[SCM] Debian packaging of libapache2-mod-perl2 branch, master, updated. debian/2.0.8-1

Fri May 17 14:52:25 UTC 2013

The following commit has been merged in the master branch:
commit 0e246cb1fa2f97dd1938565d9529e09363353487
Author: Damyan Ivanov <dmn at debian.org>
Date:   Fri May 17 16:31:21 2013 +0300

    drop 270_fix_hash_attack_test.patch since the problem is fixed upstream

diff --git a/debian/patches/270_fix_hash_attack_test.patch b/debian/patches/270_fix_hash_attack_test.patch
deleted file mode 100644
index 1f2d88e..0000000
--- a/debian/patches/270_fix_hash_attack_test.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-Subject: Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc
-
-Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
-contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
-keys). This resolves rt.perl.org #116863, from where the patch by Hugo
-van der Sanden was taken (with a minor edit in a comment by the committer).
-
-Tested by the committer on Windows 7 x64 with VC++ 2010 using Perls 5.14.3,
-5.14.4, 5.16.2 and 5.16.3-RC1, all against Apache 2.2.22.
-
-Bug-Debian: http://bugs.debian.org/702821
-Origin: http://svn.apache.org/viewvc?view=revision&revision=1455340
-
---- a/t/response/TestPerl/hash_attack.pm	(revision 1451907)
-+++ b/t/response/TestPerl/hash_attack.pm	(working copy)
-@@ -5,10 +5,11 @@
- # and fixup handlers in this test). Moreover it must not fail to find
- # that entry on the subsequent requests.
- #
--# the hash attack is detected when HV_MAX_LENGTH_BEFORE_SPLIT keys
--# find themselves in the same hash bucket, in which case starting from
--# 5.8.2 the hash will rehash all its keys using a random hash seed
--# (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
-+# the hash attack is detected when HV_MAX_LENGTH_BEFORE_REHASH keys find
-+# themselves in the same hash bucket on splitting (which happens when the
-+# number of keys crosses the threshold of a power of 2), in which case
-+# starting from 5.8.2 the hash will rehash all its keys using a random hash
-+# seed (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
- # variable)
- #
- # Prior to the attack condition hashes use the PL_hash_seed, which is
-@@ -29,7 +30,7 @@
- 
- use constant MASK_U32  => 2**32;
- use constant HASH_SEED => 0; # 5.8.2: always zero before the rehashing
--use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_SPLIT
-+use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_REHASH
- use constant START     => "a";
- 
- # create conditions which will trigger a rehash on the current stash
-@@ -74,9 +75,9 @@
-     my $bits = $keys ? log($keys)/log(2) : 0;
-     $bits = $min_bits if $min_bits > $bits;
- 
--    $bits = int($bits) < $bits ? int($bits) + 1 : int($bits);
--    # need to add 2 bits to cover the internal split cases
--    $bits += 2;
-+    $bits = ceil($bits);
-+    # need to add 3 bits to cover the internal split cases
-+    $bits += 3;
-     my $mask = 2**$bits-1;
-     debug "mask: $mask ($bits)";
- 
-@@ -90,7 +91,7 @@
-         next unless ($h & $mask) == 0;
-         $c++;
-         $stash->{$s}++;
--        debug sprintf "%2d: %5s, %10s, %s", $c, $s, $h, scalar(%$stash);
-+        debug sprintf "%2d: %5s, %08x %s", $c, $s, $h, scalar(%$stash);
-         push @keys, $s;
-         debug "The hash collision attack has been successful"
-             if Internals::HvREHASH(%$stash);
-@@ -98,6 +99,14 @@
-         $s++;
-     }
- 
-+    # Now add more keys until we reach a power of 2, to force the number
-+    # of buckets to be doubled (at which point the longest chain is checked).
-+    $keys = scalar keys %$stash;
-+    $bits = log($keys)/log(2);
-+    my $limit = 2 ** ceil($bits);
-+    debug "pad keys from $keys to $limit";
-+    $stash->{$s++}++ while keys(%$stash) <= $limit;
-+
-     # this verifies that the attack was mounted successfully. If
-     # HvREHASH is on it is. Otherwise the sequence wasn't successful.
-     die "Failed to mount the hash collision attack"
-@@ -108,6 +117,12 @@
-     return @keys;
- }
- 
-+# least integer >= n
-+sub ceil {
-+    my $value = shift;
-+    return int($value) < $value ? int($value) + 1 : int($value);
-+}
-+
- # trying to provide the fastest equivalent of C macro's PERL_HASH in
- # Perl - the main complication is that the C macro uses U32 integer
- # (unsigned int), which we can't do it Perl (it can do I32, with 'use
diff --git a/debian/patches/series b/debian/patches/series
index cfc7eb1..16a657c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,4 +11,3 @@ avoid-db-linkage.patch
 220_fix-bad-whatis-entry.patch
 250-lfs-perl-5.14.patch
 260_fix_pipelined_response_deadlock.patch
-270_fix_hash_attack_test.patch

-- 
Debian packaging of libapache2-mod-perl2

