Received: (from majordom@localhost)
          by hyperreal.com (8.8.4/8.8.4)
	  id MAA14411; Thu, 24 Apr 1997 12:00:49 -0700 (PDT)
Received: from twinlark.arctic.org (twinlark.arctic.org [204.62.130.91])
          by hyperreal.com (8.8.4/8.8.4) with SMTP
	  id MAA14393 for <new-httpd@apache.org>;
 Thu, 24 Apr 1997 12:00:44 -0700 (PDT)
Received: (qmail 12150 invoked by uid 500); 24 Apr 1997 19:00:42 -0000
Date: Thu, 24 Apr 1997 12:00:42 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: [STATUS] Thu Apr 24 11:59:12 PDT 1997
Message-ID: <Pine.LNX.3.95dg3.970424115926.11163H-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

[I need votes on graceful restart take 7... we're supposed to roll the beta
today and that is supposed to be in it... I know lots of people voted for
#5 but technically you have to vote again for #7 -djg]

1.2b9 status as of Thu Apr 24 11:59:12 PDT 1997

  * Committed since 1.2b8:

    * the new FAQ
    * #define memmove for SUNOS4
    * PR#279: ftp proxy improvements
    * PR#304: proxy uses multiple A records if needed
    * mod_example
    * mod_rewrite 3.0.3
    * more signed/unsigned port cleanups
    * allow HARD_SERVER_LIMIT to be changed in Configuration
    * UnixWare compile/install instructions
    * PR#369: set SHELL in Configure to deal with ULTRIX /bin/sh5
    * PR#380: tweak to modules/Makefile generation
    * PR#293: redirect did not preserve query strings
    * PR#336, PR#340: clean up linux errors due to inconsistent platforms
    * mod_rewrite 3.0.4: fixes http redirects from within .htaccess
    * rotatelogs zero-pads the logfile names to improve alphabetic sorting
    * close script_in before eating output on script_err
    * yet another mod_negotiation sub_req copy thing (take 2)
    * mod_rewrite 3.0.5: fixes rewriting in <Directory>s without trailing /
    * CutRule causes bogus entries if Rule is commented-out
    * Redirect of DirectoryIndex SEGV
    * PR#232: work around netscape header problem
    * PR#373: handle timeouts in buffers as well as connection
    * log invalid methods/uris in http_core, log 404s in mod_include
    * PR#420: AuthDBAuthoritative
    * PR#271: <Directory proxy:xxx>

Agenda for 1.2b9-dev
====================

Patches available:

    * PR#339: suexec doesn't work with QUERY_STRINGs
	From: Anand Kumria <wildfire@progsoc.uts.edu.au>
	<Pine.SUN.3.95.970420164729.17677C-100000@ftoomsh.progsoc.uts.edu.au>
	Anand says he'd rather work up something that changes the suexec
	executable instead of the server.

    * Dean's [PATCH] graceful restarts (take 7)
	<Pine.LNX.3.95dg3.970422192451.10226I-100000@twinlark.arctic.org>
	Status: Dean +1, Paul S. +1

    * Ken's [PATCH] for PR#269 (et alia): '/' in suexec script invocations
	<97042311115033@decus.org>
	Status: Ken +1, Dean +1

    * Gregory Neil Shapiro <gshapiro@wpi.edu>'s
	[PATCH] Re: mod_cgi/453: Segmentation fault in util_script.c:call_exe()
	<199704231706.MAA10406@sierra.zyzzyva.com>
	Status: Randy +1, Dean +1
    
    * Marc's [PATCH] bstring.h in proxy_connect.c
	<Pine.BSF.3.95.970424094200.4282F-100000@alive.znep.com>
	Status: Marc +1, Dean +1

Should be done for 1.2:

  * suexec has lots of open PRs:
    PR#269, 319, 395: suexec and SSI problems
    PR#367, 368, 354: SEGV caused by suexec
    PR#341: documentation error?  user confusion?
    PR#339: suexec doesn't work with QUERY_STRINGs

    Maybe we should say suexec is experimental... (Jim say +1)

Documentation Changes that should make 1.2:

  * A note saying the proxy is not 1.1 compliant.

  * SVR4 can probably use HAVE_SHMGET ... document it so that people can
    make the choice themselves.  [I added a note to ScoreBoardFile,
    but someone should add a note in a more prominant place I suppose -djg]

  * some better suexec docs would be really nice, detailing some of the
    security risks and compromises discussed
	Status: I think Randy said something about doing it at one point.
		Randy says he thinks Jason is perhaps doing them.
                [And Roy says: either somebody needs to document how it
                 works (I don't know), or I'll go through and remove the
                 documentation about how "good" it is to use it.]
	New Status: not really worth holding 1.2 on

  * Document problems with mismatch on FD_SETSIZE=1024?

  * Deal with Martin Kraemer's documentation notes:
	<199704081013.MAA02907@deejai.mch.sni.de>
	<199704081045.MAA02997@deejai.mch.sni.de>

Post 1.2:

  * Nathan Kurz' bug fixes w.r.t. send_fd_length and Solaris and SIGPIPE
    <199704220534.BAA05122@tripod.tripod.com>
    <199704220637.CAA05677@tripod.tripod.com>

  * Various minor tweaks to port to different platforms:
    PR#383, PR#388, PR#399, PR#333, PR#327

  * Fix mod_negotiation to follow latest TCN draft

  * Petr Lampa's [PATCH] mod_dir redirect&negotiation problems
        If subrequest returns redirect or not acceptable, copy headers
        and return immediately.
	Status: this has mostly been superceded by Roy's recent patch
	    which uses overlay_tables.  But we still need to deal
	    with HTTP_NOT_ACCEPTABLE.

  * Doug MacEachern's [PATCH] merge dbm auth configs
        Status: The question is, should we be merging auth configs?
                Ken says not by default and not unless it's configurable.

  * redo lingering_close to check for old sockets to close out before
    accept() in child.
	Status: doesn't look to be overly clean to do in the current
	framework.  Will not have time to do implementation for this
	beta in any case.  If it turns out to be a big issue,
	could go in later.  (1.2.1?)

  * Marc wants to have a check to be sure
    log directory(ies) isn't writable by anyone except the user starting
    the server.  The posting in bugtraq only highlites the problem.
    Needs override.  See NCSA code for sample implem.
	Status: Marc busy writing

  * error compiling on NeXT:
	In file included from http_main.c:108:
	/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
	/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'

	Status: got a login in a NeXT OpenStep 4.x machine to test,
	looks like an interaction between gcc and the header
	files.  It is trying to include definitions for both big and
	little endian platforms, and that no work.

  * Type map can't find appropriate document for language on Solaris
    2.x.  (I can't gistify this one; full details in message ID
    <Pine.NEB.3.95.970224200751.8617F-100000@localhost.imdb.com>.)
    Reporter has provided tar.gz file of config info.
    (no PR#, 1.2b7, 24/2/1997, <ejr@cise.ufl.edu>)
        Status: Dean might have fixed this one (the table overlay bug)
	[Dean has mailed the submitter to ask them to test 1.2b8 or b9]

  * SONY NEWS port.  See both:
    <Pine.BSI.3.95.970310012527.10327F-100000@taz.hyperreal.com>
    <Pine.BSI.3.95.970310012855.10327K-100000@taz.hyperreal.com>
    Jim working on a patch, but not until after 1.2b8

Should be added to the bugdb:

  * [BUG]: "mod_dld problem: variable in httpd_config.c counted wrong"on Irix
    <Pine.NEB.3.95.970314021405.27809E-100000@localhost.imdb.com> and
    <Pine.NEB.3.95.970315215558.12699A-400000@localhost.imdb.com>
    Dirk says he's got something to fix it that needs some work.

  * <IMG SRC="a CGI"> crates [sic] zombies on FreeBSDLinux
    (see <Pine.NEB.3.95.970225130439.346B-100000@localhost.imdb.com>
    for the details; I'm not going to try to decode 'em)  Reporter
    says hackers have told it the cause lies in an error in the loop
    structure in alloc.c's fork()/signal()/wait() handling
    (no PR#, 1.1.1/1.2.something (?), 23/2/1997, <sk@www.russia.net>)
      - Marc said it *might* be related to the kindercide issue

  * "Large groups cause authentication errors" on FreeBSD
      [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
      in groups_for_user.

  * Solaris "accept: Too many levels of remote in path" [marc]
    <Pine.BSF.3.95.970209113811.11077C-100000@alive.ampr.ab.ca>

  * [BUG?] /cgi-bin/foo/bar%2fbaz
    unescape_url in util.c is forbidding %2f in PATH_INFO.
    The problem is that we use the %2f check to avoid security problems
    with stupid scripts.  Roy thinks the best solution would be to
    decode all %2f's before doing any processing on the path, and thus
    reduce %2f.. to /.. before doing the path checks.  This makes it
    impossible to have a filename containing slash, but no big deal.

Contrib stuff / future:
  
  * Start digital signing the distributions.

  * PR#161 -- mod_dir performance with negotiation
	Status: Petr posted patch, Dean +1 on part
	Petr posted query about how it should be redone.

  * Chris Adams <cadams@ro.com> patch to mod_log_config to add %m and %c.

  * mod_log_config patch for conditional logging
	Status: contrib, not in server

  * Jim has patch for time taken to handle a request in status module

  * Ed has an updated patch for limiting connections per IP

  * mod_include could use boyer-moore searching for <!--# and/or it could
    mmap the file.

  * add some setlocale stuff?

  * status module available from .htaccess files; Ken posted patch

  * status report shows PIDs in empty slots, user supplied some sort
     of patch; behavior now is correct, but perhaps some cleanup of
     how the results are displayed could be done after 1.2...
     <Pine.NEB.3.95.970212030312.13867I-100000@localhost.imdb.com>

  * Rob's "DONE" status response check for die()
	<Pine.NEB.3.95.970218164813.7072E-100000@localhost.imdb.com>
	Roy says it's a feature... Dean agrees, thinks we should slate
	something for 2.0 that can handle this cleanly.

  * tem@global2000.net provided a patch for mod_imap to make it more
    friendly with MS FrontPage map files.  Available in
    <Pine.LNX.3.95dg2.970305235225.28934H-200000@twinlark.arctic.org>

  * Dean's gif89 and expires hack
    <Pine.LNX.3.95dg2.970310005317.427P-100000@twinlark.arctic.org>

  * mod_userdir needs a DisallowUserDir directive, a la ftp.deny, to
    restrict user names that can be accessed.  Ken says maybe
    "UserDir disabled [user [...]]".

  * get_local_host and NIS patch fo SunOS 4
    <Pine.NEB.3.95.970320210733.4149H-100000@localhost>

  * internationalized documentation

  * pagecounter extension to mod_include
    <Pine.BSI.3.95.970322151230.29235I-100000@taz.hyperreal.com>

  * mod_expires improvements from "Miguel A.L. Paraz" <map@iphil.net>
    at <http://www.iphil.net/~map/apache/>

  * add is_initial_req() function

  * mod_dir: send HEIGHT/WIDTH tags to improve performance for user see
    PR#393 for a patch that provides this

  * A CIDRized access list patch such as the one supplied in
    <Pine.BSI.3.95.970414120047.22654L-200000@taz.hyperreal.com>

  * PR#344: 64-bit cleanups