On 12.12.2012 14:00, Jim Jagielski wrote: > We have just a handful of backports in STATUS, and most are > awaiting just a single additional +1 to be approved. > > Let's push on clearing STATUS and getting a 2.4.4 out before > the Christmas holiday...
Test suite for 2.4 at least for my Solaris 10 build with reallyall modules and recent APR 1.4.6 APU 1.5.1 currently looks not to bad. Only one failure after fixing another broken test: # Failed test 2 in t/security/CVE-2005-3352.t at line 18 t/security/CVE-2005-3352.t .. 1..2 ... ok 1 # testing : referer was escaped # expected: (?^:\") # received: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> # <html><head> # <title>Menu for /security/CVE-2005-3352.map</title> # </head><body> # <h1>Menu for /security/CVE-2005-3352.map</h1> # <hr /> # # <pre>(Default) <a href="http://localhost:8529/security/%22%3ehttp://fish/";>Go Back</a></pre> # # # </body> # </html> not ok 2 The referer it sent was: ">http://fish/ It seems the test expected the '"' to get encoded as " and instead it received a percent encoding. Not sure whether the behavior or the test is broken. The change was introduced by r1418941 (trunk r1413732), where in this specific case ap_escape_html() was replaced by ap_escape_uri(). Regards, Rainer
