Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
the workaround for the old hash collision attack, which breaks mod_perl's
t/perl/hash_attack.t. Patch from rt.cpan.org 83916 improves the fix
previously applied as revision 1455340.
On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
disappeared. Patch to update mod_perl accordingly from rt.cpan.org 83921.
Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
$Config{useithreads} rather than $Config{usethreads}, and supply definitions
of Newx and Newxz as necessary.
On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
warning is generated for the buffer being autovivified. This is because
the sv_setpvn() that's meant to vivify the buffer doesn't perform set
magic; the warning is generated by the immediately following SvPV_force().
Patch to fix this from rt.cpan.org 83922.
Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
keys). This resolves rt.perl.org 116863, from where the patch was taken.
use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
generate HTTP code 404 even if the requested filename contains newlines
Remove all uses of deprecated core perl symbols.
Add branch release tag to 'make tag' target
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
2.0.7 June 5, 2012
Fix breakage caused by removal of PL_uid et al from perl 5.16.0. Patch from
rt.cpan.org #77129. [Zefram]
2.0.6 April 24, 2012
Preserve 5.8 compatibility surrounding use of MUTABLE_CV [Adam Prime]
Move code after declarations to keep MSVC++ compiler happy. [Steve Hay]
Adopt modperl_pcw.c changes from httpd24 branch. [Torsten Foertsch]
Pool cleanup functions must not longjmp. Catch these exceptions and turn
them into warnings. [Torsten Foertsch]
Fix a race condition in our tipool management.
See http://www.gossamer-threads.com/lists/modperl/dev/104026
Patch submitted by: SalusaSecondus <salusa@nationstates.net>
Reviewed by: Torsten Foertsch
Ensure that MP_APXS is set when building on Win32 with MP_AP_PREFIX,
otherwise the bundled Reload and SizeLimit builds will fail to find a
properly configured Test environment.
[Steve Hay]
Fix a few REFCNT bugs.
Patch submitted by: Niko Tyni <ntyni@debian.org>
Reviewed by: Torsten Foertsch
Correct the initialization of the build config in ModPerl::MM. The global
variable was only being set once on loading the module, which was before
Apache2::BuildConfig.pm had been written, leading to cwd and MP_LIBNAME
being unset when writing the Reload and SizeLimit makefiles.
[Steve Hay]
Discover apr-2-config from Apache 2.4 onwards. [Gozer]
Apache 2.4 and onwards doesn't require linking the MPM module directly in
the httpd binary anymore. APXS lost the MPM_NAME query, so we can't assume
a given MPM anymore. Introduce a fake MPM 'dynamic' to represent this.
[Torsten Foertsch, Gozer]
Perl 5.14 brought a few changes in Perl_sv_dup() that made a threaded apache
segfault while cloning interpreters.
[Torsten Foertsch]
PerlIOApache_flush() and mpxs_Apache2__RequestRec_rflush() now no longer throw
exceptions when modperl_wbucket_flush() fails if the failure was just a reset
connection or an aborted connection. The failure is simply logged to the error
log instead. This should fix cases of httpd.exe crashing when users press the
Stop button in their web browsers.
[Steve Hay]
Fixed a few issues that came up with LWP 6.00:
- t/response/TestAPI/request_rec.pm assumes HTTP/1.0 but LWP 6 uses 1.1
- t/api/err_headers_out.t fails due to a bug somewhere in LWP 6
- t/filter/TestFilter/out_str_reverse.pm sends the wrong content-length header
[Torsten Foertsch]
Bugfix: Apache2::ServerUtil::get_server{description,banner,version} cannot
be declared as perl constants or they won't reflect added version components
if Apache2::ServerUtil is loaded before the PostConfig phase. Now, they
are ordinary perl functions. [Torsten Foertsch]
Check for the right ExtUtils::Embed version during build [Torsten Foertsch]
Take a lesson from rt.cpan.org #66085 and pass LD_LIBRARY_PATH if mod_env
is present. Should prevent test failures on some platforms.
[Fred Moyer]
* Prepare modperl for the upcoming perl 5.14
* Add lib/ModPerl/MethodLookup.pm to MANIFEST via lib/ModPerl/Manifest.pm
* PerlIOApache_write() now throws an APR::Error object, rather than just
a string error, if modperl_wbucket_write() fails.
* Authentication tests fail with LWP 5.815 and later
* Concise test won't perform unless StatusTerse is set to ON
* Look for a usable apxs in $ENV{PATH} if all other options fail, then prompt
the user for one.
* Work around bootstrap warnings when Apache2::BuildConfig has not been
created yet.
* Remove Apache::test compatibility (part of mod_perl 1.2.7), that code causes
build issues and is 4 versions out of date.
* Make sure perl is built either with multiplicity and ithreads or without both
* Support for "install_vendor" and "install_site" make targets
* Run tests on bundled pure perl Apache::* modules
* Implement a mini-preprocess language for map-files in xs/maps.
* Implement APR::Socket::fileno
* Export PROXYREQ_RESPONSE, a missing PROXYREQ_* constant
* Make sure standard file descriptors are preserved by the perl-script handler
* Fix the filter init handler attribute check in
modperl_filter_resolve_init_handler()
* Make sure buffer is a valid SV in modperl_filter_read()
* Move modperl_response_finish() out of modperl_response_handler_run in
mod_perl.c
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
This in turn makes the build of ap2-perl with apache22 fail.
The patches committed here make ap2-perl build again.
They may not be sufficient to actually use the package in earnest, though.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
2.0.4 April 16, 2008
Fix $r->location corruption under certain conditions
[Gozer]
Fix a crash when spawning Perl threads under Perl 5.10
[Gozer]
Fix erratic behaviour when filters were used with Perl 5.10
[Gozer]
Fix problems with redefinitions of perl_free as free and perl_malloc
as malloc on Win32, as described at
http://marc.info/?l=apache-modperl&m=119896407510526&w=2
[Tom Donovan]
Fix a crash when running a sub-request from within a filter where
mod_perl was not the content handler. [Gozer]
Refactor tests to use keepalives instead of same_interp [Gozer, Phred]
Apache2::Reload has been moved to an externally maintained
CPAN distribution [Fred Moyer <fred@redhotpenguin.com>]
PerlCleanupHandler are now registered with a subpool of $r->pool,
instead of $r->pool itself, ensuring they run _before_ any other
$r->pool cleanups [Torsten Foertsch]
Fix a bug that would prevent pnotes from being cleaned up properly
at the end of the request [Torsten Foertsch]
On Win32, embed the manifest file, if present, in mod_perl.so,
so as to work with VC 8 [Steve Hay, Randy Kobes]
Expose apr_thread_rwlock_t with the APR::ThreadRWLock module
[Torsten Foertsch]
Don't waste an extra interpreter anymore under threaded MPMs when using a
modperl handler [Torsten Foertsch]
Fix a bug that could cause a crash when using $r->push_handlers() multiple
times for a phase that has no configured handlers [Torsten Foertsch]
Catch up with some httpd API changes
2.2.4:
The full server version information is now included in the error log at
startup as well as server status reports, irrespective of the setting
of the ServerTokens directive. ap_get_server_version() is now
deprecated, and is replaced by ap_get_server_banner() and
ap_get_server_description(). [Jeff Trawick]
2.3.0:
ap_get_server_version() has been removed. Third-party modules must
now use ap_get_server_banner() or ap_get_server_description().
[Gozer]
fixed Apache2::compat Apache2::ServerUtil::server_root() resolution
issues [Joshua Hoblitt]
*) SECURITY: CVE-2007-1349 (cve.mitre.org)
fix unescaped variable interprolation in regular expression
[Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer <fred@redhotpenguin.com>]
Make $r->the_request() writeable
[Fred Moyer <fred@redhotpenguin.com>]
fix ModPerl::RegistryCooker::read_script to handle all possible
errors, previously there was a case where Apache2::Const::OK was
returned on an error. [Eivind Eklund <eeklund@gmail.com>]
a minor compilation warning resolved in modperl_handler_new_from_sv
[Stas]
a minor compilation warning resolved in modperl_gtop_size_string
[Stas]
Prevent direct use of _deprecated_ Apache2::ReadConfig in
<Perl> sections with httpd Alias directives from
incorrectly generating
'The Alias directive in xxxxx at line y will probably never match'
messages.
[Philip M. Gollucci <pgollucci@p6m78g.com>]
Prevent Apache2::PerSections::symdump() from returning invalid
httpd.conf snippets like 'Alias undef'
[Philip M. Gollucci <pgollucci@p6m78g.com>]
Require B-Size 0.9 for Apache2::Status which fixes
Can't call method "script_name" on an undefined value
[Philip M. Gollucci <pgollucci@p6m78g.com>]
-march=pentium4 or anything with an = in it in CCFLAGS or @ARGV
that gets passed to xs/APR/APR/Makefile.PL broke the @ARGV
parsing. I.E. FreeBSD port builds when users had CPUTYPE
set in /etc/make.conf.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
Fixes to get bleed-ithread (5.9.5+) to comile again.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
Allow apache22 in some more case and add a hack to devel/subversion
to determine the module by the state of the apache22 option.
This comes from www/ap2-subversion and should be fixed to properly
use build options or so.
OK agc@
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.