Reorder and regroup a bit for clarity

     strings.  The default limit for ap_pregsub() can be adjusted at compile

      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization

     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun

     <apache heilbrun.org>]

  *) mod_setenvif: Log error on substitution overflow.

     [Stefan Fritsch]

     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.

     [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]

  *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server

     admin to configure an IO timeout as an error in the balancer.

     [Daniel Ruggeri]

  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with

     the source href (sent as part of the request body as XML) pointing to a

     URI that is not configured for DAV will trigger a segfault. [Ben Reser

  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611

     [Timothy Wood <tjw omnigroup.com>]

  *) Added balancer parameter failontimeout to allow server admin

     to configure an IO timeout as an error in the balancer.

     [Daniel Ruggeri]

  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,

     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]

     result in a 412 Precondition Failed. PR54610 [Timothy Wood

     <tjw omnigroup.com>]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization

     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun

     <apache heilbrun.org>]

Changes with Apache 2.2.24

  *) SECURITY: CVE-2012-3499 (cve.mitre.org)

    2.2.x patch: trunk patch works (minus CHANGES)

    +1: minfrin, wrowe, rjung

  * mod_ssl/proxy: enable the SNI extension for backend TLS connections

    [Kaspar Brand]

    2.2.x patch: http://people.apache.org/~rjung/patches/r1175416-2.0-v2.patch

    +1: wrowe, rjung, trawick

  * mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559

    [Diego Santa Cruz <diego.santaCruz spinetix.com>]

    This is the third patch in PR 52559. The other two are already

    2.2.x patch: trunk patch works (minus CHANGES)

    +1: rjung, wrowe, trawick

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

  * mod_ssl/proxy: enable the SNI extension for backend TLS connections

    [Kaspar Brand]

    2.2.x patch: http://people.apache.org/~rjung/patches/r1175416-2.0-v2.patch

    +1: wrowe, rjung, trawick

   * mod_proxy_http: Use the same hostname for SNI as for the HTTP request when

     forwarding to SSL backends.

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1333969

     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356881

     2.2.x patch: http://people.apache.org/~rjung/patches/mod_proxy_http-fix-hostname-ssl-2_2.patch

     +1: covener, wrowe

     +1: rjung (if my alternative r1175416 backport is used)

     -1: 

     kbrand: only has an effect if r1175416 is backported, too (see note at

             https://issues.apache.org/bugzilla/show_bug.cgi?id=53134#c10

             by the patch author)

     wrowe asks kbrand to see above

     +1: covener, wrowe, rjung (w/r1175416 above applied first)

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

  * core: speed up (for common cases) and reduce memory usage of ap_escape_logitem

    This should save 70-100 bytes in the request pool for a default config.