Changes with Apache 2.0.53

  *) SECURITY: CAN-2004-0942 (cve.mitre.org)
     Fix for memory consumption DoS in handling of MIME folded request
     headers.  [Joe Orton]

  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
     bypassed during an SSL renegotiation.  PR 31505.  
     [Hartmut Keil , Joe Orton]

  *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
     [Max Bowsher ]

  *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
     [Rici Lake ]

  *) mod_proxy: Respect errors reported by pre_connection hooks.
     [Jeff Trawick]

  *) --with-module can now take more than one module to be statically
     linked: --with-module=:,:,...
     If the -subdirectory doesn't exist it will be created and
     populated with a standard Makefile.in.  [Erik Abele]

  *) Fix the RPM spec file so that an RPM build now works. An RPM
     build now requires system installations of APR and APR-util.
     Remove some arbitrary moving around of binaries - the RPM now
     maps to the ASF build of httpd.
     [Graham Leggett]

  *) mod_dumpio, an I/O logging/dumping module, added to the
     modules/expermimental subdirectory.  [Jim Jagielski]

  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
     library handles special characters.  PR 24437.  [Jess Holle]

  *) Win32 MPM: Correct typo in debugging output.  [William Rowe]

  *) conf: Remove AddDefaultCharset from the default configuration because
     setting a site-wide default does more harm than good. PR 23421.
     [Roy Fielding]

  *) Add charset to example CGI scripts.  [Roy Fielding]

  *) mod_ssl: fail quickly if SSL connection is aborted rather than
     making many doomed ap_pass_brigade calls.  PR 32699.  [Joe Orton]

  *) Remove compiled-in upper limit on LimitRequestFieldSize.
     [Bill Stoddard]

  *) Start keeping track of time-taken-to-process-request again for
     mod_status if ExtendedStatus is enabled. [Jim Jagielski]

  *) mod_proxy: Handle client-aborted connections correctly.  PR 32443.
     [Janne Hietamäki, Joe Orton]

  *) Fix handling of files >2Gb on all platforms (or builds) where
     apr_off_t is larger than apr_size_t.  PR 28898.  [Joe Orton]

  *) mod_include: Fix bug which could truncate variable expansions
     of N*64 characters by one byte.  PR 32985.  [Joe Orton]

  *) Correct handling of certain bucket types in ap_save_brigade, fixing
     possible segfaults in mod_cgi with #include virtual.  PR 31247.
     [Joe Orton]

  *) Allow for the use of --with-module=foo:bar where the ./modules/foo
     directory is local only. Assumes, of course, that the required
     files are in ./modules/foo, but makes it easier to statically
     build/log "external" modules.  [Jim Jagielski]

  *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that 
     ldap authorization only modules have access to the util_ldap 
     user cache without having to require ldap authentication as well.  
     PR 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]

  *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
     allows the module to only authorize a user if the attribute value
     specified matches the value of the user object. PR 31913
     [Ryan Morgan ]

  *) mod_ssl: Fail at startup rather than segfault at runtime if a
     client cert is configured with an encrypted private key.
     PR 24030.  [Joe Orton]

  *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
     [Joe Orton]

  *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
     [Jeff Trawick]
 
  *) mod_cache: CacheDisable will only disable the URLs it was meant to
     disable, not all caching. PR 31128.
     [Edward Rudd , Paul Querna]

  *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
     cache responses.  [Justin Erenkrantz]

  *) mod_rewrite: Handle per-location rules when r->filename is unset.
     Previously this would segfault or simply not match as expected,
     depending on the platform.  [Jeff Trawick]

  *) mod_rewrite: Fix 0 bytes write into random memory position.
     PR 31036. [André Malo]

  *) mod_disk_cache: Do not store aborted content.  PR 21492.
     [Rüiger Plü ]

  *) mod_disk_cache: Correctly store cached content type.  PR 30278.
     [Rüiger Plü ]

  *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
     statistics display. PR 29216. [Graham Leggett]

  *) mod_ldap: fix a bogus error message to tell the user which file
     is causing a potential problem with the LDAP shared memory cache.
     PR 31431 [Graham Leggett]

  *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]

  *) Fix the re-linking issue when purging elements from the LDAP cache
     PR 24801.  [Jess Holle ]
      
  *) mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]

  *) Fix Expires handling in mod_cache.  [Justin Erenkrantz]

  *) Alter mod_expires to run at a different filter priority to allow
     proper Expires storage by mod_cache.  [Justin Erenkrantz]