You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 1998/01/26 05:45:19 UTC
[STATUS] (apachen) Sun Jan 25 23:45:17 EST 1998
Apache 1.3 STATUS:
Release:
2.0 : In pre-alpha development
see: <http://www.arctic.org/~dgaudet/apache/2.0/process-model>
1.3b4: In development, maybe a release late Jan 98? Jim will be RM
unless someone else wants it
1.3b3: Released and announced
1.3b1: There is no 1.3b1
Current Modes:
o Commit-Then-Review (see <http://dev.apache.org/guidelines.html#ctr>
Plan:
Let's shoot for release of 1.3b4 on January 31, 1998.
Concern: Should we hold off on any new code changes
in order to try to get 1.3.0 out the door asap? Once
that's done, we can split off 2.0 from the present CVS
tree and start working on that, while putting some
patches into 1.3.1b1-dev. Let's get 1.3.0 out soon so
we can really start playing with the code, which isn't
wise when we're trying to push a release out.
Showstoppers:
Committed Code Changes:
* Ben Hyde's [PATCH] fix mmap error conditions again
* [PATCH] Fix problems with timeouts in inetd mode and -X mode
* Marc's [PATCH] fix strtoul
* Alexei's [PATCH/Win32] Remove main() from ApacheCore.dll
* Ben's [PATCH] Only lowercase "real" path
* Ben Hyde's [PATCH] general/1387: scoreboard_image memory allocation
* Martin's [PATCH] [FEATURE] Clickable Path Components in ftp dir header
* Martin's [FIX] Deleted redundant pstrndup() call which slipped in
* Martin's [PATCH] add |APLOG_NOERRNO to proxy log messages
* Ken's [PATCH] for #1479, #1480
* Dean's [PATCH] fail gracefully if cd fails
* Dean's [PATCH] Re: general/1491: mmap_handler error_log entry
* Marc's [PATCH] FreeBSD 2.2+ can use SINGLE_LISTEN_UNSERIALIZED_ACCEPT
* Ken's [PATCH] Configure be more verbose when it can't find
Configuration
* Paul's [PATCH] Proper reporting of Win32 errors
* Ben's [PATCH] WIN32: Allow spaces to prefix the interpreter in #! lines
* Ben's [PATCH] PR#1511 Make set_file_slot() use os_is_path_absolute()
* [PATCH] for PR#1523: Cure filehandle leak in Win32 CGI
* Igor Tatarinov's [PATCH] pthread_mutex_ functions do not set errno
* Dean's [PATCH] PR#1319: RedirectMatch gone / causes SIGSEGV
* Lars' [Patch] PR#1512 typo in mod_alias.html
* Dean's [PATCH] PR#1542 Better glibc support for linux
* Dean's [PATCH] mod_mime_magic small bug fixes
* Ben Hyde's [PATCH] Let CVS ignore MSDev's ApacheOS[DR] directories
* Dean's [PATCH] mod_negotiation small bug fix
* Ken's stage 2 of moving ap_*() to src/ap (ap_slack() move)
* Brian Havard's [PATCH] mod_mime_magic and OS/2
* Igor Tatarinov's [PATCH] usage patch (-V)
* Dean's [PATCH] child_timeout not correctly defined
* Mark Bixby's [PORT] MPE porting patch
* Dean's [PATCH] Re: problem with a .gif and v2.1.4
* Dean's [PATCH] util_date.c needless reinitialization
* Martin's [PATCH] Gimme a break! (missing break;s in mod_include)
* Dean's [PATCH] two bugs in mod_autoindex
* Igor Tatarinov's Re: A tiny correction and a question on writev_it_all
* Dean's [PATCH] more useful warning message for fcntl() lock failure
* Dean's [PATCH] ap_snprintf should be more sane (fwd)
* Jim's/Ken's move of main/util_snprintf.c to ap/ap_snprintf.c
* [PATCH] Re: [BUGFIXES] Wrong GID for PID file and UMASK for logs
* Dean's [PATCH] fix Rasmus' chunking error
* [PATCH] PR#1366: fix result of send_fd_length
* Ben Hyde's [PATCH] Finish suite of mutex ops for non-threaded platforms
* Ben Hyde's [PATCH] Serialize the update to pool.sub_* in destroy_pool
(take 2)
* Ken's [PATCH] for PR#1195 (" in realm names)
* Jim's [PATCH] ap_cpystrn() function (replace strncpy) Take II
* Dean's [PATCH] 1.3: "DoS" attack
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
* Dean's [PATCH] mod_info minor cleanups (take 2)
* Dean's [PATCH] mod_status cleanups
* [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
* Paul's [PATCH] a bundle of multithreading changes
* Ken's [PATCH] for copyright year update
* Dean's [PATCH] 1.3: security updates for mod_imap and mod_include
* Dean's [PATCH] make mod_include use ap_cpystrn
* WIN32: fix proxy caching
* WIN32: fix CGI scripts called w/o '=' in path info PR#1591
* Doug's [PATCH] add -c and -C switches (take 3)
* Paul's WIN32: patch to allow for Doug's -c option
* Dean's [PATCH] unneeded pstrdup()s (in table_*() calls)
* Brian Havard's [Patch] OS/2 - fix up shut down
* Dean's [PATCH] make mod_rewrite use ap_cpystrn
* Martin's [PORT] Make apache compile & run on an EBCDIC mainframe
* Martin's [PATCH] mod_speling [300] Multiple Choices bug (Take 2)
* Dean's [PATCH] protect the environment
* general/1666: Apache uses a case sensitive match for "Basic" auth scheme
* mod_rewrite/1684: RewriteLog directive does the equivalent of
"HostnameLookups on"
* protocol/1683: The Connection header may contain multiple close tokens
* some of Marc's 1.2.5 security patches (minus proxy fixes)
* John Van Essen <jv...@gamers.org>'s fix for mod_autoindex <PRE>
misplacement.
* Ken's addition of src/ap/ap.h for prototypes of routines in libap.a
* Ken's addition of #ifndef wrappers to src/main/*.h header files
* Ken's removal of problem-causing "const"s from mod_imap.c
* os-next/1613: can't compile
* os-next/1614: can't compile
* os-os2/1482: I cannot add a user in an existing password file
* Martin's [PATCH] Improve implementation of -c/-C directive reading
(take 2)
* Dean's [PATCH] MONCONTROL for profiling children
* Marc's [PATCH] don't log bogus errno when file doesn't exist
* Dean's [PATCH] OSF/1 serialized accept
* Marc's [PATCH] PR#1543: suexec logging exec failures
* Ben Hyde's [PATCH] WIN32 deserves a pid log file
* Paul Eggert's [PATCH] suexec/1343: year-2000 bug in suexec log
* Marc's [PATCH] define to allow passing of Authorization header
* Roy's [PATCH] protocol/1399: failing to read body
* PR#1082, 1282, 1499, 1553: unixware cleanup
* mod_spelling added to win32 build
* Jim's rename of SAFE_UNSERIALIZED_ACCEPT to
SINGLE_LISTEN_UNSERIALIZED_ACCEPT
* Jim's addition of USE_MMAP_SCOREBOARD and USE_SHMGET_SCOREBOARD in
conjunction with HAVE_MMAP and HAVE_SHMGET to select scoreboard
type.
* Jim's [PATCH] A/UX can use SINGLE_LISTEN_UNSERIALIZED_ACCEPT
* Jim's [PATCH] force Unixware to use mmap() scoreboard (before
was dependent on ordering of the #defines in http_main.c)
* table api cleanup
* [PORT] Add function to emulate the execution of #! scripts
for OS's which don't support starting them automatically
(enable with #define NEED_HASHBANG_EMUL)
* more mod_mime_magic cleanup
* Add more compile time diagnosis to main's -V switch
Available Patches:
* M.D.Parker's [PATCH] mod_status/1448: Status Information have version
<Pi...@twinlark.arctic.org>
Status: Dean +1, Martin +1, Alexei -1 (shared lib concerns)
* Martin's [PATCH] "Signing" server generated pages
<19...@deejai.mch.sni.de>
Status: Martin +1, Roy 0,
Concepts:
* Jim's [CONCEPT] platform.h header file. Instead of lumping
all OS stuff in conf.h, create a ./platforms/ sub-dir
and have Configure copy and modify platform.h as needed.
<19...@devsys.jaguNET.com>
* Dean's [PRE-PATCH] expanding ap_snprintf()
<Pi...@twinlark.arctic.org>
Status: Dean +1, Ben +1, Jim 0, Martin 0, Brian +1(?), Ken +1
See <Pi...@twinlark.arctic.org>
for a more up-to-date idea (int vformatter) that has a
vote of +1 from Dean, Ben, Martin, Paul, Jim, and Ken for concept
In progress:
* Martin Kraemer's [PATCH] Parsing URI into its components
This has "evolved" into a new module: util_uri. Martin
will post when it's at a state where he's happy with it.
Ken would like to see it in libap instead of libmain.
* Dean's [PATCH] yet another slow function
<Pi...@twinlark.arctic.org>
Status: Dean +1, Jim +1, Martin +1, Paul +1
Needs to be redone so that it better supports non-ascii hosts.
* Ken's IndexFormat enhancement to mod_autoindex to allow
CustomLog-like tailoring of directory listing formats
Needs patch:
* Dean's "locale" project
See <Pi...@twinlark.arctic.org>
Status: Jim'll look into it
* os_ abstract is_only_below() in mod_include.c
* proxy security fixes from 1.2.5 need to be brought forward
* DoS created by the lame hostname lookup code in check_fulluri, which
should be part of the proxy and not in the core
Closed issues:
* Removal of inetd mode
Ken says he'll try to maintain it, since there are
people/places who need it
* The decision has been made to experiment with allowing code
changes to be committed without prior review.
* Guidelines for commit-then-review are documented at
<http://dev.apache.org/guidelines.html#ctr>
Open issues:
* Provide consistant prefixes; suggestions:
Apache provided general functions (e.g., ap_cpystrn)
ap_xxx: Ken +1
Public API functions (e.g., palloc)
apapi_xxx: Ken +1
appublic_xxx:
appub_xxx:
Private functions which we can't make static
but should be (e.g., new_connection)
apprivate_xxx:
appri_xxx:
httpd_xxx: Ken +1
* Maybe moving *all* of the *.h header files into a new
src/include directory?
Status: Ken +1, Dean +1
* Renaming the "apache" CVS module to "apache-1.2" and the
"apachen" module to "apache-1.3" - and, at some point,
copying (*not* branching) the apache-1.3 module to a new
apache-2.x tree and opening up 2.0 development.
Status: Ken +1, Jim +1 (let do it NOW :) )
* Ken's [POLL] apachen/patches directory
Shall we experiment with allowing patches to be distributed for
voting through cvs, by creating a directory under the source tree
and putting them there? Please vote.
<34...@Golux.Com>
Status: Ken +1, Randy 0, Dean 0, Jim +1, Paul 0
* Paul would like to see a 'gdbm' option because he uses
it a lot. Dean notes that 'gdbm' include 'db' support
so we need to watch the library ordering.
Dean notes: Check rev 1.72 -> rev 1.73 of
src/Configuration.tmpl. I re-ordered mod_auth_dbm and
mod_auth_db at this time, and I'm pretty sure it was to
deal with this issue. But I think I still ran into
troubles if I automatically looked for gdbm.
* What do we call the binary: apache or httpd? Under UNIX
it's httpd, under Win32 it's apache. Maybe rename it
to apache-httpd?
apache-httpd: Ken +1
* Maybe a http_paths.h file? See
<Pi...@valis.worldgate.com>
* Release builds: Should we provide Configuration or not?
Should we 'make all suexec' in src/support?
Ken +1 (possible suexec path issue, though)
* root's environment is inherited by the Apache server. Jim, Ken &
Dean thinks we should recommend using 'env' to build the
appropriate environment. Marc and Alexei don't see any
big deal.
should be non-static and in util_* so modules can use 'em. (He
didn't notice this flaw during the review.)
* Sameer's mod_so implemetation
See <19...@gabber.c2.net>
Issues: Underscores: Should I try prepending, appending, and
ignoring? -> Alexei says look at Java
Location? os/unix ??
* 206 vs. 200 issue on Content-Length
See <Pi...@valis.worldgate.com>
Roy says current behavior is correct, but Alexei disagrees.
Marc sides with Alexei.
* Marc's socket options like source routing (kill them?)
Marc, Dean, Martin say Yes
* Marc's [BUG] include virtual and SCRIPT_NAME w/path_info
<Pi...@alive.znep.com>
* Ken's PR#1053: an error when accessing a negotiated document
explicitly names the variant selected. Should it do so, or should
the base input name be referenced?
Win32 specific issues:
Open issues:
* Should ApacheCore.dll be merged back into the main server
image? May make debugging easier..
In progress:
* Ben's ASP work... All agree it sounds cool.
* DDA's adding a tray application to the Windoze version for ease of
status/management.
<01...@caravan.individual.com>
<01...@caravan.individual.com>
Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
we get a single executable)
Paul: No like Win95 specific stuff
Ken: What's W95-specific about it?
Help:
* numerous uses of strcpy and strcat have potential for buffer
overflow, someone should rewrite or verify they're safe
* process/thread model
- need dynamic thread creation/destruction, similar to
Unix process model
- can't use WaitForMultipleObjects in the same way we
do now, since that has a limit of 64(!) objects. Grr.
PR#1665
* some errors printed by CGIs to stderr don't end up making it
to the server log unless an extra debugging message is added
after they run? (PR#1725 indicates this may not be just Win32)
* bad use of chdir in some places; it isn't thread-specific
* handle bugs that make it pop up errors on console, ie. segv
equiv? Can we do this? Need to make it robust.
* install
- make installshield work
- config in cvs tree?
- install docs, etc.?
- location for install
* signal type handling
- how to rotate logs from command line?
* the mutex should be critical-regions, since the current design
is creating a mess of SO calls that are unnecessary
* we don't mmap on NT. Use TransmitFile?
* CGIs
- hangs on multiple CGI execution? PR#1607,1129
Marc can't repeat...
- docs on how they work w/scripts
- use registry to find interpreter?
- WTF is the buffering coming from?
- we don't have a way to make non-blocking files on NT!
* performance
* documentation:
- running the server without admin
- how CGIs work
- update README.NT
- short/long name handling
- better status page on current state of NT for users
* http_main.c hell
- split into two files?
* who should run the service? Who exactly is the "system account"?
docs say:
Localsystem is a very privileged account locally, so you shouldn't run
any shareware applications there. However, it has no network privileges
and cannot leave the machine via any NT-secured mechanism, including
file system, named pipes, DCOM, or secure RPC.
and:
A service that runs in the context of the LocalSystem account
inherits the security context of the SCM. It is not associated with
any logged-on user account and does not have credentials (domain
name, user name, and password) to be used for verification. This
has several implications: [... removed ...]
That _really_ sucks. Can we recommend running Apache as some
other user?
* need a crypt() of some sort.
- sources are easy; problem is export restrictions on DES
- if we don't do DES, can do md5
* modules that need to be made to work on win32
- mod_example isn't multithreadreded
- mod_unique_id (needs mt changes)
- mod_auth_db.c (do we want to even try this? We should have some
db of some sort... what else can we pick from under win32?)
- mod_auth_dbm.c
- mod_info.c (PR re exporting symbols for it...)
- mod_log_agent.c
- mod_log_referer.c
- mod_mime_magic.c (needs access to mod_mime API stage...)
* do something to disable bogus warnings
Re: [STATUS] (apachen) Sun Jan 25 23:45:17 EST 1998
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Rodent of Unusual Size wrote:
>
> Apache 1.3 STATUS:
>
> Plan:
>
> Let's shoot for release of 1.3b4 on January 31, 1998.
> Concern: Should we hold off on any new code changes
> in order to try to get 1.3.0 out the door asap? Once
> that's done, we can split off 2.0 from the present CVS
> tree and start working on that, while putting some
> patches into 1.3.1b1-dev. Let's get 1.3.0 out soon so
> we can really start playing with the code, which isn't
> wise when we're trying to push a release out.
Sounds reasonable, but here are some things that I think we need to
make decisions concerning before 1.3.0. (The Win32 issues [install,
src tree, CGI bug, ...] are obviously show-stoppers.)
> Needs patch:
>
> * proxy security fixes from 1.2.5 need to be brought forward
>
> * DoS created by the lame hostname lookup code in check_fulluri, which
> should be part of the proxy and not in the core
>
> Open issues:
>
> * What do we call the binary: apache or httpd? Under UNIX
> it's httpd, under Win32 it's apache. Maybe rename it
> to apache-httpd?
> apache-httpd: Ken +1
>
> * Release builds: Should we provide Configuration or not?
> Should we 'make all suexec' in src/support?
> Ken +1 (possible suexec path issue, though)
>
> Win32 specific issues:
>
> Open issues:
>
> * Should ApacheCore.dll be merged back into the main server
> image? May make debugging easier..
>
> In progress:
>
> * DDA's adding a tray application to the Windoze version for ease of
> status/management.
> <01...@caravan.individual.com>
> <01...@caravan.individual.com>
> Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
> we get a single executable)
> Paul: No like Win95 specific stuff
> Ken: What's W95-specific about it?
>
> * some errors printed by CGIs to stderr don't end up making it
> to the server log unless an extra debugging message is added
> after they run? (PR#1725 indicates this may not be just Win32)
>
> * bad use of chdir in some places; it isn't thread-specific
>
> * install
> - make installshield work
> - config in cvs tree?
> - install docs, etc.?
> - location for install
>
> * CGIs
> - hangs on multiple CGI execution? PR#1607,1129
> Marc can't repeat...
> - docs on how they work w/scripts
> - use registry to find interpreter?
> - WTF is the buffering coming from?
> - we don't have a way to make non-blocking files on NT!
>
> * documentation:
> - running the server without admin
> - how CGIs work
> - update README.NT
> - short/long name handling
> - better status page on current state of NT for users
>
> * who should run the service? Who exactly is the "system account"?
>
> * need a crypt() of some sort.
> - sources are easy; problem is export restrictions on DES
> - if we don't do DES, can do md5
>
> * modules that need to be made to work on win32
> - mod_example isn't multithreadreded
> - mod_unique_id (needs mt changes)
> - mod_auth_db.c (do we want to even try this? We should have some
> db of some sort... what else can we pick from under win32?)
> - mod_auth_dbm.c
> - mod_info.c (PR re exporting symbols for it...)
> - mod_log_agent.c
> - mod_log_referer.c
> - mod_mime_magic.c (needs access to mod_mime API stage...)