httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: httpd patch B5 updated.
Date Tue, 14 Mar 1995 23:21:42 GMT
On Tue, 14 Mar 1995, Rob Hartill wrote:
> > Just what the fsck is going on anyway?
> it is getting messy. I still think we should all implemement one
> patch at a time together. At the rate (and hours) some are working
> we can probably manage a couple of patches a day. It's far too
> easy to grab the next apache-pre and without knowing what's in it
> or how it is supposed to work.
> If this is acceptable to the rest of the group, I think we should
> order the patches, and start a systematic processes of dicsussion,
> implemenations and testing.
> Why not stop adding new patches for now, and just properly process 
> the ones we have. Then accept more patches.

Okay, I apologize if my productivity spurt over the weekend has caused 
problems, I just wanted to take rst's momentum and not let it fall 
short - but it seemed like all the bug fixes were uncontroversial enough 
(like the -Wall modifications) to merit testing it out.  Finally I've 
been doing all the patches by hand, and testing out each feature, to make 
sure they've all happily worked together, as so far they have.  

Here's the list of patches and slight modifications I've put into my 
working copy.  With the exception of http_mime_db.c (rst's content 
negotiation) and a large chunk of http_alias (drtr's malloc() changes) 
I've done all mods by hand and most were minor enough to be verifyable 
that security holes shouldn't have been created.

implemented by RST into apache-pre.tar.Z:

PatchID Fixes: 
B1 	Cert scribbling hole (modified to require -DMEMHOGBUTSECURE by brian) 
B2 	SO_LINGER set on client sockets B3 Server always pauses 3 seconds for 
		scripts (configurable now with -DBABYKILLER)
B4	<!--#config timefmt --> not always working
B7	Allow directive redundant
B8	(integrated with P9)
P9	initgroups() done once per connection
P10	MIME headers read 1 character at a time (the patch list at suggests that
	drtr and rst had different solutions, yet I see patch.drtr-read listed
	as a patch in rst's apache-pre, so I presume he integrated the latter.)
P11	open_locale() and tzset() done once per connect
P12	Shared-memory name server cache (this works fine on BSDI and SGI as 
		as far as I can tell (i.e. it doesn't crash)).
B17	raise queue size in listen() (though this really should be a 
		compile-time option)
B18	Status; 302 should work, and doesn't

Now, the ones I've put in:

B22	drtr's Fix another stack scribbling hole
B23	AddType for *.cgi, *.shtml won't work in .htaccess
B24	Adds content-type negotiation
--	Custom error responses (httpd/patches/custom_error_responses_patch_E8.txt)
--	drtr's malloc() changes (httpd/patches/alias.patch)
--	roy's date patch for correct HTTP (date_patch.txt)
--	roy's patch for directory listings that use '..' instead of '../' (dir_patch.txt)
--	KEEPALIVE option on setsockopt  for buggy PC clients
--	Randy's -Wall cleanups (though apparently he's removed them from the 
	patch directory on hyperreal)

For all the patches without official ID's I'll go create entries for 
them.  Cliff, if you want to re-add all those patches yourself to a build 
you're making locally fine, but my build is in /export/apache/apache-pre 
right now (not on the web site).

Finally, here's what I think the status is on the other patches:

B5	XBITHACK not honored on (!--#include--)ed files
	Andrew, I couldn't find code for this - as soon as it's uploaded I'll
	integrate it, sounds pretty simple
B6	access files written w/o O_APPEND (httpd/patches/log_patch.txt)
	I tried putting this in and it caused core dumps when it went to 
	write, so I left it until later.  a related patch 
	(httpd/patches/elog_patch.txt) should be discussed before 
	implemented - It also apparently doesn't have a patch ID.
no B13
P14	DBM-based user databases for HTTP authentication
	(I haven't yet put this in as I want to make it more portable
	and more generalizable - use both NDBM and GDBM, etc.)
E15	add new CGI variables
	(There is only *one* new CGI variable I use and that is 
	DOCUMENT_ROOT - anyone contest to adding this? it should be
	documented as *experimental*, of course, and not necessarily a
	feature :)
E16	Allow any URL to invoke a script
	Rob (Hartill), is this your *.doit patches?  Is there a conflict between 
	this and content negotiation?  I don't see any code...
B19	Embedded blanks in headers don't work
	Rob (Thau), did you put this into apache-pre?
E20	Add multi-homed server support
	This is not a minor patch, and has implementation questions - let's
	deal with it after we deal with earlier patches.
O21	'Timeout' config setting missing from httpd.conf
	Seems like a wishlist patch, but also doesn't sound too complex.

Anyways, I'll work on making this document sync with cliff's patch list.  



View raw message