You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2008/05/28 00:27:02 UTC
svn commit: r660750 - /httpd/httpd/branches/2.2.x/STATUS
Author: rpluem
Date: Tue May 27 15:27:02 2008
New Revision: 660750
URL: http://svn.apache.org/viewvc?rev=660750&view=rev
Log:
* Promote
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=660750&r1=660749&r2=660750&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue May 27 15:27:02 2008
@@ -94,6 +94,22 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
+ * suexec: When group is given as a numeric gid, validate it by looking up
+ the actual group name such that the name can be used in log entries.
+ PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
+ Trunk version of patch:
+ http://svn.apache.org/viewvc?view=rev&revision=655711
+ Backport version for 2.2.x of patch:
+ Trunk version works
+ +1: fielding, jim, rpluem
+ jim says: the use of atoi to generate the ?ID is
+ consistent with what we do elsewhere but troubling...
+ we need to find a better way to do this. In particular,
+ ?ids cannot, iirc, be signed - this is more a note to
+ self ;)
+ Roy replies: the patch adds an id lookup and replaces the atoi id
+ with the validated result. Invalid input will now error out.
+
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
@@ -143,22 +159,6 @@
again I ask myself how we can be sure that the chroot function is actually
present on the platform we compile.
- * suexec: When group is given as a numeric gid, validate it by looking up
- the actual group name such that the name can be used in log entries.
- PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
- Trunk version of patch:
- http://svn.apache.org/viewvc?view=rev&revision=655711
- Backport version for 2.2.x of patch:
- Trunk version works
- +1: fielding, jim, rpluem
- jim says: the use of atoi to generate the ?ID is
- consistent with what we do elsewhere but troubling...
- we need to find a better way to do this. In particular,
- ?ids cannot, iirc, be signed - this is more a note to
- self ;)
- Roy replies: the patch adds an id lookup and replaces the atoi id
- with the validated result. Invalid input will now error out.
-
* mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
PR 44799
Trunk version of patch: