You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/04/19 10:55:08 UTC

svn commit: r1469748 - /httpd/httpd/branches/2.0.x/STATUS

Author: rjung
Date: Fri Apr 19 08:55:08 2013
New Revision: 1469748

URL: http://svn.apache.org/r1469748
Log:
Update proposal and include the needed other
one in the patch.

Modified:
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1469748&r1=1469747&r2=1469748&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Apr 19 08:55:08 2013
@@ -155,10 +155,10 @@ RELEASE SHOWSTOPPERS:
      From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443
         Individual patches apply with offsets; here's a clean all-in-one:
         http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
-       +1: jim, rjung
+       +1: jim
        trawick: 2.2/2.4 now have a different solution (AllowAnyURI).
-       rjung: I added the AllowAnyURI patch below. It must be applied
-              on top of 2.0-CVE-2011-4317-r1235443.patch.
+       rjung: I added the AllowAnyURI patch below. Version 2 of the patch
+              integrates your 2.0-CVE-2011-4317-r1235443.patch.
 
    * Add AllowAnyURI, fix mod_rewrite configuration in Location.
      Patch must be applied on top of the CVE-2011-4317 patch above.
@@ -168,15 +168,22 @@ RELEASE SHOWSTOPPERS:
      trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1356115 and
                   http://svn.apache.org/viewvc?view=revision&revision=1356813 and
                   http://svn.apache.org/viewvc?view=revision&revision=1086662 and
-                  http://svn.apache.org/viewvc?view=revision&revision=1032431
+                  http://svn.apache.org/viewvc?view=revision&revision=1032431 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1410681 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1447426
      2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359687 and
                   http://svn.apache.org/viewvc?view=revision&revision=1086662 and
-                  http://svn.apache.org/viewvc?view=revision&revision=1032431
-     2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev
-     2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI.patch
+                  http://svn.apache.org/viewvc?view=revision&revision=1032431 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1418954 and
+                  http://svn.apache.org/viewvc?view=revision&revision=1447448
+     2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev and
+                  http://svn.apache.org/viewvc?rev=1447508&view=rev
+     2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI-v2.patch
      +1: rjung
      -1: covener needs to have the baseurl merge ripped out for 2.0.x, behavior change
          already noted in PR53963
+     rjung: I backported the MergeBase option plus no merging as default form 2.2.
+            2.0-AllowAnyURI-v2.patch contains that now.
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]