cvs commit: apache-1.3 STATUS

[brian]

brian       98/05/05 16:25:28

  Modified:    .        STATUS
  Log:
  Removed one show-stopper (unless someone wants to step up and point out
  something we missed on this issue), related two others to non-showstopper
  status
  
  Revision  Changes    Path
  1.375     +7 -11     apache-1.3/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.374
  retrieving revision 1.375
  diff -u -r1.374 -r1.375
  --- STATUS    1998/05/05 11:26:05     1.374
  +++ STATUS    1998/05/05 23:25:27     1.375
  @@ -16,12 +16,8 @@
         order is correct even when the DSO mechanism is used. This is mainly
         achieved by fixing the AddModule command.
         See: http://www.engelschall.com/sw/apache/ [dsoexecorder]
  -      Status: Ralf +1
  +      Status: Ralf +1, Brian +1.
   
  -    * proxy security fixes from 1.2.5 need to be brought forward.
  -      Note: off-by-one error in ap_proxy_date_canon() in
  -            proxy_util.c was fixed.  any others???
  -
       * Someone other than Dean has to do a security/correctness review on
         psprintf(), bprintf(), and ap_snprintf().  In particular these routines
         do lots of fun pointer manipulations and such and possibly have 
overflow
  @@ -44,9 +40,6 @@
           Dean: ap_pcfg_openfile() should use pfopen() instead of
                 fopen(). Jim agrees.
   
  -    * get_path_info bug; ap_get_remote_host should be ap_vformatter instead.
  -      See: <[EMAIL PROTECTED]>
  -
   WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
   
       * SECURITY: check if the magic con/aux/nul/etc names do anything
  @@ -56,9 +49,6 @@
        for buffer overflow, someone should rewrite or verify
        they're safe
   
  -    * signal type handling
  -     - how to rotate logs from command line?
  -
       * bad use of chdir in some places; it isn't thread-specific
   
   Documentation that needs writing:
  @@ -111,6 +101,9 @@
   
   Needs patch:
   
  +    * get_path_info bug; ap_get_remote_host should be ap_vformatter instead.
  +      See: <[EMAIL PROTECTED]>
  +
       * uri issues
        - RFC2068 requires a server to recognize its own IP addr(s) in dot
        notation, we do this fine if the user follows the dns-caveats
  @@ -343,6 +336,9 @@
       * mod_include --> exec cgi, exec cmd, etc. don't work right.
         Looks like a code path that isn't run anywhere else that has
         something not quite right...  A PR or two on it.
  +
  +    * signal type handling
  +     - how to rotate logs from command line?
   
   Delayed until after 1.3.0, unless someone happens to get to it: