perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philippe M. Chiasson" <go...@ectoplasm.org>
Subject Re: RELEASE CANDIDATE] mod_perl-1.31 RC1
Date Fri, 11 Jan 2008 08:06:50 GMT
Steve Hay wrote:
> Philippe M. Chiasson wrote:
>> Steve Hay wrote:
>>> Philippe M. Chiasson wrote:
>>>> The mod_perl 1.31 release candidate "Works with Perl 5.10" is
>>>> ready. It can be downloaded here: 
> [...]
> 
>>> 2. modules/regex.t still fails test 4 for me, as first described in
>>> my reply to the email above: 
>>>
>>> http://marc.info/?l=apache-modperl-dev&m=117552448731570&w=2
>> Can't reproduce this on *nix, so I'll assume it's a Win32 specific
>> problem.
>>
>> Any additionnal information on that failure? error_log ?
> 
> I only get one line in the error log:
> 
> [Thu Jan 10 10:43:06 2008] [error] [client 127.0.0.1] File does not
> exist: c:/temp/mod_perl-1.31-rc1/t/net/perl/cgi.pl/(yikes

That's very strange, notice the '(' ?

This entire test is testing for the CVE-2007-1349 problem, and it seems
Apache::RegistryNG gets tripped over the funny URL:

/cgi.pl/(yikes?PARAM=4

Funny that it passes on *nix'es, so it's got something to do with a
particularity of Win32 and RegistryNG.pm.

If you care to try to debug this, I'd like at lib/Apache/RegistryNG.pm
for a point where it returns a status code (404, presumably) early in
that case.

$> wc -l lib/Apache/RegistryNG.pm
    64 lib/Apache/RegistryNG.pm

Shouldn't be too long, it's a small module.

But in all seriousness, is Apache::RegistryNG even used ?

Personally, I wouldn't consider this bug a release blocker, but that's
just me.

-- 
Philippe M. Chiasson     GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5
http://gozer.ectoplasm.org/       m/gozer\@(apache|cpan|ectoplasm)\.org/


Mime
View raw message