httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: config/2105: ScoreBoardFile definition in httpd.conf should be changed (fwd)
Date Tue, 21 Apr 1998 20:54:13 GMT
On Tue, 21 Apr 1998, Jim Jagielski wrote:

> Dean Gaudet wrote:
> > 
> > No I'm just complaining that 1.3 is getting nowhere fast.  The only bugs
> > being worked on are configuration bugs.  It doesn't matter if you can
> > compile apache on 200 million different platforms if it doesn't work
> > right. 
> At least bugs are getting worked on... AFAIK the real bugs are
> Win32 still

Here's a sample from STATUS.


Available Patches:

    * Ed Korthof's patch to fix protocol issues surrounding 400, 408, and
      414 responses.

    * Ronald Tschalaer's Accept-Encoding patch
      Status: Dean +1


    * proxy security fixes from 1.2.5 need to be brought forward

    * Someone other than Dean has to do a security/correctness review on
      psprintf(), bprintf(), and ap_snprintf().  In particular these routines
      do lots of fun pointer manipulations and such and possibly have overflow
      errors.  The respective flush_funcs also need to be exercised.
       o Jim's looked over the ap_snprintf() stuff (the changes that Dean
         did to make thread-safe) and they look fine.

[Note: Thanks Jim, but this isn't sufficient.  Specifically, the flush_funcs
need to be verified; and so do the wrappers that call ap_vformatter.  The
changes to make the ?cvt() routines threadsafe were trivial in comparison.]

    * The fatal errors that the children detect and fill up the log with
      (such as bogus group id) need to be stopped.  The proposed fix is to
      make the child exit with a special code when a fatal error occurs; the
      parent would then abort.  See

Needs patch:

    * uri issues
	- RFC2068 requires a server to recognize its own IP addr(s) in dot
	notation, we do this fine if the user follows the dns-caveats
	documentation... we should handle it in the case the user doesn't ever
	supply a dot-notation address.

    * Problems dealing with .-rooted domain names such as "twinlark." versus
	"".  See the thread containing
	Message-ID: <> for more details.
	In particular this affects the correctness of the proxy and the
	vhost mechanism.

    * PR#1799: we need to add a "default" or "none" handler to deal with
	filenames such as which aren't image maps, and shouldn't
	be considered such.  See discussion in
	(feb98 archives)

    * proxy_*_canon routines use r->proxyreq incorrectly.  See

    * TZ should not be dealt with specially any longer now that we have
      "PassEnv".  See

View raw message