From: Rainer Jung Date: Thu, 21 May 2015 10:19:17 +0000 (+0000) Subject: Promote. X-Git-Tag: 2.2.30~96 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4747a66aa4c23d261c21592056330e059f2a58d3;p=thirdparty%2Fapache%2Fhttpd.git Promote. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680804 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index e72a96a33fa..d7cce7f9145 100644 --- a/STATUS +++ b/STATUS @@ -115,25 +115,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.2.x patch: trunks works (plus CHANGES) +1 rjung, ylavic, wrowe - -PATCHES PROPOSED TO BACKPORT FROM TRUNK: - [ New proposals should be added at the end of the list ] - - * mod_log_config: Add new format flag for requestion duration in milliseconds - trunk patch: http://svn.apache.org/r1675533 - 2.2.x patch: https://people.apache.org/~ylavic/httpd-2.2.x-req_duration_milliseconds-v1.patch - (modulo CHANGES) - +1: ylavic, breser - ylavic: first accepted merge reverted in r1679205, due to missing get_request_end_time() in 2.2.x. - v1 now s/get_request_end_time(r)/apr_time_now()/ - druggeri vote discarded. - - * mpm_winnt service.c: Accept utf-8 service names/descriptions for i18n. - trunk patches: http://svn.apache.org/r1611165 - http://svn.apache.org/r1611169 - 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-utf8-servicename.patch - +1: wrowe, gsmith - * mod_ssl: Add support for configuring persistent TLS session ticket encryption/decryption keys (useful for clustered environments). [Paul Querna, Kaspar Brand] @@ -152,14 +133,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: (either gracefully or not). Would be useful for 2.4/trunk as well - mention RFC 5077 in CHANGES - * mod_proxy: use the original (non absolute) form of the request-line's URI - for requests embedded in CONNECT payloads used to connect SSL backends via - a ProxyRemote forward-proxy. PR 55892. - trunk patch: http://svn.apache.org/r1665215 - http://svn.apache.org/r1665218 (CHANGES entry) - 2.2.x patch: trunk works (modulo CHANGES) - +1: ylavic, wrowe - * mod_ssl: Improve handling of ephemeral DH and ECDH keys by allowing custom parameters to be configured via SSLCertificateFile, and by adding standardized DH parameters for 1024/2048/3072/4096 bits. @@ -181,6 +154,49 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: and 2048 bits certificates (modulus), using EDH and ECDH ciphers. v2 to include r1679470 + * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100. + trunk patch: http://svn.apache.org/r1653997 + 2.4.x patch: merged in http://svn.apache.org/r1663258 + 2.2.x patch: trunk works (modulo CHANGES) + +1: ylavic, wrowe, rjung + wrowe: good to fix inheritence. Unsure why ALL is the default on all + branches, I was sure it wasn't, but if we subvert ALL later, we + have done something odd. No impact on the validity of this patch. + + * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher + priority and add explanations relative to RFC 7525 guidance. + http://svn.apache.org/r1679428 + http://svn.apache.org/r1679432 [CHANGES] + 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch + +1: wrowe, ylavic, rjung + + +PATCHES PROPOSED TO BACKPORT FROM TRUNK: + [ New proposals should be added at the end of the list ] + + * mod_log_config: Add new format flag for requestion duration in milliseconds + trunk patch: http://svn.apache.org/r1675533 + 2.2.x patch: https://people.apache.org/~ylavic/httpd-2.2.x-req_duration_milliseconds-v1.patch + (modulo CHANGES) + +1: ylavic, breser + ylavic: first accepted merge reverted in r1679205, due to missing get_request_end_time() in 2.2.x. + v1 now s/get_request_end_time(r)/apr_time_now()/ + druggeri vote discarded. + + * mpm_winnt service.c: Accept utf-8 service names/descriptions for i18n. + trunk patches: http://svn.apache.org/r1611165 + http://svn.apache.org/r1611169 + 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-utf8-servicename.patch + +1: wrowe, gsmith + + * mod_proxy: use the original (non absolute) form of the request-line's URI + for requests embedded in CONNECT payloads used to connect SSL backends via + a ProxyRemote forward-proxy. PR 55892. + trunk patch: http://svn.apache.org/r1665215 + http://svn.apache.org/r1665218 (CHANGES entry) + 2.2.x patch: trunk works (modulo CHANGES) + +1: ylavic, wrowe + * core: Avoid potential use of uninitialized (NULL) request data in request line error path. trunk patch: http://svn.apache.org/r1664205 @@ -191,15 +207,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: vulnerable per se (no ErrorDocument handling from early request line parser), better be safe than sorry. - * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100. - trunk patch: http://svn.apache.org/r1653997 - 2.4.x patch: merged in http://svn.apache.org/r1663258 - 2.2.x patch: trunk works (modulo CHANGES) - +1: ylavic, wrowe, rjung - wrowe: good to fix inheritence. Unsure why ALL is the default on all - branches, I was sure it wasn't, but if we subvert ALL later, we - have done something odd. No impact on the validity of this patch. - * mod_authn_dbd: Fix lifetime of DB lookup entries independently of the selected DB engine. PR 46421. trunk patch: http://svn.apache.org/r1663647 @@ -217,13 +224,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-ap_proxy_connection_reusable.patch +1: ylavic, wrowe - * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher - priority and add explanations relative to RFC 7525 guidance. - http://svn.apache.org/r1679428 - http://svn.apache.org/r1679432 [CHANGES] - 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch - +1: wrowe, ylavic, rjung - PATCHES/ISSUES THAT ARE STALLED