mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with

     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.

     [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]

  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with

     the source href (sent as part of the request body as XML) pointing to a

     URI that is not configured for DAV will trigger a segfault. [Ben Reser

     <ben reser.org>]

Changes with Apache 2.2.24

  *) SECURITY: CVE-2012-3499 (cve.mitre.org)

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  * mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with

    the source href (sent as part of the request body as XML) pointing to a

    URI that is not configured for DAV will trigger a segfault.

    trunk patch: http://svn.apache.org/r1485668

    2.2.x patch: trunk works, modulo CHANGES

    +1: minfrin, trawick, wrowe

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

    conf = ap_get_module_config(r->per_dir_config, &dav_module);

    /* assert: conf->provider != NULL */

    if (conf->provider == NULL) {

        return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,

                             apr_psprintf(r->pool,

				          "DAV not enabled for %s",

					  ap_escape_html(r->pool, r->uri)));

    }

    /* resolve the resource */

    err = (*conf->provider->repos->get_resource)(r, conf->dir,

                                  "Destination URI had an error.");

    }

    if (dav_get_provider(lookup.rnew) == NULL) {

        return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,

                                  "DAV not enabled for Destination URI.");

    }

    /* Resolve destination resource */

    err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,

                           0 /* use_checked_in */, &resnew);