httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@topsail.org>
Subject Re: [STATUS] Thu May 29 17:04:07 EDT 1997
Date Fri, 30 May 1997 00:13:53 GMT
Jim Jagielski wrote:
> 
> We are in final release mode... 1.2b11 is rolled and 1.2b12
> is available in name only :) It's anticipated that
> 1.2b11 == 1.2b12 == 1.2gm ("gm" means golden master)
> 
> 1.2b12 status as of Thu May 29 17:04:07 EDT 1997
> 
>   * Code changes committed since 1.2b11:
> 
>     None
> 
> The Plan
> ========
> 
>   * 1.2b11 is tarballed and is being announced. We'll give it a
>     week of testing while shooting for a June 5 release date.
>     No code commits will be allowed unless there is a clear
>     and present danger. Documentation commits will continue.
>     1.2b11 should be used as extensively as possible to get as
>     wide a test-base as possible... 1.2b11 is honestly and
>     truly our Real Life release candidate!
> 
The only thing I'd be putting in before release is a final fix for
PR#624. It seems there's still another open fd hanging around in the
proxy cache processing. It's only been seen on SunOS4, though.

> Documentation Changes that would be nice for 1.2 but we're
> not gonna hold-up for them:
> -------------------------------------------
> 
>   * some better suexec docs would be really nice, detailing some of the
>     security risks and compromises discussed
>         Status: I think Randy said something about doing it at one point.
>                 Randy says he thinks Jason is perhaps doing them.
>                 [And Roy says: either somebody needs to document how it
>                  works (I don't know), or I'll go through and remove the
>                  documentation about how "good" it is to use it.]
>         New Status: not really worth holding 1.2 on
> 
>   * Document problems with mismatch on FD_SETSIZE=1024?
> 
>   * Deal with Martin Kraemer's documentation notes:
>         <199704081013.MAA02907@deejai.mch.sni.de>
>         <199704081045.MAA02997@deejai.mch.sni.de>

Martin's changes are already made for the proxy docs.
> 
> Post 1.2:
> 
>   * Workout path/goals for 2.0. Release 1.2.1 asap with below
>     fixes and improvements?
> 
>   * PR#543: /cgi-bin/foo/bar%2fbaz
>     unescape_url in util.c is forbidding %2f in PATH_INFO.
>     The problem is that we use the %2f check to avoid security problems
>     with stupid scripts.  Roy thinks the best solution would be to
>     decode all %2f's before doing any processing on the path, and thus
>     reduce %2f... to /.. before doing the path checks.  This makes it
>     impossible to have a filename containing slash, but no big deal.
> 
>   * Marc's [PATCH] PR#566: mod_status dumps core in inetd mode
>     <Pine.BSF.3.95.970509234507.24957B-100000@alive.znep.com>
>     <9705111840.aa01864@paris.ics.uci.edu>
>     Status: +1 Marc (post-1.2), Roy (with minor change), Dean
> 
>   * Dean's solaris 256 FILE * problem
>     <Pine.LNX.3.95dg3.970507121700.11214J-100000@twinlark.arctic.org>
>     Status: Dean seeing if it works for user, maybe add to FAQ
> 
>   * Various minor tweaks to port to different platforms:
>     PR#383, PR#388, PR#399, PR#333, PR#327, PR#445, PR#511
> 
>   * Fix mod_negotiation to follow latest TCN draft
>     Petr Lampa wants to work on this.
> 
>   * Doug MacEachern's [PATCH] merge dbm auth configs
>         Status: The question is, should we be merging auth configs?
>                 Ken says not by default and not unless it's configurable.
> 
>   * redo lingering_close to check for old sockets to close out before
>     accept() in child.
>         Status: doesn't look to be overly clean to do in the current
>         framework.  Will not have time to do implementation for this
>         beta in any case.  If it turns out to be a big issue,
>         could go in later.  (1.2.1?)
> 
>   * Marc wants to have a check to be sure
>     log directory(ies) isn't writable by anyone except the user starting
>     the server.  The posting in bugtraq only highlites the problem.
>     Needs override.  See NCSA code for sample implem.
>         Status: Marc busy writing
> 
>   * error compiling on NeXT:
>         In file included from http_main.c:108:
>         /NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
>         /NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'
> 
>         Status: got a login in a NeXT OpenStep 4.x machine to test,
>         looks like an interaction between gcc and the header
>         files.  It is trying to include definitions for both big and
>         little endian platforms, and that no work.
> 
>   * Type map can't find appropriate document for language on Solaris
>     2.x.  (I can't gistify this one; full details in message ID
>     <Pine.NEB.3.95.970224200751.8617F-100000@localhost.imdb.com>.)
>     Reporter has provided tar.gz file of config info.
>     (no PR#, 1.2b7, 24/2/1997, <ejr@cise.ufl.edu>)
>         Status: Dean might have fixed this one (the table overlay bug)
>         [Dean has mailed the submitter to ask them to test 1.2b8 or b9]
> 
>   * SONY NEWS port.  See both:
>     <Pine.BSI.3.95.970310012527.10327F-100000@taz.hyperreal.com>
>     <Pine.BSI.3.95.970310012855.10327K-100000@taz.hyperreal.com>
>     Jim working on a patch, but not until after 1.2 release
> 
>   * Jim has patch for time taken to handle a request in status module
> 
>   * status report shows PIDs in empty slots, user supplied some sort
>      of patch; behavior now is correct, but perhaps some cleanup of
>      how the results are displayed could be done after 1.2...
>      <Pine.NEB.3.95.970212030312.13867I-100000@localhost.imdb.com>
> 
> Should be added to the bugdb:
> 
>   * "Large groups cause authentication errors" on FreeBSD
>       [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
>       in groups_for_user.
> 
> Contrib stuff / future:
> 
>   * Start digital signing the distributions.
> 
>   * Chris Adams <cadams@ro.com> patch to mod_log_config to add %m and %c.
> 
>   * mod_log_config patch for conditional logging
>         Status: contrib, not in server
> 
>   * Ed has an updated patch for limiting connections per IP
> 
>   * mod_include could use boyer-moore searching for <!--# and/or it could
>     mmap the file.
> 
>   * add some setlocale stuff?
> 
>   * status module available from .htaccess files; Ken posted patch
> 
>   * Rob's "DONE" status response check for die()
>         <Pine.NEB.3.95.970218164813.7072E-100000@localhost.imdb.com>
>         Roy says it's a feature... Dean agrees, thinks we should slate
>         something for 2.0 that can handle this cleanly.
> 
>   * tem@global2000.net provided a patch for mod_imap to make it more
>     friendly with MS FrontPage map files.  Available in
>     <Pine.LNX.3.95dg2.970305235225.28934H-200000@twinlark.arctic.org>
> 
>   * Dean's gif89 and expires hack
>     <Pine.LNX.3.95dg2.970310005317.427P-100000@twinlark.arctic.org>
> 
>   * mod_userdir needs a DisallowUserDir directive, a la ftp.deny, to
>     restrict user names that can be accessed.  Ken says maybe
>     "UserDir disabled [user [...]]".
> 
>   * get_local_host and NIS patch fo SunOS 4
>     <Pine.NEB.3.95.970320210733.4149H-100000@localhost>
> 
>   * internationalized documentation
> 
>   * pagecounter extension to mod_include
>     <Pine.BSI.3.95.970322151230.29235I-100000@taz.hyperreal.com>
> 
>   * mod_expires improvements from "Miguel A.L. Paraz" <map@iphil.net>
>     at <http://www.iphil.net/~map/apache/>
> 
>   * add is_initial_req() function
> 
>   * mod_dir: send HEIGHT/WIDTH tags to improve performance for user see
>     PR#393 for a patch that provides this
> 
>   * A CIDRized access list patch such as the one supplied in
>     <Pine.BSI.3.95.970414120047.22654L-200000@taz.hyperreal.com>
> 
>   * PR#344: 64-bit cleanups
> 
> --
> ====================================================================
>       Jim Jagielski            |       jaguNET Access Services
>      jim@jaguNET.com           |       http://www.jaguNET.com/
>                   "Not the Craw... the CRAW!"

-- 
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org

Mime
View raw message