You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/04/19 10:55:08 UTC
svn commit: r1469748 - /httpd/httpd/branches/2.0.x/STATUS
Author: rjung
Date: Fri Apr 19 08:55:08 2013
New Revision: 1469748
URL: http://svn.apache.org/r1469748
Log:
Update proposal and include the needed other
one in the patch.
Modified:
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1469748&r1=1469747&r2=1469748&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Apr 19 08:55:08 2013
@@ -155,10 +155,10 @@ RELEASE SHOWSTOPPERS:
From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
Individual patches apply with offsets; here's a clean all-in-one:
http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
- +1: jim, rjung
+ +1: jim
trawick: 2.2/2.4 now have a different solution (AllowAnyURI).
- rjung: I added the AllowAnyURI patch below. It must be applied
- on top of 2.0-CVE-2011-4317-r1235443.patch.
+ rjung: I added the AllowAnyURI patch below. Version 2 of the patch
+ integrates your 2.0-CVE-2011-4317-r1235443.patch.
* Add AllowAnyURI, fix mod_rewrite configuration in Location.
Patch must be applied on top of the CVE-2011-4317 patch above.
@@ -168,15 +168,22 @@ RELEASE SHOWSTOPPERS:
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1356115 and
http://svn.apache.org/viewvc?view=revision&revision=1356813 and
http://svn.apache.org/viewvc?view=revision&revision=1086662 and
- http://svn.apache.org/viewvc?view=revision&revision=1032431
+ http://svn.apache.org/viewvc?view=revision&revision=1032431 and
+ http://svn.apache.org/viewvc?view=revision&revision=1410681 and
+ http://svn.apache.org/viewvc?view=revision&revision=1447426
2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359687 and
http://svn.apache.org/viewvc?view=revision&revision=1086662 and
- http://svn.apache.org/viewvc?view=revision&revision=1032431
- 2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev
- 2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI.patch
+ http://svn.apache.org/viewvc?view=revision&revision=1032431 and
+ http://svn.apache.org/viewvc?view=revision&revision=1418954 and
+ http://svn.apache.org/viewvc?view=revision&revision=1447448
+ 2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev and
+ http://svn.apache.org/viewvc?rev=1447508&view=rev
+ 2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI-v2.patch
+1: rjung
-1: covener needs to have the baseurl merge ripped out for 2.0.x, behavior change
already noted in PR53963
+ rjung: I backported the MergeBase option plus no merging as default form 2.2.
+ 2.0-AllowAnyURI-v2.patch contains that now.
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]