[SCM] Debian packaging of libapache2-mod-perl2 branch, master, updated. debian/2.0.7-2-3-g7b6d972
Dominic Hargreaves
dom at earth.li
Tue Mar 12 00:01:39 UTC 2013
The following commit has been merged in the master branch:
commit 7b6d972fcb6040c4ad7f6938fc68f9aa165fb92f
Author: Dominic Hargreaves <dom at earth.li>
Date: Mon Mar 11 23:43:50 2013 +0000
Fix FTBFS with versions of perl including the CVE-2013-1667 fix (Closes: #702821)
diff --git a/debian/changelog b/debian/changelog
index 134c25e..1f6b964 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,12 @@
libapache2-mod-perl2 (2.0.7-3) UNRELEASED; urgency=low
+ [ Salvatore Bonaccorso ]
* Change Vcs-Git to canonical URI (git://anonscm.debian.org)
+ [ Dominic Hargreaves ]
+ * Fix FTBFS with versions of perl including the CVE-2013-1667
+ fix (Closes: #702821)
+
-- Salvatore Bonaccorso <carnil at debian.org> Sun, 06 Jan 2013 21:56:58 +0100
libapache2-mod-perl2 (2.0.7-2) unstable; urgency=low
diff --git a/debian/patches/270_fix_hash_attack_test.patch b/debian/patches/270_fix_hash_attack_test.patch
new file mode 100644
index 0000000..3158785
--- /dev/null
+++ b/debian/patches/270_fix_hash_attack_test.patch
@@ -0,0 +1,77 @@
+--- a/t/response/TestPerl/hash_attack.pm (revision 1451907)
++++ b/t/response/TestPerl/hash_attack.pm (working copy)
+@@ -5,10 +5,11 @@
+ # and fixup handlers in this test). Moreover it must not fail to find
+ # that entry on the subsequent requests.
+ #
+-# the hash attack is detected when HV_MAX_LENGTH_BEFORE_SPLIT keys
+-# find themselves in the same hash bucket, in which case starting from
+-# 5.8.2 the hash will rehash all its keys using a random hash seed
+-# (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
++# the hash attack is detected when HV_MAX_LENGTH_BEFORE_REHASH keys find
++# themselves in the same hash bucket on splitting (which happens when the
++# number of keys crosses the threshold of a power of 2), in which case
++# starting from 5.8.2 the hash will rehash all its keys using a random hash
++# seed (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
+ # variable)
+ #
+ # Prior to the attack condition hashes use the PL_hash_seed, which is
+@@ -29,7 +30,7 @@
+
+ use constant MASK_U32 => 2**32;
+ use constant HASH_SEED => 0; # 5.8.2: always zero before the rehashing
+-use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_SPLIT
++use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_REHASH
+ use constant START => "a";
+
+ # create conditions which will trigger a rehash on the current stash
+@@ -74,9 +75,9 @@
+ my $bits = $keys ? log($keys)/log(2) : 0;
+ $bits = $min_bits if $min_bits > $bits;
+
+- $bits = int($bits) < $bits ? int($bits) + 1 : int($bits);
+- # need to add 2 bits to cover the internal split cases
+- $bits += 2;
++ $bits = ceil($bits);
++ # need to add 3 bits to cover the internal split cases
++ $bits += 3;
+ my $mask = 2**$bits-1;
+ debug "mask: $mask ($bits)";
+
+@@ -90,7 +91,7 @@
+ next unless ($h & $mask) == 0;
+ $c++;
+ $stash->{$s}++;
+- debug sprintf "%2d: %5s, %10s, %s", $c, $s, $h, scalar(%$stash);
++ debug sprintf "%2d: %5s, %08x %s", $c, $s, $h, scalar(%$stash);
+ push @keys, $s;
+ debug "The hash collision attack has been successful"
+ if Internals::HvREHASH(%$stash);
+@@ -98,6 +99,14 @@
+ $s++;
+ }
+
++ # Now add more keys until we reach a power of 2, to force the number
++ # of buckets to be doubled (at which point the longest chain is checked).
++ $keys = scalar keys %$stash;
++ $bits = log($keys)/log(2);
++ my $limit = 2 ** ceil($bits);
++ debug "pad keys from $keys to $limit";
++ $stash->{$s++}++ while keys(%$stash) <= $limit;
++
+ # this verifies that the attack was mounted successfully. If
+ # HvREHASH is on it is. Otherwise the sequence wasn't successful.
+ die "Failed to mount the hash collision attack"
+@@ -108,6 +117,12 @@
+ return @keys;
+ }
+
++# least integer >= n
++sub ceil {
++ my $value = shift;
++ return int($value) < $value ? int($value) + 1 : int($value);
++}
++
+ # trying to provide the fastest equivalent of C macro's PERL_HASH in
+ # Perl - the main complication is that the C macro uses U32 integer
+ # (unsigned int), which we can't do it Perl (it can do I32, with 'use
diff --git a/debian/patches/series b/debian/patches/series
index 16a657c..cfc7eb1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ avoid-db-linkage.patch
220_fix-bad-whatis-entry.patch
250-lfs-perl-5.14.patch
260_fix_pipelined_response_deadlock.patch
+270_fix_hash_attack_test.patch
--
Debian packaging of libapache2-mod-perl2
More information about the Pkg-perl-cvs-commits
mailing list