perl/apache2-mod_perl
SHA256
8
0
Fork 0
forked from pool/apache2-mod_perl
Code Pull Requests Activity

Accepting request 180817 from openSUSE:Factory:Staging:perl518

Browse Source 
- update to version 2.0.8 (http24 branch as used by debian):
  Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
  the workaround for the old hash collision attack, which breaks mod_perl's
  t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
  previously applied as revision 1455340. [Zefram]
  
  On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
  disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
  [Zefram]
  
  Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
  $Config{useithreads} rather than $Config{usethreads}, and supply definitions
  of Newx and Newxz as necessary. [Steve Hay]
  
  On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
  warning is generated for the buffer being autovivified. This is because
  the sv_setpvn() that's meant to vivify the buffer doesn't perform set
  magic; the warning is generated by the immediately following SvPV_force().
  Patch to fix this from rt.cpan.org #83922. [Zefram]
  
  Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
  contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
  keys). This resolves rt.perl.org #116863, from where the patch was taken.
  [Hugo van der Sanden]
  
  use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
  generate HTTP code 404 even if the requested filename contains newlines
  [Torsten]
- disable patch lfs-perl-5.14.patch as it no longer applies, but
  I can't find out if it's still need for ppc64 or if upstream's

OBS-URL: https://build.opensuse.org/request/show/180817
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_perl?expand=0&rev=40
This commit is contained in:
Roman Drahtmueller
2013-06-25 09:08:37 +00:00
committed by Git OBS Bridge
parent 56fb98e55d
commit cc4f8f60f7
4 changed files with 44 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
apache2-mod_perl.changes
View File

@@ -1,3 +1,39 @@
-------------------------------------------------------------------
Tue Jun 25 08:53:37 UTC 2013 - coolo@suse.com
- update to version 2.0.8 (http24 branch as used by debian):
Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
the workaround for the old hash collision attack, which breaks mod_perl's
t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
previously applied as revision 1455340. [Zefram]
On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
[Zefram]
Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
$Config{useithreads} rather than $Config{usethreads}, and supply definitions
of Newx and Newxz as necessary. [Steve Hay]
On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
warning is generated for the buffer being autovivified. This is because
the sv_setpvn() that's meant to vivify the buffer doesn't perform set
magic; the warning is generated by the immediately following SvPV_force().
Patch to fix this from rt.cpan.org #83922. [Zefram]
Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
keys). This resolves rt.perl.org #116863, from where the patch was taken.
[Hugo van der Sanden]
use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
generate HTTP code 404 even if the requested filename contains newlines
[Torsten]
- disable patch lfs-perl-5.14.patch as it no longer applies, but
I can't find out if it's still need for ppc64 or if upstream's
changes are good enough
-------------------------------------------------------------------
Sat Apr 6 10:12:07 UTC 2013 - dimstar@opensuse.org