Accepting request 180817 from openSUSE:Factory:Staging:perl518

- update to version 2.0.8 (http24 branch as used by debian): Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke the workaround for the old hash collision attack, which breaks mod_perl's t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix previously applied as revision 1455340. [Zefram] On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921. [Zefram] Restore build with Perl 5.8.1, 5.8.2 etc: take care to use $Config{useithreads} rather than $Config{usethreads}, and supply definitions of Newx and Newxz as necessary. [Steve Hay] On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value" warning is generated for the buffer being autovivified. This is because the sv_setpvn() that's meant to vivify the buffer doesn't perform set magic; the warning is generated by the immediately following SvPV_force(). Patch to fix this from rt.cpan.org #83922. [Zefram] Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash keys). This resolves rt.perl.org #116863, from where the patch was taken. [Hugo van der Sanden] use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to generate HTTP code 404 even if the requested filename contains newlines [Torsten] - disable patch lfs-perl-5.14.patch as it no longer applies, but I can't find out if it's still need for ppc64 or if upstream's OBS-URL: https://build.opensuse.org/request/show/180817 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_perl?expand=0&rev=40
2013-06-25 09:08:37 +00:00
parent 56fb98e55d
commit cc4f8f60f7
4 changed files with 44 additions and 11 deletions
--- a/apache2-mod_perl.changes
+++ b/apache2-mod_perl.changes
@@ -1,3 +1,39 @@
 -------------------------------------------------------------------
 Tue Jun 25 08:53:37 UTC 2013 - coolo@suse.com
 - update to version 2.0.8 (http24 branch as used by debian):
  Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
  the workaround for the old hash collision attack, which breaks mod_perl's
  t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
  previously applied as revision 1455340. [Zefram]
  On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
  disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
  [Zefram]
  Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
  $Config{useithreads} rather than $Config{usethreads}, and supply definitions
  of Newx and Newxz as necessary. [Steve Hay]
  On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
  warning is generated for the buffer being autovivified. This is because
  the sv_setpvn() that's meant to vivify the buffer doesn't perform set
  magic; the warning is generated by the immediately following SvPV_force().
  Patch to fix this from rt.cpan.org #83922. [Zefram]
  Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
  contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
  keys). This resolves rt.perl.org #116863, from where the patch was taken.
  [Hugo van der Sanden]
  use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
  generate HTTP code 404 even if the requested filename contains newlines
  [Torsten]
 - disable patch lfs-perl-5.14.patch as it no longer applies, but
  I can't find out if it's still need for ppc64 or if upstream's
  changes are good enough
 -------------------------------------------------------------------
 Sat Apr  6 10:12:07 UTC 2013 - dimstar@opensuse.org
--- a/apache2-mod_perl.spec
+++ b/apache2-mod_perl.spec
@@ -52,15 +52,12 @@ Requires:       perl-libwww-perl
 Url:            http://perl.apache.org/
 Obsoletes:      mod_perl_2
 Conflicts:      mod_perl
-Version:        2.0.7+svn1448242
+Version:        2.0.8
 Release:        0
-Source0:        http://perl.apache.org/dist/mod_perl-%{version}.tar.gz
+Source0:        http://ftp.de.debian.org/debian/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz
 Patch:          %{name}-2.0.4-tests.diff
 # PATCH-NEEDS-REBASE
 Patch1:         lfs-perl-5.14.patch 
 #%define apache_test_version 1_99_15
 # cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version}
 #Source1:      Apache-Test-%{apache_test_version}.tar.bz2
 #Url:            http://perl.apache.org/
 Icon:         mod_perl.xpm
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -115,8 +112,8 @@ software depending on apache2-mod_perl.
 %prep
 #%setup -q -n modperl-2.0 -a 1
-%setup -q -n mod_perl-%{version}
+%setup -q -n httpd24
-%patch1 -p1
+#%patch1 -p1
 find -name ".svn" -type d | xargs rm -rfv
 %build
--- a/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz
+++ b/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:47c8f079fac7b2fa0f15096607a8ad0eff293d01527b65c1e8cbe4ed5e7b69ad
 size 3803732
--- a/mod_perl-2.0.7+svn1448242.tar.gz
+++ b/mod_perl-2.0.7+svn1448242.tar.gz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d9260f2076684ea6ee34cc03ba75ea2fcd362cca8fca6602013ba718196e8bc9
 size 3885475