--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2-modules/mod_perl/patches/hattack_synthesis.patch Thu Mar 19 06:58:47 2015 -0700
@@ -0,0 +1,107 @@
+Patch origin: upstream
+Patch status: will be part of next version
+
+Synthesis of:
+http://svn.apache.org/viewvc?view=revision&revision=1455340
+http://svn.apache.org/viewvc?view=revision&revision=1457619
+
+See also:
+https://rt.cpan.org/Public/Bug/Display.html?id=83916
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702821
+
+--- a/t/response/TestPerl/hash_attack.pm 2013-03-15 13:35:14.000000000 +0000
++++ b/t/response/TestPerl/hash_attack.pm 2013-03-15 13:38:29.000000000 +0000
+@@ -5,10 +5,11 @@
+ # and fixup handlers in this test). Moreover it must not fail to find
+ # that entry on the subsequent requests.
+ #
+-# the hash attack is detected when HV_MAX_LENGTH_BEFORE_SPLIT keys
+-# find themselves in the same hash bucket, in which case starting from
+-# 5.8.2 the hash will rehash all its keys using a random hash seed
+-# (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
++# the hash attack is detected when HV_MAX_LENGTH_BEFORE_REHASH keys find
++# themselves in the same hash bucket on splitting (which happens when the
++# number of keys crosses the threshold of a power of 2), in which case
++# starting from 5.8.2 the hash will rehash all its keys using a random hash
++# seed (PL_new_hash_seed, set in mod_perl or via PERL_HASH_SEED environment
+ # variable)
+ #
+ # Prior to the attack condition hashes use the PL_hash_seed, which is
+@@ -29,7 +30,7 @@
+
+ use constant MASK_U32 => 2**32;
+ use constant HASH_SEED => 0; # 5.8.2: always zero before the rehashing
+-use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_SPLIT
++use constant THRESHOLD => 14; #define HV_MAX_LENGTH_BEFORE_(SPLIT|REHASH)
+ use constant START => "a";
+
+ # create conditions which will trigger a rehash on the current stash
+@@ -57,6 +58,8 @@
+ return Apache2::Const::OK;
+ }
+
++sub buckets { scalar(%{$_[0]}) =~ m#/([0-9]+)\z# ? 0+$1 : 8 }
++
+ sub attack {
+ my $stash = shift;
+
+@@ -74,9 +77,9 @@
+ my $bits = $keys ? log($keys)/log(2) : 0;
+ $bits = $min_bits if $min_bits > $bits;
+
+- $bits = int($bits) < $bits ? int($bits) + 1 : int($bits);
+- # need to add 2 bits to cover the internal split cases
+- $bits += 2;
++ $bits = ceil($bits);
++ # need to add 3 bits to cover the internal split cases
++ $bits += 3;
+ my $mask = 2**$bits-1;
+ debug "mask: $mask ($bits)";
+
+@@ -90,7 +93,7 @@
+ next unless ($h & $mask) == 0;
+ $c++;
+ $stash->{$s}++;
+- debug sprintf "%2d: %5s, %10s, %s", $c, $s, $h, scalar(%$stash);
++ debug sprintf "%2d: %5s, %08x %s", $c, $s, $h, scalar(%$stash);
+ push @keys, $s;
+ debug "The hash collision attack has been successful"
+ if Internals::HvREHASH(%$stash);
+@@ -98,6 +101,24 @@
+ $s++;
+ }
+
++ # If the rehash hasn't been triggered yet, it's being delayed until the
++ # next bucket split. Add keys until a split occurs.
++ unless (Internals::HvREHASH(%$stash)) {
++ debug "Will add padding keys until hash split";
++ my $old_buckets = buckets($stash);
++ while (buckets($stash) == $old_buckets) {
++ next if exists $stash->{$s};
++ $h = hash($s);
++ $c++;
++ $stash->{$s}++;
++ debug sprintf "%2d: %5s, %08x %s", $c, $s, $h, scalar(%$stash);
++ push @keys, $s;
++ debug "The hash collision attack has been successful"
++ if Internals::HvREHASH(%$stash);
++ $s++;
++ }
++ }
++
+ # this verifies that the attack was mounted successfully. If
+ # HvREHASH is on it is. Otherwise the sequence wasn't successful.
+ die "Failed to mount the hash collision attack"
+@@ -108,6 +129,12 @@
+ return @keys;
+ }
+
++# least integer >= n
++sub ceil {
++ my $value = shift;
++ return int($value) < $value ? int($value) + 1 : int($value);
++}
++
+ # trying to provide the fastest equivalent of C macro's PERL_HASH in
+ # Perl - the main complication is that the C macro uses U32 integer
+ # (unsigned int), which we can't do it Perl (it can do I32, with 'use