updated backport proposal.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791652 13f79535-47bb-0310-9956-ffa450edef68

Update... release prep

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791542 13f79535-47bb-0310-9956-ffa450edef68

 * mod_alias: Ensure Redirect emits HTTP-compliant URLs.
   PR 44020
   trunk patch:
     http://svn.apache.org/viewvc?view=rev&rev=785575
   2.2.x patch:
     http://people.apache.org/~rpluem/patches/foreign_patches/niq_44020.diff
   NOTE: I'm recommending different versions because the trunk
   patch is too strict for a stable line and may "break" broken
   configs thought by their users to be working.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791541 13f79535-47bb-0310-9956-ffa450edef68

Merge r785661 from trunk:

mod_proxy_http: fix case sensitivity checking transfer encoding
PR 47383 [Ryuzo Yamamoto]

Submitted by: niq
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791540 13f79535-47bb-0310-9956-ffa450edef68

promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791537 13f79535-47bb-0310-9956-ffa450edef68

votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791536 13f79535-47bb-0310-9956-ffa450edef68

Note that PR 39605 is fixed by the CVE-2009-1891 patches.
(thanks Jeff)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791459 13f79535-47bb-0310-9956-ffa450edef68

SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.  [Joe Orton, Ruediger Pluem]

Submitted by: jorton, rpluem
Reviewed by:  jim, trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791454 13f79535-47bb-0310-9956-ffa450edef68

Fix incorrect "Userdir enabled" usage cases in the docs.
The actual documentation of the directive is accurate, but the examples
were incorrect, as noted in PR 42910.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791345 13f79535-47bb-0310-9956-ffa450edef68

Propose and comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791338 13f79535-47bb-0310-9956-ffa450edef68

Add backport proposal.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791325 13f79535-47bb-0310-9956-ffa450edef68

fixed typo.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791305 13f79535-47bb-0310-9956-ffa450edef68

* Remove comments, vote, adjust proposal such that Nick and I are happy at
  the same time.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791218 13f79535-47bb-0310-9956-ffa450edef68

* Votes and comments

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791178 13f79535-47bb-0310-9956-ffa450edef68

Backport proposals

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791177 13f79535-47bb-0310-9956-ffa450edef68

Replace PR44020 patch  backport proposal with rpluem's corrected version.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791171 13f79535-47bb-0310-9956-ffa450edef68

* Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791079 13f79535-47bb-0310-9956-ffa450edef68

* Add comment and vote.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791078 13f79535-47bb-0310-9956-ffa450edef68

answer Rüdiger

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@791005 13f79535-47bb-0310-9956-ffa450edef68

* Add a comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790950 13f79535-47bb-0310-9956-ffa450edef68

Merge r790587 from trunk:

Security fix for CVE-2009-1890:

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Thanks to: Toadie <toadie643 gmail.com> for reporting and diagnosis of
       this issue.
Submitted by: niq, jorton
Reviewed by: rpluem, jim, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790914 13f79535-47bb-0310-9956-ffa450edef68

Merge r776325 from trunk:

Fix the error string returned by RewriteRule. RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd argument of RewriteRule was not started with "[" or not ended with "]".

PR: 45082
Submitted by: Vitaly Polonetsky <m_vitaly topixoft.com>

Submitted by: takashi
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790878 13f79535-47bb-0310-9956-ffa450edef68

Merge r395552 from trunk:

* modules/proxy/proxy_util.c (ap_proxy_initialize_worker): Fix
gcc strict-aliasing warning.

Submitted by: jorton
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790876 13f79535-47bb-0310-9956-ffa450edef68

promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790875 13f79535-47bb-0310-9956-ffa450edef68

votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790874 13f79535-47bb-0310-9956-ffa450edef68

Propose fixes for the mod_deflate DoS.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790840 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790822 13f79535-47bb-0310-9956-ffa450edef68

update for sync with English doc.

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790821 13f79535-47bb-0310-9956-ffa450edef68

additional (mod_perl test suite) OPT_INCLUDES compatibility

Submitted by: jorton
Reviewed by:  trawick, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790738 13f79535-47bb-0310-9956-ffa450edef68

* Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790711 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790709 13f79535-47bb-0310-9956-ffa450edef68

CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790690 13f79535-47bb-0310-9956-ffa450edef68

note intent to release.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790432 13f79535-47bb-0310-9956-ffa450edef68

Fixed comment. Submitted by Arfrever Frehtes Taifersar Arahesis.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@788997 13f79535-47bb-0310-9956-ffa450edef68

Merge r641855 from trunk:

Update Timeout section, the semantics changed completely
since 1.3 and the caveats on signals not being reset
thankfully no longer apply either.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@787961 13f79535-47bb-0310-9956-ffa450edef68

* Add proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@786826 13f79535-47bb-0310-9956-ffa450edef68

* Add comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@786825 13f79535-47bb-0310-9956-ffa450edef68

Add note about the APR-util security fixes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@785982 13f79535-47bb-0310-9956-ffa450edef68

Propose backport before I forget the details and motivation of it ...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@785576 13f79535-47bb-0310-9956-ffa450edef68

Some typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@784408 13f79535-47bb-0310-9956-ffa450edef68

* Update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783731 13f79535-47bb-0310-9956-ffa450edef68

* Add compatibility note.

Submitted by: Dan Poirier <poirier pobox.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783730 13f79535-47bb-0310-9956-ffa450edef68

AccessConfig and ResourceConfig have been gone for how long?

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783467 13f79535-47bb-0310-9956-ffa450edef68

doc xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782863 13f79535-47bb-0310-9956-ffa450edef68

compat mentioned in env.xml, echo in inline reference
 in CacheEnable/CacheDisable

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782861 13f79535-47bb-0310-9956-ffa450edef68

one more vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782424 13f79535-47bb-0310-9956-ffa450edef68

Pick up the win32 notes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782400 13f79535-47bb-0310-9956-ffa450edef68

Add windows build notes before any 2.2.X release, which should help
users with the integration notes for obtaining 3rd party db drivers.

This file was shipped in the tarball as a dist artifact, but it
better belongs in the httpd tree to warn users about the first pipe
handling issue if they are rolling their own.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782399 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782386 13f79535-47bb-0310-9956-ffa450edef68

use proper xml

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782385 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782384 13f79535-47bb-0310-9956-ffa450edef68

Some typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782374 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782268 13f79535-47bb-0310-9956-ffa450edef68

* This showstopper is now moot: APR / APR-UTIL were released.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782267 13f79535-47bb-0310-9956-ffa450edef68

Two proposals.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782183 13f79535-47bb-0310-9956-ffa450edef68

Note IndexHeadInsert is available in >= 2.2.11.
PR:47297

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@781422 13f79535-47bb-0310-9956-ffa450edef68

Somes typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@780459 13f79535-47bb-0310-9956-ffa450edef68

Restore backwards compatibility of OPT_* handling in the fix for
CVE-2009-1195:

* include/http_core.h: Add back the OPT_INCNOEXEC and hide
  OPT_INC_WITH_EXEC as internal-only.

* server/core.c (ap_allow_options): Invert the returned
  OPT_INC_WITH_EXEC bit such that the exposed semantics of
  OPT_INCNOEXEC are retained.

* modules/filters/mod_include.c (includes_filter): Revert to using
  OPT_INCNOEXEC.

Submitted by: trawick, jorton
Reviewed by: jorton, trawick, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779472 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779404 13f79535-47bb-0310-9956-ffa450edef68

Thanks, Joe!

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779292 13f79535-47bb-0310-9956-ffa450edef68

Formal proposal for fix to CVE-2009-1195 compat issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779180 13f79535-47bb-0310-9956-ffa450edef68

ome typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779150 13f79535-47bb-0310-9956-ffa450edef68

try to entice some others to join the API preservation thread

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@778447 13f79535-47bb-0310-9956-ffa450edef68

two user-visible changes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777213 13f79535-47bb-0310-9956-ffa450edef68

Committed revision 777193.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777194 13f79535-47bb-0310-9956-ffa450edef68

 * log: Provide "||program" syntax to optionally restore behavior broken in
      2.0.50 which leads to bad process handling on Solaris and wasted process
           resources on all platforms.
              Trunk version (new behavior);
                     http://svn.apache.org/viewvc?view=rev&revision=775300
                            http://svn.apache.org/viewvc?view=rev&revision=775320
                               Proposed 2.2.12 patch, retaining default behavior from 2.2.11;
                                      http://people.apache.org/~wrowe/fixlog22.patch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777193 13f79535-47bb-0310-9956-ffa450edef68

Committed revision 777191.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777192 13f79535-47bb-0310-9956-ffa450edef68

Merge r771587, r771610 from trunk:

As mentioned inline in comments, correctly handle more sophisticated
transformations which currently fail for balancer://foo targets, but
work just fine with other ProxyReverse targets.

  The balancer comparison is a bit trickier.  Given the context

    BalancerMember balancer://alias http://example.com/foo
    ProxyPassReverse /bash balancer://alias/bar

  translate url http://example.com/foo/bar/that to /bash/that

E.g. there may be several different url-suffixes (1st order) of any
particular BalancerMember set e.g. /app1, /app1 and /appbeta while
there may be additional suffixes associated with the actual
ProxyPassReverse directive.  Neither were properly reversed, now
both should be properly handled.

One *critical* assumption;

    BalancerMember balancer://alias/foo http://example.com/bar

should be documented as a meaningless construct, since one cannot
have two members, balancer://alias/foo and balancer://alias/bar,
and the balancer member structures discard this path.

Note one more existing error case as an XXX comment due to invalid
uri comparisons.

* Silence compiler warning.

Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777191 13f79535-47bb-0310-9956-ffa450edef68

Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777188 13f79535-47bb-0310-9956-ffa450edef68

Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777187 13f79535-47bb-0310-9956-ffa450edef68

* Add a comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777079 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777067 13f79535-47bb-0310-9956-ffa450edef68

raise a question, remove all snarky commentary

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776436 13f79535-47bb-0310-9956-ffa450edef68

reference PR's

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776433 13f79535-47bb-0310-9956-ffa450edef68

Update docco xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776284 13f79535-47bb-0310-9956-ffa450edef68

   * mod_ssl:  Add server name indication support (RFC 4366) and better
     support for name based virtual hosts with SSL. PR 34607

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776281 13f79535-47bb-0310-9956-ffa450edef68

Merge r769809 from trunk:

* Improve and simplify the implementation of SSLProxyCheckPeerExpire by
  directly using X509_get_notBefore(), X509_get_notAfter() and
  X509_cmp_current_time().
  Thanks to jorton for the pointer.

Submitted by: rpluem
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776279 13f79535-47bb-0310-9956-ffa450edef68

o vote and promote 2 patches
o formally unstall the pcre debate

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776195 13f79535-47bb-0310-9956-ffa450edef68

Vote on a "clarification" fix :)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775757 13f79535-47bb-0310-9956-ffa450edef68

Revised proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775323 13f79535-47bb-0310-9956-ffa450edef68

Propose

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775314 13f79535-47bb-0310-9956-ffa450edef68

Update docco xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774746 13f79535-47bb-0310-9956-ffa450edef68

English xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774745 13f79535-47bb-0310-9956-ffa450edef68

Spanish xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774744 13f79535-47bb-0310-9956-ffa450edef68

German xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774743 13f79535-47bb-0310-9956-ffa450edef68

Update xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774742 13f79535-47bb-0310-9956-ffa450edef68

merge from trunk r774530

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774547 13f79535-47bb-0310-9956-ffa450edef68

merge from trunk r774184

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774501 13f79535-47bb-0310-9956-ffa450edef68

Yeppers

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774443 13f79535-47bb-0310-9956-ffa450edef68

Adds [NE] to the canonical hostname rules, as per
https://issues.apache.org/bugzilla/show_bug.cgi?id=47186 to avoid
double-escaping of URIs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774162 13f79535-47bb-0310-9956-ffa450edef68

move SECURITY to top

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773882 13f79535-47bb-0310-9956-ffa450edef68

backport 772997, 773322, 773342 from trunk.
Reviewed By: jorton, rpluem, covener

Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:

* include/http_core.h: Change semantics of Includes/IncludeNoExec
 options bits to be additive; OPT_INCLUDES now means SSI is enabled
 without exec=.  OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
 with exec=.

* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
 from default override_opts; no functional change.
 (merge_core_dir_configs): Update logic to ensure that exec= is
 disabled in a context where IncludesNoexec is configured, even if
 Includes-with-exec is permitted in the inherited options set.
 (set_allow_opts, set_options): Update to reflect new semantics
 of OPT_INCLUDES, OPT_INC_WITH_EXEC.

* server/config.c: Update to remove OPT_INCNOEXEC from default
 override_opts; no functional change.

* modules/filters/mod_include.c (includes_filter): Update to reflect
 new options semantics - disable exec= support if the
 OPT_INC_WITH_EXEC bit is not set.

Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
         jorton
Thanks to: Vincent Danon <vdanon redhat.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773881 13f79535-47bb-0310-9956-ffa450edef68

vote & promote CVE-2009-1195

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773880 13f79535-47bb-0310-9956-ffa450edef68

Merge r752812 from trunk:

* Escape pathes of filenames in 406 responses to avoid HTML injections and
  HTTP response splitting.

PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773354 13f79535-47bb-0310-9956-ffa450edef68

Merge r757376 from trunk:

Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773352 13f79535-47bb-0310-9956-ffa450edef68

Merge r757427 from trunk:

* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating
  a proxy rule in directory context, do escape the filename by
  default, since mod_proxy will not escape in that case due to the
  (deliberate) fixup hook ordering.

Thanks to: rpluem
PR: 46428

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773351 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773348 13f79535-47bb-0310-9956-ffa450edef68

Propose CVE-2009-1195 backport.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773345 13f79535-47bb-0310-9956-ffa450edef68

fix whitespace, explanation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773058 13f79535-47bb-0310-9956-ffa450edef68

vote and promote 3 patches

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773056 13f79535-47bb-0310-9956-ffa450edef68