From: Stefan Eissing <icing@apache.org>
Date: Fri, 3 Jun 2022 14:41:29 +0000 (+0000)
Subject: Post 2.4.54-rc1 tag updates
X-Git-Tag: 2.4.54-rc1-candidate^0
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=bb84377ce92b12ab70673c73e237ca6b9679cdc7;p=thirdparty%2Fapache%2Fhttpd.git

Post 2.4.54-rc1 tag updates

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.54-rc1-candidate@1901595 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/convenience.map b/docs/manual/convenience.map
index 19befc854aa..93d3f44f658 100644
--- a/docs/manual/convenience.map
+++ b/docs/manual/convenience.map
@@ -410,6 +410,8 @@ mdprivatekeys	mod/mod_md.html#mdprivatekeys
 mdrenewmode	mod/mod_md.html#mdrenewmode
 mdrenewwindow	mod/mod_md.html#mdrenewwindow
 mdrequirehttps	mod/mod_md.html#mdrequirehttps
+mdretrydelay	mod/mod_md.html#mdretrydelay
+mdretryfailover	mod/mod_md.html#mdretryfailover
 mdserverstatus	mod/mod_md.html#mdserverstatus
 mdstapleothers	mod/mod_md.html#mdstapleothers
 mdstapling	mod/mod_md.html#mdstapling
diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en
index 22343407c39..ae69ba6c67e 100644
--- a/docs/manual/mod/mod_authz_dbd.html.en
+++ b/docs/manual/mod/mod_authz_dbd.html.en
@@ -90,7 +90,7 @@
     user to gain access.</p>
 
     <pre class="prettyprint lang-config">Require dbd-group team
-AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"</pre>
+AuthzDBDQuery "SELECT user_group FROM authz WHERE user = %s"</pre>
 
 
 
diff --git a/docs/manual/mod/mod_authz_dbd.html.fr.utf8 b/docs/manual/mod/mod_authz_dbd.html.fr.utf8
index 80ec27703d5..97f339f8ccb 100644
--- a/docs/manual/mod/mod_authz_dbd.html.fr.utf8
+++ b/docs/manual/mod/mod_authz_dbd.html.fr.utf8
@@ -29,6 +29,8 @@
 <p><span>Langues Disponibles: </span><a href="../en/mod/mod_authz_dbd.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/mod/mod_authz_dbd.html" title="Français">&nbsp;fr&nbsp;</a></p>
 </div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+            anglaise pour les changements récents.</div>
 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation en groupe et reconnaissance d'identité avec base
 SQL</td></tr>
 <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
diff --git a/docs/manual/mod/mod_authz_dbd.xml.fr b/docs/manual/mod/mod_authz_dbd.xml.fr
index b13d765d266..d02a1e30670 100644
--- a/docs/manual/mod/mod_authz_dbd.xml.fr
+++ b/docs/manual/mod/mod_authz_dbd.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1796297 -->
+<!-- English Revision: 1796297:1901567 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
diff --git a/docs/manual/mod/mod_authz_dbd.xml.meta b/docs/manual/mod/mod_authz_dbd.xml.meta
index 691db29ca90..8789f3f9ef2 100644
--- a/docs/manual/mod/mod_authz_dbd.xml.meta
+++ b/docs/manual/mod/mod_authz_dbd.xml.meta
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>
diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en
index d9a6a1f2b57..db55c317378 100644
--- a/docs/manual/mod/mod_md.html.en
+++ b/docs/manual/mod/mod_md.html.en
@@ -351,6 +351,8 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#mdrenewmode">MDRenewMode</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdrenewwindow">MDRenewWindow</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdrequirehttps">MDRequireHttps</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdretrydelay">MDRetryDelay</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdretryfailover">MDRetryFailover</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdserverstatus">MDServerStatus</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdstapleothers">MDStapleOthers</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdstapling">MDStapling</a></li>
@@ -446,27 +448,34 @@
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="MDCertificateAuthority" id="MDCertificateAuthority">MDCertificateAuthority</a> <a name="mdcertificateauthority" id="mdcertificateauthority">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL of the ACME Certificate Authority service.</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL(s) of the ACME Certificate Authority to use.</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateAuthority <var>url</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority letsencrypt</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
 </table>
             <p>
-                The URL where the CA offers its service.
+                The URL(s) where the CA offers its service.
+                Instead of the actual URL, you may use 'letsencrypt' or 'buypass'.
             </p><p>
-                Let's Encrypt offers, right now, four such URLs. Two for
-                the own legacy version of the ACME protocol, commonly named ACMEv1.
-                And two for the RFC 8555 version, named ACMEv2.
+                If you configure more than one URL, each one is tried in a round-robin
+                fashion after a number of failures. You can configure how quickly or
+                delayed that happens via the <code class="directive">MDRetryDelay</code> and
+                <code class="directive">MDRetryFailover</code> directives. The default setting
+                makes a failover after about half a day of trying.
             </p><p>
-                Each version has 2 endpoints, as their is a production endpoint and a
-                "staging" endpoint for testing. The testing endpoint works the same, but will
-                not give you certificates recognized by browsers. However, it also has
-                very relaxed rate limits. This allows testing of the service repeatedly
-                without you blocking yourself.
+                All other settings apply to each of these URLs. It is therefore
+                not possible to have two with different
+                <code class="directive">MDExternalAccountBinding</code>s, for example.
+            </p><p>
+                For testing, CAs commonly offer a second service URL.
+                The 'test' service does not give certificates valid in a browser,
+                but are more relaxed in regard to rate limits.
+                This allows for verfication of your own setup before switching
+                to the production service URL.
             </p>
-            <div class="example"><h3>LE Staging Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre>
+            <div class="example"><h3>LE Test Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre>
 </div>
         
 </div>
@@ -1190,6 +1199,47 @@ MDRenewWindow 10%</pre>
 &lt;/MDomain&gt;</pre>
 </div>
         
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDRetryDelay" id="MDRetryDelay">MDRetryDelay</a> <a name="mdretrydelay" id="mdretrydelay">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryDelay <var>duration</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryDelay 5s</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr>
+</table>
+            <p>
+                The amount of time to wait after an error before trying
+                to renew a certificate again. This duration is doubled after
+                each consecutive error with a maximum of 24 hours.
+            </p>
+            <p>
+                It is kept separate for each certificate renewal. Meaning an error
+                on one MDomain does not delay the renewals of other domains.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDRetryFailover" id="MDRetryFailover">MDRetryFailover</a> <a name="mdretryfailover" id="mdretryfailover">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryFailover <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryFailover 13</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr>
+</table>
+            <p>
+                The number of consecutive errors on renewing a certificate before
+                another CA is selected. This only applies to configurations that
+                have more than one <code class="directive">MDCertificateAuthority</code>
+                specified.
+            </p>
+        
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="MDServerStatus" id="MDServerStatus">MDServerStatus</a> <a name="mdserverstatus" id="mdserverstatus">Directive</a></h2>
diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en
index 7cd4990755d..686330c6ea6 100644
--- a/docs/manual/rewrite/flags.html.en
+++ b/docs/manual/rewrite/flags.html.en
@@ -468,7 +468,8 @@ example.</p>
 <h2><a name="flag_ne" id="flag_ne">NE|noescape</a></h2>
 <p>By default, special characters, such as <code>&amp;</code> and
 <code>?</code>, for example, will be converted to their hexcode
-equivalent. Using the [NE] flag prevents that from happening.
+equivalent for rules that result in external redirects. 
+Using the [NE] flag prevents that from happening.
 </p>
 
 <pre class="prettyprint lang-config">RewriteRule "^/anchor/(.+)" "/bigpage.html#$1" [NE,R]</pre>
diff --git a/include/ap_release.h b/include/ap_release.h
index 91251781d76..0cb21ab21d7 100644
--- a/include/ap_release.h
+++ b/include/ap_release.h
@@ -44,7 +44,7 @@
 #define AP_SERVER_MAJORVERSION_NUMBER 2
 #define AP_SERVER_MINORVERSION_NUMBER 4
 #define AP_SERVER_PATCHLEVEL_NUMBER   54
-#define AP_SERVER_DEVBUILD_BOOLEAN    1
+#define AP_SERVER_DEVBUILD_BOOLEAN    0
 
 /* Synchronize the above with docs/manual/style/version.ent */