Commit 3798ce3f authored by Rainer Jung's avatar Rainer Jung
Browse files

Update proposal and include the needed other 

one in the patch.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1469748 13f79535-47bb-0310-9956-ffa450edef68
parent 22996ee8

STATUS

+14 −7
Original line number Diff line number Diff line
@@ -155,10 +155,10 @@ RELEASE SHOWSTOPPERS: 
     From 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1235443

        Individual patches apply with offsets; here's a clean all-in-one:

        http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch

       +1: jim, rjung

       +1: jim

       trawick: 2.2/2.4 now have a different solution (AllowAnyURI).

       rjung: I added the AllowAnyURI patch below. It must be applied

              on top of 2.0-CVE-2011-4317-r1235443.patch.

       rjung: I added the AllowAnyURI patch below. Version 2 of the patch

              integrates your 2.0-CVE-2011-4317-r1235443.patch.



   * Add AllowAnyURI, fix mod_rewrite configuration in Location.

     Patch must be applied on top of the CVE-2011-4317 patch above.
@@ -168,15 +168,22 @@ RELEASE SHOWSTOPPERS: 
     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1356115 and

                  http://svn.apache.org/viewvc?view=revision&revision=1356813 and

                  http://svn.apache.org/viewvc?view=revision&revision=1086662 and

                  http://svn.apache.org/viewvc?view=revision&revision=1032431

                  http://svn.apache.org/viewvc?view=revision&revision=1032431 and

                  http://svn.apache.org/viewvc?view=revision&revision=1410681 and

                  http://svn.apache.org/viewvc?view=revision&revision=1447426

     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359687 and

                  http://svn.apache.org/viewvc?view=revision&revision=1086662 and

                  http://svn.apache.org/viewvc?view=revision&revision=1032431

     2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev

     2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI.patch

                  http://svn.apache.org/viewvc?view=revision&revision=1032431 and

                  http://svn.apache.org/viewvc?view=revision&revision=1418954 and

                  http://svn.apache.org/viewvc?view=revision&revision=1447448

     2.2.x patch: http://svn.apache.org/viewvc?rev=1375113&view=rev and

                  http://svn.apache.org/viewvc?rev=1447508&view=rev

     2.0.x patch: http://people.apache.org/~rjung/patches/2.0-AllowAnyURI-v2.patch

     +1: rjung

     -1: covener needs to have the baseurl merge ripped out for 2.0.x, behavior change

         already noted in PR53963

     rjung: I backported the MergeBase option plus no merging as default form 2.2.

            2.0-AllowAnyURI-v2.patch contains that now.



PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]