From: Rainer Jung Date: Tue, 16 Mar 2010 15:16:41 +0000 (+0000) Subject: Add proposal to backport SSLInsecureRenegotiation X-Git-Tag: 2.0.64~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f066f7b42b7520afc160c356161b46af3b54ab0;p=thirdparty%2Fapache%2Fhttpd.git Add proposal to backport SSLInsecureRenegotiation to 2.0.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@923801 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index d83e0dbec8c..59403266235 100644 --- a/STATUS +++ b/STATUS @@ -185,6 +185,23 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: with some offset. +1: rjung + * mod_ssl: Implement SSLInsecureRenegotiation + Trunk version of patch: + http://svn.apache.org/viewcvs.cgi?rev=906039&view=rev + http://svn.apache.org/viewcvs.cgi?rev=906057&view=rev + http://svn.apache.org/viewcvs.cgi?rev=906485&view=rev + http://svn.apache.org/viewcvs.cgi?rev=906491&view=rev + http://svn.apache.org/viewcvs.cgi?rev=908015&view=rev + http://svn.apache.org/viewcvs.cgi?rev=916733&view=rev + http://svn.apache.org/viewcvs.cgi?rev=916817&view=rev + Patch in 2.2.x branch: + http://svn.apache.org/viewvc?rev=917044&view=rev + Backport: + http://people.apache.org/~rjung/patches/SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch + Patch applies also on top of the two above partial fixes for CVE-2009-3555 + with some offset and fuzz. + +1: rjung + PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: *) mod_headers: Support {...}s tag for SSL variable lookup.