Propose pcre2 support for backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896976 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 636c221dc32ffb5e4a8d90eb90300973ed16dc76..4270efead625e07eb80dc2b3f638bff5f393732c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -150,6 +150,35 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
+  *) Support PCRE2 (10.x) in place of PCRE (8.x).
+     Submitted by: wrowe, Petr Pisar [ppisar redhat.com], rjung
+     trunk patches:
+         http://svn.apache.org/r1773454
+         http://svn.apache.org/r1773741
+         http://svn.apache.org/r1773742
+         http://svn.apache.org/r1773839
+         http://svn.apache.org/r1773870
+         http://svn.apache.org/r1773882
+         http://svn.apache.org/r1814662
+         http://svn.apache.org/r1881478
+     summarized/conflicts resolved:
+         https://gist.github.com/wrowe/73f655d13bbe0f12030aa4557e804d8a
+     +1: wrowe
+     wrowe notes that the current code drops optimizations, owing to the fact
+     that the ovector is a required allocation and is no longer allocated on
+     the stack, by design.  The correct fix is an apr userdata allocation on
+     the appropriate pool, which would be thread-safe, but the actual API of
+     ap_regexec[_len]() offers us no pool and isn't suitable for httpd-2.4.x.
+     At this time, PCRE 8.45 is EOL and will not receive security updates,
+     and taking ovector and other arrays off the stack was in direct reaction
+     to the patterns of abuse of previous pcre exploits. So this patch doesn't
+     wait for httpd-2.4 to be retired, it will need to be adopted without the
+     existing optimiation.
+     jorton: Adding ap_pregexec/_len which pass a pool would also work
+             for internal users of this api; not sure if performance
+             impact is significant from using malloc here.
+
+
 PATCHES/ISSUES THAT ARE BEING WORKED
   [ New entries should be added at the START of the list ]
 
@@ -256,28 +285,6 @@ PATCHES/ISSUES THAT ARE BEING WORKED
              make it nonblocking (by default)?
         jim: Non-blocking seems the best way to handle...
 
-   * Support PCRE2 (10.x) in place of PCRE (8.x).
-     Submitted by: wrowe, Petr Pisar [ppisar redhat.com]
-     trunk patches:
-         http://svn.apache.org/r1773454
-         http://svn.apache.org/r1773741
-         http://svn.apache.org/r1773742
-         http://svn.apache.org/r1773839
-         http://svn.apache.org/r1773870
-         http://svn.apache.org/r1773882
-     wrowe notes that the current code is too inefficient, owing to the fact
-     that the ovector is a required allocation and is no longer allocated on
-     the stack, by design. The correct fix is an apr userdata allocation on
-     the appropriate pool, which would be thread-safe, but the actual API of
-     ap_regexec[_len]() offers us no pool. We cannot associate that pool with
-     the ap_regex_t, because a single regex may be used by many threads in
-     parallel and is not thread-safe beyond initialization.
-     So the only fix allowing us to use PCRE 10 in httpd 2.4 would be to write
-     this as a thread safe storage buffer for the majority of cases (<10 $args)
-     and we don't have a portable tls mechanism to do so.
-     jorton: Adding ap_pregexec/_len which pass a pool would also work
-             for internal users of this api; not sure if performance
-             impact is significant from using malloc here.
 
 PATCHES/ISSUES THAT ARE STALLED