Sync CHANGES entries. [skip ci].

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895558 13f79535-47bb-0310-9956-ffa450edef68

15 files changed, 99 insertions, 87 deletions

diff --git a/CHANGES b/CHANGES
index b2a3660b25..e88596fefd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,105 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_proxy_connect: Honor the smallest of the backend or client timeout
+     while tunneling.  [Yann Ylavic]
+
+  * mod_http2: a regression in v1.15.24 of the modules was fixed that
+    could lead to httpd child processes not being terminated on a
+    graceful reload or when reaching MaxConnectionsPerChild.
+    When unprocessed h2 requests were queued at the time, these could stall.
+    See <https://github.com/icing/mod_h2/issues/212>.
+    [@hansborr, @famzah, Stefan Eissing]
+
+  *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
+     PR 65616.  [Ruediger Pluem]
+
+  *) mod_md: Fix memory leak in case of failures to load the private key.
+     PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
+
+  * mod_http2: the new pollset implementation is disabled when
+    compiling with an APR version less than 1.6.
+
+  *) mod_autoindex: Add "IndexForbiddenReturn404" to return 404 instead of a 
+     403 when Options does not included "indexes". [Eric Covener]
+
+  *) mod_dir: Add "NotFound" option to "DirectorySlash" directive to return 
+     404 instead of a DirectorySlash redirect. [Eric Covener]
+
+  *) mod_md: adding v2.4.8 with the following changes
+    - Added support for ACME External Account Binding (EAB).
+      Use the new directive `MDExternalAccountBinding` to provide the
+      server with the value for key identifier and hmac as provided by
+      your CA.
+      While working on some servers, EAB handling is not uniform
+      across CAs. First tests with a Sectigo Certificate Manager in
+      demo mode are successful. But ZeroSSL, for example, seems to
+      regard EAB values as a one-time-use-only thing, which makes them
+      fail if you create a seconde account or retry the creation of the
+      first account with the same EAB.
+    - The directive 'MDCertificateAuthority' now checks if its parameter
+      is a http/https url or one of a set of known names. Those are
+      'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
+      for now and they are not case-sensitive.
+      The default of LetsEncrypt is unchanged.
+    - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
+      section.
+    - Treating 401 HTTP status codes for orders like 403, since some ACME
+      servers seem to prefer that for accessing oders from other accounts.
+    - When retrieving certificate chains, try to read the repsonse even
+      if the HTTP Content-Type is unrecognized.
+    - Fixed a bug that reset the error counter of a certificate renewal
+      and prevented the increasing delays in further attempts.
+    - Fixed the renewal process giving up every time on an already existing
+      order with some invalid domains. Now, if such are seen in a previous
+      order, a new order is created for a clean start over again.
+      See <https://github.com/icing/mod_md/issues/268>
+    - Fixed a mixup in md-status handler when static certificate files
+      and renewal was configured at the same time.
+
+  *) mod_http2:
+     - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
+       were overwritten instead of preserved. [PR by @daum3ns]
+     - Added directove 'H2StreamTimeout' to configure a separate value for HTTP/2
+       streams, overriding server's 'Timeout' configuration. [rpluem]
+     - HTTP/2 connections now use pollsets to monitor the status of the
+       ongoing streams and their main connection when host OS allows this.
+     - Removed work-arounds for older versions of libnghttp2 and checking
+       during configure that at least version 1.15.0 is present.
+     - The HTTP/2 connection state handler, based on an experiment and draft
+       at the IETF http working group (abandoned for some time), has been removed.
+     - H2SerializeHeaders no longer has an effect. A warning is logged when it is
+       set to "on". The switch enabled the internal writing of requests to be parsed
+       by the internal HTTP/1.1 protocol handler and was introduced to avoid
+       potential incompatibilities during the introduction of HTTP/2.
+     - Removed the abort/redo of tasks when mood swings lower the active limit.
+     [Ruediger Pluem, daum3ns, Stefan Eissing]
+
+  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
+     a third-party module.  PR 65627.
+     [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
+
+  *) mpm_event: Restart stopping of idle children after a load peak. PR 65626.
+     [Yann Ylavic, Ruediger Pluem]
+
+  *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
+     half-close forwarding when tunneling protocols.  [Yann Ylavic]
+
+  *) mod_tls: added mod_tls from abetterinternet, donated
+     by ISRG/Prossimo <https://github.com/abetterinternet/mod_tls>.
+     - adds font-/backend TLS (v1.2/v1.3) via the Rust rustls crate
+       and its rustls-ffi C binding <https://github.com/rustls/rustls-ffi>.
+     - documentation at <https://github.com/abetterinternet/mod_tls>
+       (adding to Apache's manual TBD)
+     - build support for Apache httpd configure on *nix platforms,
+       rustls is linked statically into mod_tls.
+
+  *) mod_md: values for External Account Binding (EAB) can
+     now also be configured to be read from a separate JSON
+     file. This allows to keep server configuration permissions
+     world readable without exposing secrets.
+     [Stefan Eissing]
+
   *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
      unused AP_NORMALIZE_DROP_PARAMETERS flag.
      [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Joe Orton]
diff --git a/changes-entries/DirectorySlashNotFound.txt b/changes-entries/DirectorySlashNotFound.txt
deleted file mode 100644
index 87a8c7ee26..0000000000
--- a/changes-entries/DirectorySlashNotFound.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_dir: Add "NotFound" option to "DirectorySlash" directive to return 
-     404 instead of a DirectorySlash redirect. [Eric Covener]
diff --git a/changes-entries/IndexForbiddenReturn404.txt b/changes-entries/IndexForbiddenReturn404.txt
deleted file mode 100644
index 7f887e63bf..0000000000
--- a/changes-entries/IndexForbiddenReturn404.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_autoindex: Add "IndexForbiddenReturn404" to return 404 instead of a 
-     403 when Options does not included "indexes". [Eric Covener]
diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt
deleted file mode 100644
index 43cc6930b5..0000000000
--- a/changes-entries/ap_lingering_close-NULL.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
-     a third-party module.  PR 65627.
-     [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
diff --git a/changes-entries/event-kill_at_total_daemons_limit.txt b/changes-entries/event-kill_at_total_daemons_limit.txt
deleted file mode 100644
index 007e9615e2..0000000000
--- a/changes-entries/event-kill_at_total_daemons_limit.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mpm_event: Restart stopping of idle children after a load peak. PR 65626.
-     [Yann Ylavic, Ruediger Pluem]
diff --git a/changes-entries/h2_apr16_pollset.txt b/changes-entries/h2_apr16_pollset.txt
deleted file mode 100644
index bf7dd88118..0000000000
--- a/changes-entries/h2_apr16_pollset.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  * mod_http2: the new pollset implementation is disabled when
-    compiling with an APR version less than 1.6.
diff --git a/changes-entries/h2_graceful_stall.txt b/changes-entries/h2_graceful_stall.txt
deleted file mode 100644
index b0d054a524..0000000000
--- a/changes-entries/h2_graceful_stall.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-  * mod_http2: a regression in v1.15.24 of the modules was fixed that
-    could lead to httpd child processes not being terminated on a
-    graceful reload or when reaching MaxConnectionsPerChild.
-    When unprocessed h2 requests were queued at the time, these could stall.
-    See <https://github.com/icing/mod_h2/issues/212>.
-    [@hansborr, @famzah, Stefan Eissing]
diff --git a/changes-entries/http2_additions.txt b/changes-entries/http2_additions.txt
deleted file mode 100644
index b9db02c0e8..0000000000
--- a/changes-entries/http2_additions.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-  *) mod_http2:
-     - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
-       were overwritten instead of preserved. [PR by @daum3ns]
-     - Added directove 'H2StreamTimeout' to configure a separate value for HTTP/2
-       streams, overriding server's 'Timeout' configuration. [rpluem]
-     - HTTP/2 connections now use pollsets to monitor the status of the
-       ongoing streams and their main connection when host OS allows this.
-     - Removed work-arounds for older versions of libnghttp2 and checking
-       during configure that at least version 1.15.0 is present.
-     - The HTTP/2 connection state handler, based on an experiment and draft
-       at the IETF http working group (abandoned for some time), has been removed.
-     - H2SerializeHeaders no longer has an effect. A warning is logged when it is
-       set to "on". The switch enabled the internal writing of requests to be parsed
-       by the internal HTTP/1.1 protocol handler and was introduced to avoid
-       potential incompatibilities during the introduction of HTTP/2.
-     - Removed the abort/redo of tasks when mood swings lower the active limit.
-     [Ruediger Pluem, daum3ns, Stefan Eissing]
\ No newline at end of file
diff --git a/changes-entries/md_2.4.8.txt b/changes-entries/md_2.4.8.txt
deleted file mode 100644
index e9d099f0bf..0000000000
--- a/changes-entries/md_2.4.8.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-  *) mod_md: adding v2.4.8 with the following changes
-    - Added support for ACME External Account Binding (EAB).
-      Use the new directive `MDExternalAccountBinding` to provide the
-      server with the value for key identifier and hmac as provided by
-      your CA.
-      While working on some servers, EAB handling is not uniform
-      across CAs. First tests with a Sectigo Certificate Manager in
-      demo mode are successful. But ZeroSSL, for example, seems to
-      regard EAB values as a one-time-use-only thing, which makes them
-      fail if you create a seconde account or retry the creation of the
-      first account with the same EAB.
-    - The directive 'MDCertificateAuthority' now checks if its parameter
-      is a http/https url or one of a set of known names. Those are
-      'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
-      for now and they are not case-sensitive.
-      The default of LetsEncrypt is unchanged.
-    - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
-      section.
-    - Treating 401 HTTP status codes for orders like 403, since some ACME
-      servers seem to prefer that for accessing oders from other accounts.
-    - When retrieving certificate chains, try to read the repsonse even
-      if the HTTP Content-Type is unrecognized.
-    - Fixed a bug that reset the error counter of a certificate renewal
-      and prevented the increasing delays in further attempts.
-    - Fixed the renewal process giving up every time on an already existing
-      order with some invalid domains. Now, if such are seen in a previous
-      order, a new order is created for a clean start over again.
-      See <https://github.com/icing/mod_md/issues/268>
-    - Fixed a mixup in md-status handler when static certificate files
-      and renewal was configured at the same time.
-
diff --git a/changes-entries/md_2.4.9.txt b/changes-entries/md_2.4.9.txt
deleted file mode 100644
index 27cc5c9c28..0000000000
--- a/changes-entries/md_2.4.9.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-  *) mod_md: values for External Account Binding (EAB) can
-     now also be configured to be read from a separate JSON
-     file. This allows to keep server configuration permissions
-     world readable without exposing secrets.
-     [Stefan Eissing]
-
diff --git a/changes-entries/pr65620.txt b/changes-entries/pr65620.txt
deleted file mode 100644
index c14f275688..0000000000
--- a/changes-entries/pr65620.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_md: Fix memory leak in case of failures to load the private key.
-     PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
diff --git a/changes-entries/proxy_connect_timeout.txt b/changes-entries/proxy_connect_timeout.txt
deleted file mode 100644
index f3ef01580b..0000000000
--- a/changes-entries/proxy_connect_timeout.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_proxy_connect: Honor the smallest of the backend or client timeout
-     while tunneling.  [Yann Ylavic]
diff --git a/changes-entries/proxy_half_close.txt b/changes-entries/proxy_half_close.txt
deleted file mode 100644
index 266cbb7b50..0000000000
--- a/changes-entries/proxy_half_close.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
-     half-close forwarding when tunneling protocols.  [Yann Ylavic]
diff --git a/changes-entries/tls_added.txt b/changes-entries/tls_added.txt
deleted file mode 100644
index fbe29e0b52..0000000000
--- a/changes-entries/tls_added.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-  *) mod_tls: added mod_tls from abetterinternet, donated
-     by ISRG/Prossimo <https://github.com/abetterinternet/mod_tls>.
-     - adds font-/backend TLS (v1.2/v1.3) via the Rust rustls crate
-       and its rustls-ffi C binding <https://github.com/rustls/rustls-ffi>.
-     - documentation at <https://github.com/abetterinternet/mod_tls>
-       (adding to Apache's manual TBD)
-     - build support for Apache httpd configure on *nix platforms,
-       rustls is linked statically into mod_tls.
diff --git a/changes-entries/uwsgi-path_info.txt b/changes-entries/uwsgi-path_info.txt
deleted file mode 100644
index beb0a67434..0000000000
--- a/changes-entries/uwsgi-path_info.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
-     PR 65616.  [Ruediger Pluem]