From c54018b07a9085c0a3aedbc2bd01a85a3b3e20cf Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 25 May 2024 06:41:27 +0200 Subject: Merging upstream version 2.4.59. Signed-off-by: Daniel Baumann --- include/ap_config_auto.h.in | 194 ++++++++++++++++++++------- include/ap_expr.h | 4 +- include/ap_mmn.h | 79 ++++++++++- include/ap_mpm.h | 103 ++++++++++---- include/ap_regex.h | 23 +++- include/ap_release.h | 4 +- include/http_config.h | 43 +++++- include/http_connection.h | 15 +++ include/http_core.h | 61 +++++++-- include/http_protocol.h | 104 ++++++++++++++- include/http_request.h | 22 ++- include/http_ssl.h | 317 ++++++++++++++++++++++++++++++++++++++++++++ include/http_vhost.h | 13 ++ include/httpd.h | 279 ++++++++++++++++++++++++++++++++++++-- include/mod_auth.h | 2 +- include/mpm_common.h | 9 ++ include/scoreboard.h | 9 +- include/util_fcgi.h | 2 +- include/util_ldap.h | 3 +- include/util_script.h | 2 + include/util_time.h | 4 +- 21 files changed, 1169 insertions(+), 123 deletions(-) create mode 100644 include/http_ssl.h (limited to 'include') diff --git a/include/ap_config_auto.h.in b/include/ap_config_auto.h.in index ff93e54..b4de75a 100644 --- a/include/ap_config_auto.h.in +++ b/include/ap_config_auto.h.in @@ -52,15 +52,18 @@ /* Using autoconf to configure Apache */ #undef AP_USING_AUTOCONF -/* Define to 1 if you have the `arc4random_buf' function. */ +/* Define to 1 if you have the 'arc4random_buf' function. */ #undef HAVE_ARC4RANDOM_BUF -/* Define to 1 if you have the `bindprocessor' function. */ +/* Define to 1 if you have the 'bindprocessor' function. */ #undef HAVE_BINDPROCESSOR /* Define to 1 if you have the header file. */ #undef HAVE_BSTRING_H +/* Define if crypt() supports SHA-2 hashes */ +#undef HAVE_CRYPT_SHA2 + /* Define if curl is available */ #undef HAVE_CURL @@ -73,31 +76,31 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DISTCACHE_DC_CLIENT_H -/* Define to 1 if you have the `ENGINE_init' function. */ +/* Define to 1 if you have the 'ENGINE_init' function. */ #undef HAVE_ENGINE_INIT -/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */ +/* Define to 1 if you have the 'ENGINE_load_builtin_engines' function. */ #undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES -/* Define to 1 if you have the `epoll_create' function. */ +/* Define to 1 if you have the 'epoll_create' function. */ #undef HAVE_EPOLL_CREATE -/* Define to 1 if you have the `fopen64' function. */ +/* Define to 1 if you have the 'fopen64' function. */ #undef HAVE_FOPEN64 -/* Define to 1 if you have the `getgrnam' function. */ +/* Define to 1 if you have the 'getgrnam' function. */ #undef HAVE_GETGRNAM -/* Define to 1 if you have the `getloadavg' function. */ +/* Define to 1 if you have the 'getloadavg' function. */ #undef HAVE_GETLOADAVG -/* Define to 1 if you have the `getpgid' function. */ +/* Define to 1 if you have the 'getpgid' function. */ #undef HAVE_GETPGID -/* Define to 1 if you have the `getpwnam' function. */ +/* Define to 1 if you have the 'getpwnam' function. */ #undef HAVE_GETPWNAM -/* Define if you have gettid() */ +/* Define to 1 if you have the 'gettid' function. */ #undef HAVE_GETTID /* Define if struct tm has a tm_gmtoff field */ @@ -106,7 +109,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_GRP_H -/* Define to 1 if you have the `initgroups' function. */ +/* Define to 1 if you have the 'initgroups' function. */ #undef HAVE_INITGROUPS /* Define to 1 if you have the header file. */ @@ -115,17 +118,17 @@ /* Define if jansson is available */ #undef HAVE_JANSSON -/* Define to 1 if you have the `killpg' function. */ +/* Define to 1 if you have the 'killpg' function. */ #undef HAVE_KILLPG -/* Define to 1 if you have the `kqueue' function. */ +/* Define to 1 if you have the 'kqueue' function. */ #undef HAVE_KQUEUE /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H +/* Define to 1 if you have the header file. */ +#undef HAVE_MINIX_CONFIG_H /* Define if nghttp2 is available */ #undef HAVE_NGHTTP2 @@ -133,22 +136,31 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NGHTTP2_NGHTTP2_H +/* Define to 1 if you have the 'nghttp2_option_set_no_closed_streams' + function. */ +#undef HAVE_NGHTTP2_OPTION_SET_NO_CLOSED_STREAMS + +/* Define to 1 if you have the + 'nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation' + function. */ +#undef HAVE_NGHTTP2_OPTION_SET_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION + /* Define to 1 if you have the - `nghttp2_session_callbacks_set_on_invalid_header_callback' function. */ + 'nghttp2_session_callbacks_set_on_invalid_header_callback' function. */ #undef HAVE_NGHTTP2_SESSION_CALLBACKS_SET_ON_INVALID_HEADER_CALLBACK -/* Define to 1 if you have the `nghttp2_session_change_stream_priority' +/* Define to 1 if you have the 'nghttp2_session_change_stream_priority' function. */ #undef HAVE_NGHTTP2_SESSION_CHANGE_STREAM_PRIORITY -/* Define to 1 if you have the `nghttp2_session_get_stream_local_window_size' +/* Define to 1 if you have the 'nghttp2_session_get_stream_local_window_size' function. */ #undef HAVE_NGHTTP2_SESSION_GET_STREAM_LOCAL_WINDOW_SIZE -/* Define to 1 if you have the `nghttp2_session_server_new2' function. */ +/* Define to 1 if you have the 'nghttp2_session_server_new2' function. */ #undef HAVE_NGHTTP2_SESSION_SERVER_NEW2 -/* Define to 1 if you have the `nghttp2_stream_get_weight' function. */ +/* Define to 1 if you have the 'nghttp2_stream_get_weight' function. */ #undef HAVE_NGHTTP2_STREAM_GET_WEIGHT /* Define if OpenSSL is available */ @@ -157,33 +169,45 @@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ENGINE_H -/* Define to 1 if you have the `port_create' function. */ +/* Define to 1 if you have the 'OPENSSL_init_ssl' function. */ +#undef HAVE_OPENSSL_INIT_SSL + +/* Detected PCRE2 */ +#undef HAVE_PCRE2 + +/* Define to 1 if you have the 'port_create' function. */ #undef HAVE_PORT_CREATE -/* Define to 1 if you have the `prctl' function. */ +/* Define to 1 if you have the 'prctl' function. */ #undef HAVE_PRCTL /* Define to 1 if you have the header file. */ #undef HAVE_PRIV_H -/* Define to 1 if you have the `pthread_kill' function. */ +/* Define to 1 if you have the 'pthread_kill' function. */ #undef HAVE_PTHREAD_KILL /* Define to 1 if you have the header file. */ #undef HAVE_PWD_H -/* Define to 1 if you have the `RAND_egd' function. */ +/* Define to 1 if you have the 'RAND_egd' function. */ #undef HAVE_RAND_EGD -/* Define to 1 if you have the `setsid' function. */ +/* Define if rustls is available */ +#undef HAVE_RUSTLS + +/* Define to 1 if you have the 'setsid' function. */ #undef HAVE_SETSID -/* Define to 1 if you have the `SSL_CTX_new' function. */ +/* Define to 1 if you have the 'SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_H + /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H @@ -193,9 +217,18 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H -/* Define to 1 if you have the `syslog' function. */ +/* Define to 1 if you have the 'syslog' function. */ #undef HAVE_SYSLOG +/* Define if systemd is supported */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSTEMD_SD_DAEMON_H + +/* Define if you have gettid() via syscall() */ +#undef HAVE_SYS_GETTID + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_IPC_H @@ -235,18 +268,21 @@ /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H -/* Define to 1 if you have the `timegm' function. */ +/* Define to 1 if you have the 'timegm' function. */ #undef HAVE_TIMEGM -/* Define to 1 if you have the `times' function. */ +/* Define to 1 if you have the 'times' function. */ #undef HAVE_TIMES /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H -/* Define to 1 if you have the `vsyslog' function. */ +/* Define to 1 if you have the 'vsyslog' function. */ #undef HAVE_VSYSLOG +/* Define to 1 if you have the header file. */ +#undef HAVE_WCHAR_H + /* Root directory of the Apache install area */ #undef HTTPD_ROOT @@ -274,45 +310,107 @@ /* This platform doesn't suffer from the thundering herd problem */ #undef SINGLE_LISTEN_UNSERIALIZED_ACCEPT -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C89 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #undef STDC_HEADERS /* Path to suexec binary */ #undef SUEXEC_BIN -/* Enable extensions on AIX 3, Interix. */ +/* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif +/* Enable general extensions on macOS. */ +#ifndef _DARWIN_C_SOURCE +# undef _DARWIN_C_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif -/* Enable threading extensions on Solaris. */ +/* Enable X/Open compliant socket functions that do not require linking + with -lxnet on HP-UX 11.11. */ +#ifndef _HPUX_ALT_XOPEN_SOCKET_API +# undef _HPUX_ALT_XOPEN_SOCKET_API +#endif +/* Identify the host operating system as Minix. + This macro does not affect the system headers' behavior. + A future release of Autoconf may stop defining this macro. */ +#ifndef _MINIX +# undef _MINIX +#endif +/* Enable general extensions on NetBSD. + Enable NetBSD compatibility extensions on Minix. */ +#ifndef _NETBSD_SOURCE +# undef _NETBSD_SOURCE +#endif +/* Enable OpenBSD compatibility extensions on NetBSD. + Oddly enough, this does nothing on OpenBSD. */ +#ifndef _OPENBSD_SOURCE +# undef _OPENBSD_SOURCE +#endif +/* Define to 1 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_SOURCE +# undef _POSIX_SOURCE +#endif +/* Define to 2 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_1_SOURCE +# undef _POSIX_1_SOURCE +#endif +/* Enable POSIX-compatible threading on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif +/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */ +#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */ +#ifndef __STDC_WANT_IEC_60559_BFP_EXT__ +# undef __STDC_WANT_IEC_60559_BFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */ +#ifndef __STDC_WANT_IEC_60559_DFP_EXT__ +# undef __STDC_WANT_IEC_60559_DFP_EXT__ +#endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ +#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ +# undef __STDC_WANT_IEC_60559_FUNCS_EXT__ +#endif +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ +#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ +# undef __STDC_WANT_IEC_60559_TYPES_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */ +#ifndef __STDC_WANT_LIB_EXT2__ +# undef __STDC_WANT_LIB_EXT2__ +#endif +/* Enable extensions specified by ISO/IEC 24747:2009. */ +#ifndef __STDC_WANT_MATH_SPEC_FUNCS__ +# undef __STDC_WANT_MATH_SPEC_FUNCS__ +#endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# undef __EXTENSIONS__ +/* Enable X/Open extensions. Define to 500 only if necessary + to make mbstate_t available. */ +#ifndef _XOPEN_SOURCE +# undef _XOPEN_SOURCE #endif -/* Define to 1 if on MINIX. */ -#undef _MINIX - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -#undef _POSIX_1_SOURCE - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -#undef _POSIX_SOURCE - -/* Define to empty if `const' does not conform to ANSI C. */ +/* Define to empty if 'const' does not conform to ANSI C. */ #undef const /* Define to 'int' if doesn't define it for us */ diff --git a/include/ap_expr.h b/include/ap_expr.h index 55fff36..8e57fcd 100644 --- a/include/ap_expr.h +++ b/include/ap_expr.h @@ -57,7 +57,7 @@ typedef struct { * operators) */ #define AP_EXPR_FLAG_SSL_EXPR_COMPAT 1 -/** Don't add siginificant request headers to the Vary response header */ +/** Don't add significant request headers to the Vary response header */ #define AP_EXPR_FLAG_DONT_VARY 2 /** Don't allow functions/vars that bypass the current request's access * restrictions or would otherwise leak confidential information. @@ -282,7 +282,7 @@ typedef struct { /** Function for looking up the provider function for a variable, operator * or function in an expression. - * @param parms The parameter struct, also determins where the result is + * @param parms The parameter struct, also determines where the result is * stored. * @return OK on success, * !OK on failure, diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 2167baa..6f80ab3 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -523,7 +523,82 @@ * 20120211.82 (2.4.35-dev) Add optional function declaration for * ap_proxy_balancer_get_best_worker to mod_proxy.h. * 20120211.83 (2.4.35-dev) Add client64 field to worker_score struct - * + * 20120211.84 (2.4.35-dev) Add ap_no2slash_ex() and merge_slashes to + * core_server_conf. + * 20120211.85 (2.4.40-dev) add ap_set_conn_count(). + * 20120211.86 (2.4.40-dev) Add forward_100_continue{,_set} to proxy_dir_conf + * 20120211.87 (2.4.40-dev) Add dav_popen_propdb + * 20120211.88 (2.4.40-dev) Add ap_dir_nofnmatch() and ap_dir_fnmatch(). + * 20120211.89 (2.4.42-dev) Add add dns_pool to proxy_conn_pool and define + * AP_VOLATILIZE_T. + * 20120211.90 (2.4.42-dev) AP_REG_DEFAULT macro in ap_regex.h + * 20120211.91 (2.4.42-dev) Add ap_is_chunked() in httpd.h + * 20120211.92 (2.4.42-dev) AP_REG_NO_DEFAULT macro in ap_regex.h + * 20120211.93 (2.4.44-dev) Add ap_parse_strict_length() + * 20120211.94 (2.4.47-dev) Add ap_proxy_define_match_worker() + * 20120211.95 (2.4.47-dev) Add proxy check_trans hook + * 20120211.96 (2.4.47-dev) Add ap_get_status_line_ex() + * 20120211.97 (2.4.47-dev) Add read_buf_size member to core_dir_config, + * flush_max_threshold and flush_max_pipelined to + * core_server_config, and ap_get_read_buf_size(). + * 20120211.98 (2.4.47-dev) Add ap_proxy_should_override to mod_proxy.h + * 20120211.99 (2.4.47-dev) Add proxy_tunnel_rec, ap_proxy_tunnel_create() + * and ap_proxy_tunnel_run() to proxy_util. + * 20120211.99 (2.4.47-dev) Add ap_proxy_worker_can_upgrade() + * 20120211.100 (2.4.47-dev) Add ap_proxy_prefetch_input(), + * ap_proxy_spool_input() and + * ap_proxy_read_input(). + * 20120211.101 (2.4.47-dev) ETAG_DIGEST in http_core.h. struct etag_rec, + * ap_make_etag_ex() and ap_set_etag_fd() in + * http_protocol.h. ap_request_bnotes_t, + * AP_REQUEST_STRONG_ETAG, AP_REQUEST_GET_BNOTE, + * AP_REQUEST_SET_BNOTE and AP_REQUEST_IS_STRONG_ETAG + * in httpd.h. + * 20120211.102 (2.4.47-dev) Add ap_ssl_conn_is_ssl()/ap_ssl_var_lookup() and hooks + * 20120211.103 (2.4.47-dev) Add ap_ssl_add_cert_files, ap_ssl_add_fallback_cert_files + * and ap_ssl_answer_challenge and hooks. + * 20120211.104 (2.4.47-dev) Move ap_ssl_* into new http_ssl.h header file + * 20120211.105 (2.4.47-dev) Add ap_ssl_ocsp* hooks and functions to http_ssl.h. + * 20120211.106 (2.4.49-dev) Add ap_create_request(). + * 20120211.107 (2.4.49-dev) Add ap_parse_request_line() and + * ap_check_request_header() + * 20120211.108 (2.4.49-dev) Add ajp_handle_cping_cpong + * 20120211.109 (2.4.49-dev) Add ap_normalize_path(), + * pre_translate_name hook and + * Add map_encoded_one and map_encoded_all bits to + * proxy_server_conf. + * 20120211.110 (2.4.49-dev) Add hook child_stopping to get informed that a child + * is being shut down. + * 20120211.111 (2.4.49-dev) Add dav_get_provider(), dav_open_lockdb(), + * dav_close_lockdb() and dav_get_resource() to + * mod_dav.h. + * 20120211.112 (2.4.49-dev) Add deliver_report and gather_reports hooks. + * 20120211.113 (2.4.49-dev) Add method_precondition hook. + * 20120211.114 (2.4.49-dev) Add optional balancer_manage function. + * 20120211.115 (2.4.49-dev) Add ap_proxy_get_worker_ex() and + * ap_proxy_define_worker_ex() to mod_proxy.h + * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() + * 20120211.117 (2.4.50-dev) Add ap_pre_connection + * 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate + * AP_NORMALIZE_DROP_PARAMETERS + * 20120211.119 (2.4.51-dev) Add dav_validate_root_ns(), dav_find_child_ns(), + * dav_find_next_ns(), dav_find_attr_ns() and + * dav_find_attr(). + * 20120211.120 (2.4.51-dev) Add dav_liveprop_elem structure and + * dav_get_liveprop_element(). + * 20120211.121 (2.4.51-dev) Add ap_post_read_request() + * 20120211.122 (2.4.51-dev) Add ap_thread_create(), ap_thread_main_create() + * and ap_thread_current() + * 20120211.123 (2.4.51-dev) Added ap_pcre_version_string(), AP_REG_PCRE_COMPILED + * and AP_REG_PCRE_LOADED to ap_regex.h. + * 20120211.124 (2.4.51-dev) Add name_ex to struct proxy_worker_shared + * 20120211.125 (2.4.55-dev) Export mod_http2.h as public header + * 20120211.126 (2.4.55-dev) Add additional hcmethod_t enums and PROXY_WORKER_IS_ERROR + * 20120211.127 (2.4.56-dev) Add ap_proxy_canonenc_ex + * 20120211.128 (2.4.55-dev) Add AP_CTIME_OPTION_GMTOFF to util_time.h + * 20120211.129 (2.4.58-dev) Add ap_get_pollfd_from_conn() + * 20120211.130 (2.4.59-dev) Add ap_proxy_determine_address() + * 20120211.131 (2.4.59-dev) Add DAV_WALKTYPE_TOLERANT */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -531,7 +606,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 83 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 131 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/ap_mpm.h b/include/ap_mpm.h index 71f8f47..e3a58aa 100644 --- a/include/ap_mpm.h +++ b/include/ap_mpm.h @@ -88,6 +88,7 @@ extern "C" { * @param plog the log pool, reset after the config file is read * @param server_conf the global server config. * @return DONE for shutdown OK otherwise. + * @ingroup hooks */ AP_DECLARE_HOOK(int, mpm, (apr_pool_t *pconf, apr_pool_t *plog, server_rec *server_conf)) @@ -113,42 +114,75 @@ AP_DECLARE(apr_status_t) ap_os_create_privileged_process( apr_procattr_t *attr, apr_pool_t *p); -/* Subtypes/Values for AP_MPMQ_IS_THREADED and AP_MPMQ_IS_FORKED */ -#define AP_MPMQ_NOT_SUPPORTED 0 /* This value specifies that an */ - /* MPM is not capable of */ - /* threading or forking. */ -#define AP_MPMQ_STATIC 1 /* This value specifies that */ - /* an MPM is using a static */ - /* number of threads or daemons */ -#define AP_MPMQ_DYNAMIC 2 /* This value specifies that */ - /* an MPM is using a dynamic */ - /* number of threads or daemons */ - -/* Values returned for AP_MPMQ_MPM_STATE */ +/** @defgroup mpmq MPM query + * @{ + */ + +/** @defgroup thrdfrk Subtypes/Values returned for AP_MPMQ_IS_THREADED and AP_MPMQ_IS_FORKED + * @ingroup mpmq + * @{ + */ +#define AP_MPMQ_NOT_SUPPORTED 0 /**< This value specifies that an + * MPM is not capable of + * threading or forking. */ +#define AP_MPMQ_STATIC 1 /**< This value specifies that + * an MPM is using a static + * number of threads or daemons */ +#define AP_MPMQ_DYNAMIC 2 /**< This value specifies that + * an MPM is using a dynamic + * number of threads or daemons */ +/** @} */ + +/** @defgroup qstate Values returned for AP_MPMQ_MPM_STATE + * @ingroup mpmq + * @{ + */ #define AP_MPMQ_STARTING 0 #define AP_MPMQ_RUNNING 1 #define AP_MPMQ_STOPPING 2 +/** @} */ -#define AP_MPMQ_MAX_DAEMON_USED 1 /* Max # of daemons used so far */ -#define AP_MPMQ_IS_THREADED 2 /* MPM can do threading */ -#define AP_MPMQ_IS_FORKED 3 /* MPM can do forking */ -#define AP_MPMQ_HARD_LIMIT_DAEMONS 4 /* The compiled max # daemons */ -#define AP_MPMQ_HARD_LIMIT_THREADS 5 /* The compiled max # threads */ -#define AP_MPMQ_MAX_THREADS 6 /* # of threads/child by config */ -#define AP_MPMQ_MIN_SPARE_DAEMONS 7 /* Min # of spare daemons */ -#define AP_MPMQ_MIN_SPARE_THREADS 8 /* Min # of spare threads */ -#define AP_MPMQ_MAX_SPARE_DAEMONS 9 /* Max # of spare daemons */ -#define AP_MPMQ_MAX_SPARE_THREADS 10 /* Max # of spare threads */ -#define AP_MPMQ_MAX_REQUESTS_DAEMON 11 /* Max # of requests per daemon */ -#define AP_MPMQ_MAX_DAEMONS 12 /* Max # of daemons by config */ -#define AP_MPMQ_MPM_STATE 13 /* starting, running, stopping */ -#define AP_MPMQ_IS_ASYNC 14 /* MPM can process async connections */ -#define AP_MPMQ_GENERATION 15 /* MPM generation */ -#define AP_MPMQ_HAS_SERF 16 /* MPM can drive serf internally */ +/** @defgroup qcodes Query codes for ap_mpm_query() + * @ingroup mpmq + * @{ + */ +/** Max # of daemons used so far */ +#define AP_MPMQ_MAX_DAEMON_USED 1 +/** MPM can do threading */ +#define AP_MPMQ_IS_THREADED 2 +/** MPM can do forking */ +#define AP_MPMQ_IS_FORKED 3 +/** The compiled max # daemons */ +#define AP_MPMQ_HARD_LIMIT_DAEMONS 4 +/** The compiled max # threads */ +#define AP_MPMQ_HARD_LIMIT_THREADS 5 +/** \# of threads/child by config */ +#define AP_MPMQ_MAX_THREADS 6 +/** Min # of spare daemons */ +#define AP_MPMQ_MIN_SPARE_DAEMONS 7 +/** Min # of spare threads */ +#define AP_MPMQ_MIN_SPARE_THREADS 8 +/** Max # of spare daemons */ +#define AP_MPMQ_MAX_SPARE_DAEMONS 9 +/** Max # of spare threads */ +#define AP_MPMQ_MAX_SPARE_THREADS 10 +/** Max # of requests per daemon */ +#define AP_MPMQ_MAX_REQUESTS_DAEMON 11 +/** Max # of daemons by config */ +#define AP_MPMQ_MAX_DAEMONS 12 +/** starting, running, stopping */ +#define AP_MPMQ_MPM_STATE 13 +/** MPM can process async connections */ +#define AP_MPMQ_IS_ASYNC 14 +/** MPM generation */ +#define AP_MPMQ_GENERATION 15 +/** MPM can drive serf internally */ +#define AP_MPMQ_HAS_SERF 16 +/** @} */ /** * Query a property of the current MPM. - * @param query_code One of APM_MPMQ_* + * @param query_code One of AP_MPMQ_* * @param result A location to place the result of the query * @return APR_EGENERAL if an mpm-query hook has not been registered; * APR_SUCCESS or APR_ENOTIMPL otherwise @@ -159,6 +193,7 @@ AP_DECLARE(apr_status_t) ap_os_create_privileged_process( */ AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result); +/** @} */ typedef void (ap_mpm_callback_fn_t)(void *baton); @@ -191,6 +226,7 @@ typedef enum mpm_child_status { * scoreboard slot. * @param state One of the mpm_child_status values. Modules should ignore * unrecognized values. + * @ingroup hooks */ AP_DECLARE_HOOK(void,child_status,(server_rec *s, pid_t pid, ap_generation_t gen, int slot, mpm_child_status state)) @@ -201,6 +237,7 @@ AP_DECLARE_HOOK(void,child_status,(server_rec *s, pid_t pid, ap_generation_t gen * * @param s The main server_rec. * @param gen The server generation which is now completely finished. + * @ingroup hooks */ AP_DECLARE_HOOK(void,end_generation,(server_rec *s, ap_generation_t gen)) @@ -224,6 +261,14 @@ typedef struct ap_exception_info_t { pid_t pid; } ap_exception_info_t; +/** + * Run the fatal_exception hook for each module; this hook is run + * from some MPMs in the event of a child process crash, if the + * server was built with --enable-exception-hook and the + * EnableExceptionHook directive is On. + * @param ei information about the exception + * @ingroup hooks + */ AP_DECLARE_HOOK(int,fatal_exception,(ap_exception_info_t *ei)) #endif /*AP_ENABLE_EXCEPTION_HOOK*/ diff --git a/include/ap_regex.h b/include/ap_regex.h index 7d8df79..50d5aba 100644 --- a/include/ap_regex.h +++ b/include/ap_regex.h @@ -84,7 +84,17 @@ extern "C" { #define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */ -#define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */ +#define AP_REG_NO_DEFAULT 0x400 /**< Don't implicitely add AP_REG_DEFAULT options */ + +#define AP_REG_MATCH "MATCH_" /**< suggested prefix for ap_regname */ + +#define AP_REG_DEFAULT (AP_REG_DOTALL|AP_REG_DOLLAR_ENDONLY) + +/* Arguments for ap_pcre_version_string */ +enum { + AP_REG_PCRE_COMPILED = 0, /** PCRE version used during program compilation */ + AP_REG_PCRE_LOADED /** PCRE version loaded at runtime */ +}; /* Error values: */ enum { @@ -109,6 +119,15 @@ typedef struct { /* The functions */ +/** + * Return PCRE version string. + * @param which Either AP_REG_PCRE_COMPILED (PCRE version used + * during program compilation) or AP_REG_PCRE_LOADED + * (PCRE version used at runtime) + * @return The PCRE version string + */ +AP_DECLARE(const char *) ap_pcre_version_string(int which); + /** * Get default compile flags * @return Bitwise OR of AP_REG_* flags @@ -182,6 +201,8 @@ AP_DECLARE(apr_size_t) ap_regerror(int errcode, const ap_regex_t *preg, * Return an array of named regex backreferences * @param preg The precompiled regex * @param names The array to which the names will be added + * @param prefix An optional prefix to add to the returned names. AP_REG_MATCH + * is the recommended prefix. * @param upper If non zero, uppercase the names */ AP_DECLARE(int) ap_regname(const ap_regex_t *preg, diff --git a/include/ap_release.h b/include/ap_release.h index c1b1300..827dfc0 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -23,7 +23,7 @@ #define AP_RELEASE_H #define AP_SERVER_COPYRIGHT \ - "Copyright 2019 The Apache Software Foundation." + "Copyright 2024 The Apache Software Foundation." /* * The below defines the base string of the Server: header. Additional @@ -43,7 +43,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 -#define AP_SERVER_PATCHLEVEL_NUMBER 38 +#define AP_SERVER_PATCHLEVEL_NUMBER 59 #define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ diff --git a/include/http_config.h b/include/http_config.h index adc5825..8359eb1 100644 --- a/include/http_config.h +++ b/include/http_config.h @@ -786,7 +786,7 @@ AP_DECLARE(void) ap_remove_module(module *m); AP_DECLARE(const char *) ap_add_loaded_module(module *mod, apr_pool_t *p, const char *s); /** - * Remove a module fromthe chained modules list and the list of loaded modules + * Remove a module from the chained modules list and the list of loaded modules * @param mod the module structure of the module to remove */ AP_DECLARE(void) ap_remove_loaded_module(module *mod); @@ -907,7 +907,7 @@ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p, * @param conf_pool The pconf pool * @param temp_pool The temporary pool * @param conftree Place to store the root node of the config tree - * @return Error string on erro, NULL otherwise + * @return Error string on error, NULL otherwise * @note If conf_pool == temp_pool, ap_build_config() will assume .htaccess * context and use a lower maximum line length. */ @@ -927,6 +927,21 @@ AP_DECLARE(const char *) ap_walk_config(ap_directive_t *conftree, cmd_parms *parms, ap_conf_vector_t *section_vector); +/** + * Convenience function to create a ap_dir_match_t structure from a cmd_parms. + * + * @param cmd The command. + * @param flags Flags to indicate whether optional or recursive. + * @param cb Callback for each file found that matches the wildcard. Return NULL on + * success, an error string on error. + * @param ctx Context for the callback. + * @return Structure ap_dir_match_t with fields populated, allocated from the + * cmd->temp_pool. + */ +AP_DECLARE(ap_dir_match_t *)ap_dir_cfgmatch(cmd_parms *cmd, int flags, + const char *(*cb)(ap_dir_match_t *w, const char *fname), void *ctx) + __attribute__((nonnull(1,3))); + /** * @defgroup ap_check_cmd_context Check command context * @{ @@ -1054,7 +1069,7 @@ AP_DECLARE(void) ap_run_rewrite_args(process_rec *process); /** * Run the register hooks function for a specified module - * @param m The module to run the register hooks function fo + * @param m The module to run the register hooks function from * @param p The pool valid for the lifetime of the module */ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p); @@ -1283,6 +1298,7 @@ AP_CORE_DECLARE(void *) ap_set_config_vectors(server_rec *server, * Run the header parser functions for each module * @param r The current request * @return OK or DECLINED + * @ingroup hooks */ AP_DECLARE_HOOK(int,header_parser,(request_rec *r)) @@ -1292,6 +1308,7 @@ AP_DECLARE_HOOK(int,header_parser,(request_rec *r)) * @param plog The logging streams pool * @param ptemp The temporary pool * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,pre_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp)) @@ -1303,6 +1320,7 @@ AP_DECLARE_HOOK(int,pre_config,(apr_pool_t *pconf,apr_pool_t *plog, * @param ptemp The temporary pool * @param s the server to operate upon * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,check_config,(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)) @@ -1315,17 +1333,28 @@ AP_DECLARE_HOOK(int,check_config,(apr_pool_t *pconf, apr_pool_t *plog, * @note To avoid reordering problems due to different buffering, hook * functions should only apr_file_*() to print to stdout/stderr and * not simple printf()/fprintf(). - * + * @ingroup hooks */ AP_DECLARE_HOOK(void,test_config,(apr_pool_t *pconf, server_rec *s)) /** * Run the post_config function for each module + * + * The function might be called multiple times. @a pconf, @a plog, and + * @a ptemp may be cleared and/or destroyed between calls. + * + * The function will be called zero or one times with the server's state being + * #AP_SQ_MS_CREATE_PRE_CONFIG, and will be called one or more times with + * the server's state being #AP_SQ_MS_CREATE_CONFIG. + * + * @see ap_state_query(), #AP_SQ_MAIN_STATE + * * @param pconf The config pool * @param plog The logging streams pool * @param ptemp The temporary pool * @param s The list of server_recs * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s)) @@ -1337,6 +1366,7 @@ AP_DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, * @param ptemp The temporary pool * @param s The list of server_recs * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,open_logs,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s)) @@ -1345,6 +1375,7 @@ AP_DECLARE_HOOK(int,open_logs,(apr_pool_t *pconf,apr_pool_t *plog, * Run the child_init functions for each module * @param pchild The child pool * @param s The list of server_recs in this server + * @ingroup hooks */ AP_DECLARE_HOOK(void,child_init,(apr_pool_t *pchild, server_rec *s)) @@ -1352,6 +1383,7 @@ AP_DECLARE_HOOK(void,child_init,(apr_pool_t *pchild, server_rec *s)) * Run the handler functions for each module * @param r The request_rec * @remark non-wildcard handlers should HOOK_MIDDLE, wildcard HOOK_LAST + * @ingroup hooks */ AP_DECLARE_HOOK(int,handler,(request_rec *r)) @@ -1365,6 +1397,7 @@ AP_DECLARE_HOOK(int,handler,(request_rec *r)) * @param lookup_uri Controls whether the caller actually wants content or not. * lookup is set when the quick_handler is called out of * ap_sub_req_lookup_uri() + * @ingroup hooks */ AP_DECLARE_HOOK(int,quick_handler,(request_rec *r, int lookup_uri)) @@ -1372,6 +1405,7 @@ AP_DECLARE_HOOK(int,quick_handler,(request_rec *r, int lookup_uri)) * Retrieve the optional functions for each module. * This is run immediately before the server starts. Optional functions should * be registered during the hook registration phase. + * @ingroup hooks */ AP_DECLARE_HOOK(void,optional_fn_retrieve,(void)) @@ -1388,6 +1422,7 @@ AP_DECLARE_HOOK(void,optional_fn_retrieve,(void)) * APR_ENOENT or APR_ENOTDIR if no htaccess file exists, * AP_DECLINED to let later modules do the opening, * any other error code on error. + * @ingroup hooks */ AP_DECLARE_HOOK(apr_status_t,open_htaccess, (request_rec *r, const char *dir_name, const char *access_name, diff --git a/include/http_connection.h b/include/http_connection.h index 8bc009d..71f02bd 100644 --- a/include/http_connection.h +++ b/include/http_connection.h @@ -135,6 +135,21 @@ AP_DECLARE_HOOK(int,process_connection,(conn_rec *c)) */ AP_DECLARE_HOOK(int,pre_close_connection,(conn_rec *c)) +/** + * This is a wrapper around ap_run_pre_connection. In case that + * ap_run_pre_connection returns an error it marks the connection as + * aborted and ensures that the basic connection setup normally done + * by the core module is done in case it was not done so far. + * @param c The connection on which the request has been received. + * Same as for the pre_connection hook. + * @param csd The mechanism on which this connection is to be read. + * Most times this will be a socket, but it is up to the module + * that accepts the request to determine the exact type. + * Same as for the pre_connection hook. + * @return The result of ap_run_pre_connection + */ +AP_DECLARE(int) ap_pre_connection(conn_rec *c, void *csd); + /** End Of Connection (EOC) bucket */ AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eoc; diff --git a/include/http_core.h b/include/http_core.h index 35df5dc..948034f 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -31,6 +31,7 @@ #include "apr_optional.h" #include "util_filter.h" #include "ap_expr.h" +#include "apr_poll.h" #include "apr_tables.h" #include "http_config.h" @@ -160,7 +161,7 @@ AP_DECLARE(const char *) ap_document_root(request_rec *r); /** * Lookup the remote user agent's DNS name or IP address - * @ingroup get_remote_hostname + * @ingroup get_remote_host * @param req The current request * @param type The type of lookup to perform. One of: * 
@@ -253,6 +254,13 @@ AP_DECLARE(const char *) ap_get_server_name_for_url(request_rec *r);
  */
 AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r);
 
+/**
+ * Get the size of read buffers
+ * @param r The current request
+ * @return The read buffers size
+ */
+AP_DECLARE(apr_size_t) ap_get_read_buf_size(const request_rec *r);
+
 /**
  * Return the limit on bytes in request msg body
  * @param r The current request
@@ -482,12 +490,13 @@ typedef unsigned int overrides_t;
  */
 typedef unsigned long etag_components_t;
 
-#define ETAG_UNSET 0
-#define ETAG_NONE  (1 << 0)
-#define ETAG_MTIME (1 << 1)
-#define ETAG_INODE (1 << 2)
-#define ETAG_SIZE  (1 << 3)
-#define ETAG_ALL   (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
+#define ETAG_UNSET  0
+#define ETAG_NONE   (1 << 0)
+#define ETAG_MTIME  (1 << 1)
+#define ETAG_INODE  (1 << 2)
+#define ETAG_SIZE   (1 << 3)
+#define ETAG_DIGEST (1 << 4)
+#define ETAG_ALL    (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
 /* This is the default value used */
 #define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
 
@@ -672,6 +681,8 @@ typedef struct {
 
     /** Table of rules for building CGI variables, NULL if none configured */
     apr_hash_t *cgi_var_rules;
+
+    apr_size_t read_buf_size;
 } core_dir_config;
 
 /* macro to implement off by default behaviour */
@@ -740,7 +751,11 @@ typedef struct {
 #define AP_HTTP_METHODS_LENIENT       1
 #define AP_HTTP_METHODS_REGISTERED    2
     char http_methods;
-
+    unsigned int merge_slashes;
+ 
+    apr_size_t   flush_max_threshold;
+    apr_int32_t  flush_max_pipelined;
+    unsigned int strict_host_check;
 } core_server_config;
 
 /* for AddOutputFiltersByType in core.c */
@@ -769,6 +784,11 @@ AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);
 typedef struct core_output_filter_ctx core_output_filter_ctx_t;
 typedef struct core_filter_ctx        core_ctx_t;
 
+struct core_filter_ctx {
+    apr_bucket_brigade *b;
+    apr_bucket_brigade *tmpbb;
+};
+
 typedef struct core_net_rec {
     /** Connection to the client */
     apr_socket_t *client_socket;
@@ -1041,6 +1061,31 @@ AP_DECLARE(int) ap_state_query(int query_code);
   /** only dump some parts of the config */
 #define AP_SQ_RM_CONFIG_DUMP       4
 
+/** Get a apr_pollfd_t populated with descriptor and descriptor type
+ * and the timeout to use for it.
+ * @return APR_ENOTIMPL if not supported for a connection.
+ */
+AP_DECLARE_HOOK(apr_status_t, get_pollfd_from_conn,
+                (conn_rec *c, struct apr_pollfd_t *pfd,
+                 apr_interval_time_t *ptimeout))
+
+/**
+ * Pass in a `struct apr_pollfd_t*` and get `desc_type` and `desc`
+ * populated with a suitable value for polling connection input.
+ * For primary connection (c->master == NULL), this will be the connection
+ * socket. For secondary connections this may differ or not be available
+ * at all.
+ * Note that APR_NO_DESC may be set to indicate that the connection
+ * input is already closed.
+ *
+ * @param pfd  the pollfd to set the descriptor in
+ * @param ptimeout  != NULL to retrieve the timeout in effect
+ * @return ARP_SUCCESS when the information was assigned.
+ */
+AP_CORE_DECLARE(apr_status_t) ap_get_pollfd_from_conn(conn_rec *c,
+                                      struct apr_pollfd_t *pfd,
+                                      apr_interval_time_t *ptimeout);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/http_protocol.h b/include/http_protocol.h
index 11c7b2d..94c481e 100644
--- a/include/http_protocol.h
+++ b/include/http_protocol.h
@@ -53,6 +53,13 @@ AP_DECLARE_DATA extern ap_filter_rec_t *ap_old_write_func;
  * or control the ones that eventually do.
  */
 
+/**
+ * Read an empty request and set reasonable defaults.
+ * @param c The current connection
+ * @return The new request_rec
+ */
+AP_DECLARE(request_rec *) ap_create_request(conn_rec *c);
+
 /**
  * Read a request and fill in the fields.
  * @param c The current connection
@@ -60,6 +67,20 @@ AP_DECLARE_DATA extern ap_filter_rec_t *ap_old_write_func;
  */
 request_rec *ap_read_request(conn_rec *c);
 
+/**
+ * Parse and validate the request line.
+ * @param r The current request
+ * @return 1 on success, 0 on failure
+ */
+AP_DECLARE(int) ap_parse_request_line(request_rec *r);
+
+/**
+ * Validate the request header and select vhost.
+ * @param r The current request
+ * @return 1 on success, 0 on failure
+ */
+AP_DECLARE(int) ap_check_request_header(request_rec *r);
+
 /**
  * Read the mime-encoded headers.
  * @param r The current request
@@ -75,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r);
 AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
                                           apr_bucket_brigade *bb);
 
+/**
+ * Run post_read_request hook and validate.
+ * @param r The current request
+ * @return OK or HTTP_...
+ */
+AP_DECLARE(int) ap_post_read_request(request_rec *r);
+
 /* Finish up stuff after a request */
 
 /**
@@ -145,6 +173,27 @@ AP_DECLARE(const char *) ap_make_content_type(request_rec *r,
  */
 AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool);
 
+/** A structure with the ingredients for a file based etag */
+typedef struct etag_rec etag_rec;
+
+/**
+ * @brief A structure with the ingredients for a file based etag
+ */
+struct etag_rec {
+    /** Optional vary list validator */
+    const char *vlist_validator;
+    /** Time when the request started */
+    apr_time_t request_time;
+    /** finfo.protection (st_mode) set to zero if no such file */
+    apr_finfo_t *finfo;
+    /** File pathname used when generating a digest */
+    const char *pathname;
+    /** File descriptor used when generating a digest */
+    apr_file_t *fd;
+    /** Force a non-digest etag to be weak */
+    int force_weak;
+};
+
 /**
  * Construct an entity tag from the resource information.  If it's a real
  * file, build in some of the file characteristics.
@@ -155,12 +204,27 @@ AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool);
  */
 AP_DECLARE(char *) ap_make_etag(request_rec *r, int force_weak);
 
+/**
+ * Construct an entity tag from information provided in the etag_rec
+ * structure.
+ * @param r The current request
+ * @param er The etag record, containing ingredients for the etag.
+ */
+AP_DECLARE(char *) ap_make_etag_ex(request_rec *r, etag_rec *er);
+
 /**
  * Set the E-tag outgoing header
  * @param r The current request
  */
 AP_DECLARE(void) ap_set_etag(request_rec *r);
 
+/**
+ * Set the E-tag outgoing header, with the option of forcing a strong ETag.
+ * @param r The current request
+ * @param fd The file descriptor
+ */
+AP_DECLARE(void) ap_set_etag_fd(request_rec *r, apr_file_t *fd);
+
 /**
  * Set the last modified time for the file being sent
  * @param r The current request
@@ -411,7 +475,27 @@ AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r);
  */
 static APR_INLINE int ap_rputs(const char *str, request_rec *r)
 {
-    return ap_rwrite(str, (int)strlen(str), r);
+    apr_size_t len;
+
+    len = strlen(str);
+
+    for (;;) {
+        if (len <= INT_MAX) {
+            return ap_rwrite(str, (int)len, r);
+        }
+        else {
+            int rc;
+
+            rc = ap_rwrite(str, INT_MAX, r);
+            if (rc < 0) {
+                return rc;
+            }
+            else {
+                str += INT_MAX;
+                len -= INT_MAX;
+            }
+        }
+    }
 }
 
 /**
@@ -466,6 +550,17 @@ AP_DECLARE(int) ap_index_of_response(int status);
  */
 AP_DECLARE(const char *) ap_get_status_line(int status);
 
+/**
+ * Return the Status-Line for a given status code (excluding the
+ * HTTP-Version field). If an invalid status code is passed,
+ * "500 Internal Server Error" will be returned, whereas an unknown
+ * status will be returned like "xxx Status xxx".
+ * @param p The pool to allocate from when status is unknown
+ * @param status The HTTP status code
+ * @return The Status-Line
+ */
+AP_DECLARE(const char *) ap_get_status_line_ex(apr_pool_t *p, int status);
+
 /* Reading a block of data from the client connection (e.g., POST arg) */
 
 /**
@@ -733,7 +828,7 @@ AP_DECLARE_HOOK(const char *,http_scheme,(const request_rec *r))
 AP_DECLARE_HOOK(apr_port_t,default_port,(const request_rec *r))
 
 
-#define AP_PROTOCOL_HTTP1		"http/1.1"
+#define AP_PROTOCOL_HTTP1        "http/1.1"
 
 /**
  * Determine the list of protocols available for a connection/request. This may
@@ -798,8 +893,7 @@ AP_DECLARE_HOOK(int,protocol_propose,(conn_rec *c, request_rec *r,
  * @param c The current connection
  * @param r The current request or NULL
  * @param s The server/virtual host selected
- * @param choices A list of protocol identifiers, normally the clients whishes
- * @param proposals the list of protocol identifiers proposed by the hooks
+ * @param protocol The protocol identifier we try to switch to
  * @return OK or DECLINED
  * @bug This API or implementation and order of operations should be considered
  * experimental and will continue to evolve in future 2.4 releases, with
@@ -1015,6 +1109,8 @@ AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub_r);
  */
 AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers);
 
+
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/http_request.h b/include/http_request.h
index 0013d39..7e8bfad 100644
--- a/include/http_request.h
+++ b/include/http_request.h
@@ -332,14 +332,14 @@ void ap_process_async_request(request_rec *r);
 
 /**
  * Kill the current request
- * @param type Why the request is dieing
+ * @param type Why the request is dying
  * @param r The current request
  */
 AP_DECLARE(void) ap_die(int type, request_rec *r);
 
 /**
  * Check whether a connection is still established and has data available,
- * optionnaly consuming blank lines ([CR]LF).
+ * optionally consuming blank lines ([CR]LF).
  * @param c The current connection
  * @param bb The brigade to filter
  * @param max_blank_lines Max number of blank lines to consume, or zero
@@ -362,6 +362,18 @@ AP_DECLARE(apr_status_t) ap_check_pipeline(conn_rec *c, apr_bucket_brigade *bb,
  */
 AP_DECLARE_HOOK(int,create_request,(request_rec *r))
 
+/**
+ * This hook allow modules an opportunity to translate the URI into an
+ * actual filename, before URL decoding happens.
+ * @param r The current request
+ * @return DECLINED to let other modules handle the pre-translation,
+ *         OK if it was handled and no other module should process it,
+ *         DONE if no further transformation should happen on the URI,
+ *         HTTP_... in case of error.
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(int,pre_translate_name,(request_rec *r))
+
 /**
  * This hook allow modules an opportunity to translate the URI into an
  * actual filename.  If no modules do anything special, the server's default
@@ -443,7 +455,7 @@ AP_DECLARE_HOOK(int,access_checker,(request_rec *r))
  * This hook should be registered with ap_hook_check_access_ex().
  *
  * @param r the current request
- * @return OK (allow acces), DECLINED (let later modules decide),
+ * @return OK (allow access), DECLINED (let later modules decide),
  *         or HTTP_... (deny access)
  * @ingroup hooks
  * @see ap_hook_check_access_ex
@@ -549,7 +561,7 @@ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
  * This hook allows modules to affect the request immediately after the
  * per-directory configuration for the request has been generated.
  * @param r The current request
- * @return OK (allow acces), DECLINED (let later modules decide),
+ * @return OK (allow access), DECLINED (let later modules decide),
  *         or HTTP_... (deny access)
  * @ingroup hooks
  */
@@ -589,7 +601,7 @@ AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eor;
  * @param e The bucket to inspect
  * @return true or false
  */
-#define AP_BUCKET_IS_EOR(e)         (e->type == &ap_bucket_type_eor)
+#define AP_BUCKET_IS_EOR(e)         ((e)->type == &ap_bucket_type_eor)
 
 /**
  * Make the bucket passed in an End Of REQUEST (EOR) bucket
diff --git a/include/http_ssl.h b/include/http_ssl.h
new file mode 100644
index 0000000..2e052c5
--- /dev/null
+++ b/include/http_ssl.h
@@ -0,0 +1,317 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file  http_ssl.h
+ * @brief SSL protocol handling
+ *
+ * @defgroup APACHE_CORE_PROTO SSL Protocol Handling
+ * @ingroup  APACHE_CORE
+ * @{
+ */
+
+#ifndef APACHE_HTTP_SSL_H
+#define APACHE_HTTP_SSL_H
+
+#include "httpd.h"
+#include "apr_portable.h"
+#include "apr_mmap.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct ap_conf_vector_t;
+
+/**
+ * This hook allows modules that manage SSL connection to register their
+ * inquiry function for checking if a connection is using SSL from them.
+ * @param c The current connection
+ * @return OK if the connection is using SSL, DECLINED if not.
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c))
+
+/**
+ * Return != 0 iff the connection is encrypted with SSL.
+ * @param c the connection
+ */
+AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c);
+
+/**
+ * This hook declares a connection to be outgoing and the configuration that applies to it.
+ * This hook can be called several times in the lifetime of an outgoing connection, e.g.
+ * when it is re-used in different request contexts. It will at least be called after the
+ * connection was created and before the pre-connection hooks is invoked.
+ * All outgoing-connection hooks are run until one returns something other than DECLINE.
+ * if enable_ssl != 0, a hook that sets up SSL for the connection needs to return OK
+ * to prevent subsequent hooks from doing the same.
+ *
+ * @param c The connection on which requests/data are to be sent.
+ * @param dir_conf The directory configuration in which this connection is being used.
+ * @param enable_ssl If != 0, the SSL protocol should be enabled for this connection.
+ * @return DECLINED, OK when ssl was enabled
+ */
+AP_DECLARE_HOOK(int, ssl_bind_outgoing,
+               (conn_rec *c, struct ap_conf_vector_t *dir_conf, int enable_ssl))
+
+/**
+ * Assures the connection is marked as outgoing and invokes the ssl_bind_outgoing hook.
+ * This may be called several times on an outgoing connection with varying dir_conf
+ * values. require_ssl is not allowed to change on the same connection.
+ *
+ * @param c The connection on which requests/data are to be sent.
+ * @param dir_conf The directory configuration in which this connection is being used.
+ * @param require_ssl != 0 iff this connection needs to be secured by SSL/TLS protocol.
+ * @return OK iff ssl was required and is enabled, DECLINED otherwise
+ */
+AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf,
+                                     int require_ssl);
+
+/**
+ * Return != 0 iff handlers/hooks for outgoing connections are registered.
+ */
+AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void);
+
+/**
+ * This hook allows modules to look up SSL related variables for a
+ * server/connection/request, depending on what they inquire. Some
+ * variables will only be available for a connection/request, for example.
+ * @param p The pool to allocate a returned value in, MUST be provided
+ * @param s The server to inquire a value for, maybe NULL
+ * @param c The current connection, maybe NULL
+ * @param r The current request, maybe NULL
+ * @param name The name of the variable to retrieve, MUST be provided
+ * @return value or the variable or NULL if not provided/available
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(const char *,ssl_var_lookup,
+    (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name))
+
+/**
+ * Lookup an SSL related variable for the server/connection/request or a global
+ * value when all those parameters are set to NULL. Pool and name must always be
+ * provided and the returned value (if not NULL) will be allocated from the pool.
+ * @param p The pool to allocate a returned value in, MUST be provided
+ * @param s The server to inquire a value for, maybe NULL
+ * @param c The current connection, maybe NULL
+ * @param r The current request, maybe NULL
+ * @param name The name of the variable to retrieve, MUST be provided
+ * @return value or the variable or NULL if not provided/available
+ */
+AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
+                                           conn_rec *c, request_rec *r,
+                                           const char *name);
+
+/**
+ * Register to provide certificate/key files for servers. Certificate files are
+ * expected to contain the certificate chain, beginning with the server's certificate,
+ * excluding the trust anchor, in PEM format.
+ * They must be accompanied by a private key file, also in PEM format.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_files an array of const char* with the path to the certificate chain
+ * @param key_files an array of const char* with the path to the private key file
+ * @return OK if files were added, DECLINED if not, or other for error.
+ */
+
+AP_DECLARE_HOOK(int, ssl_add_cert_files, (server_rec *s, apr_pool_t *p,
+                                          apr_array_header_t *cert_files,
+                                          apr_array_header_t *key_files))
+
+/**
+ * Collect certificate/key files from all providers registered. This includes
+ * providers registered at the global 'ssl_add_cert_files', as well as those
+ * installed in the OPTIONAL 'ssl_add_cert_files' hook as may be provided by
+ * ssl modules.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_files an array of const char* with the path to the certificate chain
+ * @param key_files an array of const char* with the path to the private key file
+ */
+AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p,
+                                               apr_array_header_t *cert_files,
+                                               apr_array_header_t *key_files);
+
+
+/**
+ * Register to provide 'fallback' certificates in case no 'real' certificates
+ * have been configured/added by other providers. Modules using these certificates
+ * are encouraged to answer requests to this server with a 503 response code.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_files an array of const char* with the path to the certificate chain
+ * @param key_files an array of const char* with the path to the private key file
+ * @return OK if files were added, DECLINED if not, or other for error.
+ */
+AP_DECLARE_HOOK(int, ssl_add_fallback_cert_files, (server_rec *s, apr_pool_t *p,
+                                                   apr_array_header_t *cert_files,
+                                                   apr_array_header_t *key_files))
+
+/**
+ * Collect 'fallback' certificate/key files from all registered providers, either
+ * in the global 'ssl_add_fallback_cert_files' hook or the optional one of similar
+ * name as provided by mod_ssl and sorts.
+ * Certificates obtained this way are commonly self signed, temporary crutches.
+ * To be used to the time it takes to retrieve a 'read', trusted certificate.
+ * A module using fallbacks is encouraged to answer all requests with a 503.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_files an array of const char* with the path to the certificate chain
+ * @param key_files an array of const char* with the path to the private key file
+ */
+AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p,
+                                                        apr_array_header_t *cert_files,
+                                                        apr_array_header_t *key_files);
+
+
+/**
+ * On TLS connections that do not relate to a configured virtual host
+ * allow modules to provide a certificate and key to be used on the connection.
+ *
+ * A Certificate PEM added must be accompanied by a private key PEM. The private
+ * key PEM may be given by a NULL pointer, in which case it is expected to be found in
+ * the certificate PEM string.
+ */
+AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name,
+                                            const char **pcert_pem, const char **pkey_pem))
+
+/**
+ * Returns != 0 iff the connection is a challenge to the server, for example
+ * as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs
+ * a specific certificate as answer in the handshake.
+ *
+ * ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch'
+ * need to have run before this call is made.
+ *
+ * Certificate PEMs added must be accompanied by a private key PEM. The private
+ * key PEM may be given by a NULL pointer, in which case it is expected to be found in
+ * the certificate PEM string.
+ *
+ * A certificate provided this way needs to replace any other certificates selected
+ * by configuration or 'ssl_add_cert_pems` on this connection.
+ */
+AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
+                                        const char **pcert_pem, const char **pkey_pem);
+
+
+/**
+ * Setup optional functions for ssl related queries so that functions
+ * registered by old-style SSL module functions are interrogated by the
+ * the new ap_is_ssl() and friends. Installs own optional functions, so that
+ * old modules looking for these find one and get the correct results (shadowing).
+ *
+ * Needs to run in core's very early POST_CONFIG hook.
+ * Modules providing such functions register their own optionals during
+ * register_hooks(). Modules using such functions retrieve them often
+ * in their own post-config or in the even later retrieval hook. When shadowing
+ * other modules functions, core's early post-config is a good time.
+ * @param pool The pool to use for allocations
+ */
+AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool);
+
+/**
+ * Providers of OCSP status responses register at this hook. Installed hooks returning OK
+ * are expected to provide later OCSP responses via a 'ap_ssl_ocsp_get_resp_hook'.
+ * @param s     the server being configured
+ * @params p    a memory pool to use
+ * @param id    opaque data uniquely identifying the certificate, provided by caller
+ * @param pem   PEM data of certificate first, followed by PEM of issuer cert
+ * @return OK iff stapling is being provided
+ */
+AP_DECLARE_HOOK(int, ssl_ocsp_prime_hook, (server_rec *s, apr_pool_t *p,
+                                           const char *id, apr_size_t id_len,
+                                           const char *pem))
+
+/**
+ * Registering a certificate for Provisioning of OCSP responses. It is the caller's
+ * responsibility to provide a global (apache instance) unique id for the certificate
+ * that is then used later in retrieving the OCSP response.
+ * A certificate can be primed this way more than once, however the same identifier
+ * has to be provided each time (byte-wise same, not pointer same).
+ * The memory pointed to by `id` and `pem` is only valid for the duration of the call.
+ *
+ * @param s     the server being configured
+ * @params p    a memory pool to use
+ * @param id    opaque data uniquely identifying the certificate, provided by caller
+ * @param pem   PEM data of certificate first, followed by chain certs, at least the issuer
+ * @return APR_SUCCESS iff OCSP responses will be provided.
+ *         APR_ENOENT when no provided was found or took responsibility.
+ */
+AP_DECLARE(apr_status_t) ap_ssl_ocsp_prime(server_rec *s, apr_pool_t *p,
+                                           const char *id, apr_size_t id_len,
+                                           const char *pem);
+
+/**
+ * Callback to copy over the OCSP response data. If OCSP response data is not
+ * available, this will be called with NULL, 0 parameters!
+ *
+ * Memory allocation methods and lifetime of data will vary per module and
+ * SSL library used. The caller requesting OCSP data will need to make a copy
+ * for his own use.
+ * Any passed data may only be valid for the duration of the call.
+ */
+typedef void ap_ssl_ocsp_copy_resp(const unsigned char *der, apr_size_t der_len, void *userdata);
+
+/**
+ * Asking for OCSP response DER data for a certificate formerly primed.
+ * @param s     the (SNI selected) server of the connection
+ * @param c     the connection
+ * @param id    identifier for the certifate, as used in ocsp_stapling_prime()
+ * @param cb    callback to invoke when response data is available
+ * @param userdata caller supplied data passed to callback
+ * @return OK iff response data has been provided, DECLINED otherwise
+ */
+AP_DECLARE_HOOK(int, ssl_ocsp_get_resp_hook,
+                (server_rec *s, conn_rec *c, const char *id, apr_size_t id_len,
+                 ap_ssl_ocsp_copy_resp *cb, void *userdata))
+
+/**
+ * Retrieve the OCSP response data for a previously primed certificate. The id needs
+ * to be byte-wise identical to the one used on priming. If the call return ARP_SUCCESS,
+ * the callback has been invoked with the OCSP response DER data.
+ * Otherwise, a different status code must be returned. Callers in SSL connection
+ * handshakes are encouraged to continue the handshake without OCSP data for
+ * server reliability. The decision to accept or reject a handshake with missing
+ * OCSP stapling data needs to be done by the client.
+ * For similar reasons, providers of responses might return seemingly expired ones
+ * if they were unable to refresh a response in time.
+ *
+ * The memory pointed to by `id` is only valid for the duration of the call.
+ * Also, the DER data passed to the callback is only valid for the duration
+ * of the call.
+ *
+ * @param s     the (SNI selected) server of the connection
+ * @param c     the connection
+ * @param id    identifier for the certifate, as used in ocsp_stapling_prime()
+ * @param cb    callback to invoke when response data is available
+ * @param userdata caller supplied data passed to callback
+ * @return APR_SUCCESS iff data has been provided
+ */
+AP_DECLARE(apr_status_t) ap_ssl_ocsp_get_resp(server_rec *s, conn_rec *c,
+                                              const char *id, apr_size_t id_len,
+                                              ap_ssl_ocsp_copy_resp *cb, void *userdata);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* !APACHE_HTTP_SSL_H */
+/** @} */
diff --git a/include/http_vhost.h b/include/http_vhost.h
index 473c9c7..d2d9c97 100644
--- a/include/http_vhost.h
+++ b/include/http_vhost.h
@@ -99,6 +99,19 @@ AP_DECLARE(void) ap_update_vhost_given_ip(conn_rec *conn);
  */
 AP_DECLARE(void) ap_update_vhost_from_headers(request_rec *r);
 
+/**
+ * Updates r->server with the best name-based virtual host match, within
+ * the chain of matching virtual hosts selected by ap_update_vhost_given_ip.
+ * @param r The current request
+ * @param require_match 1 to return an HTTP error if the requested hostname is
+ * not explicitly matched to a VirtualHost. 
+ * @return return HTTP_OK unless require_match was specified and the requested
+ * hostname did not match any ServerName, ServerAlias, or VirtualHost 
+ * address-spec.
+ */
+AP_DECLARE(int) ap_update_vhost_from_headers_ex(request_rec *r, int require_match);
+
+
 /**
  * Match the host in the header with the hostname of the server for this
  * request.
diff --git a/include/httpd.h b/include/httpd.h
index 65392f8..799cf97 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -47,6 +47,7 @@
 #include "ap_release.h"
 
 #include "apr.h"
+#include "apr_version.h"
 #include "apr_general.h"
 #include "apr_tables.h"
 #include "apr_pools.h"
@@ -308,7 +309,7 @@ extern "C" {
 #define AP_MAX_REG_MATCH 10
 
 /**
- * APR_HAS_LARGE_FILES introduces the problem of spliting sendfile into
+ * APR_HAS_LARGE_FILES introduces the problem of splitting sendfile into
  * multiple buckets, no greater than MAX(apr_size_t), and more granular
  * than that in case the brigade code/filters attempt to read it directly.
  * ### 16mb is an invention, no idea if it is reasonable.
@@ -595,7 +596,7 @@ AP_DECLARE(const char *) ap_get_server_built(void);
 #define M_CONNECT               4
 #define M_OPTIONS               5
 #define M_TRACE                 6       /** RFC 2616: HTTP */
-#define M_PATCH                 7       /** no rfc(!)  ### remove this one? */
+#define M_PATCH                 7       /** RFC 5789: PATCH Method for HTTP */
 #define M_PROPFIND              8       /** RFC 2518: WebDAV */
 #define M_PROPPATCH             9       /*  :               */
 #define M_MKCOL                 10
@@ -645,6 +646,49 @@ struct ap_method_list_t {
     /** the array used for extension methods */
     apr_array_header_t *method_list;
 };
+/** @} */
+
+/**
+ * @defgroup bnotes Binary notes recognized by the server
+ * @ingroup APACHE_CORE_DAEMON
+ * @{
+ *
+ * @brief Binary notes recognized by the server.
+ */
+
+/**
+ * The type used for request binary notes.
+ */
+typedef apr_uint64_t ap_request_bnotes_t;
+
+/**
+ * These constants represent bitmasks for notes associated with this
+ * request. There are space for 64 bits in the apr_uint64_t.
+ *
+ */
+#define AP_REQUEST_STRONG_ETAG 1 >> 0
+
+/**
+ * This is a convenience macro to ease with getting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_GET_BNOTE(r, mask) \
+    ((mask) & ((r)->bnotes))
+
+/**
+ * This is a convenience macro to ease with setting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_SET_BNOTE(r, mask, val) \
+    (r)->bnotes = (((r)->bnotes & ~(mask)) | (val))
+
+/**
+ * Returns true if the strong etag flag is set for this request.
+ */
+#define AP_REQUEST_IS_STRONG_ETAG(r) \
+        AP_REQUEST_GET_BNOTE((r), AP_REQUEST_STRONG_ETAG)
+/** @} */
+
 
 /**
  * @defgroup module_magic Module Magic mime types
@@ -667,9 +711,9 @@ struct ap_method_list_t {
 #if !APR_CHARSET_EBCDIC
 /** linefeed */
 #define LF 10
-/** carrige return */
+/** carriage return */
 #define CR 13
-/** carrige return /Line Feed Combo */
+/** carriage return /Line Feed Combo */
 #define CRLF "\015\012"
 #else /* APR_CHARSET_EBCDIC */
 /* For platforms using the EBCDIC charset, the transition ASCII->EBCDIC is done
@@ -719,7 +763,7 @@ struct ap_method_list_t {
 /*
  * Things which may vary per file-lookup WITHIN a request ---
  * e.g., state of MIME config.  Basically, the name of an object, info
- * about the object, and any other info we may ahve which may need to
+ * about the object, and any other info we may have which may need to
  * change as we go poking around looking for it (e.g., overridden by
  * .htaccess files).
  *
@@ -826,7 +870,9 @@ struct request_rec {
     int proto_num;
     /** Protocol string, as given to us, or HTTP/0.9 */
     char *protocol;
-    /** Host, as set by full URI or Host: */
+    /** Host, as set by full URI or Host: header.
+     *  For literal IPv6 addresses, this does NOT include the surrounding [ ]
+     */
     const char *hostname;
 
     /** Time when the request started */
@@ -1060,6 +1106,11 @@ struct request_rec {
      *  1 yes/success
      */
     int double_reverse;
+    /** Request flags associated with this request. Use
+     * AP_REQUEST_GET_FLAGS() and AP_REQUEST_SET_FLAGS() to access
+     * the elements of this field.
+     */
+    ap_request_bnotes_t bnotes;
 };
 
 /**
@@ -1188,6 +1239,8 @@ struct conn_rec {
 
     /** The "real" master connection. NULL if I am the master. */
     conn_rec *master;
+
+    int outgoing;
 };
 
 /**
@@ -1282,7 +1335,7 @@ struct server_rec {
     /** MIME type info, etc., before we start checking per-directory info */
     struct ap_conf_vector_t *lookup_defaults;
 
-    /** The name of the server */
+    /** The path to the config file that the server was defined in */
     const char *defn_name;
     /** The line of the config file that the server was defined on */
     unsigned defn_line_number;
@@ -1689,6 +1742,18 @@ AP_DECLARE(int) ap_unescape_url(char *url);
  */
 AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
 
+#define AP_UNESCAPE_URL_KEEP_UNRESERVED (1u << 0)
+#define AP_UNESCAPE_URL_FORBID_SLASHES  (1u << 1)
+#define AP_UNESCAPE_URL_KEEP_SLASHES    (1u << 2)
+
+/**
+ * Unescape a URL, with options
+ * @param url The url to unescape
+ * @param flags Bitmask of AP_UNESCAPE_URL_* flags
+ * @return 0 on success, non-zero otherwise
+ */
+AP_DECLARE(int) ap_unescape_url_ex(char *url, unsigned int flags);
+
 /**
  * Unescape an application/x-www-form-urlencoded string
  * @param query The query to unescape
@@ -1697,11 +1762,36 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
 AP_DECLARE(int) ap_unescape_urlencoded(char *query);
 
 /**
- * Convert all double slashes to single slashes
- * @param name The string to convert
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert, assumed to be a filesystem path
  */
 AP_DECLARE(void) ap_no2slash(char *name);
 
+/**
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert
+ * @param is_fs_path if set to 0, the significance of any double-slashes is 
+ *        ignored.
+ */
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
+
+#define AP_NORMALIZE_ALLOW_RELATIVE     (1u <<  0)
+#define AP_NORMALIZE_NOT_ABOVE_ROOT     (1u <<  1)
+#define AP_NORMALIZE_DECODE_UNRESERVED  (1u <<  2)
+#define AP_NORMALIZE_MERGE_SLASHES      (1u <<  3)
+#define AP_NORMALIZE_DROP_PARAMETERS    (0) /* deprecated */
+
+/**
+ * Remove all ////, /./ and /xx/../ substrings from a path, and more
+ * depending on passed in flags.
+ * @param path The path to normalize
+ * @param flags bitmask of AP_NORMALIZE_* flags
+ * @return non-zero on success
+ */
+AP_DECLARE(int) ap_normalize_path(char *path, unsigned int flags);
+
 /**
  * Remove all ./ and xx/../ substrings from a file name. Also remove
  * any leading ../ or /../ substrings.
@@ -2040,6 +2130,15 @@ AP_DECLARE(char *) ap_escape_quotes(apr_pool_t *p, const char *instring);
 AP_DECLARE(char *) ap_append_pid(apr_pool_t *p, const char *string,
                                  const char *delim);
 
+/**
+ * Parse a length string with decimal characters only, no leading sign nor
+ * trailing character, like Content-Length or (Content-)Range headers.
+ * @param len The parsed length (apr_off_t)
+ * @param str The string to parse
+ * @return 1 (success), 0 (failure)
+ */
+AP_DECLARE(int) ap_parse_strict_length(apr_off_t *len, const char *str);
+
 /**
  * Parse a given timeout parameter string into an apr_interval_time_t value.
  * The unit of the time interval is given as postfix string to the numeric
@@ -2312,6 +2411,71 @@ AP_DECLARE(void *) ap_realloc(void *ptr, size_t size)
                    AP_FN_ATTR_WARN_UNUSED_RESULT
                    AP_FN_ATTR_ALLOC_SIZE(2);
 
+#if APR_HAS_THREADS
+
+#if APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL)
+
+/**
+ * APR 1.8+ implement those already.
+ */
+#if APR_HAS_THREAD_LOCAL
+#define AP_HAS_THREAD_LOCAL 1
+#define AP_THREAD_LOCAL     APR_THREAD_LOCAL
+#else
+#define AP_HAS_THREAD_LOCAL 0
+#endif
+#define ap_thread_create                apr_thread_create
+#define ap_thread_current               apr_thread_current
+#define ap_thread_current_create        apr_thread_current_create
+#define ap_thread_current_after_fork    apr_thread_current_after_fork
+
+#else /* APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL) */
+
+#ifndef AP_NO_THREAD_LOCAL
+/**
+ * AP_THREAD_LOCAL keyword mapping the compiler's.
+ */
+#if defined(__cplusplus) && __cplusplus >= 201103L
+#define AP_THREAD_LOCAL thread_local
+#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112 && \
+      (!defined(__GNUC__) || \
+      __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 9))
+#define AP_THREAD_LOCAL _Thread_local
+#elif defined(__GNUC__) /* works for clang too */
+#define AP_THREAD_LOCAL __thread
+#elif defined(WIN32) && defined(_MSC_VER)
+#define AP_THREAD_LOCAL __declspec(thread)
+#endif
+#endif /* ndef AP_NO_THREAD_LOCAL */
+
+#ifndef AP_THREAD_LOCAL
+#define AP_HAS_THREAD_LOCAL 0
+#define ap_thread_create apr_thread_create
+#else /* AP_THREAD_LOCAL */
+#define AP_HAS_THREAD_LOCAL 1
+AP_DECLARE(apr_status_t) ap_thread_create(apr_thread_t **thread, 
+                                          apr_threadattr_t *attr, 
+                                          apr_thread_start_t func, 
+                                          void *data, apr_pool_t *pool);
+#endif /* AP_THREAD_LOCAL */
+
+AP_DECLARE(apr_status_t) ap_thread_current_create(apr_thread_t **current,
+                                                  apr_threadattr_t *attr,
+                                                  apr_pool_t *pool);
+AP_DECLARE(void) ap_thread_current_after_fork(void);
+AP_DECLARE(apr_thread_t *) ap_thread_current(void);
+
+#endif /* APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL) */
+
+AP_DECLARE(apr_status_t) ap_thread_main_create(apr_thread_t **thread,
+                                               apr_pool_t *pool);
+
+#else  /* APR_HAS_THREADS */
+
+#define AP_HAS_THREAD_LOCAL 0
+
+#endif /* APR_HAS_THREADS */
+
 /**
  * Get server load params
  * @param ld struct to populate: -1 in fields means error
@@ -2335,7 +2499,7 @@ AP_DECLARE(void) ap_bin2hex(const void *src, apr_size_t srclen, char *dest);
 
 /**
  * Short function to execute a command and return the first line of
- * output minus \r \n. Useful for "obscuring" passwords via exec calls
+ * output minus \\r \\n. Useful for "obscuring" passwords via exec calls
  * @param p the pool to allocate from
  * @param cmd the command to execute
  * @param argv the arguments to pass to the cmd
@@ -2397,6 +2561,101 @@ AP_DECLARE(int) ap_cstr_casecmp(const char *s1, const char *s2);
  */
 AP_DECLARE(int) ap_cstr_casecmpn(const char *s1, const char *s2, apr_size_t n);
 
+/**
+ * Default flags for ap_dir_*fnmatch().
+ */
+#define AP_DIR_FLAG_NONE      0
+
+/**
+ * If set, wildcards that match no files or directories will be ignored, otherwise
+ * an error is triggered.
+ */
+#define AP_DIR_FLAG_OPTIONAL  1
+
+/**
+ * If set, and the wildcard resolves to a directory, recursively find all files
+ * below that directory, otherwise return the directory.
+ */
+#define AP_DIR_FLAG_RECURSIVE 2
+
+/**
+ * Structure to provide the state of a directory match.
+ */
+typedef struct ap_dir_match_t ap_dir_match_t;
+
+/**
+ * Concrete structure to provide the state of a directory match.
+ */
+struct ap_dir_match_t {
+    /** Pool to use for allocating the result */
+    apr_pool_t *p;
+    /** Temporary pool used for directory traversal */
+    apr_pool_t *ptemp;
+    /** Prefix for log messages */
+    const char *prefix;
+    /** Callback for each file found that matches the wildcard. Return NULL on success, an error string on error. */
+    const char *(*cb)(ap_dir_match_t *w, const char *fname);
+    /** Context for the callback */
+    void *ctx;
+    /** Flags to indicate whether optional or recursive */
+    int flags;
+    /** Recursion depth safety check */
+    unsigned int depth;
+};
+
+/**
+ * Search for files given a non wildcard filename with non native separators.
+ *
+ * If the provided filename points at a file, the callback within ap_dir_match_t is
+ * triggered for that file, and this function returns the result of the callback.
+ *
+ * If the provided filename points at a directory, and recursive within ap_dir_match_t
+ * is true, the callback will be triggered for every file found recursively beneath
+ * that directory, otherwise the callback is triggered once for the directory itself.
+ * This function returns the result of the callback.
+ *
+ * If the provided path points to neither a file nor a directory, and optional within
+ * ap_dir_match_t is true, this function returns NULL. If optional within ap_dir_match_t
+ * is false, this function will return an error string indicating that the path does not
+ * exist.
+ *
+ * @param w Directory match structure containing callback and context.
+ * @param fname The name of the file or directory, with non native separators.
+ * @return NULL on success, or a string describing the error.
+ */
+AP_DECLARE(const char *)ap_dir_nofnmatch(ap_dir_match_t *w, const char *fname)
+        __attribute__((nonnull(1,2)));
+
+/**
+ * Search for files given a wildcard filename with non native separators.
+ *
+ * If the filename contains a wildcard, all files and directories that match the wildcard
+ * will be returned.
+ *
+ * ap_dir_nofnmatch() is called for each directory and file found, and the callback
+ * within ap_dir_match_t triggered as described above.
+ *
+ * Wildcards may appear in both directory and file components in the path, and
+ * wildcards may appear more than once.
+ *
+ * @param w Directory match structure containing callback and context.
+ * @param path Path prefix for search, with non native separators and no wildcards.
+ * @param fname The name of the file or directory, with non native separators and
+ * optional wildcards.
+ * @return NULL on success, or a string describing the error.
+ */
+AP_DECLARE(const char *)ap_dir_fnmatch(ap_dir_match_t *w, const char *path,
+        const char *fname) __attribute__((nonnull(1,3)));
+
+/**
+ * Determine if the final Transfer-Encoding is "chunked".
+ *
+ * @param p The pool to allocate from
+ * @param line the header field-value to scan
+ * @return 1 if the last Transfer-Encoding is "chunked", else 0
+ */
+AP_DECLARE(int) ap_is_chunked(apr_pool_t *p, const char *line);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mod_auth.h b/include/mod_auth.h
index 9b9561e..639b97f 100644
--- a/include/mod_auth.h
+++ b/include/mod_auth.h
@@ -123,7 +123,7 @@ typedef struct {
 } authz_provider;
 
 /* ap_authn_cache_store: Optional function for authn providers
- * to enable cacheing their lookups with mod_authn_cache
+ * to enable caching their lookups with mod_authn_cache
  * @param r The request rec
  * @param module Module identifier
  * @param user User name to authenticate
diff --git a/include/mpm_common.h b/include/mpm_common.h
index 1284a7a..539d640 100644
--- a/include/mpm_common.h
+++ b/include/mpm_common.h
@@ -452,6 +452,15 @@ AP_DECLARE_HOOK(void, suspend_connection,
 AP_DECLARE_HOOK(void, resume_connection,
                 (conn_rec *c, request_rec *r))
 
+/**
+ * Notification that the child is stopping. If graceful, ongoing
+ * requests will be served.
+ * @param pchild The child pool
+ * @param graceful != 0 iff this is a graceful shutdown.
+ */
+AP_DECLARE_HOOK(void, child_stopping,
+                (apr_pool_t *pchild, int graceful))
+
 /* mutex type string for accept mutex, if any; MPMs should use the
  * same mutex type for ease of configuration
  */
diff --git a/include/scoreboard.h b/include/scoreboard.h
index 9376da2..0142aa9 100644
--- a/include/scoreboard.h
+++ b/include/scoreboard.h
@@ -66,7 +66,7 @@ extern "C" {
 #define SERVER_IDLE_KILL 10     /* Server is cleaning up idle children. */
 #define SERVER_NUM_STATUS 11    /* number of status settings */
 
-/* Type used for generation indicies.  Startup and every restart cause a
+/* Type used for generation indices.  Startup and every restart cause a
  * new generation of children to be spawned.  Children within the same
  * generation share the same configuration information -- pointers to stuff
  * created at config time in the parent are valid across children.  However,
@@ -148,12 +148,14 @@ struct process_score {
     apr_uint32_t lingering_close;   /* async connections in lingering close */
     apr_uint32_t keep_alive;        /* async connections in keep alive */
     apr_uint32_t suspended;         /* connections suspended by some module */
-    int bucket;             /* Listener bucket used by this child */
+    int bucket;  /* Listener bucket used by this child; this field is DEPRECATED
+                  * and no longer updated by the MPMs (i.e. always zero).
+                  */
 };
 
 /* Scoreboard is now in 'local' memory, since it isn't updated once created,
  * even in forked architectures.  Child created-processes (non-fork) will
- * set up these indicies into the (possibly relocated) shmem records.
+ * set up these indices into the (possibly relocated) shmem records.
  */
 typedef struct {
     global_score *global;
@@ -174,6 +176,7 @@ apr_status_t ap_cleanup_scoreboard(void *d);
  */
 AP_DECLARE(int) ap_exists_scoreboard_image(void);
 AP_DECLARE(void) ap_increment_counts(ap_sb_handle_t *sbh, request_rec *r);
+AP_DECLARE(void) ap_set_conn_count(ap_sb_handle_t *sb, request_rec *r, unsigned short conn_count);
 
 AP_DECLARE(apr_status_t) ap_reopen_scoreboard(apr_pool_t *p, apr_shm_t **shm, int detached);
 AP_DECLARE(void) ap_init_scoreboard(void *shared_score);
diff --git a/include/util_fcgi.h b/include/util_fcgi.h
index 849fdee..66af75a 100644
--- a/include/util_fcgi.h
+++ b/include/util_fcgi.h
@@ -16,7 +16,7 @@
 
 /**
  * @file  util_fcgi.h
- * @brief FastCGI protocol defitions and support routines
+ * @brief FastCGI protocol definitions and support routines
  *
  * @defgroup APACHE_CORE_FASTCGI FastCGI Tools
  * @ingroup  APACHE_CORE
diff --git a/include/util_ldap.h b/include/util_ldap.h
index f7cd736..edb8a81 100644
--- a/include/util_ldap.h
+++ b/include/util_ldap.h
@@ -32,7 +32,6 @@
 #if APR_MAJOR_VERSION < 2
 /* The LDAP API is currently only present in APR 1.x */
 #include "apr_ldap.h"
-#include "apr_ldap_rebind.h"
 #else
 #define APR_HAS_LDAP 0
 #endif
@@ -135,7 +134,7 @@ typedef struct util_ldap_connection_t {
     apr_pool_t *rebind_pool;            /* frequently cleared pool for rebind data */
     int must_rebind;                    /* The connection was last bound with other then binddn/bindpw */
     request_rec *r;                     /* request_rec used to find this util_ldap_connection_t */
-    apr_time_t last_backend_conn;       /* the approximate time of the last backend LDAP requst */
+    apr_time_t last_backend_conn;       /* the approximate time of the last backend LDAP request */
 } util_ldap_connection_t;
 
 typedef struct util_ldap_config_t {
diff --git a/include/util_script.h b/include/util_script.h
index 3566bd3..0557c7f 100644
--- a/include/util_script.h
+++ b/include/util_script.h
@@ -225,6 +225,8 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer,
  */
 AP_DECLARE(void) ap_args_to_table(request_rec *r, apr_table_t **table);
 
+#define AP_TRUST_CGILIKE_CL_ENVVAR "ap_trust_cgilike_cl"
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/util_time.h b/include/util_time.h
index 2cd2833..9208218 100644
--- a/include/util_time.h
+++ b/include/util_time.h
@@ -47,6 +47,8 @@ extern "C" {
 #define AP_CTIME_OPTION_USEC    0x1
 /* Use more compact ISO 8601 format */
 #define AP_CTIME_OPTION_COMPACT 0x2
+/* Add timezone offset from GMT ([+-]hhmm) */
+#define AP_CTIME_OPTION_GMTOFF  0x4
 
 
 /**
@@ -95,7 +97,7 @@ AP_DECLARE(apr_status_t) ap_recent_ctime(char *date_str, apr_time_t t);
  * @param option Additional formatting options (AP_CTIME_OPTION_*).
  * @param len Pointer to an int containing the length of the provided buffer.
  *        On successful return it contains the number of bytes written to the
- *        buffer.
+ *        buffer (including trailing NUL byte).
  * @return APR_SUCCESS iff successful, APR_ENOMEM if buffer was to short.
  */
 AP_DECLARE(apr_status_t) ap_recent_ctime_ex(char *date_str, apr_time_t t,
-- 
cgit v1.2.3