Re: [RELEASE CANDIDATE] mod_perl-2.0.11 RC2
Still seeing the t/api/request_rec.t failures, which do not occur with the same machine and same settings with 2.0.10. It's failing after the mtime test, before the finfo test. Test Summary Report --- t/api/request_rec.t (Wstat: 0 Tests: 43 Failed: 0) Parse errors: Bad plan. You planned 55 tests but ran 43. t/filter/in_bbs_inject_header.t (Wstat: 0 Tests: 36 Failed: 3) Failed tests: 22, 26, 30 Files=245, Tests=3402, 98 wallclock secs ( 0.71 usr 0.30 sys + 67.05 cusr 12.05 csys = 80.11 CPU) Result: FAIL Failed 2/245 test programs. 3/3402 subtests failed. This is what i see in the error_log: [Tue Sep 24 22:56:10.012601 2019] [perl:error] [pid 743] [client 127.0.0.1:57720] APR::Finfo::stat: (70008) Partial results are valid but processing is incomplete at /tmp/mod_perl-2.0.11-rc2/t/response/TestAPI/request_rec.pm line 168 Not sure if this is a concern or not, but it seems like it should be? Adam On 9/24/19 12:53 PM, Steve Hay wrote: Please download, test, and report back on this mod_perl 2.0.11 release candidate. https://dist.apache.org/repos/dist/dev/perl/mod_perl-2.0.11-rc2.tar.gz MD5 = abc2c2168121a09b0fc3b6fc6adc00bd SHA1 = 36ee7626506a3a461118b3957814dfe9331ef1de Changes since RC1 are as follows: Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. Patch from bugs.debian.org #644169. [Jan Ingvoldstad ] Fix potential test suite hangs due to pipelined response deadlocks. Patch from rt.cpan.org #82409. [Zefram ] Fix t/compat/request.t failures [Steve Hay]
[RELEASE CANDIDATE] mod_perl-2.0.11 RC2
Please download, test, and report back on this mod_perl 2.0.11 release candidate. https://dist.apache.org/repos/dist/dev/perl/mod_perl-2.0.11-rc2.tar.gz MD5 = abc2c2168121a09b0fc3b6fc6adc00bd SHA1 = 36ee7626506a3a461118b3957814dfe9331ef1de Changes since RC1 are as follows: Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. Patch from bugs.debian.org #644169. [Jan Ingvoldstad ] Fix potential test suite hangs due to pipelined response deadlocks. Patch from rt.cpan.org #82409. [Zefram ] Fix t/compat/request.t failures [Steve Hay]
svn commit: r35996 - /dev/perl/mod_perl-2.0.11-rc2.tar.gz
Author: stevehay Date: Tue Sep 24 16:48:15 2019 New Revision: 35996 Log: Upload mod_perl 2.0.11 RC2 Added: dev/perl/mod_perl-2.0.11-rc2.tar.gz (with props) Added: dev/perl/mod_perl-2.0.11-rc2.tar.gz == Binary file - no diff available. Propchange: dev/perl/mod_perl-2.0.11-rc2.tar.gz -- svn:mime-type = application/octet-stream
svn commit: r1867472 - in /perl/modperl/trunk: Changes META.yml
Author: stevehay Date: Tue Sep 24 16:47:24 2019 New Revision: 1867472 URL: http://svn.apache.org/viewvc?rev=1867472=rev Log: Make mod_perl-2.0.11-rc2 Modified: perl/modperl/trunk/Changes perl/modperl/trunk/META.yml Modified: perl/modperl/trunk/Changes URL: http://svn.apache.org/viewvc/perl/modperl/trunk/Changes?rev=1867472=1867471=1867472=diff == --- perl/modperl/trunk/Changes (original) +++ perl/modperl/trunk/Changes Tue Sep 24 16:47:24 2019 @@ -10,7 +10,7 @@ Also refer to the Apache::Test changes l =over 3 -=item 2.0.11-rc1 +=item 2.0.11-rc2 Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. Patch from bugs.debian.org #644169. [Jan Modified: perl/modperl/trunk/META.yml URL: http://svn.apache.org/viewvc/perl/modperl/trunk/META.yml?rev=1867472=1867471=1867472=diff == --- perl/modperl/trunk/META.yml (original) +++ perl/modperl/trunk/META.yml Tue Sep 24 16:47:24 2019 @@ -1,5 +1,5 @@ name: mod_perl -version: 2.0.11-rc1 +version: 2.0.11-rc2 installdirs: site distribution_type: module no_index:
AW: Setting a MIME type on $r->custom_response
Hi Andrew,
have a look at
$r->err_headers_out->add('Content-Type' => 'bla bla');
Best regards
Andreas
Von: Andrew Green
Gesendet: Dienstag, 24. September 2019 18:39
An: modperl@perl.apache.org
Betreff: Setting a MIME type on $r->custom_response
Hi all,
Is it possible to get $r->custom_response to respond using a MIME type other
than text/html?
I’m writing a mod_perl application that’s intended to work with someone else’s
React front end. My code therefore just sends JSON.
For an authentication failure, I can use custom_response to send a custom JSON
error with a Forbidden HTTP status:
$r->custom_response(Apache2::Const::FORBIDDEN, $json);
It works fine, except that I can’t get it to use the correct MIME type. The
following has no effect (whether I deploy it immediately before the
custom_response call or afterwards):
$r->content_type("application/json; charset=utf-8”);
It’s not a huge deal — and I haven’t yet tested whether React freaks out over
the Forbidden HTTP status regardless.
But if there’s a way to do this, I’d love to know. Thanks!
Cheers,
Andrew.
--
Andrew Green
Article Seven Limited
http://www.article7.co.uk/
Article Seven Limited is a registered company in England and Wales. Registered
number: 5703656. Registered office: 10 Hamilton Road, Sidcup, Kent, DA15 7HB.
svn commit: r1867471 - /perl/modperl/trunk/Changes
Author: stevehay Date: Tue Sep 24 16:39:11 2019 New Revision: 1867471 URL: http://svn.apache.org/viewvc?rev=1867471=rev Log: Update Changes file with recent changes Modified: perl/modperl/trunk/Changes Modified: perl/modperl/trunk/Changes URL: http://svn.apache.org/viewvc/perl/modperl/trunk/Changes?rev=1867471=1867470=1867471=diff == --- perl/modperl/trunk/Changes (original) +++ perl/modperl/trunk/Changes Tue Sep 24 16:39:11 2019 @@ -12,6 +12,15 @@ Also refer to the Apache::Test changes l =item 2.0.11-rc1 +Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user +account via a user-owned .htaccess. Patch from bugs.debian.org #644169. [Jan +Ingvoldstad ] + +Fix potential test suite hangs due to pipelined response deadlocks. Patch +from rt.cpan.org #82409. [Zefram ] + +Fix t/compat/request.t failures [Steve Hay] + Fix use-after-free segfault in ap_server_config_defines seen on start-up on OpenBSD. [Found/fixed by Sam Vaughan/Joe Orton]
Setting a MIME type on $r->custom_response
Hi all,
Is it possible to get $r->custom_response to respond using a MIME type other
than text/html?
I’m writing a mod_perl application that’s intended to work with someone else’s
React front end. My code therefore just sends JSON.
For an authentication failure, I can use custom_response to send a custom JSON
error with a Forbidden HTTP status:
$r->custom_response(Apache2::Const::FORBIDDEN, $json);
It works fine, except that I can’t get it to use the correct MIME type. The
following has no effect (whether I deploy it immediately before the
custom_response call or afterwards):
$r->content_type("application/json; charset=utf-8”);
It’s not a huge deal — and I haven’t yet tested whether React freaks out over
the Forbidden HTTP status regardless.
But if there’s a way to do this, I’d love to know. Thanks!
Cheers,
Andrew.
--
Andrew Green
Article Seven Limited
http://www.article7.co.uk/
svn commit: r1867470 - /perl/modperl/trunk/src/modules/perl/mod_perl.c
Author: stevehay
Date: Tue Sep 24 16:31:13 2019
New Revision: 1867470
URL: http://svn.apache.org/viewvc?rev=1867470=rev
Log:
Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user
account via a user-owned .htaccess
Patch by Jan Ingvoldstad from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644169#19
(See also https://rt.cpan.org/Ticket/Display.html?id=126984)
Modified:
perl/modperl/trunk/src/modules/perl/mod_perl.c
Modified: perl/modperl/trunk/src/modules/perl/mod_perl.c
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/src/modules/perl/mod_perl.c?rev=1867470=1867469=1867470=diff
==
--- perl/modperl/trunk/src/modules/perl/mod_perl.c (original)
+++ perl/modperl/trunk/src/modules/perl/mod_perl.c Tue Sep 24 16:31:13 2019
@@ -939,18 +939,18 @@ static const command_rec modperl_cmds[]
MP_CMD_DIR_ITERATE2("PerlAddVar", add_var, "PerlAddVar"),
MP_CMD_DIR_TAKE2("PerlSetEnv", set_env, "PerlSetEnv"),
MP_CMD_SRV_TAKE1("PerlPassEnv", pass_env, "PerlPassEnv"),
-MP_CMD_DIR_RAW_ARGS_ON_READ("
svn commit: r1867454 - in /perl/modperl/trunk/t: filter/TestFilter/in_str_declined.pm filter/TestFilter/in_str_declined_read.pm filter/TestFilter/in_str_msg.pm response/TestModperl/post_utf8.pm
Author: stevehay
Date: Tue Sep 24 12:54:06 2019
New Revision: 1867454
URL: http://svn.apache.org/viewvc?rev=1867454=rev
Log:
Fix potential test suite hangs due to pipelined response deadlocks
Patch by Zefram from
https://rt.cpan.org/Ticket/Display.html?id=82409
Modified:
perl/modperl/trunk/t/filter/TestFilter/in_str_declined.pm
perl/modperl/trunk/t/filter/TestFilter/in_str_declined_read.pm
perl/modperl/trunk/t/filter/TestFilter/in_str_msg.pm
perl/modperl/trunk/t/response/TestModperl/post_utf8.pm
Modified: perl/modperl/trunk/t/filter/TestFilter/in_str_declined.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/t/filter/TestFilter/in_str_declined.pm?rev=1867454=1867453=1867454=diff
==
--- perl/modperl/trunk/t/filter/TestFilter/in_str_declined.pm (original)
+++ perl/modperl/trunk/t/filter/TestFilter/in_str_declined.pm Tue Sep 24
12:54:06 2019
@@ -36,13 +36,17 @@ sub handler {
sub response {
my $r = shift;
+my $data;
+if ($r->method_number == Apache2::Const::M_POST) {
+# consume the data so the input filter is invoked
+$data = TestCommon::Utils::read_post($r);
+}
+
plan $r, tests => 2;
$r->content_type('text/plain');
if ($r->method_number == Apache2::Const::M_POST) {
-# consume the data so the input filter is invoked
-my $data = TestCommon::Utils::read_post($r);
ok t_cmp(length $data, 2, "the request body received ok");
}
Modified: perl/modperl/trunk/t/filter/TestFilter/in_str_declined_read.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/t/filter/TestFilter/in_str_declined_read.pm?rev=1867454=1867453=1867454=diff
==
--- perl/modperl/trunk/t/filter/TestFilter/in_str_declined_read.pm (original)
+++ perl/modperl/trunk/t/filter/TestFilter/in_str_declined_read.pm Tue Sep 24
12:54:06 2019
@@ -32,14 +32,19 @@ sub handler {
sub response {
my $r = shift;
+my $err;
+if ($r->method_number == Apache2::Const::M_POST) {
+# this should fail, because of the failing filter
+eval { TestCommon::Utils::read_post($r) };
+$err = $@;
+}
+
plan $r, tests => 1;
$r->content_type('text/plain');
if ($r->method_number == Apache2::Const::M_POST) {
-# this should fail, because of the failing filter
-eval { TestCommon::Utils::read_post($r) };
-ok $@;
+ok $err;
}
Apache2::Const::OK;
Modified: perl/modperl/trunk/t/filter/TestFilter/in_str_msg.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/t/filter/TestFilter/in_str_msg.pm?rev=1867454=1867453=1867454=diff
==
--- perl/modperl/trunk/t/filter/TestFilter/in_str_msg.pm (original)
+++ perl/modperl/trunk/t/filter/TestFilter/in_str_msg.pm Tue Sep 24 12:54:06
2019
@@ -77,10 +77,10 @@ my $expected = "UPCASED";
sub response {
my $r = shift;
-plan $r, tests => 1;
-
my $received = TestCommon::Utils::read_post($r);
+plan $r, tests => 1;
+
ok t_cmp($received, $expected,
"request filter must have upcased the data");
Modified: perl/modperl/trunk/t/response/TestModperl/post_utf8.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/t/response/TestModperl/post_utf8.pm?rev=1867454=1867453=1867454=diff
==
--- perl/modperl/trunk/t/response/TestModperl/post_utf8.pm (original)
+++ perl/modperl/trunk/t/response/TestModperl/post_utf8.pm Tue Sep 24 12:54:06
2019
@@ -30,14 +30,14 @@ sub handler {
#$r->content_type("text/plain; charset=utf-8");
#$r->print("expected: $expected_utf8\n");
+my $received = TestCommon::Utils::read_post($r) || "";
+
# utf encode/decode was added only in 5.8.0
# XXX: currently binmode is only available with perlio (used on the
# server side on the tied/perlio STDOUT)
plan $r, tests => 2,
need need_min_perl_version(5.008), need_perl('perlio');
-my $received = TestCommon::Utils::read_post($r) || "";
-
# workaround for perl-5.8.0, which doesn't decode correctly a
# tainted variable
require ModPerl::Util;
Re: [RELEASE CANDIDATE] mod_perl-2.0.11 RC1
Actually, the compat/request.t failure was a trivial fix - done in rev. 1867432. I will make an RC2 with this fix. Thanks for prompting me to look! :-) On Tue, 24 Sep 2019 at 08:19, Steve Hay wrote: > > I see the compat/request.t failure too, but I also got that in my 2.0.10 > setup. > > (I also get modperl/env.t, modperl/setupenv.t and preconnection.note.t > failures, which also occurred in 2.0.10, plus some lingering > filter/in_bbs_inject_header.t failures that occurred in 2.0.10 which I > thought would be fixed now but aren't. I also have one other report of > the latter. For me it only fails when LWP is present.) > > On Tue, 24 Sep 2019 at 04:04, Adam Prime wrote: > > > > I'm seeing more test failures for 2.0.11 RC1 than for 2.0.10 with the > > same setup. > > > > Test Summary Report > > --- > > t/api/request_rec.t (Wstat: 0 Tests: 43 Failed: 0) > >Parse errors: Bad plan. You planned 55 tests but ran 43. > > t/compat/request.t(Wstat: 0 Tests: 12 Failed: 0) > >Parse errors: Bad plan. You planned 22 tests but ran 12. > > t/filter/in_bbs_inject_header.t (Wstat: 0 Tests: 36 Failed: 3) > >Failed tests: 22, 26, 30 > > Files=245, Tests=3392, 102 wallclock secs ( 0.76 usr 0.34 sys + 72.85 > > cusr 11.27 csys = 85.22 CPU) > > Result: FAIL > > Failed 3/245 test programs. 3/3392 subtests failed. > > > > > > The compat/request.t failures don't occur on the previous version. Is > > this expected? I'm using perl 5.28.0, and httpd 2.4.41 prefork. > > > > Adam > > > > On 9/2/19 8:34 AM, Steve Hay wrote: > > > Please download, test, and report back on this mod_perl 2.0.11 release > > > candidate. > > > > > > https://dist.apache.org/repos/dist/dev/perl/mod_perl-2.0.11-rc1.tar.gz > > > > > > MD5 = 417823274b32e5ca8759cf3760ad1591 > > > SHA1 = e47c72337e6766c403d0a76b59d3808625e5162b > > > > > > Major changes in this release are as follows: > > > > > > Fix use-after-free segfault in ap_server_config_defines seen on > > > start-up on OpenBSD. [Found/fixed by Sam Vaughan/Joe Orton] > > > > > > Fix build with Perls earlier than 5.13.6. [Rainer Jung > > > ] > > > > > > Fix filter/in_bbs_inject_header.t test failure with Apache 2.4.25+. > > > [Stefan Fritsch ] > > > > > > Fix apache/read.t test failure with Apache 2.4.25+. [Niko Tyni > > > ] > > >
svn commit: r1867432 - /perl/modperl/trunk/lib/Apache2/compat.pm
Author: stevehay
Date: Tue Sep 24 08:07:32 2019
New Revision: 1867432
URL: http://svn.apache.org/viewvc?rev=1867432=rev
Log:
Fix t/compat/request.t failures
With better error handling in override_mp2_api(), we can see why we get an
Internal Server Error from this script:
error overriding Apache2::RequestRec::filename : Bareword "WIN32" not allowed
while "strict subs" in use at (eval 178) line 15.
And the fix is trivial.
Thanks to Adam Prime for making me look into this!
Modified:
perl/modperl/trunk/lib/Apache2/compat.pm
Modified: perl/modperl/trunk/lib/Apache2/compat.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/compat.pm?rev=1867432=1867431=1867432=diff
==
--- perl/modperl/trunk/lib/Apache2/compat.pm (original)
+++ perl/modperl/trunk/lib/Apache2/compat.pm Tue Sep 24 08:07:32 2019
@@ -64,6 +64,8 @@ use File::Spec ();
use APR::Const -compile => qw(FINFO_NORM FINFO_PROT);
+use constant WIN32 => ($^O eq "MSWin32");
+
BEGIN {
$INC{'Apache.pm'} = __FILE__;
@@ -256,6 +258,9 @@ sub override_mp2_api {
next;
}
$overridden_mp2_api{$sub} = eval $overridable_mp2_api{$sub};
+if ($@) {
+die "error overriding $sub : $@";
+}
unless (exists $overridden_mp2_api{$sub} &&
ref($overridden_mp2_api{$sub}) eq 'CODE') {
die "overriding $sub didn't return a CODE ref";
Re: [RELEASE CANDIDATE] mod_perl-2.0.11 RC1
I see the compat/request.t failure too, but I also got that in my 2.0.10 setup. (I also get modperl/env.t, modperl/setupenv.t and preconnection.note.t failures, which also occurred in 2.0.10, plus some lingering filter/in_bbs_inject_header.t failures that occurred in 2.0.10 which I thought would be fixed now but aren't. I also have one other report of the latter. For me it only fails when LWP is present.) On Tue, 24 Sep 2019 at 04:04, Adam Prime wrote: > > I'm seeing more test failures for 2.0.11 RC1 than for 2.0.10 with the > same setup. > > Test Summary Report > --- > t/api/request_rec.t (Wstat: 0 Tests: 43 Failed: 0) >Parse errors: Bad plan. You planned 55 tests but ran 43. > t/compat/request.t(Wstat: 0 Tests: 12 Failed: 0) >Parse errors: Bad plan. You planned 22 tests but ran 12. > t/filter/in_bbs_inject_header.t (Wstat: 0 Tests: 36 Failed: 3) >Failed tests: 22, 26, 30 > Files=245, Tests=3392, 102 wallclock secs ( 0.76 usr 0.34 sys + 72.85 > cusr 11.27 csys = 85.22 CPU) > Result: FAIL > Failed 3/245 test programs. 3/3392 subtests failed. > > > The compat/request.t failures don't occur on the previous version. Is > this expected? I'm using perl 5.28.0, and httpd 2.4.41 prefork. > > Adam > > On 9/2/19 8:34 AM, Steve Hay wrote: > > Please download, test, and report back on this mod_perl 2.0.11 release > > candidate. > > > > https://dist.apache.org/repos/dist/dev/perl/mod_perl-2.0.11-rc1.tar.gz > > > > MD5 = 417823274b32e5ca8759cf3760ad1591 > > SHA1 = e47c72337e6766c403d0a76b59d3808625e5162b > > > > Major changes in this release are as follows: > > > > Fix use-after-free segfault in ap_server_config_defines seen on > > start-up on OpenBSD. [Found/fixed by Sam Vaughan/Joe Orton] > > > > Fix build with Perls earlier than 5.13.6. [Rainer Jung > > ] > > > > Fix filter/in_bbs_inject_header.t test failure with Apache 2.4.25+. > > [Stefan Fritsch ] > > > > Fix apache/read.t test failure with Apache 2.4.25+. [Niko Tyni > > ] > >
