httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@topsail.org>
Subject Re: [STATUS] Saturday April 5, 11:59pm PST
Date Sun, 06 Apr 1997 08:10:52 GMT
Roy T. Fielding wrote:
> 
> 1.2b8 status as of Sat Apr 05 23:59 PST 1997
> 
>   * Committed since 1.2b7:
> 
>     * HP MPE/iX fixes
>     * replace bcopy with memmove for ANSIfriendliness
>     * UXP/DS(V20) port
>     * MachTen fine tuning
>     * PR#186: Make declaration of add_env_variable agree with definiton.
>     * PR#210: Missing semicolon.
>     * Correctly handle Swedish filenames
>     * buff.c header include fixes
>     * create_argv() fixes
>     * remove cleanups from bpushfd()
>     * help avoid virtual host confusion
>     * PR#40: include path_info for error when file doesn't exist
>     * PR#59: os/2: allow for cgi files without the .EXE extension
>     * missing header_parser slots in modules
>     * PR#146, PR#187: is_url() not HTTP/1.1 conformant
>     * log long headers in case it is an attack
>     * PR#194: ErrorDocument broken due to an optimization in 1.2b7
>     * PR#190: Reduced IdentityCheck timeout to 30 seconds
>     * PR#160: invoke_handler() doesn't handle mime arguments
>     * memory management goof in alloc.c
>     * support/Makefile.tmpl and LIBS
>     * deal with long hostnames at gethostname() call
>     * clear memory allocated for listeners
>     * PR#212: improved handling of ip addresses in VirtualHost
>     * mod_neg iso-8859-1 fixup and other cleanups
>     * workaround a compiler bug that causes sunos 4.x to panic
>     * don't count starting servers as idle
>     * document dangers of "UserDir ./" and need to protect <Directory />
>     * problem with proper per-connection counting
>     * infinite loop with trailing slash and type map
>     * vhost error log not set when initialized
>     * improved modules/Makefile generation
>     * PR#234,143: per_dir_config incorrectly set for name-based vhosts
>     * tighten email on anonymous logging
>     * big header table sending and persistence fixes
>     * garbage_coll() not called in proxy if filsystem full
>     * PR#105: continue after DNS errors and document vhosts better
>     * errno cleanup
>     * "make clean" bombs if no subdirectory modules are used
>     * iso-8859-1 selected even if other acceptable
>     * handle multiple Configurations without warning
>     * bug reporting changes
>     * use shmget on linux
>     * PR#246: AuthAuthoritative goofup
>     * mod_rewrite 3.0.2
>     * PR#276: host port changed to unsigned short
>     * PR#122: Dean's wild-guess patch for 3 second CGI problem
>     * Correct status when POSTing to bad URL, proxy to origin (ends FAQ)
>     * mod_negotiation: not copying headers, and more memory fixes
>     * broken modules/Makefile (again)
>     * NO_LINGCLOSE defined for SunOS
>     * broken modules/Makefile (one more time..)
>     * Brian Moore's FIX to stuck children with proxy
>     * Fix more timeout sillyness
>     * timeout fixes for the proxy
> 
> Plan
> ====
> 
>   * Roy wants to tarball 1.2b8 this Sunday, for release on Monday,
>     since it looks like nobody has time to work on it next week anyway.

Well, at least all the lucky ones at WWW6. 8^)

> 
>   * WWW6 BOF, Tuesday 8pm at Santa Clara Convention Center, Ballroom A/B
> 
> Agenda for 1.2b8-dev
> ====================
> 
> Patches available:
> 
>   * Dean's [PATCH] table_do has improper prototype
>         Status: Roy asked for changes, but it would be nice to get the
>                 interface right before the release.
> 
>   * Doug MacEachern's [PATCH] merge dbm auth configs
>         Status: The question is, should we be merging auth configs?
> 
>   * Dean's [PATCH] sub_req_lookup_simple bug fixes take 2
>         sub_req_lookup_simple is bogus, it creates a subrequest which shares
>         structures with the parent, which could be modified during type_checker
>         or run_fixups.  Removing it would be a performance penalty in mod_dir
>         and mod_negotiation.
>         Status: +1 Dean
> 
>   * Petr Lampa's [PATCH] mod_dir redirect&negotiation problems
>         If subrequest returns redirect or not acceptable, copy headers
>         and return immediately.
> 
>   * Petr Lampa's [PATCH] mod_negotiation update for
>     " big header table sending..."
> 
>   * Ken's [PATCH] {take 2} including dump location in error_log
>         Status: +1 Ken

+1 here. works fine.

> 
> Showstoppers with no patches yet:
> 
>   * redirect of index file causes SEGV [Marc]
>         Status: have a way to stop the core dump, but that doesn't make
>         it work properly.
>         See also: <Pine.BSF.3.91.970210204402.12197B-100000@localhost.imdb.com>
> 
>   * PR#214: access control for proxy appears to be broken
>         Status: Chuck is working on a patch
>                 [Was this fixed by changing the example in docs?]

No. I happened to notice the error when this issue arose.

> 
>   * SEGV under FreeBSD, Next with lingering_close [and proxy?]
>         <3331034D.167EB0E7@topsail.org>
>         Chuck says: Roy's latest timeout patches have stopped the lingering
>         close notifications, but the core dumps continue. The dumped image
>         is so trashed that it can't be backtraced. I believe the reason we
>         haven't seen more reports is that FreeBSD and perhaps Linux are
>         disabling core dumps by default as a security measure.

I'm running the server under gdb now, to see what I can get. Failing
that, I'll have to instrument the pants off the executable & see what it
tells me as it dies.

> 
> Documentation Changes that should make 1.2:
> 
>   * Ken's Partially-updated draft FAQ r-f-c
>     Currently at <http://test.remulak.decus.org/~htdocs/manual/misc/xFAQ.html>
>         Status: +1 Roy, Paul S.
> 
>   * Paul Sutton's www.apache.org info.html update
>         Status: +1 Roy (I'd make some minor tweaks, but commit it first).
> 
>   * mod_example.c illustration of command handler call semantics for
>     the different directive argument types (et alia).  +1 Dirk, Chuck,
>     but needs work.  I'll try to flesh this out in the next few days if
>     these mean "+1 to including in distribution".  +1 from Ralf.
>     ... and more work ...
>     And Ken says check it all out at <http://Example.Remulak.DECUS.Org:9000/>
> 
>   * some better suexec docs would be really nice, detailing some of the
>     security risks and compromises discussed
>         Status: I think Randy said something about doing it at one point.
>                 Randy says he thinks Jason is perhaps doing them.
>                 [And Roy says: either somebody needs to document how it
>                  works (I don't know), or I'll go through and remove the
>                  documentation about how "good" it is to use it.]
> 
> No patches yet:
> 
>   * -DNO_LINGCLOSE default for those operating systems that require it.
>     Chuck says UnixWare and Next.  Jim added SunOS 4.  Dean says IRIX
>     needs it too until/unless SGI provides a patch.
>         Status: Roy is working on a patch for all these, but it overlaps
>                 with the timeout changes that I am waiting to commit.
> 
> Not in 1.2b8:
> 
>   * [BUG?] /cgi-bin/foo/bar%2fbaz
>     unescape_url in util.c is forbidding %2f in PATH_INFO.
>     The problem is that we use the %2f check to avoid security problems
>     with stupid scripts.  Roy thinks the best solution would be to
>     decode all %2f's before doing any processing on the path, and thus
>     reduce %2f.. to /.. before doing the path checks.  This makes it
>     impossible to have a filename containing slash, but no big deal.
> 
>   * [BUG]: "SSI stopped working in 1.2b7" on Solaris 2.x (fwd)
>     <Pine.NEB.3.95.970305212036.7053A-100000@localhost.imdb.com>
> 
>   * redo lingering_close to check for old sockets to close out before
>     accept() in child.
>         Status: doesn't look to be overly clean to do in the current
>         framework.  Will not have time to do implementation for this
>         beta in any case.  If it turns out to be a big issue,
>         could go in later.  (1.2.1?)
> 
>   * Marc wants to have a check to be sure
>     log directory(ies) isn't writable by anyone except the user starting
>     the server.  The posting in bugtraq only highlites the problem.
>     Needs override.  See NCSA code for sample implem.
>         Status: Marc busy writing
> 
>   * CGIs don't get PIPE under FreeBSD; under Solaris they get a TERM
>     and then a PIPE in close succession.  Hmm.  Marc will look when
>     he gets a chance.
> 
>   * Solaris "accept: Too many levels of remote in path" [marc]
> 
>   * error compiling on NeXT:
>         In file included from http_main.c:108:
>         /NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
>         /NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'
> 
>         Status: got a login in a NeXT OpenStep 4.x machine to test,
>         looks like an interaction between gcc and the header
>         files.  It is trying to include definitions for both big and
>         little endian platforms, and that no work.
> 
>   * Type map can't find appropriate document for language on Solaris
>     2.x.  (I can't gistify this one; full details in message ID
>     <Pine.NEB.3.95.970224200751.8617F-100000@localhost.imdb.com>.)
>     Reporter has provided tar.gz file of config info.
>     (no PR#, 1.2b7, 24/2/1997, <ejr@cise.ufl.edu>)
>         Status: Dean might have fixed this one (the table overlay bug)
> 
>   * <IMG SRC="a CGI"> crates [sic] zombies on FreeBSDLinux
>     (see <Pine.NEB.3.95.970225130439.346B-100000@localhost.imdb.com>
>     for the details; I'm not going to try to decode 'em)  Reporter
>     says hackers have told it the cause lies in an error in the loop
>     structure in alloc.c's fork()/signal()/wait() handling
>     (no PR#, 1.1.1/1.2.something (?), 23/2/1997, <sk@www.russia.net>)
>       - Marc said it *might* be related to the kindercide issue
> 
>   * SONY NEWS port.  See both:
>     <Pine.BSI.3.95.970310012527.10327F-100000@taz.hyperreal.com>
>     <Pine.BSI.3.95.970310012855.10327K-100000@taz.hyperreal.com>
>     Jim working on a patch, but not until after 1.2b8
> 
>   * [BUG]: "mod_dld problem: variable in httpd_config.c counted wrong"on Irix
>     <Pine.NEB.3.95.970314021405.27809E-100000@localhost.imdb.com> and
>     <Pine.NEB.3.95.970315215558.12699A-400000@localhost.imdb.com>
>     Dirk says he's got something to fix it that needs some work.
> 
> UnixWare:
> 
>     Chuck thinks all of these are solved using the method presented by
>     Joe D.  Chuck will implement/document?

Yes. I plan to include correspondence from folks who have successfully
run Apache on all known versions of UnixWare. Joe D. has 2.1.x working,
someone else has 2.0.x working, and yet another bloke has 1.1.x working.
Version numbers are for UnixWare, not Apache.

> 
>     * SIGTERM to parent on UnixWare kills it but leaves children as
>         zombies, requiring reboot.  SIGHUP reloads it fine when it's
>         running. (no PR#, 1.2b6, 21/2/1997, <talbion@xl.ca>)
> 
>     * Randy says "seems that the processes on a Unixware machine are
>         eventually all dying off. Mind you, I have not seen this, but
>         that is what is being reported.  Sounds like perhaps the server is not
>         respawning new children after MaxRequestsPerChild has been reached."
> 
>     * UnixWare 2.1.1 needs USE_FCNTL_SERIALIZE_ACCEPT to keep from
>         locking up.
>         (no PR#, 1.2b6, reported by <jrd@cc.usu.edu>)
>         - reporter says "UW 2.1.1 requires installation of UW patch
>             ptf3123 for proper operation of accept()".  The patch is
>             available from ftp.sco.com
>         - He also says that defining NO_LINGCLOSE reduces FIN_WAIT_2
>             incidences in this environment
>         - Chuck told the reporter "it" (presumably the USE_FCNTL define)
>             will be in 1.2b8, and info about the OS patch will be put in the
>             online docs.
> 
> Contrib stuff / future:
> 
>   * Start digital signing the distributions.
> 
>   * PR#161 -- mod_dir performance with negotiation
>         Status: Petr posted patch, Dean +1 on part
>         Petr posted query about how it should be redone.
> 
>   * Chris Adams <cadams@ro.com> patch to mod_log_config to add %m and %c.
> 
>   * "Large groups cause authentication errors" on FreeBSD
>       [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
>       in groups_for_user.
> 
>   * mod_log_config patch for conditional logging
>         Status: contrib, not in server
> 
>   * Jim has patch for time taken to handle a request in status module
> 
>   * Ed has an updated patch for limiting connections per IP
> 
>   * mod_include could use boyer-moore searching for <!--# and/or it could
>     mmap the file.
> 
>   * Some mirrors are out-of-date, Brian will investigate
> 
>   * add some setlocale stuff?
> 
>   * status module available from .htaccess files; Ken posted patch
> 
>   * status report shows PIDs in empty slots, user supplied some sort
>      of patch; behavior now is correct, but perhaps some cleanup of
>      how the results are displayed could be done after 1.2...
>      <Pine.NEB.3.95.970212030312.13867I-100000@localhost.imdb.com>
> 
>   * Marc proposed keeping a list of things broken for HTTP/1.1; on the
>       Web or part of the distribution?
>       (no PR#, 1.2, 21/2/1997, "Marc Slemko" <marcs@znep.com>)
>         - Chuck likes the idea (hopefully will reduce redundant
>           reports); thinks it should be on the Web
>         - Ken thinks it should be in the htdocs tree so it hits both
>         - Chuck gives +1 to Ken's idea, so does Ralf
> 
>   * Rob's "DONE" status response check for die()
>         <Pine.NEB.3.95.970218164813.7072E-100000@localhost.imdb.com>
>         Roy says it's a feature... Dean agrees, thinks we should slate
>         something for 2.0 that can handle this cleanly.
> 
>   * tem@global2000.net provided a patch for mod_imap to make it more
>     friendly with MS FrontPage map files.  Available in
>     <Pine.LNX.3.95dg2.970305235225.28934H-200000@twinlark.arctic.org>
> 
>   * Dean's gif89 and expires hack
>     <Pine.LNX.3.95dg2.970310005317.427P-100000@twinlark.arctic.org>
> 
>   * mod_userdir needs a DisallowUserDir directive, a la ftp.deny, to
>     restrict user names that can be accessed.  Ken says maybe
>     "UserDir disabled [user [...]]".
> 
>   * get_local_host and NIS patch fo SunOS 4
>     <Pine.NEB.3.95.970320210733.4149H-100000@localhost>
> 
>   * internationalized documentation
> 
>   * pagecounter extension to mod_include
>     <Pine.BSI.3.95.970322151230.29235I-100000@taz.hyperreal.com>
> 
>   * mod_expires improvements from "Miguel A.L. Paraz" <map@iphil.net>
>     at <http://www.iphil.net/~map/apache/>
> 
>   * add is_initial_req() function

-- 
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org

Mime
View raw message