You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/09/25 19:48:38 UTC
[STATUS] 1.2.5: Thu Sep 25 10:48:06 PDT 1997
No timeline. 1.3b1 should be released first.
Committed since 1.2.4:
* PR#1107: defend against linux select EFAULT
* PR#1064: inetd mode uses timeouts without setting up the jmpbuf
Available:
see http://www.arctic.org/~dgaudet/apache/1.2.5
mod_userdir_finfo:
mod_userdir overwrites r->finfo in cases where it does not also
update r->filename. These two are meant to be in sync, so this
is a bug.
Status: Dean +1
Already applied to 1.3.
Ken's mod_include_redirect:
mod_include doesn't deal properly with redirect status codes from
CGIs other than 302.
Status: Dean +1
Already applied to 1.3.
Dean's mod_include_etag:
PR#1133: mod_include shouldn't send ETag when XBitHack Full is
set.
Status: Dean +1
Alternate solution already in 1.3.
Jason Dour's suexec_log:
suexec.c is supposed to be able to be compiled with LOG_EXEC
undefined.
Status: Jason +1
not in 1.3 yet
mod_imap blocks non-GET methods
see: <Pi...@localhost>
Status: Brian +1, Dean thinks that POST should be allowed too
not in 1.3 yet
Dean's mod_include_1139.patch:
PR#1139: mod_include uses uninitialized data when parsing exprs
using && and ||.
Status: Dean +1
not in 1.3 yet
Garey's OS/2 proxy fix.
<19...@mail.slink.com>
This is against 1.2.4.
Status: Garey +1
needs to be done for 1.3 as well
[PATCH] config/1159: Configure always returns exit code of 0 (fwd)
<Pi...@twinlark.arctic.org>
Status: Dean +1
probably needs to be done for 1.3 as well
Lars' [PATCH] proxy matching bug PR#974
<XF...@unix-ag.org>
Fixes proxy bug when accessing multi-ip hosts.
Status: Dean +1
not in 1.3 yet
RE: [STATUS] 1.2.5: Thu Sep 25 10:48:06 PDT 1997
Posted by Lars Eilebrecht <La...@unix-ag.org>.
According to Dean Gaudet:
> Lars' [PATCH] proxy matching bug PR#974
> <XF...@unix-ag.org>
> Fixes proxy bug when accessing multi-ip hosts.
> Status: Dean +1
> not in 1.3 yet
This patch is for 1.3 only (1.2 doesn't has the NoProxy feature).
ciao...
--
Lars Eilebrecht - I still miss Windows...
sfx@unix-ag.org - but my aim is getting better.
http://www.si.unix-ag.org/~sfx/
[PATCH]: check_hostalias (was Re: [STATUS] 1.2.5....)
Posted by Ed Korthof <ed...@organic.com>.
There are several bugs I noted a while ago in 1.2.x, regarding name-based
virtual hosts. I wrote some patches, but then got caught up in other
stuff before I finished testing and cleaning them up.
The first problem is mixing port- and name-based virtual hosts. This is
not a common situation, but basically, if you have a name-based virtual
host (ie it shares IPs and its port w/ the main server), then it will not
be available on any of the ip:port entries before the last one in the
<VirtualHost> line, which have a different port than the last item.
(Unless the last item has port '*' and the Port directive is not used.) If
the Port directive is used, it takes the place of the last port statement
in the VirtualHost line.
The second problem is a potential security hole. It's fairly minor, but
is something people might easily overlook: if any virtual host is
protected by packet-filter or firewall ip based rules, but not by Apache's
ip-based protection (which is plausible, if unlikely), then that host may
be accessible through it's name (given a couple of conditions which I can
outline) -- something you would not (IMO) expect w/o reading the code.
Anyway, the attached patch solves these two issues; I believe it does not
alter Apache's behavior in any other way.
My understanding (after speaking w/ Alexei) is that this second item was
left in due to the possibility of someone switching DNS -- it's entirely
plausible that during a time of transition for name-based virtual hosts,
this could cause a period of inaccessibility. However, that can be dealt
with use ServerAlias, which was (and is, after this patch) a kind of wild
card.
It's certainly possible to fix the first item w/o doing the second one --
if people want to do that, that's fine with me. But the second item will
not cause any problems accept as noted above, during DNS transitions; and
there are ways around that. It is a small bug, but again, it's one people
might well overlook and never realize they were missing it.
-- Ed Korthof | Web Server Engineer --
-- ed@organic.com | Organic Online, Inc --
-- (415) 278-5676 | Fax: (415) 284-6891 --
On Thu, 25 Sep 1997, Dean Gaudet wrote:
> No timeline. 1.3b1 should be released first.