APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2001/09/07 20:05:06 $]
+Last modified at [$Date: 2002/01/02 08:05:15 $]
Release:
+ 2.0.30 : In development
+ 2.0.29 : tagged November 27, 2001
+ 2.0.28 : released November 13, 2001
+ 2.0.27 : rolled November 6, 2001
+ 2.0.26 : tagged October 16, 2001. not rolled.
2.0.25 : rolled August 29, 2001
2.0.24 : rolled August 18, 2001
2.0.23 : rolled August 9, 2001
RELEASE SHOWSTOPPERS:
- * threaded MPM broken on FreeBSD
- [Charles Randall <crandall@matchlogic.com>]
-
- Jeff says: As far as anyone can tell, it is FreeBSD which is
- broken, with no apparent work-around available. Even using
- prefork with a threaded APR build on FreeBSD doesn't work.
+ * ap_directory_walk skips some per-dir config merge functions
+ if there is no "<Directory />" block in the configuration
+ Message-ID: <m3itbdiijq.fsf@rdu163-40-092.nc.rr.com>
+
+ * Test suite failures:
+ o perchild doesn't even build
+ o both worker and prefork are failing some of the 'chunked' subtests
+ o worker is also failing some of the 'cgi' subtests
+ (see <URL:http://Source-Zone.Org/Apache/regression/>):
+
+ * If any request gets to the core handler, without a flag that this
+ r->filename was tested by dir/file_walk, we need to 500 at the very
+ end of the ap_process_request_internal() processing. This provides
+ authors of older modules better compatibility, while still improving
+ the security and robustness of 2.0.
+ Status: still need to decide where this goes, OtherBill comments...
+ Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
+ we need to look at halting this in the 'default handler' case,
+ and that implies pushing the 'handler election' into the request
+ internal processing phase from the run request phase.
* There is a bug in how we sort some hooks, at least the pre-config
hook. The first time we call the hooks, they are in the correct
modules/http/config2.m4 to work around this problem, it should moved
back when this is fixed. rbb
- * The AddInputFilter and AddOutputFilter directives do not allow the
- administrator to remove or reorder filters. Once a filter is added
- in a container, it is present in any subcontainers. It can only be
- added to the filter chain after any filters specified in enclosing
- containers.
-
- * mod_dir should normally redirect ALL directory requests which do
- not include a trailing slash on the URI. However, if a "notes"
- flag is set (say, via BrowserMatch), this behavior will be
- disabled for non-GET requests.
- Status: Greg volunteers
- MsgId: <20010227104646.E2297@lyra.org>
- MsgId: <3A9C0097.9C83F07C@Golux.Com>
-
- * mod_negotiation will not serve a request when an early extention
- is understood, but a later extention is not. e.g. if the request
- index.html.bak is recieved, and negotition could find the file
- index.html.bak.en, it still won't be served because the
- ap-mime-exception-list will contain "index" and "bak", and the
- string "index.bak" doesn't match "index.html.bak". Need to
- review the ap-mime-exception-list component by component to be
- allow these cases. [This could be part of a patch to allow the
- name index.bak in the case above to match index.html.bak.en]
+ * The Add...Filter and Set...Filter directives do not allow the
+ administrator to order filters, beyond the order of filename (mime)
+ extensions. It isn't clear if Set...Filter(s) should be inserted
+ before or after the Add...Filter(s) which are ordered by sequence of
+ filename extensions. At minimum, some sort of +-[0-10] syntax seems
+ like the quickest fix for a 2.0 gold release.
* mod_negotiation needs a new option or directive, something like
ForceLanguagePriority, to fall back to the LanguagePriority
directive instead of returning a "no acceptable variant" error.
-
- * Usability: Sanitize the MPM config directives. MaxClients in
- the threaded MPM is totally misleading now as it has little to
- do with limiting the number of clients (it limits the number
- of child processes). Bill proposed nomenclature change to
- something like "StartWorkers, MaxWorkers, etc." that could
- apply to most all the MPMs (with some notable exceptions).
- Bill would be happy with changing MaxClients to MaxServers
- to make it agree with the operation of the StartServers
- directive.
-
- * configure --enable-mods-shared=most option has issues. Example:
-
- ./configure --enable-mods-shared=most
-
- This builds mod_headers as a DSO (good) but builds mod_mime
- as a compiled-in module (bad).
+ Status: Bill has some code in his tree that accomplishes
+ this, and will commit it Friday after it's tested.
+
+ * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
+ This can't wait until we have a 2.0-gold release, if folks need
+ to move over to auth_dbm, we can't do that to them after 2.0 gold.
+ Status: Ian says.. auth_dbm can now handle multiple DBM types,
+ is this still an issue?
+ Vote: Remove mod_auth_db
+ +1: Justin
+
+ * Convert all instances of the old apr_lock_t type to the new
+ types (once they are fully supported in APR).
+ Status: Aaron is working on converting INTRAPROCESS
+ to apr_thread_mutex_t types. Full replacements for
+ LOCKALL and CROSS_PROCESS are not yet complete on all
+ platforms, and should only be used in MPMs like worker
+ with limited OS exposure.
+
+ * ap_create_scoreboard() can exit the process, leaving stuff like
+ mod_cgid's daemon process stranded. Either ap_create_scoreboard()
+ needs to be called at a different time or the pre-mpm hook needs
+ to be able to return an error code.
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
- * add mod_gz to httpd-2.0
- +1: Greg, Justin, Cliff
- -0: Doug, ben
- 0: Jim (premature decision at present, IMO)
- -1: Ryan
-
- non-binding: Ian (+1)
-
- * daedalus: mod_cgid and suexec have a problem co-existing. suexec
- sees a null command string sometimes. The problem happens when
- you access bugs.apache.org, then click on the "search the bug db"
- button.
+ * Handling of %2f in URIs. Currently both 1.3 and 2.0
+ completely disallow %2f in the request URI path (see
+ ap_unescape_url() in util.c). It's permitted and passed
+ through in the query string, however. Roy says the
+ original reason for disallowing it, from five years ago,
+ was to protect CGI scripts that applied PATH_INFO to
+ a filesystem location and which might be tricked by
+ ..%2f..%2f(...). We *should* allow path-info of the
+ form 'http://foo.com/index.cgi/path/to/path%2finfo'.
+ Since we've revamped a lot of our processing of path
+ segments, it would be nice to allow this, or at least
+ allow it conditionally with a directive.
+
+ * FreeBSD, threads, and worker MPM. All seems to work fine
+ if you only have one worker process with many threads. Add
+ a second worker process and the accept lock seems to be
+ lost. This might be an APR issue with how it deals with
+ the child_init hook (i.e. the fcntl lock needs to be resynced).
+ More examination and analysis is required.
+
+ * There is increasing demand from module writers for an API
+ that will allow them to control the server à la apachectl.
+ Reasons include sole-function servers that need to die if
+ an external dependency (e.g., a database) fails, et cetera.
+ Perhaps something in the (ever more abused) scoreboard?
+ rbb: I don't believe the scoreboard is the correct mechanism
+ for this. We already have a pipe that goes between parent
+ and child for graceful shutdown events, along with an API that
+ can be used to send a message down that pipe. In threaded MPMs,
+ it is easy enough to make that one pipe be used for graceful
+ and graceless events, and it is also easy to open that pipe
+ to both parent and child for writing. Then we just need to figure
+ out how to do graceless on non-threaded MPMs.
+
+ * revamp the input filter behavior, per discussions since
+ February (and especially at the hackathon last
+ April). Specifically, ap_get_brigade will return a brigade with
+ *up to* a specific number of bytes, or a "line" of data. The
+ read may be blocking or nonblocking. ap_getline() will be
+ refactored into apr_brigade_getline(), and then DECHUNK can use
+ f->next (ap_getline will always read "top of input stack"). Also
+ fix the bug where request body content will end up closing the
+ connection (buggering up persistent conns).
+ Status: Justin is working on this as fast as he can.
+ The core input filters, HTTP-related filters, mod_ssl, and
+ mod_proxy are switched to the new logic.
+ However, ap_getline() still needs to be refactored out. But,
+ there's a problem there: ap_getline() peeks ahead for MIME
+ continuation (first character on line is space or \t) and
+ stores unused data in core_request_config which violates the
+ abstraction. That's cheating. So, we may not be able to
+ implement this without setting some data aside (yuck!).
+ I believe this is OtherBill's main complaint with the current
+ filtering.
+ AIUI (correct me if I'm wrong!), OtherBill believes we
+ should have a pushback option so that we can return unread
+ data - this would solve this case. However, my question to
+ him is how do we handle stuff like mod_ssl - we can't "unread"
+ data. So, do we have two brigades for each filter? An in
+ brigade and a returned brigade? That seems messy. To
+ everyone else, can we refactor ap_getline() without pushback
+ and how?
+
+ - socket bucket and core input filter changes. see end of
+ message ID (Feb 27): <20010227075326.S2297@lyra.org>
+
+ - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
+ ap_getline. many messages (plus their threads) (Apr/May):
+ Message-ID: <20010402101207.J27539@lyra.org>
+ Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
+ Message-ID: <20010508190029.E18404@lyra.org>
+
+ - further work with combining/tweaking the builtin filters:
+ Message-ID: <20010509115445.D1374@lyra.org>
+
+ - thoughts on filter modes:
+ Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
+
+ * Allow the DocumentRoot directive within <Location > scopes? This
+ allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
+ by a <Directory /somepath/foo> to become simply
+ <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
+ and in-your-face.) DocumentRoot unset would be accepted [and would
+ not permit content to be served, only virtual resources such as
+ server-info or server-status.
+ This proposed change would _not_ depricate Alias.
* Win32: Rotatelogs sometimes is not terminated when Apache
goes down hard. FirstBill was looking at possibly tracking the
child's-child processes in the parent process.
+ OtherBill asks, wasn't this fixed?
* Win32: Add a simple hold console open patch (wait for close or
the ESC key, with a nice message) if the server died a bad
(4) Trying to seperate the https filter logic from mod_ssl -
This is to facilitate other modules that wish to use the https
filter or the mod_ssl logic or both as required.
+ Justin: mod_ssl filter logic is redone, so that should be fine.
+ Madhu has submitted a patch for SSL caching - however, I
+ am -0 on that patch as I *think* we could implement the
+ shared memory another way that is much cleaner (i.e.
+ treat shmem directly as a dbm via APR routines). Justin
+ also thinks that the https filter logic may be sufficiently
+ decoupled now, but isn't really sure.
* Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
- optimization working in threaded. prefork's new design for how
+ optimization working in worker. prefork's new design for how
to notice data on the pod should be sufficient.
- * mod_tls is very specific to OpenSSL. Make the API calls
- more generic to support other encryption libraries.
-
* Performance & Debug: Eliminate most (and perhaps all) of the
malloc/free calls in the bucket brigade code. Need some
light weight memory management functions that allow freeing
necessarily the library that Apache was built with. Aught to
rewrite dbmmanage upon installation to bin/ with the proper library
for predictable mod_auth_db/dbm administration.
+ Status: Mladen Turk has posted several patches and ideas.
+ Key question, part of htpasswd, or a seperate utility?
+ prefer htpasswd:
+ prefer seperate: OtherBill
* use apu_dbm in mod_auth_dbm
Status: Greg +1 (low-priority volunteer)
Justin says: "Seems like this is already there, so should we just
remove the other DBM code in that file? If you want
to use gdbm, or dbm, etc, you should tell apr-util."
+ Will says: "bs - I may choose the fastest - most efficient native
+ dbm implementation, for shared proc caches, ssl session
+ caching, etc, but that has nothing to do with maintaining
+ a userlist via dbm, which has to remain readable between
+ builds/machines, etc. The use-multiple database schema
+ for apr-util would let us do this with just apr, though."
+ Ian says: "multi-dbm is in, but it still has ndbm support hardcoded
+ is this still required? isn't ndbm supported via gdbm?"
+
* Integrate mod_dav.
Some additional items remaining:
* shift stuff to mod_core.h
- * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
-
* callers of ap_run_create_request() should check the return value
for failure (Doug volunteers)
- * when prefork bails out due to an initialization error in the detached
- process (e.g., mutex init failure), other children (cgid, at least)
- are left hanging around
-
* Win32: Get Apache working on Windows 95/98. The following work
(at least) needs to be done:
- winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
- Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
actually works) and add in a splash of Win9x service code.
+ * In order to use a DSO version of mod_ssl we have to link with
+ -lssl and -lcrypto. A workaround is in place right now where the
+ entire EXTRA_LIBS macro is being appended to the objects list, but
+ this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
+ autoconf function or come up with some other autoconf checks to
+ search for libssl and libcrypto and properly add them to mod_ssl's
+ link flags.
+
+ * Make the worker MPM the default MPM for threaded Unix boxes.
+ +1: Justin, Jeff, Ian
+ -0: Aaron (premature decision, needs more discussion)
+ -0: Cliff (I think the default config should be the safest possible)
+
+ * Fix the worker MPM to use POD to kill child processes instead
+ of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
+
PRs that have been suspended forever waiting for someone to
put them into 'the next release':
Open issues:
- * What do we do about mod_proxy?
-
* Which MPMs will be included with Apache 2.0?
projects / apache / blobdiff