Hi,
when backporting the CVE-2009-1195 fix in r773881+r779472 from
branches/2.2.x to 2.2.9, I noticed that it causes a test failure when
compiling mod_perl 2.0.4. Since I am neither familiar with mod_perl nor
with the mod_include internals, maybe someone else can check if this is a
necessary breakage or if the fix can be adjusted to be more backward
compatible.
The test output:
================
t/api/add_config........................# connecting to
http://localhost:8560/TestAPI__add_config/
1..9
# Running under perl version 5.010000 for linux
# Current time local: Mon Jun 1 15:56:35 2009
# Current time GMT: Mon Jun 1 13:56:35 2009
# Using Test.pm version 1.25
# Using Apache/Test.pm version 1.31
...
# expected: 8
# received: 40
not ok 7
...
FAILED test 7
Failed 1/9 tests, 88.89% okay
=============
The interesting test file in mod_perls source is
./t/response/TestAPI/add_config.pm.
It looks like the test sets "Options ExecCGI" and expects
$r->allow_options to be 8 (Apache2::Const::OPT_EXECCGI), but the actual
value is 40 (Apache2::Const::OPT_EXECCGI|Apache2::Const::OPT_INCNOEXEC).
Cheers,
Stefan
