Hi!

Peter Samuelson schrieb:
> [Friedrich Delgado]
> > The problem is that the order of matches is non-deterministic since
> > this monday for me (I can't see a relevant updated package, but it
> > used to work before).
> I'm guessing this is the fault of apr 1.4.6, which randomizes hash
> table ordering for security reasons.  (Some hash tables are populated
> by data controlled by untrusted users, and if the hash algorithm is
> deterministic, they can unbalance it to the point of DOSing the
> application.)
> 
> That is just an educated guess, I haven't investigated yet.

In fact, I see that the following packages have been updated on Friday
13th April:

[UPGRADE] libapr1 1.4.5-1.1 -> 1.4.6-1
[UPGRADE] libapr1-dev 1.4.5-1.1 -> 1.4.6-1

I wasn't aware of what libapr is and how it's relevant to the issue,
so I didn't notice it at first.

> I agree with you that it seems like a useful feature to define some
> sort of ordering, whether it be from the file, or longest match.  I'll
> bring it up with upstream and see what people think.

Thanks + Kind regards
Friedel
-- 
        Friedrich Delgado <frie...@nomaden.org>
                             TauPan on Ircnet and Freenode ;)

Attachment: pgpbdlKIZen1O.pgp
Description: PGP signature

Reply via email to