You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 1998/02/19 05:45:25 UTC
[STATUS] (apache-1.3) Wed Feb 18 23:45:23 EST 1998
Apache 1.3 STATUS:
Release:
2.0 : In pre-alpha development
see: <http://www.arctic.org/~dgaudet/apache/2.0/process-model>
1.3b6: in development
1.3b5: Tagged APACHE_1_3b5. Randy will do announcement
1.3b4: Internal version... not tagged or released.
1.3b3: Released and announced
1.3b1: There is no 1.3b1
Current Modes:
o Commit-Then-Review (see <http://dev.apache.org/guidelines.html#ctr>
Plan:
Showstoppers:
Committed Code Changes:
(Do we really have to keep this up to date?? It's the same as what's
in src/CHANGES -djg)
Available Patches:
* M.D.Parker's [PATCH] mod_status/1448: Status Information have version
<Pi...@twinlark.arctic.org>
Status: Dean +1, Martin +0 (duplicates /server-info?server),
Alexei -1 (shared lib concerns)
* Ralf's [PATCH] New RewriteMap types for mod_rewrite
<19...@en1.engelschall.com>
Status: Ralf +1
* Ralf's [PATCH] Apache as a Reverse Proxy
<19...@en1.engelschall.com>
Status: Ralf +1, Martin +1
Concepts:
* Dean's [PRE-PATCH] expanding ap_snprintf()
<Pi...@twinlark.arctic.org>
Status: Dean +1, Ben +1, Jim 0, Martin 0, Brian +1(?), Ken +1
See <Pi...@twinlark.arctic.org>
for a more up-to-date idea (int vformatter) that has a
vote of +1 from Dean, Ben, Martin, Paul, Jim, and Ken for concept
In progress:
* Martin Kraemer's [PATCH] Parsing URI into its components
This has "evolved" into a new module: util_uri. Martin
will post when it's at a state where he's happy with it.
Ken would like to see it in libap instead of libmain.
* Dean's [PATCH] yet another slow function
<Pi...@twinlark.arctic.org>
Status: Dean +1, Jim +1, Martin +1, Paul +1
Needs to be redone so that it better supports non-ascii hosts.
* Ken's IndexFormat enhancement to mod_autoindex to allow
CustomLog-like tailoring of directory listing formats
Needs patch:
* Dean's "locale" project
See <Pi...@twinlark.arctic.org>
* os_ abstract is_only_below() in mod_include.c
* proxy security fixes from 1.2.5 need to be brought forward
* DoS created by the lame hostname lookup code in check_fulluri, which
should be part of the proxy and not in the core
* Documentation for:
1) htdocs/manual/sourcereorg.html and other files should mention
new mod_so capabilities.
2) windows.html should be cleaned up.
Closed issues:
* Removal of inetd mode
Ken says he'll try to maintain it, since there are
people/places who need it
* The decision has been made to experiment with allowing code
changes to be committed without prior review.
* Guidelines for commit-then-review are documented at
<http://dev.apache.org/guidelines.html#ctr>
* The "apache" CVS module has been renamed to "apache-1.2" and the
"apachen" module to "apache-1.3". "apache-1.3" has been copied
to "apache-2.0", but whether that's appropriate or not is
under discussion. A couple of people want that module to
start empty rather than full of 1.3's stuff.
Open issues:
* Provide consistant prefixes; suggestions:
Apache provided general functions (e.g., ap_cpystrn)
ap_xxx: Ken +1, Brian +1, Ralf +1, Martin +1
Public API functions (e.g., palloc)
apapi_xxx: Ken +1, Brian +1, Ralf +1, Martin +1
appublic_xxx:
appub_xxx:
Private functions which we can't make static
but should be (e.g., new_connection)
apprivate_xxx:
appri_xxx: Brian +1
httpd_xxx: Ken +1
apint_xxx: Ralf +1 (int = internal)
* Ken's [POLL] apachen/patches directory
Shall we experiment with allowing patches to be distributed for
voting through cvs, by creating a directory under the source tree
and putting them there? Please vote.
<34...@Golux.Com>
Status: Ken +1, Randy 0, Dean 0, Jim +1, Paul 0, Martin +1, Ralf 0
* Paul would like to see a 'gdbm' option because he uses
it a lot. Dean notes that 'gdbm' include 'db' support
so we need to watch the library ordering.
Dean notes: Check rev 1.72 -> rev 1.73 of
src/Configuration.tmpl. I re-ordered mod_auth_dbm and
mod_auth_db at this time, and I'm pretty sure it was to
deal with this issue. But I think I still ran into
troubles if I automatically looked for gdbm.
* What do we call the binary: apache or httpd? Under UNIX
it's httpd, under Win32 it's apache. Maybe rename it
to apache-httpd?
apache-httpd: Ken +1
leave it apache: Brian +1, Ralf +1
* Maybe a http_paths.h file? See
<Pi...@valis.worldgate.com>
Dean +1, Brian +1
* Release builds: Should we provide Configuration or not?
Should we 'make all suexec' in src/support?
Ken +1 (possible suexec path issue, though)
Brian +1
* root's environment is inherited by the Apache server. Jim, Ken &
Dean thinks we should recommend using 'env' to build the
appropriate environment. Marc and Alexei don't see any
big deal. Martin says that not every "env" has a -u flag.
* Ken suggests that new check_cmd_context() and related defines
should be non-static and in util_* so modules can use 'em. (He
didn't notice this flaw during the review.)
* 206 vs. 200 issue on Content-Length
See <Pi...@valis.worldgate.com>
Roy says current behavior is correct, but Alexei disagrees.
Marc sides with Alexei.
* Marc's socket options like source routing (kill them?)
Marc, Dean, Martin say Yes
* Marc's [BUG] include virtual and SCRIPT_NAME w/path_info
<Pi...@alive.znep.com>
* Ken's PR#1053: an error when accessing a negotiated document
explicitly names the variant selected. Should it do so, or should
the base input name be referenced?
Win32 specific issues:
Open issues:
* Should ApacheCore.dll be merged back into the main server
image? May make debugging easier..
In progress:
* Ben's ASP work... All agree it sounds cool.
* DDA's adding a tray application to the Windoze version for ease of
status/management.
<01...@caravan.individual.com>
<01...@caravan.individual.com>
Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
we get a single executable)
Paul: No like Win95 specific stuff
Ken: What's W95-specific about it?
Help:
* process/thread model
- need dynamic thread creation/destruction, similar to
Unix process model
- can't use WaitForMultipleObjects in the same way we
do now, since that has a limit of 64(!) objects. Grr.
PR#1665
* some errors printed by CGIs to stderr don't end up making it
to the server log unless an extra debugging message is added
after they run? (PR#1725 indicates this may not be just Win32)
* bad use of chdir in some places; it isn't thread-specific
* handle bugs that make it pop up errors on console, ie. segv
equiv? Can we do this? Need to make it robust.
* install
- make installshield work
- config in cvs tree?
- install docs, etc.?
- location for install
* signal type handling
- how to rotate logs from command line?
* the mutex should be critical-regions, since the current design
is creating a mess of SO calls that are unnecessary
* we don't mmap on NT. Use TransmitFile?
* CGIs
- hangs on multiple CGI execution? PR#1607,1129
Marc can't repeat...
- docs on how they work w/scripts
- use registry to find interpreter?
- WTF is the buffering coming from?
- we don't have a way to make non-blocking files on NT!
* performance
* documentation:
- running the server without admin
- how CGIs work
- update README.NT
- short/long name handling
- better status page on current state of NT for users
* http_main.c hell
- split into two files?
* who should run the service? Who exactly is the "system account"?
docs say:
Localsystem is a very privileged account locally, so you shouldn't run
any shareware applications there. However, it has no network privileges
and cannot leave the machine via any NT-secured mechanism, including
file system, named pipes, DCOM, or secure RPC.
and:
A service that runs in the context of the LocalSystem account
inherits the security context of the SCM. It is not associated with
any logged-on user account and does not have credentials (domain
name, user name, and password) to be used for verification. This
has several implications: [... removed ...]
That _really_ sucks. Can we recommend running Apache as some
other user?
* need a crypt() of some sort.
- sources are easy; problem is export restrictions on DES
- if we don't do DES, can do md5
* modules that need to be made to work on win32
- mod_example isn't multithreadreded
- mod_unique_id (needs mt changes)
- mod_auth_db.c (do we want to even try this? We should have some
db of some sort... what else can we pick from under win32?)
- mod_auth_dbm.c
- mod_info.c (PR re exporting symbols for it...)
- mod_log_agent.c
- mod_log_referer.c
- mod_mime_magic.c (needs access to mod_mime API stage...)
* do something to disable bogus warnings
WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
* SECURITY: PR#1203 still needs to be dealt with for WIN32
* SECURITY: check if the magic con/aux/nul/etc names do anything
really bad
* SECURITY: numerous uses of strcpy and strcat have potential
for buffer overflow, someone should rewrite or verify
they're safe