2.2.x patch: trunks works (plus CHANGES)
+1 rjung, ylavic, wrowe
-
-PATCHES PROPOSED TO BACKPORT FROM TRUNK:
- [ New proposals should be added at the end of the list ]
-
- * mod_log_config: Add new format flag for requestion duration in milliseconds
- trunk patch: http://svn.apache.org/r1675533
- 2.2.x patch: https://people.apache.org/~ylavic/httpd-2.2.x-req_duration_milliseconds-v1.patch
- (modulo CHANGES)
- +1: ylavic, breser
- ylavic: first accepted merge reverted in r1679205, due to missing get_request_end_time() in 2.2.x.
- v1 now s/get_request_end_time(r)/apr_time_now()/
- druggeri vote discarded.
-
- * mpm_winnt service.c: Accept utf-8 service names/descriptions for i18n.
- trunk patches: http://svn.apache.org/r1611165
- http://svn.apache.org/r1611169
- 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-utf8-servicename.patch
- +1: wrowe, gsmith
-
* mod_ssl: Add support for configuring persistent TLS session ticket
encryption/decryption keys (useful for clustered environments).
[Paul Querna, Kaspar Brand]
(either gracefully or not). Would be useful for 2.4/trunk as well
- mention RFC 5077 in CHANGES
- * mod_proxy: use the original (non absolute) form of the request-line's URI
- for requests embedded in CONNECT payloads used to connect SSL backends via
- a ProxyRemote forward-proxy. PR 55892.
- trunk patch: http://svn.apache.org/r1665215
- http://svn.apache.org/r1665218 (CHANGES entry)
- 2.2.x patch: trunk works (modulo CHANGES)
- +1: ylavic, wrowe
-
* mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
and 2048 bits certificates (modulus), using EDH and ECDH ciphers.
v2 to include r1679470
+ * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100.
+ trunk patch: http://svn.apache.org/r1653997
+ 2.4.x patch: merged in http://svn.apache.org/r1663258
+ 2.2.x patch: trunk works (modulo CHANGES)
+ +1: ylavic, wrowe, rjung
+ wrowe: good to fix inheritence. Unsure why ALL is the default on all
+ branches, I was sure it wasn't, but if we subvert ALL later, we
+ have done something odd. No impact on the validity of this patch.
+
+ * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher
+ priority and add explanations relative to RFC 7525 guidance.
+ http://svn.apache.org/r1679428
+ http://svn.apache.org/r1679432 [CHANGES]
+ 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch
+ +1: wrowe, ylavic, rjung
+
+
+PATCHES PROPOSED TO BACKPORT FROM TRUNK:
+ [ New proposals should be added at the end of the list ]
+
+ * mod_log_config: Add new format flag for requestion duration in milliseconds
+ trunk patch: http://svn.apache.org/r1675533
+ 2.2.x patch: https://people.apache.org/~ylavic/httpd-2.2.x-req_duration_milliseconds-v1.patch
+ (modulo CHANGES)
+ +1: ylavic, breser
+ ylavic: first accepted merge reverted in r1679205, due to missing get_request_end_time() in 2.2.x.
+ v1 now s/get_request_end_time(r)/apr_time_now()/
+ druggeri vote discarded.
+
+ * mpm_winnt service.c: Accept utf-8 service names/descriptions for i18n.
+ trunk patches: http://svn.apache.org/r1611165
+ http://svn.apache.org/r1611169
+ 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-utf8-servicename.patch
+ +1: wrowe, gsmith
+
+ * mod_proxy: use the original (non absolute) form of the request-line's URI
+ for requests embedded in CONNECT payloads used to connect SSL backends via
+ a ProxyRemote forward-proxy. PR 55892.
+ trunk patch: http://svn.apache.org/r1665215
+ http://svn.apache.org/r1665218 (CHANGES entry)
+ 2.2.x patch: trunk works (modulo CHANGES)
+ +1: ylavic, wrowe
+
* core: Avoid potential use of uninitialized (NULL) request data in
request line error path.
trunk patch: http://svn.apache.org/r1664205
vulnerable per se (no ErrorDocument handling from early
request line parser), better be safe than sorry.
- * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100.
- trunk patch: http://svn.apache.org/r1653997
- 2.4.x patch: merged in http://svn.apache.org/r1663258
- 2.2.x patch: trunk works (modulo CHANGES)
- +1: ylavic, wrowe, rjung
- wrowe: good to fix inheritence. Unsure why ALL is the default on all
- branches, I was sure it wasn't, but if we subvert ALL later, we
- have done something odd. No impact on the validity of this patch.
-
* mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
selected DB engine. PR 46421.
trunk patch: http://svn.apache.org/r1663647
2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-ap_proxy_connection_reusable.patch
+1: ylavic, wrowe
- * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher
- priority and add explanations relative to RFC 7525 guidance.
- http://svn.apache.org/r1679428
- http://svn.apache.org/r1679432 [CHANGES]
- 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch
- +1: wrowe, ylavic, rjung
-
PATCHES/ISSUES THAT ARE STALLED
projects / thirdparty / apache / httpd.git / commitdiff
