You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 1997/05/27 03:06:54 UTC
[STATUS] Mon May 26 21:01:36 EDT 1997
1.2b11 status as of Mon May 26 21:01:36 EDT 1997
* Code changes committed since 1.2b10:
* ErrorDocument CGI responding to error from another CGI fixed
* PR#512: signal redefinition problem on QNX
* CGIWrap Problems (restore old PATH_INFO definition)
* I hate messed up initializers (in USE_FCNTL_SERIALIZED_ACCEPT)
* PR#501: escape html in server-status
* PR#506: no DefaultType means no Content-Type
* error responses have wrong headers (part 1)
* Clarified comment about USERDIR_SUFFIX in suexec.h
* HP-UX/cc compiler fix (minus oops)
* internal redirect must inherit the_request
* added comments and check the_request in original_uri()
* Allow consistant use of whitespace in Configuration
* PR#502: timeout problems (second try)
* mod_dir HTTP_NOT_ACCEPTABLE fixup
* error responses have wrong headers (part 2)
* mod_dir/576: Port 0 being added in directory redirects
* placement of $(REGLIB) after $(LIBS) in Makefile.tmpl
The Plan
========
* Start final plans for 1.2 release. Randy said he's do the tarballs.
Someone should commit the below patch(es) asap. Also, are the
current "showstoppers" really showstoppers????
Agenda for 1.2b11-dev
====================
Patches available:
* RobH's [PATCH]: request for harmless mod_include.c patch (try 2)
<Pi...@localhost.imdb.com>
Status: +1 RobH
+0 Roy [I've never seen a harmless part of mod_include]
(It should also be USE_PERL_SSI, not USE_PERL)
* Ed Korthof's [PATCH]: Virtual Hosts on different ports
Status: +1 Chuck, Jim, Randy
-- Someone needs to commit this --
* Roy [PATCH] SEGV and missing Location
Status: Roy, Jim +1
No patches yet, showstoppers:
* SIGTERM problem under OS/2
Status: Garey will submit patch
Question: Hold up 1.2 release for this? If so, wait how long?
***** ANSWER: We will not hold-up 1.2 for this *****
* PR#502: timeout still a problem with IdentityCheck On.
Roy thinks it may be a problem with how longjmp and signal are
used in rfc1413.c (try replacing
static jmp_buf timebuf;
with
JMP_BUF timebuf;
and replacing the longjmp/setjmp calls with the definitions
used within http_main.c
Documentation Changes that should make 1.2:
* some better suexec docs would be really nice, detailing some of the
security risks and compromises discussed
Status: I think Randy said something about doing it at one point.
Randy says he thinks Jason is perhaps doing them.
[And Roy says: either somebody needs to document how it
works (I don't know), or I'll go through and remove the
documentation about how "good" it is to use it.]
New Status: not really worth holding 1.2 on
* Document problems with mismatch on FD_SETSIZE=1024?
* Deal with Martin Kraemer's documentation notes:
<19...@deejai.mch.sni.de>
<19...@deejai.mch.sni.de>
Post 1.2:
* Workout path/goals for 2.0. Release 1.2.1 asap with below
fixes and improvements?
* PR#543: /cgi-bin/foo/bar%2fbaz
unescape_url in util.c is forbidding %2f in PATH_INFO.
The problem is that we use the %2f check to avoid security problems
with stupid scripts. Roy thinks the best solution would be to
decode all %2f's before doing any processing on the path, and thus
reduce %2f... to /.. before doing the path checks. This makes it
impossible to have a filename containing slash, but no big deal.
* Marc's [PATCH] PR#566: mod_status dumps core in inetd mode
<Pi...@alive.znep.com>
<97...@paris.ics.uci.edu>
Status: +1 Marc (post-1.2), Roy (with minor change), Dean
* Dean's solaris 256 FILE * problem
<Pi...@twinlark.arctic.org>
Status: Dean seeing if it works for user, maybe add to FAQ
* Various minor tweaks to port to different platforms:
PR#383, PR#388, PR#399, PR#333, PR#327, PR#445, PR#511
* Fix mod_negotiation to follow latest TCN draft
Petr Lampa wants to work on this.
* Doug MacEachern's [PATCH] merge dbm auth configs
Status: The question is, should we be merging auth configs?
Ken says not by default and not unless it's configurable.
* redo lingering_close to check for old sockets to close out before
accept() in child.
Status: doesn't look to be overly clean to do in the current
framework. Will not have time to do implementation for this
beta in any case. If it turns out to be a big issue,
could go in later. (1.2.1?)
* Marc wants to have a check to be sure
log directory(ies) isn't writable by anyone except the user starting
the server. The posting in bugtraq only highlites the problem.
Needs override. See NCSA code for sample implem.
Status: Marc busy writing
* error compiling on NeXT:
In file included from http_main.c:108:
/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'
Status: got a login in a NeXT OpenStep 4.x machine to test,
looks like an interaction between gcc and the header
files. It is trying to include definitions for both big and
little endian platforms, and that no work.
* Type map can't find appropriate document for language on Solaris
2.x. (I can't gistify this one; full details in message ID
<Pi...@localhost.imdb.com>.)
Reporter has provided tar.gz file of config info.
(no PR#, 1.2b7, 24/2/1997, <ej...@cise.ufl.edu>)
Status: Dean might have fixed this one (the table overlay bug)
[Dean has mailed the submitter to ask them to test 1.2b8 or b9]
* SONY NEWS port. See both:
<Pi...@taz.hyperreal.com>
<Pi...@taz.hyperreal.com>
Jim working on a patch, but not until after 1.2 release
* Jim has patch for time taken to handle a request in status module
* status report shows PIDs in empty slots, user supplied some sort
of patch; behavior now is correct, but perhaps some cleanup of
how the results are displayed could be done after 1.2...
<Pi...@localhost.imdb.com>
Should be added to the bugdb:
* "Large groups cause authentication errors" on FreeBSD
[salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
in groups_for_user.
Contrib stuff / future:
* Start digital signing the distributions.
* Chris Adams <ca...@ro.com> patch to mod_log_config to add %m and %c.
* mod_log_config patch for conditional logging
Status: contrib, not in server
* Ed has an updated patch for limiting connections per IP
* mod_include could use boyer-moore searching for <!--# and/or it could
mmap the file.
* add some setlocale stuff?
* status module available from .htaccess files; Ken posted patch
* Rob's "DONE" status response check for die()
<Pi...@localhost.imdb.com>
Roy says it's a feature... Dean agrees, thinks we should slate
something for 2.0 that can handle this cleanly.
* tem@global2000.net provided a patch for mod_imap to make it more
friendly with MS FrontPage map files. Available in
<Pi...@twinlark.arctic.org>
* Dean's gif89 and expires hack
<Pi...@twinlark.arctic.org>
* mod_userdir needs a DisallowUserDir directive, a la ftp.deny, to
restrict user names that can be accessed. Ken says maybe
"UserDir disabled [user [...]]".
* get_local_host and NIS patch fo SunOS 4
<Pi...@localhost>
* internationalized documentation
* pagecounter extension to mod_include
<Pi...@taz.hyperreal.com>
* mod_expires improvements from "Miguel A.L. Paraz" <ma...@iphil.net>
at <http://www.iphil.net/~map/apache/>
* add is_initial_req() function
* mod_dir: send HEIGHT/WIDTH tags to improve performance for user see
PR#393 for a patch that provides this
* A CIDRized access list patch such as the one supplied in
<Pi...@taz.hyperreal.com>
* PR#344: 64-bit cleanups
--
====================================================================
Jim Jagielski | jaguNET Access Services
jim@jaguNET.com | http://www.jaguNET.com/
"Not the Craw... the CRAW!"
Re: [STATUS] Mon May 26 21:01:36 EDT 1997
Posted by Rob Hartill <ro...@imdb.com>.
On Mon, 26 May 1997, Ed Korthof wrote:
> > * RobH's [PATCH]: request for harmless mod_include.c patch (try 2)
> > <Pi...@localhost.imdb.com>
> > Status: +1 RobH
> > +0 Roy [I've never seen a harmless part of mod_include]
> > (It should also be USE_PERL_SSI, not USE_PERL)
>
> If you still want this in, Rob, could you resend it? I accidentally
> deleted it; I'd be willing to take a look at it & test it out, though.
Here it is (attached). Doug, note the 'USE_PERL_SSI' as recommended by Roy.
Ed, you'll need the latest mod_perl and something like:
EXTRA_CFLAGS= -I./ -I/usr/local/lib/perl5/i386-freebsd/5.003/CORE -DUSE_PERL_SSI
replace 'i386-freebsd' to match your system.
The latest mod_perl is at:
http://www.osf.org/~dougm/apache/src/dev/
if that dir is empty, try the next level up.
I'm using this patch on my live servers so it's had a damn good testing.
It's far more efficient than 'virtual include' because the perl is called
directly and immediately without the need for subrequests.
BTW, Doug's added mod_perl processing of config files too. You should
see the tricks you can do with Perl code in srm.conf ! :-)
--
Rob Hartill Internet Movie Database (Ltd)
http://www.moviedatabase.com/ .. a site for sore eyes.
===========================================================================
Index: mod_include.c
===================================================================
RCS file: /imdb/cvs/apache/src/mod_include.c,v
retrieving revision 1.10
diff -u -r1.10 mod_include.c
--- mod_include.c 1997/05/11 20:40:26 1.10
+++ mod_include.c 1997/05/27 15:06:14
@@ -57,7 +57,22 @@
* incorporated into the Apache module framework by rst.
*
*/
+/*
+ * sub key may be anything a Perl*Handler can be:
+ * subroutine name, package name (defaults to package::handler),
+ * Class->method call or anoymous sub {}
+ *
+ * Child <!--#perl sub="sub {print $$}" --> accessed
+ * <!--#perl sub="sub {print ++$Access::Cnt }" --> times. <br>
+ *
+ * <!--#perl arg="one" sub="mymod::includer" -->
+ *
+ * -Doug MacEachern
+ */
+#ifdef USE_PERL_SSI
+#include "modules/perl/mod_perl.h"
+#else
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
@@ -66,6 +81,7 @@
#include "http_log.h"
#include "http_main.h"
#include "util_script.h"
+#endif
#define STARTING_SEQUENCE "<!--#"
#define ENDING_SEQUENCE "-->"
@@ -710,6 +726,32 @@
}
}
}
+#ifdef USE_PERL_SSI
+int handle_perl (FILE *in, request_rec *r, char *error) {
+ char tag[MAX_STRING_LEN];
+ char *tag_val;
+ SV *sub = Nullsv;
+ AV *av = newAV();
+
+ if (!(allow_options (r) & OPT_INCLUDES)) {
+ log_printf(r->server,
+ "httpd: #perl SSI disallowed by IncludesNoExec in %s", r->filename);
+ return DECLINED;
+ }
+ while(1) {
+ if(!(tag_val = get_tag (r->pool, in, tag, MAX_STRING_LEN, 1)))
+ break;
+ if(strnEQ(tag, "sub", 3))
+ sub = newSVpv(tag_val,0);
+ else if(strnEQ(tag, "arg", 3))
+ av_push(av, newSVpv(tag_val,0));
+ else if(strnEQ(tag,"done", 4))
+ break;
+ }
+ perl_call_handler(sub, r, av);
+ return OK;
+}
+#endif
/* error and tf must point to a string with room for at
* least MAX_STRING_LEN characters
@@ -1674,6 +1716,10 @@
ret=handle_flastmod(f, r, error, timefmt);
else if(!strcmp(directive,"printenv"))
ret=handle_printenv(f, r, error);
+#ifdef USE_PERL_SSI
+ else if(!strcmp(directive,"perl"))
+ ret=handle_perl(f, r, error);
+#endif
else {
log_printf(r->server,
"httpd: unknown directive %s in parsed doc %s",
Re: [STATUS] Mon May 26 21:01:36 EDT 1997
Posted by Ed Korthof <ed...@organic.com>.
On Mon, 26 May 1997, Jim Jagielski wrote:
> 1.2b11 status as of Mon May 26 21:01:36 EDT 1997
>
> Agenda for 1.2b11-dev
> ====================
>
> Patches available:
Two patches are missing. Paul Sutton submitted a patch to fix up another
problem (multiple v-hosts are not accessible over a single connection) --
PR 610. I gave that +1 -- I think we should do this before 1.2.
I submitted a patch to log a 408 error responses if a connection times
out. I've tested this and am confident it's not going to cause problems,
but this doesn't seem critical (though it'd be nice to be log the correct
code).
> * RobH's [PATCH]: request for harmless mod_include.c patch (try 2)
> <Pi...@localhost.imdb.com>
> Status: +1 RobH
> +0 Roy [I've never seen a harmless part of mod_include]
> (It should also be USE_PERL_SSI, not USE_PERL)
If you still want this in, Rob, could you resend it? I accidentally
deleted it; I'd be willing to take a look at it & test it out, though.
> No patches yet, showstoppers:
>
> * SIGTERM problem under OS/2
> Status: Garey will submit patch
> Question: Hold up 1.2 release for this? If so, wait how long?
> ***** ANSWER: We will not hold-up 1.2 for this *****
We can remove this from the showstoppers then, no? I don't think this
should hold us up either -- it should be in the bugs below, and
documented.
> * PR#502: timeout still a problem with IdentityCheck On.
> Roy thinks it may be a problem with how longjmp and signal are
> used in rfc1413.c (try replacing
> static jmp_buf timebuf;
> with
> JMP_BUF timebuf;
> and replacing the longjmp/setjmp calls with the definitions
> used within http_main.c
I'll take a shot at this tomorrow, and see if I can reproduce the problem,
but I'm not sure if this should be considered a show stopper.
> Post 1.2:
>
> * Workout path/goals for 2.0. Release 1.2.1 asap with below
> fixes and improvements?
+1 on this.
-- Ed Korthof | Web Server Engineer --
-- ed@organic.com | Organic Online, Inc --
-- (415) 278-5676 | Fax: (415) 284-6891 --