From: Ruediger Pluem Date: Tue, 27 May 2008 22:27:02 +0000 (+0000) Subject: * Promote X-Git-Tag: 2.2.9~96 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76621bae418c75e981979bb10e57bc683218f4c1;p=thirdparty%2Fapache%2Fhttpd.git * Promote git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@660750 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index e62c58870a9..0715df88373 100644 --- a/STATUS +++ b/STATUS @@ -94,6 +94,22 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + * suexec: When group is given as a numeric gid, validate it by looking up + the actual group name such that the name can be used in log entries. + PR 7862 [, Leif W ] + Trunk version of patch: + http://svn.apache.org/viewvc?view=rev&revision=655711 + Backport version for 2.2.x of patch: + Trunk version works + +1: fielding, jim, rpluem + jim says: the use of atoi to generate the ?ID is + consistent with what we do elsewhere but troubling... + we need to find a better way to do this. In particular, + ?ids cannot, iirc, be signed - this is more a note to + self ;) + Roy replies: the patch adds an id lookup and replaces the atoi id + with the validated result. Invalid input will now error out. + PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] @@ -143,22 +159,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: again I ask myself how we can be sure that the chroot function is actually present on the platform we compile. - * suexec: When group is given as a numeric gid, validate it by looking up - the actual group name such that the name can be used in log entries. - PR 7862 [, Leif W ] - Trunk version of patch: - http://svn.apache.org/viewvc?view=rev&revision=655711 - Backport version for 2.2.x of patch: - Trunk version works - +1: fielding, jim, rpluem - jim says: the use of atoi to generate the ?ID is - consistent with what we do elsewhere but troubling... - we need to find a better way to do this. In particular, - ?ids cannot, iirc, be signed - this is more a note to - self ;) - Roy replies: the patch adds an id lookup and replaces the atoi id - with the validated result. Invalid input will now error out. - * mod_rewrite: Allow Cookie option to set secure and HttpOnly flags. PR 44799 Trunk version of patch: