httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject [STATUS] Wed Jun 4 08:10:42 EDT 1997
Date Wed, 04 Jun 1997 12:12:16 GMT
"twenty, twenty, twenty fours to go... I wanna be sedated"


1.2b12 status as of Wed Jun  4 08:10:42 EDT 1997

  * Code changes committed since 1.2b11:

    * PR624 Closed: Fixed open timestamp fd in proxy_cache.c
      (actually, CHANGES was adjusted to reflect the above which
      was done in 1.2b11).

    * Cleanup to remove malloc() from proxy_host2addr

    * ABOUT_APACHE file added

    * PR#663: SCO3 doesn't have writev()

The Plan
========

  * 1.2b11 is tarballed and is being announced. We'll give it a
    week of testing while shooting for a June 5 release date.
    No code commits will be allowed unless there is a clear
    and present danger. Documentation commits will continue.
    1.2b11 should be used as extensively as possible to get as
    wide a test-base as possible... 1.2b11 is honestly and
    truly our Real Life release candidate!

  * We should all start signing up for binary builds for the
    1.2 release:
     Jim: A/UX 3.1.1, FreeBSD 2.2-STABLE
     Ken: Digital UNIX V3.2E-1 (should work for any V3.2 system)
     MarcS: FreeBSD-2.1-STABLE, SunOS 5.5 & 4.1.4, HPUX 10.10,
      AIX 4.1.4

Problems and Patches
====================

  * Weird interaction under Linux using BrowserMatch. Putting
    $REGLIB after $LIBS causes it not to work. Possible name-
    space problems.
    Status: Looking into it. We may need to go back to the
     old order for 1.2 

  * HP-UX Systems: Specifying 'cc' in Configuration on systems
    that have 'gcc' installed causes Configure not to correctly
    set CFLAGS
    Status: No real solution available unless Configure actually
     parses Makefile/Configuration which may be over kill
     (right now Configure just sees if "CC=" is set in Makefile
     but it doesn't go as far as seeing what it's set _to_).

Documentation Changes that would be nice for 1.2 but we're
not gonna hold-up for them:
-------------------------------------------

  * some better suexec docs would be really nice, detailing some of the
    security risks and compromises discussed
	Status: I think Randy said something about doing it at one point.
		Randy says he thinks Jason is perhaps doing them.
                [And Roy says: either somebody needs to document how it
                 works (I don't know), or I'll go through and remove the
                 documentation about how "good" it is to use it.]
	New Status: not really worth holding 1.2 on

  * Document problems with mismatch on FD_SETSIZE=1024?

Post 1.2:

  * Workout path/goals for 2.0. Release 1.2.1 with below
    fixes and improvements but let's give 1.2 some time
    (and ourselves a rest).

  * PR#94: Content negot fails unless each varient has a charset
    <Pine.LNX.3.95.970530164945.3563H-100000@aardvark.ukweb.com>

  * PR#543: /cgi-bin/foo/bar%2fbaz
    unescape_url in util.c is forbidding %2f in PATH_INFO.
    The problem is that we use the %2f check to avoid security problems
    with stupid scripts.  Roy thinks the best solution would be to
    decode all %2f's before doing any processing on the path, and thus
    reduce %2f... to /.. before doing the path checks.  This makes it
    impossible to have a filename containing slash, but no big deal.

  * Marc's [PATCH] PR#566: mod_status dumps core in inetd mode
    <Pine.BSF.3.95.970509234507.24957B-100000@alive.znep.com>
    <9705111840.aa01864@paris.ics.uci.edu>
    Status: +1 Marc (post-1.2), Roy (with minor change), Dean

  * Dean's solaris 256 FILE * problem
    <Pine.LNX.3.95dg3.970507121700.11214J-100000@twinlark.arctic.org>
    Status: Dean seeing if it works for user, maybe add to FAQ

  * Various minor tweaks to port to different platforms:
    PR#383, PR#388, PR#399, PR#333, PR#327, PR#445, PR#511

  * Fix mod_negotiation to follow latest TCN draft
    Petr Lampa wants to work on this.

  * Doug MacEachern's [PATCH] merge dbm auth configs
        Status: The question is, should we be merging auth configs?
                Ken says not by default and not unless it's configurable.

  * redo lingering_close to check for old sockets to close out before
    accept() in child.
	Status: doesn't look to be overly clean to do in the current
	framework.  Will not have time to do implementation for this
	beta in any case.  If it turns out to be a big issue,
	could go in later.  (1.2.1?)

  * Marc wants to have a check to be sure
    log directory(ies) isn't writable by anyone except the user starting
    the server.  The posting in bugtraq only highlites the problem.
    Needs override.  See NCSA code for sample implem.
	Status: Marc busy writing

  * error compiling on NeXT:
	In file included from http_main.c:108:
	/NextDeveloper/Headers/bsd/netinet/tcp.h:57: duplicate member `th_off'
	/NextDeveloper/Headers/bsd/netinet/tcp.h:58: duplicate member `th_x2'

	Status: got a login in a NeXT OpenStep 4.x machine to test,
	looks like an interaction between gcc and the header
	files.  It is trying to include definitions for both big and
	little endian platforms, and that no work.

  * Type map can't find appropriate document for language on Solaris
    2.x.  (I can't gistify this one; full details in message ID
    <Pine.NEB.3.95.970224200751.8617F-100000@localhost.imdb.com>.)
    Reporter has provided tar.gz file of config info.
    (no PR#, 1.2b7, 24/2/1997, <ejr@cise.ufl.edu>)
        Status: Dean might have fixed this one (the table overlay bug)
	[Dean has mailed the submitter to ask them to test 1.2b8 or b9]

  * SONY NEWS port.  See both:
    <Pine.BSI.3.95.970310012527.10327F-100000@taz.hyperreal.com>
    <Pine.BSI.3.95.970310012855.10327K-100000@taz.hyperreal.com>
    Jim working on a patch, but not until after 1.2 release

  * Jim has patch for time taken to handle a request in status module

  * status report shows PIDs in empty slots, user supplied some sort
     of patch; behavior now is correct, but perhaps some cleanup of
     how the results are displayed could be done after 1.2...
     <Pine.NEB.3.95.970212030312.13867I-100000@localhost.imdb.com>

Should be added to the bugdb:

  * "Large groups cause authentication errors" on FreeBSD
      [salari@cs.ubc.ca]; problem looks to be MAX_STRING_LEN buffer
      in groups_for_user.

Contrib stuff / future:
  
  * Start digital signing the distributions.

  * Chris Adams <cadams@ro.com> patch to mod_log_config to add %m and %c.

  * mod_log_config patch for conditional logging
	Status: contrib, not in server

  * Ed has an updated patch for limiting connections per IP

  * mod_include could use boyer-moore searching for <!--# and/or it could
    mmap the file.

  * add some setlocale stuff?

  * status module available from .htaccess files; Ken posted patch

  * Rob's "DONE" status response check for die()
	<Pine.NEB.3.95.970218164813.7072E-100000@localhost.imdb.com>
	Roy says it's a feature... Dean agrees, thinks we should slate
	something for 2.0 that can handle this cleanly.

  * tem@global2000.net provided a patch for mod_imap to make it more
    friendly with MS FrontPage map files.  Available in
    <Pine.LNX.3.95dg2.970305235225.28934H-200000@twinlark.arctic.org>

  * Dean's gif89 and expires hack
    <Pine.LNX.3.95dg2.970310005317.427P-100000@twinlark.arctic.org>

  * mod_userdir needs a DisallowUserDir directive, a la ftp.deny, to
    restrict user names that can be accessed.  Ken says maybe
    "UserDir disabled [user [...]]".

  * get_local_host and NIS patch fo SunOS 4
    <Pine.NEB.3.95.970320210733.4149H-100000@localhost>

  * internationalized documentation

  * pagecounter extension to mod_include
    <Pine.BSI.3.95.970322151230.29235I-100000@taz.hyperreal.com>

  * mod_expires improvements from "Miguel A.L. Paraz" <map@iphil.net>
    at <http://www.iphil.net/~map/apache/>

  * add is_initial_req() function

  * mod_dir: send HEIGHT/WIDTH tags to improve performance for user see
    PR#393 for a patch that provides this

  * A CIDRized access list patch such as the one supplied in
    <Pine.BSI.3.95.970414120047.22654L-200000@taz.hyperreal.com>

  * PR#344: 64-bit cleanups


-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
            "Look at me! I'm wearing a cardboard belt!"

Mime
View raw message