Re: cvs commit: httpd-test/perl-framework/t/security CAN-2004-0940.t

2004-10-28 Thread Geoffrey Young 


[EMAIL PROTECTED] wrote:
 jorton  2004/10/25 06:04:14
 
   Modified:perl-framework/t/conf extra.conf.in
   Added:   perl-framework/t/htdocs/security CAN-2004-0940.shtml
perl-framework/t/security CAN-2004-0940.t
   Log:
   Regression test for CAN-2004-0940, 1.3 mod_include overflow.

hi joe :)

I get the following failures on 1.3.32 but not on 1.3.33.

t/modules/rewrite.t  222   9.09%  18 20
t/security/CAN-2004-0940.t11 100.00%  1
t/security/CAN-2004-0958.t92  22.22%  1 3

I think these are all recent additions from you.  should each of these
failures be skipped unless something like

  ( have_apache(1)  have_min_apache_version(1.3.33) ) ||
  ( have_apache(2)  have_min_apache_version(2.0.XX) )

?

--Geoff

Re: cvs commit: httpd-test/perl-framework/t/security CAN-2004-0940.t

2004-10-28 Thread Cliff Woolley 
On Thu, 28 Oct 2004, Geoffrey Young wrote:

 I get the following failures on 1.3.32 but not on 1.3.33.

 t/modules/rewrite.t  222   9.09%  18 20
 t/security/CAN-2004-0940.t11 100.00%  1
 t/security/CAN-2004-0958.t92  22.22%  1 3

 I think these are all recent additions from you.  should each of these
 failures be skipped unless something like

   ( have_apache(1)  have_min_apache_version(1.3.33) ) ||
   ( have_apache(2)  have_min_apache_version(2.0.XX) )

I don't think so -- it's detecting an actual legitimate failure.  It's not
that the test requires a new version to work right, it's that that
particular version was broken.  No sense obfuscating that fact.

--Cliff