Return-Path: Delivered-To: apmail-new-httpd-archive@apache.org Received: (qmail 75412 invoked by uid 500); 3 Aug 2000 03:42:24 -0000 Mailing-List: contact new-httpd-help@apache.org; run by ezmlm Precedence: bulk X-No-Archive: yes Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list new-httpd@apache.org Received: (qmail 75401 invoked from network); 3 Aug 2000 03:42:23 -0000 Date: Wed, 2 Aug 2000 23:45:05 -0400 Message-Id: <200008030345.XAA23101@Mail.MeepZor.Com> From: Rodent of Unusual Size To: Apache HTTP developers Subject: [STATUS] (apache-1.3) Wed Aug 2 23:45:05 EDT 2000 X-Note: This is an automated message. X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N 1.3 STATUS: Last modified at [$Date: 2000/07/28 18:30:09 $] Release: 1.3.13-dev: In development - ready to freeze. 1.3.12: Tagged and rolled Feb. 23, 2000. Released and announced on the 25th. 1.3.11: Tagged and rolled Jan. 19, 2000. Released and announced on the 21st. 1.3.10: Not released. Pulled at "last minute" due to a build bug in the MPE port. 1.3.9: Tagged and rolled on Aug. 16. Released and announced on 19th. 1.3.8: Not released. 1.3.7: Not released. 1.3.6. Tagged and rolled on Mar. 22. Released and announced on 24th. 1.3.5: Not released. 1.3.4: Tagged and rolled on Jan. 9. Released on 11th, announced on 12th. 1.3.3: Tagged and rolled on Oct. 7. Released on 9th, announced on 10th. 1.3.2: Tagged and rolled on Sep. 21. Announced and released on 23rd. 1.3.1: Tagged and rolled on July 19. Announced and released. 1.3.0: Tagged and rolled on June 1. Announced and released on the 6th. 2.0 : In pre-alpha development, see apache-2.0 repository RELEASE SHOWSTOPPERS: None at present. RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * IMPORTANT: Split the htdocs tree from the apache-1.3 tree. Ken Coar will split and coordinate participants in the new docco access so documentors can work on the html docs apart from the developer's tree. Needs how-to-roll doc revisions, src committers added to docco committers group. Message ID: <39328E9C.4526F2D5@Golux.Com> Jim Winstead: the PHP project has had great success with an independent documentation project [addt. translations, etc.] Marc Slemco: [snipped] require committing code and docs changes to have to go to two separate places and do two separate commits, etc [...] is the completely wrong direction. Stoddard: save it for 2.0; Ken: docco'ers want/need to be able to continue cleaning 1.3.x Status: Greg Stein, William Rowe +1 * long pathnames with many components and no AllowOverride None Workaround is to define with AllowOverride None, which is something all sites should do in any case. Status: Marc was looking at it. * Ronald Tschal�r's patch to mod_proxy to allow other modules to set headers too (needed by mod_auth_digest) Message-ID: <199907080712.JAA28269@chill.innovation.ch> Status: Documentation that needs writing: Available Patches: * Dan Astoorian 's patch to fix mod_include RE tokenisation PR: 5898 Status: * Gerd Knorr 's patch to enable mod_auth_digest to handle both Digest *and* Basic authentication modes. PR: 5879 Status: * Andrew Ford's patch (1999/12/05) to add absolute times to mod_expires Message-ID: Status: Martin +1, Jim +1, Ken +1 (on concept) * Raymond S Brand's path to mod_autoindex to fix the header/readme include processing so the envariables are correct for the included documents. (Actually, there are two variants in the patch message, for two different ways of doing it.) Message-ID: <384AA242.B93F8B5@rsbx.net> Status: Martin +1(concept) * Jayaram's patch (10/27/99) to fix PR4856 PR: 4856 It is found that UnSetEnv directive fails to unset the environment variable in the server config context. Status: * Jayaram's patch (10/27/99) for changes to mod_autoindex Problem 1: ------------------------ AddIcon (,) ^^DIRECTORY^^ and AddIcon (,) ^^BLANKICON^^ should be able to set the alternate text and icon file for any directory/blankicon in a directory listing. This was not happening because the alternate text for ^^DIRECTORY^^ and ^^BLANKICON^^ were hardcoded to "DIR" and " " respectively. Problem 2: ------------------------- IndexIgnore should hide the files with this file- extension in directory listings. This was NOT happening because the total filename was being compared with the file-extension. Status: Martin +1(untested), Ken +1(untested) * Paul Reder's patch to fix Allow/Deny (.htaccess parsing) in regex processing. Message-ID: <37A88E34.FD09C658@raleigh.ibm.com> PR: 3019, 3454 Status: * David Harris' patch to add a function to report on the number of bytes in a pool that are actually used. Message-ID: <008e01bedead$781c9480$0500a8c0@delf> Status: * Stipe Tolj's Cygwin32 port PR#: 2936 Status: Lars +1 (on concept), Martin +1 (on concept), Ken +1 (concept) * Salvador Ortiz Garcia ' patch to allow DirectoryIndex to refer to URIs for non-static resources. MID: Status: Ken +1 (on concept), Lars +1 (on concept) * Ralf's [PATCH] to add EAPI (ctx, hook, mm, etc.) to the base package Message-ID: <19990414134729.A93825@engelschall.com> Status: Mark +1, Dean +1, BenH +1, Randy +1 (please choose name other than "hook") Doug +1 on concept (untested), Lars +1 on concept, Martin +1 (untested), Fred +1, Jim -1 (I really don't think it makes sense to add this right now this late in the release cycle for 1.3.10. I am +1 for 1.3.11) Greg -0 for 1.3 series. * Brian Havard's patch to remove dependency of mod_auth_dbm on mod_auth. (PR#2598) Message-ID: <199905170830.SAA31549@silk.apana.org.au> Status: Lars +1 (on concept), Ken +1 (on concept), Martin +1(untested) * Aidan Cully's patch to allow assignment of 'ownership' of resources to either the server UID or the file's owner. Message-ID: <37306CB4.8EA9D76C@Golux.Com> Status: Ken +1, Dean +1, Randy +1, Lars +0, Jim +1 * Jun-ichiro itojun Hagino's [PATCH] IPv6 enable patch ftp://ftp.kame.net/pub/kame/misc/apache-139-v6-19991013a.diff.gz Message-ID: <18586.916662926@coconut.itojun.org>, <24384.944888872@coconut.itojun.org> Status: Lars +1 (on concept), Dirkx +1 (tested), Martin +1 (on concept, but patched apache does not compile successfully on pre-IPv6-SVR4, and possibly others), Jim -1 (not for 1.3.10) Greg -0 for 1.3 series. * Peter Greis' new '%m' CustomLog option: the time taken to serve the request, in milli-seconds. Message-ID: PR#2838 Status: Jim +0 (as is, the patch requires rework since it needs to be aware of NO_GETTIMEOFDAY and NO_TIMES as well as implement a times() alternative. Not only that, but with extended_status, we calculate this anyway). * Juan Gallego's patch to add CSH-style modifiers (:h, :r, :t, :e) to mod_include's variable processing. Mesage-ID: PR#3246, also available at Status: Ken, Greg: -0 for 1.3/+0 for 2.0 Lars -0 for 1.3 * Eric Prud'hommeaux's mod_dir mods for file-level access control. Message-ID: Status: Jim -0 (The current behavior seems logical to me. If there was more universal interest in changing it, then that would be a different matter). * Eric Prud'hommeaux's mods for practical negotiation with file level access control. Message-ID: Status: * Greg's XML Handling patch Message-ID: <3764E070.381B1B8E@lyra.org> Message-ID: <3760EC9C.1CB6398E@lyra.org> Status: Greg -0 (will integrate into 2.0 rather than 1.3) Martin +1 (on concept) In progress: * Doug MacEachern's libapr - Generic Apache Request Library (Alpha) This package contains modules for manipulating client request data via the Apache API with Perl and C. Status: http://perl.apache.org/dist/ (look for the latest libapr-* file) * David Harris' note of odd size memory allocations. Dean notes that this is due to BLOCK_MIN_ALLOC. Should we reduce it to 1024? Discussion in thread following message-ID below. Message-ID: <00a001bedc00$fbc5af60$0500a8c0@delf> Status: * Martin Kraemer's mod_ebcdic.c: a new module which will contain the ebcdic related stuff (common to all ebcdic based os's) and will allow for flexible configuration of the conversion rules. That will replace the current hardwired heuristics. Message-Id: none yet Status: first prototype running, to be posted to list soon. Needs patch: * MaxRequestsPerChild doesn't count requests, only the number of connections processed. We can either 'fix' it by renaming the directive to MaxConnectionsPerChild or really fix it to actually count the number of requests. Lars: I think we should really fix. Ken: Definitely fix this, otherwise a massive series of requests on the same connection is possible, which defeats the purpose. Jim: The main idea behind this is to avoid problems with memory leaks. So it really doesn't matter which we do, as long as there's a match between the directive and what it does. Since it's easier, I'd say just rename to MaxConnectionsPerChild but keep MaxRequestsPerChild as an "alias" to that (maybe print a short "MaxRequestsPerChild is depreciated" message when Apache starts). * get_path_info bug; ap_get_remote_host should be ap_vformatter instead. See: * URI issues - RFC2068 requires a server to recognize its own IP addr(s) in dot notation, we do this fine if the user follows the dns-caveats documentation... we should handle it in the case the user doesn't ever supply a dot-notation address. * Problems dealing with .-rooted domain names such as "twinlark." versus "twinlark.arctic.org.". See the thread containing Message-ID: <19980203211817.06723@deejai.mch.sni.de> for more details. In particular this affects the correctness of the proxy and the vhost mechanism. * proxy_*_canon routines use r->proxyreq incorrectly. See * work around a Navigator/Mozilla bug when mod_proxy is used (broken images). Message-ID: Status: Lars' patch was vetoed. Roy and Dean think that it is probably another buffer magic number error and should be tested to find out and, if so, fixed like it was in core. Dirkx: cannot reproduce this at all. * ap_escape_html() always duplicates the string, even when there is no change and the caller would be happy to use the original. What is needed is a separate interface for "don't need a dup" situations, like just about everywhere we use it in bvputs and bputs calls. dirkx: -1 (as some of the modules from modules.apache.org seem (rightly?) to assume that they can modify the returned escaped string whilst relying on the passed string not to be damaged. Martin: +1 (a "separate interface" is like in the case of ap_table_setn() complementing ap_table_set(). It would not interfere with any existing code). * Should we disallow requests with bogus characters in the method? See Open issues: * Should we provide a way to force CustomError responses past IE's 'prettify-if-less-than-N-bytes' bogosity? * there are still some PRs about inetd mode Should we deprecate "ServerType inetd" if the next release is 1.4.0? +1: Lars -0: Martin (ISTR someone volunteered to "keep it working". I fear some exotic platforms may require it) * general/3787: SERVER_PORT is always 80 if client comes to any port => needs review by the protocol guys, I think. * Paul would like to see a 'gdbm' option because he uses it a lot. -0: Greg (volunteers; will add to 2.0 series rather than 1.3) +1: Martin * Many people have asked for a DBM to be distributed with Apache to isolate it from platform inconsistencies. SDBM (used by mod_ssl, mod_dav, Perl, and others) should fit the bill and is public domain. -0: Greg (volunteers; will add to 2.0 series rather than 1.3) +1: Martin * Maybe a http_paths.h file? See +1: Brian, Paul, Ralf, Martin, Dirkx +0: Jim (not for 1.3.0) * Release builds: Should we provide Configuration or not? Should we 'make all suexec' in src/support? +1: Brian, Jim, Dirkx, Ken +1 (possible suexec path issue, though) * root's environment is inherited by the Apache server. Jim & Ken think we should recommend using 'env' to build the appropriate environment. Marc and Alexei don't see any big deal. Martin says that not every "env" has a -u flag. * Marc's socket options like source routing (kill them?) Marc, Martin say Yes * Ken's PR#1053: an error when accessing a negotiated document explicitly names the variant selected. Should it do so, or should the original URI be referenced? Martin: keep as is (helps identifying errors. IMO no privacy issue.) * Proposed API Changes: - r->content_language is for backwards compatibility... with modules that may not link any longer without some minor editing. The new field is r->content_languages. Heck it's not even mentioned in apache-devsite/mmn.txt when we got content_languages (note the s!). The proposal is to remove r->content_language: Status: Paul +1, Ralf +1, Ken +1, Martin +1, Dirkx +1 (I could not find ANY module which uses it and which (still) compiles after the config change.) - child_exit() is redundant, it can be implemented via cleanups. It is not "symmetric" in the sense that there is no exit API method to go along with the init() API method. There is no need for an exit method, there are already modules using cleanups to perform this (see mod_mmap_static, and mod_php3 for example). The proposal is to remove the child_exit() method and document cleanups as the method of handling this need. Status: Rasmus +1, Paul +1, Jim +1, Martin +1, Ralf +1, Ken +1, Dirkx +1 (with doc change) * Should we re-enable nagle now that we're non-buffering CGIs? See various messages from Marc in March 98. * TZ should not be dealt with specially any longer now that we have "PassEnv". See Jim: IMO it's too late in the game for this... I'm sure this would cause some strange bug reports as people's cgi-scripts no longer work correctly ("It worked just fine before I upgraded to 1.3.0") unless we warn people in big nasty letters to add PassEnv TZ to their config files "just in case" and hope they do it :) Dirkx: Is not this the same issue about maintaining your 'env' ? * In ap_bclose() there's no test that (fb->fd != -1) -- so it's possible that it'll do something completely bogus when it's used for read-only things. - Dean Gaudet * Roy's HTTP/1.1 Wishlist items: 1) byte range error handling * use of spawnvp in uncompress_child in mod_mime_magic - doesn't use the new child_info structure, is this still safe? Needs to be looked at. * suexec doesn't understand argv parameters; e.g. fails even when "ls" is in the same directory because suexec is trying to stat a file called "ls -l". A patch for this is available at http://www.xnet.com/~emarshal/suexec.diff and it's not bad except that it doesn't handle programs with spaces in the filename (think win32, or samba-mounted filesystems). There are several PR's to this and I don't see for security reasons why we can't accomodate it, though it does add complexity to suexec.c. Accepting quoted executable names solves that issue. PR #1120 Brian: +1 Win32 specific issues: Important * fix O(n^2) attack in mod_isapi.c ... i.e. recopy the code from scan_script_headers_err_core. Concept patch available for review from OtherBill <002001bff8b6$cb53b420$345985d0@corecomm.net> * Apache console on Windows 95 (98?) won't close, close button/menu option can't (?) be intercepted, any workarounds out there? There is also an unverified report that Apache in a Win98 (95?) console window is ignoring shutdown/logoff, but this is not a confirmed report, and Apache as a hidden service does not share this reported problem. Perhaps this is a child process issue, or just a simple matter of timing, since a hidden window exists to intercept these conditions. In progress: * Windows install script review/revision? - Daniel S. Reichenbach is cooking something up. * Ben's ASP work... All agree it sounds cool. * Adding a tray application to the Windoze version for ease of status/management. (PR3594, PR4873) DDA's <01BCDB29.2C04DEB0@caravan.individual.com> DDA's <01BCDB2A.F8C09010@caravan.individual.com> There is no code here, only concept. Noone has implemented a pure C language WinAPI (no MFC) multiple-services aware taskbar app for both WinNT and Win95. Open to anyone proposing something complete. If it comes between releases, add it to contrib right away! See src/os/win32/monitoring-services.txt for details. Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as we get a single executable) Paul: No like Win95 specific stuff Ken: What's W95-specific about it? Help: * chdir() for CGI scripts and mod_include #exec needs to be re-implemented now that CreateProcess is being used. * process/thread model - need dynamic thread creation/destruction, similar to Unix process model * some errors printed by CGIs to stderr don't end up making it to the server log unless an extra debugging message is added after they run? (PR#1725 indicates this may not be just Win32) * handle bugs that make it pop up errors on console, ie. segv equiv? Can we do this? Need to make it robust. * install - make installshield work - config in cvs tree? - install docs, etc.? - location for install * the mutex should be critical-regions, since the current design is creating a mess of SO calls that are unnecessary * performance * modules that need to be made to work on win32 - mod_example isn't multithreadreded - mod_unique_id (needs mt changes) - mod_auth_db.c (do we want to even try this? We should have some db of some sort... what else can we pick from under win32?) - mod_auth_dbm.c - mod_log_agent.c - mod_log_referer.c - mod_mime_magic.c (needs access to mod_mime API stage...) * do something to disable bogus warnings * rfc1413.c has static storage which won't work multithreaded * mod_include --> exec cgi, exec cmd, etc. don't work right. Looks like a code path that isn't run anywhere else that has something not quite right... A PR or two on it. * Currently if you double click on the conf files or the log files you get a useless dialog offering the set of all executables, usually after a very long pause. Ought to stuff .conf in the registry mapping it to text. * apparently either "BrowserMatch" or the "nokeepalive" variable cause instability - see PR#1729. Binaries (1.3.12): Platform Avail. Volunteer ------------------------------------------------------------------------------ alpha-dec-osf3.0 no Sameer Parekh alpha-dec-osf4.0 no Lars Eilebrecht, Ken Coar, Randy Terbush alpha-whatever-linux2 no Randy Terbush armv4l-whatever-linux2 no Rasmus Lerdorf hppa1.1-hp-hpux-10.x no Rob Hartill, Randy Terbush i386-slackware-linux(a.out) no Sameer Parekh i386-sun-solaris2.5 no Sameer Parekh i386-sun-solaris2.6 no Randy Terbush i386-sun-solaris2.7 no Cliff Skolnick i386-unixware-svr4 no Sameer Parekh, Randy Terbush i386-unknown-freebsd2.1 no Andrew Wilson, Brian Tao i386-unknown-freebsd2.2.8 no Jim Jagielski i386-whatever-freebsd3.0 no Ken Coar i386-whatever-freebsd3.0 no Dirk-Willem van Gulik i386-whatever-freebsd3.3 yes Ask Bjoern Hansen i386-whatever-freebsd4.0 yes Ask Bjoern Hansen i686-pc-freebsd3.1 no Ralf S. Engelschall i586-unknown-linux2 no Ralf S. Engelschall, Lars Eilebrecht, Randy Terbush i686-unknown-linux2 yes Lars Eilebrecht i686-whatever-linux2 no Ken Coar, Randy Terbush i386-unknown-linux(ELF) no Aram Mirzadeh, Michael Douglass i386-unknown-netBSD-1.3.2 no Lars Eilebrecht, Randy Terbush i386-unknown-sco3 no Ben Laurie i386-unknown-sco5 no Ben Laurie i386-siemens-sinix5.4 yes Martin Kraemer i386-dg-dgux5.4R2.01 no Randy Terbush x86-qnx-4.x no Randy Terbush x86-bsdos-3.x no Randy Terbush x86-bsdos-4.x no Randy Terbush x86-openbsd-2.x no Randy Terbush m68k-apple-aux3.1.1 no Jim Jagielski m88k-dg-dgux5.4R2.01 no Sameer parekh m88k-next-next no Rob Hartill mips-dec-ultrix4.4 no Sameer Parekh mips-unknown-linux no Lars Eilebrecht mips-sgi-irix5.3 no Mark Imbrianco, Randy Terbush mips-sgi-irix6.2 no Lars Eilebrecht, Randy Terbush mips-sgi-irix6.4 no Lars Eilebrecht mips-siemens-reliantunix5.4 yes Martin Kraemer netware yes OS/2 yes Brian Havard OS/390-09.00-02 yes powerpc-apple-rhapsody5.6 yes Wilfredo Sanchez rs6000-ibm-aix3.2.5 no Sameer Parekh rs6000-ibm-aix4.1 no Lars Eilebrecht rs6000-ibm-aix4.2 yes Bill Stoddard rs6000-ibm-aix4.3.x no Bill Stoddard, Randy Terbush sparc-sun-solaris2.5 no Lars Eilebrecht, Randy Terbush sparc-sun-solaris2.6 no Lars Eilebrecht sparc-sun-solaris2.7 no Cliff Skolnick sparc-sun-sunos4.1.3_U1 no Sameer Parekh sparc-unknown-linux no Lars Eilebrecht, Randy Terbush