A release candidate for mod_perl 2.0.8 is now available! Please
download, test, and report back.
http://people.apache.org/~phred/mod_perl-2.0.8-rc1.tar.gz
MD5 (mod_perl-2.0.8-rc1.tar.gz) = ed056c6910914f5ecc2ac8171082a264
=item 2.0.8-rc1
Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
the workaround for the old hash collision attack, which breaks mod_perl's
t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
previously applied as revision 1455340. [Zefram]
On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
[Zefram]
Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
$Config{useithreads} rather than $Config{usethreads}, and supply definitions
of Newx and Newxz as necessary. [Steve Hay]
On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
warning is generated for the buffer being autovivified. This is because
the sv_setpvn() that's meant to vivify the buffer doesn't perform set
magic; the warning is generated by the immediately following SvPV_force().
Patch to fix this from rt.cpan.org #83922. [Zefram]
Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
keys). This resolves rt.perl.org #116863, from where the patch was taken.
[Hugo van der Sanden]
use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
generate HTTP code 404 even if the requested filename contains newlines
[Torsten]
Remove all uses of deprecated core perl symbols. [Steve Hay]
Add branch release tag to 'make tag' target. [Phred]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
download, test, and report back.
http://people.apache.org/~phred/mod_perl-2.0.8-rc1.tar.gz
MD5 (mod_perl-2.0.8-rc1.tar.gz) = ed056c6910914f5ecc2ac8171082a264
=item 2.0.8-rc1
Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
the workaround for the old hash collision attack, which breaks mod_perl's
t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
previously applied as revision 1455340. [Zefram]
On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
[Zefram]
Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
$Config{useithreads} rather than $Config{usethreads}, and supply definitions
of Newx and Newxz as necessary. [Steve Hay]
On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
warning is generated for the buffer being autovivified. This is because
the sv_setpvn() that's meant to vivify the buffer doesn't perform set
magic; the warning is generated by the immediately following SvPV_force().
Patch to fix this from rt.cpan.org #83922. [Zefram]
Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
keys). This resolves rt.perl.org #116863, from where the patch was taken.
[Hugo van der Sanden]
use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
generate HTTP code 404 even if the requested filename contains newlines
[Torsten]
Remove all uses of deprecated core perl symbols. [Steve Hay]
Add branch release tag to 'make tag' target. [Phred]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org