Hello community, here is the log from the commit of package apache2-mod_perl for openSUSE:Factory checked in at 2013-06-28 11:46:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2-mod_perl (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_perl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_perl" Changes: -------- --- /work/SRC/openSUSE:Factory/apache2-mod_perl/apache2-mod_perl.changes 2013-04-08 14:25:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_perl.new/apache2-mod_perl.changes 2013-06-28 11:46:50.000000000 +0200 @@ -1,0 +2,36 @@ +Tue Jun 25 08:53:37 UTC 2013 - co...@suse.com + +- update to version 2.0.8 (http24 branch as used by debian): + + Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke + the workaround for the old hash collision attack, which breaks mod_perl's + t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix + previously applied as revision 1455340. [Zefram] + + On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has + disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921. + [Zefram] + + Restore build with Perl 5.8.1, 5.8.2 etc: take care to use + $Config{useithreads} rather than $Config{usethreads}, and supply definitions + of Newx and Newxz as necessary. [Steve Hay] + + On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value" + warning is generated for the buffer being autovivified. This is because + the sv_setpvn() that's meant to vivify the buffer doesn't perform set + magic; the warning is generated by the immediately following SvPV_force(). + Patch to fix this from rt.cpan.org #83922. [Zefram] + + Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which + contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash + keys). This resolves rt.perl.org #116863, from where the patch was taken. + [Hugo van der Sanden] + + use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to + generate HTTP code 404 even if the requested filename contains newlines + [Torsten] +- disable patch lfs-perl-5.14.patch as it no longer applies, but + I can't find out if it's still need for ppc64 or if upstream's + changes are good enough + +------------------------------------------------------------------- Old: ---- mod_perl-2.0.7+svn1448242.tar.gz New: ---- libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2-mod_perl.spec ++++++ --- /var/tmp/diff_new_pack.ozAKxC/_old 2013-06-28 11:46:51.000000000 +0200 +++ /var/tmp/diff_new_pack.ozAKxC/_new 2013-06-28 11:46:51.000000000 +0200 @@ -52,15 +52,12 @@ Url: http://perl.apache.org/ Obsoletes: mod_perl_2 Conflicts: mod_perl -Version: 2.0.7+svn1448242 +Version: 2.0.8 Release: 0 -Source0: http://perl.apache.org/dist/mod_perl-%{version}.tar.gz +Source0: http://ftp.de.debian.org/debian/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz Patch: %{name}-2.0.4-tests.diff +# PATCH-NEEDS-REBASE Patch1: lfs-perl-5.14.patch -#%define apache_test_version 1_99_15 -# cvs -d :pserver:anon...@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version} -#Source1: Apache-Test-%{apache_test_version}.tar.bz2 -#Url: http://perl.apache.org/ Icon: mod_perl.xpm BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -115,8 +112,8 @@ %prep #%setup -q -n modperl-2.0 -a 1 -%setup -q -n mod_perl-%{version} -%patch1 -p1 +%setup -q -n httpd24 +#%patch1 -p1 find -name ".svn" -type d | xargs rm -rfv %build -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org