From: William A. Rowe Jr Date: Tue, 4 Jun 2013 22:01:26 +0000 (+0000) Subject: If we are holding a going-away party for 2.0, vote and promote a few patches X-Git-Tag: 2.0.65~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fc9bb4340141422e219a453faa1565f3813d084;p=thirdparty%2Fapache%2Fhttpd.git If we are holding a going-away party for 2.0, vote and promote a few patches git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1489652 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index a04e4372671..531568a6005 100644 --- a/STATUS +++ b/STATUS @@ -155,7 +155,7 @@ RELEASE SHOWSTOPPERS: From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443 Individual patches apply with offsets; here's a clean all-in-one: http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch - +1: jim + +1: jim, wrowe (as incorporated by rjung below) trawick: 2.2/2.4 now have a different solution (AllowAnyURI). rjung: I added the AllowAnyURI patch below. Version 2 of the patch integrates your 2.0-CVE-2011-4317-r1235443.patch. @@ -179,7 +179,7 @@ RELEASE SHOWSTOPPERS: 2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev and http://svn.apache.org/viewvc?rev=1447508&view=rev 2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI-v2.patch - +1: rjung + +1: rjung, wrowe -1: covener needs to have the baseurl merge ripped out for 2.0.x, behavior change already noted in PR53963 rjung: I backported the MergeBase option plus no merging as default form 2.2. @@ -188,6 +188,22 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + * mod_ssl: Backport SSLHonorCipher + Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=103832 + http://svn.apache.org/viewvc?view=revision&revision=103837 + http://svn.apache.org/viewvc?view=revision&revision=966160 + Backport: http://people.apache.org/~rjung/patches/sslhonorcipher-2.0.patch + +1: rjung, humbedooh, wrowe + + * htdigest: Fix buffer overflow when reading digest + password file with very long lines. PR 54893. + trunk patch: https://svn.apache.org/r1475878 + 2.4.x patch: https://svn.apache.org/11476089 + 2.2.x patch: https://svn.apache.org/r1476242 + 2.0.x patch: http://people.apache.org/~rjung/patches/htdigest-buffer_overflow_2_0.patch + +1: rjung, minfrin, wrowe + -1: + PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ please place SVN revisions from trunk here, so it is easy to @@ -217,23 +233,8 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: http://svn.apache.org/viewvc?view=revision&revision=1166612 http://svn.apache.org/viewvc?view=revision&revision=1166772 2.0.x patch: http://people.apache.org/~rjung/patches/max-ranges-2.0.patch - +1: rjung + +1: rjung, wrowe - * mod_ssl: Backport SSLHonorCipher - Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=103832 - http://svn.apache.org/viewvc?view=revision&revision=103837 - http://svn.apache.org/viewvc?view=revision&revision=966160 - Backport: http://people.apache.org/~rjung/patches/sslhonorcipher-2.0.patch - +1: rjung, humbedooh - - * htdigest: Fix buffer overflow when reading digest - password file with very long lines. PR 54893. - trunk patch: https://svn.apache.org/r1475878 - 2.4.x patch: https://svn.apache.org/11476089 - 2.2.x patch: https://svn.apache.org/r1476242 - 2.0.x patch: http://people.apache.org/~rjung/patches/htdigest-buffer_overflow_2_0.patch - +1: rjung, minfrin - -1: PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: