httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject [TAO] the status flows freely
Date Tue, 04 Mar 1997 22:05:00 GMT
It's Ken's fault this grew by so many entries ;)

1.2b8 status as of Tue Mar  4 14:04:31 PST 1997

  * Committed since 1.2b7:

    * HP MPE/iX fixes
    * replace bcopy with memmove for ANSIfriendliness
    * UXP/DS(V20) port
    * MachTen fine tuning
    * PR#186: Make declaration of add_env_variable agree with definiton.
    * PR#210: Missing semicolon.
    * Correctly handle Swedish filenames
    * buff.c header include fixes
    * create_argv() fixes

Agenda for 1.2b8-dev
====================

Ready for committing:

    * Ken's [PATCH] fixup for missing header_parser slots in modules
	Message-Id: <97022418312686@decus.org>
	Missed mod_proxy, but Chuck already committed a fix for that.
	Status: Chuck +1, Dean +1, Marc +1
    
    * Ben's [PATCH] Remove cleanups from bpushfd()
	Message-ID:  <9703011457.aa05179@gonzo.ben.algroup.co.uk>
	Status: +1 Dean, Jim, Randy

Patches available:

    * charset mod_neg iso-8859-1 fixup
	Status: Paul posted patch

    * Rob's "DONE" status response check for die()

    * LIBS in support/Makefile.tmpl

    * user and server get confused over what should be a virtual host
	and what is the main server, resulting in access to something
	other than the name defined in the virtualhost directive (but
	with the same IP address) failing.  
		Status: should be looked at, may not be a nice way to fix 
			since it is likely not technically a bug.

	Status: Dean posted patch, Ben +1-but-hasn't tested, may
		or may not be whole problem, Randy +1.
		Ralf -1: issues with the mods required to mod_rewrite.

    * config/178: Module with server_config but no per-dir config will
	seggy in set_flag_slot
	Status: patch given in report, +1 Roy, 
	Dean say no... Ken agrees with Dean.

    * PR#161 -- mod_dir performance with negotiation
	Status: Petr posted patch, Dean +1 on part
	Petr posted query about how it should be redone.
    
    * Marc's [PATCH] support/Makefile.tmpl and LIBS (fwd)
	Message-ID: <Pine.BSF.3.95.970225181855.23741S-100000@alive.znep.com>
    
    * Marc's [PATCH] log long headers
	Message-ID: <Pine.BSF.3.95.970226193239.2526D-100000@alive.znep.com>
	Status: Chuck +1, Dean +1
    
    * Ken's [PATCH] PR#146,187 is_url() not HTTP/1.1 conformant
	Message-Id: <97022713073856@decus.org>

    * Dean's patch for [BUG]: "ErrorDocument appears to break in 1.2b7"
	    on Solaris 2.x
	and [BUG]: "errordocument gets overriden" on Irix
	Message-ID: <Pine.LNX.3.95dg2.970226000702.27668A-100000@twinlark.arctic.org>
	Posted, one bug reporter says it works fine.  Ken +1.
	This one should probably go up on a "patches for 1.2b7" page.
    
    * memory management goof in alloc.c
	Message-ID: <Pine.NEB.3.95.970226155556.322J-100000@localhost.imdb.com>
	Status: Patch from Kai Risku <krisku@tf.hut.fi>

    * Garey's PR #59 fix for OS/2
	Message-Id: <9703030137.AA0292@main.slink.com>

No patches yet:

  * HPUX 10 select

  * 3 seconds delay in CGI execution on SunOS 4.x, see PR 122
       Status: no patch.
       Info: Pages containing script output show up with a delay of 3
             seconds (there was no such delay in Apache 1.1.1). 
             [rindfuss@medea.wz-berlin.de] tracked the problem down to
             source file alloc.c, function free_proc_chain. This function
             contains a conditional call to sleep(3), which causes the delay.

       for (p = procs; p; p = p->next) {
          if (p->kill_how == kill_after_timeout) {
            /* Subprocess may be dead already.  Only need the timeout if not. */
            if (kill (p->pid, SIGTERM) != -1)  
              need_timeout = 1;
          } else if (p->kill_how == kill_always) {
            kill (p->pid, SIGKILL);
          }
        }
 
        /* Sleep only if we have to... */
  
        if (need_timeout) sleep (3);

        [RobH: So CGI included as SSI hangs around for longer and needs
               to be SIGTERM'ed.  Why?]

        [Roy: note also that a call to sleep will blow-out any other timeout]


    * SIGTERM to parent on UnixWare kills it but leaves children as
      zombies, requiring reboot.  SIGHUP reloads it fine when it's
      running
      (no PR#, 1.2b6, 21/2/1997, <talbion@xl.ca>)

  * Marc has changed his mind and wants to have a check to be sure
    log directory(ies) isn't writable by anyone except the user starting
    the server.  The posting in bugtraq only highlites the problem.
    Needs override.  See NCSA code for sample implem.
	Status: Marc busy writing, Ed +1 on putting in to b7

  * wrong response to proxy request without proxy
	Message-ID:  <9702201640.aa07198@paris.ics.uci.edu>

  * redo lingering_close to check for old sockets to close out before
    accept() in child.  
	Status: doesn't look to be overly clean to do in the current
	framework.  Will not have time to do implementation for this
	beta in any case.  If it turns out to be a big issue,
	could go in later.  (1.2.1?)

  * multiviews not behaving properly with path info (PR#40)

  * CGIs don't get PIPE under FreeBSD; under Solaris they get a TERM
    and then a PIPE in close succession.  Hmm.  Marc will look when
    he gets a chance.

  * Solaris "accept: Too many levels of remote in path" [marc]

  * some better suexec docs would be really nice, detailing some of the
    security risks and compromises discussed
	Status: I think Randy said something about doing it at one point,
		but no one can write what  I think should be there better
		than me, if I ever have time.  Randy says he thinks 
		Jason is perhaps doing them.

  * redirect of index file causes SEGV [Marc]
	Status: have a way to stop the core dump, but that doesn't make
	it work properly.
	See also: Message-ID: <Pine.BSF.3.91.970210204402.12197B-100000@localhost.imdb.com>

  * 64-bit issues; general cleanup, sizeof(void *) != sizeof(int)

  * Randy says "seems that the processes on a Unixware machine are
    eventually all dying off. Mind you, I have not seen this, but
    that is what is being reported.  Sounds like perhaps the server is not 
    respawning new children after MaxRequestsPerChild has been reached."

  * error compiling on NeXT:
	In file included from http_main.c:108:
	/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
	/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'

	Status: got a login in a NeXT OpenStep 4.x machine to test,
	looks like an interaction between gcc and the header
	files.  It is trying to include definitions for both big and
	little endian platforms, and that no work.

  * Marc says Apache won't compile with HAVE_SNPRINTF defined as things
    are now because not everything includes conf.h.
       Status: Fix it when we have a platform which has snprintf.  Jim
	will look at; perhaps just include conf.h everywhere

  * new header_parse API hook is called too often
       Status: RobH posted patch, had second thoughts.  He
       suggests that mod_browser be optimised by detecting if it has been
       called already and returning early if it has.
	Roy says see also the suggestion by Doug MacEachern regarding
	addition of is_main_request() test so that any module can avoid this.

    * With no limits on <Directory />, a UserDir of "./" allows "~root/"
      to walk down the entire filesystem.
      (no PR#, 1.1.3, 21/2/1997, "Michael Douglass" <mikedoug@texas.net>)
        - "don't do that", but should probably be noted in the UserDir
          documentation and the Security Tips page.  That the default
    	  access is "if the server can reach it, it can serve it" should
    	  definitely be noted.  (<Directory> description and security
    	  tips?)
        - perhaps a future DisallowUserDir directive, a la ftp.deny,
          listing usernames not accessible through ~name?

    * UnixWare 2.1.1 needs USE_FCNTL_SERIALIZE_ACCEPT to keep from
      locking up.
      (no PR#, 1.2b6, reported by <jrd@cc.usu.edu>)
        - reporter says "UW 2.1.1 requires installation of UW patch
          ptf3123 for proper operation of accept()".  The patch is
    	  available from ftp.sco.com
        - He also says that defining NO_LINGCLOSE reduces FIN_WAIT_2
          incidences in this environment
        - Chuck told the reporter "it" (presumably the USE_FCNTL define)
          will be in 1.2b8, and info about the OS patch will be put in the
    	  online docs.

    * SIGHUP on Solaris 2.x causes server to die with "bind: Address
      already in use" and "httpd: could not bind to address 131.188.2.47
      port 80".  Server is Listen-ing on four IP addresses at port 80;
      the one above is the last Listen directive.  Three virtual hosts
      declared as well as main/default server.
      (no PR#, 1.2b7, 24/2/1997, <Erich.Meier@informatik.uni-erlangen.de>)
        - was also reported by same user against 1.2b4

    * Type map can't find appropriate document for language on Solaris
      2.x.  (I can't gistify this one; full details in message ID
      <Pine.NEB.3.95.970224200751.8617F-100000@localhost.imdb.com>.)
      Reporter has provided tar.gz file of config info.
      (no PR#, 1.2b7, 24/2/1997, <ejr@cise.ufl.edu>)

    * Make of server fails during ld phase on AIX 3.2.5 with undefined
      symbol ".flock"
      (no PR#, 1.2b7. 24/2/1997, <weible@mail.pittstate.edu>)

    * <IMG SRC="a CGI"> crates [sic] zombies on FreeBSDLinux
      (see <Pine.NEB.3.95.970225130439.346B-100000@localhost.imdb.com>
      for the details; I'm not going to try to decode 'em)  Reporter
      says hackers have told it the cause lies in an error in the loop
      structure in alloc.c's fork()/signal()/wait() handling
      (no PR#, 1.1.1/1.2.something (?), 23/2/1997, <sk@www.russia.net>)
        - Marc said it *might* be related to the kindercide issue

    * unescape_url() doesn't convert "+" to " "
      (no PR#, 1.2b7, 25/2/1997, <richter@ecos.de>)
        - Ralf thinks this should be done by the CGI, not by the server

Planning/design items:

    * should the bug report page be in CVS?  Should it be in the htdocs
      tree or a seperate place?  Should it be distributed with Apache?
      The same holds for everything on the Apache web site.  Marc would
      like to see it all in CVS, but not necessarily distributed
      with Apache.  
      Roy says: It would be nice if all of the non-archive parts
      of the project tree were in a separate cvs module -- it would
      sure make updating Hyperreal a lot easier (and safer).


    * should perhaps start to think about exactly how we want to 
      handle contrib patches/programs in 1.2.  Directory on the web site?  
      Include in distribution?

Contrib stuff / future:

    * Chris Adams <cadams@ro.com> patch to mod_log_config to add %m
      and %c.

    * "Large groups cause authentication errors" on FreeBSD
      [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
      in groups_for_user.  

  * mod_log_config patch for conditional logging
	Status: contrib, not in server

    * Jim has patch for time taken to handle a request in status module

  * Ed has an updated patch for limiting connections per IP

  * mod_include is still slow.

  * Some mirrors are out-of-date, Brian will investigate

  * add some setlocale stuff?

  * update bug report page to not have email form
	Status: +1 Roy, Dean, Marc (but some changes suggested), patch
		reposted with changes.  Needs input from people handling
		current bug reports.
	New status: reposted, still need input from people handling bug
		reports via mail right now.  

  * status module available from .htaccess files; Ken posted patch

  * status report shows PIDs in empty slots, user supplied some sort 
     of patch; behavior now is correct, but perhaps some cleanup of
     how the results are displayed could be done after 1.2...
     Message-ID: <Pine.NEB.3.95.970212030312.13867I-100000@localhost.imdb.com>

  * mod_template.c illustration of command handler call semantics for
    the different directive argument types (et alia).  +1 Dirk, Chuck,
    but needs work.  I'll try to flesh this out in the next few days if
    these mean "+1 to including in distribution".

    * Marc proposed keeping a list of things broken for HTTP/1.1; on the
      Web or part of the distribution?
      (no PR#, 1.2, 21/2/1997, "Marc Slemko" <marcs@znep.com>)
        - Chuck likes the idea (hopefully will reduce redundant
    	  reports); thinks it should be on the Web
        - Ken thinks it should be in the htdocs tree so it hits both


Mime
View raw message