Apache-TestItSelf
Before we can try to improve the problems with A-T config issues, we need a test suite. Since until now, every fix was breaking 10 other things. So I've started working on one. It's probably going to change a lot, but I have a working prototype. In order to use it apply the attached patch against Apache-Test/ and run: perl Makefile.PL now the t_c/TEST script runs the tests against Apache-Test, modperl-2.0, other CPAN modules. All you need to do is to supply a config file for each group of the above tests. For example: I run this against Apache-Test: t_c/TEST -v -base ~/work/modules/Apache-VMonitor-2.0 -config ~/.apache-test/apache_test_config.pm where ~/.apache-test/apache_test_config.pm contains: @Apache::TestItSelf::Configs = ( { apxs_exec = '/home/stas/httpd/prefork/bin/apxs', httpd_exec= '/home/stas/httpd/prefork/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'prefork', makepl_arg= '-libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, }, { apxs_exec = '/home/stas/httpd/worker/bin/apxs', httpd_exec= '/home/stas/httpd/worker/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'worker', makepl_arg= '-libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, }, ); 1; Next I run the same tests against Apache-VMonitor-2.0 (or any other module that deployes A-T): t_c/TEST -v -base ~/work/modules/Apache-VMonitor-2.0 -config ~/.apache-test/apache2_modules_testitself_config.pm where ~/.apache-test/apache2_modules_testitself_config.pm is: @Apache::TestItSelf::Configs = ( { apxs_exec = '/home/stas/httpd/prefork/bin/apxs', httpd_exec= '/home/stas/httpd/prefork/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'prefork', makepl_arg= 'MOD_PERL=2 -libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, test_verbose = 0, }, { apxs_exec = '/home/stas/httpd/worker/bin/apxs', httpd_exec= '/home/stas/httpd/worker/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'worker', makepl_arg= 'MOD_PERL=2 -libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, test_verbose = 0, }, ); 1; and finally modperl-2.0: t_c/TEST -v -base ~/apache.org/mp2-cvs -config ~/.apache-test/modperl2_testitself_config.pm t_c/httpd_arg.t where ~/.apache-test/modperl2_testitself_config.pm @Apache::TestItSelf::Configs = ( { apxs_exec = '/home/stas/httpd/prefork/bin/apxs', httpd_exec= '/home/stas/httpd/prefork/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'prefork', makepl_arg= 'MP_APXS=/home/stas/httpd/prefork/bin/apxs MP_INST_APACHE2=1 MP_MAINTAINER=1', timeout = 900, }, { apxs_exec = '/home/stas/httpd/worker/bin/apxs', httpd_exec= '/home/stas/httpd/worker/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'worker', makepl_arg= 'MP_APXS=/home/stas/httpd/worker/bin/apxs MP_INST_APACHE2=1 MP_MAINTAINER=1', timeout = 900, }, ); 1; t_c/interactive.t can't be run with modperl-2.0. I'm going to add the skip mechanism via the config files. (The only practical problem I see at the moment is that things are pretty slow... but it's better than no tests suite at all). The config files are going to evolve and the key names will change too... At the moment there are only 2 test files, more will be added as things evolve. Comments are welcome. I'd like to start committing things after some additional polish if there are no objections. -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com Index: Makefile.PL === RCS file: /home/cvs/httpd-test/perl-framework/Apache-Test/Makefile.PL,v retrieving revision 1.24 diff -u -u -r1.24 Makefile.PL --- Makefile.PL 27 Sep 2004
Re: Apache-TestItSelf
I run this against Apache-Test: t_c/TEST -v -base ~/work/modules/Apache-VMonitor-2.0 -config ~/.apache-test/apache_test_config.pm Sorry, that should have been: t_c/TEST -v -base ~/apache.org/Apache-Test -config ~/.apache-test/apache_test_config.pm where ~/.apache-test/apache_test_config.pm contains: @Apache::TestItSelf::Configs = ( { apxs_exec = '/home/stas/httpd/prefork/bin/apxs', httpd_exec= '/home/stas/httpd/prefork/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'prefork', makepl_arg= '-libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, }, { apxs_exec = '/home/stas/httpd/worker/bin/apxs', httpd_exec= '/home/stas/httpd/worker/bin/httpd', perl_exec = '/home/stas/perl/5.8.5-ithread/bin/perl5.8.5', mp_gen= 2.0, httpd_gen = 2.0, httpd_version = 'Apache/2.0.53-dev', httpd_mpm = 'worker', makepl_arg= '-libmodperl mod_perl-5.8.5-ithread.so', timeout = 200, }, -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestMM.pm
Seems it's not Win32 friendly, see this complaint: http://marc.theaimsgroup.com/?t=10994804082r=1w=2 [EMAIL PROTECTED] wrote: geoff 2004/10/25 18:42:14 Modified:perl-framework/Apache-Test/lib/Apache TestMM.pm Log: make sure TEST_VERBOSE respects the environment, not just the current shell command. somebody shout if ?= isn't portable, but a few accounts indicate that it is Revision ChangesPath 1.42 +1 -1 httpd-test/perl-framework/Apache-Test/lib/Apache/TestMM.pm -- Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5 http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5 signature.asc Description: OpenPGP digital signature
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestMM.pm
[EMAIL PROTECTED] wrote: geoff 2004/11/03 12:37:22 Modified:perl-framework/Apache-Test/lib/Apache TestMM.pm Log: reverting to 1.41 - apparently the conditional assignment borks win32 return $preamble . 'EOF' . $cover; -TEST_VERBOSE ?= 0 +TEST_VERBOSE = 0 why not if (WIN32) {} then? -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't have a good suggestion yet, but is there a way to implement the logic so that attributes could be also AND'ed together? Or even a NOT-EQUAL operation? I think the best way to do this probably is instead of saying require ldap-attribute you say require LDAP filter. In other words, like this: require filter (objectclass=specialPerson) or require filter (host=somehost.com) This supports more complicated stuff, like this: require filter ((objectclass=specialPerson)(host=somehost.com)) Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
Good suggestion. I am +1 for the patch as-is with the intent of looking into adding the below On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote: Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't have a good suggestion yet, but is there a way to implement the logic so that attributes could be also AND'ed together? Or even a NOT-EQUAL operation? I think the best way to do this probably is instead of saying require ldap-attribute you say require LDAP filter. In other words, like this: require filter (objectclass=specialPerson) or require filter (host=somehost.com) This supports more complicated stuff, like this: require filter ((objectclass=specialPerson)(host=somehost.com)) Regards, Graham -- -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ There 10 types of people: those who read binary and everyone else.
Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
I like the suggestion as well because I think that would be the right way to implement complex LDAP expressions. But it would probably take adding at least a new util_ldap_filter_search() API to Util_ldap() in order to accomodate this functionality. The advantage of also having an ldap-attribute directive is because if simplicity as well as performance. According to the LDAP docs, doing an ldap_compare_s() is faster than an ldap_search_s(). I will go ahead an commit the patch as-is and also propose a backport for it. But I think that we should look at adding a require ldap-filter directive as well for Apache 2.1/2.2. Brad [EMAIL PROTECTED] Wednesday, November 03, 2004 8:09:35 AM Good suggestion. I am +1 for the patch as-is with the intent of looking into adding the below On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote: Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't have a good suggestion yet, but is there a way to implement the logic so that attributes could be also AND'ed together? Or even a NOT-EQUAL operation? I think the best way to do this probably is instead of saying require ldap-attribute you say require LDAP filter. In other words, like this: require filter (objectclass=specialPerson) or require filter (host=somehost.com) This supports more complicated stuff, like this: require filter ((objectclass=specialPerson)(host=somehost.com)) Regards, Graham -- -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ There 10 types of people: those who read binary and everyone else.
Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
Brad Nicholes wrote: I like the suggestion as well because I think that would be the right way to implement complex LDAP expressions. But it would probably take adding at least a new util_ldap_filter_search() API to Util_ldap() in order to accomodate this functionality. The advantage of also having an ldap-attribute directive is because if simplicity as well as performance. According to the LDAP docs, doing an ldap_compare_s() is faster than an ldap_search_s(). I will go ahead an commit the patch as-is and also propose a backport for it. But I think that we should look at adding a require ldap-filter directive as well for Apache 2.1/2.2. +1 -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ There 10 types of people: those who read binary and everyone else.
Re: [PATCH] CAN-2004-0942 fix
Joe Orton wrote: +/* Now NUL-terminate the string at the end of the line; + * if the last-but-one character is a CR, terminate there */ +if (last_char *s last_char[-1] == APR_ASCII_CR) { last_char[-1]... yack, that's just nasty syntax if you ask me. Bill
Re: [PATCH] remove ap_sock_disable_nagle() API; improve httpd's handling of nagle errors
Jeff Trawick wrote: At best, ap_sock_disable_nagle() is of limited use (just call apr_socket_option_set and log if it fails), and at worst it hides information (no retcode) and has no information to know when/where/what to log. So yank it. +1 Also: Change httpd so that a connection-oriented nagle error (typically EINVAL which means that client already dropped connection) is logged with the client IP address and a debug log level. We filter out not-implemented errors from platforms which don't support TCP_NODELAY, but it is APR's job to tell us that rather than trying to figure that out ourself. Change httpd so that if we're disabling nagle on the listening socket (so APR won't have to disable it on connected sockets), we consider it a shooting offense if it fails. perchild is expected to work as before after this change. +1 all the way around. Please remove the BillS says... comment. Got what I was looking for with the introduction of the APR_TCP_NODELAY_INHERITED option. Bill
Re: [PATCH] CAN-2004-0942 fix
On Wed, Nov 03, 2004 at 01:39:20PM -0500, Bill Stoddard wrote: Joe Orton wrote: +/* Now NUL-terminate the string at the end of the line; + * if the last-but-one character is a CR, terminate there */ +if (last_char *s last_char[-1] == APR_ASCII_CR) { last_char[-1]... yack, that's just nasty syntax if you ask me. Succinct and easier to parse than *(last_char - 1) if you ask me...
Re: cvs commit: httpd-2.0 STATUS
On Wed, Nov 03, 2004 at 10:16:55PM -, [EMAIL PROTECTED] wrote: ... +*) mod_authnz_ldap: Added the directive Requires ldap-attribute that + allows the module to only authorize a user if the attribute value + specified matches the value of the user object. PR 31913 + modules/aaa/mod_authnz_ldap.c: r1.7 +docs/manual/mod/mod_authnz_ldap.xml: r1.3 + +1: bnicholes mod_authnz_ldap doesn't exist in 2.0; would this diff actually apply to mod_auth_ldap? If not then a separate patch needs to be posted somewhere for review. joe
Re: cvs commit: httpd-2.0 STATUS
You are correct that a patch based on mod_authnz_ldap.c won't apply cleanly to mod_auth_ldap.c because of various differences in the code base. But the patch is fairly self-contained meaning that the same chunk of code can easily be copied from mod_authnz_ldap.c and pasted into mod_auth_ldap.c without modification to the code snipet itself. I can certainly create and post an actual patch file that will apply cleanly to mod_auth_ldap.c if required. But it shouldn't be difficult to review the patch as it stands in mod_authnz_ldap.c. Brad [EMAIL PROTECTED] Wednesday, November 03, 2004 4:01:07 PM On Wed, Nov 03, 2004 at 10:16:55PM -, [EMAIL PROTECTED] wrote: ... +*) mod_authnz_ldap: Added the directive Requires ldap-attribute that + allows the module to only authorize a user if the attribute value + specified matches the value of the user object. PR 31913 + modules/aaa/mod_authnz_ldap.c: r1.7 +docs/manual/mod/mod_authnz_ldap.xml: r1.3 + +1: bnicholes mod_authnz_ldap doesn't exist in 2.0; would this diff actually apply to mod_auth_ldap? If not then a separate patch needs to be posted somewhere for review. joe
Re: [PATCH] CAN-2004-0942 fix
Joe Orton wrote: On Wed, Nov 03, 2004 at 01:39:20PM -0500, Bill Stoddard wrote: Joe Orton wrote: +/* Now NUL-terminate the string at the end of the line; + * if the last-but-one character is a CR, terminate there */ +if (last_char *s last_char[-1] == APR_ASCII_CR) { last_char[-1]... yack, that's just nasty syntax if you ask me. Succinct and easier to parse than *(last_char - 1) if you ask me... Kept getting interrupted, but +1 for the patch. I don't personally care for the last_char[-1] syntax, but that's just my preference. Bill
[STATUS] (apache-1.3) Wed Nov 3 23:45:07 EST 2004
APACHE 1.3 STATUS: -*-text-*- Last modified at [$Date: 2004/10/30 13:20:38 $] Release: 1.3.34-dev: In development. 1.3.33: Tagged October 27, 2004 1.3.32: Tagged October 18, 2004. Not formally released. 1.3.31: Tagged May 7, 2004. Announced May 11, 2004. 1.3.30: Tagged April 9, 2004. Not released. 1.3.29: Tagged October 24, 2003. Announced Oct 29, 2003. 1.3.28: Tagged July 16, 2003. Announced ?? 1.3.27: Tagged September 30, 2002. Announced Oct 3, 2002. 1.3.26: Tagged June 18, 2002. 1.3.25: Tagged June 17, 2002. Not released. 1.3.24: Tagged Mar 21, 2002. Announced Mar 22, 2002. 1.3.23: Tagged Jan 21, 2002. 1.3.22: Tagged Oct 8, 2001. Announced Oct 12, 2001. 1.3.21: Not released. (Pulled for htdocs/manual config mismatch. t/r Oct 5, 2001) 1.3.20: Tagged and rolled May 15, 2001. Announced May 21, 2001. 1.3.19: Tagged and rolled Feb 26, 2001. Announced Mar 01, 2001. 1.3.18: Tagged and rolled Not released. (Pulled because of an incorrect unescaping fix. t/r Feb 19, 2001) 1.3.17: Tagged and rolled Jan 26, 2001. Announced Jan 29, 2001. 1.3.16: Not released. (Pulled because of vhosting bug. t/r Jan 20, 2001) 1.3.15: Not released. (Pulled due to CVS dumping core during the tagging when it reached src/os/win32/) 1.3.14: Tagged and Rolled Oct 10, 2000. Released/announced on the 13th. 1.3.13: Not released. (Pulled in the first minutes due to a Netware build bug) 1.3.12: Tagged and rolled Feb. 23, 2000. Released/announced on the 25th. 1.3.11: Tagged and rolled Jan. 19, 2000. Released/announced on the 21st. 1.3.10: Not released. (Pulled at last minute due to a build bug in the MPE port) 1.3.9: Tagged and rolled on Aug. 16, 1999. Released and announced on 19th. 1.3.8: Not released. 1.3.7: Not released. 1.3.6: Tagged and rolled on Mar. 22, 1999. Released and announced on 24th. 1.3.5: Not released. 1.3.4: Tagged and rolled on Jan. 9, 1999. Released on 11th, announced on 12th. 1.3.3: Tagged and rolled on Oct. 7, 1998. Released on 9th, announced on 10th. 1.3.2: Tagged and rolled on Sep. 21, 1998. Announced and released on 23rd. 1.3.1: Tagged and rolled on July 19, 1998. Announced and released. 1.3.0: Tagged and rolled on June 1, 1998. Announced and released on the 6th. 2.0 : Available for general use, see httpd-2.0 repository RELEASE SHOWSTOPPERS: PROPOSED PATCHES FOR THIS RELEASE: *) mod_log_config: Cleanup log_header_out function to allow multiple headers like Set-Cookie to be logged properly. PR 27787 modules/loggers/mod_log_config.c: r1.116 (2.x patch - need 1.3 version) jerenkrantz asks: Isn't this what apr_table_merge is for? nd replies: yep. But cookies won't be merged, because browsers don't support it. jerenkrantz: Couldn't we copy the table and merge the values somehow? This just seems like a lot of code to duplicate what we have already. *shrug* +1: nd, jerenkrantz -1: jim (until we see the 1.3 version) RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * PR: 27023 Cookie could not delivered if the cookie made before proxy module. * isn't ap_die() broken with recognizing recursive errors Message-Id: [EMAIL PROTECTED] +1: jeff, jim * Current vote on 3 PRs for inclusion: Bugz #17877 (passing chunked encoding thru proxy) (still checking if RFC compliant... vote is on the correctness of the patch code only). +1: jim, chuck, minfrin Bugz #9181 (Unable to set headers on non-2XX responses) +1: Martin, Jim Gnats #10246 (Add ProxyConnAllow directive) +0: Martin (or rather -.5, see dev@ Message [EMAIL PROTECTED]) * htpasswd.c and htdigest.c use tmpnam()... consider using mkstemp() when available. Message-ID: [EMAIL PROTECTED] Status: * Dean's unescaping hell (unescaping the various URI components at the right time and place, esp. unescaping the host name). Message-ID: [EMAIL PROTECTED] Status: * Martin observed a core dump because a ipaddr_chain struct contains a NULL-server pointer when being dereferenced by invoking httpd -S. Message-ID: [EMAIL PROTECTED] Status: Workaround enabled. Clean solution can come after 1.3.19 * long pathnames with many components and no AllowOverride None Workaround is to define Directory / with AllowOverride None, which is something all sites should do in any case. Status: Marc was looking at it. (Will asks 'wasn't this patched?') * Ronald Tschalär's patch to mod_proxy to allow other modules to set headers too (needed by mod_auth_digest) Message-ID: [EMAIL
[STATUS] (httpd-2.0) Wed Nov 3 23:45:11 EST 2004
APACHE 2.0 STATUS: -*-text-*- Last modified at [$Date: 2004/11/03 22:16:54 $] Release: 2.0.53 : in development 2.0.52 : released September 28, 2005 as GA. 2.0.51 : released September 15, 2004 as GA. 2.0.50 : released June 30, 2004 as GA. 2.0.49 : released March 19, 2004 as GA. 2.0.48 : released October 29, 2003 as GA. 2.0.47 : released July 09, 2003 as GA. 2.0.46 : released May 28, 2003 as GA. 2.0.45 : released April 1, 2003 as GA. 2.0.44 : released January 20, 2003 as GA. 2.0.43 : released October 3, 2002 as GA. 2.0.42 : released September 24, 2002 as GA. 2.0.41 : rolled September 16, 2002. not released. 2.0.40 : released August 9, 2002 as GA. 2.0.39 : released June 17, 2002 as GA. 2.0.38 : rolled June 16, 2002. not released. 2.0.37 : rolled June 11, 2002. not released. 2.0.36 : released May 6, 2002 as GA. 2.0.35 : released April 5, 2002 as GA. 2.0.34 : tagged March 26, 2002. 2.0.33 : tagged March 6, 2002. not released. 2.0.32 : released Feburary 16, 2002 as beta. 2.0.31 : rolled Feburary 1, 2002. not released. 2.0.30 : tagged January 8, 2002. not rolled. 2.0.29 : tagged November 27, 2001. not rolled. 2.0.28 : released November 13, 2001 as beta. 2.0.27 : rolled November 6, 2001 2.0.26 : tagged October 16, 2001. not rolled. 2.0.25 : rolled August 29, 2001 2.0.24 : rolled August 18, 2001 2.0.23 : rolled August 9, 2001 2.0.22 : rolled July 29, 2001 2.0.21 : rolled July 20, 2001 2.0.20 : rolled July 8, 2001 2.0.19 : rolled June 27, 2001 2.0.18 : rolled May 18, 2001 2.0.17 : rolled April 17, 2001 2.0.16 : rolled April 4, 2001 2.0.15 : rolled March 21, 2001 2.0.14 : rolled March 7, 2001 2.0a9 : released December 12, 2000 2.0a8 : released November 20, 2000 2.0a7 : released October 8, 2000 2.0a6 : released August 18, 2000 2.0a5 : released August 4, 2000 2.0a4 : released June 7, 2000 2.0a3 : released April 28, 2000 2.0a2 : released March 31, 2000 2.0a1 : released March 10, 2000 Please consult the following STATUS files for information on related projects: * srclib/apr/STATUS * srclib/apr-util/STATUS * docs/STATUS Contributors looking for a mission: * Just do an egrep on TODO or XXX in the source. * Review the PatchAvailable bugs in the bug database. Append a comment saying Reviewed and tested. * Open bugs in the bug database. RELEASE SHOWSTOPPERS: *) mod_rewrite: Regression since 2.0.52 in QUERY_STRING handling for [P] rules. http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/mappers/mod_rewrite.c?r1=1.262r2=1.263 +1: jorton PATCHES TO BACKPORT FROM 2.1 [ please place file names and revisions from HEAD here, so it is easy to identify exactly what the proposed changes are! ] *) mod_authnz_ldap: Added the directive Requires ldap-attribute that allows the module to only authorize a user if the attribute value specified matches the value of the user object. PR 31913 modules/aaa/mod_authnz_ldap.c: r1.7 docs/manual/mod/mod_authnz_ldap.xml: r1.3 +1: bnicholes *) mod_ssl: Fix and prevent an SSLCipherSuite bypass by resuming a session during a renegotiation. http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110r2=1.111 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128r2=1.129 PR: 31505 +1: jorton, pquerna, minfrin *) mod_ssl: Fail to configure when an SSL proxy is configured with incomplete client cert keypair, rather than segfaulting at runtime. http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118r2=1.119 PR: 24030 +1: jorton, minfrin, jerenkrantz *) mod_ssl: Fix an possible NULL pointer dereference in some configs. http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=13182 PR: 31848 +1: jorton *) Allow for the use of --with-module=foo:bar where the ./modules/foo directory is a local addition to the ./modules directory. Assumes, of course, that the required files are in ./modules/foo, but makes it easier to statically build external modules by simply adding them to ./modules. modules/config5.m4: 1.4 +1: jim, jerenkrantz *) several changes to improve logging of connection-oriented errors, including ap_log_cerror() API (needs minor bump in addition to changes below) http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289r2=1.291 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/log.c?r1=1.150r2=1.151 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_log.h?r1=1.46r2=1.48 +1: trawick
[STATUS] (httpd-2.1) Wed Nov 3 23:45:14 EST 2004
APACHE 2.1 STATUS: -*-text-*- Last modified at [$Date: 2004/09/03 02:47:19 $] Release [NOTE that only Alpha/Beta releases occur in 2.1 development]: 2.1.0 : in development Please consult the following STATUS files for information on related projects: * srclib/apr/STATUS * srclib/apr-util/STATUS * docs/STATUS Contributors looking for a mission: * Just do an egrep on TODO or XXX in the source. * Review the PatchAvailable bugs in the bug database. Append a comment saying Reviewed and tested. * Open bugs in the bug database. CURRENT RELEASE NOTES: * When the CVS-SVN is done, there's a bogus avendor branch that should be removed from most files. The branch was created 4/27/2004. It's safest (and easiest) for now just to leave it in there; the MAIN branch and the APACHE_2_0_BRANCH are untouched and unharmed. --jwoolley RELEASE SHOWSTOPPERS: * Handling of non-trailing / config by non-default handler is broken http://marc.theaimsgroup.com/?l=apache-httpd-devm=105451701628081w=2 * the edge connection filter cannot be removed http://marc.theaimsgroup.com/?l=apache-httpd-devm=105366252619530w=2 CURRENT VOTES: * Promote mod_cache from experimental to non-experimental status (keep issues noted below in EXPERIMENTAL MODULES as items to be addressed as a supported module). +1: jim, bnicholes -0: jerenkrantz -1: stoddard There are a couple of problems that need to be resolved before this module is moved out of experimental. 1) We need to at least review and comment on the RFC violations 2) Resolve issue of how to cache page fragements (or perhaps -if- we want to cache page fragements). Today, mod_cache/mod_mem_cache will cache #include 'virtual' requests (but not #include 'file' requests). This was accomplished by making CACHE_IN a CONTENT_SET-1 filter to force it to run before the SUBREQ_CORE filter. But now responses cannot be cached that include the effects of having been run through CONTENT_SET filters (mod_deflate, mod_expires, etc). We could rerun all the CONTENT_SET filters on the cached response, but this will not work in all cases. For example, mod_expires relies on installing the EXPIRATION filter during fixups. Contents served out of mod_cache (out of the quick_handler) bypass -all- the request line server hooks (Ryan really hated this. It is great for performance, but bad because of the complications listed above). jerenkrantz: There are a slew of RFC compliance bugs filed in Bugzilla for mod_cache (see 'RFC 2616 violations' below). I think fixing them is a pre-requisite before it isn't experimental. * httpd-std.conf and friends a) httpd-std.conf should be tailored by install (from src or binbuild) even if user has existing httpd.conf +1: trawick, slive, gregames, ianh, Ken, wrowe, jwoolley, jim, nd, erikabele wrowe - prefer httpd.default.conf to avoid ambiguity with cvs b) tailored httpd-std.conf should be copied by install to sysconfdir/examples -0: striker c) tailored httpd-std.conf should be installed to sysconfdir/examples or manualdir/exampleconf/ +1: slive, trawick, Ken, nd (prefer the latter), erikabele d) Installing a set of default config files when upgrading a server doesn't make ANY sense at all. +1: ianh - medium/big sites don't use 'standard config' anyway, as it usually needs major customizations -1: Ken, wrowe, jwoolley, jim, nd, erikabele wrowe - diff is wonderful when comparing old/new default configs, even for customized sites that ianh mentions jim - ... assuming that the default configs have been updated with the required inline docs to explain the changes * If the parent process dies, should the remaining child processes gracefully self-terminate. Or maybe we should make it a runtime option, or have a concept of 2 parent processes (one being a hot spare). See: Message-ID: [EMAIL PROTECTED] Self-destruct: Ken, Martin, Lars Not self-destruct: BrianP, Ian, Cliff, BillS Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd /* The below was a concept on *how* to handle the problem */ Have 2 parents: +1: jim -1: Justin, wrowe, rederpj, nd +0: Lars, Martin (while standing by, could it do something useful?) * Make the worker MPM the default MPM for threaded Unix boxes. +1: Justin, Ian, Cliff, BillS, striker, wrowe, nd +0: BrianP, Aaron