Return-Path: 
 <dev-return-76499-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3EBA9E302
	for <apmail-httpd-dev-archive@www.apache.org>;
 Sat, 15 Dec 2012 14:02:43 +0000 (UTC)
Received: (qmail 10717 invoked by uid 500); 15 Dec 2012 14:02:41 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 10461 invoked by uid 500); 15 Dec 2012 14:02:41 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 10447 invoked by uid 99); 15 Dec 2012 14:02:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Dec 2012 14:02:40 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of rainer.jung@kippdata.de
 designates 195.227.30.149 as permitted sender)
Received: from [195.227.30.149] (HELO mailserver.kippdata.de) (195.227.30.149)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Dec 2012 14:02:32 +0000
Received: from [10.0.110.6] ([192.168.2.104])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id qBFE2C6c010503
	for <dev@httpd.apache.org>; Sat, 15 Dec 2012 15:02:12 +0100 (CET)
Message-ID: <50CC82E2.8070704@kippdata.de>
Date: Sat, 15 Dec 2012 15:02:10 +0100
From: Rainer Jung <rainer.jung@kippdata.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: Push for 2.4.4
References: <289C0604-4A77-40DE-BBF3-E65203348DA9@jaguNET.com>
In-Reply-To: <289C0604-4A77-40DE-BBF3-E65203348DA9@jaguNET.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

On 12.12.2012 14:00, Jim Jagielski wrote:
> We have just a handful of backports in STATUS, and most are
> awaiting just a single additional +1 to be approved.
> 
> Let's push on clearing STATUS and getting a 2.4.4 out before
> the Christmas holiday...

Test suite for 2.4 at least for my Solaris 10 build with reallyall
modules and recent APR 1.4.6 APU 1.5.1 currently looks not to bad.

Only one failure after fixing another broken test:

# Failed test 2 in t/security/CVE-2005-3352.t at line 18
t/security/CVE-2005-3352.t ..
1..2
...
ok 1
# testing : referer was escaped
# expected: (?^:\&quot)
# received: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
# <html><head>
# <title>Menu for /security/CVE-2005-3352.map</title>
# </head><body>
# <h1>Menu for /security/CVE-2005-3352.map</h1>
# <hr />
#
# <pre>(Default) <a
href="http://localhost:8529/security/%22%3ehttp://fish/">Go Back</a></pre>
#
#
# </body>
# </html>
not ok 2

The referer it sent was: ">http://fish/

It seems the test expected the '"' to get encoded as &quot; and instead
it received a percent encoding. Not sure whether the behavior or the
test is broken.

The change was introduced by r1418941 (trunk r1413732), where in this
specific case ap_escape_html() was replaced by ap_escape_uri().

Regards,

Rainer