You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@kiwi.ICS.UCI.EDU> on 1997/01/28 03:59:29 UTC
Agenda for 1.2b7
1.2b7 status as of 7:00pm PST, Monday:
* Committed since 12:20pm Sunday:
* Correct a critical typo (csd > 0) and ready to roll 1.2b6
* A/UX needs sys/time.h for btestread
* allow whitespace after comma in mod_imap, see PR#106
* Get CHANGES file in sync with reality.
* fix mod_info output corruption due to buff changes
* new 1.2b6 tarball created
* Current server version updated to 1.2b7-dev
* Released 1.2b6 to public. Yeeha!
* Some mirrors are out-of-date, Brian will investigate
* This is the last status message that I will produce, at least until
I can figure out how to do it automatically. I need to work on my
other projects for a bit, so somebody else needs to be release manager
for 1.2b7. Volunteers?
Agenda for 1.2b7-dev
====================
Patches ready for testing, voting:
* None
Should be done before 1.2b7:
* Improvements in chunked performance by reducing buffer count sent
Status: Dean is working on it
* Marc says Apache won't compile with HAVE_SNPRINTF defined as things
are now because not everything includes conf.h.
Status: Fix it when we have a platform which has snprintf.
* warnings in regex
Status: Roy would like to see this fixed since it makes Apache
a mess on Solaris when using -Wall.
* warning on SunOS4, http_log.c:164, pointer from int without cast
Status: Marc analyzed
* core dump if an error in .htaccess & subrequest
Status: no patch yet
Info: <la...@fee.vutbr.cz> reports that if sub_req_lookup_uri() is
called, then per_dir_config in subrequest is not initialized
until directory_walk is done. If any error is encountered during
this time, log_reason() will core dump, since it calls
get_remote_host() with r->per_dir_config.
Solution: Initialize per_dir_config in set_sub_req_protocol()
(see initialization of regular request in read_request()!).
* Solaris 2.6 apparently has a getwd() or getcwd() prototype, see PR#89
Status: easy to fix, but will require testing by 2.6beta person
* suexec setuid() before directory checks for nfs mounted filesystems, PR#70
Status: no patch yet, Randy said postpone til 1.2b7-dev
* suexec does not pass "foobar" as argv[1] when URL is /cgi/somecgi?foobar
Status: Jason reported
* new header_parse API hook is called too often
Status: RobH posted patch, had second thoughts. He
suggests that mod_browser be optimised by detecting if it has been
called already and returning early if it has.
* lingering_close generates the following error message
shutdown: Transport endpoint is not connected - lingering_close
using 1.2b6 (only a few a day). I think this is what
happens when a client disconnects during transmission, which
is a normal condition for web servers. I suggest not logging
an error if errno == ENOTCONN.
Marc says that this may not be "normal", it may be if the client
sends a RST to terminate the connection (as per recent discussion on
end2end-interest) and it gets here before we get to that point in
lingering_close.
Status: no patch, waiting to see if it it improves debugging.
* accept errors EPROTO and ECONNABORTED should not be logged
Status: no patch, ditto above, but will require ifdefs
* directory redirect returns 302 not 301, see PR 77
Status: easy to fix, but will require testing
* SO_DEBUG in proxy_ftp.c may not be portable, see PR 116, 104
Status: Chuck says it is a leftover, will fix
* bugs in mod_negotiation (serious)
Status: reported by lampa@fee.vutbr.cz on Jan 6 to apache-bugs.
It is a very good, detailed report with patches.
* 3 seconds delay in CGI execution on SunOS 4.x, see PR 122
Status: no patch.
Info: Pages containing script output show up with a delay of 3
seconds (there was no such delay in Apache 1.1.1).
[rindfuss@medea.wz-berlin.de] tracked the problem down to
source file alloc.c, function free_proc_chain. This function
contains a conditional call to sleep(3), which causes the delay.
for (p = procs; p; p = p->next) {
if (p->kill_how == kill_after_timeout) {
/* Subprocess may be dead already. Only need the timeout if not. */
if (kill (p->pid, SIGTERM) != -1)
need_timeout = 1;
} else if (p->kill_how == kill_always) {
kill (p->pid, SIGKILL);
}
}
/* Sleep only if we have to... */
if (need_timeout) sleep (3);
[RobH: So CGI included as SSI hangs around for longer and needs
to be SIGTERM'ed. Why?]
[Roy: note also that a call to sleep will blow-out any other timeout]
* mod_rewrite is incorrectly rewriting things in 1.2b6 from
/cgi-bin/whatever?parms to... /http?parms
Status: Jake Buchholz reported, may have to do with snprintf call.
Planning/design items:
* Should we change the default timeout of 1200?
Re: Agenda for 1.2b7
Posted by Marc Slemko <ma...@znep.com>.
nOn Tue, 28 Jan 1997, Paul Sutton wrote:
> * http_monitor.c doesn't understand the scoreboard fmt
>
> If you use a scoreboard file, httpd_monitor is largely useless
> since it does not understand the current format very well.
> Patch mailed on 9 Jul.
PR#134 is on the same thing.
Re: Agenda for 1.2b7
Posted by Paul Sutton <pa...@ukweb.com>.
I'd just like to suggest three more bugs for the list of things to-do for
b7 which I've reported previously. I've already sent patches for two of
them.
* Satisfy Any can be changed if .htaccess exists
If you give Satisfy Any in access.conf for a particular directory,
and have a .htaccess in that directory, Satisfy mode reverts
to Satisfy All even if the .htaccess has _no_ authentication
directives.
* http_monitor.c doesn't understand the scoreboard fmt
If you use a scoreboard file, httpd_monitor is largely useless
since it does not understand the current format very well.
Patch mailed on 9 Jul.
* Apache doesn't output the full headers on a 2xx or 3xx status
If Apache returns a 2xx or 3xx status it does not output all
the response headers it should do. This patch also updates the
headers it outputs to match HTTP/1.1.
Patch mailed on 3 Nov.
I've also got a new module which could augment or replace the BrowserMatch
directive with a generic directive to set environment variables based on
any request header or other aspects of the request (e.g. remote host). A
first version of this mod_setenvif was sent on 4 Nov. It could implement
BrowserMatch to replace mod_browser. Since env vars are being used to
control Apache functionality (e.g. 'force-response-1.0') it might be worth
allowing a more general way of setting them.
//pcs
Re: Agenda for 1.2b7
Posted by Rasmus Lerdorf <ra...@lerdorf.on.ca>.
On Mon, 27 Jan 1997, Roy T. Fielding wrote:
> * warnings in regex
> Status: Roy would like to see this fixed since it makes Apache
> a mess on Solaris when using -Wall.
One note here. The default for Solaris is WANTHSREGEX=yes
This should probably be changed. As of Solaris 2.5, we can set this to
"no". Solaris 2.4 and earlier needs the HS regex.
-Rasmus
Re: Agenda for 1.2b7
Posted by Marc Slemko <ma...@znep.com>.
1.2b7 status as of 0930 MST:
* Committed since 1.2b6:
* FIN_WAIT_2 page to documentation
* mod_info corruption bug
* Some mirrors are out-of-date, Brian will investigate
Agenda for 1.2b7-dev
====================
Patches ready for testing, voting:
* mod_rewrite sizeof() bug
Status: marc posted patch; no commit without +1s, no +1s
Should be done before 1.2b7:
* mod_log_config patch for conditional logging
Status: contrib, not in server
* user and server get confused over what should be a virtual host
and what is the main server, resulting in access to something
other than the name defined in the virtualhost directive (but
with the same IP address) failing.
Status: should be looked at, may not be a nice way to fix
since it is likely not technically a bug.
* closing connections on 304 responses
Status: Dean posted patch, Alexei +1
* Improvements in chunked performance by reducing buffer count sent
Status: no patch; Dean may do
* conflicting definitions for is_proxy_available
status: marc posted patch, on hold until see about latest
version?
* http_monitor doesn't understand scoreboard format (PR#134)
Status: Paul Sutton posted patch 9 Jul(!); probably needs a
repost and some +1s.
* Satisfy Any can be changed if .htaccess exists
If you give Satisfy Any in access.conf for a particular directory,
and have a .htaccess in that directory, Satisfy mode reverts
to Satisfy All even if the .htaccess has _no_ authentication
directives.
* Apache doesn't output the full headers on a 2xx or 3xx status
If Apache returns a 2xx or 3xx status it does not output all
the response headers it should do. This patch also updates the
headers it outputs to match HTTP/1.1.
Patch mailed on 3 Nov. [Paul Sutton]
Status: Paul reposted patch
* try to integrate Ralf's mod_rewrite source with that in the Apache
tree and upgrade source in apache tree to latest(?)
Status: need to know how much is changed
* error compiling on NeXT:
In file included from http_main.c:108:
/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'
Status: unknown
* suexec sets environ to local variable, possibly to overwrite
memory by too many environ variables
status: Jason looking at it; patch soon, also needs patching
in server
* clients sending extra CRLF after post; buffers not flushed
status: Dean posted "take 2" patch
* infinite loop in mod_imap due to parsing bug
status: Marc found problem, wants input on which way to solve
* _const in mod_rewrite.c
status: removed in latest version from Ralph, upgrade?
* Marc says Apache won't compile with HAVE_SNPRINTF defined as things
are now because not everything includes conf.h.
Status: Fix it when we have a platform which has snprintf.
* warnings in regex
Status: Roy would like to see this fixed since it makes Apache
a mess on Solaris when using -Wall.
* warning on SunOS4, http_log.c:164, pointer from int without cast
Status: Marc analyzed
* core dump if an error in .htaccess & subrequest
Status: no patch yet
Info: <la...@fee.vutbr.cz> reports that if sub_req_lookup_uri() is
called, then per_dir_config in subrequest is not initialized
until directory_walk is done. If any error is encountered during
this time, log_reason() will core dump, since it calls
get_remote_host() with r->per_dir_config.
Solution: Initialize per_dir_config in set_sub_req_protocol()
(see initialization of regular request in read_request()!).
* Solaris 2.6 apparently has a getwd() or getcwd() prototype, see PR#89
Status: easy to fix, but will require testing by 2.6beta person
* suexec setuid() before directory checks for nfs mounted filesystems, PR#70
Status: no patch yet
* MAXPATHLEN undefined in suexec on some systems
Status: randy looking into it(?)
* new header_parse API hook is called too often
Status: RobH posted patch, had second thoughts. He
suggests that mod_browser be optimised by detecting if it has been
called already and returning early if it has.
* lingering_close generates the following error message
shutdown: Transport endpoint is not connected - lingering_close
using 1.2b6 (only a few a day). I think this is what
happens when a client disconnects during transmission, which
is a normal condition for web servers. I suggest not logging
an error if errno == ENOTCONN.
Marc says that this may not be "normal", it may be if the client
sends a RST to terminate the connection (as per recent discussion on
end2end-interest) and it gets here before we get to that point in
lingering_close.
Status: no patch, waiting to see if it it improves debugging.
* accept errors EPROTO and ECONNABORTED should not be logged
Status: no patch, ditto above, but will require ifdefs
* directory redirect returns 302 not 301, see PR 77
Status: easy to fix, but will require testing
* SO_DEBUG in proxy_ftp.c may not be portable, see PR 116, 104
Status: Chuck says it is a leftover, will fix
* bugs in mod_negotiation (serious)
Status: reported by lampa@fee.vutbr.cz on Jan 6 to apache-bugs.
It is a very good, detailed report with patches.
* 3 seconds delay in CGI execution on SunOS 4.x, see PR 122
Status: no patch.
Info: Pages containing script output show up with a delay of 3
seconds (there was no such delay in Apache 1.1.1).
[rindfuss@medea.wz-berlin.de] tracked the problem down to
source file alloc.c, function free_proc_chain. This function
contains a conditional call to sleep(3), which causes the delay.
for (p = procs; p; p = p->next) {
if (p->kill_how == kill_after_timeout) {
/* Subprocess may be dead already. Only need the timeout if not. */
if (kill (p->pid, SIGTERM) != -1)
need_timeout = 1;
} else if (p->kill_how == kill_always) {
kill (p->pid, SIGKILL);
}
}
/* Sleep only if we have to... */
if (need_timeout) sleep (3);
[RobH: So CGI included as SSI hangs around for longer and needs
to be SIGTERM'ed. Why?]
[Roy: note also that a call to sleep will blow-out any other timeout]
Planning/design items:
* Should we change the default timeout of 1200?
* do we want a half-hearted attempt at fixing logfile opening security
holes?
Re: Agenda for 1.2b7
Posted by "Jason A. Dour" <ja...@bcc.louisville.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 29 Jan 1997, Marc Slemko wrote:
> * suexec sets environ to local variable, possibly to overwrite
> memory by too many environ variables
>
> status: Jason looking at it
Fix is simple, I believe, and I will have a patch soon. This will
also need to be patched in the server for safety since we pulled the code
directly from there...
> * suexec setuid() before directory checks for nfs mounted filesystems, PR#70
> Status: no patch yet
This should be done for other reasons aside from NFS. I've
reviewed this a little, and I might have a patch at the same time as the
patch for the environ stuff...
> * suexec does not pass "foobar" as argv[1] when URL is /cgi/somecgi?foobar
> Status: Jason reported
This is fixed. I've verified by fully testing b7 on my dev'able
site. Yay. It can be removed. 8)
Jason
# Jason A. Dour <ja...@bcc.louisville.edu> 1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMu9sbZo1JaC71RLxAQE17gP8C0BipMS0qTRWtsfqwy4Oq0EuF4oB8Xql
Telu1RhptImbum3zFT1HOxrDTGDblcAhxxjChzTu6DbM32PKxcDkgmDeS93ncgxf
icDYzd+a0KVUp+CBcIz+VVwBMNKNcj9936fps7TJSSWwhEa0yaQYLpi+x8W2vm/U
vpwtKoBz7V8=
=hrvA
-----END PGP SIGNATURE-----
Re: Agenda for 1.2b7
Posted by Marc Slemko <ma...@znep.com>.
Well, since Roy doesn't have the time right now, I've made a start.
Potentially incomplete. Corrections welcome.
1.2b7 status as of 0100 MST:
* Committed since 1.2b6:
* FIN_WAIT_2 page to documentation
* mod_info corruption bug
* Some mirrors are out-of-date, Brian will investigate
Agenda for 1.2b7-dev
====================
Patches ready for testing, voting:
* mod_rewrite sizeof() bug
Status: marc posted patch; no commit without +1s, no +1s
Should be done before 1.2b7:
* mod_log_config patch for conditional logging
Status: contrib, not in server
* closing connections on 304 responses
Status: Dean posted patch, Alexei +1
* Improvements in chunked performance by reducing buffer count sent
Status: Dean posted patch take 2
* conflicting definitions for is_proxy_available
status: marc posted patch, on hold until see about latest
version?
* http_monitor doesn't understand scoreboard format (PR#134)
Status: Paul Sutton posted patch 9 Jul(!); probably needs a
repost and some +1s.
* Satisfy Any can be changed if .htaccess exists
If you give Satisfy Any in access.conf for a particular directory,
and have a .htaccess in that directory, Satisfy mode reverts
to Satisfy All even if the .htaccess has _no_ authentication
directives.
* Apache doesn't output the full headers on a 2xx or 3xx status
If Apache returns a 2xx or 3xx status it does not output all
the response headers it should do. This patch also updates the
headers it outputs to match HTTP/1.1.
Patch mailed on 3 Nov. [Paul Sutton]
Status: repost of patch probably a good idea
* try to integrate Ralf's mod_rewrite source with that in the Apache
tree and upgrade source in apache tree to latest(?)
Status: need to know how much is changed
* internal error in mod_cern_meta, mod_index error (jakob@cdg.chalmers.se)
Status: unknown, possibly related to mod_rewrite bug, possibly
other buffer overflow patch bug?
* error compiling on NeXT:
In file included from http_main.c:108:
/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'
Status: unknown
* suexec sets environ to local variable, possibly to overwrite
memory by too many environ variables
status: Jason looking at it
* clients sending extra CRLF after post; buffers not flushed
status: some discussion, resolution unknown??
* infinite loop in mod_imap due to parsing bug
status: Marc found problem, wants input on which way to solve
* _const in mod_rewrite.c
status: removed in latest version from Ralph, upgrade?
* Marc says Apache won't compile with HAVE_SNPRINTF defined as things
are now because not everything includes conf.h.
Status: Fix it when we have a platform which has snprintf.
* warnings in regex
Status: Roy would like to see this fixed since it makes Apache
a mess on Solaris when using -Wall.
* warning on SunOS4, http_log.c:164, pointer from int without cast
Status: Marc analyzed
* core dump if an error in .htaccess & subrequest
Status: no patch yet
Info: <la...@fee.vutbr.cz> reports that if sub_req_lookup_uri() is
called, then per_dir_config in subrequest is not initialized
until directory_walk is done. If any error is encountered during
this time, log_reason() will core dump, since it calls
get_remote_host() with r->per_dir_config.
Solution: Initialize per_dir_config in set_sub_req_protocol()
(see initialization of regular request in read_request()!).
* Solaris 2.6 apparently has a getwd() or getcwd() prototype, see PR#89
Status: easy to fix, but will require testing by 2.6beta person
* suexec setuid() before directory checks for nfs mounted filesystems, PR#70
Status: no patch yet
* MAXPATHLEN undefined in suexec on some systems
Status: randy looking into it(?)
* suexec does not pass "foobar" as argv[1] when URL is /cgi/somecgi?foobar
Status: Jason reported
* new header_parse API hook is called too often
Status: RobH posted patch, had second thoughts. He
suggests that mod_browser be optimised by detecting if it has been
called already and returning early if it has.
* lingering_close generates the following error message
shutdown: Transport endpoint is not connected - lingering_close
using 1.2b6 (only a few a day). I think this is what
happens when a client disconnects during transmission, which
is a normal condition for web servers. I suggest not logging
an error if errno == ENOTCONN.
Marc says that this may not be "normal", it may be if the client
sends a RST to terminate the connection (as per recent discussion on
end2end-interest) and it gets here before we get to that point in
lingering_close.
Status: no patch, waiting to see if it it improves debugging.
* accept errors EPROTO and ECONNABORTED should not be logged
Status: no patch, ditto above, but will require ifdefs
* directory redirect returns 302 not 301, see PR 77
Status: easy to fix, but will require testing
* SO_DEBUG in proxy_ftp.c may not be portable, see PR 116, 104
Status: Chuck says it is a leftover, will fix
* bugs in mod_negotiation (serious)
Status: reported by lampa@fee.vutbr.cz on Jan 6 to apache-bugs.
It is a very good, detailed report with patches.
* 3 seconds delay in CGI execution on SunOS 4.x, see PR 122
Status: no patch.
Info: Pages containing script output show up with a delay of 3
seconds (there was no such delay in Apache 1.1.1).
[rindfuss@medea.wz-berlin.de] tracked the problem down to
source file alloc.c, function free_proc_chain. This function
contains a conditional call to sleep(3), which causes the delay.
for (p = procs; p; p = p->next) {
if (p->kill_how == kill_after_timeout) {
/* Subprocess may be dead already. Only need the timeout if not. */
if (kill (p->pid, SIGTERM) != -1)
need_timeout = 1;
} else if (p->kill_how == kill_always) {
kill (p->pid, SIGKILL);
}
}
/* Sleep only if we have to... */
if (need_timeout) sleep (3);
[RobH: So CGI included as SSI hangs around for longer and needs
to be SIGTERM'ed. Why?]
[Roy: note also that a call to sleep will blow-out any other timeout]
Planning/design items:
* Should we change the default timeout of 1200?
* do we want a half-hearted attempt at fixing logfile opening security
holes?