You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 1998/09/05 05:45:52 UTC
[STATUS] (apache-1.3) Fri Sep 4 23:45:50 EDT 1998
Apache 1.3 STATUS:
Release:
1.3.2: In development. Release proposed for Monday, September 7th, 1998
Ralf is volunteering as the release manager.
1.3.1: Tagged and rolled on July 19. Announced and released.
1.3.0: Tagged and rolled on June 1. Announced and Released on the 6th.
2.0 : In pre-alpha development, see apache-2.0 repository
RELEASE SHOWSTOPPERS:
WIN32 1.3.2 RELEASE SHOWSTOPPERS:
* can not build tarball until someone verifies the final code
will build on win32. Want to avoid changes-after-tag that
happened with 1.3.0.
* fix O(n^2) attack in mod_isapi.c ... i.e. recopy the code from
scan_script_headers_err_core.
Unix 1.3.2 RELEASE SHOWSTOPPERS:
* header detection is broken; eg. sys/resource.h often requires
other includes first, etc. This breaks things like RLimit*
on many platforms.
-- Ralf will try to solve this problem this week.
-- Also, the return type of main is wrong in the test code and a
"test test" needs to be done to ensure we can be successful with
any (eg. stdio.h) header and print an error if not. Otherwise, you
have _very_ difficult to resolve problems if you do something
like: link in a library on Solaris that also requires -lsocket
but don't explicitly put that on your EXTRA_LIBS line; then
the final result will link fine because Apache adds them for itself,
but all the testcompiles will fail because they aren't there at
that stage.
Documentation that needs writing:
* Need a document explaining mod_rewrite/"UseCanonicalName off" based
virtualhosting. (If it exists already I can't find it easily.)
=> It still doesn't exists but I've already assembled the relevant
information and config snippets. We just have to write a vhost-xxx.html
document out of it. -- rse
Available Patches:
* Bill Stoddard's [PATCH] PR2356 - SSI exec
This is an update of a patch I sent in earlier. There are 13 new
lines of code to detect and handle shellcmd. COMMAND.COM is used
to exec the script on Win95, CMD.EXE on NT.
Message-ID: <50...@MHS>
Status: Ken +1 (on concept), Lars +1 (on concept)
* Filenames containing whitespace characters caused problems for directives
Bill Stoddard <wg...@us.ibm.com>
Message-ID: <35...@us.ibm.com>
* Bill Stoddard's patch to make some structural changes to ap_call_exec to
make it more readable and friendly to a couple of patches that will
follow (capability to query the Win32 registry for interpreter name
and a fix for mod_include exec=cmd processing). This patch does not
change the function of ap_call_exec.
Message-ID: <50...@MHS>
Status: Ken +1 (on concept), Lars +1 (on concept)
* Configure tweaks to support building outside the source tree, and
add more customizeability for installation layout, by
Wilfredo Sanchez <ws...@apple.com>
Message-Id: <19...@scv4.apple.com>
Status: Ralf -1 (because it is too huge, has to be cleaned up and
split)
* Rhapsody port, by Wilfredo Sanchez <ws...@apple.com>
Message-Id: <19...@scv2.apple.com>
Status: Ken +1 (on concept), Lars +1 (on concept)
* Ralf's "[PATCH] Fix module init"
This fixes the mod_so/mod_perl problems described under "FINAL RELEASE
SHOWSTOPPERS" by doing a more correct init of the modules after loading
through two new core API functions.
Message-ID: <19...@engelschall.com>
Status: Ralf +1, Lars +1
* Paul's patch to add integrated restart/shutdown signalling (Win32)
This patch make Apache listen on predictable event names to allow
restarts and shutdowns to be initiated. Also adds a new command line
option to send the shutdown or restart signal to the running parent
process.
Message-ID: <Pi...@ecstasy.localnet>
Status: Ken +1 (on concept), Lars +1 (on concept)
* Martin's patch to use the Basic Authentication scheme for (proxy-)
ftp logins as well. When no password is given, but the ftp server
requires one, a [401 Auth Required] response is generated on-the-fly.
Message-ID: <19...@deejai.mch.sni.de>
Status: Lars +1 (on concept)
* Lars' patch to work around a Navigator/Mozilla bug when mod_proxy
is used (broken images).
(Marc doesn't like it and I don't like it either, but people will
blame Apache for it, so...)
Message-ID: <XF...@unix-ag.org>
In progress:
* Ken's IndexFormat enhancement to mod_autoindex to allow
CustomLog-like tailoring of directory listing formats
Needs patch:
* Ralf: mod_so doesn't correctly initialise modules. For instance
the handlers of mod_perl are not initialised.
An ap_init_modules() could be done from mod_so but this is too much.
I've already debugged this up to ap_invoke_handler() and it correctly
sees the handlers from mod_perl ("perl-script") and actually runs them.
But under DSO situation it returns DECLINED while under non-DSO
situation it runs fine. Sure, its mod_perl's fault because its mod_perl
code which returns DECLINED. But it definitely seems to be caused by a
missing init in mod_so under DSO situation. I've already asked Doug for
hints but he has not had a chance to look into it.
Currently at least mod_perl is broken under the DSO situation because of
this missing init in mod_so. But perhaps there are more modules which
have the same problem. This should be fixed for 1.3.1 or at least found
out why it is happening!
* get_path_info bug; ap_get_remote_host should be ap_vformatter instead.
See: <Pi...@twinlark.arctic.org>
* uri issues
- RFC2068 requires a server to recognize its own IP addr(s) in dot
notation, we do this fine if the user follows the dns-caveats
documentation... we should handle it in the case the user doesn't ever
supply a dot-notation address.
* Amdalh UTS 2.1.2
Message-Id: <98...@ihgp1.ih.lucent.com>
Message-Id: <19...@tiber.cisco.com>
Jim: Sounded like the version of the OS that required
the patches were WAY old and would bugger the newer
versions... Not sure if we want to do that.
* Problems dealing with .-rooted domain names such as "twinlark." versus
"twinlark.arctic.org.". See the thread containing
Message-ID: <19...@deejai.mch.sni.de> for more details.
In particular this affects the correctness of the proxy and the
vhost mechanism.
* PR#1799: we need to add a "default" or "none" handler to deal with
filenames such as foo.map.gif which aren't image maps, and shouldn't
be considered such. See discussion in
<Pi...@twinlark.arctic.org>
<Pi...@ecstasy.localnet>
<34...@Golux.Com>
<34...@Golux.Com>
(feb98 archives)
Jim: I thought that we decided "default", although Ken
thought it ugly
Ken: I just don't like using "Add" when reverting something; not a -1
* proxy_*_canon routines use r->proxyreq incorrectly. See
<Pi...@twinlark.arctic.org>
Open issues:
* Underscores on symbols in DSO situation is broken for NetBSD:
Here is a private conversation between me (rse) and Charles Hannum of
the NetBSD project:
From: "Charles M. Hannum" <my...@netbsd.org>
> We have a bug report at the Apache BugDB (see
> http://bugs.apache.org/private/index/full/2462) where a user says
> under a particular NetBSD platform (NetBSD/pmax 1.3.2) the symbols on
> dlsym() don't need an underscore. In FreeBSD world we always had the
> underscore,
> [...]
This is less an issue of OS, and more an issue of a.out vs. ELF. The
underscores are always used for a.out, and are never used for ELF.
Therefore, on any platform where we use ELF (that would be Alpha, MIPS,
PowerPC and UltraSPARC currently, although there are plans to eventually
switch on other platforms), the underscores should not be added, and on
all other platforms they should be.
You can differentiate by comparing the output of `uname -m' with any
of: alpha bebox macppc newsmips ofppc pica pmax sparc64.
* How should an Apache binary release tarball look?
NOTE: This should be resolved before 1.3.1 !!
1. The "old" way where it is just a source release tarball
plus a pre-compiled src/httpd-<gnutriple>. It is created
via the apache-devsite/binbuild.sh script which
- creates the build tree
- creates the src/Configuration file with standard modules
- runs "make"
- renames src/httpd to src/httpd-<gnutriple>
- runs "make clean"
- packs the build tree stuff together
Already known discussion points:
- should src/httpd be renamed or now because a lot
of PRs say they cannot find the httpd :-(
Pros: <gets filled tomorrow>
Cons: <gets filled tomorrow>
Status: Ralf -0, Ken +0
2. The way other projects release binary tarballs, i.e.
a package containing the installed (binary) files.
It can be created by a script which
- creates the build tree
- runs "./configure --prefix=/usr/local/apache \
--enable-shared=remain \
--disable-module=auth_db \
--enable-suexec ..."
- runs "make install root=apache-root"
- packs the stuff together from ./apache-root only!!
Already known discussion points:
- should there be a prefix usr/local/apache in
the tarball or not? Some people think
it's useful while others dislike it a lot.
- it doesn't include the source.
- should suexec be prebuilt in a binary tarball?
Pros: <gets filled tomorrow>
Cons: <gets filled tomorrow>
Status: Ralf +1, Martin +1, Ken -1 (not a veto)
* Redefine APACHE_RELEASE. Add another 'bit' to signify whether
it's a beta or final release. Maybe 'MMNNFFRBB' which means:
MM: Major release #
NN: Minor release #
FF: "fix" level
R: 0 if beta, 1 if final release
BB: beta number
See: <19...@devsys.jaguNET.com>
Status: Jim +1, Ben +1, Martin +1
* Someone other than Dean has to do a security/correctness review on
psprintf(), bprintf(), and ap_snprintf(). In particular these routines
do lots of fun pointer manipulations and such and possibly have overflow
errors. The respective flush_funcs also need to be exercised.
o Jim's looked over the ap_snprintf() stuff (the changes that Dean
did to make thread-safe) and they look fine.
o Laura La Gassa's looked over ap_vformatter & other related code
o Martin did a "source review" as well.
o Could still use 1 or 2 more sets of eyeballs.
Status: Is this still valid??
* Paul would like to see a 'gdbm' option because he uses
it a lot.
* Maybe a http_paths.h file? See
<Pi...@valis.worldgate.com>
+1: Brian, Paul, Ralf, Martin
+0: Jim (not for 1.3.0)
* Release builds: Should we provide Configuration or not?
Should we 'make all suexec' in src/support?
+1: Brian, Jim, Ken +1 (possible suexec path issue, though)
* root's environment is inherited by the Apache server. Jim & Ken
think we should recommend using 'env' to build the
appropriate environment. Marc and Alexei don't see any
big deal. Martin says that not every "env" has a -u flag.
* Marc's socket options like source routing (kill them?)
Marc, Martin say Yes
* Ken's PR#1053: an error when accessing a negotiated document
explicitly names the variant selected. Should it do so, or should
the original URI be referenced?
* Proposed API Changes:
- r->content_language is for backwards compatibility... with modules
that may not link any longer without some minor editing. The new
field is r->content_languages. Heck it's not even mentioned in
apache-devsite/mmn.txt when we got content_languages (note the s!).
The proposal is to remove r->content_language:
Status: Paul +1, Ralf +1, Ken +1
- child_exit() is redundant, it can be implemented via cleanups. It is
not "symmetric" in the sense that there is no exit API method to go
along with the init() API method. There is no need for an exit
method, there are already modules using cleanups to perform this (see
mod_mmap_static, and mod_php3 for example). The proposal is to
remove the child_exit() method and document cleanups as the method of
handling this need.
Status: Rasmus +1, Paul +1, Jim +1,
Martin +1, Ralf +1, Ken +1
* Should we re-enable nagle now that we're non-buffering CGIs? See
various messages from Marc in March 98.
Win32 specific issues:
In progress:
* Martin's busy adding Via: support to the proby
* Ben's ASP work... All agree it sounds cool.
* DDA's adding a tray application to the Windoze version for ease of
status/management.
<01...@caravan.individual.com>
<01...@caravan.individual.com>
Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
we get a single executable)
Paul: No like Win95 specific stuff
Ken: What's W95-specific about it?
Help:
* "Directory /", "Directory C:/" both fail to do anything,
while "Directory *" SEGVs.
* chdir() for CGI scripts and mod_include #exec needs to be
re-implemented now that CreateProcess is being used.
* process/thread model
- need dynamic thread creation/destruction, similar to
Unix process model
- can't use WaitForMultipleObjects in the same way we
do now, since that has a limit of 64(!) objects. Grr.
PR#1665
* some errors printed by CGIs to stderr don't end up making it
to the server log unless an extra debugging message is added
after they run? (PR#1725 indicates this may not be just Win32)
* handle bugs that make it pop up errors on console, ie. segv
equiv? Can we do this? Need to make it robust.
* install
- make installshield work
- config in cvs tree?
- install docs, etc.?
- location for install
* the mutex should be critical-regions, since the current design
is creating a mess of SO calls that are unnecessary
* we don't mmap on NT. Use TransmitFile?
* CGIs
- docs on how they work w/scripts
- use registry to find interpreter?
- WTF is the buffering coming from?
- we don't have a way to make non-blocking files on NT!
* performance
* documentation:
- running the server without admin
- how CGIs work
- update README.NT
- short/long name handling
- better status page on current state of NT for users
* http_main.c hell
- split into two files?
* who should run the service? Who exactly is the "system account"?
docs say:
Localsystem is a very privileged account locally, so you shouldn't run
any shareware applications there. However, it has no network privileges
and cannot leave the machine via any NT-secured mechanism, including
file system, named pipes, DCOM, or secure RPC.
and:
A service that runs in the context of the LocalSystem account
inherits the security context of the SCM. It is not associated with
any logged-on user account and does not have credentials (domain
name, user name, and password) to be used for verification. This
has several implications: [... removed ...]
That _really_ sucks. Can we recommend running Apache as some
other user?
* need a crypt() of some sort.
- sources are easy; problem is export restrictions on DES
- if we don't do DES, can do md5
* modules that need to be made to work on win32
- mod_example isn't multithreadreded
- mod_unique_id (needs mt changes)
- mod_auth_db.c (do we want to even try this? We should have some
db of some sort... what else can we pick from under win32?)
- mod_auth_dbm.c
- mod_info.c (PR re exporting symbols for it...)
- mod_log_agent.c
- mod_log_referer.c
- mod_mime_magic.c (needs access to mod_mime API stage...)
* do something to disable bogus warnings
* rfc1413.c has static storage which won't work multithreaded
* mod_include --> exec cgi, exec cmd, etc. don't work right.
Looks like a code path that isn't run anywhere else that has
something not quite right... A PR or two on it.
* signal type handling
- how to rotate logs from command line?
* Currently if you double click on the conf files or the
log files you get a useless dialog offering the set of all
execuables, usually after a very long pause. Ought
to stuff .conf in the registry mapping it to text.
* apparently either "BrowserMatch" or the "nokeepalive" variable
cause instability - see PR#1729.
Delayed until after 1.3.0, unless someone happens to get to it:
* Arnt Gulbrandsen <ag...@troll.no> 03 Apr 1998 21:28:17 +0200
<m3...@lupinella.troll.no> mod_usertrack.c patch:
The patch provides per-domain cookies (which I use to share user-ids
among the *.troll.no web servers) and configurable cookie names. It
also marginally increases the efficiency of Apache when the server
runs with DNS lookups turned off.
Update: Dean found one part of the patch unacceptable, Arnt is in
the process of updating it.
* TZ should not be dealt with specially any longer now that we have
"PassEnv". See
<Pi...@twinlark.arctic.org>
Jim: IMO it's too late in the game for this... I'm
sure this would cause some strange bug reports as
people's cgi-scripts no longer work correctly
("It worked just fine before I upgraded to 1.3.0")
unless we warn people in big nasty letters to add
PassEnv TZ to their config files "just in case"
and hope they do it :)
* proxy module doesn't load on Win95. Why? Good question.
PR#1462.
* In ap_bclose() there's no test that (fb->fd != -1) -- so it's
possible that it'll do something completely bogus when it's
used for read-only things. - Dean Gaudet
* ap_pcfg_openfile doesn't use pfopen() to open the file. Consider
.htaccess parsing, if a timeout occurs the file may not be closed. I
can't imagine that a timeout would be set during this stage... but it'd
probably be good to just clean this up. - Dean Gaudet
* Okay, so our negotiation strategy needs a bit of refinement. See
<Pi...@twinlark.arctic.org>.
In general, we need to go through and clean up the negotiation
module to make it compliant with the final HTTP/1.1 draft, and at the
very least we should make it more copacetic to the idea of transferring
gzipped variants of files when both variants exist on the server.
* Roy's HTTP/1.1 Wishlist items:
1) New status codes?
2) Expect
3) byte range error handling
4) update the Accept-Encoding parser to allow q-values
5) would be nice if the proxy used Via, even as
HTTP/1.0
* #ifdef __EMX__ --> #ifdef OS2.
* use of spawnvp in uncompress_child in mod_mime_magic - doesn't
use the new child_info structure, is this still safe? Needs to be
looked at.
* suexec doesn't understand argv parameters; e.g.
<!--#exec cmd="./ls -l" -->
fails even when "ls" is in the same directory because suexec is trying
to stat a file called "ls -l". A patch for this is available at
http://www.xnet.com/~emarshal/suexec.diff
and it's not bad except that it doesn't handle programs with spaces in
the filename (think win32, or samba-mounted filesystems). There are
several PR's to this and I don't see for security reasons why we can't
accomodate it, though it does add complexity to suexec.c.
PR #1120
Brian: +1
Binaries
The goal here is to have two columns of all-Y (where applicable)
for the two stable release versions, and nothing under Old unless
the new version just doesn't work on that platform.
1.2.6 1.3.1 Old
aix_4.1 N Y 1.2.5, 1.3.0
alphalinux N N 1.3.0
aux_3.1 N N 1.3.0
decalphaNT N N 1.3b6
dunix_4.0 N Y 1.2.4, 1.3.0
freebsd_2.1 N N 1.2.4
freebsd_2.2 N N 1.2.5
hpux_10.20 N N 1.2.5
hpux_11 N Y
irix_6.2 N N 1.2.5
linux_2.x N N 1.2.4, 1.3.0
netbsd_1.2 N N 1.2.4
os2 N Y 1.3b6, 1.3b7
reliantunix_5.4 Y N 1.3.0
solaris N Y* 1.2.5, 1.3.0 (* for Solaris 2.6)
sparclinux N Y 1.3.0
sunos_4.1.x N N 1.2.5
ultrix_4.4 N N 1.2.4
win32 - Y