From: Gregg Lewis Smith Date: Sat, 14 Mar 2015 01:36:54 +0000 (+0000) Subject: votes/promotes X-Git-Tag: 2.2.30~166 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=012cac93bc758b89db3b47643a86b067c11e6934;p=thirdparty%2Fapache%2Fhttpd.git votes/promotes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1666628 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 9fd6575c0fe..21aa8b01f8a 100644 --- a/STATUS +++ b/STATUS @@ -114,6 +114,31 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: (minor merge conflict) +1 covener, trawick, ylavic + * mod_deflate: Define APR_INT32_MAX when it is missing so to be able to + compile against APR-1.2.x (minimum required version). + trunk/2.4.x patch: not concerned (require APR-1.5.x) + 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_APR_INT32_MAX.patch + +1: ylavic, trawick, gsmith + + * default conf: Disable SSLv3, like SSLv2, in the default configuration. + trunk patch: n/a -- Only 2.2.x has SSLProtocol in httpd-ssl.conf.in + 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=32131 + +1: covener, ylavic, gsmith + + * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung] + It controls the use of TLS session tickets (RFC 5077). + Default is unchanged (on). + Using session tickets without restarting the web server with + an appropriate frequency (e.g. daily) compromises perfect forward + secrecy. As long as we do not have a nice key management + there needs to be a way to deactivate the use of session tickets. + trunk patch: http://svn.apache.org/r1650310 + http://svn.apache.org/r1650320 + 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets-v2.patch + +1: ylavic, rjung, gsmith + rjung: Adjust compatibility note in docs. + ylavic: Done, thanks. + PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] @@ -131,17 +156,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: ylavic: trunk/2.4.x not concerned, 2.2.x only. +1: ylavic, jkaluza - * mod_deflate: Define APR_INT32_MAX when it is missing so to be able to - compile against APR-1.2.x (minimum required version). - trunk/2.4.x patch: not concerned (require APR-1.5.x) - 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_APR_INT32_MAX.patch - +1: ylavic, trawick - - * default conf: Disable SSLv3, like SSLv2, in the default configuration. - trunk patch: n/a -- Only 2.2.x has SSLProtocol in httpd-ssl.conf.in - 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=32131 - +1: covener, ylavic - * mod_proxy_ajp: Fix get_content_length(). clength in request_rec is for response sizes, not request body size. It is initialized to 0, so the "if" branch was never taken. @@ -149,20 +163,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.2.x patch: trunks works (plus CHANGES) +1 rjung, ylavic - * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung] - It controls the use of TLS session tickets (RFC 5077). - Default is unchanged (on). - Using session tickets without restarting the web server with - an appropriate frequency (e.g. daily) compromises perfect forward - secrecy. As long as we do not have a nice key management - there needs to be a way to deactivate the use of session tickets. - trunk patch: http://svn.apache.org/r1650310 - http://svn.apache.org/r1650320 - 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets-v2.patch - +1: ylavic, rjung - rjung: Adjust compatibility note in docs. - ylavic: Done, thanks. - * mod_unique_id: Update docs and comment: the unique id is now 24 characters, not 19 See explanation in: http://httpd.apache.org/docs/2.2/mod/mod_unique_id.html#comment_3564