Received: by taz.hyperreal.com (8.8.4/V2.0) id BAA17135; Mon, 10 Mar 1997 01:32:26 -0800 (PST) Received: from twinlark.arctic.org by taz.hyperreal.com (8.8.4/V2.0) with SMTP id BAA17121; Mon, 10 Mar 1997 01:32:22 -0800 (PST) Received: (qmail 10806 invoked by uid 500); 10 Mar 1997 09:32:19 -0000 Date: Mon, 10 Mar 1997 01:32:19 -0800 (PST) From: Dean Gaudet To: new-httpd@apache.org Subject: [STATUS] the latest Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com 1.2b8 status as of Mon Mar 10 01:15:47 PST 1997: * Committed since 1.2b7: * HP MPE/iX fixes * replace bcopy with memmove for ANSIfriendliness * UXP/DS(V20) port * MachTen fine tuning * PR#186: Make declaration of add_env_variable agree with definiton. * PR#210: Missing semicolon. * Correctly handle Swedish filenames * buff.c header include fixes * create_argv() fixes * remove cleanups from bpushfd() * help avoid virtual host confusion * PR#40: include path_info for error when file doesn't exist * PR#59: os/2: allow for cgi files without the .EXE extension * missing header_parser slots in modules * PR#146, PR#187: is_url() not HTTP/1.1 conformant * log long headers in case it is an attack * PR#194: ErrorDocument broken due to an optimization in 1.2b7 * PR#190: Reduced IdentityCheck timeout to 30 seconds * PR#160: invoke_handler() doesn't handle mime arguments * memory management goof in alloc.c * support/Makefile.tmpl and LIBS Agenda for 1.2b8-dev ==================== Patches available: * charset mod_neg iso-8859-1 fixup Message-ID: Status: Paul posted patch, Dean +1, Chuck +1, Jim +1 Roy gives it -1, "Sorry, the right answer is 2" (see the message). * "Michael R. MacFaden" notes that get_local_host() does not use the right magic constant. Dean provided a patch which corrects that and a possible buffer overrun. Message-ID: Status: Roy +1 * Dean's [PATCH] PR#212: error trying to resolve 255.255.255.255 Message-ID: Roy didn't like Dean's laziness, and it didn't patch cleanly. Cleaned up: Message-ID: Status: Roy +1, Chuck +1 * Randy's [PATCH] clear memory allocated for listeners Message-Id: <199703072004.OAA14897@sierra.zyzzyva.com> Status: Dean +1, Chuck +1 * Ken's [PATCH] Re: Putting modules in their own subdirectories (after a few revisions) Message-Id: <97030923222247@decus.org> Status: Chuck +1 Showstoppers with no patches yet: * 3 seconds delay in CGI execution on SunOS 4.x, see PR 122 Status: no patch. Info: Pages containing script output show up with a delay of 3 seconds (there was no such delay in Apache 1.1.1). [rindfuss@medea.wz-berlin.de] tracked the problem down to source file alloc.c, function free_proc_chain. This function contains a conditional call to sleep(3), which causes the delay. for (p = procs; p; p = p->next) { if (p->kill_how == kill_after_timeout) { /* Subprocess may be dead already. Only need the timeout if not. */ if (kill (p->pid, SIGTERM) != -1) need_timeout = 1; } else if (p->kill_how == kill_always) { kill (p->pid, SIGKILL); } } /* Sleep only if we have to... */ if (need_timeout) sleep (3); [RobH: So CGI included as SSI hangs around for longer and needs to be SIGTERM'ed. Why?] [Roy: note also that a call to sleep will blow-out any other timeout] * SIGHUP on Solaris 2.x causes server to die with "bind: Address already in use" and "httpd: could not bind to address 131.188.2.47 port 80". Server is Listen-ing on four IP addresses at port 80; the one above is the last Listen directive. Three virtual hosts declared as well as main/default server. (no PR#, 1.2b7, 24/2/1997, ) - was also reported by same user against 1.2b4 * redirect of index file causes SEGV [Marc] Status: have a way to stop the core dump, but that doesn't make it work properly. See also: Message-ID: Documentation Changes that should make 1.2: * mod_template.c illustration of command handler call semantics for the different directive argument types (et alia). +1 Dirk, Chuck, but needs work. I'll try to flesh this out in the next few days if these mean "+1 to including in distribution". +1 from Ralf. ... and more work ... And Ken says check it all out at * include Dean's doc and maybe expand the docs on how to configure vhosts to avoid DNS lookups (and why). * Chuck says "This should go into the mod_rewrite & mod_proxy docs. It's the / loop with Solaris 2.4." See Message-ID: <3322FBDE.59E2B600@topsail.org> No patches yet: * [BUG]: "SSI stopped working in 1.2b7" on Solaris 2.x (fwd) Message-ID: * Marc has changed his mind and wants to have a check to be sure log directory(ies) isn't writable by anyone except the user starting the server. The posting in bugtraq only highlites the problem. Needs override. See NCSA code for sample implem. Status: Marc busy writing, Ed +1 on putting in to b7 * wrong response to proxy request without proxy Message-ID: <9702201640.aa07198@paris.ics.uci.edu> * redo lingering_close to check for old sockets to close out before accept() in child. Status: doesn't look to be overly clean to do in the current framework. Will not have time to do implementation for this beta in any case. If it turns out to be a big issue, could go in later. (1.2.1?) * CGIs don't get PIPE under FreeBSD; under Solaris they get a TERM and then a PIPE in close succession. Hmm. Marc will look when he gets a chance. * Solaris "accept: Too many levels of remote in path" [marc] * some better suexec docs would be really nice, detailing some of the security risks and compromises discussed Status: I think Randy said something about doing it at one point, but no one can write what I think should be there better than me, if I ever have time. Randy says he thinks Jason is perhaps doing them. * 64-bit issues; general cleanup, sizeof(void *) != sizeof(int) * error compiling on NeXT: In file included from http_main.c:108: /NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off' /NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2' Status: got a login in a NeXT OpenStep 4.x machine to test, looks like an interaction between gcc and the header files. It is trying to include definitions for both big and little endian platforms, and that no work. * Marc says Apache won't compile with HAVE_SNPRINTF defined as things are now because not everything includes conf.h. Status: Fix it when we have a platform which has snprintf. Jim will look at; perhaps just include conf.h everywhere * new header_parse API hook is called too often Status: RobH posted patch, had second thoughts. He suggests that mod_browser be optimised by detecting if it has been called already and returning early if it has. Roy says see also the suggestion by Doug MacEachern regarding addition of is_main_request() test so that any module can avoid this. * With no limits on , a UserDir of "./" allows "~root/" to walk down the entire filesystem. (no PR#, 1.1.3, 21/2/1997, "Michael Douglass" ) - "don't do that", but should probably be noted in the UserDir documentation and the Security Tips page. That the default access is "if the server can reach it, it can serve it" should definitely be noted. ( description and security tips?) - perhaps a future DisallowUserDir directive, a la ftp.deny, listing usernames not accessible through ~name? * Type map can't find appropriate document for language on Solaris 2.x. (I can't gistify this one; full details in message ID .) Reporter has provided tar.gz file of config info. (no PR#, 1.2b7, 24/2/1997, ) * Make of server fails during ld phase on AIX 3.2.5 with undefined symbol ".flock" (no PR#, 1.2b7. 24/2/1997, ) * crates [sic] zombies on FreeBSDLinux (see for the details; I'm not going to try to decode 'em) Reporter says hackers have told it the cause lies in an error in the loop structure in alloc.c's fork()/signal()/wait() handling (no PR#, 1.1.1/1.2.something (?), 23/2/1997, ) - Marc said it *might* be related to the kindercide issue UnixWare: Chuck thinks all of these are solved using the method presented by Joe D. Chuck will implement/document? * SIGTERM to parent on UnixWare kills it but leaves children as zombies, requiring reboot. SIGHUP reloads it fine when it's running. (no PR#, 1.2b6, 21/2/1997, ) * Randy says "seems that the processes on a Unixware machine are eventually all dying off. Mind you, I have not seen this, but that is what is being reported. Sounds like perhaps the server is not respawning new children after MaxRequestsPerChild has been reached." * UnixWare 2.1.1 needs USE_FCNTL_SERIALIZE_ACCEPT to keep from locking up. (no PR#, 1.2b6, reported by ) - reporter says "UW 2.1.1 requires installation of UW patch ptf3123 for proper operation of accept()". The patch is available from ftp.sco.com - He also says that defining NO_LINGCLOSE reduces FIN_WAIT_2 incidences in this environment - Chuck told the reporter "it" (presumably the USE_FCNTL define) will be in 1.2b8, and info about the OS patch will be put in the online docs. Planning/design items: * should the bug report page be in CVS? Should it be in the htdocs tree or a seperate place? Should it be distributed with Apache? The same holds for everything on the Apache web site. Marc would like to see it all in CVS, but not necessarily distributed with Apache. Roy says: It would be nice if all of the non-archive parts of the project tree were in a separate cvs module -- it would sure make updating Hyperreal a lot easier (and safer). * should perhaps start to think about exactly how we want to handle contrib patches/programs in 1.2. Directory on the web site? Include in distribution? Contrib stuff / future: * PR#161 -- mod_dir performance with negotiation Status: Petr posted patch, Dean +1 on part Petr posted query about how it should be redone. * Chris Adams patch to mod_log_config to add %m and %c. * "Large groups cause authentication errors" on FreeBSD [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer in groups_for_user. * mod_log_config patch for conditional logging Status: contrib, not in server * Jim has patch for time taken to handle a request in status module * Ed has an updated patch for limiting connections per IP * mod_include is still slow. * Some mirrors are out-of-date, Brian will investigate * add some setlocale stuff? * update bug report page to not have email form Status: +1 Roy, Dean, Marc (but some changes suggested), patch reposted with changes. Needs input from people handling current bug reports. New status: reposted, still need input from people handling bug reports via mail right now. * status module available from .htaccess files; Ken posted patch * status report shows PIDs in empty slots, user supplied some sort of patch; behavior now is correct, but perhaps some cleanup of how the results are displayed could be done after 1.2... Message-ID: * Marc proposed keeping a list of things broken for HTTP/1.1; on the Web or part of the distribution? (no PR#, 1.2, 21/2/1997, "Marc Slemko" ) - Chuck likes the idea (hopefully will reduce redundant reports); thinks it should be on the Web - Ken thinks it should be in the htdocs tree so it hits both - Chuck gives +1 to Ken's idea, so does Ralf * Rob's "DONE" status response check for die() Message-ID: Roy says it's a feature... Dean agrees, thinks we should slate something for 2.0 that can handle this cleanly. * config/178: Module with server_config but no per-dir config will seggy in set_flag_slot Status: patch given in report, +1 Roy, Dean say no because the patch confuses per-server and per-directory configs... Ken agrees with Dean. * tem@global2000.net provided a patch for mod_imap to make it more friendly with MS FrontPage map files. Available in Message-ID: * Dean provided a patch that uses herror() to display more details when a name lookup fails (only for the ones that cause the server to exit). Message-ID: