You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 2000/06/01 05:45:05 UTC
[STATUS] (apache-1.3) Wed May 31 23:45:04 EDT 2000
1.3 STATUS:
Last modified at [$Date: 2000/05/25 16:45:25 $]
Release:
1.3.13-dev: In development.
1.3.12: Tagged and rolled Feb. 23, 2000. Released and
announced on the 25th.
1.3.11: Tagged and rolled Jan. 19, 2000. Released and
announced on the 21st.
1.3.10: Not released. Pulled at "last minute" due to
a build bug in the MPE port.
1.3.9: Tagged and rolled on Aug. 16. Released and announced on 19th.
1.3.8: Not released.
1.3.7: Not released.
1.3.6. Tagged and rolled on Mar. 22. Released and announced on 24th.
1.3.5: Not released.
1.3.4: Tagged and rolled on Jan. 9. Released on 11th, announced on 12th.
1.3.3: Tagged and rolled on Oct. 7. Released on 9th, announced on 10th.
1.3.2: Tagged and rolled on Sep. 21. Announced and released on 23rd.
1.3.1: Tagged and rolled on July 19. Announced and released.
1.3.0: Tagged and rolled on June 1. Announced and released on the 6th.
2.0 : In pre-alpha development, see apache-2.0 repository
RELEASE SHOWSTOPPERS:
* None at present
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
* long pathnames with many components and no AllowOverride None
Workaround is to define <Directory /> with AllowOverride None,
which is something all sites should do in any case.
Status: Marc was looking at it.
* Ronald Tschal�r's patch to mod_proxy to allow other modules to
set headers too (needed by mod_auth_digest)
Message-ID: <19...@chill.innovation.ch>
Status:
Documentation that needs writing:
Available Patches:
* Eric Wedel <we...@wenet.net>'s patch for CONNECT method and proxy
on Win32. Addresses PR 5107 and maybe 2014.
PR: 5899
Status:
* Dan Astoorian <dj...@cs.toronto.edu>'s patch to fix mod_include RE
tokenisation
PR: 5898
Status:
* Gerd Knorr <gk...@berlinonline.de>'s patch to enable mod_auth_digest
to handle both Digest *and* Basic authentication modes.
PR: 5879
Status:
* Andrew Ford's patch (1999/12/05) to add absolute times to mod_expires
Message-ID: <m3...@icarus.demon.co.uk>
Status: Martin +1, Jim +1, Ken +1 (on concept)
* Raymond S Brand's path to mod_autoindex to fix the header/readme
include processing so the envariables are correct for the included
documents. (Actually, there are two variants in the patch message,
for two different ways of doing it.)
Message-ID: <38...@rsbx.net>
Status: Martin +1(concept)
* Jayaram's patch (10/27/99) to fix PR4856
PR: 4856 It is found that UnSetEnv directive fails to unset the
environment variable in the server config context.
Status:
* Jayaram's patch (10/27/99) for changes to mod_autoindex
Problem 1:
------------------------
AddIcon (<alttext>,<icon>) ^^DIRECTORY^^
and
AddIcon (<alttext>,<icon>) ^^BLANKICON^^
should be able to set the alternate text and icon file for any
directory/blankicon in a directory listing. This was not happening
because the alternate text for ^^DIRECTORY^^ and ^^BLANKICON^^ were
hardcoded to "DIR" and " " respectively.
Problem 2:
-------------------------
IndexIgnore <file-extension> should hide the files with this file-
extension in directory listings. This was NOT happening because the
total filename was being compared with the file-extension.
Status: Martin +1(untested), Ken +1(untested)
* JJ Keijser's patch (99/10/06) to:
- Run Apache as a service on Win95 (PR2208)
- Making sure that Apache is shut down when the system is shutdown.
(PR1643, PR2472)
- Use apache -i/-u to install/uninstalling Apache on Win95
- Add ConsoleCtrlHandler to catch Ctrl-C in the Apache console window
- Make Apache shut down cleanly when run on Windows 95 (PR4125)
PR#: PR2472, PR4125, PR1643 (suspended) and PR2208 (suspended).
Status: Martin +1(untested)
* Paul Reder's patch to fix Allow/Deny (.htaccess parsing) in
regex <Directory*> processing.
Message-ID: <37...@raleigh.ibm.com>
PR: 3019, 3454
Status:
* David Harris' patch to add a function to report on the number
of bytes in a pool that are actually used.
Message-ID: <00...@delf>
Status:
* Stipe Tolj's Cygwin32 port
PR#: 2936
Status: Lars +1 (on concept), Martin +1 (on concept), Ken +1 (concept)
* Salvador Ortiz Garcia <so...@msg.com.mx>' patch to allow DirectoryIndex
to refer to URIs for non-static resources.
MID: <Pi...@xiomara.msg.com.mx>
Status: Ken +1 (on concept), Lars +1 (on concept)
* Ralf's [PATCH] to add EAPI (ctx, hook, mm, etc.) to the base package
Message-ID: <19...@engelschall.com>
Status: Mark +1, Dean +1, BenH +1,
Randy +1 (please choose name other than "hook")
Doug +1 on concept (untested), Lars +1 on concept,
Martin +1 (untested), Fred +1,
Jim -1 (I really don't think it makes sense to
add this right now this late in the release cycle
for 1.3.10. I am +1 for 1.3.11)
Greg -0 for 1.3 series.
* Brian Havard's patch to remove dependency of mod_auth_dbm on mod_auth.
(PR#2598)
Message-ID: <19...@silk.apana.org.au>
Status: Lars +1 (on concept), Ken +1 (on concept), Martin +1(untested)
* Aidan Cully's patch to allow assignment of 'ownership' of resources
to either the server UID or the file's owner.
Message-ID: <37...@Golux.Com>
Status: Ken +1, Dean +1, Randy +1, Lars +0, Jim +1
* Keith Wannamaker's NT multiple services patch
Message-ID: <85...@d54mta06.raleigh.ibm.com>
Status: Bill +1 (on concept), Lars +1 (on concept)
* Jun-ichiro itojun Hagino's [PATCH] IPv6 enable patch
ftp://ftp.kame.net/pub/kame/misc/apache-139-v6-19991013a.diff.gz
Message-ID: <18...@coconut.itojun.org>,
<24...@coconut.itojun.org>
Status: Lars +1 (on concept), Dirkx +1 (tested),
Martin +1 (on concept, but patched apache does not
compile successfully on pre-IPv6-SVR4,
and possibly others), Jim -1 (not for 1.3.10)
Greg -0 for 1.3 series.
* Peter Greis' new '%m' CustomLog option: the time taken to serve the
request, in milli-seconds.
Message-ID: PR#2838
Status: Jim +0 (as is, the patch requires rework since it needs
to be aware of NO_GETTIMEOFDAY and NO_TIMES as well as
implement a times() alternative. Not only that, but with
extended_status, we calculate this anyway).
* Juan Gallego's patch to add CSH-style modifiers (:h, :r, :t, :e)
to mod_include's variable processing.
Mesage-ID: PR#3246, also available at
<http://www.physics.mcgill.ca/~juan/mod_include.patch>
Status: Ken, Greg: -0 for 1.3/+0 for 2.0
Lars -0 for 1.3
* Eric Prud'hommeaux's mod_dir mods for file-level access control.
Message-ID: <Pi...@tux.w3.org>
Status: Jim -0 (The current behavior seems logical to me. If there
was more universal interest in changing it, then that would be
a different matter).
* Eric Prud'hommeaux's mods for practical negotiation with
file level access control.
Message-ID: <Pi...@tux.w3.org>
Status:
* Greg's XML Handling patch
Message-ID: <37...@lyra.org>
Message-ID: <37...@lyra.org>
Status: Greg -0 (will integrate into 2.0 rather than 1.3)
Martin +1 (on concept)
In progress:
* Doug MacEachern's libapr - Generic Apache Request Library (Alpha)
This package contains modules for manipulating client request data
via the Apache API with Perl and C.
Status: http://www.pobox.com/~dougm/libapr-0.20_01.tar.gz
* David Harris' note of odd size memory allocations. Dean notes
that this is due to BLOCK_MIN_ALLOC. Should we reduce it to 1024?
Discussion in thread following message-ID below.
Message-ID: <00...@delf>
Status:
* Martin Kraemer's mod_ebcdic.c: a new module which will contain the
ebcdic related stuff (common to all ebcdic based os's) and will
allow for flexible configuration of the conversion rules. That
will replace the current hardwired heuristics.
Message-Id: none yet
Status: first prototype running, to be posted to list soon.
Needs patch:
* MaxRequestsPerChild doesn't count requests, only the
number of connections processed.
We can either 'fix' it by renaming the directive to
MaxConnectionsPerChild or really fix it to actually count
the number of requests.
Lars: I think we should really fix.
Ken: Definitely fix this, otherwise a massive series of
requests on the same connection is possible, which
defeats the purpose.
Jim: The main idea behind this is to avoid problems with
memory leaks. So it really doesn't matter which we
do, as long as there's a match between the directive
and what it does. Since it's easier, I'd say just
rename to MaxConnectionsPerChild but keep MaxRequestsPerChild
as an "alias" to that (maybe print a short "MaxRequestsPerChild
is depreciated" message when Apache starts).
* get_path_info bug; ap_get_remote_host should be ap_vformatter instead.
See: <Pi...@twinlark.arctic.org>
* URI issues
- RFC2068 requires a server to recognize its own IP addr(s) in dot
notation, we do this fine if the user follows the dns-caveats
documentation... we should handle it in the case the user doesn't ever
supply a dot-notation address.
* Problems dealing with .-rooted domain names such as "twinlark." versus
"twinlark.arctic.org.". See the thread containing
Message-ID: <19...@deejai.mch.sni.de> for more details.
In particular this affects the correctness of the proxy and the
vhost mechanism.
* proxy_*_canon routines use r->proxyreq incorrectly. See
<Pi...@twinlark.arctic.org>
* work around a Navigator/Mozilla bug when mod_proxy is used
(broken images).
Message-ID: <XF...@unix-ag.org>
Status: Lars' patch was vetoed. Roy and Dean think that it is
probably another buffer magic number error and should be
tested to find out and, if so, fixed like it was in core.
Dirkx: cannot reproduce this at all.
* ap_escape_html() always duplicates the string, even when there is
no change and the caller would be happy to use the original.
What is needed is a separate interface for "don't need a dup"
situations, like just about everywhere we use it in bvputs and
bputs calls.
dirkx: -1 (as some of the modules from modules.apache.org seem
(rightly?) to assume that they can modify the returned escaped
string whilst relying on the passed string not to be damaged.
Martin: +1 (a "separate interface" is like in the case of
ap_table_setn() complementing ap_table_set(). It would not
interfere with any existing code).
* Should we disallow requests with bogus characters in the method?
See <Pi...@twinlark.arctic.org>
Open issues:
* Should we provide a way to force CustomError responses past IE's
'prettify-if-less-than-N-bytes' bogosity?
* there are still some PRs about inetd mode
Should we deprecate "ServerType inetd" if the next release is 1.4.0?
+1: Lars
-0: Martin (ISTR someone volunteered to "keep it working". I fear
some exotic platforms may require it)
* general/3787: SERVER_PORT is always 80 if client comes to any port
=> needs review by the protocol guys, I think.
* Paul would like to see a 'gdbm' option because he uses
it a lot.
-0: Greg (volunteers; will add to 2.0 series rather than 1.3)
+1: Martin
* Many people have asked for a DBM to be distributed with Apache to
isolate it from platform inconsistencies. SDBM (used by mod_ssl,
mod_dav, Perl, and others) should fit the bill and is public domain.
-0: Greg (volunteers; will add to 2.0 series rather than 1.3)
+1: Martin
* Maybe a http_paths.h file? See
<Pi...@valis.worldgate.com>
+1: Brian, Paul, Ralf, Martin, Dirkx
+0: Jim (not for 1.3.0)
* Release builds: Should we provide Configuration or not?
Should we 'make all suexec' in src/support?
+1: Brian, Jim, Dirkx, Ken +1 (possible suexec path issue, though)
* root's environment is inherited by the Apache server. Jim & Ken
think we should recommend using 'env' to build the
appropriate environment. Marc and Alexei don't see any
big deal. Martin says that not every "env" has a -u flag.
* Marc's socket options like source routing (kill them?)
Marc, Martin say Yes
* Ken's PR#1053: an error when accessing a negotiated document
explicitly names the variant selected. Should it do so, or should
the original URI be referenced?
Martin: keep as is (helps identifying errors. IMO no privacy issue.)
* Proposed API Changes:
- r->content_language is for backwards compatibility... with modules
that may not link any longer without some minor editing. The new
field is r->content_languages. Heck it's not even mentioned in
apache-devsite/mmn.txt when we got content_languages (note the s!).
The proposal is to remove r->content_language:
Status: Paul +1, Ralf +1, Ken +1, Martin +1, Dirkx +1 (I could
not find ANY module which uses it and which (still) compiles
after the config change.)
- child_exit() is redundant, it can be implemented via cleanups. It is
not "symmetric" in the sense that there is no exit API method to go
along with the init() API method. There is no need for an exit
method, there are already modules using cleanups to perform this (see
mod_mmap_static, and mod_php3 for example). The proposal is to
remove the child_exit() method and document cleanups as the method of
handling this need.
Status: Rasmus +1, Paul +1, Jim +1,
Martin +1, Ralf +1, Ken +1,
Dirkx +1 (with doc change)
* Should we re-enable nagle now that we're non-buffering CGIs? See
various messages from Marc in March 98.
* TZ should not be dealt with specially any longer now that we have
"PassEnv". See
<Pi...@twinlark.arctic.org>
Jim: IMO it's too late in the game for this... I'm
sure this would cause some strange bug reports as
people's cgi-scripts no longer work correctly
("It worked just fine before I upgraded to 1.3.0")
unless we warn people in big nasty letters to add
PassEnv TZ to their config files "just in case"
and hope they do it :)
Dirkx: Is not this the same issue about maintaining your 'env' ?
* In ap_bclose() there's no test that (fb->fd != -1) -- so it's
possible that it'll do something completely bogus when it's
used for read-only things. - Dean Gaudet
* Roy's HTTP/1.1 Wishlist items:
1) byte range error handling
* use of spawnvp in uncompress_child in mod_mime_magic - doesn't
use the new child_info structure, is this still safe? Needs to be
looked at.
* suexec doesn't understand argv parameters; e.g.
<!--#exec cmd="./ls -l" -->
fails even when "ls" is in the same directory because suexec is trying
to stat a file called "ls -l". A patch for this is available at
http://www.xnet.com/~emarshal/suexec.diff
and it's not bad except that it doesn't handle programs with spaces in
the filename (think win32, or samba-mounted filesystems). There are
several PR's to this and I don't see for security reasons why we can't
accomodate it, though it does add complexity to suexec.c.
Accepting quoted executable names solves that issue.
PR #1120
Brian: +1
Win32 specific issues:
Important
* fix O(n^2) attack in mod_isapi.c ... i.e. recopy the code from
scan_script_headers_err_core.
In progress:
* Ben's ASP work... All agree it sounds cool.
* DDA's adding a tray application to the Windoze version for ease of
status/management. (PR3594, PR4873)
<01...@caravan.individual.com>
<01...@caravan.individual.com>
Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
we get a single executable)
Paul: No like Win95 specific stuff
Ken: What's W95-specific about it?
Help:
* There are several PRs reporting Apache looping and they each seem to
implicate CGI script processing. The first PR happened about the time
we migrated to using native Win32 function calls to create the child
process. I have tried to recreate the problem w/o success. It just now
occurs to me that there may be a race condition between when the new
process comes alive and the parent sending data to (or attempting to
read data from) the child process. CreateProcess() returns immediately,
before the new process is created. The parent may be attempting I/O
with the child before it's ready. TODO: investigate ways to cause the
parent to wait for the child process to become fully active before
proceeding with CGI I/O processing.
* should trap ^C when running not-as-service and do proper shutdown
* proxy module doesn't load on Win95. Why? Good question. PR#1462.
David Whitmarsh <da...@dial.pipex.com> says it's because
you can't dynamically load a DLL that uses declspec(thread). He
supplied a patch.
MID: <36...@smtp.dial.pipex.com>
* Proxy cache garbage collection doesn't work. PR#1891
* chdir() for CGI scripts and mod_include #exec needs to be
re-implemented now that CreateProcess is being used.
* process/thread model
- need dynamic thread creation/destruction, similar to
Unix process model
- can't use WaitForMultipleObjects in the same way we
do now, since that has a limit of 64(!) objects. Grr.
PR#1665
* some errors printed by CGIs to stderr don't end up making it
to the server log unless an extra debugging message is added
after they run? (PR#1725 indicates this may not be just Win32)
* handle bugs that make it pop up errors on console, ie. segv
equiv? Can we do this? Need to make it robust.
* install
- make installshield work
- config in cvs tree?
- install docs, etc.?
- location for install
* the mutex should be critical-regions, since the current design
is creating a mess of SO calls that are unnecessary
* we don't mmap on NT. Use TransmitFile?
* CGIs
- docs on how they work w/scripts
- WTF is the buffering coming from?
- we don't have a way to make non-blocking files on NT!
* performance
* documentation:
- running the server without admin
- how CGIs work
- update README.NT
- short/long name handling
- better status page on current state of NT for users
* http_main.c hell
- split into two files?
* who should run the service? Who exactly is the "system account"?
docs say:
Localsystem is a very privileged account locally, so you shouldn't run
any shareware applications there. However, it has no network privileges
and cannot leave the machine via any NT-secured mechanism, including
file system, named pipes, DCOM, or secure RPC.
and:
A service that runs in the context of the LocalSystem account
inherits the security context of the SCM. It is not associated with
any logged-on user account and does not have credentials (domain
name, user name, and password) to be used for verification. This
has several implications: [... removed ...]
That _really_ sucks. Can we recommend running Apache as some
other user?
* modules that need to be made to work on win32
- mod_example isn't multithreadreded
- mod_unique_id (needs mt changes)
- mod_auth_db.c (do we want to even try this? We should have some
db of some sort... what else can we pick from under win32?)
- mod_auth_dbm.c
- mod_log_agent.c
- mod_log_referer.c
- mod_mime_magic.c (needs access to mod_mime API stage...)
* do something to disable bogus warnings
* rfc1413.c has static storage which won't work multithreaded
* mod_include --> exec cgi, exec cmd, etc. don't work right.
Looks like a code path that isn't run anywhere else that has
something not quite right... A PR or two on it.
* signal type handling
- how to rotate logs from command line?
(Point people to Andrew Ford's cronolog because it's "better"
than ours?)
* Currently if you double click on the conf files or the
log files you get a useless dialog offering the set of all
executables, usually after a very long pause. Ought
to stuff .conf in the registry mapping it to text.
* apparently either "BrowserMatch" or the "nokeepalive" variable
cause instability - see PR#1729.
Binaries (1.3.12):
Platform Avail. Volunteer
------------------------------------------------------------------------------
alpha-dec-osf3.0 no Sameer Parekh
alpha-dec-osf4.0 no Lars Eilebrecht, Ken Coar, Randy Terbush
alpha-whatever-linux2 no Randy Terbush
armv4l-whatever-linux2 no Rasmus Lerdorf
hppa1.1-hp-hpux-10.x no Rob Hartill, Randy Terbush
i386-slackware-linux(a.out) no Sameer Parekh
i386-sun-solaris2.5 no Sameer Parekh
i386-sun-solaris2.6 no Randy Terbush
i386-sun-solaris2.7 no Cliff Skolnick
i386-unixware-svr4 no Sameer Parekh, Randy Terbush
i386-unknown-freebsd2.1 no Andrew Wilson, Brian Tao
i386-unknown-freebsd2.2.8 no Jim Jagielski
i386-whatever-freebsd3.0 no Ken Coar
i386-whatever-freebsd3.0 no Dirk-Willem van Gulik
i686-pc-freebsd3.1 no Ralf S. Engelschall
i586-unknown-linux2 no Ralf S. Engelschall, Lars Eilebrecht, Randy Terbush
i686-unknown-linux2 no Lars Eilebrecht
i686-whatever-linux2 no Ken Coar, Randy Terbush
i386-unknown-linux(ELF) no Aram Mirzadeh, Michael Douglass
i386-unknown-netBSD-1.3.2 no Lars Eilebrecht, Randy Terbush
i386-unknown-sco3 no Ben Laurie
i386-unknown-sco5 no Ben Laurie
i386-siemens-sinix5.4 yes Martin Kraemer
i386-dg-dgux5.4R2.01 no Randy Terbush
x86-qnx-4.x no Randy Terbush
x86-bsdos-3.x no Randy Terbush
x86-bsdos-4.x no Randy Terbush
x86-openbsd-2.x no Randy Terbush
m68k-apple-aux3.1.1 no Jim Jagielski
m88k-dg-dgux5.4R2.01 no Sameer parekh
m88k-next-next no Rob Hartill
mips-dec-ultrix4.4 no Sameer Parekh
mips-unknown-linux no Lars Eilebrecht
mips-sgi-irix5.3 no Mark Imbrianco, Randy Terbush
mips-sgi-irix6.2 no Lars Eilebrecht, Randy Terbush
mips-sgi-irix6.4 no Lars Eilebrecht
mips-siemens-reliantunix5.4 yes Martin Kraemer
OS/2 yes Brian Havard
powerpc-apple-rhapsody5.6 yes Wilfredo Sanchez
rs6000-ibm-aix3.2.5 no Sameer Parekh
rs6000-ibm-aix4.1 no Lars Eilebrecht
rs6000-ibm-aix4.2 yes Bill Stoddard
rs6000-ibm-aix4.3.x no Bill Stoddard, Randy Terbush
sparc-sun-solaris2.5 no Lars Eilebrecht, Randy Terbush
sparc-sun-solaris2.6 no Lars Eilebrecht
sparc-sun-solaris2.7 no Cliff Skolnick
sparc-sun-sunos4.1.3_U1 no Sameer Parekh
sparc-unknown-linux no Lars Eilebrecht, Randy Terbush