diff -urN apache_1.3.29/src/os/cygwin/Makefile.tmpl apache_1.3.29-cygwin/src/os/cygwin/Makefile.tmpl
--- apache_1.3.29/src/os/cygwin/Makefile.tmpl	2001-04-02 11:22:10.000000000 +0200
+++ apache_1.3.29-cygwin/src/os/cygwin/Makefile.tmpl	2004-02-04 17:14:27.600481600 +0100
@@ -3,7 +3,7 @@
 INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
 LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
 
-OBJS=	os.o os-inline.o
+OBJS=	os.o os-inline.o util_cygwin.o
 
 LIB=	libos.a
 
@@ -37,6 +37,12 @@
 
 $(OBJS): Makefile
 
+$(INCDIR)/os.h: os.h
+	cp $< $@
+	
+$(INCDIR)/os-inline.c: os-inline.c
+	cp $< $@
+
 # DO NOT REMOVE
 os-inline.o: os-inline.c $(INCDIR)/ap_config.h \
  $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
@@ -44,3 +50,8 @@
 os.o: os.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
  $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
  $(INCDIR)/ap_ctype.h $(INCDIR)/hsregex.h os.h
+util_cygwin.o: util_cygwin.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
+ $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
+ $(INCDIR)/os.h $(INCDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
+ $(INCDIR)/hsregex.h $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
+ $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_log.h
diff -urN apache_1.3.29/src/os/cygwin/os.h apache_1.3.29-cygwin/src/os/cygwin/os.h
--- apache_1.3.29/src/os/cygwin/os.h	2003-02-03 18:13:32.000000000 +0100
+++ apache_1.3.29-cygwin/src/os/cygwin/os.h	2004-02-04 17:14:27.630524800 +0100
@@ -88,6 +88,10 @@
 #define PLATFORM "Cygwin"
 #endif
 
+/* define that we implement our own ap_os_canonical_filename() to 
+ * circumvent backslash security holes in cygwin path processing. */
+#define HAVE_CANONICAL_FILENAME
+
 /* 
  * Define winsock.h and winsock2.h stuff taken from Win32 API in case we  
  * want to do socket communication in Win32 native way rather then using 
diff -urN apache_1.3.29/src/os/cygwin/util_cygwin.c apache_1.3.29-cygwin/src/os/cygwin/util_cygwin.c
--- apache_1.3.29/src/os/cygwin/util_cygwin.c	1970-01-01 01:00:00.000000000 +0100
+++ apache_1.3.29-cygwin/src/os/cygwin/util_cygwin.c	2004-02-04 17:14:27.640539200 +0100
@@ -0,0 +1,81 @@
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#include <os.h>
+#include "httpd.h"
+#include "http_log.h"
+
+
+API_EXPORT(char *) ap_os_canonical_filename(pool *pPool, const char *szFile)
+{
+    char *buf;
+    char buf2[MAX_STRING_LEN];
+    int rc, len; 
+    char *pos;
+    
+    len = strlen(szFile);
+    buf = ap_pstrndup(pPool, szFile, len);
+
+    /* Switch backslashes to forward */
+    for (pos=buf; *pos; pos++)
+        if (*pos == '\\')
+            *pos = '/';
+    
+    return ap_pstrdup(pPool, buf);
+}
+