httpd:2.4 security update

httpd
[2.4.37-43.0.1]

• Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
• Replace index.html with Oracle’s index page oracle_index.html.
  [2.4.37-43]
• Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path
  [2.4.37-42]
• Resolves: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path
• Resolves: #2014063 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
  mod_session
  [2.4.37-41]
• Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
• Resolves: #1905613 - mod_ssl does not like valid certificate chain
• Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
  usertrack
• Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
• Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
  dereference in parser
• Resolves: #1934741 - Apache trademark update - new logo
  [2.4.37-40]
• Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
• Resolves: #1937334 - SSLProtocol with based virtual hosts
  mod_http2
  [1.15.7-3]
• Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
  mod_http2 concurrent pool usage
  mod_md
  [1:2.0.8-8]
• Resolves: #1832844 - mod_md does not work with ACME server that does not
  provide keyChange or revokeCert resources