Merged to latest 2.4.x.

  *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]

  *) mpm_unix: Apache fails to start if previously crashed then restarted with

     the same PID (e.g. in container).  PR 60261.

     [Val <valentin.bremond gmail.com>, Yann Ylavic]

  *) mod_http2: unannounced and multiple interim responses (status code < 200)

     are parsed and forwarded to client until a final response arrives.

     [Stefan Eissing]

  *) mod_proxy_http2: improved robustness when main connection is closed early

     by resetting all ongoing streams against the backend.

     [Stefan Eissing]

  *) mod_http2: allocators from slave connections are released earlier, resulting

     in less overall memory use on busy, long lived connections.

     [Stefan Eissing]

  *) mod_remoteip: Pick up where we left off during a subrequest rather

     than running with the modified XFF but original TCP address.

     PR 49839/PR 60251

  *) http: Respond with "408 Request Timeout" when a timeout occurs while

     reading the request body.  [Yann Ylavic]

  *) mod_http2: connection shutdown revisited: corrected edge cases on

     shutting down ongoing streams, changed log warnings to be less noisy

     when waiting on long running tasks. [Stefan Eissing]

  *) mod_http2: changed all AP_DEBUG_ASSERT to ap_assert to have them 

     available also in normal deployments. [Stefan Eissing]

  *) mod_http2/mod_proxy_http2: 100-continue handling now properly implemented

     up to the backend. Reused HTTP/2 proxy connections with more than a second

     not used will block request bodies until a PING answer is received.

     Requests headers are not delayed by this, since they are repeatable in

     case of failure. This greatly increases robustness, especially with

     busy server and/or low keepalive connections. [Stefan Eissing]

  *) mod_proxy_http2: fixed duplicate symbols with mod_http2.

     [Stefan Eissing]

  *) mod_http2: rewrite of how responses and trailers are transferred between

     master and slave connection. Reduction of internal states for tasks

     and streams, stability. Heuristic id generation for slave connections

     to better keep promise of connection ids unique at given point int time.

     Fix for mod_cgid interop in high load situtations. 

     Fix for handling of incoming trailers when no request body is sent.

     [Stefan Eissing]

  *) mod_http2: fix suspended handling for streams. Output could become

     blocked in rare cases. [Stefan Eissing]

  *) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in

     use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]

  *) mod_cgid: Resolve a case where a short CGI response causes a subsequent

     CGI to be killed prematurely, resulting in a truncated subsequent

     response. [Eric Covener]

  *) mod_proxy_hcheck: Set health check URI and expression correctly for health

     check worker. PR 60038 [zdeno <zdeno@scnet.sk>]

  *) mod_http2: if configured with nghttp2 1.14.0 and onward, invalid request

     headers will immediately reset the stream with a PROTOCOL error. Feature

     logged by module on startup as 'INVHD' in info message.

     [Stefan Eissing]

  *) mod_http2: fixed handling of stream buffers during shutdown.

     [Stefan Eissing]

  *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid

     triggering mod_proxy_connect's AH01018 once the tunnel is established.

     [Yann Ylavic]

  *) ab: Set the Server Name Indication (SNI) extension on outgoing TLS

     connections (unless -I is specified), according to the Host header (if

     any) or the requested URL's hostname otherwise.  [Yann Ylavic]

  *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled

     and the error documents are proxied. PR 55415. [Luca Toscano]

  *) mod_proxy_fcgi: read the whole FCGI response even when the content has

     not been modified (HTTP 304) to avoid subsequent bougus reads and

     confusing error messages logged. [Luca Toscano]

  *) mod_http2: h2 status resource follows latest draft, see

     http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt

     [Stefan Eissing]

  *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing

     streams to the end. [Stefan Eissing]

  *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.

     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]

  *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data

     available before the request is sent.  PR 57832.  [Yann Ylavic]

  *) mod_proxy_balancer: Prevent redirect loops between workers within a

     balancer by limiting the number of redirects to the number balancer

     members. PR 59864 [Ruediger Pluem]

  *) mod_proxy: Correctly consider error response codes by the backend when

     processing failonstatus. PR 59869 [Ruediger Pluem]

  *) mod_dav: Add dav_get_provider_name() function to obtain the name

     of the provider from mod_dav.  [Graham Leggett]

  *) mod_dav: Add support for childtags to dav_error.

     [Jari Urpalainen <jari.urpalainen nokia.com>]

>>>>>>> .merge-right.r1769587

  *) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query 

     string showing up in SCRIPT_FILENAME. PR59815

  *) mod_proxy_express: Fix possible use of DB handle after close.  PR 59230.

     [Petr <pgajdos suse.cz>]

  *) core/util_script: relax alphanumeric filter of enviroment variable names

  *) core/util_script: relax alphanumeric filter of environment variable names

     on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.

     unadulterated in 64 bit versions of Windows. PR 46751.

     [John <john leineweb de>]

     fixes crash on a request that did not produce any response.

     [Stefan Eissing]

  *) mod_http2: trailers are sent after reponse body if set in request_rec

  *) mod_http2: trailers are sent after response body if set in request_rec

     trailers_out before the end-of-request bucket is sent through the 

     output filters. [Stefan Eissing]

     [Yann Ylavic]

  *) mod_proxy_connect/wstunnel: If both client and backend sides get readable

     at the same time, don't lose errors occuring while forwarding on the first

     at the same time, don't lose errors occurring while forwarding on the first

     side when none occurs next on the other side, and abort.  [Yann Ylavic]

  *) mod_rewrite: Improve relative substitutions in per-directory/htaccess

     the URL parameter interpolates to an empty string. PR 56603.

     [<ajprout hotmail.com>]

  *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. 

  *) core: Fix -D[efined] or <Define>[d] variables lifetime across restarts. 

     PR 57328.  [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].

  *) mod_proxy: Preserve original request headers even if they differ

     instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]

  *) ab: Add wait time, fix processing time, and output write errors only if

     they occured. [Christophe Jaillet]

     they occurred. [Christophe Jaillet]

  *) worker MPM: Don't forcibly kill worker threads if the child process is

     exiting gracefully.  [Oracle Corporation]

     [Chris Darroch]

  *) ab: Add a new -l parameter in order not to check the length of the responses.

     This can be usefull with dynamic pages.

     This can be useful with dynamic pages.

     PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]

  *) Suppress formatting of startup messages written to the console when

     request information to the request_rec structure. [Daniel Gruno]

  *) mod_lua: Add a server scope for Lua states, which creates a pool of

     states with managable minimum and maximum size. [Daniel Gruno]

     states with manageable minimum and maximum size. [Daniel Gruno]

  *) mod_lua: Add new directive, LuaMapHandler, for dynamically mapping

     URIs to Lua scripts and functions using regular expressions.

  *) mod_slotmem_shm: Fix mistaken reset of num_free for restored shm.

     [Jim Jagielski]

  *) mod_proxy: non-existance of byrequests is not an immediate error.

  *) mod_proxy: non-existence of byrequests is not an immediate error.

     [Jim Jagielski]

  *) mod_proxy_balancer: Improve output of balancer-manager (re: Drn,

     binary needs PCRE. [Rainer Jung]

  *) configure: tolerate dependency checking failures for modules if

     they have been enabled implicitely. [Rainer Jung]

     they have been enabled implicitly. [Rainer Jung]

  *) configure: Allow to specify module specific custom linker flags via

     the MOD_XXX_LDADD variables. [Rainer Jung]

     state after a timeout when discarding a request body. PR 51103.

     [Stefan Fritsch]

  *) core: Add various file existance test operators to ap_expr.

  *) core: Add various file existence test operators to ap_expr.

     [Stefan Fritsch]

  *) mod_proxy_express: New mass reverse-proxy switch extension for

  *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]

  *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid

  *) mod_negotiation: Escape paths of filenames in 406 responses to avoid

     HTML injections and HTTP response splitting.  PR 46837.

     [Geoff Keating <geoffk apple.com>]

  modules/http2/h2_from_h1.c         modules/http2/h2_h2.c

  modules/http2/h2_bucket_beam.c

  modules/http2/h2_mplx.c            modules/http2/h2_push.c

  modules/http2/h2_request.c         modules/http2/h2_response.c

  modules/http2/h2_request.c         modules/http2/h2_headers.c

  modules/http2/h2_session.c         modules/http2/h2_stream.c 

  modules/http2/h2_switch.c          modules/http2/h2_ngn_shed.c 

  modules/http2/h2_task.c            modules/http2/h2_util.c

RELEASE SHOWSTOPPERS:

  *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues

      Trunk version of patch:

         http://svn.apache.org/viewvc?rev=1753228&view=rev

         http://svn.apache.org/viewvc?rev=1753229&view=rev

      Backport version for 2.4.x of patch:

         Trunk version of patch works (modulo CHANGES)

      +1: wrowe, jim

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  *) core: avoid adding multiple subrequest filters when there are nested 

     subrequests.  PR58292

     trunk patch:  http://svn.apache.org/r1698334

     2.4.x patch:  trunk works modulo CHANGES

     +1:  covener, jim, jchampion

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

     +1: trawick

     ylavic: there may be missing bits, see thread for commit r1736510.

  *) mod_dav: Add support for childtags to dav_error.

     trunk patch: http://svn.apache.org/r1746207

     2.4.x: trunk works modulo CHANGES/MMN

     +1: minfrin, jim

  *) mod_dav: Add dav_begin_multistatus, dav_send_one_response,

     dav_finish_multistatus, dav_send_multistatus, dav_handle_err, 

     dav_failed_proppatch, dav_success_proppatch to mod_dav.h.

     trunk patch: http://svn.apache.org/r1748047

     2.4.x: trunk works modulo CHANGES/MMN

     +1: minfrin, jim

  *) core: Drop an invalid Last-Modified header value coming

     from a FCGI/CGI script instead of replacing it with Unix epoch.

     Warn the users about Last-Modified header value replacements and

     improved handling of non-GMT datestr.

     from a (F)CGI script instead of replacing it with Unix epoch.

     Warn the users about Last-Modified header value replacements

     and violations of the RFC.

     trunk patch: http://svn.apache.org/r1748379

                  http://svn.apache.org/r1750747

                  http://svn.apache.org/r1750749

                  http://svn.apache.org/r1751138

                  http://svn.apache.org/r1751139

                  http://svn.apache.org/r1751147

     2.4.x: trunk patches works (final view http://apaste.info/9v3)

     The last revision has been discussed in dev@ and submitted by Yann.

     Tested the code with a simple PHP script returning different Last-Modified

     headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday).

     +1: elukey, jchampion

  *) ab: Set the Server Name Indication (SNI) extension on outgoing TLS

     connections (unless -I is specified), according to the Host header (if

     any) or the requested URL's hostname otherwise.

     trunk patch: http://svn.apache.org/r1750854

                  http://svn.apache.org/r1750855

                  http://svn.apache.org/r1750947

                  http://svn.apache.org/r1750955

                  http://svn.apache.org/r1750960

     2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-ab_sni.patch

                  (needed to adapt CHANGES entry since r1750854)

     +1: ylavic, covener

                  http://svn.apache.org/r1757818

     2.4.x: trunk patches work, final view:

            http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch

     The problem has been discussed in dev@ extensively but we did not reach a common

     agreement about how to proceed in the long term. While we wait, I would really like

     to introduce useful logs for the users (the starting point of this change was a users@

     email thread). If this is not the right way to go I will move the patch to other

     sections of STATUS (stalled or being worked).

     The code has been tested with a simple PHP script returning different Last-Modified

     headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST now).

     +1: elukey

  *) CMake: fix various issues for Windows/Visual Studio build environments.

     PR59685.

     trunk patch: http://svn.apache.org/r1752331

                  http://svn.apache.org/r1752332

                  http://svn.apache.org/r1752333

     +1: jchampion

     +1: jchampion, jim (by inspection)

  *) mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate

     in the client certificate chain.  PR 55786.

     trunk patch: http://svn.apache.org/r1756542

     2.4.x patch: trunk works (modulo CHANGES)

     +1: ylavic, icing (by inspectin)

  *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,

     allowing per backend TLS configuration.

     trunk patch: http://svn.apache.org/r1740928

                  http://svn.apache.org/r1740960

                  http://svn.apache.org/r1740967

                  http://svn.apache.org/r1740987

                  http://svn.apache.org/r1740998

                  http://svn.apache.org/r1742697

                  http://svn.apache.org/r1756976

     2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-r1740928_and_co.patch

     +1: ylavic

  *) mod_proxy_fcgi: read the whole FCGI response even when the content has

     not been modified (HTTP 304) to avoid subsequent bogus reads and

     confusing error messages logged.

     trunk patch: http://svn.apache.org/r1752347

  *) Fix warnings with new compilers, warnings treated as error

     in maintainer-mode, standard c-89 is enforced

     trunk patch: http://svn.apache.org/r1702948

                  http://svn.apache.org/r1759415

     2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-r1702948_and_co.patch

     +1: ylavic, jorton, 

     jchampion: r1702948 doesn't quite work as advertised. -Werror is never

                added to CFLAGS because when combined with -Wstrict-prototypes,

                the AC_LANG_PROGRAM won't compile (it uses a bare main()).

     ylavic: Maybe the -Werror case could be handled later, for now this series

             avoids a lot of "warning: 'aplog_module_index' defined but not

             used [-Wunused-const-variable=]" thanks to AP_MAYBE_UNUSED.

     jchampion: Fine by me. I just think the dead code should be removed from

                the backport in the meantime, so people don't have a false sense

                of security.

  *) mod_cache: Bring up-to-date w/ trunk.

     trunk patch:

        try to use the key of a possible open but stale cache entry (PR 50317)

            http://svn.apache.org/r1597533

        socache_mc_store: Pass through expiration time.

            http://svn.apache.org/r1649491

        Preserve the Content-Type in case of 304 response

            http://svn.apache.org/r1665216

        Use the actual URI path and query-string (PR 21935)

            http://svn.apache.org/r1756553

            http://svn.apache.org/r1756631

        better s-maxage support

            http://svn.apache.org/r1726675

            http://svn.apache.org/r1718496

            http://svn.apache.org/r1718476

        Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen

            http://svn.apache.org/r1747469 

     2.4.x patch: http://home.apache.org/~jim/patches/httpd-2.4-cache.patch.txt

     +1: jim, ylavic

     ylavic: r1756553 and r1649491 have a CHANGES entry.

  *) mod_socache_memcache: Provide memcache STATs to mod_status

     trunk patch: http://svn.apache.org/r1768245

     2.4.x patch: trunk works

     +1 elukey

  *) autoconf: minor cleanup and removal of some dead code.

     trunk patch: http://svn.apache.org/r1753315

                  http://svn.apache.org/r1753316

     +1: jchampion

     +1: jim

  *) mod_proxy_fcgi: avoid loops serving proxied error documents.

     trunk patch: http://svn.apache.org/r1753167

  *) Remove unnecessary apr_table_do() function casts.

     trunk patch: http://svn.apache.org/r1769192

     2.4.x patch: trunk works

     +1: elukey

     +1: jchampion, rpluem

  *) mod_proxy: Correctly consider error response codes by the backend when

     processing failonstatus. PR 59869

      Trunk version of patch:

         http://svn.apache.org/r1753592

      Backport version for 2.4.x of patch:

         Trunk version of patch works (modulo CHANGES)

      +1: rpluem, jim

  *) mod_proxy_balancer: Prevent redirect loops between workers within a

     balancer by limiting the number of redirects to the number balancer

     members. PR 59864

      Trunk version of patch:

         http://svn.apache.org/r1753594

      Backport version for 2.4.x of patch:

         Trunk version of patch works (modulo CHANGES)

      +1: rpluem, jim

  *) mod_http: Add the HEAD method to the lookup hash for completeness.

      Trunk version of patch:

         http://svn.apache.org/r1753257

      Backport version for 2.4.x of patch:

         Trunk version of patch works

      +1: wrowe

  *) ssl: clear the error queue before SSL_read/write/accept(). PR60223

     trunk patch: http://svn.apache.org/r1769332

     2.4.x patch: https://home.apache.org/~jchampion/patches/2.4.x-ssl-error-queue.patch

     +1: jchampion, rpluem

PATCHES/ISSUES THAT ARE BEING WORKED

     minfrin: Yes, as you can see in the patch everything applies only

     if APR_XML_X2T_PARSED is defined, and the patch was tested with

     both apr-util v1.6 and apr-util v1.5.

     -1: jorton, breaks binary backwards compat per dev@ discuss

         msgid <20160902120654.GA12674@redhat.com>

         (& also, making the structure change with apr-util version

         means it breaks binary compat across an apr-util upgrade?)

  * mod_auth_digest: Reduce severity from NOTICE to DEBUG this 

    once-per-restart msg (I guess the concern was that the RNG

    could block after this message)

      AH01757: generating secret for digest authentication ...

    trunk patch: This was fixed in trunk as a trivial part of http://svn.apache.org/r1492395

    2.4.x patch: Just change the loglevel to DEBUG.

    +1 covener

PATCHES/ISSUES THAT ARE STALLED

     +1: jkaluza

     +1: covener w/ doc or code to fix syntax (providername:providerarg not supported like syslog or socacheproviders, 

                 needs 2 args which is not valid in ErrorLog manual)

     trawick: nit: fix "writing" in "/* NULL if we are writting to syslog */"

     trawick: nit: fix "writing" in "/* NULL if we are writing to syslog */"

              (sorry, haven't finished reviewing completely)

     jim: What is the status of this??

     +1: jkaluza

  * mod_proxy: Ensure network errors detected by the proxy are returned as

    504 Gateway Timout as opposed to 502 Bad Gateway

    504 Gateway Timeout as opposed to 502 Bad Gateway

    trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1480058

    2.4.x patch: trunk patch works modulo CHANGES

    +1:

          of described indirectly in a sample?

          Why are these new samples added to the install without three

          votes?  (I didn't veto it; put your name next to the two

          existing ones and I'll be satisified that enough people

          existing ones and I'll be satisfied that enough people

          considered this addition as an appropriate solution for a

          real httpd usability problem.)

     wrowe: I'd agree with trawick, and suggest that these scripts can begin

  $SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE $APACHE_FAST_OUTPUT_FILES

])

dnl ## APACHE_OUTPUT(file)

dnl ## adds "file" to the list of files generated by AC_OUTPUT

dnl ## This macro can be used several times.

AC_DEFUN([APACHE_OUTPUT], [

  APACHE_OUTPUT_FILES="$APACHE_OUTPUT_FILES $1"

])

dnl

dnl APACHE_TYPE_RLIM_T

dnl

   ifdef([APR_FIND_APU], [

     APR_FIND_APU("$srcdir/srclib/apr-util", "./srclib/apr-util", 

                  1, ${apr_major_version})

   ], [apu_found=no])

   ], [apu_found=no

      AC_MSG_NOTICE([APR-util 1.x not supported with APR 1.x])

      ])

fi

if test "$apu_found" = "no"; then

dnl Ensure that docs/conf is created.

test -d docs/conf||$mkdir_p docs/conf

AC_OUTPUT($APACHE_OUTPUT_FILES docs/conf/httpd.conf docs/conf/extra/httpd-autoindex.conf docs/conf/extra/httpd-dav.conf docs/conf/extra/httpd-default.conf docs/conf/extra/httpd-info.conf docs/conf/extra/httpd-languages.conf docs/conf/extra/httpd-manual.conf docs/conf/extra/httpd-mpm.conf docs/conf/extra/httpd-multilang-errordoc.conf docs/conf/extra/httpd-ssl.conf docs/conf/extra/httpd-userdir.conf docs/conf/extra/httpd-vhosts.conf docs/conf/extra/proxy-html.conf include/ap_config_layout.h support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk build/pkg/pkginfo build/config_vars.sh,[true],[

  APACHE_GEN_MAKEFILES

])

AC_CONFIG_FILES(docs/conf/httpd.conf docs/conf/extra/httpd-autoindex.conf docs/conf/extra/httpd-dav.conf docs/conf/extra/httpd-default.conf docs/conf/extra/httpd-info.conf docs/conf/extra/httpd-languages.conf docs/conf/extra/httpd-manual.conf docs/conf/extra/httpd-mpm.conf docs/conf/extra/httpd-multilang-errordoc.conf docs/conf/extra/httpd-ssl.conf docs/conf/extra/httpd-userdir.conf docs/conf/extra/httpd-vhosts.conf docs/conf/extra/proxy-html.conf include/ap_config_layout.h support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk build/pkg/pkginfo build/config_vars.sh)

AC_CONFIG_COMMANDS([default], [true], [APACHE_GEN_MAKEFILES])

AC_OUTPUT