Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 19234 invoked by uid 6000); 3 Dec 1998 09:51:19 -0000 Received: (qmail 19223 invoked from network); 3 Dec 1998 09:51:17 -0000 Received: from i.meepzor.com (HELO Mail.MeepZor.Com) (cvs@204.146.167.214) by taz.hyperreal.org with SMTP; 3 Dec 1998 09:51:17 -0000 Received: (from cvs@localhost) by Mail.MeepZor.Com (8.8.5/8.8.5) id XAA05689; Wed, 2 Dec 1998 23:45:17 -0500 Date: Wed, 2 Dec 1998 23:45:17 -0500 Message-Id: <199812030445.XAA05689@Mail.MeepZor.Com> From: Rodent of Unusual Size To: Apache HTTP developers Subject: [STATUS] (apache-1.3) Wed Dec 2 23:45:16 EST 1998 X-Note: This is an automated message. Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org 1.3 STATUS: Release: 1.3.4-dev: current. There is discussion on releasing it "soon" (Lars volunteers as release manager) 1.3.3: Tagged and rolled on Oct. 7. Released on 9th, announced on 10th. 1.3.2: Tagged and rolled on Sep. 21. Announced and released on 23rd. 1.3.1: Tagged and rolled on July 19. Announced and released. 1.3.0: Tagged and rolled on June 1. Announced and released on the 6th. 2.0 : In pre-alpha development, see apache-2.0 repository RELEASE SHOWSTOPPERS: * Win32 device file issues (nul/aux/...) * How should an Apache binary release tarball look? 1. The "old" way where it is just a source release tarball plus a pre-compiled src/httpd-. It is created via the apache-devsite/binbuild.sh script which - creates the build tree - creates the src/Configuration file with standard modules - runs "make" - renames src/httpd to src/httpd- - runs "make clean" - packs the build tree stuff together Already known discussion points: - should src/httpd be renamed or not because a lot of PRs say they cannot find the httpd :-( Status: Ralf -0, Ken +0 2. The way some other projects release binary tarballs, i.e. a package containing the installed (binary) files. It can be created by a script which - creates the build tree - runs "./configure --prefix=/usr/local/apache \ --enable-shared=remain \ --disable-module=auth_db \ --enable-suexec ..." - runs "make install root=apache-root" - packs the stuff together from ./apache-root only!! Already known discussion points: - should there be a prefix usr/local/apache in the tarball or not? Some people think it's useful while others dislike it a lot. - it doesn't include the source. - the paths don't match the original Apache style, nor the Win32 paths - should suexec be prebuilt in a binary tarball? Status: Ralf +1, Martin +1, Roy -1, Ken +1 (IFF source is included, there's no usr/local/apache prefix in the tarball, AND the old-style [common with Win32] paths are used) 3. A source release tarball with three extra directories: lib: for the shared library object files bin: for the httpd and support executables man: for the man files (if desired) as if the server was installed in those directories. Status: Roy +1, Jim +1 (still need to define which modules are built) Ralf -0 (I dislike mixed source+binary tarballs) Documentation that needs writing: * Need a document explaining mod_rewrite/"UseCanonicalName off" based virtualhosting. (If it exists already I can't find it easily.) => It still doesn't exists but I've already assembled the relevant information and config snippets. We just have to write a vhost-xxx.html document out of it. -- rse Available Patches: * Randy's [PATCH] APACI configure changes This is the original patch which tries to provide the new default path layout, the single config installation, the APACI top-level Makefile generation and the TARGET name. Status: Ralf -0 (with a tendency to -1) [actually: path layout: +0 (too less generic) single config: +1 (all ok) top-level Makefile: -0 (too problematic) TARGET name: +0 (too incomplete)] * Ralf's [PATCH] Configuration (1/4): Path Layout This patch makes the Apache Classic Path Layout the default and provides a general way (--with-layout) to specificy the layout. GNU layout is predefined, more custom layout can be added easily through external files. Status: Ralf +1 * Ralf's [PATCH] Configuration (2/4): Single Config This patch is extracted from Randys patch and makes sure that the access.conf and srm.conf (dummy) files are no longer installed. Status: Ralf +1 * Ralf's [PATCH] Configuration (3/4): APACI Makefile for src/Configure This patch is a possible alternative answer to Randys attemp to create an APACI top-level Makefile from within src/Configure. Because Randys attemp is against the APACI intenations. Of course, this patch is against the src/Configure intentations, so even the author dislikes it. But the author thinks at least this is better than doing mass-exportation of variables and code movements. Status: Ralf -0, Jim -1 * Ralf's [PATCH] Configuration (4/4): TARGET name This patch tries to complete Randys initial work to make the TARGET variable more generic and more generally applicable. With it one can change "httpd" to "apache" or to whatever for the particular installation. Status: Ralf +1 * Michael van Elst's patch [PR#3160] to improve mod_rewrite's in-core cache handling by using a hash table. Message-ID: Status: Lars +1 * Ralf's [PATCH] MODULE_MAGIC_COOKIE field for module structure Message-ID: <19981106125801.A17402@engelschall.com> Status: Currently assumes 8-byte long, Ralf will fix and repost. * Ralf's Build outside of source tree (take 2: alternative solution) ("overrules" Wilfredo Sanchez's [PATCH] Build outside of source tree) Message-ID: <19981027154021.A24640@engelschall.com> Status: Ralf +1, Jim +1, Martin +1 Fred says this doesn't work for him, suggests replacement in <199811042007.MAA25906@scv1.apple.com> * Marc's [PATCH] PR#3323: recursive includes Message-ID: Status: Marc +1, Jim +1 (concept) * Needs more in-depth review * * Ron Record's patch to port Apache to UnixWare 7 (forwarded by Randy). Message-ID: Status: * Amiel Lee Yee's patch to update ap_config.h for DGUX/Intel and str[n]casecmp(). Message-ID: PR#3247 Status: * Khimenko Victor's os_inline.c finctions are not inlined Message-ID: Status: Roy +1, Dean +1 * Juan Gallego's patch to add CSH-style modifiers (:h, :r, :t, :e) to mod_include's variable processing. Mesage-ID: PR#3246, also available at Status: Ken -0 for 1.3/+0 for 2.0 * Patches for the DSO/mod_perl problem (see below for description): Ralf's "[PATCH] Fix module init" This fixes the mod_so/mod_perl problems described under "FINAL RELEASE SHOWSTOPPERS" by doing a more correct init of the modules after loading through two new core API functions. Message-ID: <19980611171746.A23845@engelschall.com> Status: Ralf +1, Lars +1 In progress: * Addition of "cute little icons" to Apache's main icon groups. See <4.1.19981024045505.00a9dce0@hyperreal.org> Status: Ralf +1, Roy +1 (in "icons/small" subdirectory) * Ken's IndexFormat enhancement to mod_autoindex to allow CustomLog-like tailoring of directory listing formats Needs patch: * Ralf: mod_so doesn't correctly initialise modules. For instance the handlers of mod_perl are not initialised. An ap_init_modules() could be done from mod_so but this is too much. I've already debugged this up to ap_invoke_handler() and it correctly sees the handlers from mod_perl ("perl-script") and actually runs them. But under DSO situation it returns DECLINED while under non-DSO situation it runs fine. Sure, its mod_perl's fault because its mod_perl code which returns DECLINED. But it definitely seems to be caused by a missing init in mod_so under DSO situation. I've already asked Doug for hints but he has not had a chance to look into it. Currently at least mod_perl is broken under the DSO situation because of this missing init in mod_so. But perhaps there are more modules which have the same problem. This should be fixed for 1.3.2 or at least found out why it is happening! Current status: We have two patches available (see above) but still don't know the real reason. And the patches work not under all platforms :-( * get_path_info bug; ap_get_remote_host should be ap_vformatter instead. See: * uri issues - RFC2068 requires a server to recognize its own IP addr(s) in dot notation, we do this fine if the user follows the dns-caveats documentation... we should handle it in the case the user doesn't ever supply a dot-notation address. * Problems dealing with .-rooted domain names such as "twinlark." versus "twinlark.arctic.org.". See the thread containing Message-ID: <19980203211817.06723@deejai.mch.sni.de> for more details. In particular this affects the correctness of the proxy and the vhost mechanism. * proxy_*_canon routines use r->proxyreq incorrectly. See * work around a Navigator/Mozilla bug when mod_proxy is used (broken images). Message-ID: Status: Lars' patch was vetoed. Roy and Dean think that it is probably another buffer magic number error and should be tested to find out and, if so, fixed like it was in core. * ap_escape_html() always duplicates the string, even when there is no change and the caller would be happy to use the original. What is needed is a separate interface for "don't need a dup" situations, like just about everywhere we use it in bvputs and bputs calls. Open issues: * Underscores on symbols in DSO situation is broken for NetBSD: Here is a private conversation between me (rse) and Charles Hannum of the NetBSD project: From: "Charles M. Hannum" > We have a bug report at the Apache BugDB (see > http://bugs.apache.org/private/index/full/2462) where a user says > under a particular NetBSD platform (NetBSD/pmax 1.3.2) the symbols on > dlsym() don't need an underscore. In FreeBSD world we always had the > underscore, > [...] This is less an issue of OS, and more an issue of a.out vs. ELF. The underscores are always used for a.out, and are never used for ELF. Therefore, on any platform where we use ELF (that would be Alpha, MIPS, PowerPC and UltraSPARC currently, although there are plans to eventually switch on other platforms), the underscores should not be added, and on all other platforms they should be. You can differentiate by comparing the output of `uname -m' with any of: alpha bebox macppc newsmips ofppc pica pmax sparc64. * Redefine APACHE_RELEASE. Add another 'bit' to signify whether it's a beta or final release. Maybe 'MMNNFFRBB' which means: MM: Major release # NN: Minor release # FF: "fix" level R: 0 if beta, 1 if final release BB: beta number See: <199806071444.KAA23147@devsys.jaguNET.com> Status: Jim +1, Ben +1, Martin +1, Ralf +1 * Someone other than Dean has to do a security/correctness review on psprintf(), bprintf(), and ap_snprintf(). In particular these routines do lots of fun pointer manipulations and such and possibly have overflow errors. The respective flush_funcs also need to be exercised. o Jim's looked over the ap_snprintf() stuff (the changes that Dean did to make thread-safe) and they look fine. o Laura La Gassa's looked over ap_vformatter & other related code o Martin did a "source review" as well. o Could still use 1 or 2 more sets of eyeballs. Status: Is this still valid?? * Paul would like to see a 'gdbm' option because he uses it a lot. * Maybe a http_paths.h file? See +1: Brian, Paul, Ralf, Martin +0: Jim (not for 1.3.0) * Release builds: Should we provide Configuration or not? Should we 'make all suexec' in src/support? +1: Brian, Jim, Ken +1 (possible suexec path issue, though) * root's environment is inherited by the Apache server. Jim & Ken think we should recommend using 'env' to build the appropriate environment. Marc and Alexei don't see any big deal. Martin says that not every "env" has a -u flag. * Marc's socket options like source routing (kill them?) Marc, Martin say Yes * Ken's PR#1053: an error when accessing a negotiated document explicitly names the variant selected. Should it do so, or should the original URI be referenced? * Proposed API Changes: - r->content_language is for backwards compatibility... with modules that may not link any longer without some minor editing. The new field is r->content_languages. Heck it's not even mentioned in apache-devsite/mmn.txt when we got content_languages (note the s!). The proposal is to remove r->content_language: Status: Paul +1, Ralf +1, Ken +1, Martin +1 - child_exit() is redundant, it can be implemented via cleanups. It is not "symmetric" in the sense that there is no exit API method to go along with the init() API method. There is no need for an exit method, there are already modules using cleanups to perform this (see mod_mmap_static, and mod_php3 for example). The proposal is to remove the child_exit() method and document cleanups as the method of handling this need. Status: Rasmus +1, Paul +1, Jim +1, Martin +1, Ralf +1, Ken +1 * Should we re-enable nagle now that we're non-buffering CGIs? See various messages from Marc in March 98. * TZ should not be dealt with specially any longer now that we have "PassEnv". See Jim: IMO it's too late in the game for this... I'm sure this would cause some strange bug reports as people's cgi-scripts no longer work correctly ("It worked just fine before I upgraded to 1.3.0") unless we warn people in big nasty letters to add PassEnv TZ to their config files "just in case" and hope they do it :) * In ap_bclose() there's no test that (fb->fd != -1) -- so it's possible that it'll do something completely bogus when it's used for read-only things. - Dean Gaudet * Okay, so our negotiation strategy needs a bit of refinement. See . In general, we need to go through and clean up the negotiation module to make it compliant with the final HTTP/1.1 draft, and at the very least we should make it more copacetic to the idea of transferring gzipped variants of files when both variants exist on the server. * Roy's HTTP/1.1 Wishlist items: 1) byte range error handling 2) update the Accept-Encoding parser to allow q-values * use of spawnvp in uncompress_child in mod_mime_magic - doesn't use the new child_info structure, is this still safe? Needs to be looked at. * suexec doesn't understand argv parameters; e.g. fails even when "ls" is in the same directory because suexec is trying to stat a file called "ls -l". A patch for this is available at http://www.xnet.com/~emarshal/suexec.diff and it's not bad except that it doesn't handle programs with spaces in the filename (think win32, or samba-mounted filesystems). There are several PR's to this and I don't see for security reasons why we can't accomodate it, though it does add complexity to suexec.c. PR #1120 Brian: +1 Win32 specific issues: Important * fix O(n^2) attack in mod_isapi.c ... i.e. recopy the code from scan_script_headers_err_core. In progress: * Ben's ASP work... All agree it sounds cool. * DDA's adding a tray application to the Windoze version for ease of status/management. <01BCDB29.2C04DEB0@caravan.individual.com> <01BCDB2A.F8C09010@caravan.individual.com> Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as we get a single executable) Paul: No like Win95 specific stuff Ken: What's W95-specific about it? Help: * should trap ^C when running not-as-service and do proper shutdown * should have a pretty little icon for Apache on Win32 * proxy module doesn't load on Win95. Why? Good question. PR#1462. * "Directory /", "Directory C:/" both fail to do anything, while "Directory *" SEGVs. * chdir() for CGI scripts and mod_include #exec needs to be re-implemented now that CreateProcess is being used. * process/thread model - need dynamic thread creation/destruction, similar to Unix process model - can't use WaitForMultipleObjects in the same way we do now, since that has a limit of 64(!) objects. Grr. PR#1665 * some errors printed by CGIs to stderr don't end up making it to the server log unless an extra debugging message is added after they run? (PR#1725 indicates this may not be just Win32) * handle bugs that make it pop up errors on console, ie. segv equiv? Can we do this? Need to make it robust. * install - make installshield work - config in cvs tree? - install docs, etc.? - location for install * the mutex should be critical-regions, since the current design is creating a mess of SO calls that are unnecessary * we don't mmap on NT. Use TransmitFile? * CGIs - docs on how they work w/scripts - use registry to find interpreter? - WTF is the buffering coming from? - we don't have a way to make non-blocking files on NT! * performance * documentation: - running the server without admin - how CGIs work - update README.NT - short/long name handling - better status page on current state of NT for users * http_main.c hell - split into two files? * who should run the service? Who exactly is the "system account"? docs say: Localsystem is a very privileged account locally, so you shouldn't run any shareware applications there. However, it has no network privileges and cannot leave the machine via any NT-secured mechanism, including file system, named pipes, DCOM, or secure RPC. and: A service that runs in the context of the LocalSystem account inherits the security context of the SCM. It is not associated with any logged-on user account and does not have credentials (domain name, user name, and password) to be used for verification. This has several implications: [... removed ...] That _really_ sucks. Can we recommend running Apache as some other user? * need a crypt() of some sort. - sources are easy; problem is export restrictions on DES - if we don't do DES, can do md5 * modules that need to be made to work on win32 - mod_example isn't multithreadreded - mod_unique_id (needs mt changes) - mod_auth_db.c (do we want to even try this? We should have some db of some sort... what else can we pick from under win32?) - mod_auth_dbm.c - mod_info.c (PR re exporting symbols for it...) - mod_log_agent.c - mod_log_referer.c - mod_mime_magic.c (needs access to mod_mime API stage...) * do something to disable bogus warnings * rfc1413.c has static storage which won't work multithreaded * mod_include --> exec cgi, exec cmd, etc. don't work right. Looks like a code path that isn't run anywhere else that has something not quite right... A PR or two on it. * signal type handling - how to rotate logs from command line? (Point people to Andrew Ford's cronolog because it's "better" than ours?) * Currently if you double click on the conf files or the log files you get a useless dialog offering the set of all executables, usually after a very long pause. Ought to stuff .conf in the registry mapping it to text. * apparently either "BrowserMatch" or the "nokeepalive" variable cause instability - see PR#1729. Binaries The goal here is to have two columns of all-Y (where applicable) for the two stable release versions, and nothing under Old unless the new version just doesn't work on that platform. 1.2.6 1.3.3 Old aix_4.1 N N 1.2.5, 1.3.1 alphalinux N N 1.3.0 aux_3.1 N N 1.3.0 decalphaNT N N 1.3b6 dunix_4.0 N N 1.2.4, 1.3.0, 1.3.1 freebsd_2.1 N N 1.2.4 freebsd_2.2 N N 1.2.5 hpux_10.20 N N 1.2.5 hpux_11 N N 1.3.2 irix_6.2 N N 1.2.5 linux_2.x N N 1.2.4, 1.3.0 netbsd_1.2 N N 1.2.4 os2 N N 1.3.2 reliantunix_5.4 Y N 1.3.1 solaris N N 1.2.5, 1.3.0, 1.3.1 sparclinux N N 1.3.0, 1.3.1 sunos_4.1.x N N 1.2.5 ultrix_4.4 N N 1.2.4 win32 - N 1.3.2 (is symlink okay?)