httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject [STATUS] (apache-1.3) Fri Apr 3 23:45:23 EST 1998
Date Sat, 04 Apr 1998 04:45:25 GMT
Apache 1.3 STATUS:


    1.3b6: in development
    1.3b5: Tagged APACHE_1_3b5 and released

    2.0  : In pre-alpha development, see apache-2.0 repository


    o For the past few months we have been working on a commit-then-review
      basis.  It is now time to decide whether or not we want to work
      under the guidelines in <>
      or not, and if not, what changes are needed to make it right.

      Approve guidelines as written:
         +1: Roy, Dean, Paul, Jim, Martin, Ralf, Randy, Brian



Committed Code Changes:
    * Dean's `const'-change to os_is_path_absolute().
    * Security patch for "UserDir /abspath" without a * in the path. PR#1701
    * Dean's cleanup of race conditions in Unix child_main
    * Dean's fixes for better handling of various errors from select() and
      accept() in child_main(). PR#1747, 1107, 588, 1787, 987, 588
    * Dean's add of -lm to LIBS for HPUX. PR#1639
    * Ralf's remove of obsolete "dist.tar" target from Makefile.tmpl
    * Dean's fixes for some inconsistencies in <Files> semantics. PR#1817
    * Dean's <Files> is not permitted within <Location>. PR#379
    * Dean's and Martin's fix of </Files> 
    * Fix for mod_mime_magic error messages. PR#1827
    * Workaround for using RLIMIT_AS for the RLimitMEM directive. PR#1816
    * Doug's patch to bind a process to a single processor under AIX
    * Martin's patch for mod_info to fix HTML markup
    * Martin's changes to the check_cmd_context() function 
    * Patch for the ap_cpystrn() off-by-1 error
    * Dean's fix for multiple UserDir problem introduced during 1.3b4-dev.
    * Dean's fix to problems with absoluteURIs.
    * Dean's patch to use SA_RESETHAND or SA_ONESHOT for coredump handlers.
    * Patch to recognize FreeBSD versions. PR#1450
    * Workaround in mod_status for NeXT's running not m68k chips
    * Fix for -X situation to honor the SIGINT or SIGQUIT signals
    * Patch to hide Proxy-Authorization from CGI/SSI/etc
    * Ralf's new ProxyPassReverse directive for mod_proxy
    * Ralf's add of new RewriteMap types: rnd and int. PR#1631
    * Fix regex handling for mod_setenvif BrowserMatch command. PR#1825
    * Ralf's fix for assumptions on the username characters in mod_rewrite
    * Paul's merge of os/win32/mod_dll.c into modules/standard/mod_so.c
    * Paul's patch for reading the server-root from the NT registry
    * Ralf's fix for locking of `RewriteMap' programs. PR#1029
    * Dean's fix for the `config with no Port setting' situation
    * Ralf's fix for `RewriteMap' program handling. PR#1431
    * Ralf's fix for the initialization of RewriteLogLevel. PR#1325
    * Ralf's mod_rewrite meta-construct expansion inconsistency fix
    * Martin's new URI parsing stuff (the source module main/util_uri.c)
    * New `%a' construct for LogFormat and CustomLog. PR#1885
    * Ralf's `Rule HIDE' feature for hiding the symbol namespace
      -- vetoed by Roy, currently going with Ralf's replacement plan
    * Make \\ behave as expected.
    * Fix for "poly" directive in image maps. PR#1771
    * Reduce memory usage, and speed up ServerAlias support. PR#1531
    * Dean's cleanup of code in http_vhost.c and vhost-stuff in mod_rewrite.c
    * Dean's rewrite of absoluteURI handling vhost matching
    * Dean's new mod_test_util_uri.c 
    * back out USE_PTHREAD_SERIALIZED_ACCEPT for solaris
    * Ken's abstraction of SERVER_{BUILT,VERSION}
    * Ken's fix for os/unix/os.h and the new -DHIDE functionality
    * Ralf's Config File Line Continuation
    * Ralf's Reanimation of DBM support for RewriteMap in mod_rewrite PR#1696
    * Ralf's fix for the `<VirtualHost> w/o mod_rewrite' situation. PR#1790
    * Mark's fix for ProxyPass/ProxyRequests interaction broken by uri stuff
    * Rasmus' generation of the new src/include/ap_config.h header file
    * Dean's fix for mod_mime_magic and files with length 0
    * Dean's change to Location and LocationMatch semantics. PR#1440
    * Ralf's fix for the flock()<->fork() problematic for RewriteLock's
    * Dean's Minor cleanup in http_main
    * Ralf's Various improvements to the configuration and build support
    * Corrections to the setup of the REMOTE_HOST variable. PR#1925 
    * Fix for rputs() which did not calculate r->sent_bodyct properly. PR#1900
    * Don't tweak TZ envvar if the user has specified an explicit one. PR#1888
    * API clarification for command_rec handlers
    * API clarification for content_type et al
    * Ralf's mod_so changes to keep track of loaded modules ourself.
    * Ralf's support for building shared objects even for library-style modules
    * Performance improvements to invoke_handler().
    * Ben Hyde's check to make sure the "Port" range is valid
    * Ralf's Unbundling mod_proxy and mod_mime (making mime_find_ct obsolete)
    * Jim's change of -DAUX to -DAUX3 for A/UX
    * Jim's src/include/ap_config.h wraps it's #define's with #ifndef/#endif's
    * Dean's Clean up of some undocumented behavior of mod_setenvif
    * Performance tweak to mod_log_config
    * Marc's cfg_getline() fix for lines without the termination char
    * Ralf's Various cleanups to the command line interface and manual pages
    * Marc's mod_proxy was not clearing the Proxy-Connection header
    * Dean's API_EXPORT and CORE_EXPORT cleanup for core functions
    * Ralf's new ApacheBench support program (src/support/ab.c)
    * Ken's change HIDE default to "yes", always include hide.h
      -- vetoed by Roy, currently going with Ralf's replacement plan
    * Ralf's major Configure cleanup
    * Ralf's additional manual pages for the support programs
    * Ben Hyde's Configure check for unknown command switch
    * Martin's fix for src/helpers/fp2rp
    * Ralf's reanim. of undocum. directive: ProxyReceiveBufferSize, PR#1348
    * Ralf's mod_proxy fix to use FTP SIZE response for Content-Length, PR#1183
    * Ralf's change to make the shared object compilation command more portable
    * Dean's protect against FD_SETSIZE mismatches
    * Ralf's fallback stategy because of HIDE for loading shared object modules
    * Martin's fix to allow %2F chars in proxy requests and in the uri query
    * fix to mark listening sockets for closure in the parent after a SIGHUP 
    * Dean's clean up undefined signals on some platforms (SCO, BeOS).
    * Dean's fix for making work the `HostnameLookups Off'
    * Dean's mark of a few bitfields as signed to ensure correct code. 
    * Dean's changes to scoreboard defs which helps gcc generate better code.
    * Ralf's fix for QUERY_STRING and the proxy pass-through of mod_rewrite
    * Fix for symlink check in mod_rewrite's ``RewriteCond ... -l'', PR#2010
    * Fix: SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time
    * Dean's remove of HAVE_SNPRINTF
    * Dean's mutation of ap_snprintf() code into ap_vformatter()
    * Lars' fix for "Options +Includes" and "+IncludesNoExec" merging
    * Jim's fix for inconsistent usage of TCC and CC in Configure
    * Jim's fix for IRIX which needs the -n32 flag iff using 'cc', PR#1901
    * Jim's add of the SCO_SV port. PR#1962
    * Dean's floating point ap_snprintf code wasn't threadsafe.
    * Ralf's add of the new Apache Autoconf-style Interface (APACI)
    * Rainer Scherg's fix for CONNECT proxy support: #1326, #1573, #1942
    * Ken's reworking of the Apache LICENSE
    * Ralf's APache eXtenSion for easy "off-source" extending Apache via DSO
    * Ralf's APACI --without-support option
    * Martin's fix accept (and pass) http://user:pass@host proxy requests
    * Martin's fix CONNECT proxy handling again
    * Ralf's fallback strategy for DSO by trying to guess flags from Perl
    * Ralf's add of the query (-q) option to apxs
    * Ralf's initial doc and Configuration.tmpl entry for mod_mmap_static

Available Patches:

    * Arnt Gulbrandsen <> 03 Apr 1998 21:28:17 +0200
      <> mod_usertrack.c patch:
      The patch provides per-domain cookies (which I use to share user-ids
      among the * web servers) and configurable cookie names.  It
      also marginally increases the efficiency of Apache when the server
      runs with DNS lookups turned off.

In progress:

    * Ken's IndexFormat enhancement to mod_autoindex to allow
      CustomLog-like tailoring of directory listing formats


    * proxy security fixes from 1.2.5 need to be brought forward

    * HIDE has been vetoed -- no release until it is removed/replaced

Needs patch:

    * Dean's "locale" project
	See <>

    * Documentation for:
      1) htdocs/manual/sourcereorg.html and other files should mention 
         new mod_so capabilities.
      2) windows.html should be cleaned up.

    * uri issues (dean will do unless someone else wants 'em):
	- RFC2068 requires a server to recognize its own IP addr(s) in dot
	notation, we do this fine if the user follows the dns-caveats
	documentation... we should handle it in the case the user doesn't ever
	supply a dot-notation address.

Closed issues:

Open issues:
    * Cleanup the symbol space now in the source for 
      1.3b6 and thus for the 1.3.x release branch via the
      apache-1.3/src/test/rename/ file as the configuration for the
      renaming. The used prefix or prefixes are configureable in the file,
      too. But we have to additionally vote on them in the next point.
      Votes: Ralf +1, Jim +1 (on the source-level renaming for
      1.3b6 and 1.3.0; how is still up for debate :) ),
      Marc -0 (this is not the time nor the place, but I don't have
      time to veto this crap so it will be pushed through)

    * Use consistant prefixes for the renaming; suggestions:

      o Different prefixes to distinguish between 
        the type of functions:

        - Apache provided general functions (e.g., ap_cpystrn)
            ap_xxx: +0: Ken, Brian, Ralf, Martin, Paul, Roy, Jim
        - Public API functions (e.g., palloc)
            ap_xxx: +1 Ralf
            apapi_xxx: +1: Ken, Paul, Jim
        - Private functions which we can't make static (because of
          cross-object usage) but should be (e.g., new_connection)
            apx_xxx +1: Ralf
            appri_xxx +1: Paul, Jim, Ken
        - Public API module structure variables (e.g.,
          status_module) which are used special in Configure,
          mod_so, etc and have to be exported:
            ap_xxx +1:
            apm_xxx +1: Ralf

            - Ralf: My opinion for my decisions are the following ones: 
              1. The short ap_ prefix is a good idea because its
                 a handy prefix while still Apache specific, so I
                 would use it for those symbols we deal most: API
              2. There is a distinction needed between symbols 
                 we want explicitly export (API) and those we are
                 forced to export (cross-object references).
                 Hence a the apx_ prefix. It's different from ap_
                 but as short as it can while still providing the
                 needed information: "ap" for Apache and "x" for
                 internal cross-object symbol.
              3. When you are look at the code you notice that 
                 we use <name>_module for the names of the
                 module's dispatch structure. First, it always
                 was confusing in the past that a module named
                 mod_abc_def usually had a def_abc_module symbol
                 (e.g. mod_auth variants). Second the
                 src/Configure stuff has great guessing problems
                 due to this difference. Third, mod_so has
                 resolving problems. Fourth, the user who used
                 the "LoadModule" directive has the most
                 problems, because he had to write down the
                 correct symbol name. Fifth, the names
                 xxxx_module are too generic that we can keep
                 them while we rename all others. They need also
                 a renaming to be Apache specific. So, to make
                 them Apache specific, solve the confusion _AND_
                 mark them special because of shared object
                 loading, I propose apm_ as the prefix, i.e.
                 name1_module bekomes apm_name1. That's short,
                 Apache specific and indicates (the "m") that
                 this is a module's bootstrap symbol. This
                 simplifies mod_so's LoadModule, src/Configure,
                 APACI's, etc. and makes less confusion to
                 the user while still providing the private
      o Alternate proposal:
        Everything should be prefixes with just ap_:
        Votes: +1: Dean, Randy, Roy, Martin, Brian
               +0: Ralf
               -1: Jim

            - Dean: Why? Because it's far easier to type, and damn
              it, I type these things far too much.  Just using
              apapi_ for the few hours I did while writing
              apapi_vformatter is making me puke.  So many extra
              characters, so much wasted screen width, and
            - Randy: I agree with Dean 100%. The work created to
              keep this straight far outweighs any gain this
              could give. 
            - Jim: We should make some sort of logical effort to
              keep things straight and organized. This does nothing
	      to indicate in the code what is API, and what
	      isn't. In my mind, we should use prefixed not JUST
	      to prevent namespace collisions, but also to
	      "define" the type function. The very fact that we
	      _have_ the above different "types" of functions
	      indicates to me that we should have some logical
	      namespace for them.
            - Ralf: I agree with Jim that although the short ap_
              prefix is good for API functions, it shouldn't be
              used for all functions. That's too less. Some
              distinction is really needed. At least between
              really exported symbols (API) and symbols which are
              just forced to be exported due to the way the
              linker works (internal cross-object references)

    * Paul would like to see a 'gdbm' option because he uses
      it a lot. Dean notes that 'gdbm' include 'db' support
      so we need to watch the library ordering.

	Dean notes:  Check rev 1.72 -> rev 1.73 of
	src/Configuration.tmpl.  I re-ordered mod_auth_dbm and
	mod_auth_db at this time, and I'm pretty sure it was to
	deal with this issue.  But I think I still ran into
	troubles if I automatically looked for gdbm.

    * What do we call the binary: apache or httpd? Under UNIX
      it's httpd, under Win32 it's apache. Maybe rename it
      to apache-httpd?
	apache-httpd: Ken +1
        leave it apache: Brian +1, Ralf +1

    * Maybe a http_paths.h file? See
	+1: Dean, Brian, Paul, Ralf, Martin

    * Release builds: Should we provide Configuration or not?
      Should we 'make all suexec' in src/support?
	Ken +1 (possible suexec path issue, though)
        Brian +1

    * root's environment is inherited by the Apache server. Jim, Ken &
      Dean thinks we should recommend using 'env' to build the
      appropriate environment. Marc and Alexei don't see any
      big deal. Martin says that not every "env" has a -u flag.

    * 206 vs. 200 issue on Content-Length
	See <>
	Roy says current behavior is correct, but Alexei disagrees.
	Marc sides with Alexei.

    * Marc's socket options like source routing (kill them?)
	Marc, Dean, Martin say Yes

    * Ken's PR#1053: an error when accessing a negotiated document
      explicitly names the variant selected.  Should it do so, or should
      the base input name be referenced?
	Dean says: doesn't seem important enough to be in the STATUS...
	    it's probably a pain to fix.

    * Proposed API Changes:

	- r->content_language is for backwards compatibility... with modules
	  that may not link any longer without some minor editing.  The new
	  field is r->content_languages.  Heck it's not even mentioned in
	  apache-devsite/mmn.txt when we got content_languages (note the s!).
	  The proposal is to remove r->content_language:
	    Status: Dean +1, Paul +1, Roy +1, Ralf +1

	- child_exit() is redundant, it can be implemented via cleanups.  It is
	  not "symmetric" in the sense that there is no exit API method to go
	  along with the init() API method.  There is no need for an exit
	  method, there are already modules using cleanups to perform this (see
	  mod_mmap_static, and mod_php3 for example).  The proposal is to
	  remove the child_exit() method and document cleanups as the method of
	  handling this need.
	    Status: Dean +1, Rasmus +1, Paul +1, Roy +1, Jim +1, 
	            Martin +1, Ralf +1

    * Don't wait for WIN32:  It's been quite some time and WIN32 doesn't seem
	to be progressing, and Unix seems quite stable.  It would be in Apache's
	best interest to continue to support Unix to its utmost, and not delay
	a release of 1.3.0 waiting for WIN32 issues to be resolved.

	Proposal: the next release should be named 1.3.0 and should be labelled
	    "stable on unix, beta on NT".
	    +1: Dean
	    -0: Ralf (because we've done a lot of good but new stuff
		      in 1.3b6-dev now and we should give us at least
		      one pre-release before the so-called "release" [1.3.0].
		      But we should not take again many months. 1.3.0 should
		      be kicked out as soon as possible after 1.3b6 is out. So
		      we should commit APACI, test a few days again, release
		      1.3b6, look for the responses, fix a few bugs and then
		      roll 1.3.0 out of the door marked as stated above)

	Proposal: the next release should be named 1.3b6, and labelled "release
	    candidate on unix, beta on NT".  The release after that will be
	    called 1.3.0 "stable on unix, beta on NT".
	    +1: Jim, Ralf, Randy, Brian, Martin
	    +0: Dean

            Randy: APACI should go in a beta release if it is to go in at all.
                   I would also argue that 1.3b6 is _not_ stable. I've been 
                   having real fits keeping it alive on a dual processor
                   machine. Could be OS problems..

  * vformatter TODO:
    - double check logic in ap_vformatter(), and especially psprintf()
    - add in and use the inaddr formatting codes that started the whole
      debate last october
    - ... so that we can finally start fixing all the log messages that
      were previously log_reason(), which included the client address,
      but now using aplog_error() they're without the client address, and
      that sucks
    - bump mmn and make it official (wanna make sure the api is right first)

Win32 specific issues:

 Open issues:

    * Should ApacheCore.dll be merged back into the main server
      image?  May make debugging easier..

 In progress:

    * Ben's ASP work... All agree it sounds cool.

    * DDA's adding a tray application to the Windoze version for ease of
	Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
	we get a single executable)
	Paul: No like Win95 specific stuff
	Ken: What's W95-specific about it?


    * process/thread model
	- need dynamic thread creation/destruction, similar to 
	  Unix process model
	- can't use WaitForMultipleObjects in the same way we
	  do now, since that has a limit of 64(!) objects.  Grr.

    * some errors printed by CGIs to stderr don't end up making it
      to the server log unless an extra debugging message is added
      after they run? (PR#1725 indicates this may not be just Win32)

    * handle bugs that make it pop up errors on console, ie. segv 
      equiv?  Can we do this?  Need to make it robust.

    * install
	- make installshield work
	- config in cvs tree?
	- install docs, etc.?
	- location for install

    * the mutex should be critical-regions, since the current design
      is creating a mess of SO calls that are unnecessary

    * we don't mmap on NT.  Use TransmitFile?

    * CGIs
        - hangs on multiple CGI execution?  PR#1607,1129
    	    Marc can't repeat...
	- docs on how they work w/scripts
	- use registry to find interpreter?
	- WTF is the buffering coming from?
	    - we don't have a way to make non-blocking files on NT!

    * performance

    * documentation:
	- running the server without admin
	- how CGIs work
	- update README.NT
	- short/long name handling
	- better status page on current state of NT for users

    * http_main.c hell
	- split into two files?

    * who should run the service?  Who exactly is the "system account"?

      docs say:

      Localsystem is a very privileged account locally, so you shouldn't run
      any shareware applications there. However, it has no network privileges
      and cannot leave the machine via any NT-secured mechanism, including
      file system, named pipes, DCOM, or secure RPC.


      A service that runs in the context of the LocalSystem account
      inherits the security context of the SCM. It is not associated with
      any logged-on user account and does not have credentials (domain
      name, user name, and password) to be used for verification. This
      has several implications: [... removed ...]

      That _really_ sucks.  Can we recommend running Apache as some 
      other user?

    * need a crypt() of some sort.
	- sources are easy; problem is export restrictions on DES
	- if we don't do DES, can do md5

    * modules that need to be made to work on win32
        - mod_example isn't multithreadreded
	- mod_unique_id (needs mt changes)
	- mod_auth_db.c  (do we want to even try this?  We should have some
          db of some sort... what else can we pick from under win32?)
	- mod_auth_dbm.c
	- mod_info.c (PR re exporting symbols for it...)
	- mod_log_agent.c
	- mod_log_referer.c
	- mod_mime_magic.c (needs access to mod_mime API stage...)

    * do something to disable bogus warnings

    * rfc1413.c has static storage which won't work multithreaded

    * mod_include --> exec cgi, exec cmd, etc. don't work right.
      Looks like a code path that isn't run anywhere else that has
      something not quite right...  A PR or two on it.


    * CGIs
        - hangs on multiple CGI execution?  PR#1607,1129
    	    Marc can't repeat...

    * SECURITY: PR#1203 still needs to be dealt with for WIN32

    * SECURITY: check if the magic con/aux/nul/etc names do anything
	really bad

    * SECURITY: numerous uses of strcpy and strcat have potential
	for buffer overflow, someone should rewrite or verify
	they're safe

    * SECURITY: os_ abstract is_only_below() in mod_include.c

    * signal type handling
    	- how to rotate logs from command line?

    * bad use of chdir in some places; it isn't thread-specific

View raw message