Merge r1780328, r1780329, r1781329, r1782164, r1782166, r1782193, r1778350, r1781329, r1782194, r1782323, r1782418, r1782419, r1782482, r1782532, r1788040 from trunk:

Adjust as needed

debugging

add ProxyFCGISetEnvIf


Logging update

Follow up to r1782164: fix typo (closing double-quote).

Remove trailing whitespace : no functional change

PR60576: php-fpm broken w/ per-dir rewrites

Attempt to dig out of well-meaning fixes for generic fcgi backends
that negatively affected some FPM configs.

Adds ProxyFCGIBackendType 


add ProxyFCGISetEnvIf


trailing whitespace

Allow final admin-level fine-tuning

mod_proxy_fcgi: fix spelling in APLOG_INFO message

mod_proxy_fcgi: allow setting empty variables in ProxyFCGISetEnvIf

support unsetting vars



ProxyFCGISetEnvIf: reject invalid invocations, streamline unsets

Neither of the following makes sense:
- ProxyFCGISetEnvIf cond !VARIABLE value
- ProxyFCGISetEnvIf cond !

Error out in these cases. Also, don't execute the (unused) replacement
expression when unsetting.

drop the longhand version


Submitted by: jim, covener, jim, ylavic, jim, covener, covener, jim, jim, jchampion, jchampion, covener, jchampion, covener
Reviewed by: jim, covener, jchampion


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1788445 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: work around leaks on (graceful) restart.

Tested with valgrind and --with-ssl shared/static.


mod_ssl: follow up to r1781187.
The ssl_util_thread_*() functions are not necessary with openssl-1.1+


mod_ssl: follow up to r1781187.
Address SSL_CTX leak in (merged) proxy_ctx.


Reviewed by: ylavic, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1788442 13f79535-47bb-0310-9956-ffa450edef68

Look for specific versioned installs of Lua 5.3
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1787728 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1787303 13f79535-47bb-0310-9956-ffa450edef68

avoid SO_REUSEPORT w/o ListenCoresBucketsRatio 

Can lead to unintended/confusing sharing between 
multiple servers started by the same ID.

Submitted by: covener
Reviewed by: jorton, covener, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1787301 13f79535-47bb-0310-9956-ffa450edef68

 Merged /httpd/httpd/trunk:r1784571,1785672,1785683,1786512,1786575-1786576
 mod_http2/mod_proxy_http2 backport



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1786582 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1784990 13f79535-47bb-0310-9956-ffa450edef68

merge of r1783683,1783693,1783756,1783759-1783760,1783762,1783912,1783996 from trunk



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1784001 13f79535-47bb-0310-9956-ffa450edef68

Return HTTP 504 rather than 503 when a proxy timeout is hit.

Part of the review for PR: 56188


Submitted by: elukey
Reviewed by: elukey, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1783414 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1783123 13f79535-47bb-0310-9956-ffa450edef68

merge of r1780598,1781304,1782875,1782944,1782958,1782975 from trunk



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1782980 13f79535-47bb-0310-9956-ffa450edef68

revert r1780909 and r1773397 ProxyPass ! perdir

r1773397 had a regression and the whole thing is fishy
to shoehorn the current ProxyPass ! syntax into.



add no-proxy envvar for mod_proxy

replacement for ProxyPass /path ! when ProxyPass is in
location context.


Submitted by: covener
Reviewed by: covener, jim, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1782332 13f79535-47bb-0310-9956-ffa450edef68

* mod_auth_digest: Use anonymous shm by default, fall back on name-based.

Submitted by: jkaluza
Reviewed by: jorton, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1782175 13f79535-47bb-0310-9956-ffa450edef68

mod_filter: Fix AddOutputFilterByType with non-content-level filters.
PR: 58856

Submitted by: Micha Lenk
Reviewed by: covener, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1781433 13f79535-47bb-0310-9956-ffa450edef68

Use pconf as parent pool so mutexes get cleaned on restarts/reloads

name changes re: suggestion

Submitted by: jim
Reviewed by: jim, jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1781432 13f79535-47bb-0310-9956-ffa450edef68

Merge of r1779979,1780159,1780576,1780596 from trunk:
M    modules/http2/h2_bucket_beam.c
     fix for possible duplicate free of send/recv pools
M    modules/http2/h2_from_h1.c
     suppress generating responses on aborted slave connections
M    modules/http2/h2_session.c
     regression: stream ongoing streams on graceful shutdown to the end
M    modules/http2/h2_version.h



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1780597 13f79535-47bb-0310-9956-ffa450edef68

Merge r1779743,1779896,1779972 from trunk.

mod_http2: fixes PR60599, sending proper response for conditional requests
answered by mod_cache. [Jeff Wheelhouse, Stefan Eissing]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1779975 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_http2: rework of stream resource cleanup to avoid a crash in a close
     of a lingering connection. Prohibit special file bucket beaming for
     shared buckets. Files sent in stream output now use the stream pool
     as read buffer, reducing memory footprint of connections.
     [Yann Ylavic, Stefan Eissing]
     



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1779742 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_http2: streaming of request output now reacts timely to data
     from other streams becoming available. Same for new incoming requests.
 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778629 13f79535-47bb-0310-9956-ffa450edef68

fix crash in util_fcgi.c

 *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
    modules add empty environment variables to the request. PR60275.
    [<alex2grad AT gmail.com>]

Submitted By: <alex2grad AT gmail.com>]
Committed By: covener



Submitted by: covener
Reviewed by: covener, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778050 13f79535-47bb-0310-9956-ffa450edef68

CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. **



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778007 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_{ajp,fcgi}: Fix a possible crash when reusing an established
backend connection, happening with LogLevel trace2 or higher configured,
or at any log level with compilers not detected as C99 compliant (e.g.
MSVC on Windows).


Submitted by: ylavic
Reviewed by: ylavic, jim, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1777975 13f79535-47bb-0310-9956-ffa450edef68

backport of latest mod_http2 related changes.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1777344 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1777116 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: adding support for MergeTrailers directive. 

mod_http2: limiting DATA frame sizes by TLS record sizes in use on the     
    connection. Flushing outgoing frames earlier. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1776737 13f79535-47bb-0310-9956-ffa450edef68

Cleanup mod_http2 beamer registry on server reload. Fixes PR60510.

* modules/http2/h2_bucket_beam.c
  register cleanup function on installation that NULLs the beamer
  registry on pool cleanup.

Patch by: Pavel Mateja <pavel@verotel.cz
         me



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775834 13f79535-47bb-0310-9956-ffa450edef68

pass along error buckets

In 2.4, they are generated by LimitRequestBody failures. trunk no 
longer uses error buckets in this path, but someone else could.

PR60375

Submitted By: Eric Covener,Lubos Uhliarik <luhliari  redhat.com>
Committed By: covener



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775832 13f79535-47bb-0310-9956-ffa450edef68

Merge r1775813 from trunk:

Fix mod_h2/github issue #126: correct lifetime of data sent on temp pools

* modules/http2/h2_bucket_beam.c 
 - ignore send pools that are sub-pools of the existing one
 - added h2_beam_send_from() to allow explicit registering of the
   correct pool for the sending

* modules/http2/h2_bucket_beam.h
 - add prototype for h2_beam_send_from()

* modules/http2/h2_mplx.c
 - adding logging of output beam state

* modules/http2/h2_stream.c
 - register stream pool for sending data on input beam

* modules/http2/h2_task.c
 - register task pool on output beam on creation
 - adding trace logging

* modules/http2/h2_proxy_session.c
 - fixing a type in a comment while we're at it



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775816 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774647 13f79535-47bb-0310-9956-ffa450edef68

note CHANGES


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774628 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774577 13f79535-47bb-0310-9956-ffa450edef68

short-circuit some kinds of looping in RewriteRule.

PR60478

Submitted By: Jeff Wheelouse <apache wheelhouse.org>
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774352 13f79535-47bb-0310-9956-ffa450edef68

Allow for initual burst at full speed


Some "error" reporting if we overflow


rate limit notes


xhtml

Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774071 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774065 13f79535-47bb-0310-9956-ffa450edef68

heh... bring memcache up to redis :)
mod_status info

From Norm:
NWGNUsocachmem needs to find mod_status.h

Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774016 13f79535-47bb-0310-9956-ffa450edef68

change error handling for bad resp headers

 - avoid looping between ap_die and the http filter
 - remove the header that failed the check
 - keep calling apr_table_do until our fn stops matching


This is still not great. We get the original body, a 500 status
code and status line.

(r1773285 + fix for first return from check_headers)




Follow up to r1773293.
When check_headers() fails, clear anything (headers and body) from original/errorneous
response before returning 500.


Follow up to r1773761: don't check_headers() more than once.

Follow up to r1773761: don't recurse on internal redirects.

Follow up to r1773761: don't recurse on ap_send_error_response() either.

Follow up to r1773761: we need to check both ap_send_error_response() and internal redirect recursions.

Follow up to r1773761: improved recursion detection.
Submitted by: covener, ylavic, ylavic, ylavic, ylavic, ylavic, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773995 13f79535-47bb-0310-9956-ffa450edef68

Drop C-L header and message-body from HTTP 204 responses.

The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.

PR 51350

Submitted by: elukey
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773801 13f79535-47bb-0310-9956-ffa450edef68

ProxyPass ! doesn't block per-directory ProxyPass

 *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
     configured in <Location>, like in 2.2. PR 60458.
     [Eric Covener]


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773800 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773282 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_digest: fix segfaults during shared memory exhaustion

The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
check for a malloc failure, leading to crashes when we ran out of the
limited space provided by AuthDigestShmemSize. This patch replaces all
these calls with a helper function that performs this check.

Additionally, fix a NULL-check bug during entry garbage collection.
Submitted by: jchampion
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773069 13f79535-47bb-0310-9956-ffa450edef68