On 2/27/2019 5:06 PM, William A Rowe Jr wrote:
With several new features added to the 1.7 branch, the fixes to the
Netware locking we had deferred, and the proposed correction of
SIGUSR2, I'm wondering what we see as remaining obstacles.
Any other concerns ahead of 1.7.0?
If I may propose: BZ62342 still applies to all versions of apr (2.x) /
apr-util (1.x) and is a major security gap. I'm happy to provide a
1.7-specific patch as I've already done so for 1.5 and 2.0 via BugZilla
(though, I have yet to see any mention of it being included in any
PRs). Risk is low with this patch; it is being manually applied and
distributed throughout two organizations. It has proven effective,
backward-compatible, and production-safe since May of last year.
If there's a better way to pitch/submit this other than as patch files
to a BugZilla record that I bring up every time someone wants a release,
I'd love to take part in that other process.
Thanks for any consideration,
William Kimball Jr.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.