Re: svn commit: r1610814 - in /httpd/httpd/trunk: ./ docs/manual/mod/ include/ modules/http/ modules/loggers/ modules/proxy/ server/

[Ruediger Pluem]

cove...@apache.org wrote:
> Author: covener
> Date: Tue Jul 15 19:11:02 2014
> New Revision: 1610814
> 
> URL: http://svn.apache.org/r1610814
> Log:
>   *) SECURITY: CVE-2013-5704 (cve.mitre.org)
>      core: HTTP trailers could be used to replace HTTP headers
>      late during request processing, potentially undoing or
>      otherwise confusing modules that examined or modified
>      request headers earlier.  Adds "MergeTrailers" directive to restore
>      legacy behavior.  
> 
> Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
> Committed By: covener
> 
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/docs/manual/mod/core.xml
>     httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
>     httpd/httpd/trunk/include/ap_mmn.h
>     httpd/httpd/trunk/include/http_core.h
>     httpd/httpd/trunk/include/httpd.h
>     httpd/httpd/trunk/modules/http/http_filters.c
>     httpd/httpd/trunk/modules/http/http_request.c
>     httpd/httpd/trunk/modules/loggers/mod_log_config.c
>     httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
>     httpd/httpd/trunk/server/core.c
>     httpd/httpd/trunk/server/protocol.c


I now see one regression in the test suite, but maybe the test is wrong now.

t/apache/chunkinput.t ..
1..9
# Running under perl version 5.010001 for linux
# Current time local: Tue Jul 15 21:42:16 2014
# Current time GMT:   Tue Jul 15 19:42:16 2014
# Using Test.pm version 1.25_02
# Using Apache/Test.pm version 1.38
testing default
ok 1
# testing : response codes
# expected: 'HTTP/1.1 200 OK'
# received: 'HTTP/1.1 200 OK'
ok 2
# testing : trailer (pid)
# expected: '25829'
# received: 'No chunked trailer available!'
not ok 3
ok 4
# Failed test 3 in t/apache/chunkinput.t at line 71
# testing : response codes
# expected: 'HTTP/1.1 404 Not Found'
# received: 'HTTP/1.1 404 Not Found'
ok 5
ok 6
# testing : response codes
# expected: 'HTTP/1.1 413 Request Entity Too Large'
# received: 'HTTP/1.1 413 Request Entity Too Large'
ok 7
ok 8
# testing : response codes
# expected: 'HTTP/1.1 413 Request Entity Too Large'
# received: 'HTTP/1.1 413 Request Entity Too Large'
ok 9
Failed 1/9 subtests

Test Summary Report
-------------------
t/apache/chunkinput.t (Wstat: 0 Tests: 9 Failed: 1)
  Failed test:  3
Files=1, Tests=9,  0 wallclock secs ( 0.01 usr  0.00 sys +  0.34 cusr  0.09 
csys =  0.44 CPU)
Result: FAIL
Failed 1/1 test programs. 1/9 subtests failed.
[warning] server localhost:8529 shutdown
[  error] error running tests (please examine t/logs/error_log)


Regards

Rüdiger