Your message dated Sat, 23 Dec 2006 17:32:07 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#384622: fixed in libapache2-mod-perl2 2.0.2-2.3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libmime-lite-perl Version: 3.01-7 Severity: grave The Debian libmime-lite-perl package contains the following workaround for MIME::Lite programming errors: ######################################## --- libmime-lite-perl-3.01.orig/lib/MIME/Lite.pm +++ libmime-lite-perl-3.01/lib/MIME/Lite.pm @@ -334,7 +334,10 @@ $VERSION ); +# Don't affect the environment for any invoking script +local %ENV = %ENV; +$ENV{PATH} = '/bin:/usr/bin'; ######################################## This leads to segfaults of apache2 if used under mod_perl2. It effectively deletes %ENV, so that script which uses MIME::Lite works well if called for the first time, but dies at the second call (under mod_perl, scripts stay in memory). A sample apache2 backtrace: #0 0x405c1fb4 in modperl_env_request_tie () from /usr/lib/apache2/modules/mod_perl.so #1 0x405b3629 in modperl_response_handler_cgi () from /usr/lib/apache2/modules/mod_perl.so #2 0x08078375 in ap_run_handler () #3 0x08078980 in ap_invoke_handler () #4 0x08069c6a in ap_process_request () #5 0x0806512d in _start () #6 0x093ccd58 in ?? () #7 0x00000004 in ?? () #8 0x093ccd58 in ?? () #9 0x405cc210 in modperl_process_connection_handler () from /usr/lib/apache2/modules/mod_perl.so #10 0x080835c5 in ap_run_process_connection () #11 0x08076974 in ap_graceful_stop_signalled () #12 0x08076b8b in ap_graceful_stop_signalled () #13 0x08076be8 in ap_graceful_stop_signalled () #14 0x0807745a in ap_mpm_run () #15 0x0807da8d in main () Please fix this. A sarge fix would be nice too. This can be used for local DOS attacks on mod_perl2 servers. Best regards, Martin Gruner
--- End Message ---
--- Begin Message ---Source: libapache2-mod-perl2 Source-Version: 2.0.2-2.3 We believe that the bug you reported is fixed in the latest version of libapache2-mod-perl2, which is due to be installed in the Debian FTP archive: libapache2-mod-perl2-dev_2.0.2-2.3_amd64.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2.3_amd64.deb libapache2-mod-perl2-doc_2.0.2-2.3_amd64.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2.3_amd64.deb libapache2-mod-perl2_2.0.2-2.3.diff.gz to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3.diff.gz libapache2-mod-perl2_2.0.2-2.3.dsc to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3.dsc libapache2-mod-perl2_2.0.2-2.3_amd64.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Barth <[EMAIL PROTECTED]> (supplier of updated libapache2-mod-perl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 23 Dec 2006 17:10:47 +0000 Source: libapache2-mod-perl2 Binary: libapache2-mod-perl2 libapache2-mod-perl2-doc libapache2-mod-perl2-dev Architecture: source amd64 Version: 2.0.2-2.3 Distribution: unstable Urgency: high Maintainer: Thom May <[EMAIL PROTECTED]> Changed-By: Andreas Barth <[EMAIL PROTECTED]> Description: libapache2-mod-perl2 - Integration of perl with the Apache2 web server libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - development fil libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - documentation Closes: 384622 404051 Changes: libapache2-mod-perl2 (2.0.2-2.3) unstable; urgency=high . * Non-maintainer upload. Thanks to Kjetil Kjernsmo for noticing the issues. * Fix segfault if localizing %ENV. Closes: #384622 Using patch from http://svn.apache.org/viewvc/perl/modperl/trunk/src/modules/perl/modperl_env.c?r1=158000&r2=357236&pathrev=357236 * Fix typo in Apache2::SizeLimit that could cause crash. Closes: #404051 Files: a01e46795d7754eea553cf940d5b230e 970 web optional libapache2-mod-perl2_2.0.2-2.3.dsc 8be7df6ffff5df84719ff36b92b29959 9600 web optional libapache2-mod-perl2_2.0.2-2.3.diff.gz f177da73a3c63d1237a38cd4d4425bf9 1113436 web optional libapache2-mod-perl2_2.0.2-2.3_amd64.deb fa738a3bc686ff2176d685b5cb89a8ec 77158 web optional libapache2-mod-perl2-dev_2.0.2-2.3_amd64.deb e2efeaa656c00f326f1e90c738b01ebd 3113298 web optional libapache2-mod-perl2-doc_2.0.2-2.3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFjWXKmdOZoew2oYURAsrAAKDBO28F/sZmNCbUyb4o/SH7T8e2FwCdH6rp GHBEYOMbvZv7pbY6BRKlUG0= =QVn9 -----END PGP SIGNATURE-----
--- End Message ---
