perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niko Tyni <ntyni+modp...@mappi.helsinki.fi>
Subject Re: perl/hash_attack.t fails with 5.10.1 + CVE-2013-1667 fix
Date Wed, 13 Mar 2013 20:24:36 GMT
On Wed, Mar 13, 2013 at 09:13:15AM -0000, Steve Hay wrote:
> Dominic Hargreaves wrote on 2013-03-12:

> > When trying to fix this issue in Debian stable, I found that the patch
> at
> > 
> > http://svn.apache.org/viewvc?view=revision&revision=1455340
> > 
> > does not stop the test failing when applied to 2.0.4 (as currently
> > found in Debian stable) and built against the current perl package in
> > Debian stable (5.10 + the rehashing fix). 

> I haven't looked at the Debian package, or tried anything with
> mod_perl-2.0.4, but I've just checked out origin/maint-5.10 from the
> Perl git repo (in fact, I took the snapshot at
> http://perl5.git.perl.org/perl.git/snapshot/f14269908e5f8b4cab4b55643d7d
> d9de577e7918.tar.gz) and tried that with Apache 2.2.22 and mod_perl from
> trunk and the tests all pass for me... (This is on Windows 7 x64 with
> VC++ 2010.)

Thanks for checking.

FWIW, I can reproduce the failure with the Debian perl 5.10.1 package and
mod_perl2 2.0.7 with just the above test fix. So it doesn't seem to be
a Debian change that breaks it. Maybe -Dusethreads or something like that.

I'll keep looking and send an update when I know more.
-- 
Niko Tyni   ntyni@debian.org

Mime
View raw message