Merge r1511033, r1528032, r1608686, r1608694, r1608703, r1899784, r1916312, r1916344, r1838271, r1926091 from trunk:

Add support for systemd socket activation to listener sockets.


* configure.in: Simplify/fix systemd detection: move later to fix
  autoconf warnings; define HAVE_SYSTEMD rather than using CPPFLAGS.

* server/listen.c: Use HAVE_SYSTEMD for systemd #define.

* modules/arch/unix/config5.m4: Update systemd headers check.


* server/listen.c: duplicate sockets correctly when using systemd socket
activation, fix addrlen in getsockname() call.



Follow up r1608686, pass process to alloc_systemd_listener.


* server/listen.c: detect systemd socket activation using sd_listen_fds(),
drop the support for "Listen systemd" and use standard Listen syntax instead.

This allows using the same configuration file with or without socket activation
and allows setting protocol when using socket activation.



Remove libsystemd dependency from main httpd binary

Until this change httpd was linking libsystemd to the main httpd binary. If you want to run lightweight version of httpd in container, sometimes you just want to install
httpd binary with as little dependencies as possible to make container small in size and do not pull uncencessary dependencies and libraries.

This change will move all systemd library calls from listen.c to mod_systemd module and remove systemd linking from the main httpd bin.
Fixed mixed declaration and wrongly declared variable.

Submitted by: Luboš Uhliarik <luhliari redhat.com>



mod_systemd: Axe APR_OPTIONAL_FN redeclarations to avoid compiler warning.

ap_find_systemd_socket() and ap_systemd_listen_fds() are already declared in
"ap_listen.h", so just include them.



mod_systemd: if SELinux is available and enabled, log the SELinux
context at startup, since this may vary when httpd is started via
systemd vs being started directly.

* modules/arch/unix/mod_systemd.c (systemd_post_config):
  Do nothing for the pre-config iteration.
  Log the SELinux context if available.

* modules/arch/unix/config5.m4: Detect libselinux.

Have at least one CI job build mod_systemd.



Fix a cppcheck warning.

Remove some dead code. Updating 'last' is pointless here.

Ensure that ALL fields of the ap_listen_rec structure are initialized

alloc_listener initializes more fields in the created ap_listen_rec structure
than alloc_systemd_listener as it has more data to add to this structure.
Ensure that all fields of the ap_listen_rec structure are initialized at
least with 0 as later code using this structure depends on this.



Reviewed by: rpluem, jorton, ylavic

Github: closes #515


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1926113 13f79535-47bb-0310-9956-ffa450edef68

Author: rpluem

CHANGES

@@ -1,6 +1,68 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.64
 
+  *) mod_systemd: Systemd socket activation can now be enabled at
+     build time but disabled at run time, if mod_systemd is not
+     loaded.  [Lubos Uhliarik <luhliari redhat.com>]
+
+  *) mod_systemd: Log the SELinux context at startup if available and
+     enabled.  [Joe Orton]
+
+  *) mod_http2: update to version 2.0.32
+     The code setting the connection window size was set wrong,
+     preventing `H2WindowSize` to work.
+     Fixed <https://github.com/icing/mod_h2/issues/300>.
+     [Stefan Eissing, Michael Kaufmann]
+
+  *) mod_http2: update to version 2.0.30
+     - Fixed bug in handling over long response headers. When the 64 KB limit
+       of nghttp2 was exceeded, the request was not reset and the client was
+       left hanging, waiting for it. Now the stream is reset.
+     - Added new directive `H2MaxHeaderBlockLen` to set the limit on response
+       header sizes.
+     - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a
+       connection was reset.
+
+  *) mod_lua: Fix memory handling in LuaOutputFilter. PR 69590.
+     [Guillermo Grandes <guillermo.grandes gmail.com>]
+
+  * mod_proxy_http2: revert r1912193 for detecting broken backend connections
+    as this interferes with backend selection who a node is unresponsive.
+    PR69624.
+
+  *) mod_proxy_balancer: Fix a regression that caused stickysession keys no
+     longer be recognized if they are provided as query parameter in the URL.
+     PR 69443 [Ruediger Pluem]
+
+  *) mod_md: update to version 2.5.2
+     - Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified
+       with EC keys before RSA ones. Fixes #377. [Stefan Eissing]
+     - Fixed missing newlines in the status page output. [Andreas Groth]
+
+  *) mod_dav: Add API to expose DavBasePath setting.  [Joe Orton]
+
+  *) mod_md: update to version 2.5.1
+     - Added support for ACME profiles with new directives MDProfile and
+       MDProfileMandatory.
+     - When installing a custom CA file via `MDCACertificateFile`, also set the
+       libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel
+       (when curl is linked with it) about missing CRL/OCSP in certificates.
+     - Fixed handling of corrupted httpd.json and added test 300_30 for it.
+       File is removed on error and written again. Fixes #369.
+     - Added explanation in log for how to proceed when md_store.json could not be
+       parsed and prevented the server start.
+     - restored fixed to #336 and #337 which got lost in a sync with Apache svn
+     - Add Issue Name/Uris to certificate information in md-status handler
+     - MDomains with static certificate files have MDRenewMode "manual", unless
+       "always" is configured.
+
+  *) core: Report invalid Options= argument when parsing AllowOverride
+     directives.
+     Github #310 [Zhou Qingyang <zhou1615 umn.edu>]
+
+  *) scoreboard/mod_http2: record durations of HTTP/2 requests.
+     PR 69579 [Pierre Brochard <[email protected]>]
+
 Changes with Apache 2.4.63
 
   *) mod_dav: Update redirect-carefully example BrowserMatch config

STATUS

@@ -183,28 +183,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
         https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/533.diff
      +1 covener, rpluem, jorton
 
-  *) mod_systemd: Add systemd socket activation
-     Trunk version of patch:
-        https://svn.apache.org/r1511033
-        https://svn.apache.org/r1528032
-        https://svn.apache.org/r1608686
-        https://svn.apache.org/r1608694
-        https://svn.apache.org/r1608703
-        https://svn.apache.org/r1838271
-        https://svn.apache.org/r1899784
-        https://svn.apache.org/r1916312
-        https://svn.apache.org/r1916344
-        https://svn.apache.org/r1926091
-     Backport version for 2.4.x of patch:
-       https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/515.diff
-     Can be applied via apply_backport_pr.sh 515
-     +1: rpluem, jorton, ylavic
-     jailletc36: Should the apr_palloc() in alloc_systemd_listener() be
-                 apr_pcalloc() so that all fields are 0?
-                 make_sock() uses the 'flags' field that would be
-                 undefined otherwise.
-     rpluem says: Good catch. Added r1926091 and reset votes.
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]