STATUS revision 4078ea12f82e53b5ffd48673c58d096cb0096d3c
25cf1a301a396c38e8adf52c15f537b80d2483f7jlAPACHE 2.0 STATUS: -*-text-*-
25cf1a301a396c38e8adf52c15f537b80d2483f7jlLast modified at [$Date: 2002/06/15 20:28:10 $]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.38 : in development.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.37 : rolled June 11, 2002. not released.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.36 : released May 6, 2002 as GA.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.35 : released April 5, 2002 as GA.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.34 : tagged March 26, 2002.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.33 : tagged March 6, 2002. not released.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.32 : released Feburary 16, 2002 as beta.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.31 : rolled Feburary 1, 2002. not released.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.30 : tagged January 8, 2002. not rolled.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.29 : tagged November 27, 2001. not rolled.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.28 : released November 13, 2001 as beta.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.27 : rolled November 6, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.26 : tagged October 16, 2001. not rolled.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.25 : rolled August 29, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.24 : rolled August 18, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.23 : rolled August 9, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.22 : rolled July 29, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.21 : rolled July 20, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.20 : rolled July 8, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.19 : rolled June 27, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.18 : rolled May 18, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.17 : rolled April 17, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.16 : rolled April 4, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.15 : rolled March 21, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.14 : rolled March 7, 2001
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a9 : released December 12, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a8 : released November 20, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a7 : released October 8, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a6 : released August 18, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a5 : released August 4, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a4 : released June 7, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a3 : released April 28, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a2 : released March 31, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0a1 : released March 10, 2000
25cf1a301a396c38e8adf52c15f537b80d2483f7jlPlease consult the following STATUS files for information
25cf1a301a396c38e8adf52c15f537b80d2483f7jlon related projects:
25cf1a301a396c38e8adf52c15f537b80d2483f7jlCURRENT RELEASE NOTES:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 2.0.38: In final pre-roll testing.
25cf1a301a396c38e8adf52c15f537b80d2483f7jlRELEASE SHOWSTOPPERS:
25cf1a301a396c38e8adf52c15f537b80d2483f7jlCURRENT VOTES:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * apachectl should revert to just being an init script and
25cf1a301a396c38e8adf52c15f537b80d2483f7jl httpd.sh should be the wrapper for httpd which sources envvars
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and allows any options to be passed through
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: trawick
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Should we always build [support*] binaries statically unless otherwise
25cf1a301a396c38e8adf52c15f537b80d2483f7jl indicated?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020129210006.B23512@Lithium.MeepZor.Com>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: Ken, *wrowe [they are PITAs on OSX]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -1: Justin, Ian
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * If the parent process dies, should the remaining child processes
25cf1a301a396c38e8adf52c15f537b80d2483f7jl "gracefully" self-terminate. Or maybe we should make it a runtime
25cf1a301a396c38e8adf52c15f537b80d2483f7jl option, or have a concept of 2 parent processes (one being a
25cf1a301a396c38e8adf52c15f537b80d2483f7jl "hot spare").
25cf1a301a396c38e8adf52c15f537b80d2483f7jl See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Self-destruct: Ken, Martin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Not self-destruct: BrianP, Ian, Cliff, BillS
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Make it runtime configurable: Aaron, Jim, Justin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Have 2 parents: +1: Jim
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -1: Justin, wrowe [for 2.0]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +0: Martin (while standing by, could it do
25cf1a301a396c38e8adf52c15f537b80d2483f7jl something useful?)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Make the worker MPM the default MPM for threaded Unix boxes.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: Justin, Ian, Cliff, BillS
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +0: BrianP, Aaron (mutex contention is looking better with the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl latest code, let's continue tuning and testing)
25cf1a301a396c38e8adf52c15f537b80d2483f7jlRELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * All handlers should always send content down even if r->header_only
25cf1a301a396c38e8adf52c15f537b80d2483f7jl is set. If not, it means that the HEAD requests don't generate the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl same headers as a GET which is wrong.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Is this a showstopper?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: Justin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * 500 returned instead of 501 if a handler other than default_handler
25cf1a301a396c38e8adf52c15f537b80d2483f7jl is invoked on a method with M_INVALID.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020613001913.J22524@apache.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Proposed patch: <20020613111913.S22524@apache.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Is this a showstopper?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: Justin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -1: Cliff, Aaron
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Returning invalid 304 errors when filters are present. [PR 9673]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <Pine.GSO.4.44.0206061713320.3848-100000@lab26.lacfas.hec.ca>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl <20020607135121.G19485@apache.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl <20020610204425.B19018@lyra.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Proposed patch: <20020607214725.K19485@apache.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: We should set r->no_local_copy, but where can we set it?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl We must set it before the handlers are run so that the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl appropriate handler can call ap_meets_conditions() before
25cf1a301a396c38e8adf52c15f537b80d2483f7jl generating the data. Greg has reservations about Justin's
25cf1a301a396c38e8adf52c15f537b80d2483f7jl proposed patch. Consensus needed.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Is this a showstopper?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl +1: Justin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -1: Cliff, Aaron
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * server pushed CGI's not working. (Is this a showstopper??)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <3CE15B85.2FF45121@apache.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * HP/UX 10.20: compile breakage in APR. Looks like it should be easy
25cf1a301a396c38e8adf52c15f537b80d2483f7jl to fix, probably just some extraneous #include's that are fouling
25cf1a301a396c38e8adf52c15f537b80d2483f7jl things up.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Jeff: See my reply and patch in the PR (and previous commit to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl stop using "pipe" as a field name). If patch is committed, we
25cf1a301a396c38e8adf52c15f537b80d2483f7jl should be okay. I'll wait to see if the user tests the patch.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * exec cmd and suexec arg-passing enhancements
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: Patches proposed
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020526041748.A29148@prodigy.Redbrick.DCU.IE>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (see the "proc.patch" and "suexec-shell.patch" links in this message)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get mod_cache/mod_mem_cache out of experimental (still some
25cf1a301a396c38e8adf52c15f537b80d2483f7jl work items left to complete)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The 2.0.36 worker MPM graceless shutdown changes work but are
25cf1a301a396c38e8adf52c15f537b80d2483f7jl a bit clunky on some platforms; eg, on Linux, the loop to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl join each worker thread seems to hang, and the parent ends up
25cf1a301a396c38e8adf52c15f537b80d2483f7jl killing off the child with SIGKILL. But at least it shuts down.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * --enable-mods-shared="foo1 foo2" is busted on Darwin. Pier
25cf1a301a396c38e8adf52c15f537b80d2483f7jl posted a patch (Message-ID: <B8DBBE8D.575A%pier@betaversion.org>).
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * We do not properly substitute the prefix-variables in the configuration
25cf1a301a396c38e8adf52c15f537b80d2483f7jl scripts or generated-configs. (i.e. if sysconfdir is etc,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl httpd-std.conf points to conf.)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * If any request gets through ap_process_request_internal() and is
25cf1a301a396c38e8adf52c15f537b80d2483f7jl scheduled to be served by the core handler, without a flag that this
25cf1a301a396c38e8adf52c15f537b80d2483f7jl r->filename was tested by dir/file_walk, we need to 500 at the very
25cf1a301a396c38e8adf52c15f537b80d2483f7jl end of the ap_process_request_internal() processing so sub_req-esters
25cf1a301a396c38e8adf52c15f537b80d2483f7jl know this request cannot be run. This provides authors of older
25cf1a301a396c38e8adf52c15f537b80d2483f7jl modules better compatibility, while still improving the security and
25cf1a301a396c38e8adf52c15f537b80d2483f7jl robustness of 2.0.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: still need to decide where this goes, OtherBill comments...
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl [Deleted comments regarding the ap_run_handler phase, as irrelevant
25cf1a301a396c38e8adf52c15f537b80d2483f7jl as BillS points out that "common case will be caught in
25cf1a301a396c38e8adf52c15f537b80d2483f7jl default_handler already (with the r->finfo.filetype == 0 check)"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and the issue is detecting this -before- we try to run the req.]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl gregames says: can this happen somehow without a broken module
25cf1a301a396c38e8adf52c15f537b80d2483f7jl being involved? If not, why waste cycles trying to defend against
25cf1a301a396c38e8adf52c15f537b80d2483f7jl potential broken modules? It seems futile.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl wrowe counters: no, it shouldn't happen unless the module is broken.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl But the right answer is to fail the request up-front in dir/file
25cf1a301a396c38e8adf52c15f537b80d2483f7jl walk if the path was entirely invalid; and we can't do that either
25cf1a301a396c38e8adf52c15f537b80d2483f7jl or we break modules that are unwilling to hook map_to_storage.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Rewrite core_output_filter. It is nearly impossible to support
25cf1a301a396c38e8adf52c15f537b80d2483f7jl it with predictable results as it is implemented now.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
25cf1a301a396c38e8adf52c15f537b80d2483f7jl how the Perchild MPM should be re-written. It hasn't worked
25cf1a301a396c38e8adf52c15f537b80d2483f7jl correctly since filters were added because it wasn't possible to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl get the content that had already been written and the socket at
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the same time. This mode lets us do that, so the MPM can be
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * htpasswd blindly processes the file you give it, and does no
25cf1a301a396c38e8adf52c15f537b80d2483f7jl sanity checking before totally corrupting whatever file it was
25cf1a301a396c38e8adf52c15f537b80d2483f7jl you thought you had. It should check the input file and bail
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if it finds non-comment lines that do not contain exactly 1
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ':' character.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020217150457.A31632@clove.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Can a static httpd be built reliably?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020207142751.T31582@clove.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * [Ken] Test suite failures:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl o worker is also failing some of the 'cgi' subtests
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin says: "Worker should be fine and passes httpd-test here.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl If you can provide evidence that it can be reproduced
25cf1a301a396c38e8adf52c15f537b80d2483f7jl outside of httpd-test, then it's a showstopper. I
25cf1a301a396c38e8adf52c15f537b80d2483f7jl think it's a perl or a httpd-test problem."
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Not a showstopper: Justin
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
25cf1a301a396c38e8adf52c15f537b80d2483f7jl removed if possible.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <Pine.LNX.4.33.0201202232430.318-100000@deepthought.cs.virginia.edu>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * There is a bug in how we sort some hooks, at least the pre-config
25cf1a301a396c38e8adf52c15f537b80d2483f7jl hook. The first time we call the hooks, they are in the correct
25cf1a301a396c38e8adf52c15f537b80d2483f7jl order, but the second time, we don't sort them correctly. Currently,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the modules/http/config.m4 file has been renamed to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl modules/http/config2.m4 to work around this problem, it should moved
25cf1a301a396c38e8adf52c15f537b80d2483f7jl back when this is fixed. rbb
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin says: "Is this really a showstopper? This has been here
25cf1a301a396c38e8adf52c15f537b80d2483f7jl forever. What's wrong? Does this have to do with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl autoconf or m4?"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Not a showstopper: Justin, BrianP, trawick, gregames
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The Add...Filter and Set...Filter directives do not allow the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl administrator to order filters, beyond the order of filename (mime)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl extensions. It isn't clear if Set...Filter(s) should be inserted
25cf1a301a396c38e8adf52c15f537b80d2483f7jl before or after the Add...Filter(s) which are ordered by sequence of
25cf1a301a396c38e8adf52c15f537b80d2483f7jl filename extensions. At minimum, some sort of +-[0-10] syntax seems
25cf1a301a396c38e8adf52c15f537b80d2483f7jl like the quickest fix for a 2.0 gold release.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin says: "Could we delay this for a point release or 2.1?"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Not a showstopper: justin, wrowe, trawick, stoddard, Jim, Ian, Aaron,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get perchild to work on platforms other than Linux. This
25cf1a301a396c38e8adf52c15f537b80d2483f7jl will require a portable mechanism to pass data and file/socket
25cf1a301a396c38e8adf52c15f537b80d2483f7jl descriptors between vhost child groups. An API was proposed
25cf1a301a396c38e8adf52c15f537b80d2483f7jl on dev@apr:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <20020111115006.K1529@clove.org>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Try to get libtool inter-library dependency code working on AIX.
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt Message-ID: <cm3n10lx555.fsf@rdu163-40-092.nc.rr.com>
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin says: If we get it working on AIX, we can enable this
25cf1a301a396c38e8adf52c15f537b80d2483f7jl on all platforms and clean up our build system
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Jeff says: I thought I tested a patch for you sometime in
25cf1a301a396c38e8adf52c15f537b80d2483f7jl January that you were going to commit within a few
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Handling of %2f in URIs. Currently both 1.3 and 2.0
25cf1a301a396c38e8adf52c15f537b80d2483f7jl completely disallow %2f in the request URI path (see
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ap_unescape_url() in util.c). It's permitted and passed
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt through in the query string, however. Roy says the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl original reason for disallowing it, from five years ago,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl was to protect CGI scripts that applied PATH_INFO to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl a filesystem location and which might be tricked by
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ..%2f..%2f(...). We *should* allow path-info of the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Since we've revamped a lot of our processing of path
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt segments, it would be nice to allow this, or at least
25cf1a301a396c38e8adf52c15f537b80d2483f7jl allow it conditionally with a directive.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * FreeBSD, threads, and worker MPM. All seems to work fine
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if you only have one worker process with many threads. Add
25cf1a301a396c38e8adf52c15f537b80d2483f7jl a second worker process and the accept lock seems to be
25cf1a301a396c38e8adf52c15f537b80d2483f7jl lost. This might be an APR issue with how it deals with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the child_init hook (i.e. the fcntl lock needs to be resynced).
25cf1a301a396c38e8adf52c15f537b80d2483f7jl More examination and analysis is required.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: This has also been reported on Cygwin.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <3C2CC514.8EF3BED1@wapme-systems.de> (cygnus)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin says: So, FreeBSD-CURRENT and Cywin have the same
25cf1a301a396c38e8adf52c15f537b80d2483f7jl problem. Yum. If another platform has this
25cf1a301a396c38e8adf52c15f537b80d2483f7jl with worker, this becomes a showstopper.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Aaron says: I spent some time disecting this and have come to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the conclusion that it is not a problem in the worker MPM
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (or at least, it is not isolated to a problem in worker).
25cf1a301a396c38e8adf52c15f537b80d2483f7jl I'll list some of the problems I'm seeing in case someone
25cf1a301a396c38e8adf52c15f537b80d2483f7jl else wants to pick up where I've left off:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - Delivery of just about any signal to one of the child
25cf1a301a396c38e8adf52c15f537b80d2483f7jl processes will send it into an infinite loop as well.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - Even though the parent is spinning out of control,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl at first the child or children will appear to work
25cf1a301a396c38e8adf52c15f537b80d2483f7jl properly. At times it is possible to get it into a state,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl however, where a request will hang until another concurrent
25cf1a301a396c38e8adf52c15f537b80d2483f7jl request "kicks" the first, at which point the second will
25cf1a301a396c38e8adf52c15f537b80d2483f7jl hang. My theory is that this has to do with the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl pthread_cond_*() implementation in FreeBSD, but it's still
25cf1a301a396c38e8adf52c15f537b80d2483f7jl possible that it is in APR.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Justin adds: Oh, FreeBSD threads are implemented entirely with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl select()/poll()/longjmp(). Welcome to the nightmare.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl So, that means a ktrace output also has the thread
25cf1a301a396c38e8adf52c15f537b80d2483f7jl scheduling internals in it (since it is all the same to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the kernel). Which makes it hard to distinguish between
25cf1a301a396c38e8adf52c15f537b80d2483f7jl our select() calls and their select() calls.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl *bangs head on wall repeatedly* But, some of the libc_r
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt files have a DBG_MSG #define. This is moderately helpful
25cf1a301a396c38e8adf52c15f537b80d2483f7jl when used with -DNO_DETACH. The kernel scheduler isn't
25cf1a301a396c38e8adf52c15f537b80d2483f7jl waking up the threads on a select(). Yum. And, I bet
25cf1a301a396c38e8adf52c15f537b80d2483f7jl those decrementing select calls have to do with the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl scheduler. Time to brush up on our OS fundamentals.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * There is increasing demand from module writers for an API
25cf1a301a396c38e8adf52c15f537b80d2483f7jl that will allow them to control the server � la apachectl.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Reasons include sole-function servers that need to die if
25cf1a301a396c38e8adf52c15f537b80d2483f7jl an external dependency (e.g., a database) fails, et cetera.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Perhaps something in the (ever more abused) scoreboard?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl rbb: I don't believe the scoreboard is the correct mechanism
25cf1a301a396c38e8adf52c15f537b80d2483f7jl for this. We already have a pipe that goes between parent
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and child for graceful shutdown events, along with an API that
25cf1a301a396c38e8adf52c15f537b80d2483f7jl can be used to send a message down that pipe. In threaded MPMs,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl it is easy enough to make that one pipe be used for graceful
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and graceless events, and it is also easy to open that pipe
25cf1a301a396c38e8adf52c15f537b80d2483f7jl to both parent and child for writing. Then we just need to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl figure out how to do graceless on non-threaded MPMs.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Allow the DocumentRoot directive within <Location > scopes? This
25cf1a301a396c38e8adf52c15f537b80d2483f7jl allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
25cf1a301a396c38e8adf52c15f537b80d2483f7jl by a <Directory /somepath/foo> to become simply
25cf1a301a396c38e8adf52c15f537b80d2483f7jl <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and in-your-face.) DocumentRoot unset would be accepted [and would
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt not permit content to be served, only virtual resources such as
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt server-info or server-status.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl This proposed change would _not_ depricate Alias.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Win32: Rotatelogs sometimes is not terminated when Apache
25cf1a301a396c38e8adf52c15f537b80d2483f7jl goes down hard. FirstBill was looking at possibly tracking the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl child's-child processes in the parent process.
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt OtherBill asks, wasn't this fixed?
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt stoddard: Not fixed. Shared scoreboard might offer a good
25cf1a301a396c38e8adf52c15f537b80d2483f7jl way for the parent to keep track of 'other child' processes
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and whack them if the child goes down.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Other thoughts on walking the process chain using the NT kernel
25cf1a301a396c38e8adf52c15f537b80d2483f7jl have also been proposed on APR.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Win32: Add a simple hold console open patch (wait for close or
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the ESC key, with a nice message) if the server died a bad
25cf1a301a396c38e8adf52c15f537b80d2483f7jl death (non-zero exit code) in console mode.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Resolution: bring forward same ugly hacks from 1.3.13-.20
25cf1a301a396c38e8adf52c15f537b80d2483f7jl This is not so simple. Any exit() from APR or other libraries
25cf1a301a396c38e8adf52c15f537b80d2483f7jl can't be caught unless we add some sort of apr_exit(rv) with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl registered apr_atexit() fn's that have the return code as an
25cf1a301a396c38e8adf52c15f537b80d2483f7jl argument to the registered fn.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Eliminate unnecessary creation of pipes in mod_cgid
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Combine log_child and piped_log_spawn. Clean up http_log.c.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Common logging API.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Document mod_file_cache.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Platforms that do not support fork (primarily Win32 and AS/400)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Architect start-up code that avoids initializing all the modules
25cf1a301a396c38e8adf52c15f537b80d2483f7jl in the parent process on platforms that do not support fork.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Win32: Migrate the MPM over to use APR thread/process calls. This
25cf1a301a396c38e8adf52c15f537b80d2483f7jl would eliminate some code in the Win32 branch that essentially
25cf1a301a396c38e8adf52c15f537b80d2483f7jl duplicates what is in APR.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * There are still a number of places in the code where we are
25cf1a301a396c38e8adf52c15f537b80d2483f7jl losing error status (i.e. throwing away the error returned by a
25cf1a301a396c38e8adf52c15f537b80d2483f7jl system call and replacing it with a generic error code)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Mass vhosting version of suEXEC.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * All DBMs suffer from confusion in support/dbmmanage (perl script) since
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the dbmmanage employs the first-matched dbm format. This is not
25cf1a301a396c38e8adf52c15f537b80d2483f7jl necessarily the library that Apache was built with. Aught to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl rewrite dbmmanage upon installation to bin/ with the proper library
25cf1a301a396c38e8adf52c15f537b80d2483f7jl for predictable mod_auth_dbm administration.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Questions; htdbm exists, time to kill dbmmanage, or does it remain
25cf1a301a396c38e8adf52c15f537b80d2483f7jl useful as a perl dbm management example? If we keep it,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl do we address the issue above?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Integrate mod_dav.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Some additional items remaining:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - case_preserved_filename stuff
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (use the new canonical name stuff?)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - find a new home for ap_text(_header)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - is it possible to remove the DAV: namespace stuff from util_xml?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
25cf1a301a396c38e8adf52c15f537b80d2483f7jl are a bit wonky. The function should probably be exposed as a utility
25cf1a301a396c38e8adf52c15f537b80d2483f7jl function (such as ap_translate_url2fs() or ap_validate_fs_url() or
25cf1a301a396c38e8adf52c15f537b80d2483f7jl something). Another approach would be a new hook phase after
25cf1a301a396c38e8adf52c15f537b80d2483f7jl "translate" which would allow the module to munge what the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl translation has decided to do.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: Greg +1 (volunteers), Ryan +1
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Explore use of a post-config hook for the code in http_main.c which
25cf1a301a396c38e8adf52c15f537b80d2483f7jl calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ap_sort_hooks() [to reduce the logic in main()]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * read the config tree just once, and process N times (as necessary)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
25cf1a301a396c38e8adf52c15f537b80d2483f7jl into a VirtualHost container) to 2.0.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * shift stuff to mod_core.h
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * callers of ap_run_create_request() should check the return value
25cf1a301a396c38e8adf52c15f537b80d2483f7jl for failure (Doug volunteers)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Win32: Get Apache working on Windows 95/98. The following work
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (at least) needs to be done:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - Document warning that OSR2 is required (for Crypt functions, in
25cf1a301a396c38e8adf52c15f537b80d2483f7jl rand.c, at least.) This could be resolved with an SSL library, or
25cf1a301a396c38e8adf52c15f537b80d2483f7jl randomization in APR itself.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
25cf1a301a396c38e8adf52c15f537b80d2483f7jl actually works) and add in a splash of Win9x service code.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Fix the worker MPM to use POD to kill child processes instead
25cf1a301a396c38e8adf52c15f537b80d2483f7jl of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Scoreboard structures could be changed in the future such that
25cf1a301a396c38e8adf52c15f537b80d2483f7jl proper alignment is not maintained, leading to segfaults on
25cf1a301a396c38e8adf52c15f537b80d2483f7jl some systems. Cliff posted a patch to deal with this issue but
25cf1a301a396c38e8adf52c15f537b80d2483f7jl later recanted. See this message to dev@apr.apache.org:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Message-ID: <Pine.LNX.4.44.0203011354090.16457-200000@deepthought
25cf1a301a396c38e8adf52c15f537b80d2483f7jlTODO ISSUES REMAINING IN MOD_SSL:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * In order to use a DSO version of mod_ssl we have to link with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -lssl and -lcrypto. A workaround is in place right now where the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl entire EXTRA_LIBS macro is being appended to the objects list, but
25cf1a301a396c38e8adf52c15f537b80d2483f7jl this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
25cf1a301a396c38e8adf52c15f537b80d2483f7jl autoconf function or come up with some other autoconf checks to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl search for libssl and libcrypto and properly add them to mod_ssl's
25cf1a301a396c38e8adf52c15f537b80d2483f7jl link flags.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * SSL renegotiations in combination with POST request
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Port or dispose all code inside #if 0...#endif blocks that remain
25cf1a301a396c38e8adf52c15f537b80d2483f7jl from the porting effort.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Do we need SSL_set_read_ahead()?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * the ssl_expr api is NOT THREAD SAFE. race conditions exist:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl -in ssl_expr_comp() if SSLRequire is used in .htaccess
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (ssl_expr_info is global)
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt -is ssl_expr_eval() if there is an error
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (ssl_expr_error is global)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * SSLRequire directive (parsing of) leaks memory
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Diffie-Hellman-Parameters for temporary keys are hardcoded in
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl "it is suggested that keys be changed daily or every 500
25cf1a301a396c38e8adf52c15f537b80d2483f7jl transactions, and more often if possible."
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * ssl_var_lookup could be rewritten to be MUCH faster
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * CRL callback should be pluggable
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * session cache store should be pluggable
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * init functions should return status code rather than ssl_die()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * ssl_engine_pphrase.c needs to be reworked so it is generic enough
25cf1a301a396c38e8adf52c15f537b80d2483f7jl to also decrypt proxy keys
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * the shmcb code should just align its memory segment rather than
25cf1a301a396c38e8adf52c15f537b80d2483f7jl jumping through all the "safe" memcpy and memset hoops
25cf1a301a396c38e8adf52c15f537b80d2483f7jlEXPERIMENTAL MODULES:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Experimental modules should eventually be be promoted to fully supported
25cf1a301a396c38e8adf52c15f537b80d2483f7jl status or removed from the repository entirely (ie, the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl 'experiment' failed). This section tracks what needs to happen to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl get the modules promoted to fully supported status.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_cache: handle cache_control: no_cache "field_name" to enable
25cf1a301a396c38e8adf52c15f537b80d2483f7jl cacheing the response w/o header "field_name"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl See RFC2616 section 14.9.1
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_cache: CacheEnable/CacheDisable should accept regular expressions.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_cache: Fix dependency on ATOMIC operators. Need
25cf1a301a396c38e8adf52c15f537b80d2483f7jl APR_HAS_ATOMIC_* feature macros.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_disk_cache: Implement garbage collection
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_mem_cache/mod_disk_cache: Need to be able to query cache
25cf1a301a396c38e8adf52c15f537b80d2483f7jl status (num of entries, cache object properties, etc.).
25cf1a301a396c38e8adf52c15f537b80d2483f7jl mod_status could be extended to query optional hooks defined
25cf1a301a396c38e8adf52c15f537b80d2483f7jl by modules for the purpose of reporting module status.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl mod_cache (et. al.) could define optional hooks that are called
25cf1a301a396c38e8adf52c15f537b80d2483f7jl to collect status. Status should be queryable by
25cf1a301a396c38e8adf52c15f537b80d2483f7jl HTTP or SNMP?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_mem_cache: garbage collection. One strategy is to simply
25cf1a301a396c38e8adf52c15f537b80d2483f7jl remove stale entries as we attempt to serve them. Another
25cf1a301a396c38e8adf52c15f537b80d2483f7jl strategy is to kick off a GC thread that traverses the cache
25cf1a301a396c38e8adf52c15f537b80d2483f7jl and preemptively remove stale entries. How to manage a
25cf1a301a396c38e8adf52c15f537b80d2483f7jl cache that is full? Do LRU GC? Other? Bueller?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_mem_cache/mod_disk_cache: Complete implementing config
25cf1a301a396c38e8adf52c15f537b80d2483f7jl directives.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Sample config for mod_cache/mod_mem_cache/mod_disk_cache for
25cf1a301a396c38e8adf52c15f537b80d2483f7jl inclusion into httpd.conf.
25cf1a301a396c38e8adf52c15f537b80d2483f7jlPRs that have been suspended forever waiting for someone to
25cf1a301a396c38e8adf52c15f537b80d2483f7jlput them into 'the next release':
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * documentation and Q&A
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2221: Make online documentation search link back to my installation
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2906: Propose that Apache recommend $UNIQUE_ID for all "session id"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl algorithms
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2793: When will Apache support P3P? Any Plans?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2113: HTTP Server Rebuild Line Needs Changing for the better
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2421: problem specifying ndbm library for build ?with autoconfigure
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#76: missing call to "setlocale();"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#628: Request of "Options SymLinksIfGroupMatch"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#793: RLimitCPU and RLimitMEM don't apply to all children like they should
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#922: it is useful to allow specifiction that root-owned symlinks
25cf1a301a396c38e8adf52c15f537b80d2483f7jl should always be followed
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1028: DoS attacks involving memory consumption
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1191: setlogin() is not called, causing problems with e.g. identd
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1204: regerror() exists, use it
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2284: Can not POST to ErrorDocument - Apache/1.3b6
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2396: Proposal for TimeZone directive
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2446: AllowOverride FileInfo is too coarse
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2760: [PATCH] User/Group for <Directory> and <Location> i.e. not only
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt in global and <Virtual>.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2907: suggestion: power up your Include directive :)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3018: cannot limit some HTTP methods
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3677: New ErrorDocumentMatch directive
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#4244: "Files" and "FilesMatch" regexp does not recognize bang as
25cf1a301a396c38e8adf52c15f537b80d2483f7jl negation operator
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#5993: AllowOverride should have a 'CheckNone' and 'AllowNone' argument
25cf1a301a396c38e8adf52c15f537b80d2483f7jl instead of only 'None'
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_access
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#537: mod_access syntax allows hosts that should be restricted
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1287: add allow,deny/deny,allow warning to mod_access
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2512: <IfDenied> directive wanted
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_auth-any
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#557: ~UserHome directories are not honored in absolute pathname
25cf1a301a396c38e8adf52c15f537b80d2483f7jl requests (.htaccess)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1117: Using NIS passwd.byname dbm files with AuthDBMUserFile
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1809: Suggestion for improving authentication modules and core source
25cf1a301a396c38e8adf52c15f537b80d2483f7jl code, problem with 401 and ErrorDocument
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_autoindex
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1263: Add frame-safe anchor attribute to mod_autoindex links
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_cgi (and suexec)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#921: suexec Uses cwd before filling it in, doesn't use syslog
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1176: Apache cannot handle continuation line in headers
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1120: suexec does not parse arguments to #exec cmd
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1268: CGI scripts running as Apache user: security (suexec etc.)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1285: Error messages could be easier to spot in cgi.log file for suexec.c
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1905: suexec - Allow modules to set user:group for execution.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2360: suexec for general access of user content?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2460: TimeOut applies to output of CGI scripts
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2573: CGI's for general use still have to be run as another user
25cf1a301a396c38e8adf52c15f537b80d2483f7jl with suExec
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#4241: Need to be able to override shebang line to make CGI scripts
25cf1a301a396c38e8adf52c15f537b80d2483f7jl more portable.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#4490: mod_cgi prevents handling of OPTIONS requests
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#370: Modified PATH environemnt variable is not passed, instead
25cf1a301a396c38e8adf52c15f537b80d2483f7jl system's is used
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_headers
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1383: I make mod_headers to modify request headers as well as
25cf1a301a396c38e8adf52c15f537b80d2483f7jl response ones.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1677: mod_headers should allow mod_log_config-style formats in
25cf1a301a396c38e8adf52c15f537b80d2483f7jl header values
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_imap
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#759: imap should read <MAP><AREA>*</MAP> too!
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_include
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#78: Additional status for XBitHack directive
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#623: A smarter "Last Modified" value for SSI documents (see PR number 600)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1145: mod_include
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Allow for Last-Modified: without resorting to XBitHack
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1803: patches to mod_include to allow for file tests
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#4459: Suggestion for better handling of Last-modified headers
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_info
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2415: /server-info doesn't check for the virtual host to list the info
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_log-any
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1050: Logging of virtual server to error_log as well
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1358: Selective url-encode of log fields (or maybe a pseudo
25cf1a301a396c38e8adf52c15f537b80d2483f7jl log_rewrite module?)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2073: pipelined connections are not logged correctly
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#4448: Please allow CGI env variables (QUERY_STRING, ...) to be logged
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_negotiation
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3191: no way to set global quality-of-source (qs) coneg values
25cf1a301a396c38e8adf52c15f537b80d2483f7jl with multiviews
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_proxy
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#362: Mod_proxy doesn't allow change of error pages
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#440: Proxy doesn't deliver documents if not connected
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#534: proxy converts ~name to %7Ename when name starts with a dot (.)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#612: Proxy FTP Authentication Fails
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#700: Proxy doesn't do links right for OpenVMS files through ftp:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#980: Controlling Access to Remote Proxies would be nice...
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#994: Adding authentication "on the fly" through the proxy module
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1085: ProxyRemote make a dead cycle.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1166: ``nph-'' not honored (no buffering) for ProxyRemote mapping
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1290: Need to know "hit-rate" on proxy cache
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1532: Proxy transfer logging
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1547: No HTTP_X_FORWARDED_FOR set...
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1567: ProxyRemote proxy requests fail authentication by firewall
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1702: mod_proxy to support persistent conns?
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1878: listing of proxy cache content
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2314: patterns in ProxyRemote
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2648: Cache file names in Proxy module
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3568: Accessing URL through proxy server corrupts data.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3605: Some anonymous FTP URLs ask for authentication
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_rewrite
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1582: mod_rewrite forms REQUEST_URI different than mod_cgi does
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2074: mod_rewrite doesn't pass Proxy Throughput on internal subrequests
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * mod_status
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2138: mod_status always displays 256 possible connection slots
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2343: Status module averages are for entire uptime
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * apache-api
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1004: request_config field in request_rec is moderately bogus
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1158: improvements to child spawning API
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#1233: there is no way to keep per-connection per-module state
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2024: adding auth_why to conn_rec
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2873: Feedback/Comment on APACI
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#3143: No module specific data hook for per-connection data
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * generally odds and ends
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2431: A small addition to rotatelogs.c to improve program functionality.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2763: mailto tags and bundling bug report script
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2785: os-aix Support for System Resource Controller
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#2889: Inclusion of RPM spec file in CVS/distributions
25cf1a301a396c38e8adf52c15f537b80d2483f7jl PR#5713: os-windows [PATCH] install as win32 service with domain account
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: Cannot accept password-as-arg, we should prompt the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl user when -k install/-k config with a user argument.
25cf1a301a396c38e8adf52c15f537b80d2483f7jlOther bugs that need fixing:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * ap_discard_request should be converted to use the bucket API
25cf1a301a396c38e8adf52c15f537b80d2483f7jl directly rather than waste cycles copying buffers with the old API.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * MaxRequestsPerChild measures connections, not requests.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Until someone has a better way, we'll probably just rename it
25cf1a301a396c38e8adf52c15f537b80d2483f7jl "MaxConnectionsPerChild".
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Regex containers don't work in an intutive way
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: No one has come up with an efficient way to fix this
25cf1a301a396c38e8adf52c15f537b80d2483f7jl behavior. Dean has suggested getting rid of regex containers
25cf1a301a396c38e8adf52c15f537b80d2483f7jl completely.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl OtherBill suggests: We at least seem to agree on eliminating
25cf1a301a396c38e8adf52c15f537b80d2483f7jl the <Container ~ foo> forms, and using only
25cf1a301a396c38e8adf52c15f537b80d2483f7jl <ContainerMatch foo> semantics.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
25cf1a301a396c38e8adf52c15f537b80d2483f7jl sigwaiting thread. We need to work around this, perhaps unless
25cf1a301a396c38e8adf52c15f537b80d2483f7jl there is hope soon for a fixed glibc.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * orig_ct in the byterange/multipart handling may not be
25cf1a301a396c38e8adf52c15f537b80d2483f7jl needed. Apache 1.3 just never stashed "multipart" into
25cf1a301a396c38e8adf52c15f537b80d2483f7jl r->content_type. We should probably follow suit since the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl byterange stuff doesn't want the rest of the code to see the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl multipart content-type; the other code should still think it is
25cf1a301a396c38e8adf52c15f537b80d2483f7jl dealing with the <orig_ct> stuff.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: Greg volunteers to investigate (esp. since he was most
25cf1a301a396c38e8adf52c15f537b80d2483f7jl likely the one to break it :-)
25cf1a301a396c38e8adf52c15f537b80d2483f7jlBinaries (2.0.35):
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Platform Avail. Volunteer
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ------------------------------------------------------------------
25cf1a301a396c38e8adf52c15f537b80d2483f7jl AIX 4.3.3 Bill Stoddard
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Mandrake 8.1 no Ryan Bloom
25cf1a301a396c38e8adf52c15f537b80d2483f7jl FreeBSD 4.1 yes Ryan Bloom
25cf1a301a396c38e8adf52c15f537b80d2483f7jl i386-unknown-freebsd4.5 yes Aaron Bannert
25cf1a301a396c38e8adf52c15f537b80d2483f7jl OS X 10.1.3/Darwin 5.3 yes Jim Jagielski
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Solaris 8.x/sparc yes Jim Jagielski
25cf1a301a396c38e8adf52c15f537b80d2483f7jl i686-pc-linux-gnu-rh70 yes Aaron Bannert
25cf1a301a396c38e8adf52c15f537b80d2483f7jl i686-pc-linux-gnu-rh72 yes Aaron Bannert
25cf1a301a396c38e8adf52c15f537b80d2483f7jl i386-pc-solaris2.8 yes Aaron Bannert
25cf1a301a396c38e8adf52c15f537b80d2483f7jl powerpc-unknown-linux-gnu yes Graham Leggett
25cf1a301a396c38e8adf52c15f537b80d2483f7jl NetWare yes Brad Nicholes
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Win32-x86 yes William Rowe
25cf1a301a396c38e8adf52c15f537b80d2483f7jlOther features that need writing:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Finish infrastructure in core for async MPMs
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: post 2.0
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * TODO in source -- just do an egrep on "TODO" and see what's there
25cf1a301a396c38e8adf52c15f537b80d2483f7jlAvailable Patches:
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
25cf1a301a396c38e8adf52c15f537b80d2483f7jl htpasswd actions due to a full /tmp volume (other programs may have
25cf1a301a396c38e8adf52c15f537b80d2483f7jl similar problems?)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
25cf1a301a396c38e8adf52c15f537b80d2483f7jl performance
25cf1a301a396c38e8adf52c15f537b80d2483f7jl Status: These were written for 1.3, and are awaiting a port to
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt other small mod_usertrack features
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
154b1f02449b21af9273efd1a7776a3fe65a0744jrutt of SSI's to be modified in the config file. Patch is available in