Last update (for your suggestions) -- verbose output t/security/CVE-2008-2364.t .. 1..3 # Running under perl version 5.010001 for aix # Current time local: Fri Aug 8 11:38:28 2014 # Current time GMT: Fri Aug 8 11:38:28 2014 # Using Test.pm version 1.25_02 # Using Apache/Test.pm version 1.38 # testing : reverse proxy to index.html # expected: 200 # received: '200' ok 1 # testing : small number of interim responses - CVE-2008-2364 # expected: 200 # received: '100' not ok 2 # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # testing : large number of interim responses - CVE-2008-2364 # expected: 502 # received: '100' not ok 3 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Failed 2/3 subtests t/ssl/extlookup.t ........... 1..4 # Running under perl version 5.010001 for aix # Current time local: Fri Aug 8 11:38:32 2014 # Current time GMT: Fri Aug 8 11:38:32 2014 # Using Test.pm version 1.25_02 # Using Apache/Test.pm version 1.38 # testing : ssl_ext_lookup works for 1.3.6.1.4.1.18060.12.0 # expected: 200 # received: '200' ok 1 # testing : Extension value match for 1.3.6.1.4.1.18060.12.0 # expected: 'Lemons' # received: 'NULL' not ok 2 # Failed test 2 in t/ssl/extlookup.t at line 27 # testing : ssl_ext_lookup works for 2.16.840.1.113730.1.13 # expected: 200 # received: '200' ok 3 # testing : Extension value match for 2.16.840.1.113730.1.13 # expected: 'This Is A Comment' # received: 'This Is A Comment' ok 4 Failed 1/4 subtests t/ssl/require.t ............. 1..10 # Running under perl version 5.010001 for aix # Current time local: Fri Aug 8 11:38:36 2014 # Current time GMT: Fri Aug 8 11:38:36 2014 # Using Test.pm version 1.25_02 # Using Apache/Test.pm version 1.38 ok 1 ok 2 ok 3 ok 4 ok 5 ok 6 ok 7 ok 8 not ok 9 # Failed test 9 in t/ssl/require.t at line 44 ok 10 Failed 1/10 subtests
Test Summary Report ------------------- t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) Failed test: 9 Files=3, Tests=17, 13 wallclock secs ( 0.08 usr 0.02 sys + 4.31 cusr 1.88 csys = 6.29 CPU) Result: FAIL Failed 3/3 test programs. 4/17 subtests failed. Thank you for your attention! On Fri, Aug 8, 2014 at 1:12 PM, Michael Felt <mamf...@gmail.com> wrote: > update: > I think the CVE test passed with 2.4.10 and failed with 2.2.28 because > 1. iirc, 2.4.10 does not have CGI (by default) and 2.2.28 does. > 2. the perl cgi_scripts needed are not present, so cannot be loaded > > The test is - mainly - > > Apache::TestRequest::module("proxy_http_reverse"); > Apache::TestRequest::user_agent(requests_redirectable => 0); > > my $r = GET("/reverse/"); > ok t_cmp($r->code, 200, "reverse proxy to index.html"); > > if (have_cgi) { > $r = GET("/reverse/modules/cgi/nph-interim1.pl"); > ok t_cmp($r->code, 200, "small number of interim responses - > CVE-2008-2364"); > > $r = GET("/reverse/modules/cgi/nph-interim2.pl"); > ok t_cmp($r->code, 502, "large number of interim responses - > CVE-2008-2364"); > > } else { > skip "skipping tests without CGI module" foreach (1..2); > } > > The first test passed (can GET /reverse/ ) > But the other two fail - I think because the nph-interim?.pl are missing > in the ./test I download via svn: > > michael@x054:[/data/prj/SVN]svn checkout > http://svn.apache.org/repos/asf/httpd/test/framework/trunk > /data/prj/apache/httpd/test > > Fetching external item into 'apache/httpd/test/Apache-Test' > Checked out external at revision 1616713. > > Checked out revision 1616713. > > cd /data/prj/apache/httpd/test > root@x099:[/data/prj/apache/httpd/test]find . -name nph-interm1.pl > root@x099:[/data/prj/apache/httpd/test]find . -name reverse > ./t/htdocs/modules/proxy/reverse > root@x099:[/data/prj/apache/httpd/test]find . -name reverse > root@x099:[/data/prj/apache/httpd/test]ls -l > ./t/htdocs/modules/proxy/reverse > total 32 > drwxrwxr-x 6 michael felt 4096 Aug 06 12:40 .svn > drwxrwxr-x 3 michael felt 4096 Feb 19 2013 notproxy > root@x099:[/data/prj/apache/httpd/test]find . -name > cgi > ./t/htdocs/modules/cgi > > Suggestions? > > > > On Fri, Aug 8, 2014 at 12:42 PM, Michael Felt <mamf...@gmail.com> wrote: > >> after --enable-proxy reran tests and get this: >> ... >> using Apache/2.2.28-dev (worker MPM) >> ... >> Test Summary Report >> ------------------- >> t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) >> Failed tests: 2-3 >> >> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) >> Failed test: 2 >> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) >> Failed test: 9 >> Files=109, Tests=3709, 589 wallclock secs ( 5.13 usr 0.48 sys + 166.18 >> cusr 74.55 csys = 246.34 CPU) >> Result: FAIL >> >> Any assistance with taking the next step, e.g., understanding why the >> test failed, is welcome. >> >> >> On Fri, Aug 8, 2014 at 10:42 AM, Michael Felt <mamf...@gmail.com> wrote: >> >>> So, back to testing again - on the same system where 2.4.10-distro >>> passed all tests it ran, 2.2.28-dev has a few errors reporting - and I need >>> to figure out why mod_proxy is not being built (or maybe it is only that it >>> is not Loaded) >>> >>> Summary: >>> cc is a tracked alias for /usr/vac/bin/cc >>> root@x099:[/data/prj/apache/httpd/test]oslevel -s >>> 7100-02-04-1341 >>> root@x099:[/data/prj/apache/httpd/test]type perl >>> perl is /usr/bin/perl >>> root@x099:[/data/prj/apache/httpd/test]ls -l /usr/bin/perl >>> lrwxrwxrwx 1 root system 29 Aug 05 21:00 /usr/bin/perl >>> -> /usr/opt/perl5/bin/perl5.10.1 >>> >>> root@x099:[/data/prj/apache/httpd/test]find /opt/httpd -name apxs >>> /opt/httpd/sbin/apxs >>> root@x099:[/data/prj/apache/httpd/test]perl Makefile.PL -apxs >>> /opt/httpd/sbin/apxs >>> [ info] generating script ./Apache-Test.save/t/cgi-bin/ >>> next_available_port.pl >>> [ info] generating script ./Apache-Test.save/t/cgi-bin/cookies.pl >>> ... >>> Checking for File::Spec...ok >>> Checking for Cwd...ok >>> Generating a Unix-style Makefile >>> Writing Makefile for httpd-test >>> Writing MYMETA.yml and MYMETA.json >>> root@x099:[/data/prj/apache/httpd/test] >>> >>> root@x099:[/data/prj/apache/httpd/test]find . ! -user michael -exec >>> chown michael {} \; >>> root@x099:[/data/prj/apache/httpd/test]su michael >>> root@x099:[/data/prj/apache/httpd/test]t/TEST >>> [warning] setting ulimit to allow core files >>> ulimit -c unlimited; /usr/opt/perl5/bin/perl >>> /data/prj/apache/httpd/test/t/TEST >>> cd test_rwrite && make .libs/mod_test_rwrite.so >>> make[1]: Entering directory >>> `/data/prj/apache/httpd/test/c-modules/test_rwrite' >>> /opt/httpd/sbin/apxs -D APACHE2 >>> -I/data/prj/apache/httpd/test/c-modules -c mod_test_rwrite.c >>> ... >>> using Apache/2.2.28-dev (worker MPM) >>> >>> waiting 60 seconds for server to start: ... >>> waiting 60 seconds for server to start: ok (waited 2 secs) >>> server loopback:8529 started >>> server loopback:8530 listening (mod_nntp_like) >>> server loopback:8531 listening (mod_nntp_like_ssl) >>> server loopback:8532 listening (mod_ssl) >>> server loopback:8533 listening (ssl_optional_cc) >>> server loopback:8534 listening (ssl_pr33791) >>> server loopback:8535 listening (proxy_http_bal1) >>> server loopback:8536 listening (proxy_http_bal2) >>> server loopback:8537 listening (proxy_http_balancer) >>> server loopback:8538 listening (cve_2011_3368_rewrite) >>> server loopback:8539 listening (proxy_http_reverse) >>> server loopback:8540 listening (cve_2011_3368) >>> server loopback:8541 listening (mod_headers) >>> server loopback:8542 listening (error_document) >>> server loopback:8543 listening (http_strict) >>> server loopback:8544 listening (mod_vhost_alias) >>> server loopback:8545 listening (mod_include) >>> server loopback:8546 listening (proxy_http_https) >>> server loopback:8547 listening (proxy_https_https) >>> server loopback:8548 listening (proxy_https_http) >>> [ info] adding source lib /data/prj/apache/httpd/test/Apache-Test/lib >>> to @INC >>> t/apache/404.t ...................... ok >>> t/apache/acceptpathinfo.t ........... ok >>> ... >>> t/ssl/env.t ......................... ok >>> t/ssl/extlookup.t ................... 1/4 # Failed test 2 in >>> t/ssl/extlookup.t at line 27 >>> t/ssl/extlookup.t ................... Failed 1/4 subtests >>> t/ssl/fakeauth.t .................... ok >>> t/ssl/headers.t ..................... ok >>> t/ssl/http.t ........................ ok >>> t/ssl/pr12355.t ..................... ok >>> t/ssl/pr43738.t ..................... ok >>> t/ssl/proxy.t ....................... skipped: cannot find module >>> 'mod_proxy', cannot find module 'proxy_http.c' >>> t/ssl/require.t ..................... 2/10 # Failed test 9 in >>> t/ssl/require.t at line 44 >>> t/ssl/require.t ..................... Failed 1/10 subtests >>> t/ssl/v2.t .......................... ok >>> t/ssl/varlookup.t ................... ok >>> t/ssl/verify.t ...................... ok >>> >>> Test Summary Report >>> ------------------- >>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) >>> Failed test: 2 >>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) >>> Failed test: 9 >>> Files=109, Tests=3503, 533 wallclock secs ( 4.66 usr 0.47 sys + 161.53 >>> cusr 73.62 csys = 240.28 CPU) >>> Result: FAIL >>> Failed 2/109 test programs. 2/3503 subtests failed. >>> [warning] server loopback:8529 shutdown >>> [warning] port 8529 still in use... >>> ......done >>> [ error] error running tests (please examine t/logs/error_log) >>> >>> >>> >>> On Thu, Aug 7, 2014 at 6:05 PM, Michael Felt <mamf...@gmail.com> wrote: >>> >>>> Actually, there are more files involved - if you read the CHANGES you >>>> might understand. So, here is a tar file with everything. >>>> >>>> As a zip file, because my mailer refuses the .tar file >>>> >>>> >>>> >>>> On Thu, Aug 7, 2014 at 5:43 PM, Michael Felt <mamf...@gmail.com> wrote: >>>> >>>>> Made updates to the wiki - and, although probably too late for 2.2.28 >>>>> release - please review this patch for build/aix stuff. Who knows, if/when >>>>> a 2.2.29 release ever comes these will be there too. >>>>> >>>>> p.s. starting test run for trunk (aka 2.2.28) >>>>> >>>>> p.p.s. The idea is that the CHANGES file be added in build/aix. If >>>>> that is a sin of some sort, please just append to build/aix/README.aix I >>>>> will see what it becomes when trunk is updated. >>>>> >>>>> >>>>> On Thu, Aug 7, 2014 at 9:08 AM, Michael Felt <mamf...@gmail.com> >>>>> wrote: >>>>> >>>>>> I already have a login. I have a problem with writing in wiki's - >>>>>> never satisfied with how I put it there, but I shall add/update the info >>>>>> I >>>>>> know. >>>>>> >>>>>> >>>>>> On Wed, Aug 6, 2014 at 2:40 PM, Eric Covener <cove...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> On Wed, Aug 6, 2014 at 8:37 AM, Michael Felt <mamf...@gmail.com> >>>>>>> wrote: >>>>>>> > The good news: >>>>>>> > All tests successful. >>>>>>> > Files=109, Tests=4763, 645 wallclock secs ( 5.69 usr 0.51 sys + >>>>>>> 175.37 cusr >>>>>>> > 113.07 csys = 294.64 CPU) >>>>>>> > Result: PASS >>>>>>> > >>>>>>> > How: tested on AIX 7.1 with a more modern perl version. There is >>>>>>> one >>>>>>> > sub-module (Test::Try if i recall correctly) - that demands perl >>>>>>> 5.10 as a >>>>>>> > minimum. So without that there are probably several perl modules >>>>>>> that are >>>>>>> > not sufficient for the tests to be processed correctly) >>>>>>> > >>>>>>> > For now I am just going to be happy with: All tests successful. >>>>>>> ... Result: >>>>>>> > PASS >>>>>>> > >>>>>>> >>>>>>> Can you take a pass through >>>>>>> https://wiki.apache.org/httpd/AIXPlatform >>>>>>> while it's still fresh? You may have to register a nickname there and >>>>>>> then ask for write access (spam problems >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >