They are still here, they didn't make it into 2.0.43 however


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97073 13f79535-47bb-0310-9956-ffa450edef68

  On to the 2.0.43 candidate


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97071 13f79535-47bb-0310-9956-ffa450edef68

     ap_server_signature() against this cross-site scripting
     vulnerability exposed by the directive 'UseCanonicalName Off'.
     Also HTML-escape the SERVER_NAME environment variable for CGI
     and SSI requests.  It's safe to escape as only the '<', '>',
     and '&' characters are affected, which won't appear in a valid
     hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
     [Brian Pane]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97064 13f79535-47bb-0310-9956-ffa450edef68

Fix a core dump in mod_cache when it attemtped to store uncopyable
buckets. This happened, for instance, when a file to be cached
contained SSI tags to execute a CGI script (passed as a pipe
bucket). [Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97058 13f79535-47bb-0310-9956-ffa450edef68

when the content-length filter realizes that no new output will
be available for a while.  This helps some streaming CGIs as
well as some other dynamically-generated content.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97054 13f79535-47bb-0310-9956-ffa450edef68

could lead to an infinite loop.

PR:                     12705
Diagnosis submitted by: amund.elstad@ergo.no (Amund Elstad)
Coded by:               Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97048 13f79535-47bb-0310-9956-ffa450edef68

Mod_Dav was always setting the r->handler field to "dav_handler", but
this means that mod_cgi won't run the script.  According to my reading
of the DAV RFC, mod_dav shouldn't do anything at all with a POST request,
because it is impossible to know if the POST was meant for DAV or for some
other resource.  We used to excuse POST from DAV processing, so I have
re-enabled that behavior.

PR:	13025


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97016 13f79535-47bb-0310-9956-ffa450edef68

This matches what Apache 1.3 does.  Also add documentation for
this feature.

PR:	9299
Submitted by:	Jay Ball <jay@veggiespam.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97001 13f79535-47bb-0310-9956-ffa450edef68

This adds the ability to log the bytes sent and
received for each request

Submitted by:	Bojan Smojver <bojan@rexursive.com>
Reviewed by:	Justin & Ian


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97000 13f79535-47bb-0310-9956-ffa450edef68

directory.

PR:     8789, 13104
Submitted by:   SangBeom han <sbhan@os.korea.ac.kr>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96994 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:	Thomas Bennett <thomas.bennett@eds.com>
Reviewed by:	Graham Leggett


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96988 13f79535-47bb-0310-9956-ffa450edef68

passed on a 4xx error by proxy. Previously all headers
were dropped, resulting in the browser being unable to
authenticate.
PR:
Obtained from:
Submitted by:	Dr Richard Reiner <rreiner@fscinternet.com>, Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman <gwiseman@fscinternet.com>, David Henderson <dhenderson@fscinternet.com>
Reviewed by:	Graham Leggett


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96982 13f79535-47bb-0310-9956-ffa450edef68

properly inherit CacheMaxStreamingBuffer
PR:
Obtained from:  Matthieu Estrade <estrade-m@ifrance.com>
Reviewed by:	Brian Pane


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96972 13f79535-47bb-0310-9956-ffa450edef68

the DSO link problems for DAV and the new aaa modules by moving the
provider code into the core of the server and generalizing them to be
used by any code.

Remove the auth{nz}_*_provider functions as they are no longer needed.

Change the dav_*_provider functions to wrap the ap_*_provider functions
as they have a bit more of a historical precedent that we should keep
around.

Reviewed by:	John K. Sterling <john@sterls.com> (in concept)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96919 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96909 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96907 13f79535-47bb-0310-9956-ffa450edef68

compile and link helper programs that use apr/apr-util.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96900 13f79535-47bb-0310-9956-ffa450edef68

is now case insensitive. Before, 'http/1.1' would silently be forced
to HTTP/1.0


PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96857 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96855 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96848 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96819 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96818 13f79535-47bb-0310-9956-ffa450edef68

(I intend to add this back in if/when mod_authn_file can support the
{algo} password semantics, but we can't do a release with this code in
place.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96817 13f79535-47bb-0310-9956-ffa450edef68

because this was causing 200s to be sent on responses that were really
304s
Submitted by: Kris Verbeeck <Kris.Verbeeck@ubizen.com>
Reviewed by:   Brian Pane


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96803 13f79535-47bb-0310-9956-ffa450edef68

Include statement (eg.. include /foo/bar/*.conf).
and remove the noise on stderr during config dir processing.

Submitted by:	Joe Orton <jorton@redhat.com>
Reviewed by:	Ian Holsman, Brian Pane


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96776 13f79535-47bb-0310-9956-ffa450edef68

mod_cache: cache_storage.c. Add the hostname and any request
args to the key generated for caching. This provides a unique
key for each virtual host and for each request with unique
args. [Paul J. Reder, args code provided by Kris Verbeeck]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96773 13f79535-47bb-0310-9956-ffa450edef68

URLs if the origin server does not explicitly provide an
Expires header on the response (RFC 2616 Section 13.9)

Submitted by:	Kris Verbeeck <krisv@be.ubizen.com>
Reviewed by:	Bill Stoddard


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96772 13f79535-47bb-0310-9956-ffa450edef68

This would result in at least two EOS buckets being leaked per connection.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96752 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_digest's passwords can not be obfuscated by the APR magic
sequence (as we don't call apr_password_validate on them), therefore we
need a tool to produce true MD5 hex hashes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96737 13f79535-47bb-0310-9956-ffa450edef68

All modules are reorganized under the following scheme:
- mod_auth_*:   Front-end (basic, digest)
- mod_authn_*:  Authentication (anon, dbm, default, file)
- mod_authz_*:  Authorization (dbm, default, groupfile, host, user)

This passes the httpd-test suite when it accounts for the renaming of
aaa modules.

Originally written by: Dirk-Willem van Gulik
Completed by: Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96728 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Sander Temme <sctemme@covalent.net>
Reviewed by:	Dirk, Justin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96726 13f79535-47bb-0310-9956-ffa450edef68

Note that this is not supposed to be a comprehensive list.  Lots of people
helped out.  I just want to give a little credit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96684 13f79535-47bb-0310-9956-ffa450edef68

responsible for the design and implementation, so he deserves some
credit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96664 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Joe Schaefer <joe+apache@sunstarsys.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96662 13f79535-47bb-0310-9956-ffa450edef68

This directive allows mod_mime to lookup extension information for content
served via Location blocks so that content-type, filters, etc can be
applied to non-file content.

(I wouldn't be shocked if we end up changing the directive name.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96644 13f79535-47bb-0310-9956-ffa450edef68

Notes:
  * I've created a new config directive CacheMaxStreamingBuffer,
    to set the maximum amount of data that mod_cache will buffer
    per request if it hasn't yet seen an EOS.  The default is
    zero, which preserves the original behavior: cache only if
    the response has a known content-length or all the content
    is available in the first brigade passed to the CACHE_IN filter.
  * A big block of code in cache_in_filter() got wrapped in an
    if-statement in this change.  To make the diff more readable,
    I'm committing without indentation changes; a second commit
    will include (only) the indentation update.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96631 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96623 13f79535-47bb-0310-9956-ffa450edef68

PR: 10993
Submitted by:	 Peter Bieringer <pb@bieringer.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96621 13f79535-47bb-0310-9956-ffa450edef68

- Fix segfault on strlen computation on the empty string in vlv case
- If the etag is "", don't set the ETag header to be "" - leave the
  header NULL instead.

Andrew's patch would change ap_meets_condition to accept "", but Justin
thinks it would be better just to sidestep it all together and not set
ETag when it would be "".

PR: 12207
Submitted by:	Andrew Ho <andrew@tellme.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96609 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96608 13f79535-47bb-0310-9956-ffa450edef68