diff --git a/apache2-mod_perl.changes b/apache2-mod_perl.changes index 7630bfc..7cfd586 100644 --- a/apache2-mod_perl.changes +++ b/apache2-mod_perl.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Tue Jun 25 08:53:37 UTC 2013 - coolo@suse.com + +- update to version 2.0.8 (http24 branch as used by debian): + + Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke + the workaround for the old hash collision attack, which breaks mod_perl's + t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix + previously applied as revision 1455340. [Zefram] + + On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has + disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921. + [Zefram] + + Restore build with Perl 5.8.1, 5.8.2 etc: take care to use + $Config{useithreads} rather than $Config{usethreads}, and supply definitions + of Newx and Newxz as necessary. [Steve Hay] + + On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value" + warning is generated for the buffer being autovivified. This is because + the sv_setpvn() that's meant to vivify the buffer doesn't perform set + magic; the warning is generated by the immediately following SvPV_force(). + Patch to fix this from rt.cpan.org #83922. [Zefram] + + Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which + contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash + keys). This resolves rt.perl.org #116863, from where the patch was taken. + [Hugo van der Sanden] + + use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to + generate HTTP code 404 even if the requested filename contains newlines + [Torsten] +- disable patch lfs-perl-5.14.patch as it no longer applies, but + I can't find out if it's still need for ppc64 or if upstream's + changes are good enough + ------------------------------------------------------------------- Sat Apr 6 10:12:07 UTC 2013 - dimstar@opensuse.org diff --git a/apache2-mod_perl.spec b/apache2-mod_perl.spec index d86aa6d..dbcfbd1 100644 --- a/apache2-mod_perl.spec +++ b/apache2-mod_perl.spec @@ -52,15 +52,12 @@ Requires: perl-libwww-perl Url: http://perl.apache.org/ Obsoletes: mod_perl_2 Conflicts: mod_perl -Version: 2.0.7+svn1448242 +Version: 2.0.8 Release: 0 -Source0: http://perl.apache.org/dist/mod_perl-%{version}.tar.gz +Source0: http://ftp.de.debian.org/debian/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz Patch: %{name}-2.0.4-tests.diff +# PATCH-NEEDS-REBASE Patch1: lfs-perl-5.14.patch -#%define apache_test_version 1_99_15 -# cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version} -#Source1: Apache-Test-%{apache_test_version}.tar.bz2 -#Url: http://perl.apache.org/ Icon: mod_perl.xpm BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -115,8 +112,8 @@ software depending on apache2-mod_perl. %prep #%setup -q -n modperl-2.0 -a 1 -%setup -q -n mod_perl-%{version} -%patch1 -p1 +%setup -q -n httpd24 +#%patch1 -p1 find -name ".svn" -type d | xargs rm -rfv %build diff --git a/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz b/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz new file mode 100644 index 0000000..8f3c69b --- /dev/null +++ b/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:47c8f079fac7b2fa0f15096607a8ad0eff293d01527b65c1e8cbe4ed5e7b69ad +size 3803732 diff --git a/mod_perl-2.0.7+svn1448242.tar.gz b/mod_perl-2.0.7+svn1448242.tar.gz deleted file mode 100644 index fd83d66..0000000 --- a/mod_perl-2.0.7+svn1448242.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9260f2076684ea6ee34cc03ba75ea2fcd362cca8fca6602013ba718196e8bc9 -size 3885475