1d2340574a305a18f8
  	EOF
+ }
 diff --git a/debian/apache2.py b/debian/apache2.py
 new file mode 100644
 index 0000000..a9fb9d8
 --- /dev/null
 +++ b/debian/apache2.py
@@ -0,0 +1,48 @@
++#!/usr/bin/python
++
++'''apport hook for apache2
++
++(c) 2010 Adam Sommer.
++Author: Adam Sommer <asommer@ubuntu.com>
++
++This program is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published by the
++Free Software Foundation; either version 2 of the License, or (at your
++option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
++the full text of the license.
++'''
++
++from apport.hookutils import *
++import os
++
++SITES_ENABLED_DIR = '/etc/apache2/sites-enabled/'
++
++def add_info(report, ui):
++    if os.path.isdir(SITES_ENABLED_DIR):
++        response = ui.yesno("The contents of your " + SITES_ENABLED_DIR + " directory "
++                            "may help developers diagnose your bug more "
++                            "quickly.  However, it may contain sensitive "
++                            "information.  Do you want to include it in your "
++                            "bug report?")
++
++        if response == None: # user cancelled
++            raise StopIteration
++
++        elif response == True:
++            # Attache config files in /etc/apache2/sites-enabled and listing of files in /etc/apache2/conf.d
++            for conf_file in os.listdir(SITES_ENABLED_DIR):
++                attach_file_if_exists(report, SITES_ENABLED_DIR + conf_file, conf_file)
++
++    try:
++        report['Apache2ConfdDirListing'] = str(os.listdir('/etc/apache2/conf.d'))
++    except OSError:
++        report['Apache2ConfdDirListing'] = str(False)
++
++    # Attach default config files if changed.
++    attach_conffiles(report, 'apache2', conffiles=None)
++
++    # Attach the error.log file.
++    attach_file(report, '/var/log/apache2/error.log', key='error.log')
++
++    # Get loaded modules.
++    report['Apache2Modules'] = root_command_output(['/usr/sbin/apachectl', '-D DUMP_MODULES'])
 diff --git a/debian/apache2ctl b/debian/apache2ctl
 index 404b9f9..02f3bca 100755
 --- a/debian/apache2ctl
 +++ b/debian/apache2ctl
@@ -143,6 +143,21 @@ mkdir_chown () {
      fi
+ }
++need_systemd () {
++    # Detect if systemd is in use and should be used for managing
++    # the Apache2 httpd service.  Returns 0 if so, 1 otherwise.
++    if [ -z "${APACHE_STARTED_BY_SYSTEMD}" ]; then
++	case "$(readlink -f /proc/1/exe)" in
++	    *systemd*)
++		return 0
++		;;
++	esac
++	# With Docker, /proc/1 is not necessarily an init system,
++	# so fallback to checking in /run.
++        [ -d /run/systemd/system ]
++    fi
++    return 1
++}
  [ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
  [ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
@@ -153,38 +168,38 @@ start)
      # (this is bad if there are several apache2 instances running)
      rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*
--    need_systemd=false
--    if [ -z "$APACHE_STARTED_BY_SYSTEMD" ] ; then
--        case "$(readlink -f /proc/1/exe)" in
--        *systemd*)
--            need_systemd=true
--            ;;
--        *)
--            ;;
--        esac
--    fi
--    if $need_systemd ; then
++    if need_systemd; then
          # If running on systemd we should not start httpd without systemd
          # or systemd will get confused about the status of httpd.
--        echo "Invoking 'systemctl start $APACHE_SYSTEMD_SERVICE'."
--        echo "Use 'systemctl status $APACHE_SYSTEMD_SERVICE' for more info."
--        systemctl start "$APACHE_SYSTEMD_SERVICE"
++        echo "Invoking 'systemctl start ${APACHE_SYSTEMD_SERVICE}'."
++        echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
++        systemctl start "${APACHE_SYSTEMD_SERVICE}"
      else
          unset APACHE_STARTED_BY_SYSTEMD
--        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++        ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
      fi
      ERROR=$?
      ;;
  stop|graceful-stop)
--    $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++    ${HTTPD} ${APACHE_ARGUMENTS} -k "$ARGV"
      ERROR=$?
      ;;
  restart|graceful)
      if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
--        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
++        if need_systemd; then
++            # If running on systemd we should not directly restart httpd since
++            # systemd would be confused about httpd's status.
++            # (See LP: #1832182)
++            echo "Invoking 'systemctl restart ${APACHE_SYSTEMD_SERVICE}'."
++            echo "Use 'systemctl status ${APACHE_SYSTEMD_SERVICE}' for more info."
++            systemctl restart "${APACHE_SYSTEMD_SERVICE}"
++        else
++            unset APACHE_STARTED_BY_SYSTEMD
++            ${HTTPD} ${APACHE_ARGUMENTS} -k "${ARGV}"
++        fi
      else
--        $HTTPD ${APACHE_ARGUMENTS} -t
++        ${HTTPD} ${APACHE_ARGUMENTS} -t
      fi
      ERROR=$?
      ;;
 diff --git a/debian/changelog b/debian/changelog
 index 9683426..ea76682 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,43 @@
++apache2 (2.4.48-3ubuntu1) impish; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles. (LP: 261198)
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++      (LP: 609177)
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
++      d/s/include-binaries: replace Debian with Ubuntu on default
++      page and add Ubuntu icon file.  (LP: 1288690)
++    - d/apache2ctl: Also use systemd for graceful if it is in use.
++      This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.  (LP: 1832182)
++    - d/apache2ctl: Also use /run/systemd to check for systemd usage
++      (LP: 1918209)
++  * Dropped:
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++      [Fixed in 2.4.48-2]
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      [Fixed in 2.4.48-1]
++    - d/p/CVE-2020-13950.patch: don't dereference NULL proxy
++      connection in modules/proxy/mod_proxy_http.c.
++      [Fixed in 2.4.48 upstream]
++    - d/p/CVE-2020-35452.patch: fast validation of the nonce's
++      base64 to fail early if the format can't match anyway in
++      modules/aaa/mod_auth_digest.c.
++      [Fixed in 2.4.48 upstream]
++    - d/p/CVE-2021-26690.patch: save one apr_strtok() in
++      session_identity_decode() in modules/session/mod_session.c.
++      [Fixed in 2.4.48 upstream]
++    - d/p/CVE-2021-26691.patch: account for the '&' in
++      identity_concat() in modules/session/mod_session.c.
++      [Fixed in 2.4.48 upstream]
++    - d/p/CVE-2021-30641.patch: change default behavior in
++      server/request.c.
++      [Fixed in 2.4.48 upstream]
++
++ -- Bryce Harrington <bryce@canonical.com>  Thu, 08 Jul 2021 03:20:46 +0000
++
  apache2 (2.4.48-3) unstable; urgency=medium
    * Fix debian/changelog
@@ -54,6 +94,65 @@ apache2 (2.4.46-5) unstable; urgency=medium
   -- Yadd <yadd@debian.org>  Thu, 10 Jun 2021 11:57:38 +0200
++apache2 (2.4.46-4ubuntu3) impish; urgency=medium
++
++  * No-change rebuild due to OpenLDAP soname bump.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 21 Jun 2021 17:43:48 -0400
++
++apache2 (2.4.46-4ubuntu2) impish; urgency=medium
++
++  * SECURITY UPDATE: mod_proxy_http denial of service.
++    - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
++      connection in modules/proxy/mod_proxy_http.c.
++    - CVE-2020-13950
++  * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
++    - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
++      base64 to fail early if the format can't match anyway in
++      modules/aaa/mod_auth_digest.c.
++    - CVE-2020-35452
++  * SECURITY UPDATE: DoS via cookie header in mod_session
++    - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
++      session_identity_decode() in modules/session/mod_session.c.
++    - CVE-2021-26690
++  * SECURITY UPDATE: heap overflow via SessionHeader
++    - debian/patches/CVE-2021-26691.patch: account for the '&' in
++      identity_concat() in modules/session/mod_session.c.
++    - CVE-2021-26691
++  * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
++    - debian/patches/CVE-2021-30641.patch: change default behavior in
++      server/request.c.
++    - CVE-2021-30641
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 17 Jun 2021 13:09:41 -0400
++
++apache2 (2.4.46-4ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable, to allow moving from lua5.2 to
++    lua5.3 (LP: #1910372). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++    - d/apache2ctl: Also use systemd for graceful if it is in use.
++      This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++  * Drop:
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++      [Included in Debian 2.4.46-3]
++  * d/apache2ctl: Also use /run/systemd to check for systemd usage
++    (LP: #1918209)
++
++ -- Bryce Harrington <bryce@canonical.com>  Tue, 09 Mar 2021 00:45:35 +0000
++
  apache2 (2.4.46-4) unstable; urgency=medium
    * Ignore other random another test failures (Closes: #979664)
@@ -71,6 +170,28 @@ apache2 (2.4.46-3) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Sun, 10 Jan 2021 22:43:21 +0100
++apache2 (2.4.46-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++    - d/apache2ctl: Also use systemd for graceful if it is in use.
++      This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++
++ -- Paride Legovini <paride.legovini@canonical.com>  Mon, 14 Dec 2020 18:12:15 +0100
++
  apache2 (2.4.46-2) unstable; urgency=medium
    [ Jean-Michel Vourgère ]
@@ -92,6 +213,39 @@ apache2 (2.4.46-2) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Fri, 13 Nov 2020 16:59:01 +0100
++apache2 (2.4.46-1ubuntu2) hirsute; urgency=medium
++
++  * d/apache2ctl: Also use systemd for graceful if it is in use.
++    (LP: #1832182)
++    - This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++
++ -- Bryce Harrington <bryce@canonical.com>  Mon, 05 Oct 2020 16:06:32 -0700
++
++apache2 (2.4.46-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++    - d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++      issue reading error log too quickly after request, by adding a sleep.
++      (LP #1890302)
++  * Dropped:
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++      [Unclear if it's still necessary, and upstream hasn't made a
++      release with it yet]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 25 Aug 2020 09:13:38 -0300
++
  apache2 (2.4.46-1) unstable; urgency=medium
    [ Xavier Guimard ]
@@ -108,6 +262,39 @@ apache2 (2.4.46-1) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Sat, 08 Aug 2020 08:33:36 +0200
++apache2 (2.4.43-1ubuntu2) groovy; urgency=medium
++
++  * d/p/t/apache/expr_string.t: Avoid test suite failure due to timing
++    issue reading error log too quickly after request, by adding a sleep.
++    (LP: #1890302)
++
++ -- Bryce Harrington <bryce@canonical.com>  Wed, 05 Aug 2020 12:44:59 -0700
++
++apache2 (2.4.43-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++  * Dropped:
++    - d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
++      parameter to mod_proxy_ajp (LP #1865340)
++      [Fixed upstream]
++    - d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
++      mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
++      Closes #955348, LP #1872478
++      [In 2.4.43-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 21 Jul 2020 10:22:42 -0300
++
  apache2 (2.4.43-1) unstable; urgency=medium
    [ Timo Aaltonen ]
@@ -135,6 +322,39 @@ apache2 (2.4.41-5) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Wed, 18 Mar 2020 21:06:49 +0100
++apache2 (2.4.41-4ubuntu3) focal; urgency=medium
++
++  [ Timo Aaltonen ]
++  * d/p/buffer-http-request-bodies-for-tlsv13.diff, d/p/tlsv13-add-logno.diff:
++    mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
++    Closes: #955348, LP: #1872478
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 13 Apr 2020 14:19:17 -0300
++
++apache2 (2.4.41-4ubuntu2) focal; urgency=medium
++
++  * d/p/mod_proxy_ajp-secret-parameter*.patch: add new "secret"
++    parameter to mod_proxy_ajp (LP: #1865340)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 05 Mar 2020 15:51:00 -0300
++
++apache2 (2.4.41-4ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 26 Feb 2020 10:36:13 -0300
++
  apache2 (2.4.41-4) unstable; urgency=medium
    * Add gcc in chroot autopkgtest (fixes debci)
@@ -159,6 +379,41 @@ apache2 (2.4.41-2) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 13 Jan 2020 06:14:45 +0100
++apache2 (2.4.41-1ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++      + Similarly use TLSv1.2 for pr12355 and pr43738.
++        [Test suite updated in 2.4.41-1]
++    - Cherrypick upstream test suite fix for buffer.
++      [Included in 2.4.41-1]
++    - d/p/spelling-errors.patch: removed hunks already fixed upstream
++      [Included in 2.4.39-1]
++    - Dropped from Ubuntu delta now (removed from Debian since 2.4.39-1):
++      + d/p/CVE-2019-0196.patch
++      + d/p/CVE-2019-0211.patch
++      + d/p/CVE-2019-0215.patch
++      + d/p/CVE-2019-0217.patch
++      + d/p/CVE-2019-0220-*.patch
++      + d/p/CVE-2019-0197.patch
++  * Added:
++    - d/perl-framework/t/modules/allowmethods.t: disable reset test. This
++      was re-added by mistake in 2.4.41-1 (Closes: #921024)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 14 Aug 2019 11:36:32 -0300
++
  apache2 (2.4.41-1) unstable; urgency=medium
    * New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081,
@@ -191,6 +446,62 @@ apache2 (2.4.39-1) unstable; urgency=medium
   -- Xavier Guimard <yadd@debian.org>  Mon, 12 Aug 2019 21:30:33 +0200
++apache2 (2.4.39-0ubuntu1) eoan; urgency=medium
++
++  * New upstream version: 2.4.39
++  * d/p/spelling-errors.patch: removed hunks already fixed upstream
++  * Remaining changes:
++    - Cherrypick upstream test suite fix for buffer.
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped patches (fixed upstream):
++    - d/p/CVE-2019-0196.patch
++    - d/p/CVE-2019-0211.patch
++    - d/p/CVE-2019-0215.patch
++    - d/p/CVE-2019-0217.patch
++    - d/p/CVE-2019-0220-*.patch
++    - d/p/CVE-2019-0197.patch
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 05 Aug 2019 18:09:08 -0300
++
++apache2 (2.4.38-3ubuntu2) eoan; urgency=medium
++
++  * Cherrypick upstream test suite fix for buffer.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 13 Jun 2019 11:08:24 +0100
++
++apache2 (2.4.38-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - Cherrypick upstream testsuite fix:
++      + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++    - Similarly use TLSv1.2 for pr12355 and pr43738.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++      [Removed configure chunk, not needed since configure.in is being
++       patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 10 Jun 2019 19:17:38 +0100
++
  apache2 (2.4.38-3) unstable; urgency=high
    [ Marc Deslauriers ]
@@ -228,6 +539,79 @@ apache2 (2.4.38-3) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Apr 2019 20:15:40 +0200
++apache2 (2.4.38-2ubuntu3) eoan; urgency=medium
++
++  * Cherrypick upstream testsuite fix:
++    - r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation"
++      as such).
++  * Similarly use TLSv1.2 for pr12355 and pr43738.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 07 May 2019 10:39:47 +0100
++
++apache2 (2.4.38-2ubuntu2) disco; urgency=medium
++
++  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
++    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
++      request method in modules/http2/h2_request.c.
++    - CVE-2019-0196
++  * SECURITY UPDATE: privilege escalation from modules' scripts
++    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
++      child to its slot number in include/scoreboard.h,
++      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
++      server/mpm/worker/worker.c.
++    - CVE-2019-0211
++  * SECURITY UPDATE: mod_ssl access control bypass
++    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
++      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
++    - CVE-2019-0215
++  * SECURITY UPDATE: mod_auth_digest access control bypass
++    - debian/patches/CVE-2019-0217.patch: fix a race condition in
++      modules/aaa/mod_auth_digest.c.
++    - CVE-2019-0217
++  * SECURITY UPDATE: URL normalization inconsistincy
++    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
++      the path in include/http_core.h, include/httpd.h, server/core.c,
++      server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
++      in server/request.c, server/util.c.
++    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
++      server/util.c.
++    - CVE-2019-0220
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Apr 2019 14:31:46 -0400
++
++apache2 (2.4.38-2ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++   - debian/patches/086_svn_cross_compiles: Backport several cross
++     fixes from upstream
++     [Removed configure chunk, not needed since configure.in is being
++      patched.]
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Dropped:
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++      [This has been resolved in Disco, where libxmltooling8 is built with
++      openssl 1.1]
++    - SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++      + debian/patches/CVE-2018-11763.patch: rework connection IO event
++        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++        modules/http2/h2_version.h.
++        - CVE-2018-11763
++        [Fixed in 2.4.35]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sun, 03 Feb 2019 14:57:13 -0200
++
  apache2 (2.4.38-2) unstable; urgency=medium
    * Disable "reset" test in allowmethods.t (Closes: #921024)
@@ -310,6 +694,37 @@ apache2 (2.4.35-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Oct 2018 12:54:58 +0200
++apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
++
++  * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++    - debian/patches/CVE-2018-11763.patch: rework connection IO event
++      handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
++      modules/http2/h2_version.h.
++    - CVE-2018-11763
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 09:57:22 -0400
++
++apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++    - d/control, d/rules, d/config-dir/mods-available/md.load: don't build
++      libapache2-mod-md, as that makes apache2-bin pull in libcurl4 which
++      cannot be coinstalled with libcurl3. That situation breaks the
++      installation of libapache2-mod-shib2.  See
++      https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++      for details.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 03 Aug 2018 17:09:27 -0300
++
  apache2 (2.4.34-1) unstable; urgency=medium
    [ Ondřej Surý ]
@@ -328,6 +743,87 @@ apache2 (2.4.34-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 27 Jul 2018 21:37:37 +0200
++apache2 (2.4.33-3ubuntu3) cosmic; urgency=medium
++
++  * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load:
++    re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 28 Jun 2018 10:07:06 -0300
++
++apache2 (2.4.33-3ubuntu2) cosmic; urgency=medium
++
++  * d/control, d/rules: Don't build libapache2-mod-proxy-uwsgi and
++    libapache2-mod-md until we figure out their transitions.  libapache2-mod-md
++    in particular is problematic because that makes apache2-bin pull in
++    libcurl4 which cannot be coinstalled with libcurl3.  That situation breaks
++    the installation of libapache2-mod-shib2.  See
++    https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242/comments/1
++    for details.
++    - Don't ship md.load and remove build-requires that were added because of
++      mod-md (see
++      https://salsa.debian.org/apache-team/apache2/commit/b9d37f2a96da2fd69bf)
++    - Remove proxy_uwsgi.load as we are not building it for now (see
++      https://salsa.debian.org/apache-team/apache2/commit/4e3168562d75ce398b9)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 May 2018 14:46:19 +0000
++
++apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1770242). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - d/t/control, d/t/check-http2: add basic test for http2 support
++  * Drop:
++    - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++      + debian/patches/CVE-2017-15710.patch: fix language long names
++        detection as short name in modules/aaa/mod_authnz_ldap.c.
++      + CVE-2017-15710
++    - SECURITY UPDATE: incorrect <FilesMatch> matching
++      + debian/patches/CVE-2017-15715.patch: allow to configure
++        global/default options for regexes, like caseless matching or
++        extended format in include/ap_regex.h, server/core.c,
++        server/util_pcre.c.
++      + CVE-2017-15715
++    - SECURITY UPDATE: mod_session header manipulation
++      + debian/patches/CVE-2018-1283.patch: strip Session header when
++        SessionEnv is on in modules/session/mod_session.c.
++      + CVE-2018-1283
++    - SECURITY UPDATE: DoS via specially-crafted request
++      + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++        terminated on any error, not only on buffer full in
++        server/protocol.c.
++      + CVE-2018-1301
++    - SECURITY UPDATE: mod_cache_socache DoS
++      + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++        to carriage return in modules/cache/mod_cache_socache.c.
++      + CVE-2018-1303
++    - SECURITY UPDATE: insecure nonce generation
++      + debian/patches/CVE-2018-1312.patch: actually use the secret when
++        generating nonces in modules/aaa/mod_auth_digest.c.
++      + CVE-2018-1312
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++      [type=Forking already in the base systemd service file, and
++       RemainsAfterExit=no is the default value, so no need to
++       customize these anymore.]
++    - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
++      + added debian/patches/util_ldap_cache_lock_fix.patch
++      [Already applied upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 15 May 2018 11:03:34 -0300
++
  apache2 (2.4.33-3) unstable; urgency=medium
    * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
@@ -400,6 +896,91 @@ apache2 (2.4.29-2) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Sun, 14 Jan 2018 11:01:58 +0000
++apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
++    - debian/patches/CVE-2017-15710.patch: fix language long names
++      detection as short name in modules/aaa/mod_authnz_ldap.c.
++    - CVE-2017-15710
++  * SECURITY UPDATE: incorrect <FilesMatch> matching
++    - debian/patches/CVE-2017-15715.patch: allow to configure
++      global/default options for regexes, like caseless matching or
++      extended format in include/ap_regex.h, server/core.c,
++      server/util_pcre.c.
++    - CVE-2017-15715
++  * SECURITY UPDATE: mod_session header manipulation
++    - debian/patches/CVE-2018-1283.patch: strip Session header when
++      SessionEnv is on in modules/session/mod_session.c.
++    - CVE-2018-1283
++  * SECURITY UPDATE: DoS via specially-crafted request
++    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
++      terminated on any error, not only on buffer full in
++      server/protocol.c.
++    - CVE-2018-1301
++  * SECURITY UPDATE: mod_cache_socache DoS
++    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
++      to carriage return in modules/cache/mod_cache_socache.c.
++    - CVE-2018-1303
++  * SECURITY UPDATE: insecure nonce generation
++    - debian/patches/CVE-2018-1312.patch: actually use the secret when
++      generating nonces in modules/aaa/mod_auth_digest.c.
++    - CVE-2018-1312
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Apr 2018 07:38:24 -0400
++
++apache2 (2.4.29-1ubuntu4) bionic; urgency=medium
++
++  * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683)
++    - added debian/patches/util_ldap_cache_lock_fix.patch
++
++ -- Rafael David Tinoco <rafael.tinoco@canonical.com>  Fri, 02 Mar 2018 02:19:31 +0000
++
++apache2 (2.4.29-1ubuntu3) bionic; urgency=medium
++
++  * Switch back to OpenSSL 1.1.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 06 Feb 2018 11:57:20 +0000
++
++apache2 (2.4.29-1ubuntu2) bionic; urgency=medium
++
++  * enable http2 (LP: #1687454) by stopping to disable it
++    - debian/control: no more removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: no more removed.
++    - debian/rules: no more removed proxy_http2 from configure.
++  * d/t/control, d/t/check-http2: add basic test for http2 support
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 05 Dec 2017 17:25:39 +0100
++
++apache2 (2.4.29-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
++    - debian/control: switch BuildDepends to libssl1.0-dev
++    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
++    - debian/rules: remove openssl virtual package and logic
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Nov 2017 10:51:46 -0500
++
  apache2 (2.4.29-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -464,6 +1045,47 @@ apache2 (2.4.27-3) experimental; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 16 Jul 2017 23:11:07 +0200
++apache2 (2.4.27-2ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: optionsbleed information leak
++    - debian/patches/CVE-2017-9798.patch: disallow method registration
++      at run time in server/core.c.
++    - CVE-2017-9798
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Sep 2017 11:05:48 -0400
++
++apache2 (2.4.27-2ubuntu2) artful; urgency=medium
++
++  * Undrop (LP 1658469):
++    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Aug 2017 13:04:45 -0400
++
++apache2 (2.4.27-2ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1702582). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 27 Jul 2017 13:38:39 -0700
++
  apache2 (2.4.27-2) unstable; urgency=medium
    * Switch back to openssl 1.0 for now. The transition to 1.1 needs more
@@ -493,6 +1115,55 @@ apache2 (2.4.25-4) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Tue, 20 Jun 2017 21:31:51 +0200
++apache2 (2.4.25-3ubuntu3) artful; urgency=medium
++
++  * Re-Drop (LP: #1658469):
++    - Don't build experimental http2 module for LTS:
++     + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++     + debian/config-dir/mods-available/http2.load: removed.
++     + debian/rules: removed proxy_http2 from configure.
++     + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 01 May 2017 09:55:11 -0700
++
++apache2 (2.4.25-3ubuntu2) zesty; urgency=medium
++  * Undrop (LP 1658469):
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 10 Feb 2017 08:53:43 -0800
++
++apache2 (2.4.25-3ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1663425). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++      + d/source/include-binaries: add Ubuntu icon file
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++   * Drop (LP: #1658469):
++     - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 09 Feb 2017 15:48:28 -0800
++
  apache2 (2.4.25-3) unstable; urgency=medium
    * Fix detection of systemd to fix 'apache2ctl start' on sysv-init.
@@ -554,6 +1225,39 @@ apache2 (2.4.25-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Wed, 21 Dec 2016 23:46:06 +0100
++apache2 (2.4.23-8ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #). Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
++      d/source/include-binaries: replace Debian with Ubuntu on default
++      page.
++      [ include-binaries change previously undocumented ]
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++      + debian/apache2.maintscript: remove http2 conffile.
++        [ Previously undocumented ]
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++  * Drop:
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    [ Incorrectly indicated as delta, fixed by Debian in 2.4.18-2 ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 09 Dec 2016 11:02:38 +0100
++
  apache2 (2.4.23-8) unstable; urgency=medium
    * Move the mod_ssl_openssl.h header and the dependency on libssl-dev to a
@@ -564,6 +1268,33 @@ apache2 (2.4.23-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 20 Nov 2016 00:33:13 +0100
++apache2 (2.4.23-7ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
++      Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++      + debian/rules: removed proxy_http2 from configure.
++    - Correct systemd-sysv-generator behavior by customizing some
++      parameters:
++      + d/apache2-systemd.conf: add a drop-in file to specify some
++        parameters for the systemd unit (type=Forking and
++        RemainsAfterExit=no), this allow a correct state synchronisation
++        between systemctl status and actual state of apache2 daemon.
++      + d/apache2.install: place the apache2-systemd.conf file in the
++        correct location.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Nov 2016 09:17:24 -0500
++
  apache2 (2.4.23-7) unstable; urgency=medium
    * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
@@ -678,6 +1409,55 @@ apache2 (2.4.20-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 10 Apr 2016 14:03:41 +0200
++apache2 (2.4.18-2ubuntu4) yakkety; urgency=medium
++
++  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
++    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
++      server/util_script.c.
++    - CVE-2016-5387
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 18 Jul 2016 14:32:02 -0400
++
++apache2 (2.4.18-2ubuntu3) xenial; urgency=medium
++
++  [ Ryan Harper ]
++  * Drop /etc/apache2/mods-available/http2.load. This was inadvertently
++    introduced in 2.4.18-2ubuntu1. The intention is to not carry this at
++    all, since http2 support is intentionally disabled (see LP 1531864).
++  * d/apache2.maintscript: handle removal of http2.load conffile.
++
++  [ Robie Basak ]
++  * Re-write Ryan's changelog entry.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 15 Apr 2016 18:00:57 +0000
++
++apache2 (2.4.18-2ubuntu2) xenial; urgency=medium
++
++  * Correct systemd-sysv-generator behavior by customizing some parameters (LP: #1488962)
++    - d/apache2-systemd.conf: add a drop-in file to specify some parameters for the systemd
++      unit (type=Forking and RemainsAfterExit=no), this allow a correct state synchronisation
++      between systemctl status and actual state of apache2 daemon.
++    - d/apache2.install: place the apache2-systemd.conf file in the correct location.
++
++ -- Pierre-André MOREY <pierre-andre.morey@canonical.com>  Fri, 08 Apr 2016 11:48:00 +0200
++
++apache2 (2.4.18-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 06 Apr 2016 00:18:31 +0300
++
  apache2 (2.4.18-2) unstable; urgency=low
    * htcacheclean:
@@ -703,6 +1483,24 @@ apache2 (2.4.18-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 28 Mar 2016 21:58:54 +0200
++apache2 (2.4.18-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Jan 2016 15:15:22 -0500
++
  apache2 (2.4.18-1) unstable; urgency=medium
    * New upstream release:
@@ -710,12 +1508,48 @@ apache2 (2.4.18-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 19 Dec 2015 09:26:14 +0100
++apache2 (2.4.17-3ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 03 Dec 2015 10:07:35 -0500
++
  apache2 (2.4.17-3) unstable; urgency=medium
    * mpm_prefork: Fix segfault if started with -X. Closes: #805737
   -- Stefan Fritsch <sf@debian.org>  Mon, 23 Nov 2015 19:52:09 +0100
++apache2 (2.4.17-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Don't build experimental http2 module for LTS:
++      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
++      + debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Nov 2015 09:11:52 -0500
++
  apache2 (2.4.17-2) unstable; urgency=medium
    * Revert REDIRECT_URL to pre-2.4.17 behavior for now. The change broke
@@ -726,6 +1560,31 @@ apache2 (2.4.17-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 31 Oct 2015 23:17:11 +0100
++apache2 (2.4.17-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++  * Drop patches (applied upstream):
++    - debian/patches/CVE-2015-3183.patch
++    - debian/patches/CVE-2015-3185.patch
++  * Drop changes (adopted in Debian):
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Don't build experimental http2 module for LTS
++    - debian/control: removed libnghttp2-dev Build-Depends (in universe).
++    - debian/config-dir/mods-available/http2.load: removed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 30 Oct 2015 09:35:46 -0400
++
  apache2 (2.4.17-1) unstable; urgency=medium
    [ Stefan Fritsch ]
@@ -791,6 +1650,49 @@ apache2 (2.4.16-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 02 Aug 2015 00:44:07 +0200
++apache2 (2.4.12-2ubuntu2) wily; urgency=medium
++
++  * SECURITY UPDATE: request smuggling via chunked transfer encoding
++    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
++      modules/http/http_filters.c.
++    - CVE-2015-3183
++  * SECURITY UPDATE: access restriction bypass via deprecated API
++    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
++      in include/http_request.h, server/request.c.
++    - CVE-2015-3185
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Jul 2015 09:56:09 -0400
++
++apache2 (2.4.12-2ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - Allow "triggers-awaited" and "triggers-pending" states in addition
++      to "installed" when determining whether to defer actions or
++      process deferred actions.
++  * Drop patches (applied upstream):
++    - d/p/split-logfile.patch
++    - d/p/CVE-2015-0228.patch
++  * Drop changes (superceded in Debian):
++    - Cherry-pick versioned build-depend on dpkg from Debian for correct
++      dpkg-maintscript-helper symlink_to_dir support.
++  * Drop changes (adopted in Debian):
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++  * Fix cross-building configure line in d/rules, which had bit-rotted in
++    previous merges.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 May 2015 16:34:00 +0000
++
  apache2 (2.4.12-2) unstable; urgency=medium
    [ Jean-Michel Nirgal Vourgère ]
@@ -840,6 +1742,28 @@ apache2 (2.4.10-10) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 15 Mar 2015 10:47:36 +0100
++apache2 (2.4.10-9ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
++      denial of service in mod_lua via websockets PING
++  * debian/tests/ssl-passphrase: Add password responder for
++    systemd-ask-passphrase.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 09 Mar 2015 12:03:16 +0100
++
  apache2 (2.4.10-9) unstable; urgency=medium
    * CVE-2014-8109: mod_lua: Fix handling of the Require line when a
@@ -854,6 +1778,54 @@ apache2 (2.4.10-9) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Mon, 22 Dec 2014 20:24:36 +0100
++apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
++
++  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
++    directives
++    - debian/patches/CVE-2014-8109.patch: handle multiple Require
++      directives with different arguments in modules/lua/mod_lua.c.
++    - CVE-2014-8109
++  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
++    - debian/patches/CVE-2015-0228.patch: fix logic in
++      modules/lua/lua_request.c.
++    - CVE-2015-0228
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Mar 2015 10:56:34 -0500
++
++apache2 (2.4.10-8ubuntu2) vivid; urgency=medium
++
++  * Allow "triggers-awaited" and "triggers-pending" states in addition to
++    "installed" when determining whether to defer actions or process
++    deferred actions (LP: #1393832).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 26 Nov 2014 11:31:44 +0000
++
++apache2 (2.4.10-8ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile
++      command.
++  * Fixes from Debian included in merge:
++    - Crash caused by OCSP stapling code; this was erroneously
++      attributed to Debian in my previous merge, but actually only
++      appears in 2.4.10-8; with thanks to Stefan Fritsch (LP: #1366174).
++  * Cherry-pick versioned build-depend on dpkg from Debian for correct
++    dpkg-maintscript-helper symlink_to_dir support.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 21 Nov 2014 15:15:58 +0000
++
  apache2 (2.4.10-8) unstable; urgency=medium
    * Bump dpkg Pre-Depends to version that supports relative symlinks in
@@ -868,6 +1840,33 @@ apache2 (2.4.10-8) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Tue, 18 Nov 2014 15:18:18 +0100
++apache2 (2.4.10-7ubuntu1) vivid; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing
++      DEB_{HOST,BUILD}_GNU_TYPE to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross
++      fixes from upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++  * Fixes from Debian included in merge:
++    - Don't use a2query in preinst, as it may not be available yet
++      (LP: #1312533).
++    - Crash caused by OCSP stapling code (LP: #1366174).
++    - Disable SSLv3 in default config (LP: #1358305).
++    - If apache2 is not configured yet, defer actions executed via
++      apache2-maintscript-helper. This fixes installation failures if a
++      module package is configured first (LP: #1312854).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Mon, 17 Nov 2014 18:04:40 +0000
++
  apache2 (2.4.10-7) unstable; urgency=medium
    * Handle transitions of doc dirs and symlinks correctly during upgrade.
@@ -951,6 +1950,25 @@ apache2 (2.4.10-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 21 Sep 2014 22:58:33 +0200
++apache2 (2.4.10-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install: Plymouth aware passphrase dialog program
++      ask-for-passphrase.
++    - Add dep8 tests.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - d/index.html: replace Debian with Ubuntu on default page.
++    - d/p/split-logfile.patch: fix completely broken split-logfile command.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 24 Jul 2014 15:13:16 +0000
++
  apache2 (2.4.10-1) unstable; urgency=medium
    [ Arno Töll ]
@@ -998,6 +2016,45 @@ apache2 (2.4.9-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 08 Jun 2014 10:38:04 +0200
++apache2 (2.4.9-1ubuntu2) utopic; urgency=medium
++
++  * Revert 2.4.4-6ubuntu3 and build against lua 5.1 again, since Apache doesn't
++    yet support building against lua 5.2 (LP: #1323930).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 28 May 2014 08:55:25 +0000
++
++apache2 (2.4.9-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
++      d/apache2.install, d/tests/ssl-passphrase: Plymouth aware passphrase
++      dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
++      configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
++      upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/tests/ssl-passphrase: update for new default path /var/www/html.
++    - d/tests/duplicate-module-load: check for duplicate module loads.
++    - d/index.html: replace Debian with Ubuntu on default page (LP: #1288690).
++    - d/p/split-logfile.patch: fix completely broken split-logfile command
++      (LP: #1299162). Thanks to Holger Mauermann.
++  * Drop changes (upstreamed):
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++  * d/tests/control: adjust dep8 tests for new "breaks-testbed" facility.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 May 2014 19:30:04 +0000
++
  apache2 (2.4.9-1) unstable; urgency=medium
    * New upstream version.
@@ -1030,6 +2087,63 @@ apache2 (2.4.9-1) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 29 Mar 2014 22:50:32 +0100
++apache2 (2.4.7-1ubuntu4) trusty; urgency=medium
++
++  * d/p/split-logfile.patch: fix completely broken split-logfile command
++    (LP: #1299162). Thanks to Holger Mauermann.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 03 Apr 2014 11:21:22 +0000
++
++apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
++
++  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
++    calculation
++    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
++      in modules/dav/main/util.c.
++    - CVE-2013-6438
++  * SECURITY UPDATE: denial of service via truncated cookie and
++    mod_log_config
++    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
++      modules/loggers/mod_log_config.c.
++    - CVE-2014-0098
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Mar 2014 08:34:10 -0400
++
++apache2 (2.4.7-1ubuntu2) trusty; urgency=medium
++
++  * d/index.html: replace Debian with Ubuntu on default page
++    (LP: #1288690).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 19 Mar 2014 11:04:21 +0000
++
++apache2 (2.4.7-1ubuntu1) trusty; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - d/control, d/config-dir/mods-available/ssl.conf,
++      d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++    - Build using lua5.2.
++    - d/tests/chroot: dep8 test for ChrootDir case.
++    - d/p/ignore-quilt-dir: adjust build system so that it does not use
++      files find inside the .pc directory. This stops a double module load
++      causing later havoc, including "ChrootDir" directive failure.
++  * Drop changes:
++    - debian/{control, rules}: Enable PIE hardening: no longer required;
++      2.4.7-1 is already hardened.
++    - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
++      out of this package.
++  * d/tests/ssl-passphrase: update for new default path /var/www/html.
++  * d/tests/duplicate-module-load: check for duplicate module loads.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Tue, 14 Jan 2014 17:23:47 +0000
++
  apache2 (2.4.7-1) unstable; urgency=low
    New upstream version
@@ -1093,6 +2207,53 @@ apache2 (2.4.6-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 12 Aug 2013 20:15:38 +0200
++apache2 (2.4.6-2ubuntu4) trusty; urgency=low
++
++  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
++    that it does not use files find inside the .pc directory. This stops a
++    double module load causing later havoc, including "ChrootDir" directive
++    failure (LP: #1251939). Thanks to Stefan Fritsch.
++  * d/tests/chroot: dep8 test for ChrootDir case.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 28 Nov 2013 16:21:51 +0000
++
++apache2 (2.4.6-2ubuntu3) trusty; urgency=low
++
++  * debian/apache2.install: Correct path for ufw.
++    (LP: #1252722)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 19 Nov 2013 08:59:54 -0500
++
++apache2 (2.4.6-2ubuntu2) saucy; urgency=low
++
++  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
++    passphrase prompting for SSL certificates that are passphrase protected.
++  * Add dep8 test for SSL passphrase prompting.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 09 Aug 2013 13:08:52 +0000
++
++apache2 (2.4.6-2ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, apache2.install, apache2-utils.ufw.profile,
++      apache2.dirs}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
++    - debian/control, debian/config-dir/mods-available/ssl.conf,
++      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
++      passphrase dialog program ask-for-passphrase.
++    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
++      to configure.
++    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
++      from upstream
++  * Dropped changes:
++    - debian/patches/CVE-2013-1896.patch: upstream
++  * Fixed module dependencies (LP: #1205314)
++    - debian/config-dir/mods-available/lbmethod_*: properly specify
++      proxy_balancer, not mod_proxy_balancer.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 Jul 2013 08:31:33 -0400
++
  apache2 (2.4.6-2) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -1145,6 +2306,56 @@ apache2 (2.4.6-1) unstable; urgency=low
   -- Arno Töll <arno@debian.org>  Sun, 21 Jul 2013 18:44:42 +0200
++apache2 (2.4.4-6ubuntu5) saucy; urgency=low
++
++  * SECURITY UPDATE: denial of service via MERGE request
++    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
++      in modules/dav/main/mod_dav.c.
++    - CVE-2013-1896
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Jul 2013 11:20:47 -0400
++
++apache2 (2.4.4-6ubuntu4) saucy; urgency=low
++
++  * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
++    apache2-bin. apache2-utils is only suggested by apache2, so may not
++    always be installed by bug reporters. However, apache2-bin will always
++    need to be installed for Apache to be functional, so this is a better
++    place for the apport hook. apache2-bin already Conflicts/Replaces
++    apache2.2-common, so this also fixes (LP: #1199318).
++  * d/apache2.py: adjust apport hook for new location of configuration
++    files in apache2 >= 2.4: they have moved from apache2.2-common to
++    apache2.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Wed, 17 Jul 2013 17:54:22 +0000
++
++apache2 (2.4.4-6ubuntu3) saucy; urgency=low
++
++  * Build using lua5.2.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Jul 2013 14:24:42 +0200
++
++apache2 (2.4.4-6ubuntu2) saucy; urgency=low
++
++  * debian/rules: Fix FTBFS while installing ufw.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 10:10:14 -0500
++
++apache2 (2.4.4-6ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
++    - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 02 Jul 2013 08:34:01 -0500
++
  apache2 (2.4.4-6) unstable; urgency=low
    * Denote exact versions breaking gnome-user-share now that Gnome maintainers
@@ -1616,6 +2827,122 @@ apache2 (2.4.1-1) experimental; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 19 Mar 2012 10:46:02 +0100
++apache2 (2.2.22-6ubuntu5) raring; urgency=low
++
++  * SECURITY UPDATE: multiple cross-site scripting issues
++    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
++      modules/generators/{mod_info.c,mod_status.c},
++      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
++      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
++    - CVE-2012-3499
++    - CVE-2012-4558
++  * SECURITY UPDATE: symlink attack in apache2ctl script
++    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
++    - Thanks to Stefan Fritsch for the fix.
++    - CVE-2013-1048
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 15 Mar 2013 07:59:58 -0400
++
++apache2 (2.2.22-6ubuntu4) raring; urgency=low
++
++  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
++  * Skip module sanity check between MPMs if cross-building without the
++    kernel/binfmt support to run our target binaries on the build system.
++  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 05 Dec 2012 02:21:46 -0700
++
++apache2 (2.2.22-6ubuntu3) raring; urgency=low
++
++  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
++    - debian/patches/CVE-2012-2687.patch: escape filenames in
++      modules/mappers/mod_negotiation.c.
++    - CVE-2012-2687
++  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
++    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
++      directive. Defaults to off as enabling compression enables the CRIME
++      attack.
++    - CVE-2012-4929
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 08 Nov 2012 17:56:24 -0500
++
++apache2 (2.2.22-6ubuntu2) quantal; urgency=low
++
++  * debian/apache2.py
++   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
++   - Check if this directory exists: /etc/apache2/sites-enabled/
++
++ -- Matthieu Baerts (matttbe) <matttbe@gmail.com>  Mon, 16 Jul 2012 10:02:18 +0200
++
++apache2 (2.2.22-6ubuntu1) quantal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++  * Dropped changes:
++    - debian/control: Add bzr tag and point it to our tree; this is not
++      really required and just increases the delta.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 08 Jun 2012 11:37:31 +0100
++
++apache2 (2.2.22-6) unstable; urgency=low
++
++  [ Stefan Fritsch ]
++  * Fix regression causing apache2 to cache "206 partial content" responses,
++    and then serving these partial responses when replying to normal requests.
++    Closes: #671204
++  * Add section to security.conf that shows how to forbid access to VCS
++    directories. Closes: #548213
++  * Update ssl default cipher config, add alternative speed optimized config.
++    Closes: #649020
++  * Add "AddCharset" for .brf files in default mod_mime config.
++    Closes: #402567
++  * Don't create httpd.conf anymore and don't include it in apache2.conf. If
++    it contains local modifications, move it to /etc/apache2/conf.d/httpd.conf
++  * Port some of the comments in apache2.conf from the 2.4 package.
++  * Compile mod_version statically, drop associated module load file.
++  * If apache2 is not running, make "/etc/init.d/apache2 reload" skip the
++    configtest.
++  * Note in README.Debian that future versions of the package will have the
++    include statements changed to include only *.conf.
++  * Change compiled-in document root to /var/www, to avoid strange error
++    messages.
++  * Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
++
++  [ Arno Töll ]
++  * Fix apxs to import LDFLAGS from config_vars.mk. Moreover, make it possible
++    to override LDFLAGS at compile time by defining LDLAGS in the environment,
++    just like it is possible for CFLAGS. This also means, config_vars.mk now
++    exports hardening build flags by default.
++  * Update doc-base metadata for the apache2-doc package.
++
++ -- Stefan Fritsch <sf@debian.org>  Tue, 29 May 2012 22:05:48 +0200
++
++apache2 (2.2.22-5) unstable; urgency=low
++
++  * Make LoadFile and LoadModule look in the standard search paths if the
++    dso file name is given as a pure filename. This helps with the multi-arch
++    transition.
++
++ -- Stefan Fritsch <sf@debian.org>  Mon, 30 Apr 2012 23:38:33 +0200
++
++apache2 (2.2.22-4) unstable; urgency=high
++
++  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
++    hosts' config files.
++    If scripting modules like mod_php or mod_rivet are enabled on systems
++    where either 1) some frontend server forwards connections to an apache2
++    backend server on the localhost address, or 2) the machine running
++    apache2 is also used for web browsing, this could allow a remote
++    attacker to execute example scripts stored under /usr/share/doc.
++    Depending on the installed packages, this could lead to issues like cross
++    site scripting, code execution, or leakage of sensitive data.
++
++ -- Stefan Fritsch <sf@debian.org>  Sun, 15 Apr 2012 23:41:43 +0200
++
  apache2 (2.2.22-3) unstable; urgency=low
    * Fix "FTBFS: mkdir: cannot create directory `debian/build-tree/arch':
@@ -1636,6 +2963,18 @@ apache2 (2.2.22-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 15 Mar 2012 00:02:31 +0100
++apache2 (2.2.22-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 12 Feb 2012 20:06:35 -0500
++
  apache2 (2.2.22-1) unstable; urgency=low
     [ Stefan Fritsch ]
@@ -1653,6 +2992,18 @@ apache2 (2.2.22-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 01 Feb 2012 21:49:04 +0100
++apache2 (2.2.21-5ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++
  apache2 (2.2.21-5) unstable; urgency=low
    [ Arno Töll ]
@@ -1706,6 +3057,26 @@ apache2 (2.2.21-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 29 Dec 2011 12:09:14 +0100
++apache2 (2.2.21-3ubuntu2) precise; urgency=low
++
++  * d/ask-for-passphrase: Flip the logic of this script so that it checks
++    first to see if apache is being started from a TTY, and then if not,
++    tries plymouth. (LP: #887410)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 06 Dec 2011 16:49:33 -0800
++
++apache2 (2.2.21-3ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 05:20:43 +0000
++
  apache2 (2.2.21-3) unstable; urgency=medium
    * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
@@ -1720,6 +3091,24 @@ apache2 (2.2.21-3) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 03 Dec 2011 18:54:03 +0100
++apache2 (2.2.21-2ubuntu2) precise; urgency=low
++
++  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 02 Dec 2011 17:36:28 -0700
++
++apache2 (2.2.21-2ubuntu1) precise; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 14 Oct 2011 16:01:29 +0000
++
  apache2 (2.2.21-2) unstable; urgency=high
    * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
@@ -1737,6 +3126,19 @@ apache2 (2.2.21-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 26 Sep 2011 18:16:11 +0200
++apache2 (2.2.20-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
++    Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 06 Sep 2011 01:17:15 -0700
++
  apache2 (2.2.20-1) unstable; urgency=low
    * New upstream release.
@@ -1759,6 +3161,18 @@ apache2 (2.2.19-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 29 Aug 2011 17:08:17 +0200
++apache2 (2.2.19-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable (LP: #787013). Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Andres Rodriguez <andreserl@ubuntu.com>  Mon, 23 May 2011 10:16:09 -0400
++
  apache2 (2.2.19-1) unstable; urgency=low
    * New upstream release.
@@ -1776,6 +3190,18 @@ apache2 (2.2.19-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 22 May 2011 10:21:21 +0200
++apache2 (2.2.17-3ubuntu1) oneiric; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 11 Apr 2011 02:13:30 +0100
++
  apache2 (2.2.17-3) unstable; urgency=low
    * Fix compilation with OpenSSL without SSLv2 support. Closes: #622049
@@ -1802,6 +3228,18 @@ apache2 (2.2.17-2) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 21 Mar 2011 23:01:17 +0100
++apache2 (2.2.17-1ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 22 Feb 2011 13:02:08 -0500
++
  apache2 (2.2.17-1) unstable; urgency=low
    * New upstream version
@@ -1810,6 +3248,32 @@ apache2 (2.2.17-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 15 Feb 2011 23:30:18 +0100
++apache2 (2.2.16-6ubuntu3) natty; urgency=low
++
++  * debian/rules: Don't use "-fno-strict-aliasing" since it causes
++    apache FTBFS on amd64. (LP: #711293)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 01 Feb 2011 10:19:55 -0500
++
++apache2 (2.2.16-6ubuntu2) natty; urgency=low
++
++  * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
++   (LP: #697105)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 25 Jan 2011 11:14:58 -0500
++
++apache2 (2.2.16-6ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sun, 02 Jan 2011 06:05:51 +0000
++
  apache2 (2.2.16-6) unstable; urgency=low
    * Also add $named to the secondary-init-script example.
@@ -1825,6 +3289,30 @@ apache2 (2.2.16-5) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Fri, 31 Dec 2010 01:22:19 +0100
++apache2 (2.2.16-4ubuntu2) natty; urgency=low
++
++  [Clint Byrum]
++  * Adding plymouth aware passphrase dialog program ask-for-passphrase.
++    (LP: #582963)
++    + debian/control: apache2.2-common depends on bash for ask-for-passphrase
++    + debian/config-dir/mods-available/ssl.conf:
++      - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase
++
++  [Chuck Short]
++  * Add apport hook. (LP: #609177)
++    + debian/apache2.py, debian/apache2.2-common.install
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:43 -0500
++
++apache2 (2.2.16-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 22 Nov 2010 09:43:41 -0500
++
  apache2 (2.2.16-4) unstable; urgency=medium
    * Increase the mod_reqtimeout default timeouts to avoid potential problems
@@ -1835,6 +3323,15 @@ apache2 (2.2.16-4) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Nov 2010 19:05:55 +0100
++apache2 (2.2.16-3ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 12 Oct 2010 11:54:48 +0100
++
  apache2 (2.2.16-3) unstable; urgency=high
    * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
@@ -1857,6 +3354,30 @@ apache2 (2.2.16-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 29 Aug 2010 15:29:21 +0200
++apache2 (2.2.16-1ubuntu3) maverick; urgency=low
++
++  * Revert "stty sane" to unbreak apache starting, this will have to be
++    fixed a different way. (LP: #626723)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 08 Sep 2010 08:33:17 -0400
++
++apache2 (2.2.16-1ubuntu2) maverick; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
++    password prompt when using apache-ssl. (LP: #582963)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 25 Aug 2010 09:25:05 -0400
++
++apache2 (2.2.16-1ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Jul 2010 20:21:37 +0100
++
  apache2 (2.2.16-1) unstable; urgency=medium
    * Urgency medium for security fix.
@@ -1889,6 +3410,24 @@ apache2 (2.2.15-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jul 2010 23:41:08 +0200
++apache2 (2.2.15-5ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++    - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
++    + Dropped:
++      - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
++      - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed.
++      - debian/config-dir/apache2.conf: Merged back from debian.
++      - mod-reqtimeout functionality: Merge back from debian.
++      - debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
++      - debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
++      - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 May 2010 01:28:04 +0100
++
  apache2 (2.2.15-5) unstable; urgency=low
    * Conflict with apache package as we now include apachectl. Closes: #579065
@@ -2009,6 +3548,80 @@ apache2 (2.2.14-6) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 07 Feb 2010 17:29:45 +0100
++apache2 (2.2.14-5ubuntu8) lucid; urgency=low
++
++  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
++    (LP: #562370)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 13 Apr 2010 15:09:57 -0400
++
++apache2 (2.2.14-5ubuntu7) lucid; urgency=low
++
++  * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
++    leaks by making sure to not destroy bucket brigades that have been created
++    by earlier filters. Backported from 2.2.15.
++  * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
++    has reached MaxClients until it has. Backported from 2.2.15
++  * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
++    more secure by adding Satisfy all. (Debian bug: #572075)
++  * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
++    debian/config2-dir/mods-available/reqtimeout.load,
++    debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
++    mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
++    bug in apache. Enable it by default. (LP: #392759)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 05 Apr 2010 09:53:35 -0400
++
++apache2 (2.2.14-5ubuntu6) lucid; urgency=low
++
++  * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 09:41:11 -0400
++
++apache2 (2.2.14-5ubuntu5) lucid; urgency=low
++
++  * Revert 99-fix-mod-dav-permissions.dpatch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 30 Mar 2010 07:55:46 -0400
++
++apache2 (2.2.14-5ubuntu4) lucid; urgency=low
++
++  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when
++    downloading files from webdav (LP: #540747)
++  * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 29 Mar 2010 13:37:39 -0400
++
++apache2 (2.2.14-5ubuntu3) lucid; urgency=low
++
++  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
++    - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
++      in modules/proxy/mod_proxy_ajp.c.
++    - CVE-2010-0408
++  * SECURITY UPDATE: information disclosure via improper handling of
++    headers in subrequests
++    - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
++      in server/protocol.c.
++    - CVE-2010-0434
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Mar 2010 14:48:48 -0500
++
++apache2 (2.2.14-5ubuntu2) lucid; urgency=low
++
++  * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really
++    wacky options. (LP: #450501)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 08 Mar 2010 14:53:17 -0500
++
++apache2 (2.2.14-5ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing.  Remaining changes: LP: #506862
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Wed, 13 Jan 2010 14:28:41 +0530
++
  apache2 (2.2.14-5) unstable; urgency=low
    * Security: Further mitigation for the TLS renegotation attack
@@ -2032,6 +3645,15 @@ apache2 (2.2.14-5) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sat, 02 Jan 2010 22:44:15 +0100
++apache2 (2.2.14-4ubuntu1) lucid; urgency=low
++
++  * Resynchronzie with Debian, remaining changes are:
++   - debian/{control, rules}: Enable PIE hardening.
++   - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++   - debian/control: Add bzr tag and point it to our tree.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 23 Dec 2009 14:44:51 -0500
++
  apache2 (2.2.14-4) unstable; urgency=low
    * Disable localized error pages again by default because they break
@@ -2082,6 +3704,17 @@ apache2 (2.2.14-2) unstable; urgency=medium
   -- Stefan Fritsch <sf@debian.org>  Sat, 07 Nov 2009 14:37:37 +0100
++apache2 (2.2.14-1ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing, remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/conrol: Add bzr tag and point it to our tree.
++    - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++      Already applied upstream.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Nov 2009 00:29:03 +0000
++
  apache2 (2.2.14-1) unstable; urgency=low
    * New upstream version:
@@ -2116,6 +3749,24 @@ apache2 (2.2.13-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Mon, 31 Aug 2009 20:28:56 +0200
++apache2 (2.2.12-1ubuntu2) karmic; urgency=low
++
++  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
++    - Fix potential segfaults with the use of the legacy ap_rputs() etc
++      interfaces, in cases where an output filter fails. This happens
++      frequently after CVE-2009-1891 got fixed. (LP: #409987)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Aug 2009 15:38:47 -0400
++
++apache2 (2.2.12-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++    - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 04 Aug 2009 20:04:24 +0100
++
  apache2 (2.2.12-1) unstable; urgency=low
    * New upstream release:
@@ -2163,6 +3814,16 @@ apache2 (2.2.12-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 04 Aug 2009 11:02:34 +0200
++apache2 (2.2.11-7ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes: LP: #398130
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 11 Jul 2009 16:34:32 +0530
++
  apache2 (2.2.11-7) unstable; urgency=low
    * Security fixes:
@@ -2177,6 +3838,16 @@ apache2 (2.2.11-7) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 10 Jul 2009 22:42:57 +0200
++apache2 (2.2.11-6ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 09 Jun 2009 01:01:23 +0100
++
  apache2 (2.2.11-6) unstable; urgency=high
    * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
@@ -2185,6 +3856,16 @@ apache2 (2.2.11-6) unstable; urgency=high
   -- Stefan Fritsch <sf@debian.org>  Mon, 08 Jun 2009 19:22:58 +0200
++apache2 (2.2.11-5ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Wed, 03 Jun 2009 14:10:54 +1200
++
  apache2 (2.2.11-5) unstable; urgency=low
    * Move all binaries into a new package apache2.2-bin and make
@@ -2233,6 +3914,16 @@ apache2 (2.2.11-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 19 May 2009 22:55:27 +0200
++apache2 (2.2.11-3ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++      Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Andrew Mitchell <ajmitch@ubuntu.com>  Tue, 12 May 2009 16:15:34 +1200
++
  apache2 (2.2.11-3) unstable; urgency=low
    * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
@@ -2241,6 +3932,21 @@ apache2 (2.2.11-3) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Tue, 31 Mar 2009 21:07:26 +0200
++apache2 (2.2.11-2ubuntu2) jaunty; urgency=low
++
++  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
++    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 01 Apr 2009 11:39:17 -0400
++
++apache2 (2.2.11-2ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{contro,rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Sat, 17 Jan 2009 00:02:55 +0000
++
  apache2 (2.2.11-2) unstable; urgency=low
    * Report an error instead instead of segfaulting when apr_pollset_create
@@ -2250,6 +3956,14 @@ apache2 (2.2.11-2) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Fri, 16 Jan 2009 19:01:59 +0100
++apache2 (2.2.11-1ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 15 Dec 2008 00:06:50 +0000
++
  apache2 (2.2.11-1) unstable; urgency=low
    [Thom May]
@@ -2264,6 +3978,14 @@ apache2 (2.2.11-1) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 14 Dec 2008 09:34:24 +0100
++apache2 (2.2.9-11ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes: (LP: #303375)
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 29 Nov 2008 14:02:31 +0530
++
  apache2 (2.2.9-11) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy:
@@ -2278,6 +4000,14 @@ apache2 (2.2.9-11) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Wed, 26 Nov 2008 23:10:22 +0100
++apache2 (2.2.9-10ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control, rules}: enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 05 Nov 2008 02:23:18 -0400
++
  apache2 (2.2.9-10) unstable; urgency=low
    * Regression fix from upstream svn for mod_proxy_http:
@@ -2308,6 +4038,27 @@ apache2 (2.2.9-8) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Thu, 11 Sep 2008 09:17:33 +0200
++apache2 (2.2.9-7ubuntu3) intrepid; urgency=low
++
++  * Revert logrotate change since it will break it for everyone.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 19 Sep 2008 09:32:01 -0400
++
++apache2 (2.2.9-7ubuntu2) intrepid; urgency=low
++
++  * debian/logrotate: Restart rather than reload for busy websites.
++    (LP: #270899)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 18 Sep 2008 08:42:22 -0400
++
++apache2 (2.2.9-7ubuntu1) intrepid; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/{control,rules}: enable PIE hardening.
++    - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 28 Aug 2008 08:10:59 -0700
++
  apache2 (2.2.9-7) unstable; urgency=low
    * Fix XSS in mod_proxy_ftp (CVE-2008-2939).
@@ -2350,6 +4101,23 @@ apache2 (2.2.9-4) unstable; urgency=low
   -- Stefan Fritsch <sf@debian.org>  Sun, 06 Jul 2008 10:38:37 +0200
++apache2 (2.2.9-3ubuntu2) intrepid; urgency=low
++
++  * add ufw integration (see
++    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
++    (LP: #261198)
++    - debian/control: suggest ufw for apache2.2-common
++    - add apache2.2-common.ufw.profile with 3 profiles and install it to
++      /etc/ufw/applications.d/apache2.2-common
++
++ -- Didier Roche <didrocks@ubuntu-fr.org>  Tue, 26 Aug 2008 19:03:42 +0200
++
++apache2 (2.2.9-3ubuntu1) intrepid; urgency=low
++
++  * debian/{control,rules}: enable PIE hardening
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 20 Aug 2008 15:45:00 -0700
++
  apache2 (2.2.9-3) unstable; urgency=low
    [ Stefan Fritsch ]
@@ -3920,9 +5688,7 @@ apache2 (2.0.37-1) unstable; urgency=low
   -- Thom May <thom@debian.org>  Thu, 13 Jun 2002 17:47:12 +0100
  apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low
--
    * New upstream release
--
   -- Thom May <thom@debian.org>  Wed,  5 Jun 2002 12:42:34 +0100
  apache2 (2.0.36-2) unstable; urgency=low
@@ -4430,3 +6196,4 @@ apache2 (2.0.18-1) unstable; urgency=low
    * Initial Release.
   -- Daniel Stone <daniel@sfarc.net>  Wed,  4 Jul 2001 21:29:29 +1000
++
 diff --git a/debian/control b/debian/control
 index ac67128..c12b174 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,5 +1,6 @@
  Source: apache2
--Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
  Uploaders: Stefan Fritsch <sf@debian.org>,
             Arno Töll <arno@debian.org>,
             Ondřej Surý <ondrej@debian.org>,
@@ -44,7 +45,8 @@ Depends: apache2-bin (= ${binary:Version}),
  Recommends: ssl-cert
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
--          www-browser
++          www-browser,
++          ufw
  Pre-Depends: dpkg (>= 1.17.14),
               ${misc:Pre-Depends}
  Breaks: libapache2-mod-proxy-uwsgi (<< 2.4.33)
 diff --git a/debian/icons/ubuntu-logo.png b/debian/icons/ubuntu-logo.png
 new file mode 100644
 index 0000000..4db2fa1
 Binary files /dev/null and b/debian/icons/ubuntu-logo.png differ
 diff --git a/debian/index.html b/debian/index.html
 index 766401d..96ed444 100644
 --- a/debian/index.html
 +++ b/debian/index.html
@@ -1,9 +1,14 @@
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
++  <!--
++    Modified from the Debian original for Ubuntu
++    Last updated: 2016-11-16
++    See: https://launchpad.net/bugs/1288690
++  -->
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
--    <title>Apache2 Debian Default Page: It works</title>
++    <title>Apache2 Ubuntu Default Page: It works</title>
      <style type="text/css" media="screen">
    * {
      margin: 0px 0px 0px 0px;
@@ -188,9 +193,9 @@
    <body>
      <div class="main_page">
        <div class="page_header floating_element">
--        <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>
++        <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
          <span class="floating_element">
--          Apache2 Debian Default Page
++          Apache2 Ubuntu Default Page
          </span>
        </div>
  <!--      <div class="table_of_contents floating_element">
@@ -221,7 +226,9 @@
          <div class="content_section_text">
            <p>
                  This is the default welcome page used to test the correct
--                operation of the Apache2 server after installation on Debian systems.
++                operation of the Apache2 server after installation on Ubuntu systems.
++                It is based on the equivalent page on Debian, from which the Ubuntu Apache
++                packaging is derived.
                  If you can read this page, it means that the Apache HTTP server installed at
                  this site is working properly. You should <b>replace this file</b> (located at
                  <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
@@ -242,9 +249,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Debian's Apache2 default configuration is different from the
++                Ubuntu's Apache2 default configuration is different from the
                  upstream default configuration, and split into several files optimized for
--                interaction with Debian tools. The configuration system is
++                interaction with Ubuntu tools. The configuration system is
                  <b>fully documented in
                  /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
                  documentation. Documentation for the web server itself can be
@@ -253,7 +260,7 @@
            </p>
            <p>
--                The configuration layout for an Apache2 web server installation on Debian systems is as follows:
++                The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
            </p>
            <pre>
  /etc/apache2/
@@ -324,7 +331,7 @@
          <div class="content_section_text">
              <p>
--                By default, Debian does not allow access through the web browser to
++                By default, Ubuntu does not allow access through the web browser to
                  <em>any</em> file apart of those located in <tt>/var/www</tt>,
                  <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
                  directories (when enabled) and <tt>/usr/share</tt> (for web
@@ -333,7 +340,7 @@
                  document root directory in <tt>/etc/apache2/apache2.conf</tt>.
              </p>
              <p>
--                The default Debian document root is <tt>/var/www/html</tt>. You
++                The default Ubuntu document root is <tt>/var/www/html</tt>. You
                  can make your own virtual hosts under /var/www. This is different
                  to previous releases which provides better security out of the box.
              </p>
@@ -345,9 +352,9 @@
          </div>
          <div class="content_section_text">
            <p>
--                Please use the <tt>reportbug</tt> tool to report bugs in the
--                Apache2 package with Debian. However, check <a
--                href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"
++                Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
++                Apache2 package with Ubuntu. However, check <a
++                href="https://bugs.launchpad.net/ubuntu/+source/apache2"
                  rel="nofollow">existing bug reports</a> before reporting a new bug.
            </p>
            <p>
 diff --git a/debian/source/include-binaries b/debian/source/include-binaries
 index d617b1d..823d9c0 100644
 --- a/debian/source/include-binaries
 +++ b/debian/source/include-binaries
@@ -17,6 +17,7 @@ debian/icons/odf6otp-20x22.png
  debian/icons/odf6ots-20x22.png
  debian/icons/odf6ott-20x22.png
  debian/icons/openlogo-75.png
++debian/icons/ubuntu-logo.png
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/index.shtml
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/info.php
  debian/perl-framework/t/htdocs/apache/acceptpathinfo/off/index.shtml

Ubuntuapache2 package

Merge ~bryce/ubuntu/+source/apache2:merge-v2.4.48-3-impish into ubuntu/+source/apache2:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
apache2 package