git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661754 13f79535-47bb-0310-9956-ffa450edef68

as in r1517366, drop the severity in authz_groupfile when a require
didn't match but no real error was encountered. 

This individual 'require group' may not really dictate who gets in. PR55523 




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661749 13f79535-47bb-0310-9956-ffa450edef68

   * mod_authn_dbd: Precedence issue. Fix the error message logged in case of
     error while querying the database.

Submitted by: jailletc36
Reviewed by: jailletc36, mrumph, minfrin
Backported by: jailletc36

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661456 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1655495 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1655493 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1654002 13f79535-47bb-0310-9956-ffa450edef68

Fix --enable-v4-mapped configuration on *BSD. PR 53824.
Submitted by: olli hauer <ohauer gmx.de>
Committed by: ylavic

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1653962 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652936 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652935 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652933 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652931 13f79535-47bb-0310-9956-ffa450edef68

internationalization.

Backports: r1611169
Reviewed by: wrowe, gsmith



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652266 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652260 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: Add SSLSessionTickets (on|off).
It controls the use of TLS session tickets (RFC 5077).
Default is unchanged (on).
Using session tickets without restarting the web server with
an appropriate frequency (e.g. daily) compromises perfect forward
secrecy. As long as we do not have a nice key management
there needs to be a way to deactivate the use of session tickets.

Submitted by: rjung
Reviewed by: rjung, covener, ylavic
Backported by: rjung


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652074 13f79535-47bb-0310-9956-ffa450edef68

remove bad merge from CHANGES in r1651656



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651856 13f79535-47bb-0310-9956-ffa450edef68

provide alternative PATH_INFO calculation options for proxy_fcgi.
PR 55329




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651663 13f79535-47bb-0310-9956-ffa450edef68

     trunk patch: http://svn.apache.org/r1588544 (rewrite+UDS)
                  http://svn.apache.org/r1641636 ('using default worker' msg tweak)
                  http://svn.apache.org/r1647005 (tcp reuse)
                  http://svn.apache.org/r1647009 (uds reuse)
                  http://svn.apache.org/r1647334 (uds reuse fix)


    + 1 additional de_socketfy call in mod_proxy





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651662 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651660 13f79535-47bb-0310-9956-ffa450edef68

tweak SCRIPT_FILENAME passed to fastcgi backends when a balancer is used.



save some bytes per Christophe's review.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651658 13f79535-47bb-0310-9956-ffa450edef68

Update conn_rec.id when a new thread begins working on a connection, because
the old thread may work on a new connection and assign the same ID in parallel.


Submitted By:  Michael Thorpe
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651656 13f79535-47bb-0310-9956-ffa450edef68

Configuration files with long lines and continuation characters
are not read properly. PR 55910. 

Submitted By: Manuel Mausz <manuel-as mausz.at>
Committed By: covener




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651653 13f79535-47bb-0310-9956-ffa450edef68

Be consistant with the code below which accepts lower or upper case.

Add CHANGE for r1649632
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651097 13f79535-47bb-0310-9956-ffa450edef68

split-logfile: Fix perl error:  'Can't use string ("example.org:80") 
  as a symbol ref while "strict refs"'. PR 56329.

Submitted By: Holger Mauermann <mauermann gmail.com>
Committed By: covener



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651095 13f79535-47bb-0310-9956-ffa450edef68

PR 56603:  Inappropiate ProxyPassReverse match when interpolated URL 
is empty string 

Submitted By: <ajprout hotmail.com>
Committed By: covener


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651094 13f79535-47bb-0310-9956-ffa450edef68

* core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. 
        PR 57328.

Submitted-by: Armin Abfalterer <a.abfalterer gmail.com>
Reviewed/Committed-by: ylavic

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651084 13f79535-47bb-0310-9956-ffa450edef68

* core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. 
        PR 57328.

Submitted-by: Armin Abfalterer <a.abfalterer gmail.com>
Reviewed/Committed-by: ylavic

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651083 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy: Preserve original request headers even if they differ
           from the ones to be forwarded to the backend. PR 45387.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651082 13f79535-47bb-0310-9956-ffa450edef68

Fix computation of the size of 'struct sockaddr_un' when passed to 'connect()'.
Use the same logic as the one in ' in 'proxy_util.c'.


mod_proxy: Don't limit the size of the connectable Unix Domain Socket paths.
Since connect() to UDS path is used at several places, introduce
ap_proxy_connect_uds() in proxy_util.

Submitted by: jailletc36, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651081 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy: Shutdown (eg. SSL close notify) the backend connection
before closing.


mod_proxy: follow up to r1601291.

Since deferred_write_pool is needed by the core_output_filter and is a subpool
of the connection, shutdown in a pre_cleanup of the connection's pool to avoid
a freed memory access (SEGV).

Reported By: takashi

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651080 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads.


mod_ssl: follow up to r1601919.
Likewise when set from SNI callback.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651078 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
         PR54998.

Submitted By: Tim Kosse <tim.kosse filezilla-project.org>, ylavic
Committed By: ylavic


mod_ssl: SSL_smart_shutdown(): follow up to r1601184.
Use SSL_get_wbio() to comply with OPENSSL_NO_SSL_INTERN.
Stop SSL shutdown loop when flush fails.


mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
                expires. PR54998.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651077 13f79535-47bb-0310-9956-ffa450edef68

   * mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.

Submitted by: jkaluza
Reviewed by: jkaluza, ylavic, covener
Backported by: jailletc36

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650677 13f79535-47bb-0310-9956-ffa450edef68

   * mod_ssl: Check if we are having an SSL connection before looking up SSL
              related variables during expression evaluation to avoid a crash.
              If not return NULL as ssl_var_lookup_ssl does by default.  PR 57070

Submitted by: rpluem
Reviewed by: jailletc36, ylavic, covener
Backported by: jailletc36

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650659 13f79535-47bb-0310-9956-ffa450edef68

   * mod_proxy_ajp: Fix handling of the default port (8009) in the
     ProxyPass and <Proxy> configurations.  PR 57259.

Submitted by: ylavic
Reviewed by: ylavic, jim, covener
Backported by: jailletc36

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650655 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1646179 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: Fix recognition of OCSP stapling responses that are encoded
         improperly or too large.

The one byte "ok" flag stored with the response was accounted for in
the wrong condition.


follow up to r1641077: 

one bug was traded for another in r1641077; track the response
length and the cached object length separately to avoid such
confusion

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645935 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645423 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1643256 13f79535-47bb-0310-9956-ffa450edef68

  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]

Submitted By: Edward Lu
Committed By: covener


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642861 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
determine whether it is a normal close or a real error. PR 57168.

Abort the client or backend connection on polling errors, but don't forcibly
abort the client side at the end (the core filters will do that otherwise
when necessary), so that lingering close and SSL shutdown can occur on normal
close.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642857 13f79535-47bb-0310-9956-ffa450edef68