[SCM] Debian packaging of libapache2-mod-perl2 branch, master, updated. debian/2.0.8-1
Damyan Ivanov
dmn at debian.org
Fri May 17 14:52:25 UTC 2013
The following commit has been merged in the master branch:
commit 0e246cb1fa2f97dd1938565d9529e09363353487
Author: Damyan Ivanov <dmn at debian.org>
Date: Fri May 17 16:31:21 2013 +0300
drop 270_fix_hash_attack_test.patch since the problem is fixed upstream
diff --git a/debian/patches/270_fix_hash_attack_test.patch b/debian/patches/270_fix_hash_attack_test.patch
deleted file mode 100644
index 1f2d88e..0000000
--- a/debian/patches/270_fix_hash_attack_test.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-Subject: Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc
-
-Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
-contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
-keys). This resolves rt.perl.org #116863, from where the patch by Hugo
-van der Sanden was taken (with a minor edit in a comment by the committer).
-
-Tested by the committer on Windows 7 x64 with VC++ 2010 using Perls 5.14.3,
-5.14.4, 5.16.2 and 5.16.3-RC1, all against Apache 2.2.22.
-
-Bug-Debian: http://bugs.debian.org/702821
-Origin: http://svn.apache.org/viewvc?view=revision&revision=1455340
-
---- a/t/response/TestPerl/hash_attack.pm (revision 1451907)
-+++ b/t/response/TestPerl/hash_attack.pm (working copy)
-@@ -5,10 +5,11 @@
- # and fixup handlers in this test). Moreover it must not fail to find
- # that entry on the subsequent requests.
- #
--# the hash attack is detected when HV_MAX_LENGTH_BEFORE_SPLIT keys
--# find themselves in the same hash bucket, in which case starting from
--# 5.8.2 the hash will rehash all its keys using a random hash seed
--# (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
-+# the hash attack is detected when HV_MAX_LENGTH_BEFORE_REHASH keys find
-+# themselves in the same hash bucket on splitting (which happens when the
-+# number of keys crosses the threshold of a power of 2), in which case
-+# starting from 5.8.2 the hash will rehash all its keys using a random hash
-+# seed (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
- # variable)
- #
- # Prior to the attack condition hashes use the PL_hash_seed, which is
-@@ -29,7 +30,7 @@
-
- use constant MASK_U32 => 2**32;
- use constant HASH_SEED => 0; # 5.8.2: always zero before the rehashing
--use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_SPLIT
-+use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_REHASH
- use constant START => "a";
-
- # create conditions which will trigger a rehash on the current stash
-@@ -74,9 +75,9 @@
- my $bits = $keys ? log($keys)/log(2) : 0;
- $bits = $min_bits if $min_bits > $bits;
-
-- $bits = int($bits) < $bits ? int($bits) + 1 : int($bits);
-- # need to add 2 bits to cover the internal split cases
-- $bits += 2;
-+ $bits = ceil($bits);
-+ # need to add 3 bits to cover the internal split cases
-+ $bits += 3;
- my $mask = 2**$bits-1;
- debug "mask: $mask ($bits)";
-
-@@ -90,7 +91,7 @@
- next unless ($h & $mask) == 0;
- $c++;
- $stash->{$s}++;
-- debug sprintf "%2d: %5s, %10s, %s", $c, $s, $h, scalar(%$stash);
-+ debug sprintf "%2d: %5s, %08x %s", $c, $s, $h, scalar(%$stash);
- push @keys, $s;
- debug "The hash collision attack has been successful"
- if Internals::HvREHASH(%$stash);
-@@ -98,6 +99,14 @@
- $s++;
- }
-
-+ # Now add more keys until we reach a power of 2, to force the number
-+ # of buckets to be doubled (at which point the longest chain is checked).
-+ $keys = scalar keys %$stash;
-+ $bits = log($keys)/log(2);
-+ my $limit = 2 ** ceil($bits);
-+ debug "pad keys from $keys to $limit";
-+ $stash->{$s++}++ while keys(%$stash) <= $limit;
-+
- # this verifies that the attack was mounted successfully. If
- # HvREHASH is on it is. Otherwise the sequence wasn't successful.
- die "Failed to mount the hash collision attack"
-@@ -108,6 +117,12 @@
- return @keys;
- }
-
-+# least integer >= n
-+sub ceil {
-+ my $value = shift;
-+ return int($value) < $value ? int($value) + 1 : int($value);
-+}
-+
- # trying to provide the fastest equivalent of C macro's PERL_HASH in
- # Perl - the main complication is that the C macro uses U32 integer
- # (unsigned int), which we can't do it Perl (it can do I32, with 'use
diff --git a/debian/patches/series b/debian/patches/series
index cfc7eb1..16a657c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,4 +11,3 @@ avoid-db-linkage.patch
220_fix-bad-whatis-entry.patch
250-lfs-perl-5.14.patch
260_fix_pipelined_response_deadlock.patch
-270_fix_hash_attack_test.patch
--
Debian packaging of libapache2-mod-perl2
More information about the Pkg-perl-cvs-commits
mailing list