httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@avron.ICS.UCI.EDU>
Subject Re: patch list vote
Date Sat, 18 Mar 1995 08:00:38 GMT
Here are my votes.  All the ones marked +1 (yes) have been tested
by applying them in the following order:

      B35, B06, B33, B34, P11, B17

The order probably doesn't matter, but that's how I applied them.
The patched build was then run successfully, but no fancy tests were run.

Anything marked "patch?" means I could not find the patch at hyperreal.
"I don't use it" means I have no use for the patch and would not be able
to test it.

NOTE: A patch is only valid if it can be downloaded as one file
      and applied via the command

          patch < patchfile.txt

      in the httpd/src directory.

==================================================================
Vote   Patch   Description

 0     B1      Submitter : CERT/cliffs@organic.com
Big hammer     Status    : verified
wrong nail     Priority  : 2
               The stack-scribbling security hole

 0     B2      Submitter : rst@ai.mt.edu/rst@ai.mt.edu
patch?         Status    : invote
               Priority  : 3
               SO_LINGER set on client sockets

-1     B3      Submitter : unknown/
               Status    : rejected
               Priority  : 4
               Server always pauses 3 seconds for scripts

 0     B4      Submitter : unknown/
I don't        Status    : accepted
use it         Priority  : 3
               < timefmt --> does not always take

 0     B5      Submitter : andrew@www.elsevier.co.uk
I don't        Status    : invote
use it         Priority  : 3
               XBITHACK not honored on (!--#include--)ed files

+1     B6      Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu
               Status    : invote
               Priority  : 3
               access_log open and write instead of stdio

 0     B7      Submitter : unknown/
patch?         Status    : invote
               Priority  : 3
               Allow directive redundant

 0     B8      Submitter : unknown/
patch?         Status    : invote
               Priority  : 3
               numeric UID fails unless UID in passwd file

 0     P9      Submitter : unknown/
patch?         Status    : accepted
               Priority  : 3
               initgroups() done once per connection

 0     P10     Submitter : unknown/
patch?         Status    : invote
               Priority  : 3
               MIME headers read 1 character at a time

+1     P11     Submitter : rst@ai.mit.edu/rst@ai.mit.edu
               Status    : invote
               Priority  : 3
               open_locale() and tzset() done once per connect

 0     P12     Submitter : unknown/
risky          Status    : invote
               Priority  : 5
               Shared-memory name server cache

 0     P14     Submitter : brian@hyperreal.com/brian@hyperreal.com
I don't        Status    : accepted
use it         Priority  : 3
               DBM-based user databases for HTTP authentication

 0     E15     Submitter : brian@hyperreal.com/brian@hyperreal.com
patch?         Status    : invote
               Priority  : 3
               add new CGI variables

 0     E16     Submitter : unknown/
patch?         Status    : invote
               Priority  : 4
               Allow any URL to invoke a script

+1     B17     Submitter : rst@ai.mit.edu/rst@ai.mit.edu
               Status    : invote
               Priority  : 3
               raise queue size in listen()

-1     B18     Submitter : rst@ai.mit.edu/rst@ai.mit.edu
BAD PATCH      Status    : received
               Priority  : 3
               Status: 302 should work, and doesn't

 0     B19     Submitter : rst@ai.mit.edu/rst@ai.mit.edu
patch?         Status    : dispatched
               Priority  : 4
               Embedded blanks in headers don't work

 0     E20     Submitter : randy@zyzzyva.com/cliffs@organic.com
patch?         Status    : invote
               Priority  : 4
               Add multi-homed server support

 0     O21     Submitter : hartill@lanl.gov/
patch?         Status    : 
               Priority  : 5
               'Timeout' config setting missing from httpd.conf

-1     B22     Submitter : drtr@ast.cam.ac.uk/
Incomplete     Status    : 
               Priority  : %
               Fix another stack scribbling hole

B22 does not solve the problem of overflows -- it should forcefully
truncate strings prior to substitution rather than just include warnings.

+1     B23     Submitter : rst@ai.mit.edu/
               Status    : 
               Priority  : 3
               AddType for *.cgi, *.shtml won't work in .htaccess

 0     E24     Submitter : rst@ai.mit.edu/
Too soon       Status    : 
               Priority  : 4
               Adds content-type negotiation

-1     E25     Submitter : brian@hyperreal.com/
wrong          Status    : dispatched
approach       Priority  : 4
               custom error messages

E25 does not allow the custom error messages to know
the important elements of the message (like the err_string)
which tell the user where to go or what they requested.
A header file-based approach (with %s marking where the 
err_string should be included) would be better.

-1     E26     Submitter : hartill@lanl.gov/
DUPLICATE      Status    : 
of E25         Priority  : 5
               Allows files holding custom http error responses

-1     B27     Submitter : rst@ai.mit.edu/
FAILED         Status    : 
               Priority  : 4
               patch B23) doesn't work with XBITHACK

-1     B28     Submitter : rst@ai.mit.edu/
DUPLICATE      Status    : 
of B27         Priority  : 4
               B23 doesn't work with the XBITHACK

-1     B29     Submitter : rst@ai.mit.edu/
DUPLICATE      Status    : 
of B27         Priority  : 4
               B23) doesn't work with the XBITHACK

 0     E30     Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu
Too soon       Status    : invote
               Priority  : 5
               Add logging of Referer and User-Agent to error_log

 0     E31     Submitter : hartill@lanl.gov/
patch?         Status    : dispatched
               Priority  : 5
               custom access (and error ?) logging

+1     B33     Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu
               Status    : invote
               Priority  : 3
               Remove MIME-version header from responses

+1     B34     Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu
               Status    : invote
               Priority  : 3
               Adds slash to FancyIndexing parent directory URL

+1     B35     Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu
               Status    : invote
               Priority  : 3
               Changes to new HTTP/1.0 date format

 0     O36     Submitter : randy@zyzzyva.com/
patch?         Status    : 
               Priority  : 4
               Code cleanup and portability changes

-1     E37     Submitter : hartill@lanl.gov/
NOT A PATCH    Status    : 
               Priority  : 5
               Allow connections to be rejected if high load av.
==================================================================

That's all,


.......Roy

Mime
View raw message