Ubuntu
apache2 package

Merge ~bryce/ubuntu/+source/apache2:sru-lp1832182-graceful-revert-bionic into ubuntu/+source/apache2:ubuntu/devel

Proposed by Bryce Harrington on 2021-11-18

Status:	Merged
Merge reported by:	Bryce Harrington
Merged at revision:	95c238eedea3c6b7d877857d522e03f2d4e8e951
Proposed branch:	~bryce/ubuntu/+source/apache2:sru-lp1832182-graceful-revert-bionic
Merge into:	ubuntu/+source/apache2:ubuntu/devel
Diff against target:	22219 lines (+21167/-0) (has conflicts) 81 files modified debian/NEWS (+12/-0) debian/apache2-systemd.conf (+3/-0) debian/apache2.dirs (+4/-0) debian/apache2.install (+4/-0) debian/changelog (+249/-0) debian/control (+16/-0) debian/patches/086_svn_cross_compiles (+118/-0) debian/patches/CVE-2017-15710.patch (+24/-0) debian/patches/CVE-2017-15715.patch (+192/-0) debian/patches/CVE-2018-1283.patch (+28/-0) debian/patches/CVE-2018-1301.patch (+200/-0) debian/patches/CVE-2018-1303.patch (+17/-0) debian/patches/CVE-2018-1312.patch (+403/-0) debian/patches/CVE-2018-17199.patch (+85/-0) debian/patches/CVE-2019-0211.patch (+249/-0) debian/patches/CVE-2019-0217.patch (+147/-0) debian/patches/CVE-2019-0220-1.patch (+259/-0) debian/patches/CVE-2019-0220-2.patch (+50/-0) debian/patches/CVE-2019-0220-3.patch (+43/-0) debian/patches/CVE-2019-10092-1.patch (+245/-0) debian/patches/CVE-2019-10092-2.patch (+45/-0) debian/patches/CVE-2019-10098.patch (+159/-0) debian/patches/CVE-2020-11993-pre1.patch (+406/-0) debian/patches/CVE-2020-11993.patch (+1905/-0) debian/patches/CVE-2020-1927-1.patch (+93/-0) debian/patches/CVE-2020-1927-2.patch (+99/-0) debian/patches/CVE-2020-1934.patch (+103/-0) debian/patches/CVE-2020-35452.patch (+51/-0) debian/patches/CVE-2020-9490.patch (+436/-0) debian/patches/CVE-2021-26690.patch (+25/-0) debian/patches/CVE-2021-26691.patch (+39/-0) debian/patches/CVE-2021-30641.patch (+60/-0) debian/patches/CVE-2021-33193-pre1.patch (+175/-0) debian/patches/CVE-2021-33193-pre2.patch (+521/-0) debian/patches/CVE-2021-33193.patch (+197/-0) debian/patches/CVE-2021-34798.patch (+6/-0) debian/patches/CVE-2021-39275.patch (+4/-0) debian/patches/CVE-2021-40438-2.patch (+4/-0) debian/patches/CVE-2021-40438-3.patch (+8/-0) debian/patches/CVE-2021-40438-pre1.patch (+16/-0) debian/patches/CVE-2021-40438.patch (+12/-0) debian/patches/balance-member-long-hostname-part1.patch (+30/-0) debian/patches/balance-member-long-hostname-part2.patch (+430/-0) debian/patches/clear-retry-flags-before-abort.patch (+67/-0) debian/patches/disable-ssl-1.1.1-auto-retry.patch (+41/-0) debian/patches/includeoptional-ignore-non-existent.patch (+61/-0) debian/patches/mod_http2-1.14.1-backport-0001-On-the-2.4.x-branch.patch (+192/-0) debian/patches/mod_http2-1.14.1-backport-0002-On-the-2.4.x-branch.patch (+73/-0) debian/patches/mod_http2-1.14.1-backport-0003-On-the-2.4.x-branch.patch (+29/-0) debian/patches/mod_http2-1.14.1-backport-0004-docco-fix.-correct-license-copyright-info.patch (+640/-0) debian/patches/mod_http2-1.14.1-backport-0005-Merge-r1818804-r1818951-r1818958-r1818960-r1819027-r.patch (+263/-0) debian/patches/mod_http2-1.14.1-backport-0006-On-the-2.4.x-branch-CVE-2018-1302.patch (+1530/-0) debian/patches/mod_http2-1.14.1-backport-0008-Merge-r1822849-r1822858-r1822878-r1822879-r1822883-r.patch (+298/-0) debian/patches/mod_http2-1.14.1-backport-0009-Merge-r1828879-from-trunk-CVE-2018-1333.patch (+65/-0) debian/patches/mod_http2-1.14.1-backport-0010-Merge-r1826687-r1827166-r1828210-r1828232-r1828687-f.patch (+563/-0) debian/patches/mod_http2-1.14.1-backport-0011-Merge-r1830562-from-trunk.patch (+108/-0) debian/patches/mod_http2-1.14.1-backport-0012-fix-a-potential-NULL-dereference-spotted-by-gcc-8.1..patch (+114/-0) debian/patches/mod_http2-1.14.1-backport-0013-Merge-r1837056-from-trunk.patch (+265/-0) debian/patches/mod_http2-1.14.1-backport-0014-Merge-r1840010-from-trunk-CVE-2018-11763.patch (+527/-0) debian/patches/mod_http2-1.14.1-backport-0015-Merge-r1835118-from-trunk.patch (+325/-0) debian/patches/mod_http2-1.14.1-backport-0016-Merge-r1843426-from-trunk.patch (+110/-0) debian/patches/mod_http2-1.14.1-backport-0017-Merge-of-r1846125-from-trunk-CVE-2018-17189.patch (+77/-0) debian/patches/mod_http2-1.14.1-backport-0018-Merge-of-r1852986-from-trunk-CVE-2019-0196.patch (+30/-0) debian/patches/mod_http2-1.14.1-backport-0019-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch (+159/-0) debian/patches/mod_http2-1.14.1-backport-0020-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch (+671/-0) debian/patches/mod_http2-1.14.1-backport-0021-Merge-of-1849296-1852038-1852101-1852339-1853171-185.patch (+4605/-0) debian/patches/mod_http2-1.14.1-backport-0022-adjust-per-r1855434.patch (+98/-0) debian/patches/mod_http2-1.15.4-backport-0001.patch (+128/-0) debian/patches/mod_http2-1.15.4-backport-0002.patch (+223/-0) debian/patches/mod_http2-1.15.4-backport-0003.patch (+74/-0) debian/patches/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch (+922/-0) debian/patches/mod_http2-1.15.4-backport-0005.patch (+37/-0) debian/patches/series (+105/-0) debian/patches/ssl-read-rc-value-openssl-1.1.1.patch (+110/-0) debian/patches/tlsv1.3-support-2.patch (+152/-0) debian/patches/tlsv1.3-support-3.patch (+37/-0) debian/patches/tlsv1.3-support-4.patch (+37/-0) debian/patches/tlsv1.3-support-5.patch (+298/-0) debian/patches/tlsv1.3-support.patch (+909/-0) debian/patches/util_ldap_cache_lock_fix.patch (+48/-0) debian/source/include-binaries (+4/-0) Conflict in debian/apache2.dirs Conflict in debian/apache2.install Conflict in debian/changelog Conflict in debian/control Conflict in debian/patches/CVE-2021-33193.patch Conflict in debian/patches/CVE-2021-34798.patch Conflict in debian/patches/CVE-2021-39275.patch Conflict in debian/patches/CVE-2021-40438-2.patch Conflict in debian/patches/CVE-2021-40438-3.patch Conflict in debian/patches/CVE-2021-40438-pre1.patch Conflict in debian/patches/CVE-2021-40438.patch Conflict in debian/patches/series Conflict in debian/source/include-binaries
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Christian Ehrhardt  (community)	2021-11-18	Approve on 2021-11-19
Canonical Server	2021-11-18	Pending
Review via email: mp+412056@code.launchpad.net

Description of the change

This reverts an SRU fix that was reported to have a performance impact reported by focal users when supporting large numbers of vhosts. We reverted this in focal a few weeks ago and there's been no feedback regarding problems, so it's probably worth doing the same revert to the other releases.

After that, the plan will be to focus on a fix just for jammy, and then also get it accepted into Debian. After that we can evaluate whether or not to try SRUing again.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/apache2-sru-lp1832182-graceful-revert

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-11-19:

Again wrong target branch, but ok from git.

This revert is different than the one for H/I releases.
But that is intentional and ok as the change to Bionic was different when it was applied.

We are - as intended - back on the level of 2.4.29-1ubuntu4.18

$ git diff 0697199b656c588c0a7fdc80055795b9a837300c -- debian/ | diffstat
changelog | 17 +++++++++++++++++
1 file changed, 17 insertions(+)

LGTM
thanks!

review: Approve

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-11-23:

Thanks Christian, I've uploaded the reverts. Sorry for the mistargeted branches.

I'll be keeping an eye on the uploads since with apache2 in focal we saw a ton of flaky test failures.

$ dput ubuntu ../apache2_2.4.29-1ubuntu4.20_source.changes
Checking signature on .changes
gpg: ../apache2_2.4.29-1ubuntu4.20_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: ../apache2_2.4.29-1ubuntu4.20.dsc: Valid signature from E603B2578FB8F0FB
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apache2_2.4.29-1ubuntu4.20.dsc: done.
  Uploading apache2_2.4.29-1ubuntu4.20.debian.tar.xz: done.
  Uploading apache2_2.4.29-1ubuntu4.20_source.buildinfo: done.
  Uploading apache2_2.4.29-1ubuntu4.20_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Bryce Harrington

git-ubuntu developers

 diff --git a/debian/NEWS b/debian/NEWS
 new file mode 100644
 index 0000000..db737ef
 --- /dev/null
 +++ b/debian/NEWS
@@ -0,0 +1,12 @@
++apache2 (2.4.29-1ubuntu4.10) bionic-security; urgency=medium
++
++  - To address HTTP/2 issues CVE-2019-9517, CVE-2019-0197,
++    CVE-2019-10081, and CVE-2019-10082, mod_http2 from 2.4.41 (aka
++    v1.15.4) was backported into this release of apache2, which
++    includes additional bug fixes as well.
++
++  - For CVE-2019-10098, PCRE_DOTALL flag is by default by default to
++    avoid unpredictable matches and substitutions with encoded line
++    break characters mod_rewrite and the apache core.
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 26 Aug 2019 06:41:43 -0700
 diff --git a/debian/apache2-systemd.conf b/debian/apache2-systemd.conf
 new file mode 100644
 index 0000000..b031203
 --- /dev/null
 +++ b/debian/apache2-systemd.conf
@@ -0,0 +1,3 @@
++[Service]
++Type=forking
++RemainAfterExit=no
 diff --git a/debian/apache2.dirs b/debian/apache2.dirs
 index 1aa6d3c..fed7c9e 100644
 --- a/debian/apache2.dirs
 +++ b/debian/apache2.dirs
@@ -10,4 +10,8 @@ var/cache/apache2/mod_cache_disk
  var/lib/apache2
  var/log/apache2
  var/www/html
++<<<<<<< debian/apache2.dirs
++=======
++usr/share/bug/apache2
++>>>>>>> debian/apache2.dirs
  /etc/ufw/applications.d/apache2
 diff --git a/debian/apache2.install b/debian/apache2.install
 index 92865fc..3d076c5 100644
 --- a/debian/apache2.install
 +++ b/debian/apache2.install
@@ -9,3 +9,7 @@ debian/config-dir/envvars			/etc/apache2
  debian/config-dir/magic				/etc/apache2
  debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
  debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
++<<<<<<< debian/apache2.install
++=======
++debian/apache2-systemd.conf /lib/systemd/system/apache2.service.d/
++>>>>>>> debian/apache2.install
 diff --git a/debian/changelog b/debian/changelog
 index 0dbb7c5..27857c7 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,4 +1,25 @@
++<<<<<<< debian/changelog
  apache2 (2.4.48-3.1ubuntu3) impish; urgency=medium
++=======
++apache2 (2.4.29-1ubuntu4.20) bionic; urgency=medium
++
++  * Revert fix from 2.4.29-1ubuntu4.19, due to performance regression.
++    (LP 1832182)
++
++ -- Bryce Harrington <bryce@canonical.com>  Sun, 14 Nov 2021 23:52:18 +0000
++
++apache2 (2.4.29-1ubuntu4.19) bionic; urgency=medium
++
++  * d/apache2ctl: Also use systemd for graceful if it is in use.
++    (LP: #1832182)
++    - This extends an earlier fix for the start command to behave
++      similarly for restart / graceful.  Fixes service failures on
++      unattended upgrade.
++
++ -- Bryce Harrington <bryce@canonical.com>  Tue, 28 Sep 2021 22:27:27 +0000
++
++apache2 (2.4.29-1ubuntu4.18) bionic-security; urgency=medium
++>>>>>>> debian/changelog
    * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311)
      - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
@@ -7,11 +28,31 @@ apache2 (2.4.48-3.1ubuntu3) impish; urgency=medium
        hostname in modules/mappers/mod_rewrite.c,
        modules/proxy/proxy_util.c.
++<<<<<<< debian/changelog
   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 28 Sep 2021 08:52:26 -0400
  apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
    * SECURITY UPDATE: request splitting over HTTP/2
++=======
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 28 Sep 2021 07:01:16 -0400
++
++apache2 (2.4.29-1ubuntu4.17) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: request splitting over HTTP/2
++    - debian/patches/CVE-2021-33193-pre1.patch: process early errors via a
++      dummy HTTP/1.1 request as well in modules/http2/h2.h,
++      modules/http2/h2_request.c, modules/http2/h2_session.c,
++      modules/http2/h2_stream.c.
++    - debian/patches/CVE-2021-33193-pre2.patch: sync with github standalone
++      version 1.15.17 in modules/http2/h2_bucket_beam.c,
++      modules/http2/h2_config.c, modules/http2/h2_config.h,
++      modules/http2/h2_h2.c, modules/http2/h2_headers.c,
++      modules/http2/h2_headers.h, modules/http2/h2_mplx.c,
++      modules/http2/h2_request.c, modules/http2/h2_stream.h,
++      modules/http2/h2_task.c, modules/http2/h2_task.h,
++      modules/http2/h2_version.h.
++>>>>>>> debian/changelog
      - debian/patches/CVE-2021-33193.patch: refactor request parsing in
        include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
        include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
@@ -21,10 +62,13 @@ apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
      - debian/patches/CVE-2021-34798.patch: add NULL check in
        server/scoreboard.c.
      - CVE-2021-34798
++<<<<<<< debian/changelog
    * SECURITY UPDATE: DoS in mod_proxy_uwsgi
      - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
        generic worker in modules/proxy/mod_proxy_uwsgi.c.
      - CVE-2021-36160
++=======
++>>>>>>> debian/changelog
    * SECURITY UPDATE: buffer overflow in ap_escape_quotes
      - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
        substitution logic in server/util.c.
@@ -37,6 +81,7 @@ apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
        configured UDS path in modules/proxy/proxy_util.c.
      - CVE-2021-40438
++<<<<<<< debian/changelog
   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 23 Sep 2021 12:51:16 -0400
  apache2 (2.4.48-3.1ubuntu1) impish; urgency=medium
@@ -174,6 +219,12 @@ apache2 (2.4.46-4ubuntu2) impish; urgency=medium
      - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
        connection in modules/proxy/mod_proxy_http.c.
      - CVE-2020-13950
++=======
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 23 Sep 2021 13:01:10 -0400
++
++apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium
++
++>>>>>>> debian/changelog
    * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
      - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
        base64 to fail early if the format can't match anyway in
@@ -191,6 +242,7 @@ apache2 (2.4.46-4ubuntu2) impish; urgency=medium
      - debian/patches/CVE-2021-30641.patch: change default behavior in
        server/request.c.
      - CVE-2021-30641
++<<<<<<< debian/changelog
   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 17 Jun 2021 13:09:41 -0400
@@ -573,6 +625,143 @@ apache2 (2.4.38-3ubuntu1) eoan; urgency=low
  apache2 (2.4.38-3) unstable; urgency=high
    [ Marc Deslauriers ]
++=======
++  * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in
++    bionic-proposed.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 18 Jun 2021 07:06:22 -0400
++
++apache2 (2.4.29-1ubuntu4.14) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: mod_rewrite redirect issue
++    - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
++      in include/ap_regex.h, server/core.c, server/util_pcre.c.
++    - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
++      opt-out of pcre defaults in include/ap_regex.h,
++      modules/filters/mod_substitute.c, server/util_pcre.c,
++      server/util_regex.c.
++    - CVE-2020-1927
++  * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
++    - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
++      modules/proxy/mod_proxy_ftp.c.
++    - CVE-2020-1934
++  * SECURITY UPDATE: DoS via invalid Cache-Digest header
++    - debian/patches/CVE-2020-9490.patch: remove support for abandoned
++      http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
++    - CVE-2020-9490
++  * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
++    - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
++      worker could deadlock the main connection in modules/http2/*.
++    - debian/patches/CVE-2020-11993.patch: fix logging and rename
++      terminology in modules/http2/*.
++    - CVE-2020-11993
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 12 Aug 2020 17:33:25 -0400
++
++apache2 (2.4.29-1ubuntu4.13) bionic-security; urgency=medium
++
++  * Add additional missing commits to TLSv1.3 support. (LP: #1867223)
++    - debian/patches/tlsv1.3-support-2.patch: fix whitespace and copy/paste
++      typos in modules/ssl/ssl_engine_kernel.c.
++    - debian/patches/tlsv1.3-support-3.patch: fail with 403 if
++      SSL_verify_client_post_handshake fails in
++      modules/ssl/ssl_engine_kernel.c.
++    - debian/patches/tlsv1.3-support-4.patch: disable AUTO_RETRY mode for
++      OpenSSL 1.1.1, which fixes post-handshake authentication in
++      modules/ssl/ssl_engine_init.c.
++    - debian/patches/tlsv1.3-support-5.patch: retrieve and set
++      sslconn->client_cert here for both "modern" and classic access
++      control in modules/ssl/ssl_engine_kernel.c.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 13 Mar 2020 08:26:16 -0400
++
++apache2 (2.4.29-1ubuntu4.12) bionic; urgency=medium
++
++  * Add TLSv1.3 support. (LP: #1845263)
++    - debian/patches/tlsv1.3-support.patch: backport upstream 2.4 commit
++      which introduced TLSv1.3 support.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 03 Dec 2019 10:55:03 -0500
++
++apache2 (2.4.29-1ubuntu4.11) bionic-security; urgency=medium
++
++  * SECURITY REGRESSION:  mod_proxy balancer XSS/CSRF hardening broke
++    browsers which change case in headers and breaks balancers
++    loading in some configurations (LP: #1842701)
++    - drop d/p/CVE-2019-10092-3.patch
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 16 Sep 2019 05:58:48 -0700
++
++apache2 (2.4.29-1ubuntu4.10) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
++    - d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
++      http/2 module keepalive throttling.
++    - CVE-2019-9517
++  * SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
++    denial of service (LP: #1840188)
++    - d/p/mod_http2-1.14.1-backport-0019-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
++      re-use slave connections and fix slave connection keepalives
++      counter.
++    - CVE-2019-0197
++  * SECURITY UPDATE: mod_http2 memory corruption on early pushes
++    - included in mod_http2 1.15.4 backport
++    - CVE-2019-10081
++  * SECURITY UPDATE: read-after-free in mod_http2 h2 connection
++    shutdown.
++    - included in mod_http2 1.15.4 backport
++    - CVE-2019-10082
++  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
++    error page.
++    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
++      error documents.
++    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
++    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
++      protection.
++    - CVE-2019-10092-1
++  * SECURITY UPDATE: mod_rewrite potential open redirect.
++    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
++    - CVE-2019-10098
++  * Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
++    CVE-2019-10081, and CVE-2019-10082 fixes:
++    - add d/p/mod_http2-1.14.1-backport-*.patches and
++      d/p/mod_http2-1.15.4-backport-*.patches
++    - dropped the following patches included above:
++      + d/p/CVE-2018-1302.patch
++      + d/p/CVE-2018-1333.patch
++      + d/p/CVE-2018-11763.patch
++      + d/p/CVE-2018-17189.patch
++      + d/p/CVE-2019-0196.patch
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 26 Aug 2019 06:41:23 -0700
++
++apache2 (2.4.29-1ubuntu4.8) bionic; urgency=medium
++
++  * d/p/ssl-read-rc-value-openssl-1.1.1.patch: Handle SSL_read() return code 0
++    similarly to <0 with openssl 1.1.1
++  * d/p/clear-retry-flags-before-abort.patch: clear retry flags before
++    aborting on client-initiated reneg (LP: #1836329)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 16 Jul 2019 15:14:45 -0300
++
++apache2 (2.4.29-1ubuntu4.7) bionic; urgency=medium
++
++  * d/p/disable-ssl-1.1.1-auto-retry.patch: fix client certificate
++    authentication when built with openssl 1.1.1 (LP: #1833039)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 28 Jun 2019 13:49:35 -0300
++
++apache2 (2.4.29-1ubuntu4.6) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: slowloris DoS in mod_http2
++    - debian/patches/CVE-2018-17189.patch: change cleanup strategy for
++      slave connections in modules/http2/h2_conn.c.
++    - CVE-2018-17189
++  * SECURITY UPDATE: mod_session expiry time issue
++    - debian/patches/CVE-2018-17199.patch: always decode session attributes
++      early in modules/session/mod_session.c.
++    - CVE-2018-17199
++>>>>>>> debian/changelog
    * SECURITY UPDATE: read-after-free on a string compare in mod_http2
      - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
        request method in modules/http2/h2_request.c.
@@ -583,10 +772,13 @@ apache2 (2.4.38-3) unstable; urgency=high
        server/mpm/event/event.c, server/mpm/prefork/prefork.c,
        server/mpm/worker/worker.c.
      - CVE-2019-0211
++<<<<<<< debian/changelog
    * SECURITY UPDATE: mod_ssl access control bypass
      - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
        PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
      - CVE-2019-0215
++=======
++>>>>>>> debian/changelog
    * SECURITY UPDATE: mod_auth_digest access control bypass
      - debian/patches/CVE-2019-0217.patch: fix a race condition in
        modules/aaa/mod_auth_digest.c.
@@ -601,6 +793,7 @@ apache2 (2.4.38-3) unstable; urgency=high
        server/util.c.
      - CVE-2019-0220
++<<<<<<< debian/changelog
    [ Stefan Fritsch ]
    * Pull security fixes from 2.4.39 via Ubuntu
    * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade
@@ -765,11 +958,35 @@ apache2 (2.4.35-1) unstable; urgency=medium
  apache2 (2.4.34-1ubuntu2) cosmic; urgency=medium
    * SECURITY UPDATE: denial of service in HTTP/2 via large SETTINGS frames
++=======
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Apr 2019 09:22:37 -0400
++
++apache2 (2.4.29-1ubuntu4.5) bionic; urgency=medium
++
++  * d/debhelper/apache2-maintscript-helper: fix typo in apache2_switch_mpm()'s
++    a2query call. (LP: #1782806)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 10 Oct 2018 15:59:25 -0300
++
++apache2 (2.4.29-1ubuntu4.4) bionic-security; urgency=medium
++
++  * SECURITY UPDATE: DoS in HTTP/2 via NULL pointer
++    - debian/patches/CVE-2018-1302.patch: remove obsolete stream detach
++      code in modules/http2/h2_bucket_beam.c, modules/http2/h2_stream.c,
++      modules/http2/h2_stream.h.
++    - CVE-2018-1302
++  * SECURITY UPDATE: DoS in HTTP/2 via worker exhaustion
++    - debian/patches/CVE-2018-1333.patch: always wake up any conditional
++      waits when streams are aborted in modules/http2/h2_bucket_beam.c.
++    - CVE-2018-1333
++  * SECURITY UPDATE: DoS in HTTP/2 via large SETTINGS frames
++>>>>>>> debian/changelog
      - debian/patches/CVE-2018-11763.patch: rework connection IO event
        handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
        modules/http2/h2_version.h.
      - CVE-2018-11763
++<<<<<<< debian/changelog
   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 09:57:22 -0400
  apache2 (2.4.34-1ubuntu1) cosmic; urgency=medium
@@ -963,6 +1180,26 @@ apache2 (2.4.29-2) unstable; urgency=medium
    * Add Build-Depends on libbrotli-dev and enable brotli module
   -- Ondřej Surý <ondrej@debian.org>  Sun, 14 Jan 2018 11:01:58 +0000
++=======
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Oct 2018 10:41:08 -0400
++
++apache2 (2.4.29-1ubuntu4.3) bionic; urgency=medium
++
++  * d/p/balance-member-long-hostname-part{1,2}.patch: Provide an RFC1035
++    compliant version of the hostname in the
++    proxy_worker_shared structure. A hostname that is too long is no longer a
++    fatal error. (LP: #1750356)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 27 Jun 2018 14:05:04 -0300
++
++apache2 (2.4.29-1ubuntu4.2) bionic; urgency=medium
++
++  * debian/patches/includeoptional-ignore-non-existent.patch: silently
++    ignore a not existent file path with IncludeOptional .  Closes LP:
++    #1766186.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 07 Jun 2018 18:10:10 -0300
++>>>>>>> debian/changelog
  apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
@@ -3072,6 +3309,18 @@ apache2 (2.2.21-5ubuntu1) precise; urgency=low
   -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++apache2 (2.2.21-5ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    - debian/{control, rules}: Enable PIE hardening.
++    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
++    - debian/control: Add bzr tag and point it to our tree
++    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
++    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
++      Plymouth aware passphrase dialog program ask-for-passphrase.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 06:26:31 +0000
++
  apache2 (2.2.21-5) unstable; urgency=low
    [ Arno Töll ]
 diff --git a/debian/control b/debian/control
 index c12b174..9c00a61 100644
 --- a/debian/control
 +++ b/debian/control
@@ -7,6 +7,7 @@ Uploaders: Stefan Fritsch <sf@debian.org>,
             Yadd <yadd@debian.org>
  Section: httpd
  Priority: optional
++<<<<<<< debian/control
  Build-Depends: debhelper-compat (= 13),
                 dpkg-dev (>= 1.16.1~),
                 bison,
@@ -25,6 +26,15 @@ Build-Depends: debhelper-compat (= 13),
                 zlib1g-dev,
                 libcurl4-openssl-dev | libcurl4-dev,
                 libjansson-dev
++=======
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
++Uploaders: Stefan Fritsch <sf@debian.org>, Arno Töll <arno@debian.org>
++Build-Depends: debhelper (>= 9.20160709~), lsb-release, dpkg-dev (>= 1.16.1~),
++ libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev, zlib1g-dev,
++ libnghttp2-dev, libssl-dev (>= 1.1), perl,
++ liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk
++>>>>>>> debian/control
  Build-Conflicts: autoconf2.13
  Standards-Version: 4.5.1
  Vcs-Browser: https://salsa.debian.org/apache-team/apache2
@@ -43,6 +53,7 @@ Depends: apache2-bin (= ${binary:Version}),
           procps [!hurd-i386],
           ${misc:Depends}
  Recommends: ssl-cert
++<<<<<<< debian/control
  Suggests: apache2-doc,
            apache2-suexec-pristine | apache2-suexec-custom,
            www-browser,
@@ -57,6 +68,11 @@ Provides: httpd,
  Replaces: apache2.2-bin,
            apache2.2-common,
            libapache2-mod-proxy-uwsgi (<< 2.4.33)
++=======
++Conflicts: apache2.2-common, apache2.2-bin
++Replaces: apache2.2-common, apache2.2-bin
++Suggests: www-browser, apache2-doc, apache2-suexec-pristine | apache2-suexec-custom, ufw
++>>>>>>> debian/control
  Description: Apache HTTP Server
   The Apache HTTP Server Project's goal is to build a secure, efficient and
   extensible HTTP server as standards-compliant open source software. The
 diff --git a/debian/patches/086_svn_cross_compiles b/debian/patches/086_svn_cross_compiles
 new file mode 100644
 index 0000000..b237908
 --- /dev/null
 +++ b/debian/patches/086_svn_cross_compiles
@@ -0,0 +1,118 @@
++Description: Pull upstream fixes for autotools for cross-compiling
++Author: Adam Conrad <adconrad@ubuntu.com>
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328445
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1327907
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328390
++Origin: upstream, http://svn.eu.apache.org/viewvc?view=revision&revision=1328714
++Forwarded: not-needed
++
++Index: apache2-2.4.29/acinclude.m4
++===================================================================
++--- apache2-2.4.29.orig/acinclude.m4	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/acinclude.m4	2017-11-10 10:56:51.484205199 -0500
++@@ -55,6 +55,8 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
++   APACHE_SUBST(CPPFLAGS)
++   APACHE_SUBST(CFLAGS)
++   APACHE_SUBST(CXXFLAGS)
+++  APACHE_SUBST(CC_FOR_BUILD)
+++  APACHE_SUBST(CFLAGS_FOR_BUILD)
++   APACHE_SUBST(LTFLAGS)
++   APACHE_SUBST(LDFLAGS)
++   APACHE_SUBST(LT_LDFLAGS)
++@@ -697,7 +699,7 @@ int main(void)
++ {
++     return sizeof(void *) < sizeof(long);
++ }], [ap_cv_void_ptr_lt_long=no], [ap_cv_void_ptr_lt_long=yes],
++-    [ap_cv_void_ptr_lt_long=yes])])
+++    [ap_cv_void_ptr_lt_long="cross compile - not checked"])])
++
++ if test "$ap_cv_void_ptr_lt_long" = "yes"; then
++     AC_MSG_ERROR([Size of "void *" is less than size of "long"])
++Index: apache2-2.4.29/configure
++===================================================================
++--- apache2-2.4.29.orig/configure	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/configure	2017-11-10 10:56:51.488205250 -0500
++@@ -662,6 +662,8 @@ HTTPD_LDFLAGS
++ SH_LDFLAGS
++ LT_LDFLAGS
++ LTFLAGS
+++CFLAGS_FOR_BUILD
+++CC_FOR_BUILD
++ CXXFLAGS
++ CXX
++ other_targets
++@@ -6071,6 +6073,12 @@ fi
++
++
++
+++if test "x${build_alias}" != "x${host_alias}"; then
+++  if test "x${CC_FOR_BUILD}" = "x"; then
+++    CC_FOR_BUILD=cc
+++  fi
+++fi
+++
++ if test "x${cache_file}" = "x/dev/null"; then
++   # Likewise, ensure that CC and CPP are passed through to the pcre
++   # configure script iff caching is disabled (the autoconf 2.5x default).
++@@ -7698,7 +7706,7 @@ if ${ap_cv_void_ptr_lt_long+:} false; th
++   $as_echo_n "(cached) " >&6
++ else
++   if test "$cross_compiling" = yes; then :
++-  ap_cv_void_ptr_lt_long=yes
+++  ap_cv_void_ptr_lt_long="cross compile - not checked"
++ else
++   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++ /* end confdefs.h.  */
++@@ -37522,6 +37530,14 @@ $as_echo "$as_me: " >&6;}
++
++
++
+++  APACHE_VAR_SUBST="$APACHE_VAR_SUBST CC_FOR_BUILD"
+++
+++
+++
+++  APACHE_VAR_SUBST="$APACHE_VAR_SUBST CFLAGS_FOR_BUILD"
+++
+++
+++
++   APACHE_VAR_SUBST="$APACHE_VAR_SUBST LTFLAGS"
++
++
++Index: apache2-2.4.29/configure.in
++===================================================================
++--- apache2-2.4.29.orig/configure.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/configure.in	2017-11-10 10:56:51.488205250 -0500
++@@ -206,6 +206,14 @@ AC_PROG_CPP
++ dnl Try to get c99 support for variadic macros
++ ifdef([AC_PROG_CC_C99], [AC_PROG_CC_C99])
++
+++dnl In case of cross compilation we set CC_FOR_BUILD to cc unless
+++dnl we got already CC_FOR_BUILD from environment.
+++if test "x${build_alias}" != "x${host_alias}"; then
+++  if test "x${CC_FOR_BUILD}" = "x"; then
+++    CC_FOR_BUILD=cc
+++  fi
+++fi
+++
++ if test "x${cache_file}" = "x/dev/null"; then
++   # Likewise, ensure that CC and CPP are passed through to the pcre
++   # configure script iff caching is disabled (the autoconf 2.5x default).
++Index: apache2-2.4.29/server/Makefile.in
++===================================================================
++--- apache2-2.4.29.orig/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
+++++ apache2-2.4.29/server/Makefile.in	2017-11-10 10:56:51.488205250 -0500
++@@ -24,9 +24,14 @@ TARGETS = delete-exports $(LTLIBRARY_NAM
++ include $(top_builddir)/build/rules.mk
++ include $(top_srcdir)/build/library.mk
++
+++ifdef CC_FOR_BUILD
+++gen_test_char: gen_test_char.c
+++	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<
+++else
++ gen_test_char_OBJECTS = gen_test_char.lo
++ gen_test_char: $(gen_test_char_OBJECTS)
++ 	$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
+++endif
++
++ test_char.h: gen_test_char
++ 	./gen_test_char > test_char.h
 diff --git a/debian/patches/CVE-2017-15710.patch b/debian/patches/CVE-2017-15710.patch
 new file mode 100644
 index 0000000..a218970
 --- /dev/null
 +++ b/debian/patches/CVE-2017-15710.patch
@@ -0,0 +1,24 @@
++Description: fix DoS via missing header with AuthLDAPCharsetConfig
++Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1824456
++
++Index: apache2-2.4.29/modules/aaa/mod_authnz_ldap.c
++===================================================================
++--- apache2-2.4.29.orig/modules/aaa/mod_authnz_ldap.c	2017-06-29 07:31:20.000000000 -0400
+++++ apache2-2.4.29/modules/aaa/mod_authnz_ldap.c	2018-04-18 09:14:38.995193064 -0400
++@@ -126,9 +126,13 @@ static char* derive_codepage_from_lang (
++
++     charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
++
++-    if (!charset) {
++-        language[2] = '\0';
++-        charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
+++    /*
+++     * Test if language values like 'en-US' return a match from the charset
+++     * conversion map when shortened to 'en'.
+++     */
+++    if (!charset && strlen(language) > 3 && language[2] == '-') {
+++        char *language_short = apr_pstrndup(p, language, 2);
+++        charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
++     }
++
++     if (charset) {
 diff --git a/debian/patches/CVE-2017-15715.patch b/debian/patches/CVE-2017-15715.patch
 new file mode 100644
 index 0000000..157a0b2
 --- /dev/null
 +++ b/debian/patches/CVE-2017-15715.patch
@@ -0,0 +1,192 @@
++Description: fix incorrect <FilesMatch> matching
++Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1824472
++
++Index: apache2-2.4.29/include/ap_regex.h
++===================================================================
++--- apache2-2.4.29.orig/include/ap_regex.h	2014-01-05 11:14:26.000000000 -0500
+++++ apache2-2.4.29/include/ap_regex.h	2018-04-18 09:14:53.391220215 -0400
++@@ -77,6 +77,8 @@ extern "C" {
++ #define AP_REG_NOMEM 0x20    /* nomem in our code */
++ #define AP_REG_DOTALL 0x40   /* perl's /s flag */
++
+++#define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */
+++
++ #define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */
++
++ /* Error values: */
++@@ -103,6 +105,26 @@ typedef struct {
++ /* The functions */
++
++ /**
+++ * Get default compile flags
+++ * @return Bitwise OR of AP_REG_* flags
+++ */
+++AP_DECLARE(int) ap_regcomp_get_default_cflags(void);
+++
+++/**
+++ * Set default compile flags
+++ * @param cflags Bitwise OR of AP_REG_* flags
+++ */
+++AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags);
+++
+++/**
+++ * Get the AP_REG_* corresponding to the string.
+++ * @param name The name (i.e. AP_REG_<name>)
+++ * @return The AP_REG_*, or zero if the string is unknown
+++ *
+++ */
+++AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name);
+++
+++/**
++  * Compile a regular expression.
++  * @param preg Returned compiled regex
++  * @param regex The regular expression string
++Index: apache2-2.4.29/server/core.c
++===================================================================
++--- apache2-2.4.29.orig/server/core.c	2017-09-08 09:13:11.000000000 -0400
+++++ apache2-2.4.29/server/core.c	2018-04-18 09:14:53.387220208 -0400
++@@ -48,6 +48,7 @@
++ #include "mod_core.h"
++ #include "mod_proxy.h"
++ #include "ap_listen.h"
+++#include "ap_regex.h"
++
++ #include "mod_so.h" /* for ap_find_loaded_module_symbol */
++
++@@ -2846,6 +2847,58 @@ static const char *virtualhost_section(c
++     return errmsg;
++ }
++
+++static const char *set_regex_default_options(cmd_parms *cmd,
+++                                             void *dummy,
+++                                             const char *arg)
+++{
+++    const command_rec *thiscmd = cmd->cmd;
+++    int cflags, cflag;
+++
+++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+++    if (err != NULL) {
+++        return err;
+++    }
+++
+++    cflags = ap_regcomp_get_default_cflags();
+++    while (*arg) {
+++        const char *name = ap_getword_conf(cmd->pool, &arg);
+++        int how = 0;
+++
+++        if (strcasecmp(name, "none") == 0) {
+++            cflags = 0;
+++            continue;
+++        }
+++
+++        if (*name == '+') {
+++            name++;
+++            how = +1;
+++        }
+++        else if (*name == '-') {
+++            name++;
+++            how = -1;
+++        }
+++
+++        cflag = ap_regcomp_default_cflag_by_name(name);
+++        if (!cflag) {
+++            return apr_psprintf(cmd->pool, "%s: option '%s' unknown",
+++                                thiscmd->name, name);
+++        }
+++
+++        if (how > 0) {
+++            cflags |= cflag;
+++        }
+++        else if (how < 0) {
+++            cflags &= ~cflag;
+++        }
+++        else {
+++            cflags = cflag;
+++        }
+++    }
+++    ap_regcomp_set_default_cflags(cflags);
+++
+++    return NULL;
+++}
+++
++ static const char *set_server_alias(cmd_parms *cmd, void *dummy,
++                                     const char *arg)
++ {
++@@ -4421,6 +4474,9 @@ AP_INIT_TAKE12("RLimitNPROC", no_set_lim
++    OR_ALL, "soft/hard limits for max number of processes per uid"),
++ #endif
++
+++AP_INIT_RAW_ARGS("RegexDefaultOptions", set_regex_default_options, NULL, RSRC_CONF,
+++                 "default options for regexes (prefixed by '+' to add, '-' to del)"),
+++
++ /* internal recursion stopper */
++ AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF,
++               "maximum recursion depth of internal redirects and subrequests"),
++@@ -4856,6 +4912,8 @@ static int core_pre_config(apr_pool_t *p
++     apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
++                               apr_pool_cleanup_null);
++
+++    ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
+++
++     mpm_common_pre_config(pconf);
++
++     return OK;
++Index: apache2-2.4.29/server/util_pcre.c
++===================================================================
++--- apache2-2.4.29.orig/server/util_pcre.c	2014-01-05 11:14:26.000000000 -0500
+++++ apache2-2.4.29/server/util_pcre.c	2018-04-18 09:14:53.391220215 -0400
++@@ -111,6 +111,38 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *
++  *            Compile a regular expression       *
++  *************************************************/
++
+++static int default_cflags = AP_REG_DOLLAR_ENDONLY;
+++
+++AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
+++{
+++    return default_cflags;
+++}
+++
+++AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags)
+++{
+++    default_cflags = cflags;
+++}
+++
+++AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name)
+++{
+++    int cflag = 0;
+++
+++    if (ap_cstr_casecmp(name, "ICASE") == 0) {
+++        cflag = AP_REG_ICASE;
+++    }
+++    else if (ap_cstr_casecmp(name, "DOTALL") == 0) {
+++        cflag = AP_REG_DOTALL;
+++    }
+++    else if (ap_cstr_casecmp(name, "DOLLAR_ENDONLY") == 0) {
+++        cflag = AP_REG_DOLLAR_ENDONLY;
+++    }
+++    else if (ap_cstr_casecmp(name, "EXTENDED") == 0) {
+++        cflag = AP_REG_EXTENDED;
+++    }
+++
+++    return cflag;
+++}
+++
++ /*
++  * Arguments:
++  *  preg        points to a structure for recording the compiled expression
++@@ -127,12 +159,15 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t *
++     int errcode = 0;
++     int options = PCRE_DUPNAMES;
++
+++    cflags |= default_cflags;
++     if ((cflags & AP_REG_ICASE) != 0)
++         options |= PCRE_CASELESS;
++     if ((cflags & AP_REG_NEWLINE) != 0)
++         options |= PCRE_MULTILINE;
++     if ((cflags & AP_REG_DOTALL) != 0)
++         options |= PCRE_DOTALL;
+++    if ((cflags & AP_REG_DOLLAR_ENDONLY) != 0)
+++        options |= PCRE_DOLLAR_ENDONLY;
++
++     preg->re_pcre =
++         pcre_compile2(pattern, options, &errcode, &errorptr, &erroffset, NULL);
 diff --git a/debian/patches/CVE-2018-1283.patch b/debian/patches/CVE-2018-1283.patch
 new file mode 100644
 index 0000000..b596b3c
 --- /dev/null
 +++ b/debian/patches/CVE-2018-1283.patch
@@ -0,0 +1,28 @@
++Description: fix mod_session header manipulation
++Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1824477
++
++Index: apache2-2.4.29/modules/session/mod_session.c
++===================================================================
++--- apache2-2.4.29.orig/modules/session/mod_session.c	2016-11-14 06:15:08.000000000 -0500
+++++ apache2-2.4.29/modules/session/mod_session.c	2018-04-18 09:15:12.551256243 -0400
++@@ -510,12 +510,15 @@ static int session_fixups(request_rec *
++      */
++     ap_session_load(r, &z);
++
++-    if (z && conf->env) {
++-        session_identity_encode(r, z);
++-        if (z->encoded) {
++-            apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
++-            z->encoded = NULL;
+++    if (conf->env) {
+++        if (z) {
+++            session_identity_encode(r, z);
+++            if (z->encoded) {
+++                apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
+++                z->encoded = NULL;
+++            }
++         }
+++        apr_table_unset(r->headers_in, "Session");
++     }
++
++     return OK;
 diff --git a/debian/patches/CVE-2018-1301.patch b/debian/patches/CVE-2018-1301.patch
 new file mode 100644
 index 0000000..c4fc07a
 --- /dev/null
 +++ b/debian/patches/CVE-2018-1301.patch
@@ -0,0 +1,200 @@
++Description: fix DoS via specially-crafted request
++Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1824469
++
++Index: apache2-2.4.29/server/protocol.c
++===================================================================
++--- apache2-2.4.29.orig/server/protocol.c	2017-10-10 13:51:13.000000000 -0400
+++++ apache2-2.4.29/server/protocol.c	2018-04-18 09:15:27.027283380 -0400
++@@ -225,6 +225,11 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++     int fold = flags & AP_GETLINE_FOLD;
++     int crlf = flags & AP_GETLINE_CRLF;
++
+++    if (!n) {
+++        /* Needs room for NUL byte at least */
+++        return APR_BADARG;
+++    }
+++
++     /*
++      * Initialize last_char as otherwise a random value will be compared
++      * against APR_ASCII_LF at the end of the loop if bb only contains
++@@ -238,14 +243,15 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++         rv = ap_get_brigade(r->proto_input_filters, bb, AP_MODE_GETLINE,
++                             APR_BLOCK_READ, 0);
++         if (rv != APR_SUCCESS) {
++-            return rv;
+++            goto cleanup;
++         }
++
++         /* Something horribly wrong happened.  Someone didn't block!
++          * (this also happens at the end of each keepalive connection)
++          */
++         if (APR_BRIGADE_EMPTY(bb)) {
++-            return APR_EGENERAL;
+++            rv = APR_EGENERAL;
+++            goto cleanup;
++         }
++
++         for (e = APR_BRIGADE_FIRST(bb);
++@@ -263,7 +269,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++
++             rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
++             if (rv != APR_SUCCESS) {
++-                return rv;
+++                goto cleanup;
++             }
++
++             if (len == 0) {
++@@ -276,17 +282,8 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++
++             /* Would this overrun our buffer?  If so, we'll die. */
++             if (n < bytes_handled + len) {
++-                *read = bytes_handled;
++-                if (*s) {
++-                    /* ensure this string is NUL terminated */
++-                    if (bytes_handled > 0) {
++-                        (*s)[bytes_handled-1] = '\0';
++-                    }
++-                    else {
++-                        (*s)[0] = '\0';
++-                    }
++-                }
++-                return APR_ENOSPC;
+++                rv = APR_ENOSPC;
+++                goto cleanup;
++             }
++
++             /* Do we have to handle the allocation ourselves? */
++@@ -294,7 +291,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++                 /* We'll assume the common case where one bucket is enough. */
++                 if (!*s) {
++                     current_alloc = len;
++-                    *s = apr_palloc(r->pool, current_alloc);
+++                    *s = apr_palloc(r->pool, current_alloc + 1);
++                 }
++                 else if (bytes_handled + len > current_alloc) {
++                     /* Increase the buffer size */
++@@ -305,7 +302,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++                         new_size = (bytes_handled + len) * 2;
++                     }
++
++-                    new_buffer = apr_palloc(r->pool, new_size);
+++                    new_buffer = apr_palloc(r->pool, new_size + 1);
++
++                     /* Copy what we already had. */
++                     memcpy(new_buffer, *s, bytes_handled);
++@@ -329,19 +326,15 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++         }
++     }
++
++-    if (crlf && (last_char <= *s || last_char[-1] != APR_ASCII_CR)) {
++-        *last_char = '\0';
++-        bytes_handled = last_char - *s;
++-        *read = bytes_handled;
++-        return APR_EINVAL;
++-    }
++-
++-    /* Now NUL-terminate the string at the end of the line;
+++    /* Now terminate the string at the end of the line;
++      * if the last-but-one character is a CR, terminate there */
++     if (last_char > *s && last_char[-1] == APR_ASCII_CR) {
++         last_char--;
++     }
++-    *last_char = '\0';
+++    else if (crlf) {
+++        rv = APR_EINVAL;
+++        goto cleanup;
+++    }
++     bytes_handled = last_char - *s;
++
++     /* If we're folding, we have more work to do.
++@@ -361,7 +354,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++             rv = ap_get_brigade(r->proto_input_filters, bb, AP_MODE_SPECULATIVE,
++                                 APR_BLOCK_READ, 1);
++             if (rv != APR_SUCCESS) {
++-                return rv;
+++                goto cleanup;
++             }
++
++             if (APR_BRIGADE_EMPTY(bb)) {
++@@ -378,7 +371,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++             rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
++             if (rv != APR_SUCCESS) {
++                 apr_brigade_cleanup(bb);
++-                return rv;
+++                goto cleanup;
++             }
++
++             /* Found one, so call ourselves again to get the next line.
++@@ -395,10 +388,8 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++             if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
++                 /* Do we have enough space? We may be full now. */
++                 if (bytes_handled >= n) {
++-                    *read = n;
++-                    /* ensure this string is terminated */
++-                    (*s)[n-1] = '\0';
++-                    return APR_ENOSPC;
+++                    rv = APR_ENOSPC;
+++                    goto cleanup;
++                 }
++                 else {
++                     apr_size_t next_size, next_len;
++@@ -411,7 +402,6 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++                         tmp = NULL;
++                     }
++                     else {
++-                        /* We're null terminated. */
++                         tmp = last_char;
++                     }
++
++@@ -420,7 +410,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++                     rv = ap_rgetline_core(&tmp, next_size,
++                                           &next_len, r, 0, bb);
++                     if (rv != APR_SUCCESS) {
++-                        return rv;
+++                        goto cleanup;
++                     }
++
++                     if (do_alloc && next_len > 0) {
++@@ -434,7 +424,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++                         memcpy(new_buffer, *s, bytes_handled);
++
++                         /* copy the new line, including the trailing null */
++-                        memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
+++                        memcpy(new_buffer + bytes_handled, tmp, next_len);
++                         *s = new_buffer;
++                     }
++
++@@ -447,8 +437,21 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
++             }
++         }
++     }
+++
+++cleanup:
+++    if (bytes_handled >= n) {
+++        bytes_handled = n - 1;
+++    }
+++    if (*s) {
+++        /* ensure the string is NUL terminated */
+++        (*s)[bytes_handled] = '\0';
+++    }
++     *read = bytes_handled;
++
+++    if (rv != APR_SUCCESS) {
+++        return rv;
+++    }
+++
++     /* PR#43039: We shouldn't accept NULL bytes within the line */
++     if (strlen(*s) < bytes_handled) {
++         return APR_EINVAL;
++@@ -487,6 +490,11 @@ AP_DECLARE(int) ap_getline(char *s, int
++     apr_size_t len;
++     apr_bucket_brigade *tmp_bb;
++
+++    if (n < 1) {
+++        /* Can't work since we always NUL terminate */
+++        return -1;
+++    }
+++
++     tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
++     rv = ap_rgetline(&tmp_s, n, &len, r, flags, tmp_bb);
++     apr_brigade_destroy(tmp_bb);
 diff --git a/debian/patches/CVE-2018-1303.patch b/debian/patches/CVE-2018-1303.patch
 new file mode 100644
 index 0000000..42192c8
 --- /dev/null
 +++ b/debian/patches/CVE-2018-1303.patch
@@ -0,0 +1,17 @@
++Description: fix mod_cache_socache DoS
++Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1824475
++
++Index: apache2-2.4.29/modules/cache/mod_cache_socache.c
++===================================================================
++--- apache2-2.4.29.orig/modules/cache/mod_cache_socache.c	2017-06-29 07:31:20.000000000 -0400
+++++ apache2-2.4.29/modules/cache/mod_cache_socache.c	2018-04-18 09:15:39.675307037 -0400
++@@ -213,7 +213,8 @@ static apr_status_t read_table(cache_han
++                         "Premature end of cache headers.");
++                 return APR_EGENERAL;
++             }
++-            while (apr_isspace(buffer[colon])) {
+++            /* Do not go past the \r from above as apr_isspace('\r') is true */
+++            while (apr_isspace(buffer[colon]) && (colon < *slider)) {
++                 colon++;
++             }
++             apr_table_addn(table, apr_pstrndup(r->pool, (const char *) buffer
 diff --git a/debian/patches/CVE-2018-1312.patch b/debian/patches/CVE-2018-1312.patch
 new file mode 100644
 index 0000000..f91999a
 --- /dev/null
 +++ b/debian/patches/CVE-2018-1312.patch
@@ -0,0 +1,403 @@
++Description: fix insecure nonce generation
++Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1824481
++Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=54637
++
++Index: apache2-2.4.29/modules/aaa/mod_auth_digest.c
++===================================================================
++--- apache2-2.4.29.orig/modules/aaa/mod_auth_digest.c	2017-07-05 20:02:54.000000000 -0400
+++++ apache2-2.4.29/modules/aaa/mod_auth_digest.c	2018-04-18 09:15:50.839327873 -0400
++@@ -26,20 +26,13 @@
++  * reports to the Apache bug-database, or send them directly to me
++  * at ronald@innovation.ch.
++  *
++- * Requires either /dev/random (or equivalent) or the truerand library,
++- * available for instance from
++- * ftp://research.att.com/dist/mab/librand.shar
++- *
++  * Open Issues:
++  *   - qop=auth-int (when streams and trailer support available)
++  *   - nonce-format configurability
++  *   - Proxy-Authorization-Info header is set by this module, but is
++  *     currently ignored by mod_proxy (needs patch to mod_proxy)
++- *   - generating the secret takes a while (~ 8 seconds) if using the
++- *     truerand library
++  *   - The source of the secret should be run-time directive (with server
++- *     scope: RSRC_CONF). However, that could be tricky when trying to
++- *     choose truerand vs. file...
+++ *     scope: RSRC_CONF)
++  *   - shared-mem not completely tested yet. Seems to work ok for me,
++  *     but... (definitely won't work on Windoze)
++  *   - Sharing a realm among multiple servers has following problems:
++@@ -52,6 +45,8 @@
++  *       captures a packet sent to one server and sends it to another
++  *       one. Should we add "AuthDigestNcCheck Strict"?
++  *   - expired nonces give amaya fits.
+++ *   - MD5-sess and auth-int are not yet implemented. An incomplete
+++ *     implementation has been removed and can be retrieved from svn history.
++  */
++
++ #include "apr_sha1.h"
++@@ -94,7 +89,6 @@ typedef struct digest_config_struct {
++     apr_array_header_t *qop_list;
++     apr_sha1_ctx_t  nonce_ctx;
++     apr_time_t    nonce_lifetime;
++-    const char  *nonce_format;
++     int          check_nc;
++     const char  *algorithm;
++     char        *uri_list;
++@@ -112,7 +106,8 @@ typedef struct digest_config_struct {
++ #define NONCE_HASH_LEN  (2*APR_SHA1_DIGESTSIZE)
++ #define NONCE_LEN       (int )(NONCE_TIME_LEN + NONCE_HASH_LEN)
++
++-#define SECRET_LEN      20
+++#define SECRET_LEN          20
+++#define RETAINED_DATA_ID    "mod_auth_digest"
++
++
++ /* client list definitions */
++@@ -121,7 +116,6 @@ typedef struct hash_entry {
++     unsigned long      key;                     /* the key for this entry    */
++     struct hash_entry *next;                    /* next entry in the bucket  */
++     unsigned long      nonce_count;             /* for nonce-count checking  */
++-    char               ha1[2*APR_MD5_DIGESTSIZE+1]; /* for algorithm=MD5-sess    */
++     char               last_nonce[NONCE_LEN+1]; /* for one-time nonce's      */
++ } client_entry;
++
++@@ -170,7 +164,7 @@ typedef union time_union {
++     unsigned char arr[sizeof(apr_time_t)];
++ } time_rec;
++
++-static unsigned char secret[SECRET_LEN];
+++static unsigned char *secret;
++
++ /* client-list, opaque, and one-time-nonce stuff */
++
++@@ -228,35 +222,11 @@ static apr_status_t cleanup_tables(void
++     return APR_SUCCESS;
++ }
++
++-static apr_status_t initialize_secret(server_rec *s)
++-{
++-    apr_status_t status;
++-
++-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01757)
++-                 "generating secret for digest authentication ...");
++-
++-#if APR_HAS_RANDOM
++-    status = apr_generate_random_bytes(secret, sizeof(secret));
++-#else
++-#error APR random number support is missing; you probably need to install the truerand library.
++-#endif
++-
++-    if (status != APR_SUCCESS) {
++-        ap_log_error(APLOG_MARK, APLOG_CRIT, status, s, APLOGNO(01758)
++-                     "error generating secret");
++-        return status;
++-    }
++-
++-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01759) "done");
++-
++-    return APR_SUCCESS;
++-}
++-
++ static void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s)
++ {
++     ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01760)
++-                 "%s - all nonce-count checking, one-time nonces, and "
++-                 "MD5-sess algorithm disabled", msg);
+++                 "%s - all nonce-count checking and one-time nonces"
+++                 "disabled", msg);
++
++     cleanup_tables(NULL);
++ }
++@@ -386,16 +356,32 @@ static int initialize_tables(server_rec
++ static int pre_init(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
++ {
++     apr_status_t rv;
+++    void *retained;
++
++     rv = ap_mutex_register(pconf, client_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
++-    if (rv == APR_SUCCESS) {
++-        rv = ap_mutex_register(pconf, opaque_mutex_type, NULL, APR_LOCK_DEFAULT,
++-                               0);
++-    }
++-    if (rv != APR_SUCCESS) {
++-        return rv;
++-    }
+++    if (rv != APR_SUCCESS)
+++        return !OK;
+++    rv = ap_mutex_register(pconf, opaque_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
+++    if (rv != APR_SUCCESS)
+++        return !OK;
++
+++    retained = ap_retained_data_get(RETAINED_DATA_ID);
+++    if (retained == NULL) {
+++        retained = ap_retained_data_create(RETAINED_DATA_ID, SECRET_LEN);
+++        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, APLOGNO(01757)
+++                     "generating secret for digest authentication");
+++#if APR_HAS_RANDOM
+++        rv = apr_generate_random_bytes(retained, SECRET_LEN);
+++#else
+++#error APR random number support is missing
+++#endif
+++        if (rv != APR_SUCCESS) {
+++            ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, APLOGNO(01758)
+++                         "error generating secret");
+++            return !OK;
+++        }
+++    }
+++    secret = retained;
++     return OK;
++ }
++
++@@ -408,10 +394,6 @@ static int initialize_module(apr_pool_t
++     if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
++         return OK;
++
++-    if (initialize_secret(s) != APR_SUCCESS) {
++-        return !OK;
++-    }
++-
++ #if APR_HAS_SHARED_MEMORY
++     /* Note: this stuff is currently fixed for the lifetime of the server,
++      * i.e. even across restarts. This means that A) any shmem-size
++@@ -492,6 +474,16 @@ static void *create_digest_dir_config(ap
++ static const char *set_realm(cmd_parms *cmd, void *config, const char *realm)
++ {
++     digest_config_rec *conf = (digest_config_rec *) config;
+++#ifdef AP_DEBUG
+++    int i;
+++
+++    /* check that we got random numbers */
+++    for (i = 0; i < SECRET_LEN; i++) {
+++        if (secret[i] != 0)
+++            break;
+++    }
+++    ap_assert(i < SECRET_LEN);
+++#endif
++
++     /* The core already handles the realm, but it's just too convenient to
++      * grab it ourselves too and cache some setups. However, we need to
++@@ -505,7 +497,7 @@ static const char *set_realm(cmd_parms *
++      * and directives outside a virtual host section)
++      */
++     apr_sha1_init(&conf->nonce_ctx);
++-    apr_sha1_update_binary(&conf->nonce_ctx, secret, sizeof(secret));
+++    apr_sha1_update_binary(&conf->nonce_ctx, secret, SECRET_LEN);
++     apr_sha1_update_binary(&conf->nonce_ctx, (const unsigned char *) realm,
++                            strlen(realm));
++
++@@ -599,8 +591,7 @@ static const char *set_nonce_lifetime(cm
++ static const char *set_nonce_format(cmd_parms *cmd, void *config,
++                                     const char *fmt)
++ {
++-    ((digest_config_rec *) config)->nonce_format = fmt;
++-    return "AuthDigestNonceFormat is not implemented (yet)";
+++    return "AuthDigestNonceFormat is not implemented";
++ }
++
++ static const char *set_nc_check(cmd_parms *cmd, void *config, int flag)
++@@ -621,7 +612,7 @@ static const char *set_algorithm(cmd_par
++ {
++     if (!strcasecmp(alg, "MD5-sess")) {
++         return "AuthDigestAlgorithm: ERROR: algorithm `MD5-sess' "
++-                "is not fully implemented";
+++                "is not implemented";
++     }
++     else if (strcasecmp(alg, "MD5")) {
++         return apr_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);
++@@ -1147,7 +1138,7 @@ static const char *gen_nonce(apr_pool_t
++ static client_entry *gen_client(const request_rec *r)
++ {
++     unsigned long op;
++-    client_entry new_entry = { 0, NULL, 0, "", "" }, *entry;
+++    client_entry new_entry = { 0, NULL, 0, "" }, *entry;
++
++     if (!opaque_cntr) {
++         return NULL;
++@@ -1168,92 +1159,6 @@ static client_entry *gen_client(const re
++
++
++ /*
++- * MD5-sess code.
++- *
++- * If you want to use algorithm=MD5-sess you must write get_userpw_hash()
++- * yourself (see below). The dummy provided here just uses the hash from
++- * the auth-file, i.e. it is only useful for testing client implementations
++- * of MD5-sess .
++- */
++-
++-/*
++- * get_userpw_hash() will be called each time a new session needs to be
++- * generated and is expected to return the equivalent of
++- *
++- * h_urp = ap_md5(r->pool,
++- *         apr_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
++- * ap_md5(r->pool,
++- *         (unsigned char *) apr_pstrcat(r->pool, h_urp, ":", resp->nonce, ":",
++- *                                      resp->cnonce, NULL));
++- *
++- * or put differently, it must return
++- *
++- *   MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
++- *
++- * If something goes wrong, the failure must be logged and NULL returned.
++- *
++- * You must implement this yourself, which will probably consist of code
++- * contacting the password server with the necessary information (typically
++- * the username, realm, nonce, and cnonce) and receiving the hash from it.
++- *
++- * TBD: This function should probably be in a separate source file so that
++- * people need not modify mod_auth_digest.c each time they install a new
++- * version of apache.
++- */
++-static const char *get_userpw_hash(const request_rec *r,
++-                                   const digest_header_rec *resp,
++-                                   const digest_config_rec *conf)
++-{
++-    return ap_md5(r->pool,
++-             (unsigned char *) apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce,
++-                                           ":", resp->cnonce, NULL));
++-}
++-
++-
++-/* Retrieve current session H(A1). If there is none and "generate" is
++- * true then a new session for MD5-sess is generated and stored in the
++- * client struct; if generate is false, or a new session could not be
++- * generated then NULL is returned (in case of failure to generate the
++- * failure reason will have been logged already).
++- */
++-static const char *get_session_HA1(const request_rec *r,
++-                                   digest_header_rec *resp,
++-                                   const digest_config_rec *conf,
++-                                   int generate)
++-{
++-    const char *ha1 = NULL;
++-
++-    /* return the current sessions if there is one */
++-    if (resp->opaque && resp->client && resp->client->ha1[0]) {
++-        return resp->client->ha1;
++-    }
++-    else if (!generate) {
++-        return NULL;
++-    }
++-
++-    /* generate a new session */
++-    if (!resp->client) {
++-        resp->client = gen_client(r);
++-    }
++-    if (resp->client) {
++-        ha1 = get_userpw_hash(r, resp, conf);
++-        if (ha1) {
++-            memcpy(resp->client->ha1, ha1, sizeof(resp->client->ha1));
++-        }
++-    }
++-
++-    return ha1;
++-}
++-
++-
++-static void clear_session(const digest_header_rec *resp)
++-{
++-    if (resp->client) {
++-        resp->client->ha1[0] = '\0';
++-    }
++-}
++-
++-/*
++  * Authorization challenge generation code (for WWW-Authenticate)
++  */
++
++@@ -1291,8 +1196,7 @@ static void note_digest_auth_failure(req
++
++     if (resp->opaque == NULL) {
++         /* new client */
++-        if ((conf->check_nc || conf->nonce_lifetime == 0
++-             || !strcasecmp(conf->algorithm, "MD5-sess"))
+++        if ((conf->check_nc || conf->nonce_lifetime == 0)
++             && (resp->client = gen_client(r)) != NULL) {
++             opaque = ltox(r->pool, resp->client->key);
++         }
++@@ -1332,15 +1236,6 @@ static void note_digest_auth_failure(req
++         memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
++     }
++
++-    /* Setup MD5-sess stuff. Note that we just clear out the session
++-     * info here, since we can't generate a new session until the request
++-     * from the client comes in with the cnonce.
++-     */
++-
++-    if (!strcasecmp(conf->algorithm, "MD5-sess")) {
++-        clear_session(resp);
++-    }
++-
++     /* setup domain attribute. We want to send this attribute wherever
++      * possible so that the client won't send the Authorization header
++      * unnecessarily (it's usually > 200 bytes!).
++@@ -1606,24 +1501,9 @@ static const char *new_digest(const requ
++ {
++     const char *ha1, *ha2, *a2;
++
++-    if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
++-        ha1 = get_session_HA1(r, resp, conf, 1);
++-        if (!ha1) {
++-            return NULL;
++-        }
++-    }
++-    else {
++-        ha1 = conf->ha1;
++-    }
+++    ha1 = conf->ha1;
++
++-    if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
++-        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":",
++-                         ap_md5(r->pool, (const unsigned char*) ""), NULL);
++-                         /* TBD */
++-    }
++-    else {
++-        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
++-    }
+++    a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
++     ha2 = ap_md5(r->pool, (const unsigned char *)a2);
++
++     return ap_md5(r->pool,
++@@ -1871,8 +1751,7 @@ static int authenticate_digest_user(requ
++     }
++
++     if (resp->algorithm != NULL
++-        && strcasecmp(resp->algorithm, "MD5")
++-        && strcasecmp(resp->algorithm, "MD5-sess")) {
+++        && strcasecmp(resp->algorithm, "MD5")) {
++         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01789)
++                       "unknown algorithm `%s' received: %s",
++                       resp->algorithm, r->uri);
++@@ -2024,27 +1903,9 @@ static int add_auth_info(request_rec *r)
++
++         /* calculate rspauth attribute
++          */
++-        if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
++-            ha1 = get_session_HA1(r, resp, conf, 0);
++-            if (!ha1) {
++-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01795)
++-                              "internal error: couldn't find session "
++-                              "info for user %s", resp->username);
++-                return !OK;
++-            }
++-        }
++-        else {
++-            ha1 = conf->ha1;
++-        }
+++        ha1 = conf->ha1;
++
++-        if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
++-            a2 = apr_pstrcat(r->pool, ":", resp->uri, ":",
++-                             ap_md5(r->pool,(const unsigned char *) ""), NULL);
++-                             /* TBD */
++-        }
++-        else {
++-            a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
++-        }
+++        a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
++         ha2 = ap_md5(r->pool, (const unsigned char *)a2);
++
++         resp_dig = ap_md5(r->pool,
 diff --git a/debian/patches/CVE-2018-17199.patch b/debian/patches/CVE-2018-17199.patch
 new file mode 100644
 index 0000000..e42f56b
 --- /dev/null
 +++ b/debian/patches/CVE-2018-17199.patch
@@ -0,0 +1,85 @@
++From 34f58ae20d9a85f2a1508a9a732874239491d456 Mon Sep 17 00:00:00 2001
++From: Hank Ibell <hwibell@apache.org>
++Date: Tue, 15 Jan 2019 19:54:41 +0000
++Subject: [PATCH] mod_session: Always decode session attributes early.
++
++Backport r1850947 from trunk
++Submitted by: hwibell
++Reviewed by: hwibell, covener, wrowe
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1851409 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                       |  2 ++
++ STATUS                        |  5 -----
++ modules/session/mod_session.c | 25 ++++++++++++++-----------
++ 3 files changed, 16 insertions(+), 16 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index c4d9f6c2ea8..4b0a07fdcf5 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -9,6 +9,8 @@ Changes with Apache 2.4.38
++#      and we should just set the value for the environment variable
++#      like in the pattern case. [Ruediger Pluem]
++#
++#+  *) mod_session: Always decode session attributes early. [Hank Ibell]
++#+
++#   *) core: Incorrect values for environment variables are substituted when
++#      multiple environment variables are specified in a directive. [Hank Ibell]
++#
++#diff --git a/STATUS b/STATUS
++#index 00070f9f247..45a92ba4d81 100644
++#--- a/STATUS
++#+++ b/STATUS
++#@@ -125,11 +125,6 @@ RELEASE SHOWSTOPPERS:
++# PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#   [ start all new proposals below, under PATCHES PROPOSED. ]
++#
++#-  *) mod_session: Always decode session attributes early.
++#-     trunk patch: http://svn.apache.org/r1850947
++#-     2.4.x patch: svn merge -c 1850947 ^/httpd/httpd/trunk .
++#-     +1: hwibell, covener, wrowe
++#-
++#   *) mod_ssl (ssl_engine_io.c: bio_filter_out_write, bio_filter_in_read)
++#      Clear retry flags before aborting on client-initiated reneg. [Joe Orton]
++#      PR: 63052
++diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
++index d517020d995..64e6e4a8132 100644
++--- a/modules/session/mod_session.c
+++++ b/modules/session/mod_session.c
++@@ -126,20 +126,23 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
++
++     /* found a session that hasn't expired? */
++     now = apr_time_now();
+++
++     if (zz) {
++-        if (zz->expiry && zz->expiry < now) {
+++        /* load the session attibutes */
+++        rv = ap_run_session_decode(r, zz);
+++
+++        /* having a session we cannot decode is just as good as having
+++           none at all */
+++       if (OK != rv) {
+++            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
+++                    "error while decoding the session, "
+++                    "session not loaded: %s", r->uri);
++             zz = NULL;
++         }
++-        else {
++-            /* having a session we cannot decode is just as good as having
++-               none at all */
++-            rv = ap_run_session_decode(r, zz);
++-            if (OK != rv) {
++-                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
++-                              "error while decoding the session, "
++-                              "session not loaded: %s", r->uri);
++-                zz = NULL;
++-            }
+++
+++       /* invalidate session if session is expired */
+++        if (zz && zz->expiry && zz->expiry < now) {
+++            zz = NULL;
++         }
++     }
++
 diff --git a/debian/patches/CVE-2019-0211.patch b/debian/patches/CVE-2019-0211.patch
 new file mode 100644
 index 0000000..be70aac
 --- /dev/null
 +++ b/debian/patches/CVE-2019-0211.patch
@@ -0,0 +1,249 @@
++From df7edb5ddae609ea1fd4285f7439f0d590d97b37 Mon Sep 17 00:00:00 2001
++From: Yann Ylavic <ylavic@apache.org>
++Date: Wed, 13 Mar 2019 08:59:54 +0000
++Subject: [PATCH] Merge r1855306 from trunk:
++
++MPMs unix: bind the bucket number of each child to its slot number
++
++We need not remember each child's bucket number in SHM for restarts, for the
++lifetime of the httpd main process the bucket number can be bound to the slot
++number such that: bucket = slot % num_buckets.
++
++This both simplifies the logic and helps children maintenance per bucket in
++threaded MPMs, where previously perform_idle_server_maintenance() could create
++or kill children processes for the buckets it was not in charge of.
++
++Submitted by: ylavic
++Reviewed by: ylavic, rpluem, jorton
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855378 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                      |  3 +++
++ include/scoreboard.h         |  4 +++-
++ server/mpm/event/event.c     | 13 ++++++++-----
++ server/mpm/prefork/prefork.c | 19 +++++++------------
++ server/mpm/worker/worker.c   | 10 ++++++----
++ 5 files changed, 27 insertions(+), 22 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index e79251389d5..6b560802119 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -1,6 +1,9 @@
++#                                                          -*- coding: utf-8 -*-
++# Changes with Apache 2.4.39
++#
++#+  *) MPMs unix: bind the bucket number of each child to its slot number, for a
++#+     more efficient per bucket maintenance. [Yann Ylavic]
++#+
++#   *) mod_auth_digest: Fix a race condition. Authentication with valid
++#      credentials could be refused in case of concurrent accesses from
++#      different users.  PR 63124.  [Simon Kappel <simon.kappel axis.com>]
++Index: apache2-2.4.29/include/scoreboard.h
++===================================================================
++--- apache2-2.4.29.orig/include/scoreboard.h	2019-04-03 09:22:04.140590533 -0400
+++++ apache2-2.4.29/include/scoreboard.h	2019-04-03 09:22:04.140590533 -0400
++@@ -143,7 +143,9 @@ struct process_score {
++     apr_uint32_t lingering_close;   /* async connections in lingering close */
++     apr_uint32_t keep_alive;        /* async connections in keep alive */
++     apr_uint32_t suspended;         /* connections suspended by some module */
++-    int bucket;             /* Listener bucket used by this child */
+++    int bucket;  /* Listener bucket used by this child; this field is DEPRECATED
+++                  * and no longer updated by the MPMs (i.e. always zero).
+++                  */
++ };
++
++ /* Scoreboard is now in 'local' memory, since it isn't updated once created,
++Index: apache2-2.4.29/server/mpm/event/event.c
++===================================================================
++--- apache2-2.4.29.orig/server/mpm/event/event.c	2019-04-03 09:22:04.140590533 -0400
+++++ apache2-2.4.29/server/mpm/event/event.c	2019-04-03 09:22:04.140590533 -0400
++@@ -2553,7 +2553,6 @@ static int make_child(server_rec * s, in
++
++     ap_scoreboard_image->parent[slot].quiescing = 0;
++     ap_scoreboard_image->parent[slot].not_accepting = 0;
++-    ap_scoreboard_image->parent[slot].bucket = bucket;
++     event_note_child_started(slot, pid);
++     active_daemons++;
++     retained->total_daemons++;
++@@ -2592,6 +2591,7 @@ static void perform_idle_server_maintena
++          * that threads_per_child is always > 0 */
++         int status = SERVER_DEAD;
++         int child_threads_active = 0;
+++        int bucket = i % num_buckets;
++
++         if (i >= retained->max_daemons_limit &&
++             free_length == retained->idle_spawn_rate[child_bucket]) {
++@@ -2615,7 +2615,7 @@ static void perform_idle_server_maintena
++                  */
++                 if (status <= SERVER_READY && !ps->quiescing && !ps->not_accepting
++                     && ps->generation == retained->mpm->my_generation
++-                    && ps->bucket == child_bucket)
+++                    && bucket == child_bucket)
++                 {
++                     ++idle_thread_count;
++                 }
++@@ -2626,7 +2626,9 @@ static void perform_idle_server_maintena
++             last_non_dead = i;
++         }
++         active_thread_count += child_threads_active;
++-        if (!ps->pid && free_length < retained->idle_spawn_rate[child_bucket])
+++        if (!ps->pid
+++                && bucket == child_bucket
+++                && free_length < retained->idle_spawn_rate[child_bucket])
++             free_slots[free_length++] = i;
++         else if (child_threads_active == threads_per_child)
++             had_healthy_child = 1;
++@@ -2809,13 +2811,14 @@ static void server_main_loop(int remaini
++                 retained->total_daemons--;
++                 if (processed_status == APEXIT_CHILDSICK) {
++                     /* resource shortage, minimize the fork rate */
++-                    retained->idle_spawn_rate[ps->bucket] = 1;
+++                    retained->idle_spawn_rate[child_slot % num_buckets] = 1;
++                 }
++                 else if (remaining_children_to_start) {
++                     /* we're still doing a 1-for-1 replacement of dead
++                      * children with new children
++                      */
++-                    make_child(ap_server_conf, child_slot, ps->bucket);
+++                    make_child(ap_server_conf, child_slot,
+++                               child_slot % num_buckets);
++                     --remaining_children_to_start;
++                 }
++             }
++Index: apache2-2.4.29/server/mpm/prefork/prefork.c
++===================================================================
++--- apache2-2.4.29.orig/server/mpm/prefork/prefork.c	2019-04-03 09:22:04.140590533 -0400
+++++ apache2-2.4.29/server/mpm/prefork/prefork.c	2019-04-03 09:22:04.140590533 -0400
++@@ -637,8 +637,9 @@ static void child_main(int child_num_arg
++ }
++
++
++-static int make_child(server_rec *s, int slot, int bucket)
+++static int make_child(server_rec *s, int slot)
++ {
+++    int bucket = slot % retained->mpm->num_buckets;
++     int pid;
++
++     if (slot + 1 > retained->max_daemons_limit) {
++@@ -716,7 +717,6 @@ static int make_child(server_rec *s, int
++         child_main(slot, bucket);
++     }
++
++-    ap_scoreboard_image->parent[slot].bucket = bucket;
++     prefork_note_child_started(slot, pid);
++
++     return 0;
++@@ -732,7 +732,7 @@ static void startup_children(int number_
++         if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) {
++             continue;
++         }
++-        if (make_child(ap_server_conf, i, i % retained->mpm->num_buckets) < 0) {
+++        if (make_child(ap_server_conf, i) < 0) {
++             break;
++         }
++         --number_to_start;
++@@ -741,8 +741,6 @@ static void startup_children(int number_
++
++ static void perform_idle_server_maintenance(apr_pool_t *p)
++ {
++-    static int bucket_make_child_record = -1;
++-    static int bucket_kill_child_record = -1;
++     int i;
++     int idle_count;
++     worker_score *ws;
++@@ -789,6 +787,7 @@ static void perform_idle_server_maintena
++     }
++     retained->max_daemons_limit = last_non_dead + 1;
++     if (idle_count > ap_daemons_max_free) {
+++        static int bucket_kill_child_record = -1;
++         /* kill off one child... we use the pod because that'll cause it to
++          * shut down gracefully, in case it happened to pick up a request
++          * while we were counting
++@@ -819,10 +818,7 @@ static void perform_idle_server_maintena
++                     idle_count, total_non_dead);
++             }
++             for (i = 0; i < free_length; ++i) {
++-                bucket_make_child_record++;
++-                bucket_make_child_record %= retained->mpm->num_buckets;
++-                make_child(ap_server_conf, free_slots[i],
++-                           bucket_make_child_record);
+++                make_child(ap_server_conf, free_slots[i]);
++             }
++             /* the next time around we want to spawn twice as many if this
++              * wasn't good enough, but not if we've just done a graceful
++@@ -867,7 +863,7 @@ static int prefork_run(apr_pool_t *_pcon
++
++     if (one_process) {
++         AP_MONCONTROL(1);
++-        make_child(ap_server_conf, 0, 0);
+++        make_child(ap_server_conf, 0);
++         /* NOTREACHED */
++         ap_assert(0);
++         return !OK;
++@@ -976,8 +972,7 @@ static int prefork_run(apr_pool_t *_pcon
++                     /* we're still doing a 1-for-1 replacement of dead
++                      * children with new children
++                      */
++-                    make_child(ap_server_conf, child_slot,
++-                               ap_get_scoreboard_process(child_slot)->bucket);
+++                    make_child(ap_server_conf, child_slot);
++                     --remaining_children_to_start;
++                 }
++ #if APR_HAS_OTHER_CHILD
++Index: apache2-2.4.29/server/mpm/worker/worker.c
++===================================================================
++--- apache2-2.4.29.orig/server/mpm/worker/worker.c	2019-04-03 09:22:04.140590533 -0400
+++++ apache2-2.4.29/server/mpm/worker/worker.c	2019-04-03 09:22:04.140590533 -0400
++@@ -1312,7 +1312,6 @@ static int make_child(server_rec *s, int
++         worker_note_child_lost_slot(slot, pid);
++     }
++     ap_scoreboard_image->parent[slot].quiescing = 0;
++-    ap_scoreboard_image->parent[slot].bucket = bucket;
++     worker_note_child_started(slot, pid);
++     return 0;
++ }
++@@ -1361,6 +1360,7 @@ static void perform_idle_server_maintena
++         int any_dead_threads = 0;
++         int all_dead_threads = 1;
++         int child_threads_active = 0;
+++        int bucket = i % num_buckets;
++
++         if (i >= retained->max_daemons_limit &&
++             totally_free_length == retained->idle_spawn_rate[child_bucket]) {
++@@ -1393,7 +1393,7 @@ static void perform_idle_server_maintena
++                 if (status <= SERVER_READY &&
++                         !ps->quiescing &&
++                         ps->generation == retained->mpm->my_generation &&
++-                        ps->bucket == child_bucket) {
+++                        bucket == child_bucket) {
++                     ++idle_thread_count;
++                 }
++                 if (status >= SERVER_READY && status < SERVER_GRACEFUL) {
++@@ -1403,6 +1403,7 @@ static void perform_idle_server_maintena
++         }
++         active_thread_count += child_threads_active;
++         if (any_dead_threads
+++                && bucket == child_bucket
++                 && totally_free_length < retained->idle_spawn_rate[child_bucket]
++                 && free_length < MAX_SPAWN_RATE / num_buckets
++                 && (!ps->pid               /* no process in the slot */
++@@ -1588,14 +1589,15 @@ static void server_main_loop(int remaini
++                 ps->quiescing = 0;
++                 if (processed_status == APEXIT_CHILDSICK) {
++                     /* resource shortage, minimize the fork rate */
++-                    retained->idle_spawn_rate[ps->bucket] = 1;
+++                    retained->idle_spawn_rate[child_slot % num_buckets] = 1;
++                 }
++                 else if (remaining_children_to_start
++                     && child_slot < ap_daemons_limit) {
++                     /* we're still doing a 1-for-1 replacement of dead
++                      * children with new children
++                      */
++-                    make_child(ap_server_conf, child_slot, ps->bucket);
+++                    make_child(ap_server_conf, child_slot,
+++                               child_slot % num_buckets);
++                     --remaining_children_to_start;
++                 }
++             }
 diff --git a/debian/patches/CVE-2019-0217.patch b/debian/patches/CVE-2019-0217.patch
 new file mode 100644
 index 0000000..e8f1090
 --- /dev/null
 +++ b/debian/patches/CVE-2019-0217.patch
@@ -0,0 +1,147 @@
++From 44b3ddc560c490c60600998fa2bf59b142d08e05 Mon Sep 17 00:00:00 2001
++From: Joe Orton <jorton@apache.org>
++Date: Tue, 12 Mar 2019 09:24:26 +0000
++Subject: [PATCH] Merge r1853190 from trunk:
++
++Fix a race condition.  Authentication with valid credentials could be
++refused in case of concurrent accesses from different users.
++
++PR: 63124
++Submitted by: Simon Kappel <simon.kappel axis.com>
++Reviewed by: jailletc36, icing, jorton
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855298 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                       |  4 ++++
++ modules/aaa/mod_auth_digest.c | 26 ++++++++++++--------------
++ 2 files changed, 16 insertions(+), 14 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index 08fc740db30..e79251389d5 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -1,6 +1,10 @@
++#                                                          -*- coding: utf-8 -*-
++# Changes with Apache 2.4.39
++#
++#+  *) mod_auth_digest: Fix a race condition. Authentication with valid
++#+     credentials could be refused in case of concurrent accesses from
++#+     different users.  PR 63124.  [Simon Kappel <simon.kappel axis.com>]
++#+
++#   *) mod_proxy_wstunnel: Fix websocket proxy over UDS.
++#      PR 62932 <pavel dcmsys.com>
++#
++diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
++index a67f06986f2..b76094114dd 100644
++--- a/modules/aaa/mod_auth_digest.c
+++++ b/modules/aaa/mod_auth_digest.c
++@@ -92,7 +92,6 @@ typedef struct digest_config_struct {
++     int          check_nc;
++     const char  *algorithm;
++     char        *uri_list;
++-    const char  *ha1;
++ } digest_config_rec;
++
++
++@@ -153,6 +152,7 @@ typedef struct digest_header_struct {
++     apr_time_t            nonce_time;
++     enum hdr_sts          auth_hdr_sts;
++     int                   needed_auth;
+++    const char           *ha1;
++     client_entry         *client;
++ } digest_header_rec;
++
++@@ -1304,7 +1304,7 @@ static int hook_note_digest_auth_failure(request_rec *r, const char *auth_type)
++  */
++
++ static authn_status get_hash(request_rec *r, const char *user,
++-                             digest_config_rec *conf)
+++                             digest_config_rec *conf, const char **rethash)
++ {
++     authn_status auth_result;
++     char *password;
++@@ -1356,7 +1356,7 @@ static authn_status get_hash(request_rec *r, const char *user,
++     } while (current_provider);
++
++     if (auth_result == AUTH_USER_FOUND) {
++-        conf->ha1 = password;
+++        *rethash = password;
++     }
++
++     return auth_result;
++@@ -1483,25 +1483,24 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
++
++ /* RFC-2069 */
++ static const char *old_digest(const request_rec *r,
++-                              const digest_header_rec *resp, const char *ha1)
+++                              const digest_header_rec *resp)
++ {
++     const char *ha2;
++
++     ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
++                                                        resp->uri, NULL));
++     return ap_md5(r->pool,
++-                  (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
++-                                              ":", ha2, NULL));
+++                  (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
+++                                               resp->nonce, ":", ha2, NULL));
++ }
++
++ /* RFC-2617 */
++ static const char *new_digest(const request_rec *r,
++-                              digest_header_rec *resp,
++-                              const digest_config_rec *conf)
+++                              digest_header_rec *resp)
++ {
++     const char *ha1, *ha2, *a2;
++
++-    ha1 = conf->ha1;
+++    ha1 = resp->ha1;
++
++     a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
++     ha2 = ap_md5(r->pool, (const unsigned char *)a2);
++@@ -1514,7 +1513,6 @@ static const char *new_digest(const request_rec *r,
++                                                NULL));
++ }
++
++-
++ static void copy_uri_components(apr_uri_t *dst,
++                                 apr_uri_t *src, request_rec *r) {
++     if (src->scheme && src->scheme[0] != '\0') {
++@@ -1759,7 +1757,7 @@ static int authenticate_digest_user(request_rec *r)
++         return HTTP_UNAUTHORIZED;
++     }
++
++-    return_code = get_hash(r, r->user, conf);
+++    return_code = get_hash(r, r->user, conf, &resp->ha1);
++
++     if (return_code == AUTH_USER_NOT_FOUND) {
++         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
++@@ -1789,7 +1787,7 @@ static int authenticate_digest_user(request_rec *r)
++
++     if (resp->message_qop == NULL) {
++         /* old (rfc-2069) style digest */
++-        if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
+++        if (strcmp(resp->digest, old_digest(r, resp))) {
++             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
++                           "user %s: password mismatch: %s", r->user,
++                           r->uri);
++@@ -1819,7 +1817,7 @@ static int authenticate_digest_user(request_rec *r)
++             return HTTP_UNAUTHORIZED;
++         }
++
++-        exp_digest = new_digest(r, resp, conf);
+++        exp_digest = new_digest(r, resp);
++         if (!exp_digest) {
++             /* we failed to allocate a client struct */
++             return HTTP_INTERNAL_SERVER_ERROR;
++@@ -1903,7 +1901,7 @@ static int add_auth_info(request_rec *r)
++
++         /* calculate rspauth attribute
++          */
++-        ha1 = conf->ha1;
+++        ha1 = resp->ha1;
++
++         a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
++         ha2 = ap_md5(r->pool, (const unsigned char *)a2);
 diff --git a/debian/patches/CVE-2019-0220-1.patch b/debian/patches/CVE-2019-0220-1.patch
 new file mode 100644
 index 0000000..86cc667
 --- /dev/null
 +++ b/debian/patches/CVE-2019-0220-1.patch
@@ -0,0 +1,259 @@
++Backport of:
++
++From 9bc1917a27a2323e535aadb081e38172ae0e3fc2 Mon Sep 17 00:00:00 2001
++From: Stefan Eissing <icing@apache.org>
++Date: Mon, 18 Mar 2019 08:49:59 +0000
++Subject: [PATCH] Merge of r1855705 from trunk:
++
++core: merge consecutive slashes in the path
++
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855737 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                  |  4 ++++
++ docs/manual/mod/core.xml | 26 ++++++++++++++++++++++++++
++ include/ap_mmn.h         |  4 +++-
++ include/http_core.h      |  2 +-
++ include/httpd.h          | 14 ++++++++++++--
++ server/core.c            | 13 +++++++++++++
++ server/request.c         | 25 +++++++++----------------
++ server/util.c            | 10 +++++++---
++ 8 files changed, 75 insertions(+), 23 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index e3e8a98db24..9dd7045c232 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -1,6 +1,10 @@
++#                                                          -*- coding: utf-8 -*-
++# Changes with Apache 2.4.39
++#
++#+  *) core: new configuration option 'MergeSlashes on|off' that controls handling of
++#+     multiple, consecutive slash ('/') characters in the path component of the request URL.
++#+     [Eric Covener]
++#+
++#   *) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
++#      in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
++#      Fixed. [Michael Kaufmann]
++#diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
++#index fc664116727..460b4367621 100644
++#--- a/docs/manual/mod/core.xml
++#+++ b/docs/manual/mod/core.xml
++#@@ -5138,4 +5138,30 @@ recognized methods to modules.</p>
++# <seealso><directive module="mod_allowmethods">AllowMethods</directive></seealso>
++# </directivesynopsis>
++#
++#+<directivesynopsis>
++#+<name>MergeSlashes</name>
++#+<description>Controls whether the server merges consecutive slashes in URLs.
++#+</description>
++#+<syntax>MergeSlashes ON|OFF</syntax>
++#+<default>MergeSlashes ON</default>
++#+<contextlist><context>server config</context><context>virtual host</context>
++#+</contextlist>
++#+<compatibility>Added in 2.5.1</compatibility>
++#+
++#+<usage>
++#+    <p>By default, the server merges (or collapses) multiple consecutive slash
++#+    ('/') characters in the path component of the request URL.</p>
++#+
++#+    <p>When mapping URL's to the filesystem, these multiple slashes are not
++#+    significant.  However, URL's handled other ways, such as by CGI or proxy,
++#+    might prefer to retain the significance of multiple consecutive slashes.
++#+    In these cases <directive>MergeSlashes</directive> can be set to
++#+    <em>OFF</em> to retain the multiple consecutive slashes.  In these
++#+    configurations, regular expressions used in the configuration file that match
++#+    the path component of the URL (<directive>LocationMatch</directive>,
++#+    <directive>RewriteRule</directive>, ...) need to take into account multiple
++#+    consecutive slashes.</p>
++#+</usage>
++#+</directivesynopsis>
++#+
++# </modulesynopsis>
++Index: apache2-2.4.29/include/http_core.h
++===================================================================
++--- apache2-2.4.29.orig/include/http_core.h	2019-04-03 09:22:24.452651658 -0400
+++++ apache2-2.4.29/include/http_core.h	2019-04-03 09:22:24.448651645 -0400
++@@ -740,7 +740,7 @@ typedef struct {
++ #define AP_HTTP_METHODS_LENIENT       1
++ #define AP_HTTP_METHODS_REGISTERED    2
++     char http_methods;
++-
+++    unsigned int merge_slashes;
++ } core_server_config;
++
++ /* for AddOutputFiltersByType in core.c */
++Index: apache2-2.4.29/include/httpd.h
++===================================================================
++--- apache2-2.4.29.orig/include/httpd.h	2019-04-03 09:22:24.452651658 -0400
+++++ apache2-2.4.29/include/httpd.h	2019-04-03 09:22:24.448651645 -0400
++@@ -1691,12 +1691,22 @@ AP_DECLARE(int) ap_unescape_url_keep2f(c
++ AP_DECLARE(int) ap_unescape_urlencoded(char *query);
++
++ /**
++- * Convert all double slashes to single slashes
++- * @param name The string to convert
+++ * Convert all double slashes to single slashes, except where significant
+++ * to the filesystem on the current platform.
+++ * @param name The string to convert, assumed to be a filesystem path
++  */
++ AP_DECLARE(void) ap_no2slash(char *name);
++
++ /**
+++ * Convert all double slashes to single slashes, except where significant
+++ * to the filesystem on the current platform.
+++ * @param name The string to convert
+++ * @param is_fs_path if set to 0, the significance of any double-slashes is
+++ *        ignored.
+++ */
+++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
+++
+++/**
++  * Remove all ./ and xx/../ substrings from a file name. Also remove
++  * any leading ../ or /../ substrings.
++  * @param name the file name to parse
++Index: apache2-2.4.29/server/core.c
++===================================================================
++--- apache2-2.4.29.orig/server/core.c	2019-04-03 09:22:24.452651658 -0400
+++++ apache2-2.4.29/server/core.c	2019-04-03 09:22:24.448651645 -0400
++@@ -490,6 +490,7 @@ static void *create_core_server_config(a
++
++     conf->protocols = apr_array_make(a, 5, sizeof(const char *));
++     conf->protocols_honor_order = -1;
+++    conf->merge_slashes = AP_CORE_CONFIG_UNSET;
++
++     return (void *)conf;
++ }
++@@ -555,6 +556,7 @@ static void *merge_core_server_configs(a
++     conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
++                                        base->protocols_honor_order :
++                                        virt->protocols_honor_order);
+++    AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
++
++     return conf;
++ }
++@@ -1862,6 +1864,13 @@ static const char *set_qualify_redirect_
++     return NULL;
++ }
++
+++static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
+++{
+++    core_server_config *conf =
+++        ap_get_core_module_config(cmd->server->module_config);
+++    return ap_set_flag_slot(cmd, conf, flag);
+++}
+++
++ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
++ {
++     core_dir_config *d = d_;
++@@ -4551,6 +4560,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", s
++                 "'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
++ AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
++                 "Registers non-standard HTTP methods"),
+++AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
+++             (void *)APR_OFFSETOF(core_server_config, merge_slashes),
+++             RSRC_CONF,
+++             "Controls whether consecutive slashes in the URI path are merged"),
++ { NULL }
++ };
++
++Index: apache2-2.4.29/server/request.c
++===================================================================
++--- apache2-2.4.29.orig/server/request.c	2019-04-03 09:22:24.452651658 -0400
+++++ apache2-2.4.29/server/request.c	2019-04-03 09:22:24.448651645 -0400
++@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_inter
++     int file_req = (r->main && r->filename);
++     int access_status;
++     core_dir_config *d;
+++    core_server_config *sconf =
+++        ap_get_core_module_config(r->server->module_config);
++
++     /* Ignore embedded %2F's in path for proxy requests */
++     if (!r->proxyreq && r->parsed_uri.path) {
++@@ -191,6 +193,10 @@ AP_DECLARE(int) ap_process_request_inter
++     }
++
++     ap_getparents(r->uri);     /* OK --- shrinking transformations... */
+++    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+++        ap_no2slash(r->uri);
+++        ap_no2slash(r->parsed_uri.path);
+++     }
++
++     /* All file subrequests are a huge pain... they cannot bubble through the
++      * next several steps.  Only file subrequests are allowed an empty uri,
++@@ -1411,20 +1417,7 @@ AP_DECLARE(int) ap_location_walk(request
++
++     cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
++     cached = (cache->cached != NULL);
++-
++-    /* Location and LocationMatch differ on their behaviour w.r.t. multiple
++-     * slashes.  Location matches multiple slashes with a single slash,
++-     * LocationMatch doesn't.  An exception, for backwards brokenness is
++-     * absoluteURIs... in which case neither match multiple slashes.
++-     */
++-    if (r->uri[0] != '/') {
++-        entry_uri = r->uri;
++-    }
++-    else {
++-        char *uri = apr_pstrdup(r->pool, r->uri);
++-        ap_no2slash(uri);
++-        entry_uri = uri;
++-    }
+++    entry_uri = r->uri;
++
++     /* If we have an cache->cached location that matches r->uri,
++      * and the vhost's list of locations hasn't changed, we can skip
++@@ -1491,7 +1484,7 @@ AP_DECLARE(int) ap_location_walk(request
++                     pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
++                 }
++
++-                if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+++                if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
++                     continue;
++                 }
++
++@@ -1501,7 +1494,7 @@ AP_DECLARE(int) ap_location_walk(request
++                         apr_table_setn(r->subprocess_env,
++                                        ((const char **)entry_core->refs->elts)[i],
++                                        apr_pstrndup(r->pool,
++-                                       r->uri + pmatch[i].rm_so,
+++                                       entry_uri + pmatch[i].rm_so,
++                                        pmatch[i].rm_eo - pmatch[i].rm_so));
++                     }
++                 }
++Index: apache2-2.4.29/server/util.c
++===================================================================
++--- apache2-2.4.29.orig/server/util.c	2019-04-03 09:22:24.452651658 -0400
+++++ apache2-2.4.29/server/util.c	2019-04-03 09:22:24.448651645 -0400
++@@ -561,16 +561,16 @@ AP_DECLARE(void) ap_getparents(char *nam
++         name[l] = '\0';
++     }
++ }
++-
++-AP_DECLARE(void) ap_no2slash(char *name)
+++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
++ {
+++
++     char *d, *s;
++
++     s = d = name;
++
++ #ifdef HAVE_UNC_PATHS
++     /* Check for UNC names.  Leave leading two slashes. */
++-    if (s[0] == '/' && s[1] == '/')
+++    if (is_fs_path && s[0] == '/' && s[1] == '/')
++         *d++ = *s++;
++ #endif
++
++@@ -587,6 +587,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
++     *d = '\0';
++ }
++
+++AP_DECLARE(void) ap_no2slash(char *name)
+++{
+++    ap_no2slash_ex(name, 1);
+++}
++
++ /*
++  * copy at most n leading directories of s into d
 diff --git a/debian/patches/CVE-2019-0220-2.patch b/debian/patches/CVE-2019-0220-2.patch
 new file mode 100644
 index 0000000..0204259
 --- /dev/null
 +++ b/debian/patches/CVE-2019-0220-2.patch
@@ -0,0 +1,50 @@
++From c4ef468b25718a26f2b92cbea3ca093729b79331 Mon Sep 17 00:00:00 2001
++From: Eric Covener <covener@apache.org>
++Date: Mon, 18 Mar 2019 12:10:15 +0000
++Subject: [PATCH] merge 1855743,1855744 ^/httpd/httpd/trunk .
++
++r->parsed_uri.path safety in recent backport
++
++*) core: fix SEGFAULT in CONNECT with recent change
++   2.4.x: svn merge -c 1855743,1855744 ^/httpd/httpd/trunk .
++   +1: rpluem, icing, covener
++
++
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855751 13f79535-47bb-0310-9956-ffa450edef68
++---
++ server/request.c | 4 +++-
++ server/util.c    | 4 ++++
++ 2 files changed, 7 insertions(+), 1 deletion(-)
++
++diff --git a/server/request.c b/server/request.c
++index 1ce8908824b..d5c558afa30 100644
++--- a/server/request.c
+++++ b/server/request.c
++@@ -195,7 +195,9 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
++     ap_getparents(r->uri);     /* OK --- shrinking transformations... */
++     if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
++         ap_no2slash(r->uri);
++-        ap_no2slash(r->parsed_uri.path);
+++        if (r->parsed_uri.path) {
+++            ap_no2slash(r->parsed_uri.path);
+++        }
++      }
++
++     /* All file subrequests are a huge pain... they cannot bubble through the
++diff --git a/server/util.c b/server/util.c
++index 607c4850d86..f3b17f1581e 100644
++--- a/server/util.c
+++++ b/server/util.c
++@@ -566,6 +566,10 @@ AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
++
++     char *d, *s;
++
+++    if (!name || !*name) {
+++        return;
+++    }
+++
++     s = d = name;
++
++ #ifdef HAVE_UNC_PATHS
 diff --git a/debian/patches/CVE-2019-0220-3.patch b/debian/patches/CVE-2019-0220-3.patch
 new file mode 100644
 index 0000000..7b3ff6f
 --- /dev/null
 +++ b/debian/patches/CVE-2019-0220-3.patch
@@ -0,0 +1,43 @@
++From 3451fc2bf8708b0dc8cd6a7d0ac0fe5b6401befc Mon Sep 17 00:00:00 2001
++From: Eric Covener <covener@apache.org>
++Date: Tue, 19 Mar 2019 18:01:21 +0000
++Subject: [PATCH]   *) maintainer mode fix for util.c no2slash_ex      trunk
++ patch: http://svn.apache.org/r1855755      2.4.x patch svn merge -c 1855755
++ ^/httpd/httpd/trunk .      +1: covener, rpluem, jim, ylavic
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855853 13f79535-47bb-0310-9956-ffa450edef68
++---
++ STATUS        | 6 ------
++ server/util.c | 2 +-
++ 2 files changed, 1 insertion(+), 7 deletions(-)
++
++#diff --git a/STATUS b/STATUS
++#index ffe5d22550c..1f8cb2f7884 100644
++#--- a/STATUS
++#+++ b/STATUS
++#@@ -126,12 +126,6 @@ RELEASE SHOWSTOPPERS:
++# PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#   [ start all new proposals below, under PATCHES PROPOSED. ]
++#
++#-  *) maintainer mode fix for util.c no2slash_ex
++#-     trunk patch: http://svn.apache.org/r1855755
++#-     2.4.x patch svn merge -c 1855755 ^/httpd/httpd/trunk .
++#-     +1: covener, rpluem, jim, ylavic
++#-
++#-
++# PATCHES PROPOSED TO BACKPORT FROM TRUNK:
++#   [ New proposals should be added at the end of the list ]
++#
++diff --git a/server/util.c b/server/util.c
++index f3b17f1581e..e0c558cee2d 100644
++--- a/server/util.c
+++++ b/server/util.c
++@@ -566,7 +566,7 @@ AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
++
++     char *d, *s;
++
++-    if (!name || !*name) {
+++    if (!*name) {
++         return;
++     }
++
 diff --git a/debian/patches/CVE-2019-10092-1.patch b/debian/patches/CVE-2019-10092-1.patch
 new file mode 100644
 index 0000000..102b18e
 --- /dev/null
 +++ b/debian/patches/CVE-2019-10092-1.patch
@@ -0,0 +1,245 @@
++From b5aa97e7c9792ba31055507eaf9a54e1fbb17464 Mon Sep 17 00:00:00 2001
++From: Stefan Eissing <icing@apache.org>
++Date: Fri, 2 Aug 2019 09:10:06 +0000
++Subject: [PATCH] Merge of r1864191 from trunk:
++
++  *) core, proxy: remove request URL and headers from error docs
++     [Eric Covener]
++
++
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864207 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                       |  2 +
++ STATUS                        |  5 --
++ modules/http/http_protocol.c  | 86 +++++++++++------------------------
++ modules/proxy/mod_proxy.c     |  7 +--
++ modules/proxy/mod_proxy_ftp.c |  5 +-
++ modules/proxy/proxy_util.c    |  5 +-
++ 6 files changed, 36 insertions(+), 74 deletions(-)
++
++# diff --git a/CHANGES b/CHANGES
++# index 01f232c613..bf00b5114b 100644
++# --- a/CHANGES
++# +++ b/CHANGES
++# @@ -1,6 +1,8 @@
++#                                                           -*- coding: utf-8 -*-
++#  Changes with Apache 2.4.40
++#
++# +  *) core: Remove request details from built-in error documents [Eric Covener]
++# +
++#    *) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on
++#       merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]
++#
++# diff --git a/STATUS b/STATUS
++# index a6f3548511..1ce0436916 100644
++# --- a/STATUS
++# +++ b/STATUS
++# @@ -150,11 +150,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#       2.4.x patch: svn merge -c 1863635 ^/httpd/httpd/trunk .
++#       +1: jim, icing, rpluem
++#
++# -  *) core, proxy: remove request URL and headers from error docs
++# -     trunk: http://svn.apache.org/1864191
++# -     2.4.x: svn merge  -c 1864191 ^/httpd/httpd/trunk .
++# -     +1: covener, rpluem, icing
++# -
++#
++#  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
++#    [ New proposals should be added at the end of the list ]
++diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
++index e419eb6cd4..dcafa9c68a 100644
++--- a/modules/http/http_protocol.c
+++++ b/modules/http/http_protocol.c
++@@ -1132,13 +1132,10 @@ static const char *get_canned_error_string(int status,
++                            "\">here</a>.</p>\n",
++                            NULL));
++     case HTTP_USE_PROXY:
++-        return(apr_pstrcat(p,
++-                           "<p>This resource is only accessible "
++-                           "through the proxy\n",
++-                           ap_escape_html(r->pool, location),
++-                           "<br />\nYou will need to configure "
++-                           "your client to use that proxy.</p>\n",
++-                           NULL));
+++        return("<p>This resource is only accessible "
+++               "through the proxy\n"
+++               "<br />\nYou will need to configure "
+++               "your client to use that proxy.</p>\n");
++     case HTTP_PROXY_AUTHENTICATION_REQUIRED:
++     case HTTP_UNAUTHORIZED:
++         return("<p>This server could not verify that you\n"
++@@ -1154,34 +1151,20 @@ static const char *get_canned_error_string(int status,
++                                   "error-notes",
++                                   "</p>\n"));
++     case HTTP_FORBIDDEN:
++-        s1 = apr_pstrcat(p,
++-                         "<p>You don't have permission to access ",
++-                         ap_escape_html(r->pool, r->uri),
++-                         "\non this server.<br />\n",
++-                         NULL);
++-        return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+++        return(add_optional_notes(r, "<p>You don't have permission to access this resource.", "error-notes", "</p>\n"));
++     case HTTP_NOT_FOUND:
++-        return(apr_pstrcat(p,
++-                           "<p>The requested URL ",
++-                           ap_escape_html(r->pool, r->uri),
++-                           " was not found on this server.</p>\n",
++-                           NULL));
+++        return("<p>The requested URL was not found on this server.</p>\n");
++     case HTTP_METHOD_NOT_ALLOWED:
++         return(apr_pstrcat(p,
++                            "<p>The requested method ",
++                            ap_escape_html(r->pool, r->method),
++-                           " is not allowed for the URL ",
++-                           ap_escape_html(r->pool, r->uri),
++-                           ".</p>\n",
+++                           " is not allowed for this URL.</p>\n",
++                            NULL));
++     case HTTP_NOT_ACCEPTABLE:
++-        s1 = apr_pstrcat(p,
++-                         "<p>An appropriate representation of the "
++-                         "requested resource ",
++-                         ap_escape_html(r->pool, r->uri),
++-                         " could not be found on this server.</p>\n",
++-                         NULL);
++-        return(add_optional_notes(r, s1, "variant-list", ""));
+++        return(add_optional_notes(r,
+++            "<p>An appropriate representation of the requested resource "
+++            "could not be found on this server.</p>\n",
+++            "variant-list", ""));
++     case HTTP_MULTIPLE_CHOICES:
++         return(add_optional_notes(r, "", "variant-list", ""));
++     case HTTP_LENGTH_REQUIRED:
++@@ -1192,18 +1175,13 @@ static const char *get_canned_error_string(int status,
++                          NULL);
++         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
++     case HTTP_PRECONDITION_FAILED:
++-        return(apr_pstrcat(p,
++-                           "<p>The precondition on the request "
++-                           "for the URL ",
++-                           ap_escape_html(r->pool, r->uri),
++-                           " evaluated to false.</p>\n",
++-                           NULL));
+++        return("<p>The precondition on the request "
+++               "for this URL evaluated to false.</p>\n");
++     case HTTP_NOT_IMPLEMENTED:
++         s1 = apr_pstrcat(p,
++                          "<p>",
++-                         ap_escape_html(r->pool, r->method), " to ",
++-                         ap_escape_html(r->pool, r->uri),
++-                         " not supported.<br />\n",
+++                         ap_escape_html(r->pool, r->method), " ",
+++                         " not supported for current URL.<br />\n",
++                          NULL);
++         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
++     case HTTP_BAD_GATEWAY:
++@@ -1211,29 +1189,19 @@ static const char *get_canned_error_string(int status,
++             "response from an upstream server.<br />" CRLF;
++         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
++     case HTTP_VARIANT_ALSO_VARIES:
++-        return(apr_pstrcat(p,
++-                           "<p>A variant for the requested "
++-                           "resource\n<pre>\n",
++-                           ap_escape_html(r->pool, r->uri),
++-                           "\n</pre>\nis itself a negotiable resource. "
++-                           "This indicates a configuration error.</p>\n",
++-                           NULL));
+++        return("<p>A variant for the requested "
+++               "resource\n<pre>\n"
+++               "\n</pre>\nis itself a negotiable resource. "
+++               "This indicates a configuration error.</p>\n");
++     case HTTP_REQUEST_TIME_OUT:
++         return("<p>Server timeout waiting for the HTTP request from the client.</p>\n");
++     case HTTP_GONE:
++-        return(apr_pstrcat(p,
++-                           "<p>The requested resource<br />",
++-                           ap_escape_html(r->pool, r->uri),
++-                           "<br />\nis no longer available on this server "
++-                           "and there is no forwarding address.\n"
++-                           "Please remove all references to this "
++-                           "resource.</p>\n",
++-                           NULL));
+++        return("<p>The requested resource is no longer available on this server"
+++               " and there is no forwarding address.\n"
+++               "Please remove all references to this resource.</p>\n");
++     case HTTP_REQUEST_ENTITY_TOO_LARGE:
++         return(apr_pstrcat(p,
++-                           "The requested resource<br />",
++-                           ap_escape_html(r->pool, r->uri), "<br />\n",
++-                           "does not allow request data with ",
+++                           "The requested resource does not allow request data with ",
++                            ap_escape_html(r->pool, r->method),
++                            " requests, or the amount of data provided in\n"
++                            "the request exceeds the capacity limit.\n",
++@@ -1317,11 +1285,9 @@ static const char *get_canned_error_string(int status,
++                "the Server Name Indication (SNI) in use for this\n"
++                "connection.</p>\n");
++     case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
++-        s1 = apr_pstrcat(p,
++-                         "<p>Access to ", ap_escape_html(r->pool, r->uri),
++-                         "\nhas been denied for legal reasons.<br />\n",
++-                         NULL);
++-        return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+++        return(add_optional_notes(r,
+++               "<p>Access to this URL has been denied for legal reasons.<br />\n",
+++               "error-notes", "</p>\n"));
++     default:                    /* HTTP_INTERNAL_SERVER_ERROR */
++         /*
++          * This comparison to expose error-notes could be modified to
++diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
++index 91c2b4cdd4..5d9854b11d 100644
++--- a/modules/proxy/mod_proxy.c
+++++ b/modules/proxy/mod_proxy.c
++@@ -1049,9 +1049,10 @@ static int proxy_handler(request_rec *r)
++         char *end;
++         maxfwd = apr_strtoi64(str, &end, 10);
++         if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
++-            return ap_proxyerror(r, HTTP_BAD_REQUEST,
++-                    apr_psprintf(r->pool,
++-                            "Max-Forwards value '%s' could not be parsed", str));
+++            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO()
+++                          "Max-Forwards value '%s' could not be parsed", str);
+++            return ap_proxyerror(r, HTTP_BAD_REQUEST,
+++                          "Max-Forwards request header could not be parsed");
++         }
++         else if (maxfwd == 0) {
++             switch (r->method_number) {
++diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
++index 49acdcbc1c..86ce69b45c 100644
++--- a/modules/proxy/mod_proxy_ftp.c
+++++ b/modules/proxy/mod_proxy_ftp.c
++@@ -1026,8 +1026,9 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
++     /* We break the URL into host, port, path-search */
++     if (r->parsed_uri.hostname == NULL) {
++         if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
++-            return ap_proxyerror(r, HTTP_BAD_REQUEST,
++-                apr_psprintf(p, "URI cannot be parsed: %s", url));
+++            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO()
+++                          "URI cannot be parsed: %s", url);
+++            return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed");
++         }
++         connectname = uri.hostname;
++         connectport = uri.port;
++diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
++index 0315668296..5482ab8a48 100644
++--- a/modules/proxy/proxy_util.c
+++++ b/modules/proxy/proxy_util.c
++@@ -368,12 +368,9 @@ PROXY_DECLARE(char *)
++
++ PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
++ {
++-    const char *uri = ap_escape_html(r->pool, r->uri);
++     apr_table_setn(r->notes, "error-notes",
++         apr_pstrcat(r->pool,
++-            "The proxy server could not handle the request <em><a href=\"",
++-            uri, "\">", ap_escape_html(r->pool, r->method), "&nbsp;", uri,
++-            "</a></em>.<p>\n"
+++            "The proxy server could not handle the request<p>"
++             "Reason: <strong>", ap_escape_html(r->pool, message),
++             "</strong></p>",
++             NULL));
++--
++2.17.1
++
 diff --git a/debian/patches/CVE-2019-10092-2.patch b/debian/patches/CVE-2019-10092-2.patch
 new file mode 100644
 index 0000000..2eec9fb
 --- /dev/null
 +++ b/debian/patches/CVE-2019-10092-2.patch
@@ -0,0 +1,45 @@
++From 7106a941f8086e06d4c1b26a8dd6d2a4695eee5a Mon Sep 17 00:00:00 2001
++From: Eric Covener <covener@apache.org>
++Date: Thu, 8 Aug 2019 13:09:10 +0000
++Subject: [PATCH] Merge r1864699 from trunk:
++
++lognos
++
++
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864702 13f79535-47bb-0310-9956-ffa450edef68
++---
++ modules/proxy/mod_proxy.c     | 2 +-
++ modules/proxy/mod_proxy_ftp.c | 2 +-
++ 2 files changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
++index 5d9854b11d..8661a2dbaa 100644
++--- a/modules/proxy/mod_proxy.c
+++++ b/modules/proxy/mod_proxy.c
++@@ -1049,7 +1049,7 @@ static int proxy_handler(request_rec *r)
++         char *end;
++         maxfwd = apr_strtoi64(str, &end, 10);
++         if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
++-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO()
+++            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10188)
++                           "Max-Forwards value '%s' could not be parsed", str);
++             return ap_proxyerror(r, HTTP_BAD_REQUEST,
++                           "Max-Forwards request header could not be parsed");
++diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
++index 86ce69b45c..7ad803b97c 100644
++--- a/modules/proxy/mod_proxy_ftp.c
+++++ b/modules/proxy/mod_proxy_ftp.c
++@@ -1026,7 +1026,7 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
++     /* We break the URL into host, port, path-search */
++     if (r->parsed_uri.hostname == NULL) {
++         if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
++-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO()
+++            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10189)
++                           "URI cannot be parsed: %s", url);
++             return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed");
++         }
++--
++2.17.1
++
 diff --git a/debian/patches/CVE-2019-10098.patch b/debian/patches/CVE-2019-10098.patch
 new file mode 100644
 index 0000000..0ad57ba
 --- /dev/null
 +++ b/debian/patches/CVE-2019-10098.patch
@@ -0,0 +1,159 @@
++From 3b3117e96bc9c2afaeb5b98e9b60315006679a6d Mon Sep 17 00:00:00 2001
++From: Stefan Eissing <icing@apache.org>
++Date: Fri, 2 Aug 2019 09:24:58 +0000
++Subject: [PATCH] Merge of r1864192 from trunk:
++
++  *) core, rewrite: Set PCRE_DOTALL by default
++
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864213 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                  |  3 +++
++ STATUS                   |  5 -----
++ docs/manual/mod/core.xml | 20 +++++++++++---------
++ server/util_pcre.c       |  3 ++-
++ 4 files changed, 16 insertions(+), 15 deletions(-)
++
++# diff --git a/CHANGES b/CHANGES
++# index bf00b5114b..ad4fd27625 100644
++# --- a/CHANGES
++# +++ b/CHANGES
++# @@ -1,6 +1,9 @@
++#                                                           -*- coding: utf-8 -*-
++#  Changes with Apache 2.4.40
++#
++# +  *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via
++# +     RegexDefaultOptions -DOTALL [Yann Ylavic]
++# +
++#    *) core: Remove request details from built-in error documents [Eric Covener]
++#
++#    *) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on
++# diff --git a/STATUS b/STATUS
++# index 3c3cf39f48..f9bfc678fd 100644
++# --- a/STATUS
++# +++ b/STATUS
++# @@ -127,11 +127,6 @@ RELEASE SHOWSTOPPERS:
++#  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#    [ start all new proposals below, under PATCHES PROPOSED. ]
++#
++# -  *) core, rewrite: Set PCRE_DOTALL by default
++# -     trunk: http://svn.apache.org/1864192
++# -     2.4.x: svn merge  -c 1864192 ^/httpd/httpd/trunk .
++# -     +1: covener, rpluem, icing
++# -
++#
++#  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
++#    [ New proposals should be added at the end of the list ]
++# diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
++# index d9f0895af4..d4d6030dc5 100644
++# --- a/docs/manual/mod/core.xml
++# +++ b/docs/manual/mod/core.xml
++# @@ -4061,7 +4061,7 @@ Protocols h2 http/1.1
++#      <name>RegexDefaultOptions</name>
++#      <description>Allow to configure global/default options for regexes</description>
++#      <syntax>RegexDefaultOptions [none] [+|-]<var>option</var> [[+|-]<var>option</var>] ...</syntax>
++# -    <default>RegexDefaultOptions DOLLAR_ENDONLY</default>
++# +    <default>RegexDefaultOptions DOTALL DOLLAR_ENDONLY</default>
++#      <contextlist><context>server config</context></contextlist>
++#      <compatibility>Only available from Apache 2.4.30 and later.</compatibility>
++#
++# @@ -4080,24 +4080,26 @@ Protocols h2 http/1.1
++#              <dt><code>ICASE</code></dt>
++#              <dd>Use a case-insensitive match.</dd>
++#
++# +            <dt><code>EXTENDED</code></dt>
++# +            <dd>Perl's /x flag, ignore (unescaped-)spaces and comments in the pattern.</dd>
++# +
++#              <dt><code>DOTALL</code></dt>
++# -            <dd>Perl's /s flag.</dd>
++# +            <dd>Perl's /s flag, '.' matches newline characters.</dd>
++#
++#              <dt><code>DOLLAR_ENDONLY</code></dt>
++#              <dd>'$' matches at end of subject string only.</dd>
++# -            <dd>.</dd>
++#          </dl>
++#          <highlight language="config">
++# -#
++# -RegexDefaultOptions +ICASE +DOLLAR_ENDONLY
++# +# Add the ICASE option for all regexes by default
++# +RegexDefaultOptions +ICASE
++#  ...
++# -# Remove the ICASE option, but keep all the other already set options
++# -RegexDefaultOptions -ICASE
++# +# Remove the default DOLLAR_ENDONLY option, but keep any other one
++# +RegexDefaultOptions -DOLLAR_ENDONLY
++#  ...
++# -# Set the default option to DOTALL, resetting any other option
++# +# Set the DOTALL option only, resetting any other one
++#  RegexDefaultOptions DOTALL
++#  ...
++# -# Reset all defined option
++# +# Reset all defined options
++#  RegexDefaultOptions none
++#  ...
++#          </highlight>
++# diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
++# index 1cc985eb65..4c0b2fd744 100644
++# --- a/docs/manual/mod/core.html.en
++# +++ b/docs/manual/mod/core.html.en
++# @@ -4069,7 +4069,7 @@ as if 'QualifyRedirectURL ON' was configured.</td></tr>
++#  <table class="directive">
++#  <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Allow to configure global/default options for regexes</td></tr>
++#  <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RegexDefaultOptions [none] [+|-]<var>option</var> [[+|-]<var>option</var>] ...</code></td></tr>
++# -<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>RegexDefaultOptions DOLLAR_ENDONLY</code></td></tr>
++# +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>RegexDefaultOptions DOTALL DOLLAR_ENDONLY</code></td></tr>
++#  <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
++#  <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
++#  <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
++# @@ -4089,23 +4089,25 @@ as if 'QualifyRedirectURL ON' was configured.</td></tr>
++#              <dt><code>ICASE</code></dt>
++#              <dd>Use a case-insensitive match.</dd>
++#
++# +            <dt><code>EXTENDED</code></dt>
++# +            <dd>Perl's /x flag, ignore (unescaped-)spaces and comments in the pattern.</dd>
++# +
++#              <dt><code>DOTALL</code></dt>
++# -            <dd>Perl's /s flag.</dd>
++# +            <dd>Perl's /s flag, '.' matches newline characters.</dd>
++#
++#              <dt><code>DOLLAR_ENDONLY</code></dt>
++#              <dd>'$' matches at end of subject string only.</dd>
++# -            <dd>.</dd>
++#          </dl>
++# -        <pre class="prettyprint lang-config">#
++# -RegexDefaultOptions +ICASE +DOLLAR_ENDONLY
++# +        <pre class="prettyprint lang-config"># Add the ICASE option for all regexes by default
++# +RegexDefaultOptions +ICASE
++#  ...
++# -# Remove the ICASE option, but keep all the other already set options
++# -RegexDefaultOptions -ICASE
++# +# Remove the default DOLLAR_ENDONLY option, but keep any other one
++# +RegexDefaultOptions -DOLLAR_ENDONLY
++#  ...
++# -# Set the default option to DOTALL, resetting any other option
++# +# Set the DOTALL option only, resetting any other one
++#  RegexDefaultOptions DOTALL
++#  ...
++# -# Reset all defined option
++# +# Reset all defined options
++#  RegexDefaultOptions none
++#  ...</pre>
++#
++diff --git a/server/util_pcre.c b/server/util_pcre.c
++index f2cb1bb01e..35831f500f 100644
++--- a/server/util_pcre.c
+++++ b/server/util_pcre.c
++@@ -120,7 +120,8 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *preg)
++  *            Compile a regular expression       *
++  *************************************************/
++
++-static int default_cflags = AP_REG_DOLLAR_ENDONLY;
+++static int default_cflags = AP_REG_DOTALL |
+++                            AP_REG_DOLLAR_ENDONLY;
++
++ AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
++ {
++--
++2.17.1
++
 diff --git a/debian/patches/CVE-2020-11993-pre1.patch b/debian/patches/CVE-2020-11993-pre1.patch
 new file mode 100644
 index 0000000..25d6669
 --- /dev/null
 +++ b/debian/patches/CVE-2020-11993-pre1.patch
@@ -0,0 +1,406 @@
++Backport of:
++
++From 3060a9dd4d160af2e82829ce801a3a89127e36a1 Mon Sep 17 00:00:00 2001
++From: Jim Jagielski <jim@apache.org>
++Date: Thu, 30 Jan 2020 15:14:40 +0000
++Subject: [PATCH] Merge r1871810 from trunk:
++
++  *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
++
++
++Submitted by: icing
++Reviewed by: icing, jim, steffenal
++
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1873368 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                         |  3 ++
++ STATUS                          |  4 --
++ modules/http2/h2_mplx.c         | 54 ++++++++++++--------
++ modules/http2/h2_session.c      |  2 +-
++ modules/http2/h2_util.c         | 89 ++++++++++-----------------------
++ modules/http2/h2_util.h         |  2 -
++ modules/http2/h2_version.h      |  4 +-
++ modules/http2/h2_workers.c      |  1 -
++ modules/http2/mod_proxy_http2.c |  8 +++
++ 9 files changed, 72 insertions(+), 95 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index ded0ecce34c..e12ef389501 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -5,6 +5,9 @@ Changes with Apache 2.4.42
++#      r:notes_table, r:subprocess_env_table as read-only native table alternatives
++#      that can be iterated over. [Eric Covener]
++#
++#+  *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
++#+     [Yann Ylavic, Stefan Eissing]
++#+
++#   *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
++#      r.headers_out, etc) to remove the key from the table. PR63971.
++#      [Eric Covener]
++#diff --git a/STATUS b/STATUS
++#index 991ed406b23..a610953ed89 100644
++#--- a/STATUS
++#+++ b/STATUS
++#@@ -132,10 +132,6 @@ RELEASE SHOWSTOPPERS:
++# PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#   [ start all new proposals below, under PATCHES PROPOSED. ]
++#
++#-  *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
++#-     trunk patch: http://svn.apache.org/r1871810
++#-     2.4.x patch: svn merge -c 1871810 ^/httpd/httpd/trunk
++#-     +1: icing, jim, steffenal(tested with 1.15.5-git)
++#
++# PATCHES PROPOSED TO BACKPORT FROM TRUNK:
++#   [ New proposals should be added at the end of the list ]
++--- a/modules/http2/h2_mplx.c
+++++ b/modules/http2/h2_mplx.c
++@@ -75,13 +75,13 @@ apr_status_t h2_mplx_child_init(apr_pool
++ #define H2_MPLX_ENTER_ALWAYS(m)    \
++     apr_thread_mutex_lock(m->lock)
++
++-#define H2_MPLX_ENTER_MAYBE(m, lock)    \
++-    if (lock) apr_thread_mutex_lock(m->lock)
+++#define H2_MPLX_ENTER_MAYBE(m, dolock)    \
+++    if (dolock) apr_thread_mutex_lock(m->lock)
++
++-#define H2_MPLX_LEAVE_MAYBE(m, lock)    \
++-    if (lock) apr_thread_mutex_unlock(m->lock)
+++#define H2_MPLX_LEAVE_MAYBE(m, dolock)    \
+++    if (dolock) apr_thread_mutex_unlock(m->lock)
++
++-static void check_data_for(h2_mplx *m, h2_stream *stream, int lock);
+++static void check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked);
++
++ static void stream_output_consumed(void *ctx,
++                                    h2_bucket_beam *beam, apr_off_t length)
++@@ -104,6 +104,7 @@ static void stream_joined(h2_mplx *m, h2
++ {
++     ap_assert(!h2_task_has_started(stream->task) || stream->task->worker_done);
++
+++    h2_ififo_remove(m->readyq, stream->id);
++     h2_ihash_remove(m->shold, stream->id);
++     h2_ihash_add(m->spurge, stream);
++ }
++@@ -125,14 +126,16 @@ static void stream_cleanup(h2_mplx *m, h
++
++     h2_ihash_remove(m->streams, stream->id);
++     h2_iq_remove(m->q, stream->id);
++-    h2_ififo_remove(m->readyq, stream->id);
++-    h2_ihash_add(m->shold, stream);
++
++     if (!h2_task_has_started(stream->task) || stream->task->done_done) {
++         stream_joined(m, stream);
++     }
++-    else if (stream->task) {
++-        stream->task->c->aborted = 1;
+++    else {
+++        h2_ififo_remove(m->readyq, stream->id);
+++        h2_ihash_add(m->shold, stream);
+++        if (stream->task) {
+++            stream->task->c->aborted = 1;
+++        }
++     }
++ }
++
++@@ -509,12 +512,11 @@ static void output_produced(void *ctx, h
++     h2_stream *stream = ctx;
++     h2_mplx *m = stream->session->mplx;
++
++-    check_data_for(m, stream, 1);
+++    check_data_for(m, stream, 0);
++ }
++
++ static apr_status_t out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
++ {
++-    apr_status_t status = APR_SUCCESS;
++     h2_stream *stream = h2_ihash_get(m->streams, stream_id);
++
++     if (!stream || !stream->task || m->aborted) {
++@@ -528,7 +530,7 @@ static apr_status_t out_open(h2_mplx *m,
++         h2_beam_log(beam, m->c, APLOG_TRACE2, "out_open");
++     }
++     else {
++-        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, m->c,
+++        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
++                       "h2_mplx(%s): out open", stream->task->id);
++     }
++
++@@ -540,8 +542,8 @@ static apr_status_t out_open(h2_mplx *m,
++
++     /* we might see some file buckets in the output, see
++      * if we have enough handles reserved. */
++-    check_data_for(m, stream, 0);
++-    return status;
+++    check_data_for(m, stream, 1);
+++    return APR_SUCCESS;
++ }
++
++ apr_status_t h2_mplx_out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
++@@ -583,7 +585,7 @@ static apr_status_t out_close(h2_mplx *m
++     status = h2_beam_close(task->output.beam);
++     h2_beam_log(task->output.beam, m->c, APLOG_TRACE2, "out_close");
++     output_consumed_signal(m, task);
++-    check_data_for(m, stream, 0);
+++    check_data_for(m, stream, 1);
++     return status;
++ }
++
++@@ -617,15 +619,23 @@ apr_status_t h2_mplx_out_trywait(h2_mplx
++     return status;
++ }
++
++-static void check_data_for(h2_mplx *m, h2_stream *stream, int lock)
+++static void check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked)
++ {
+++    /* If m->lock is already held, we must release during h2_ififo_push()
+++     * which can wait on its not_full condition, causing a deadlock because
+++     * no one would then be able to acquire m->lock to empty the fifo.
+++     */
+++    H2_MPLX_LEAVE_MAYBE(m, mplx_is_locked);
++     if (h2_ififo_push(m->readyq, stream->id) == APR_SUCCESS) {
+++        H2_MPLX_ENTER_ALWAYS(m);
++         apr_atomic_set32(&m->event_pending, 1);
++-        H2_MPLX_ENTER_MAYBE(m, lock);
++         if (m->added_output) {
++             apr_thread_cond_signal(m->added_output);
++         }
++-        H2_MPLX_LEAVE_MAYBE(m, lock);
+++        H2_MPLX_LEAVE_MAYBE(m, !mplx_is_locked);
+++    }
+++    else {
+++        H2_MPLX_ENTER_MAYBE(m, mplx_is_locked);
++     }
++ }
++
++@@ -678,7 +688,7 @@ apr_status_t h2_mplx_process(h2_mplx *m,
++         h2_ihash_add(m->streams, stream);
++         if (h2_stream_is_ready(stream)) {
++             /* already have a response */
++-            check_data_for(m, stream, 0);
+++            check_data_for(m, stream, 1);
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
++                           H2_STRM_MSG(stream, "process, add to readyq"));
++         }
++@@ -809,7 +819,7 @@ static void task_done(h2_mplx *m, h2_tas
++             }
++
++             /* more data will not arrive, resume the stream */
++-            check_data_for(m, stream, 0);
+++            check_data_for(m, stream, 1);
++         }
++     }
++     else if ((stream = h2_ihash_get(m->shold, task->stream_id)) != NULL) {
++@@ -1062,7 +1072,7 @@ apr_status_t h2_mplx_idle(h2_mplx *m)
++                                   h2_beam_is_closed(stream->output),
++                                   (long)h2_beam_get_buffered(stream->output));
++                     h2_ihash_add(m->streams, stream);
++-                    check_data_for(m, stream, 0);
+++                    check_data_for(m, stream, 1);
++                     stream->out_checked = 1;
++                     status = APR_EAGAIN;
++                 }
++@@ -1114,7 +1124,7 @@ apr_status_t h2_mplx_dispatch_master_eve
++
++ apr_status_t h2_mplx_keep_active(h2_mplx *m, h2_stream *stream)
++ {
++-    check_data_for(m, stream, 1);
+++    check_data_for(m, stream, 0);
++     return APR_SUCCESS;
++ }
++
++--- a/modules/http2/h2_session.c
+++++ b/modules/http2/h2_session.c
++@@ -2141,7 +2141,7 @@ apr_status_t h2_session_process(h2_sessi
++                 break;
++
++             case H2_SESSION_ST_IDLE:
++-                if (session->idle_until && (apr_time_now() + session->idle_delay) > session->idle_until) {
+++                if (session->idle_until && (now + session->idle_delay) > session->idle_until) {
++                     ap_log_cerror( APLOG_MARK, APLOG_TRACE1, status, c,
++                                   H2_SSSN_MSG(session, "idle, timeout reached, closing"));
++                     if (session->idle_delay) {
++--- a/modules/http2/h2_util.c
+++++ b/modules/http2/h2_util.c
++@@ -638,15 +638,6 @@ apr_status_t h2_fifo_term(h2_fifo *fifo)
++     apr_status_t rv;
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         fifo->aborted = 1;
++-        apr_thread_mutex_unlock(fifo->lock);
++-    }
++-    return rv;
++-}
++-
++-apr_status_t h2_fifo_interrupt(h2_fifo *fifo)
++-{
++-    apr_status_t rv;
++-    if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         apr_thread_cond_broadcast(fifo->not_empty);
++         apr_thread_cond_broadcast(fifo->not_full);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -710,10 +701,6 @@ static apr_status_t fifo_push(h2_fifo *f
++ {
++     apr_status_t rv;
++
++-    if (fifo->aborted) {
++-        return APR_EOF;
++-    }
++-
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         rv = fifo_push_int(fifo, elem, block);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -754,10 +741,6 @@ static apr_status_t fifo_pull(h2_fifo *f
++ {
++     apr_status_t rv;
++
++-    if (fifo->aborted) {
++-        return APR_EOF;
++-    }
++-
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         rv = pull_head(fifo, pelem, block);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -946,15 +929,6 @@ apr_status_t h2_ififo_term(h2_ififo *fif
++     apr_status_t rv;
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         fifo->aborted = 1;
++-        apr_thread_mutex_unlock(fifo->lock);
++-    }
++-    return rv;
++-}
++-
++-apr_status_t h2_ififo_interrupt(h2_ififo *fifo)
++-{
++-    apr_status_t rv;
++-    if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         apr_thread_cond_broadcast(fifo->not_empty);
++         apr_thread_cond_broadcast(fifo->not_full);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -1018,10 +992,6 @@ static apr_status_t ififo_push(h2_ififo
++ {
++     apr_status_t rv;
++
++-    if (fifo->aborted) {
++-        return APR_EOF;
++-    }
++-
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         rv = ififo_push_int(fifo, id, block);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -1062,10 +1032,6 @@ static apr_status_t ififo_pull(h2_ififo
++ {
++     apr_status_t rv;
++
++-    if (fifo->aborted) {
++-        return APR_EOF;
++-    }
++-
++     if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++         rv = ipull_head(fifo, pi, block);
++         apr_thread_mutex_unlock(fifo->lock);
++@@ -1088,10 +1054,6 @@ static apr_status_t ififo_peek(h2_ififo
++     apr_status_t rv;
++     int id;
++
++-    if (fifo->aborted) {
++-        return APR_EOF;
++-    }
++-
++     if (APR_SUCCESS == (rv = apr_thread_mutex_lock(fifo->lock))) {
++         if (APR_SUCCESS == (rv = ipull_head(fifo, &id, block))) {
++             switch (fn(id, ctx)) {
++@@ -1117,39 +1079,40 @@ apr_status_t h2_ififo_try_peek(h2_ififo
++     return ififo_peek(fifo, fn, ctx, 0);
++ }
++
++-apr_status_t h2_ififo_remove(h2_ififo *fifo, int id)
+++static apr_status_t ififo_remove(h2_ififo *fifo, int id)
++ {
++-    apr_status_t rv;
+++    int rc, i;
++
++     if (fifo->aborted) {
++         return APR_EOF;
++     }
++
++-    if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
++-        int i, rc;
++-        int e;
++-
++-        rc = 0;
++-        for (i = 0; i < fifo->count; ++i) {
++-            e = fifo->elems[inth_index(fifo, i)];
++-            if (e == id) {
++-                ++rc;
++-            }
++-            else if (rc) {
++-                fifo->elems[inth_index(fifo, i-rc)] = e;
++-            }
++-        }
++-        if (rc) {
++-            fifo->count -= rc;
++-            if (fifo->count + rc == fifo->nelems) {
++-                apr_thread_cond_broadcast(fifo->not_full);
++-            }
++-            rv = APR_SUCCESS;
+++    rc = 0;
+++    for (i = 0; i < fifo->count; ++i) {
+++        int e = fifo->elems[inth_index(fifo, i)];
+++        if (e == id) {
+++            ++rc;
++         }
++-        else {
++-            rv = APR_EAGAIN;
+++        else if (rc) {
+++            fifo->elems[inth_index(fifo, i-rc)] = e;
++         }
++-
+++    }
+++    if (!rc) {
+++        return APR_EAGAIN;
+++    }
+++    fifo->count -= rc;
+++    if (fifo->count + rc == fifo->nelems) {
+++        apr_thread_cond_broadcast(fifo->not_full);
+++    }
+++    return APR_SUCCESS;
+++}
+++
+++apr_status_t h2_ififo_remove(h2_ififo *fifo, int id)
+++{
+++    apr_status_t rv;
+++
+++    if ((rv = apr_thread_mutex_lock(fifo->lock)) == APR_SUCCESS) {
+++        rv = ififo_remove(fifo, id);
++         apr_thread_mutex_unlock(fifo->lock);
++     }
++     return rv;
++--- a/modules/http2/h2_util.h
+++++ b/modules/http2/h2_util.h
++@@ -209,7 +209,6 @@ apr_status_t h2_fifo_create(h2_fifo **pf
++ apr_status_t h2_fifo_set_create(h2_fifo **pfifo, apr_pool_t *pool, int capacity);
++
++ apr_status_t h2_fifo_term(h2_fifo *fifo);
++-apr_status_t h2_fifo_interrupt(h2_fifo *fifo);
++
++ int h2_fifo_count(h2_fifo *fifo);
++
++@@ -280,7 +279,6 @@ apr_status_t h2_ififo_create(h2_ififo **
++ apr_status_t h2_ififo_set_create(h2_ififo **pfifo, apr_pool_t *pool, int capacity);
++
++ apr_status_t h2_ififo_term(h2_ififo *fifo);
++-apr_status_t h2_ififo_interrupt(h2_ififo *fifo);
++
++ int h2_ififo_count(h2_ififo *fifo);
++
++--- a/modules/http2/h2_workers.c
+++++ b/modules/http2/h2_workers.c
++@@ -269,7 +269,6 @@ static apr_status_t workers_pool_cleanup
++         }
++
++         h2_fifo_term(workers->mplxs);
++-        h2_fifo_interrupt(workers->mplxs);
++
++         cleanup_zombies(workers);
++     }
 diff --git a/debian/patches/CVE-2020-11993.patch b/debian/patches/CVE-2020-11993.patch
 new file mode 100644
 index 0000000..1002f87
 --- /dev/null
 +++ b/debian/patches/CVE-2020-11993.patch
@@ -0,0 +1,1905 @@
++Backport of:
++
++From 63a0a87efa0925514d15c211b508f6594669888c Mon Sep 17 00:00:00 2001
++From: Graham Leggett <minfrin@apache.org>
++Date: Wed, 8 Jul 2020 11:53:48 +0000
++Subject: [PATCH]   *) mod_http2: connection terminology renamed to
++ master/secondary.      trunk patch: http://svn.apache.org/r1878926
++        http://svn.apache.org/r1879156      2.4.x patch:
++ https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/h2-master-secondary.patch
++      +1: icing, ylavic, minfrin      ylavic: nitpicking, mixed
++ "H2_secondary_IN" and "H2_secondary_OUT" case to              register the
++ filters, but not for adding them. IIRC filters names              are case
++ insentive so shouldn't matter, just popped at my eyes..      icing: updated
++ patch and added r1879156 to fix the eye bleed.      jailletc36: CHANGES could
++ also be looked at if it makes sense to update the terminology
++  also here
++
++git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1879642 13f79535-47bb-0310-9956-ffa450edef68
++---
++ CHANGES                    |   3 +
++ STATUS                     |  11 --
++ modules/http2/h2_conn.c    |  52 +++----
++ modules/http2/h2_conn.h    |   8 +-
++ modules/http2/h2_filter.c  |   4 +-
++ modules/http2/h2_h2.c      |  10 +-
++ modules/http2/h2_mplx.c    | 283 +++++++++++++++++++------------------
++ modules/http2/h2_mplx.h    | 160 ++++++---------------
++ modules/http2/h2_request.c |   7 +-
++ modules/http2/h2_session.c |  30 ++--
++ modules/http2/h2_session.h |   2 +-
++ modules/http2/h2_stream.c  |   2 +-
++ modules/http2/h2_task.c    |  68 ++++-----
++ modules/http2/h2_task.h    |   2 +-
++ modules/http2/h2_workers.c |   6 +-
++ modules/http2/mod_http2.c  |   4 +-
++ 16 files changed, 288 insertions(+), 364 deletions(-)
++
++#diff --git a/CHANGES b/CHANGES
++#index 50432a7ca09..31ad6741715 100644
++#--- a/CHANGES
++#+++ b/CHANGES
++#@@ -1,6 +1,9 @@
++#                                                          -*- coding: utf-8 -*-
++# Changes with Apache 2.4.44
++#
++#+  *) mod_http2: The module now handles master/secondary connections and has marked
++#+     methods according to use. [Stefan Eissing]
++#+
++#   *) core: Drop an invalid Last-Modified header value coming
++#      from a FCGI/CGI script instead of replacing it with Unix epoch.
++#      [Luca Toscano]
++#diff --git a/STATUS b/STATUS
++#index c4d0dde0534..72220708a70 100644
++#--- a/STATUS
++#+++ b/STATUS
++#@@ -135,17 +135,6 @@ RELEASE SHOWSTOPPERS:
++# PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
++#   [ start all new proposals below, under PATCHES PROPOSED. ]
++#
++#-  *) mod_http2: connection terminology renamed to master/secondary.
++#-     trunk patch: http://svn.apache.org/r1878926
++#-                  http://svn.apache.org/r1879156
++#-     2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/h2-master-secondary.patch
++#-     +1: icing, ylavic, minfrin
++#-     ylavic: nitpicking, mixed "H2_secondary_IN" and "H2_secondary_OUT" case to
++#-             register the filters, but not for adding them. IIRC filters names
++#-             are case insentive so shouldn't matter, just popped at my eyes..
++#-     icing: updated patch and added r1879156 to fix the eye bleed.
++#-     jailletc36: CHANGES could also be looked at if it makes sense to update the terminology
++#-                 also here
++#
++# PATCHES PROPOSED TO BACKPORT FROM TRUNK:
++#   [ New proposals should be added at the end of the list ]
++--- a/modules/http2/h2_conn.c
+++++ b/modules/http2/h2_conn.c
++@@ -138,7 +138,7 @@ apr_status_t h2_conn_child_init(apr_pool
++     ap_register_input_filter("H2_IN", h2_filter_core_input,
++                              NULL, AP_FTYPE_CONNECTION);
++
++-    status = h2_mplx_child_init(pool, s);
+++    status = h2_mplx_m_child_init(pool, s);
++
++     if (status == APR_SUCCESS) {
++         status = apr_socket_create(&dummy_socket, APR_INET, SOCK_STREAM,
++@@ -260,7 +260,7 @@ apr_status_t h2_conn_pre_close(struct h2
++     return DONE;
++ }
++
++-conn_rec *h2_slave_create(conn_rec *master, int slave_id, apr_pool_t *parent)
+++conn_rec *h2_secondary_create(conn_rec *master, int sec_id, apr_pool_t *parent)
++ {
++     apr_allocator_t *allocator;
++     apr_status_t status;
++@@ -271,7 +271,7 @@ conn_rec *h2_slave_create(conn_rec *mast
++
++     ap_assert(master);
++     ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, master,
++-                  "h2_stream(%ld-%d): create slave", master->id, slave_id);
+++                  "h2_stream(%ld-%d): create secondary", master->id, sec_id);
++
++     /* We create a pool with its own allocator to be used for
++      * processing a request. This is the only way to have the processing
++@@ -284,18 +284,18 @@ conn_rec *h2_slave_create(conn_rec *mast
++     status = apr_pool_create_ex(&pool, parent, NULL, allocator);
++     if (status != APR_SUCCESS) {
++         ap_log_cerror(APLOG_MARK, APLOG_ERR, status, master,
++-                      APLOGNO(10004) "h2_session(%ld-%d): create slave pool",
++-                      master->id, slave_id);
+++                      APLOGNO(10004) "h2_session(%ld-%d): create secondary pool",
+++                      master->id, sec_id);
++         return NULL;
++     }
++     apr_allocator_owner_set(allocator, pool);
++-    apr_pool_tag(pool, "h2_slave_conn");
+++    apr_pool_tag(pool, "h2_secondary_conn");
++
++     c = (conn_rec *) apr_palloc(pool, sizeof(conn_rec));
++     if (c == NULL) {
++         ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, master,
++-                      APLOGNO(02913) "h2_session(%ld-%d): create slave",
++-                      master->id, slave_id);
+++                      APLOGNO(02913) "h2_session(%ld-%d): create secondary",
+++                      master->id, sec_id);
++         apr_pool_destroy(pool);
++         return NULL;
++     }
++@@ -322,19 +322,19 @@ conn_rec *h2_slave_create(conn_rec *mast
++     c->clogging_input_filters = 1;
++     c->log                    = NULL;
++     c->log_id                 = apr_psprintf(pool, "%ld-%d",
++-                                             master->id, slave_id);
+++                                             master->id, sec_id);
++     c->aborted                = 0;
++-    /* We cannot install the master connection socket on the slaves, as
+++    /* We cannot install the master connection socket on the secondary, as
++      * modules mess with timeouts/blocking of the socket, with
++      * unwanted side effects to the master connection processing.
++-     * Fortunately, since we never use the slave socket, we can just install
+++     * Fortunately, since we never use the secondary socket, we can just install
++      * a single, process-wide dummy and everyone is happy.
++      */
++     ap_set_module_config(c->conn_config, &core_module, dummy_socket);
++     /* TODO: these should be unique to this thread */
++     c->sbh                    = master->sbh;
++-    /* TODO: not all mpm modules have learned about slave connections yet.
++-     * copy their config from master to slave.
+++    /* TODO: not all mpm modules have learned about secondary connections yet.
+++     * copy their config from master to secondary.
++      */
++     if ((mpm = h2_conn_mpm_module()) != NULL) {
++         cfg = ap_get_module_config(master->conn_config, mpm);
++@@ -342,38 +342,38 @@ conn_rec *h2_slave_create(conn_rec *mast
++     }
++
++     ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
++-                  "h2_slave(%s): created", c->log_id);
+++                  "h2_secondary(%s): created", c->log_id);
++     return c;
++ }
++
++-void h2_slave_destroy(conn_rec *slave)
+++void h2_secondary_destroy(conn_rec *secondary)
++ {
++-    ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, slave,
++-                  "h2_slave(%s): destroy", slave->log_id);
++-    slave->sbh = NULL;
++-    apr_pool_destroy(slave->pool);
+++    ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, secondary,
+++                  "h2_secondary(%s): destroy", secondary->log_id);
+++    secondary->sbh = NULL;
+++    apr_pool_destroy(secondary->pool);
++ }
++
++-apr_status_t h2_slave_run_pre_connection(conn_rec *slave, apr_socket_t *csd)
+++apr_status_t h2_secondary_run_pre_connection(conn_rec *secondary, apr_socket_t *csd)
++ {
++-    if (slave->keepalives == 0) {
+++    if (secondary->keepalives == 0) {
++         /* Simulate that we had already a request on this connection. Some
++          * hooks trigger special behaviour when keepalives is 0.
++          * (Not necessarily in pre_connection, but later. Set it here, so it
++          * is in place.) */
++-        slave->keepalives = 1;
+++        secondary->keepalives = 1;
++         /* We signal that this connection will be closed after the request.
++          * Which is true in that sense that we throw away all traffic data
++-         * on this slave connection after each requests. Although we might
+++         * on this secondary connection after each requests. Although we might
++          * reuse internal structures like memory pools.
++          * The wanted effect of this is that httpd does not try to clean up
++          * any dangling data on this connection when a request is done. Which
++          * is unneccessary on a h2 stream.
++          */
++-        slave->keepalive = AP_CONN_CLOSE;
++-        return ap_run_pre_connection(slave, csd);
+++        secondary->keepalive = AP_CONN_CLOSE;
+++        return ap_run_pre_connection(secondary, csd);
++     }
++-    ap_assert(slave->output_filters);
+++    ap_assert(secondary->output_filters);
++     return APR_SUCCESS;
++ }
++
++--- a/modules/http2/h2_conn.h
+++++ b/modules/http2/h2_conn.h
++@@ -68,10 +68,10 @@ h2_mpm_type_t h2_conn_mpm_type(void);
++ const char *h2_conn_mpm_name(void);
++ int h2_mpm_supported(void);
++
++-conn_rec *h2_slave_create(conn_rec *master, int slave_id, apr_pool_t *parent);
++-void h2_slave_destroy(conn_rec *slave);
+++conn_rec *h2_secondary_create(conn_rec *master, int sec_id, apr_pool_t *parent);
+++void h2_secondary_destroy(conn_rec *secondary);
++
++-apr_status_t h2_slave_run_pre_connection(conn_rec *slave, apr_socket_t *csd);
++-void h2_slave_run_connection(conn_rec *slave);
+++apr_status_t h2_secondary_run_pre_connection(conn_rec *secondary, apr_socket_t *csd);
+++void h2_secondary_run_connection(conn_rec *secondary);
++
++ #endif /* defined(__mod_h2__h2_conn__) */
++--- a/modules/http2/h2_filter.c
+++++ b/modules/http2/h2_filter.c
++@@ -370,7 +370,7 @@ static void add_streams(apr_bucket_briga
++     x.s = s;
++     x.idx = 0;
++     bbout(bb, "  \"streams\": {");
++-    h2_mplx_stream_do(s->mplx, add_stream, &x);
+++    h2_mplx_m_stream_do(s->mplx, add_stream, &x);
++     bbout(bb, "\n  }%s\n", last? "" : ",");
++ }
++
++@@ -433,7 +433,7 @@ static void add_stats(apr_bucket_brigade
++ static apr_status_t h2_status_insert(h2_task *task, apr_bucket *b)
++ {
++     h2_mplx *m = task->mplx;
++-    h2_stream *stream = h2_mplx_stream_get(m, task->stream_id);
+++    h2_stream *stream = h2_mplx_t_stream_get(m, task);
++     h2_session *s;
++     conn_rec *c;
++
++--- a/modules/http2/h2_h2.c
+++++ b/modules/http2/h2_h2.c
++@@ -668,7 +668,7 @@ static int h2_h2_pre_close_conn(conn_rec
++ {
++     h2_ctx *ctx;
++
++-    /* slave connection? */
+++    /* secondary connection? */
++     if (c->master) {
++         return DECLINED;
++     }
++@@ -712,7 +712,7 @@ static void check_push(request_rec *r, c
++
++ static int h2_h2_post_read_req(request_rec *r)
++ {
++-    /* slave connection? */
+++    /* secondary connection? */
++     if (r->connection->master) {
++         struct h2_task *task = h2_ctx_get_task(r->connection);
++         /* This hook will get called twice on internal redirects. Take care
++@@ -731,7 +731,7 @@ static int h2_h2_post_read_req(request_r
++             ap_add_output_filter("H2_RESPONSE", task, r, r->connection);
++
++             for (f = r->input_filters; f; f = f->next) {
++-                if (!strcmp("H2_SLAVE_IN", f->frec->name)) {
+++                if (!strcmp("H2_SECONDARY_IN", f->frec->name)) {
++                     f->r = r;
++                     break;
++                 }
++@@ -745,7 +745,7 @@ static int h2_h2_post_read_req(request_r
++
++ static int h2_h2_late_fixups(request_rec *r)
++ {
++-    /* slave connection? */
+++    /* secondary connection? */
++     if (r->connection->master) {
++         struct h2_task *task = h2_ctx_get_task(r->connection);
++         if (task) {
++@@ -753,7 +753,7 @@ static int h2_h2_late_fixups(request_rec
++             task->output.copy_files = h2_config_rgeti(r, H2_CONF_COPY_FILES);
++             if (task->output.copy_files) {
++                 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, task->c,
++-                              "h2_slave_out(%s): copy_files on", task->id);
+++                              "h2_secondary_out(%s): copy_files on", task->id);
++                 h2_beam_on_file_beam(task->output.beam, h2_beam_no_files, NULL);
++             }
++             check_push(r, "late_fixup");
++--- a/modules/http2/h2_mplx.c
+++++ b/modules/http2/h2_mplx.c
++@@ -56,10 +56,18 @@ typedef struct {
++     apr_size_t count;
++ } stream_iter_ctx;
++
++-static apr_status_t mplx_be_happy(h2_mplx *m);
++-static apr_status_t mplx_be_annoyed(h2_mplx *m);
+++/**
+++ * Naming convention for static functions:
+++ * - m_*: function only called from the master connection
+++ * - s_*: function only called from a secondary connection
+++ * - t_*: function only called from a h2_task holder
+++ * - mst_*: function called from everyone
+++ */
++
++-apr_status_t h2_mplx_child_init(apr_pool_t *pool, server_rec *s)
+++static apr_status_t s_mplx_be_happy(h2_mplx *m, h2_task *task);
+++static apr_status_t m_be_annoyed(h2_mplx *m);
+++
+++apr_status_t h2_mplx_m_child_init(apr_pool_t *pool, server_rec *s)
++ {
++     return APR_SUCCESS;
++ }
++@@ -81,26 +89,25 @@ apr_status_t h2_mplx_child_init(apr_pool
++ #define H2_MPLX_LEAVE_MAYBE(m, dolock)    \
++     if (dolock) apr_thread_mutex_unlock(m->lock)
++
++-static void check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked);
+++static void mst_check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked);
++
++-static void stream_output_consumed(void *ctx,
++-                                   h2_bucket_beam *beam, apr_off_t length)
+++static void mst_stream_output_consumed(void *ctx, h2_bucket_beam *beam, apr_off_t length)
++ {
++ }
++
++-static void stream_input_ev(void *ctx, h2_bucket_beam *beam)
+++static void mst_stream_input_ev(void *ctx, h2_bucket_beam *beam)
++ {
++     h2_stream *stream = ctx;
++     h2_mplx *m = stream->session->mplx;
++     apr_atomic_set32(&m->event_pending, 1);
++ }
++
++-static void stream_input_consumed(void *ctx, h2_bucket_beam *beam, apr_off_t length)
+++static void m_stream_input_consumed(void *ctx, h2_bucket_beam *beam, apr_off_t length)
++ {
++     h2_stream_in_consumed(ctx, length);
++ }
++
++-static void stream_joined(h2_mplx *m, h2_stream *stream)
+++static void ms_stream_joined(h2_mplx *m, h2_stream *stream)
++ {
++     ap_assert(!h2_task_has_started(stream->task) || stream->task->worker_done);
++
++@@ -109,7 +116,7 @@ static void stream_joined(h2_mplx *m, h2
++     h2_ihash_add(m->spurge, stream);
++ }
++
++-static void stream_cleanup(h2_mplx *m, h2_stream *stream)
+++static void m_stream_cleanup(h2_mplx *m, h2_stream *stream)
++ {
++     ap_assert(stream->state == H2_SS_CLEANUP);
++
++@@ -128,7 +135,7 @@ static void stream_cleanup(h2_mplx *m, h
++     h2_iq_remove(m->q, stream->id);
++
++     if (!h2_task_has_started(stream->task) || stream->task->done_done) {
++-        stream_joined(m, stream);
+++        ms_stream_joined(m, stream);
++     }
++     else {
++         h2_ififo_remove(m->readyq, stream->id);
++@@ -150,8 +157,8 @@ static void stream_cleanup(h2_mplx *m, h
++  *   their HTTP/1 cousins, the separate allocator seems to work better
++  *   than protecting a shared h2_session one with an own lock.
++  */
++-h2_mplx *h2_mplx_create(conn_rec *c, server_rec *s, apr_pool_t *parent,
++-                        h2_workers *workers)
+++h2_mplx *h2_mplx_m_create(conn_rec *c, server_rec *s, apr_pool_t *parent,
+++                          h2_workers *workers)
++ {
++     apr_status_t status = APR_SUCCESS;
++     apr_allocator_t *allocator;
++@@ -165,7 +172,7 @@ h2_mplx *h2_mplx_create(conn_rec *c, ser
++         m->s = s;
++
++         /* We create a pool with its own allocator to be used for
++-         * processing slave connections. This is the only way to have the
+++         * processing secondary connections. This is the only way to have the
++          * processing independant of its parent pool in the sense that it
++          * can work in another thread. Also, the new allocator needs its own
++          * mutex to synchronize sub-pools.
++@@ -217,12 +224,12 @@ h2_mplx *h2_mplx_create(conn_rec *c, ser
++         m->last_mood_change = apr_time_now();
++         m->mood_update_interval = apr_time_from_msec(100);
++
++-        m->spare_slaves = apr_array_make(m->pool, 10, sizeof(conn_rec*));
+++        m->spare_secondary = apr_array_make(m->pool, 10, sizeof(conn_rec*));
++     }
++     return m;
++ }
++
++-int h2_mplx_shutdown(h2_mplx *m)
+++int h2_mplx_m_shutdown(h2_mplx *m)
++ {
++     int max_stream_started = 0;
++
++@@ -236,7 +243,7 @@ int h2_mplx_shutdown(h2_mplx *m)
++     return max_stream_started;
++ }
++
++-static int input_consumed_signal(h2_mplx *m, h2_stream *stream)
+++static int m_input_consumed_signal(h2_mplx *m, h2_stream *stream)
++ {
++     if (stream->input) {
++         return h2_beam_report_consumption(stream->input);
++@@ -244,12 +251,12 @@ static int input_consumed_signal(h2_mplx
++     return 0;
++ }
++
++-static int report_consumption_iter(void *ctx, void *val)
+++static int m_report_consumption_iter(void *ctx, void *val)
++ {
++     h2_stream *stream = val;
++     h2_mplx *m = ctx;
++
++-    input_consumed_signal(m, stream);
+++    m_input_consumed_signal(m, stream);
++     if (stream->state == H2_SS_CLOSED_L
++         && (!stream->task || stream->task->worker_done)) {
++         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c,
++@@ -260,7 +267,7 @@ static int report_consumption_iter(void
++     return 1;
++ }
++
++-static int output_consumed_signal(h2_mplx *m, h2_task *task)
+++static int s_output_consumed_signal(h2_mplx *m, h2_task *task)
++ {
++     if (task->output.beam) {
++         return h2_beam_report_consumption(task->output.beam);
++@@ -268,7 +275,7 @@ static int output_consumed_signal(h2_mpl
++     return 0;
++ }
++
++-static int stream_destroy_iter(void *ctx, void *val)
+++static int m_stream_destroy_iter(void *ctx, void *val)
++ {
++     h2_mplx *m = ctx;
++     h2_stream *stream = val;
++@@ -278,7 +285,7 @@ static int stream_destroy_iter(void *ctx
++
++     if (stream->input) {
++         /* Process outstanding events before destruction */
++-        input_consumed_signal(m, stream);
+++        m_input_consumed_signal(m, stream);
++         h2_beam_log(stream->input, m->c, APLOG_TRACE2, "stream_destroy");
++         h2_beam_destroy(stream->input);
++         stream->input = NULL;
++@@ -286,12 +293,12 @@ static int stream_destroy_iter(void *ctx
++
++     if (stream->task) {
++         h2_task *task = stream->task;
++-        conn_rec *slave;
++-        int reuse_slave = 0;
+++        conn_rec *secondary;
+++        int reuse_secondary = 0;
++
++         stream->task = NULL;
++-        slave = task->c;
++-        if (slave) {
+++        secondary = task->c;
+++        if (secondary) {
++             /* On non-serialized requests, the IO logging has not accounted for any
++              * meta data send over the network: response headers and h2 frame headers. we
++              * counted this on the stream and need to add this now.
++@@ -300,26 +307,25 @@ static int stream_destroy_iter(void *ctx
++             if (task->request && !task->request->serialize && h2_task_logio_add_bytes_out) {
++                 apr_off_t unaccounted = stream->out_frame_octets - stream->out_data_octets;
++                 if (unaccounted > 0) {
++-                    h2_task_logio_add_bytes_out(slave, unaccounted);
+++                    h2_task_logio_add_bytes_out(secondary, unaccounted);
++                 }
++             }
++
++-            if (m->s->keep_alive_max == 0 || slave->keepalives < m->s->keep_alive_max) {
++-                reuse_slave = ((m->spare_slaves->nelts < (m->limit_active * 3 / 2))
++-                               && !task->rst_error);
+++            if (m->s->keep_alive_max == 0 || secondary->keepalives < m->s->keep_alive_max) {
+++                reuse_secondary = ((m->spare_secondary->nelts < (m->limit_active * 3 / 2))
+++                                   && !task->rst_error);
++             }
++
++-            task->c = NULL;
++-            if (reuse_slave) {
+++            if (reuse_secondary) {
++                 h2_beam_log(task->output.beam, m->c, APLOG_DEBUG,
++-                            APLOGNO(03385) "h2_task_destroy, reuse slave");
+++                            APLOGNO(03385) "h2_task_destroy, reuse secondary");
++                 h2_task_destroy(task);
++-                APR_ARRAY_PUSH(m->spare_slaves, conn_rec*) = slave;
+++                APR_ARRAY_PUSH(m->spare_secondary, conn_rec*) = secondary;
++             }
++             else {
++                 h2_beam_log(task->output.beam, m->c, APLOG_TRACE1,
++-                            "h2_task_destroy, destroy slave");
++-                h2_slave_destroy(slave);
+++                            "h2_task_destroy, destroy secondary");
+++                h2_secondary_destroy(secondary);
++             }
++         }
++     }
++@@ -327,11 +333,11 @@ static int stream_destroy_iter(void *ctx
++     return 0;
++ }
++
++-static void purge_streams(h2_mplx *m, int lock)
+++static void m_purge_streams(h2_mplx *m, int lock)
++ {
++     if (!h2_ihash_empty(m->spurge)) {
++         H2_MPLX_ENTER_MAYBE(m, lock);
++-        while (!h2_ihash_iter(m->spurge, stream_destroy_iter, m)) {
+++        while (!h2_ihash_iter(m->spurge, m_stream_destroy_iter, m)) {
++             /* repeat until empty */
++         }
++         H2_MPLX_LEAVE_MAYBE(m, lock);
++@@ -343,13 +349,13 @@ typedef struct {
++     void *ctx;
++ } stream_iter_ctx_t;
++
++-static int stream_iter_wrap(void *ctx, void *stream)
+++static int m_stream_iter_wrap(void *ctx, void *stream)
++ {
++     stream_iter_ctx_t *x = ctx;
++     return x->cb(stream, x->ctx);
++ }
++
++-apr_status_t h2_mplx_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx)
+++apr_status_t h2_mplx_m_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx)
++ {
++     stream_iter_ctx_t x;
++
++@@ -357,13 +363,13 @@ apr_status_t h2_mplx_stream_do(h2_mplx *
++
++     x.cb = cb;
++     x.ctx = ctx;
++-    h2_ihash_iter(m->streams, stream_iter_wrap, &x);
+++    h2_ihash_iter(m->streams, m_stream_iter_wrap, &x);
++
++     H2_MPLX_LEAVE(m);
++     return APR_SUCCESS;
++ }
++
++-static int report_stream_iter(void *ctx, void *val) {
+++static int m_report_stream_iter(void *ctx, void *val) {
++     h2_mplx *m = ctx;
++     h2_stream *stream = val;
++     h2_task *task = stream->task;
++@@ -388,7 +394,7 @@ static int report_stream_iter(void *ctx,
++     return 1;
++ }
++
++-static int unexpected_stream_iter(void *ctx, void *val) {
+++static int m_unexpected_stream_iter(void *ctx, void *val) {
++     h2_mplx *m = ctx;
++     h2_stream *stream = val;
++     ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, /* NO APLOGNO */
++@@ -397,7 +403,7 @@ static int unexpected_stream_iter(void *
++     return 1;
++ }
++
++-static int stream_cancel_iter(void *ctx, void *val) {
+++static int m_stream_cancel_iter(void *ctx, void *val) {
++     h2_mplx *m = ctx;
++     h2_stream *stream = val;
++
++@@ -411,11 +417,11 @@ static int stream_cancel_iter(void *ctx,
++     h2_stream_rst(stream, H2_ERR_NO_ERROR);
++     /* All connection data has been sent, simulate cleanup */
++     h2_stream_dispatch(stream, H2_SEV_EOS_SENT);
++-    stream_cleanup(m, stream);
+++    m_stream_cleanup(m, stream);
++     return 0;
++ }
++
++-void h2_mplx_release_and_join(h2_mplx *m, apr_thread_cond_t *wait)
+++void h2_mplx_m_release_and_join(h2_mplx *m, apr_thread_cond_t *wait)
++ {
++     apr_status_t status;
++     int i, wait_secs = 60, old_aborted;
++@@ -429,7 +435,7 @@ void h2_mplx_release_and_join(h2_mplx *m
++
++     H2_MPLX_ENTER_ALWAYS(m);
++
++-    /* While really terminating any slave connections, treat the master
+++    /* While really terminating any secondary connections, treat the master
++      * connection as aborted. It's not as if we could send any more data
++      * at this point. */
++     old_aborted = m->c->aborted;
++@@ -441,7 +447,7 @@ void h2_mplx_release_and_join(h2_mplx *m
++                   "h2_mplx(%ld): release, %d/%d/%d streams (total/hold/purge), %d active tasks",
++                   m->id, (int)h2_ihash_count(m->streams),
++                   (int)h2_ihash_count(m->shold), (int)h2_ihash_count(m->spurge), m->tasks_active);
++-    while (!h2_ihash_iter(m->streams, stream_cancel_iter, m)) {
+++    while (!h2_ihash_iter(m->streams, m_stream_cancel_iter, m)) {
++         /* until empty */
++     }
++
++@@ -463,7 +469,7 @@ void h2_mplx_release_and_join(h2_mplx *m
++             ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, APLOGNO(03198)
++                           "h2_mplx(%ld): waited %d sec for %d tasks",
++                           m->id, i*wait_secs, (int)h2_ihash_count(m->shold));
++-            h2_ihash_iter(m->shold, report_stream_iter, m);
+++            h2_ihash_iter(m->shold, m_report_stream_iter, m);
++         }
++     }
++     m->join_wait = NULL;
++@@ -474,7 +480,7 @@ void h2_mplx_release_and_join(h2_mplx *m
++         ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, APLOGNO(03516)
++                       "h2_mplx(%ld): unexpected %d streams in hold",
++                       m->id, (int)h2_ihash_count(m->shold));
++-        h2_ihash_iter(m->shold, unexpected_stream_iter, m);
+++        h2_ihash_iter(m->shold, m_unexpected_stream_iter, m);
++     }
++
++     m->c->aborted = old_aborted;
++@@ -483,39 +489,39 @@ void h2_mplx_release_and_join(h2_mplx *m
++     ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c, "h2_mplx(%ld): released", m->id);
++ }
++
++-apr_status_t h2_mplx_stream_cleanup(h2_mplx *m, h2_stream *stream)
+++apr_status_t h2_mplx_m_stream_cleanup(h2_mplx *m, h2_stream *stream)
++ {
++     H2_MPLX_ENTER(m);
++
++     ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
++                   H2_STRM_MSG(stream, "cleanup"));
++-    stream_cleanup(m, stream);
+++    m_stream_cleanup(m, stream);
++
++     H2_MPLX_LEAVE(m);
++     return APR_SUCCESS;
++ }
++
++-h2_stream *h2_mplx_stream_get(h2_mplx *m, int id)
+++h2_stream *h2_mplx_t_stream_get(h2_mplx *m, h2_task *task)
++ {
++     h2_stream *s = NULL;
++
++     H2_MPLX_ENTER_ALWAYS(m);
++
++-    s = h2_ihash_get(m->streams, id);
+++    s = h2_ihash_get(m->streams, task->stream_id);
++
++     H2_MPLX_LEAVE(m);
++     return s;
++ }
++
++-static void output_produced(void *ctx, h2_bucket_beam *beam, apr_off_t bytes)
+++static void mst_output_produced(void *ctx, h2_bucket_beam *beam, apr_off_t bytes)
++ {
++     h2_stream *stream = ctx;
++     h2_mplx *m = stream->session->mplx;
++
++-    check_data_for(m, stream, 0);
+++    mst_check_data_for(m, stream, 0);
++ }
++
++-static apr_status_t out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
+++static apr_status_t t_out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
++ {
++     h2_stream *stream = h2_ihash_get(m->streams, stream_id);
++
++@@ -527,26 +533,26 @@ static apr_status_t out_open(h2_mplx *m,
++     stream->output = beam;
++
++     if (APLOGctrace2(m->c)) {
++-        h2_beam_log(beam, m->c, APLOG_TRACE2, "out_open");
+++        h2_beam_log(beam, stream->task->c, APLOG_TRACE2, "out_open");
++     }
++     else {
++-        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
+++        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, stream->task->c,
++                       "h2_mplx(%s): out open", stream->task->id);
++     }
++
++-    h2_beam_on_consumed(stream->output, NULL, stream_output_consumed, stream);
++-    h2_beam_on_produced(stream->output, output_produced, stream);
+++    h2_beam_on_consumed(stream->output, NULL, mst_stream_output_consumed, stream);
+++    h2_beam_on_produced(stream->output, mst_output_produced, stream);
++     if (stream->task->output.copy_files) {
++         h2_beam_on_file_beam(stream->output, h2_beam_no_files, NULL);
++     }
++
++     /* we might see some file buckets in the output, see
++      * if we have enough handles reserved. */
++-    check_data_for(m, stream, 1);
+++    mst_check_data_for(m, stream, 1);
++     return APR_SUCCESS;
++ }
++
++-apr_status_t h2_mplx_out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
+++apr_status_t h2_mplx_t_out_open(h2_mplx *m, int stream_id, h2_bucket_beam *beam)
++ {
++     apr_status_t status;
++
++@@ -556,14 +562,14 @@ apr_status_t h2_mplx_out_open(h2_mplx *m
++         status = APR_ECONNABORTED;
++     }
++     else {
++-        status = out_open(m, stream_id, beam);
+++        status = t_out_open(m, stream_id, beam);
++     }
++
++     H2_MPLX_LEAVE(m);
++     return status;
++ }
++
++-static apr_status_t out_close(h2_mplx *m, h2_task *task)
+++static apr_status_t s_out_close(h2_mplx *m, h2_task *task)
++ {
++     apr_status_t status = APR_SUCCESS;
++     h2_stream *stream;
++@@ -580,17 +586,17 @@ static apr_status_t out_close(h2_mplx *m
++         return APR_ECONNABORTED;
++     }
++
++-    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, m->c,
+++    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, task->c,
++                   "h2_mplx(%s): close", task->id);
++     status = h2_beam_close(task->output.beam);
++-    h2_beam_log(task->output.beam, m->c, APLOG_TRACE2, "out_close");
++-    output_consumed_signal(m, task);
++-    check_data_for(m, stream, 1);
+++    h2_beam_log(task->output.beam, task->c, APLOG_TRACE2, "out_close");
+++    s_output_consumed_signal(m, task);
+++    mst_check_data_for(m, stream, 1);
++     return status;
++ }
++
++-apr_status_t h2_mplx_out_trywait(h2_mplx *m, apr_interval_time_t timeout,
++-                                 apr_thread_cond_t *iowait)
+++apr_status_t h2_mplx_m_out_trywait(h2_mplx *m, apr_interval_time_t timeout,
+++                                   apr_thread_cond_t *iowait)
++ {
++     apr_status_t status;
++
++@@ -599,12 +605,12 @@ apr_status_t h2_mplx_out_trywait(h2_mplx
++     if (m->aborted) {
++         status = APR_ECONNABORTED;
++     }
++-    else if (h2_mplx_has_master_events(m)) {
+++    else if (h2_mplx_m_has_master_events(m)) {
++         status = APR_SUCCESS;
++     }
++     else {
++-        purge_streams(m, 0);
++-        h2_ihash_iter(m->streams, report_consumption_iter, m);
+++        m_purge_streams(m, 0);
+++        h2_ihash_iter(m->streams, m_report_consumption_iter, m);
++         m->added_output = iowait;
++         status = apr_thread_cond_timedwait(m->added_output, m->lock, timeout);
++         if (APLOGctrace2(m->c)) {
++@@ -619,7 +625,7 @@ apr_status_t h2_mplx_out_trywait(h2_mplx
++     return status;
++ }
++
++-static void check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked)
+++static void mst_check_data_for(h2_mplx *m, h2_stream *stream, int mplx_is_locked)
++ {
++     /* If m->lock is already held, we must release during h2_ififo_push()
++      * which can wait on its not_full condition, causing a deadlock because
++@@ -639,7 +645,7 @@ static void check_data_for(h2_mplx *m, h
++     }
++ }
++
++-apr_status_t h2_mplx_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx)
+++apr_status_t h2_mplx_m_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx)
++ {
++     apr_status_t status;
++
++@@ -659,22 +665,22 @@ apr_status_t h2_mplx_reprioritize(h2_mpl
++     return status;
++ }
++
++-static void register_if_needed(h2_mplx *m)
+++static void ms_register_if_needed(h2_mplx *m, int from_master)
++ {
++     if (!m->aborted && !m->is_registered && !h2_iq_empty(m->q)) {
++         apr_status_t status = h2_workers_register(m->workers, m);
++         if (status == APR_SUCCESS) {
++             m->is_registered = 1;
++         }
++-        else {
+++        else if (from_master) {
++             ap_log_cerror(APLOG_MARK, APLOG_ERR, status, m->c, APLOGNO(10021)
++                           "h2_mplx(%ld): register at workers", m->id);
++         }
++     }
++ }
++
++-apr_status_t h2_mplx_process(h2_mplx *m, struct h2_stream *stream,
++-                             h2_stream_pri_cmp *cmp, void *ctx)
+++apr_status_t h2_mplx_m_process(h2_mplx *m, struct h2_stream *stream,
+++                               h2_stream_pri_cmp *cmp, void *ctx)
++ {
++     apr_status_t status;
++
++@@ -688,13 +694,13 @@ apr_status_t h2_mplx_process(h2_mplx *m,
++         h2_ihash_add(m->streams, stream);
++         if (h2_stream_is_ready(stream)) {
++             /* already have a response */
++-            check_data_for(m, stream, 1);
+++            mst_check_data_for(m, stream, 1);
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
++                           H2_STRM_MSG(stream, "process, add to readyq"));
++         }
++         else {
++             h2_iq_add(m->q, stream->id, cmp, ctx);
++-            register_if_needed(m);
+++            ms_register_if_needed(m, 1);
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
++                           H2_STRM_MSG(stream, "process, added to q"));
++         }
++@@ -704,7 +710,7 @@ apr_status_t h2_mplx_process(h2_mplx *m,
++     return status;
++ }
++
++-static h2_task *next_stream_task(h2_mplx *m)
+++static h2_task *s_next_stream_task(h2_mplx *m)
++ {
++     h2_stream *stream;
++     int sid;
++@@ -713,15 +719,15 @@ static h2_task *next_stream_task(h2_mplx
++
++         stream = h2_ihash_get(m->streams, sid);
++         if (stream) {
++-            conn_rec *slave, **pslave;
+++            conn_rec *secondary, **psecondary;
++
++-            pslave = (conn_rec **)apr_array_pop(m->spare_slaves);
++-            if (pslave) {
++-                slave = *pslave;
++-                slave->aborted = 0;
+++            psecondary = (conn_rec **)apr_array_pop(m->spare_secondary);
+++            if (psecondary) {
+++                secondary = *psecondary;
+++                secondary->aborted = 0;
++             }
++             else {
++-                slave = h2_slave_create(m->c, stream->id, m->pool);
+++                secondary = h2_secondary_create(m->c, stream->id, m->pool);
++             }
++
++             if (!stream->task) {
++@@ -729,16 +735,16 @@ static h2_task *next_stream_task(h2_mplx
++                     m->max_stream_started = sid;
++                 }
++                 if (stream->input) {
++-                    h2_beam_on_consumed(stream->input, stream_input_ev,
++-                                        stream_input_consumed, stream);
+++                    h2_beam_on_consumed(stream->input, mst_stream_input_ev,
+++                                        m_stream_input_consumed, stream);
++                 }
++
++-                stream->task = h2_task_create(slave, stream->id,
+++                stream->task = h2_task_create(secondary, stream->id,
++                                               stream->request, m, stream->input,
++                                               stream->session->s->timeout,
++                                               m->stream_max_mem);
++                 if (!stream->task) {
++-                    ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, slave,
+++                    ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, secondary,
++                                   H2_STRM_LOG(APLOGNO(02941), stream,
++                                   "create task"));
++                     return NULL;
++@@ -753,7 +759,7 @@ static h2_task *next_stream_task(h2_mplx
++     return NULL;
++ }
++
++-apr_status_t h2_mplx_pop_task(h2_mplx *m, h2_task **ptask)
+++apr_status_t h2_mplx_s_pop_task(h2_mplx *m, h2_task **ptask)
++ {
++     apr_status_t rv = APR_EOF;
++
++@@ -769,7 +775,7 @@ apr_status_t h2_mplx_pop_task(h2_mplx *m
++         rv = APR_EOF;
++     }
++     else {
++-        *ptask = next_stream_task(m);
+++        *ptask = s_next_stream_task(m);
++         rv = (*ptask != NULL && !h2_iq_empty(m->q))? APR_EAGAIN : APR_SUCCESS;
++     }
++     if (APR_EAGAIN != rv) {
++@@ -779,22 +785,22 @@ apr_status_t h2_mplx_pop_task(h2_mplx *m
++     return rv;
++ }
++
++-static void task_done(h2_mplx *m, h2_task *task)
+++static void s_task_done(h2_mplx *m, h2_task *task)
++ {
++     h2_stream *stream;
++
++-    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
+++    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, task->c,
++                   "h2_mplx(%ld): task(%s) done", m->id, task->id);
++-    out_close(m, task);
+++    s_out_close(m, task);
++
++     task->worker_done = 1;
++     task->done_at = apr_time_now();
++-    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
+++    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, task->c,
++                   "h2_mplx(%s): request done, %f ms elapsed", task->id,
++                   (task->done_at - task->started_at) / 1000.0);
++
++     if (task->c && !task->c->aborted && task->started_at > m->last_mood_change) {
++-        mplx_be_happy(m);
+++        s_mplx_be_happy(m, task);
++     }
++
++     ap_assert(task->done_done == 0);
++@@ -806,60 +812,60 @@ static void task_done(h2_mplx *m, h2_tas
++             /* reset and schedule again */
++             h2_task_redo(task);
++             h2_iq_add(m->q, stream->id, NULL, NULL);
++-            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, m->c,
+++            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, task->c,
++                           H2_STRM_MSG(stream, "redo, added to q"));
++         }
++         else {
++             /* stream not cleaned up, stay around */
++             task->done_done = 1;
++-            ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
+++            ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, task->c,
++                           H2_STRM_MSG(stream, "task_done, stream open"));
++             if (stream->input) {
++                 h2_beam_leave(stream->input);
++             }
++
++             /* more data will not arrive, resume the stream */
++-            check_data_for(m, stream, 1);
+++            mst_check_data_for(m, stream, 1);
++         }
++     }
++     else if ((stream = h2_ihash_get(m->shold, task->stream_id)) != NULL) {
++         /* stream is done, was just waiting for this. */
++         task->done_done = 1;
++-        ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
+++        ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, task->c,
++                       H2_STRM_MSG(stream, "task_done, in hold"));
++         if (stream->input) {
++             h2_beam_leave(stream->input);
++         }
++-        stream_joined(m, stream);
+++        ms_stream_joined(m, stream);
++     }
++     else if ((stream = h2_ihash_get(m->spurge, task->stream_id)) != NULL) {
++-        ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c,
+++        ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, task->c,
++                       H2_STRM_LOG(APLOGNO(03517), stream, "already in spurge"));
++         ap_assert("stream should not be in spurge" == NULL);
++     }
++     else {
++-        ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, APLOGNO(03518)
+++        ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, task->c, APLOGNO(03518)
++                       "h2_mplx(%s): task_done, stream not found",
++                       task->id);
++         ap_assert("stream should still be available" == NULL);
++     }
++ }
++
++-void h2_mplx_task_done(h2_mplx *m, h2_task *task, h2_task **ptask)
+++void h2_mplx_s_task_done(h2_mplx *m, h2_task *task, h2_task **ptask)
++ {
++     H2_MPLX_ENTER_ALWAYS(m);
++
++     --m->tasks_active;
++-    task_done(m, task);
+++    s_task_done(m, task);
++
++     if (m->join_wait) {
++         apr_thread_cond_signal(m->join_wait);
++     }
++     if (ptask) {
++         /* caller wants another task */
++-        *ptask = next_stream_task(m);
+++        *ptask = s_next_stream_task(m);
++     }
++-    register_if_needed(m);
+++    ms_register_if_needed(m, 0);
++
++     H2_MPLX_LEAVE(m);
++ }
++@@ -868,7 +874,7 @@ void h2_mplx_task_done(h2_mplx *m, h2_ta
++  * h2_mplx DoS protection
++  ******************************************************************************/
++
++-static int timed_out_busy_iter(void *data, void *val)
+++static int m_timed_out_busy_iter(void *data, void *val)
++ {
++     stream_iter_ctx *ctx = data;
++     h2_stream *stream = val;
++@@ -881,17 +887,17 @@ static int timed_out_busy_iter(void *dat
++     return 1;
++ }
++
++-static h2_stream *get_timed_out_busy_stream(h2_mplx *m)
+++static h2_stream *m_get_timed_out_busy_stream(h2_mplx *m)
++ {
++     stream_iter_ctx ctx;
++     ctx.m = m;
++     ctx.stream = NULL;
++     ctx.now = apr_time_now();
++-    h2_ihash_iter(m->streams, timed_out_busy_iter, &ctx);
+++    h2_ihash_iter(m->streams, m_timed_out_busy_iter, &ctx);
++     return ctx.stream;
++ }
++
++-static int latest_repeatable_unsubmitted_iter(void *data, void *val)
+++static int m_latest_repeatable_unsubmitted_iter(void *data, void *val)
++ {
++     stream_iter_ctx *ctx = data;
++     h2_stream *stream = val;
++@@ -917,7 +923,7 @@ leave:
++     return 1;
++ }
++
++-static apr_status_t assess_task_to_throttle(h2_task **ptask, h2_mplx *m)
+++static apr_status_t m_assess_task_to_throttle(h2_task **ptask, h2_mplx *m)
++ {
++     stream_iter_ctx ctx;
++
++@@ -927,7 +933,7 @@ static apr_status_t assess_task_to_throt
++     ctx.m = m;
++     ctx.stream = NULL;
++     ctx.count = 0;
++-    h2_ihash_iter(m->streams, latest_repeatable_unsubmitted_iter, &ctx);
+++    h2_ihash_iter(m->streams, m_latest_repeatable_unsubmitted_iter, &ctx);
++     if (m->tasks_active - ctx.count > m->limit_active) {
++         /* we are above the limit of running tasks, accounting for the ones
++          * already throttled. */
++@@ -936,7 +942,7 @@ static apr_status_t assess_task_to_throt
++             return APR_EAGAIN;
++         }
++         /* above limit, be seeing no candidate for easy throttling */
++-        if (get_timed_out_busy_stream(m)) {
+++        if (m_get_timed_out_busy_stream(m)) {
++             /* Too many busy workers, unable to cancel enough streams
++              * and with a busy, timed out stream, we tell the client
++              * to go away... */
++@@ -946,7 +952,7 @@ static apr_status_t assess_task_to_throt
++     return APR_SUCCESS;
++ }
++
++-static apr_status_t unschedule_slow_tasks(h2_mplx *m)
+++static apr_status_t m_unschedule_slow_tasks(h2_mplx *m)
++ {
++     h2_task *task;
++     apr_status_t rv;
++@@ -954,7 +960,7 @@ static apr_status_t unschedule_slow_task
++     /* Try to get rid of streams that occupy workers. Look for safe requests
++      * that are repeatable. If none found, fail the connection.
++      */
++-    while (APR_EAGAIN == (rv = assess_task_to_throttle(&task, m))) {
+++    while (APR_EAGAIN == (rv = m_assess_task_to_throttle(&task, m))) {
++         ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
++                       "h2_mplx(%s): unschedule, resetting task for redo later",
++                       task->id);
++@@ -965,7 +971,7 @@ static apr_status_t unschedule_slow_task
++     return rv;
++ }
++
++-static apr_status_t mplx_be_happy(h2_mplx *m)
+++static apr_status_t s_mplx_be_happy(h2_mplx *m, h2_task *task)
++ {
++     apr_time_t now;
++
++@@ -977,14 +983,14 @@ static apr_status_t mplx_be_happy(h2_mpl
++         m->limit_active = H2MIN(m->limit_active * 2, m->max_active);
++         m->last_mood_change = now;
++         m->irritations_since = 0;
++-        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
+++        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, task->c,
++                       "h2_mplx(%ld): mood update, increasing worker limit to %d",
++                       m->id, m->limit_active);
++     }
++     return APR_SUCCESS;
++ }
++
++-static apr_status_t mplx_be_annoyed(h2_mplx *m)
+++static apr_status_t m_be_annoyed(h2_mplx *m)
++ {
++     apr_status_t status = APR_SUCCESS;
++     apr_time_t now;
++@@ -1015,12 +1021,12 @@ static apr_status_t mplx_be_annoyed(h2_m
++     }
++
++     if (m->tasks_active > m->limit_active) {
++-        status = unschedule_slow_tasks(m);
+++        status = m_unschedule_slow_tasks(m);
++     }
++     return status;
++ }
++
++-apr_status_t h2_mplx_idle(h2_mplx *m)
+++apr_status_t h2_mplx_m_idle(h2_mplx *m)
++ {
++     apr_status_t status = APR_SUCCESS;
++     apr_size_t scount;
++@@ -1042,7 +1048,7 @@ apr_status_t h2_mplx_idle(h2_mplx *m)
++              * of busy workers we allow for this connection until it
++              * well behaves.
++              */
++-            status = mplx_be_annoyed(m);
+++            status = m_be_annoyed(m);
++         }
++         else if (!h2_iq_empty(m->q)) {
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
++@@ -1072,14 +1078,14 @@ apr_status_t h2_mplx_idle(h2_mplx *m)
++                                   h2_beam_is_closed(stream->output),
++                                   (long)h2_beam_get_buffered(stream->output));
++                     h2_ihash_add(m->streams, stream);
++-                    check_data_for(m, stream, 1);
+++                    mst_check_data_for(m, stream, 1);
++                     stream->out_checked = 1;
++                     status = APR_EAGAIN;
++                 }
++             }
++         }
++     }
++-    register_if_needed(m);
+++    ms_register_if_needed(m, 1);
++
++     H2_MPLX_LEAVE(m);
++     return status;
++@@ -1089,14 +1095,13 @@ apr_status_t h2_mplx_idle(h2_mplx *m)
++  * mplx master events dispatching
++  ******************************************************************************/
++
++-int h2_mplx_has_master_events(h2_mplx *m)
+++int h2_mplx_m_has_master_events(h2_mplx *m)
++ {
++     return apr_atomic_read32(&m->event_pending) > 0;
++ }
++
++-apr_status_t h2_mplx_dispatch_master_events(h2_mplx *m,
++-                                            stream_ev_callback *on_resume,
++-                                            void *on_ctx)
+++apr_status_t h2_mplx_m_dispatch_master_events(h2_mplx *m, stream_ev_callback *on_resume,
+++                                              void *on_ctx)
++ {
++     h2_stream *stream;
++     int n, id;
++@@ -1106,8 +1111,8 @@ apr_status_t h2_mplx_dispatch_master_eve
++     apr_atomic_set32(&m->event_pending, 0);
++
++     /* update input windows for streams */
++-    h2_ihash_iter(m->streams, report_consumption_iter, m);
++-    purge_streams(m, 1);
+++    h2_ihash_iter(m->streams, m_report_consumption_iter, m);
+++    m_purge_streams(m, 1);
++
++     n = h2_ififo_count(m->readyq);
++     while (n > 0
++@@ -1122,13 +1127,13 @@ apr_status_t h2_mplx_dispatch_master_eve
++     return APR_SUCCESS;
++ }
++
++-apr_status_t h2_mplx_keep_active(h2_mplx *m, h2_stream *stream)
+++apr_status_t h2_mplx_m_keep_active(h2_mplx *m, h2_stream *stream)
++ {
++-    check_data_for(m, stream, 0);
+++    mst_check_data_for(m, stream, 0);
++     return APR_SUCCESS;
++ }
++
++-int h2_mplx_awaits_data(h2_mplx *m)
+++int h2_mplx_m_awaits_data(h2_mplx *m)
++ {
++     int waiting = 1;
++
++@@ -1145,7 +1150,7 @@ int h2_mplx_awaits_data(h2_mplx *m)
++     return waiting;
++ }
++
++-apr_status_t h2_mplx_client_rst(h2_mplx *m, int stream_id)
+++apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id)
++ {
++     h2_stream *stream;
++     apr_status_t status = APR_SUCCESS;
++@@ -1153,7 +1158,7 @@ apr_status_t h2_mplx_client_rst(h2_mplx
++     H2_MPLX_ENTER_ALWAYS(m);
++     stream = h2_ihash_get(m->streams, stream_id);
++     if (stream && stream->task) {
++-        status = mplx_be_annoyed(m);
+++        status = m_be_annoyed(m);
++     }
++     H2_MPLX_LEAVE(m);
++     return status;
++--- a/modules/http2/h2_mplx.h
+++++ b/modules/http2/h2_mplx.h
++@@ -31,8 +31,10 @@
++  * queued in the multiplexer. If a task thread tries to write more
++  * data, it is blocked until space becomes available.
++  *
++- * Writing input is never blocked. In order to use flow control on the input,
++- * the mplx can be polled for input data consumption.
+++ * Naming Convention:
+++ * "h2_mplx_m_" are methods only to be called by the main connection
+++ * "h2_mplx_s_" are method only to be called by a secondary connection
+++ * "h2_mplx_t_" are method only to be called by a task handler (can be master or secondary)
++  */
++
++ struct apr_pool_t;
++@@ -88,25 +90,23 @@ struct h2_mplx {
++     apr_size_t stream_max_mem;
++
++     apr_pool_t *spare_io_pool;
++-    apr_array_header_t *spare_slaves; /* spare slave connections */
+++    apr_array_header_t *spare_secondary; /* spare secondary connections */
++
++     struct h2_workers *workers;
++ };
++
++-
++-
++ /*******************************************************************************
++- * Object lifecycle and information.
+++ * From the main connection processing: h2_mplx_m_*
++  ******************************************************************************/
++
++-apr_status_t h2_mplx_child_init(apr_pool_t *pool, server_rec *s);
+++apr_status_t h2_mplx_m_child_init(apr_pool_t *pool, server_rec *s);
++
++ /**
++  * Create the multiplexer for the given HTTP2 session.
++  * Implicitly has reference count 1.
++  */
++-h2_mplx *h2_mplx_create(conn_rec *c, server_rec *s, apr_pool_t *master,
++-                        struct h2_workers *workers);
+++h2_mplx *h2_mplx_m_create(conn_rec *c, server_rec *s, apr_pool_t *master,
+++                          struct h2_workers *workers);
++
++ /**
++  * Decreases the reference counter of this mplx and waits for it
++@@ -116,26 +116,14 @@ h2_mplx *h2_mplx_create(conn_rec *c, ser
++  * @param m the mplx to be released and destroyed
++  * @param wait condition var to wait on for ref counter == 0
++  */
++-void h2_mplx_release_and_join(h2_mplx *m, struct apr_thread_cond_t *wait);
++-
++-apr_status_t h2_mplx_pop_task(h2_mplx *m, struct h2_task **ptask);
++-
++-void h2_mplx_task_done(h2_mplx *m, struct h2_task *task, struct h2_task **ptask);
+++void h2_mplx_m_release_and_join(h2_mplx *m, struct apr_thread_cond_t *wait);
++
++ /**
++  * Shut down the multiplexer gracefully. Will no longer schedule new streams
++  * but let the ongoing ones finish normally.
++  * @return the highest stream id being/been processed
++  */
++-int h2_mplx_shutdown(h2_mplx *m);
++-
++-int h2_mplx_is_busy(h2_mplx *m);
++-
++-/*******************************************************************************
++- * IO lifetime of streams.
++- ******************************************************************************/
++-
++-struct h2_stream *h2_mplx_stream_get(h2_mplx *m, int id);
+++int h2_mplx_m_shutdown(h2_mplx *m);
++
++ /**
++  * Notifies mplx that a stream has been completely handled on the main
++@@ -144,20 +132,16 @@ struct h2_stream *h2_mplx_stream_get(h2_
++  * @param m the mplx itself
++  * @param stream the stream ready for cleanup
++  */
++-apr_status_t h2_mplx_stream_cleanup(h2_mplx *m, struct h2_stream *stream);
+++apr_status_t h2_mplx_m_stream_cleanup(h2_mplx *m, struct h2_stream *stream);
++
++ /**
++  * Waits on output data from any stream in this session to become available.
++  * Returns APR_TIMEUP if no data arrived in the given time.
++  */
++-apr_status_t h2_mplx_out_trywait(h2_mplx *m, apr_interval_time_t timeout,
++-                                 struct apr_thread_cond_t *iowait);
++-
++-apr_status_t h2_mplx_keep_active(h2_mplx *m, struct h2_stream *stream);
+++apr_status_t h2_mplx_m_out_trywait(h2_mplx *m, apr_interval_time_t timeout,
+++                                   struct apr_thread_cond_t *iowait);
++
++-/*******************************************************************************
++- * Stream processing.
++- ******************************************************************************/
+++apr_status_t h2_mplx_m_keep_active(h2_mplx *m, struct h2_stream *stream);
++
++ /**
++  * Process a stream request.
++@@ -168,8 +152,8 @@ apr_status_t h2_mplx_keep_active(h2_mplx
++  * @param cmp the stream priority compare function
++  * @param ctx context data for the compare function
++  */
++-apr_status_t h2_mplx_process(h2_mplx *m, struct h2_stream *stream,
++-                             h2_stream_pri_cmp *cmp, void *ctx);
+++apr_status_t h2_mplx_m_process(h2_mplx *m, struct h2_stream *stream,
+++                               h2_stream_pri_cmp *cmp, void *ctx);
++
++ /**
++  * Stream priorities have changed, reschedule pending requests.
++@@ -178,7 +162,7 @@ apr_status_t h2_mplx_process(h2_mplx *m,
++  * @param cmp the stream priority compare function
++  * @param ctx context data for the compare function
++  */
++-apr_status_t h2_mplx_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx);
+++apr_status_t h2_mplx_m_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx);
++
++ typedef apr_status_t stream_ev_callback(void *ctx, struct h2_stream *stream);
++
++@@ -186,7 +170,7 @@ typedef apr_status_t stream_ev_callback(
++  * Check if the multiplexer has events for the master connection pending.
++  * @return != 0 iff there are events pending
++  */
++-int h2_mplx_has_master_events(h2_mplx *m);
+++int h2_mplx_m_has_master_events(h2_mplx *m);
++
++ /**
++  * Dispatch events for the master connection, such as
++@@ -194,108 +178,46 @@ int h2_mplx_has_master_events(h2_mplx *m
++  * @param on_resume new output data has arrived for a suspended stream
++  * @param ctx user supplied argument to invocation.
++  */
++-apr_status_t h2_mplx_dispatch_master_events(h2_mplx *m,
++-                                            stream_ev_callback *on_resume,
++-                                            void *ctx);
+++apr_status_t h2_mplx_m_dispatch_master_events(h2_mplx *m, stream_ev_callback *on_resume,
+++                                              void *ctx);
++
++-int h2_mplx_awaits_data(h2_mplx *m);
+++int h2_mplx_m_awaits_data(h2_mplx *m);
++
++ typedef int h2_mplx_stream_cb(struct h2_stream *s, void *ctx);
++
++-apr_status_t h2_mplx_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx);
+++apr_status_t h2_mplx_m_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx);
++
++-apr_status_t h2_mplx_client_rst(h2_mplx *m, int stream_id);
++-
++-/*******************************************************************************
++- * Output handling of streams.
++- ******************************************************************************/
+++apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id);
++
++ /**
++- * Opens the output for the given stream with the specified response.
+++ * Master connection has entered idle mode.
+++ * @param m the mplx instance of the master connection
+++ * @return != SUCCESS iff connection should be terminated
++  */
++-apr_status_t h2_mplx_out_open(h2_mplx *mplx, int stream_id,
++-                              struct h2_bucket_beam *beam);
+++apr_status_t h2_mplx_m_idle(h2_mplx *m);
++
++ /*******************************************************************************
++- * h2_mplx list Manipulation.
+++ * From a secondary connection processing: h2_mplx_s_*
++  ******************************************************************************/
+++apr_status_t h2_mplx_s_pop_task(h2_mplx *m, struct h2_task **ptask);
+++void h2_mplx_s_task_done(h2_mplx *m, struct h2_task *task, struct h2_task **ptask);
++
++-/**
++- * The magic pointer value that indicates the head of a h2_mplx list
++- * @param  b The mplx list
++- * @return The magic pointer value
++- */
++-#define H2_MPLX_LIST_SENTINEL(b)	APR_RING_SENTINEL((b), h2_mplx, link)
++-
++-/**
++- * Determine if the mplx list is empty
++- * @param b The list to check
++- * @return true or false
++- */
++-#define H2_MPLX_LIST_EMPTY(b)	APR_RING_EMPTY((b), h2_mplx, link)
++-
++-/**
++- * Return the first mplx in a list
++- * @param b The list to query
++- * @return The first mplx in the list
++- */
++-#define H2_MPLX_LIST_FIRST(b)	APR_RING_FIRST(b)
++-
++-/**
++- * Return the last mplx in a list
++- * @param b The list to query
++- * @return The last mplx int he list
++- */
++-#define H2_MPLX_LIST_LAST(b)	APR_RING_LAST(b)
++-
++-/**
++- * Insert a single mplx at the front of a list
++- * @param b The list to add to
++- * @param e The mplx to insert
++- */
++-#define H2_MPLX_LIST_INSERT_HEAD(b, e) do {				\
++-h2_mplx *ap__b = (e);                                        \
++-APR_RING_INSERT_HEAD((b), ap__b, h2_mplx, link);	\
++-} while (0)
++-
++-/**
++- * Insert a single mplx at the end of a list
++- * @param b The list to add to
++- * @param e The mplx to insert
++- */
++-#define H2_MPLX_LIST_INSERT_TAIL(b, e) do {				\
++-h2_mplx *ap__b = (e);					\
++-APR_RING_INSERT_TAIL((b), ap__b, h2_mplx, link);	\
++-} while (0)
+++/*******************************************************************************
+++ * From a h2_task owner: h2_mplx_s_*
+++ * (a task is transfered from master to secondary connection and back in
+++ * its normal lifetime).
+++ ******************************************************************************/
++
++ /**
++- * Get the next mplx in the list
++- * @param e The current mplx
++- * @return The next mplx
++- */
++-#define H2_MPLX_NEXT(e)	APR_RING_NEXT((e), link)
++-/**
++- * Get the previous mplx in the list
++- * @param e The current mplx
++- * @return The previous mplx
+++ * Opens the output for the given stream with the specified response.
++  */
++-#define H2_MPLX_PREV(e)	APR_RING_PREV((e), link)
+++apr_status_t h2_mplx_t_out_open(h2_mplx *mplx, int stream_id,
+++                                struct h2_bucket_beam *beam);
++
++ /**
++- * Remove a mplx from its list
++- * @param e The mplx to remove
+++ * Get the stream that belongs to the given task.
++  */
++-#define H2_MPLX_REMOVE(e)	APR_RING_REMOVE((e), link)
++-
++-/*******************************************************************************
++- * h2_mplx DoS protection
++- ******************************************************************************/
+++struct h2_stream *h2_mplx_t_stream_get(h2_mplx *m, struct h2_task *task);
++
++-/**
++- * Master connection has entered idle mode.
++- * @param m the mplx instance of the master connection
++- * @return != SUCCESS iff connection should be terminated
++- */
++-apr_status_t h2_mplx_idle(h2_mplx *m);
++
++ #endif /* defined(__mod_h2__h2_mplx__) */
++--- a/modules/http2/h2_request.c
+++++ b/modules/http2/h2_request.c
++@@ -288,6 +288,9 @@ request_rec *h2_request_create_rec(const
++     if (r->method_number == M_GET && r->method[0] == 'H') {
++         r->header_only = 1;
++     }
+++    r->the_request = apr_psprintf(r->pool, "%s %s HTTP/2.0",
+++                                  req->method, req->path ? req->path : "");
+++    r->headers_in = apr_table_clone(r->pool, req->headers);
++
++     rpath = (req->path ? req->path : "");
++     ap_parse_uri(r, rpath);
++@@ -304,7 +307,9 @@ request_rec *h2_request_create_rec(const
++      */
++     r->hostname = NULL;
++     ap_update_vhost_from_headers(r);
++-
+++    r->protocol = "HTTP/2.0";
+++    r->proto_num = HTTP_VERSION(2, 0);
+++
++     /* we may have switched to another server */
++     r->per_dir_config = r->server->lookup_defaults;
++
++--- a/modules/http2/h2_session.c
+++++ b/modules/http2/h2_session.c
++@@ -106,7 +106,7 @@ static int rst_unprocessed_stream(h2_str
++
++ static void cleanup_unprocessed_streams(h2_session *session)
++ {
++-    h2_mplx_stream_do(session->mplx, rst_unprocessed_stream, session);
+++    h2_mplx_m_stream_do(session->mplx, rst_unprocessed_stream, session);
++ }
++
++ static h2_stream *h2_session_open_stream(h2_session *session, int stream_id,
++@@ -397,7 +397,7 @@ static int on_frame_recv_cb(nghttp2_sess
++             else {
++                 /* A stream reset on a request it sent us. Could happen in a browser
++                  * when the user navigates away or cancels loading - maybe. */
++-                h2_mplx_client_rst(session->mplx, frame->hd.stream_id);
+++                h2_mplx_m_client_rst(session->mplx, frame->hd.stream_id);
++                 ++session->streams_reset;
++             }
++             break;
++@@ -467,7 +467,7 @@ static int on_frame_recv_cb(nghttp2_sess
++ }
++
++ static int h2_session_continue_data(h2_session *session) {
++-    if (h2_mplx_has_master_events(session->mplx)) {
+++    if (h2_mplx_m_has_master_events(session->mplx)) {
++         return 0;
++     }
++     if (h2_conn_io_needs_flush(&session->io)) {
++@@ -729,7 +729,7 @@ static apr_status_t h2_session_shutdown(
++          * Remove all streams greater than this number without submitting
++          * a RST_STREAM frame, since that should be clear from the GOAWAY
++          * we send. */
++-        session->local.accepted_max = h2_mplx_shutdown(session->mplx);
+++        session->local.accepted_max = h2_mplx_m_shutdown(session->mplx);
++         session->local.error = error;
++     }
++     else {
++@@ -779,7 +779,7 @@ static apr_status_t session_cleanup(h2_s
++     }
++
++     transit(session, trigger, H2_SESSION_ST_CLEANUP);
++-    h2_mplx_release_and_join(session->mplx, session->iowait);
+++    h2_mplx_m_release_and_join(session->mplx, session->iowait);
++     session->mplx = NULL;
++
++     ap_assert(session->ngh2);
++@@ -800,7 +800,7 @@ static apr_status_t session_pool_cleanup
++         /* if the session is still there, now is the last chance
++          * to perform cleanup. Normally, cleanup should have happened
++          * earlier in the connection pre_close. Main reason is that
++-         * any ongoing requests on slave connections might still access
+++         * any ongoing requests on secondary connections might still access
++          * data which has, at this time, already been freed. An example
++          * is mod_ssl that uses request hooks. */
++         ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c,
++@@ -893,7 +893,7 @@ apr_status_t h2_session_create(h2_sessio
++     session->monitor->on_state_event = on_stream_state_event;
++     session->monitor->on_event = on_stream_event;
++
++-    session->mplx = h2_mplx_create(c, s, session->pool, workers);
+++    session->mplx = h2_mplx_m_create(c, s, session->pool, workers);
++
++     /* connection input filter that feeds the session */
++     session->cin = h2_filter_cin_create(session);
++@@ -1552,7 +1552,7 @@ static void h2_session_in_flush(h2_sessi
++         if (stream) {
++             ap_assert(!stream->scheduled);
++             if (h2_stream_prep_processing(stream) == APR_SUCCESS) {
++-                h2_mplx_process(session->mplx, stream, stream_pri_cmp, session);
+++                h2_mplx_m_process(session->mplx, stream, stream_pri_cmp, session);
++             }
++             else {
++                 h2_stream_rst(stream, H2_ERR_INTERNAL_ERROR);
++@@ -1824,7 +1824,7 @@ static void h2_session_ev_no_io(h2_sessi
++                           session->open_streams);
++             h2_conn_io_flush(&session->io);
++             if (session->open_streams > 0) {
++-                if (h2_mplx_awaits_data(session->mplx)) {
+++                if (h2_mplx_m_awaits_data(session->mplx)) {
++                     /* waiting for at least one stream to produce data */
++                     transit(session, "no io", H2_SESSION_ST_WAIT);
++                 }
++@@ -1983,7 +1983,7 @@ static void on_stream_state_enter(void *
++             break;
++         case H2_SS_CLEANUP:
++             nghttp2_session_set_stream_user_data(session->ngh2, stream->id, NULL);
++-            h2_mplx_stream_cleanup(session->mplx, stream);
+++            h2_mplx_m_stream_cleanup(session->mplx, stream);
++             break;
++         default:
++             break;
++@@ -2073,7 +2073,7 @@ static void dispatch_event(h2_session *s
++ static apr_status_t dispatch_master(h2_session *session) {
++     apr_status_t status;
++
++-    status = h2_mplx_dispatch_master_events(session->mplx,
+++    status = h2_mplx_m_dispatch_master_events(session->mplx,
++                                             on_stream_resume, session);
++     if (status == APR_EAGAIN) {
++         ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, session->c,
++@@ -2175,7 +2175,7 @@ apr_status_t h2_session_process(h2_sessi
++                         session->have_read = 1;
++                     }
++                     else if (APR_STATUS_IS_EAGAIN(status) || APR_STATUS_IS_TIMEUP(status)) {
++-                        status = h2_mplx_idle(session->mplx);
+++                        status = h2_mplx_m_idle(session->mplx);
++                         if (status == APR_EAGAIN) {
++                             break;
++                         }
++@@ -2205,7 +2205,7 @@ apr_status_t h2_session_process(h2_sessi
++                     /* We wait in smaller increments, using a 1 second timeout.
++                      * That gives us the chance to check for MPMQ_STOPPING often.
++                      */
++-                    status = h2_mplx_idle(session->mplx);
+++                    status = h2_mplx_m_idle(session->mplx);
++                     if (status == APR_EAGAIN) {
++                         break;
++                     }
++@@ -2319,7 +2319,7 @@ apr_status_t h2_session_process(h2_sessi
++                                   "h2_session: wait for data, %ld micros",
++                                   (long)session->wait_us);
++                 }
++-                status = h2_mplx_out_trywait(session->mplx, session->wait_us,
+++                status = h2_mplx_m_out_trywait(session->mplx, session->wait_us,
++                                              session->iowait);
++                 if (status == APR_SUCCESS) {
++                     session->wait_us = 0;
++@@ -2356,7 +2356,7 @@ apr_status_t h2_session_process(h2_sessi
++             dispatch_event(session, H2_SESSION_EV_NGH2_DONE, 0, NULL);
++         }
++         if (session->reprioritize) {
++-            h2_mplx_reprioritize(session->mplx, stream_pri_cmp, session);
+++            h2_mplx_m_reprioritize(session->mplx, stream_pri_cmp, session);
++             session->reprioritize = 0;
++         }
++     }
++--- a/modules/http2/h2_session.h
+++++ b/modules/http2/h2_session.h
++@@ -132,7 +132,7 @@ typedef struct h2_session {
++     const char *last_status_msg;    /* the one already reported */
++
++     struct h2_iqueue *in_pending;   /* all streams with input pending */
++-    struct h2_iqueue *in_process;   /* all streams ready for processing on slave */
+++    struct h2_iqueue *in_process;   /* all streams ready for processing on a secondary */
++
++ } h2_session;
++
++--- a/modules/http2/h2_stream.c
+++++ b/modules/http2/h2_stream.c
++@@ -903,7 +903,7 @@ apr_status_t h2_stream_out_prepare(h2_st
++
++     if (status == APR_EAGAIN) {
++         /* TODO: ugly, someone needs to retrieve the response first */
++-        h2_mplx_keep_active(stream->session->mplx, stream);
+++        h2_mplx_m_keep_active(stream->session->mplx, stream);
++         ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c,
++                       H2_STRM_MSG(stream, "prep, response eagain"));
++         return status;
++--- a/modules/http2/h2_task.c
+++++ b/modules/http2/h2_task.c
++@@ -86,7 +86,7 @@ static apr_status_t open_output(h2_task
++                   task->request->authority,
++                   task->request->path);
++     task->output.opened = 1;
++-    return h2_mplx_out_open(task->mplx, task->stream_id, task->output.beam);
+++    return h2_mplx_t_out_open(task->mplx, task->stream_id, task->output.beam);
++ }
++
++ static apr_status_t send_out(h2_task *task, apr_bucket_brigade* bb, int block)
++@@ -126,8 +126,8 @@ static apr_status_t send_out(h2_task *ta
++  * request_rec out filter chain) into the h2_mplx for further sending
++  * on the master connection.
++  */
++-static apr_status_t slave_out(h2_task *task, ap_filter_t* f,
++-                              apr_bucket_brigade* bb)
+++static apr_status_t secondary_out(h2_task *task, ap_filter_t* f,
+++                                  apr_bucket_brigade* bb)
++ {
++     apr_bucket *b;
++     apr_status_t rv = APR_SUCCESS;
++@@ -175,7 +175,7 @@ send:
++             if (APR_SUCCESS == rv) {
++                 /* could not write all, buffer the rest */
++                 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, task->c, APLOGNO(03405)
++-                              "h2_slave_out(%s): saving brigade", task->id);
+++                              "h2_secondary_out(%s): saving brigade", task->id);
++                 ap_assert(NULL);
++                 rv = ap_save_brigade(f, &task->output.bb, &bb, task->pool);
++                 flush = 1;
++@@ -189,7 +189,7 @@ send:
++     }
++ out:
++     ap_log_cerror(APLOG_MARK, APLOG_TRACE2, rv, task->c,
++-                  "h2_slave_out(%s): slave_out leave", task->id);
+++                  "h2_secondary_out(%s): secondary_out leave", task->id);
++     return rv;
++ }
++
++@@ -202,14 +202,14 @@ static apr_status_t output_finish(h2_tas
++ }
++
++ /*******************************************************************************
++- * task slave connection filters
+++ * task secondary connection filters
++  ******************************************************************************/
++
++-static apr_status_t h2_filter_slave_in(ap_filter_t* f,
++-                                       apr_bucket_brigade* bb,
++-                                       ap_input_mode_t mode,
++-                                       apr_read_type_e block,
++-                                       apr_off_t readbytes)
+++static apr_status_t h2_filter_secondary_in(ap_filter_t* f,
+++                                           apr_bucket_brigade* bb,
+++                                           ap_input_mode_t mode,
+++                                           apr_read_type_e block,
+++                                           apr_off_t readbytes)
++ {
++     h2_task *task;
++     apr_status_t status = APR_SUCCESS;
++@@ -224,7 +224,7 @@ static apr_status_t h2_filter_slave_in(a
++
++     if (trace1) {
++         ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
++-                      "h2_slave_in(%s): read, mode=%d, block=%d, readbytes=%ld",
+++                      "h2_secondary_in(%s): read, mode=%d, block=%d, readbytes=%ld",
++                       task->id, mode, block, (long)readbytes);
++     }
++
++@@ -254,7 +254,7 @@ static apr_status_t h2_filter_slave_in(a
++         /* Get more input data for our request. */
++         if (trace1) {
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
++-                          "h2_slave_in(%s): get more data from mplx, block=%d, "
+++                          "h2_secondary_in(%s): get more data from mplx, block=%d, "
++                           "readbytes=%ld", task->id, block, (long)readbytes);
++         }
++         if (task->input.beam) {
++@@ -267,7 +267,7 @@ static apr_status_t h2_filter_slave_in(a
++
++         if (trace1) {
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, f->c,
++-                          "h2_slave_in(%s): read returned", task->id);
+++                          "h2_secondary_in(%s): read returned", task->id);
++         }
++         if (APR_STATUS_IS_EAGAIN(status)
++             && (mode == AP_MODE_GETLINE || block == APR_BLOCK_READ)) {
++@@ -306,7 +306,7 @@ static apr_status_t h2_filter_slave_in(a
++     if (APR_BRIGADE_EMPTY(task->input.bb)) {
++         if (trace1) {
++             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
++-                          "h2_slave_in(%s): no data", task->id);
+++                          "h2_secondary_in(%s): no data", task->id);
++         }
++         return (block == APR_NONBLOCK_READ)? APR_EAGAIN : APR_EOF;
++     }
++@@ -334,7 +334,7 @@ static apr_status_t h2_filter_slave_in(a
++             buffer[len] = 0;
++             if (trace1) {
++                 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
++-                              "h2_slave_in(%s): getline: %s",
+++                              "h2_secondary_in(%s): getline: %s",
++                               task->id, buffer);
++             }
++         }
++@@ -344,7 +344,7 @@ static apr_status_t h2_filter_slave_in(a
++          * to support it. Seems to work. */
++         ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOTIMPL, f->c,
++                       APLOGNO(03472)
++-                      "h2_slave_in(%s), unsupported READ mode %d",
+++                      "h2_secondary_in(%s), unsupported READ mode %d",
++                       task->id, mode);
++         status = APR_ENOTIMPL;
++     }
++@@ -352,19 +352,19 @@ static apr_status_t h2_filter_slave_in(a
++     if (trace1) {
++         apr_brigade_length(bb, 0, &bblen);
++         ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
++-                      "h2_slave_in(%s): %ld data bytes", task->id, (long)bblen);
+++                      "h2_secondary_in(%s): %ld data bytes", task->id, (long)bblen);
++     }
++     return status;
++ }
++
++-static apr_status_t h2_filter_slave_output(ap_filter_t* filter,
++-                                           apr_bucket_brigade* brigade)
+++static apr_status_t h2_filter_secondary_output(ap_filter_t* filter,
+++                                               apr_bucket_brigade* brigade)
++ {
++     h2_task *task = h2_ctx_get_task(filter->c);
++     apr_status_t status;
++
++     ap_assert(task);
++-    status = slave_out(task, filter, brigade);
+++    status = secondary_out(task, filter, brigade);
++     if (status != APR_SUCCESS) {
++         h2_task_rst(task, H2_ERR_INTERNAL_ERROR);
++     }

Ubuntuapache2 package

Merge ~bryce/ubuntu/+source/apache2:sru-lp1832182-graceful-revert-bionic into ubuntu/+source/apache2:ubuntu/devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
apache2 package