Bug#864316: libapache2-mod-perl: FTBFS in jessie due to apache2 changes
Niko Tyni
ntyni at debian.org
Tue Jun 6 20:06:05 UTC 2017
Package: libapache2-mod-perl2
Version: 2.0.9~1624218-2+deb8u1
Severity: serious
As per
http://perl.debian.net/rebuild-logs/jessie/libapache2-mod-perl2_2.0.9~1624218-2+deb8u1/libapache2-mod-perl2_2.0.9~1624218-2+deb8u1_amd64-2017-06-05T19:42:17Z.build
this package currently fails to build in jessie.
Test Summary Report
-------------------
t/apache/read.t (Wstat: 0 Tests: 1 Failed: 1)
Failed test: 1
t/filter/in_bbs_inject_header.t (Wstat: 512 Tests: 0 Failed: 0)
Non-zero exit status: 2
Parse errors: Bad plan. You planned 36 tests but ran 0.
This is very similar to #849082 and was most probably caused by
apache2 (2.4.10-10+deb8u8) jessie-security; urgency=medium
.
* CVE-2016-8743: Enforce more HTTP conformance for request lines and
request headers, to prevent response splitting and cache pollution
by malicious clients or downstream proxies.
If this causes problems with non-conforming clients, some checks can
be relaxed by adding the new directive 'HttpProtocolOptions unsafe'
to the configuration.
Differently than the upstream 2.4.25 release which will also be in the
Debian 9 (stretch) release, this update for Debian 8 (jessie) accepts
underscores in host and domain names even while 'HttpProtocolOptions
strict' is in effect.
More information is available at
http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions
so 370_http_syntax.patch and 380_inject_header_line_terminators.patch
from stretch/sid should help (untested).
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list