Received: (from majordom@localhost)
	by hyperreal.com (8.8.5/8.8.5) id LAA16693;
	Sun, 4 May 1997 11:44:35 -0700 (PDT)
Received: from DECUS.Org (Topaz.DECUS.Org [192.67.173.1])
	by hyperreal.com (8.8.5/8.8.5) with ESMTP id LAA16688
	for <New-HTTPd@apache.org>; Sun, 4 May 1997 11:44:33 -0700 (PDT)
Received: from Lucy.DECUS.Org (lucy.process.com) by DECUS.Org (PMDF V4.2-13
 #18511) id <01IIH4IW37GW8WXM7P@DECUS.Org>; Sun, 4 May 1997 14:44:26 EDT
Received: from master.process.com by Lucy.DECUS.Org;
 (5.65v3.2/1.1.8.2/16Sep96-0258PM) id AA10400; Sun, 4 May 1997 14:47:54 -0400
Date: Sun, 04 May 1997 14:41:38 -0400
From: coar@decus.org (Rodent of Unusual Size)
Subject: Re: [STATUS] Thu May  1 15:22:06 PDT 1997
To: New-HTTPd@apache.org, Coar@decus.org
Message-id: <97050414413851@decus.org>
X-VMS-To: NH
X-VMS-Cc: COAR
Content-transfer-encoding: 7BIT
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

>From the fingers of Dean Gaudet flowed the following:
>
>Agenda for 1.2b11-dev
>====================
>
>Patches available:
>
>  * Ken's [PATCH] PR#501: mod_status doesn't escape printed URLs
>    [Dean would like to see us write a general "escape ascii text" function
>    so that it could be used by mod_status, mod_info, mod_dir, etc. rather
>    than fix this one bug at a time.]

    make_html_safe() submitted (though possible candidate for performance
    improvement).  No patch to actually *use* it submitted yet.

>Should be added to the bugdb:
>
>  * [BUG]: "mod_dld problem: variable in httpd_config.c counted wrong"on Irix
>    <Pine.NEB.3.95.970314021405.27809E-100000@localhost.imdb.com> and
>    <Pine.NEB.3.95.970315215558.12699A-400000@localhost.imdb.com>
>    Dirk says he's got something to fix it that needs some work.

    Added; PR#540.

>  * <IMG SRC="a CGI"> crates [sic] zombies on FreeBSDLinux
>    (see <Pine.NEB.3.95.970225130439.346B-100000@localhost.imdb.com>
>    for the details; I'm not going to try to decode 'em)  Reporter
>    says hackers have told it the cause lies in an error in the loop
>    structure in alloc.c's fork()/signal()/wait() handling
>    (no PR#, 1.1.1/1.2.something (?), 23/2/1997, <sk@www.russia.net>)
>      - Marc said it *might* be related to the kindercide issue

    Added; PR#541.

>  * Solaris "accept: Too many levels of remote in path" [marc]
>    <Pine.BSF.3.95.970209113811.11077C-100000@alive.ampr.ab.ca>

    Added; PR#542.

>  * [BUG?] /cgi-bin/foo/bar%2fbaz
>    unescape_url in util.c is forbidding %2f in PATH_INFO.
>    The problem is that we use the %2f check to avoid security problems
>    with stupid scripts.  Roy thinks the best solution would be to
>    decode all %2f's before doing any processing on the path, and thus
>    reduce %2f.. to /.. before doing the path checks.  This makes it
>    impossible to have a filename containing slash, but no big deal.

    Added; PR#543.

>  * "Large groups cause authentication errors" on FreeBSD
>      [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
>      in groups_for_user.

    Not added, couldn't find any references to the problem.

    #ken    :-)}