Up to [cvs.NetBSD.org] / pkgsrc / devel / apr-util
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for icu 76 shlib major version bump
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
revbump after icu and protobuf updates
*: recursive bump for icu 74.1
*: bump for openssl 3
revbump after textproc/icu update
apr-util: update to 1.6.3. Changes with APR-util 1.6.3 *) Correct a packaging issue in 1.6.2. The contents of the release were correct, but the top level directory was misnamed.
apr-util: update to 1.6.2. Changes with APR-util 1.6.2 *) Teach configure how to find and build against MariaDB 10.2. PR 61517 [Kris Karas <bugs-a17 moonlit-rail.com>] *) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that prevented commoncrypto being enabled. [Graham Leggett] *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] *) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work. apr_dbm_gdbm will now also return error codes starting with APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always returning APR_EGENERAL. [Stefan Fritsch]
massive revision bump after textproc/icu update
revbump for textproc/icu update
apr-util: Disable memset_s on SunOS. The configure test correctly defines __STDC_WANT_LIB_EXT1__=1 as is required when using the _s set of functions, so memset_s is found, but then the actual source code does not, so you're left with undefined references. Disabling completely is simpler than having to rearrange everything else to work, and will fall back to portable features.
revbump for icu and libffi
Revbump for MySQL default change
revbump for textproc/icu
*: Recursive revbump from textproc/icu-68.1
Revbump for icu
Recursive revision bump after textproc/icu update
all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU.
*: Recursive revision bump for openssl 1.1.1.
Recursive revbump from textproc/icu
revbump after updating textproc/icu
Recursive revbump from textproc/icu-62.1
revbump after icu update
Revbump after textproc/icu update
Update to 1.6.1 Changelog: Changes with APR-util 1.6.1 *) Win32: Add function exports from new apr_crypto API's missing in 1.6.0. *) Win32: Introduce XML_PARSER build-time variable to select the expat library name to be linked to libaprutil-1.dll. See Makefile.win *) Win32: Removed lingering xml/xml.dsp project forked from the expat Project in the 1.9x era. Use expat's maintained build schema instead, prior to building apr-util. *) apr_crypto: Fix compatibility with LibreSSL. 61596. [Bernard Spil <brnrd freebsd.org>, Yann Ylavic] *) sdbm: better database/page validation to fail cleanly when corrupted. [Yann Ylavic]
revbump for requiring ICU 59.x
Updated apr-util to 1.6.0. Changes with APR-util 1.6.0 *) Mark apr_dbd_freetds as unsupported, and remove it from all builds [Nick Kew] *) Update MySQL build to stop using libmysqlclient_r. [Petr Sumbera <petr.sumbera oracle.com>] *) apr_buckets: Add apr_bucket_file_set_buf_size() which allows to configure the size of the buffer used to read files. [Yann Ylavic] *) apr_crypto: avoid excessive iteration in bcrypt hash. [Hanno Böck <hanno hboeck.de>] *) apr_siphash: Implement keyed hash function SipHash. [Yann Ylavic] *) apr_crypto: Add apr_crypto_key() function which supports keys generated from a passphrase or a raw secret provided by the caller. Deprecate apr_crypto_passphrase(). [Graham Leggett] *) apr_crypto_nss: Ensure the SECItem returned by PK11_ParamFromIV is properly freed. [Graham Leggett] *) apr_crypto: Don't cache the driver if initialisation fails. This stops the second and subsequent attempt to use the API from failing claiming the library is not initialised. [Graham Leggett] *) apr_crypto: Add a native CommonCrypto implementation for iOS and OSX where OpenSSL has been deprecated. [Graham Leggett] *) apr_xml_to_text: Add style APR_XML_X2T_PARSED to maintain a consistent namespace prefix. [Jari Urpalainen <jari.urpalainen nokia.com>]
Revbump after icu update
Recursive revbump from textproc/icu 58.1
Recursive bump for all users of pgsql now that the default is 95.
Recursive revbump from textproc/icu 57.1
Bump PKGREVISION for security/openssl ABI bump.
Recursive revbump from textproc/icu
Revbump after updating textproc/icu
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
Revbump after updating libwebp and icu
Changes 1.5.4: *) MySQL driver: Fix incorrect handling of bad parameter in the driver support for apr_dbd_transaction_end(). *) apr_crypto_get_driver(): Fix invalid storage reference on error path. *) Fix compile failure for Android. *) Fix to let ODBC driver build with MSVC6, which does not have intptr_t *) Windows cmake build: Fix incompatiblities with Visual Studio generators with all cmake versions, and the NMake Makefile generator with cmake 2.8.12 and later. *) Fix detection of Berkeley DB 6.0. *) Improve platform detection for bundled expat by updating config.guess and config.sub.
recursive bump from icu shlib major bump.
Recursive PKGREVISION bump for OpenSSL API version bump.
Restore patch-aa, 2nd hunk is still required, especially expat is in ${X11BASE} and ${X11BASE}/lib is not in default rpath. Bump PKGREVISION.
Update to 1.5.3 Changelog: Changes with APR-util 1.5.3 *) Cygwin: Use correct file extension when loading APR DSOs. Bug 55587. [Carlo Bramini <carlo.bramix libero.it>] *) Add experimental cmake-based build system for Windows. Refer to README.cmake for more information. [Jeff Trawick, Tom Donovan] *) Fix warnings in odbc driver on 64bit systems. Bug 55197 [Tom Donovan] *) Add support to apr_memcache for unix domain sockets. Bug 54573 [Remi Gacogne <rgacogne+asf aquaray.com>] *) Add support for Berkeley DB 6.0. [Rainer Jung] *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung]
Revbump after updating textproc/icu
Update to 1.5.2: Changes with APR-util 1.5.2 *) Windows: Add command line makefiles. [Gregg Smith] *) apr_uri_parse(): Do not accept invalid characters in the scheme. Per RFC 3986 3.3, enforce that the first segment of a relative path does not contain a colon. PR 52479. [Stefan Fritsch] *) Fix memory leak in hook sorting function. PR 51256. [<horowity checkpoint com>] *) Speedup md5 calculation by avoiding some copying on little endian architectures. PR 49011. [Stefan Fritsch, Stefan Fuhrmann <stefanfuhrmann alice-dsl de>] *) Use heap memory for crypt in apr_password_validate(), to reduce stack usage. PR 54572. [Stefan Fritsch] *) Fix password validation failure for all crypt and crypt_r based algorithms. PR 54603. [Harvey Eneman <harvey.eneman oracle.com>] *) Fix syntax error in crypto/apr_passwd.c on non-glibc systems. PR 54275. [Stefan Fritsch] *) Fix potential data corruption in apr_brigade_write() and friends if the last bucket of the brigade is a heap bucket that has been split, and there are still references to the next part of the original bucket in use. [Stefan Fritsch] *) Remove duplicated logic in apr_brigade_puts(). PR 53740. [Christophe Jaillet <christophe jaillet wanadoo fr>] *) apr_crypto: If --with-crypto is passed to configure but no crypto libraries are enabled, autodetect available libraries. [Jeff Trawick] *) memcache: Fix dead server retry logic. [Gavin Shelley <columbusmonkey me.com>] Changes with APR-util 1.5.1 *) testmemcache: Fix crash. PR 52705. [Peter Poeml <peter poeml de>] *) MinGW: Support shared builds of apr-util when apr is shared. PR 46175. [Carlo Bramini <carlo.bramix libero.it>, Jeff Trawick] *) Add support for Berkeley DB 5.2 and 5.3. Simplify detection script. PR 53684. [Rainer Jung] *) configure: Allow to specify library specific custom linker flags via the LDADD_XXX variables. [Rainer Jung] *) apr_password_validate(): Fix intermittent errors on systems such as FreeBSD where the crypt() function is used. (Broken only in 1.5.0) [Jeff Trawick] *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] Changes with APR-util 1.5.0 *) dbd_pgsql_escape: Use PQescapeStringConn. [Nick Kew] *) apr_password_validate, apr_bcrypt_encode: Add support for bcrypt encoded passwords. The bcrypt implementation uses code from crypt_blowfish written by Solar Designer <solar openwall com>. apr_bcrypt_encode creates hashes with "$2y$" prefix, but apr_password_validate also accepts the old prefix "$2a$". PR 49288. [Stefan Fritsch] *) APR dbd: Allow to use apr_dbd_get_row() with a different pool than apr_dbd_select(). PR 53533. [<arthur echo gmail com>] *) APR dbd FreeTDS support: Fix spurious API errors caused by uninitialized fields. [TROY.LIU 劉春偉 <TROY.LIU deltaww.com.cn>] *) apr_password_validate: Increase maximum hash string length to allow more than 9999 rounds with sha512-crypt. PR 53410. [Stefan Fritsch] *) Fix segfaults in crypt() and crypt_r() failure modes. PR 47272. [Arkadiusz Miskiewicz <arekm pld-linux.org>] *) apr_crypto: Ensure that the if/else that governs the static initialisation of each crypto driver works when the first driver isn't in use. [Graham Leggett] *) apr_crypto: Ensure the *driver variable is initialised when a statically compiled library is initialised for the first time. [Graham Leggett] *) apr_crypto: Ensure the *driver variable is initialised when the library has already been loaded. Fix ported from apr_dbd. [Graham Leggett] *) apr_crypto: Move the static initialisation of DRIVER_LOAD from apr_crypto_init() to apr_crypto_get_driver(), so that we don't lose the parameters. [Graham Leggett] Changes with APR-util 1.4.3 *) Fix potential data corruption in apr_brigade_write() and friends if the last bucket of the brigade is a heap bucket that has been split, and there are still references to the next part of the original bucket in use. [Stefan Fritsch] *) Remove duplicated logic in apr_brigade_puts(). PR 53740. [Christophe Jaillet <christophe jaillet wanadoo fr>] *) memcache: Fix dead server retry logic. [Gavin Shelley <columbusmonkey me.com>] *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] *) APR dbd: Allow to use apr_dbd_get_row() with a different pool than apr_dbd_select(). PR 53533. [<arthur echo gmail com>] *) APR dbd FreeTDS support: Fix spurious API errors caused by uninitialized fields. [TROY.LIU 劉春偉 <TROY.LIU deltaww.com.cn>] *) apr_password_validate: Increase maximum hash string length to allow more than 9999 rounds with sha512-crypt. PR 53410. [Stefan Fritsch] *) Fix segfaults in crypt() and crypt_r() failure modes. PR 47272. [Arkadiusz Miskiewicz <arekm pld-linux.org>] *) apr_crypto: Ensure that the if/else that governs the static initialisation of each crypto driver works when the first driver isn't in use. [Graham Leggett] *) apr_crypto: Ensure the *driver variable is initialised when a statically compiled library is initialised for the first time. [Graham Leggett] *) apr_crypto: Ensure the *driver variable is initialised when the library has already been loaded. Fix ported from apr_dbd. [Graham Leggett] Changes with APR-util 1.4.2 (not released) *) apr_crypto: Move the static initialisation of DRIVER_LOAD from apr_crypto_init() to apr_crypto_get_driver(), so that we don't lose the parameters. [Graham Leggett]
Massive revbump after updating graphics/ilmbase, graphics/openexr, textproc/icu.
Bump PKGREVISION for mysql default change to 55.
PKGREVISION bumps for the security/openssl 1.0.1d update.
Revbump after graphics/jpeg and textproc/icu
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Recursive bump from icu shlib major bumped to 49.
Update to 1.4.1 Changelog: Changes with APR-Util 1.4.1 *) Apply Windows build fixes for the apr_crypto API. [Mladen Turk] Changes with APR-util 1.4.0 *) apr_ldap_init: Pass secure=1 to ldapssl_init() with Solaris LDAP SDK. PR: 42682 [Stefan Fritsch] *) apr_memcache_server_create: Fix possible segfault. PR 51064. [Michajlo Matijkiw <michajlo_matijkiw comcast com>] *) apr_thread_pool: Fix thread unsafe pool usage. [Stefan Fritsch] *) Do not include apr.h and apr_errno.h from system search path in apu_errno.h. PR 46487 [Rainer Jung] *) Add optional dbm, openssl and nss subpackages to the RPM spec file. [Graham Leggett] *) apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h or sybdb.h. [Graham Leggett] *) Add apr_crypto implementations for OpenSSL and Mozilla NSS. Add a unit test to verify the interoperability of the two modules. Builds default to disabled unless explicitly enabled. [Graham Leggett] *) Add the apr_crypto interface, a rewrite of the earlier apr_ssl code, based on the modular dso interface used for dbd and ldap. Initially, the interface supports symmetrical encryption and decryption. The purpose of the interface is to offer portable and interoperable access to basic crypto using the native crypto libraries present on each platform. [Graham Leggett] *) Add trace probes to hooks, making it easier to inspect APR Hook based applications with DTrace or other such mechanisms. [Theo Schlossnagle <jesus omniti.com>, generalized by Jeff Trawick] *) Implement resource list when threads are unavailable. PR 24325 [Bojan Smojver] Changes with APR-util 1.3.13 *) Fix a failure of configure to detect ldap_set_rebind_proc(), encountered on Fedora 15 with gcc 4.6. [Bojan Smojver] *) apr_thread_pool: Fix thread unsafe pool usage. [Stefan Fritsch] *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] *) Sync libtool handling of bundled expat from APR. [Rainer Jung]
Recursive bump for devel/apr buildlink addition.
recursive bump from icu shlib major bump.
Update "apr-util" package to version 1.3.12. Changes since version 1.3.11: - apr_ldap: Fix crash because of NULL cleanup registered by apr_ldap_rebind_init(). [Rainer Jung]
Update "apr-util" package to version 1.3.11. Changes since version 1.3.10: - apr_dbd_oracle: fix endianness issue in prepared statements. Bug 50690. [Stefan Ruppert <sr myarm.com>] - apr_ldap: resolve possible hangs or crashes when the pool passed to apr_ldap_rebind_init() is cleaned up and apr_ldap_rebind is re-initted and re-used. PR50918. [Eric Covener] - DBD ODBC support: Fix stack buffer overwrite when an unexpected number of parameters is passed to open. Fix range checking of the APR DBD type enum passed to some of the APIs. [Jeff Trawick] - Add support for Berkeley DB 5.1. [Rainer Jung]
Disable ODBC explicitly.
Switch distfile to .tar.bz2 to save precious space.
Pullup ticket 3243 - requested by tron security update Revisions pulled up: - pkgsrc/devel/apr-util/Makefile 1.17 - pkgsrc/devel/apr-util/distinfo 1.9 - pkgsrc/devel/apr-util/patches/patch-aa 1.3 Files removed: - pkgsrc/devel/apr-util/patches/patch-ab ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Oct 13 19:21:16 UTC 2010 Modified Files: pkgsrc/devel/apr-util: Makefile distinfo pkgsrc/devel/apr-util/patches: patch-aa Removed Files: pkgsrc/devel/apr-util/patches: patch-ab Log Message: Update "apr-util" package to version 1.3.10. Changes since 1.3.9: - SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). [Stefan Fritsch] - SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause applications to crash while parsing specially-crafted XML documents. [Joe Orton] - Upgrade bundled copy of expat library to 1.95.7. [Joe Orton] - apr_thread_pool: Fix some potential deadlock situations. Bug 49709. [Joe Mudd <Joe.Mudd sas.com>] - apr_thread_pool_create: Fix pool corruption caused by multithreaded use of the pool when multiple initial threads are created. Bug 47843. [Alex Korobka <akorobka fxcm.com>] - apr_thread_pool_create(): Only set the output thread pool handle on success. [Paul Querna] - DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with several different data types, including APR_DBD_TYPE_TIME. Bug 49645. [<kappa psilambda.com>] - Add support for Berkeley DB 4.8 and 5.0. Bug 49866, Bug 49179. [Bernhard Rosenkraenzer <br blankpage.ch>, Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>] - Make bundled expat compatible with libtool 2.x. Bug 49053. [Rainer Jung] - Prefer libtool 1.x when searching for libtool in bundled expat release process. [Rainer Jung, Jim Jagielski] - Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] Patch supplied by Mihai Chelaru, approved by Alistair Crooks. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/apr-util/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/apr-util/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/devel/apr-util/patches/patch-aa cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apr-util/patches/patch-ab
Update "apr-util" package to version 1.3.10. Changes since 1.3.9: - SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). [Stefan Fritsch] - SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause applications to crash while parsing specially-crafted XML documents. [Joe Orton] - Upgrade bundled copy of expat library to 1.95.7. [Joe Orton] - apr_thread_pool: Fix some potential deadlock situations. Bug 49709. [Joe Mudd <Joe.Mudd sas.com>] - apr_thread_pool_create: Fix pool corruption caused by multithreaded use of the pool when multiple initial threads are created. Bug 47843. [Alex Korobka <akorobka fxcm.com>] - apr_thread_pool_create(): Only set the output thread pool handle on success. [Paul Querna] - DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with several different data types, including APR_DBD_TYPE_TIME. Bug 49645. [<kappa psilambda.com>] - Add support for Berkeley DB 4.8 and 5.0. Bug 49866, Bug 49179. [Bernhard Rosenkraenzer <br blankpage.ch>, Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>] - Make bundled expat compatible with libtool 2.x. Bug 49053. [Rainer Jung] - Prefer libtool 1.x when searching for libtool in bundled expat release process. [Rainer Jung, Jim Jagielski] - Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] Patch supplied by Mihai Chelaru, approved by Alistair Crooks.
Revbump after updating databases/db5
Fix building with db5; revision bump for db4 update
Pullup ticket 2854 - requested by tron security update Revisions pulled up: - pkgsrc/devel/apr-util/Makefile 1.14 - pkgsrc/devel/apr-util/Makefile 1.8 - pkgsrc/devel/apr/Makefile 1.58 - pkgsrc/devel/apr/distinfo 1.26 Module Name: pkgsrc Committed By: schmonz Date: Fri Jul 24 13:09:32 UTC 2009 Modified Files: pkgsrc/devel/apr-util: Makefile Log Message: Configure --without-sqlite2 in case it's unavoidably on the include path. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/apr-util/Makefile ----- Module Name: pkgsrc Committed By: tonnerre Date: Tue Aug 4 10:09:35 UTC 2009 Modified Files: pkgsrc/devel/apr: Makefile distinfo Log Message: Update to apr version 1.3.7, which, other than 1.3.5, is still downloadable. Changes since 1.3.5: - On Linux/hppa flock() returns EAGAIN instead of EWOULDBLOCK. This causes proc mutex failures. - Set CLOEXEC flags where appropriate. Either use new O_CLOEXEC flag and associated functions, such as dup3(), accept4(), epoll_create1() etc., or simply set CLOEXEC flag using fcntl(). - More elaborate detection for dup3(), accept4() and epoll_create1(). To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 pkgsrc/devel/apr/Makefile cvs rdiff -u -r1.25 -r1.26 pkgsrc/devel/apr/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. ----- Module Name: pkgsrc Committed By: tonnerre Date: Tue Aug 4 10:13:04 UTC 2009 Modified Files: pkgsrc/devel/apr-util: Makefile distinfo Log Message: Upgrade apr-util to version 1.3.8, which, unlike 1.3.7, is still downloadab= le. Changes since 1.3.7: - Use locally scoped variables in PostgreSQL driver to avoid stomping on return codes. - Fix race conditions in initialisation of DBD, DBM and DSO. - Expose DBM libs in apu-1-config by default. To avoid that, use apu-1-config --avoid-dbm --libs. To get just DBM libs, use apu-1-config --dbm-libs. - Make sure --without-ldap works. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/apr-util/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apr-util/distinfo ----- Module Name: pkgsrc Committed By: tron Date: Fri Aug 7 10:39:24 UTC 2009 Modified Files: pkgsrc/devel/apr-util: Makefile distinfo Log Message: Update "apr-util" package to version 1.3.8. Changes since 1.3.9: - SECURITY: CVE-2009-2412 (cve.mitre.org) Fix overflow in rmm, where size alignment was taking place. [Matt Lewis <mattlewis@google.com>, Sander Striker] - Make sure that "make check" is used in the RPM spec file, so that the crypto, dbd and dbm tests pass. [Graham Leggett] - Make sure the mysql version of dbd_mysql_get_entry() respects the rule that if the column number exceeds the number of columns, we return NULL. [Graham Leggett] - Ensure the dbm module is packaged up correctly in the RPM. [Graham Leggett] - Clarify the error messages within the dbd tests. [Graham Leggett] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/apr-util/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/apr-util/distinfo
Update "apr-util" package to version 1.3.9. Changes since 1.3.8: - SECURITY: CVE-2009-2412 (cve.mitre.org) Fix overflow in rmm, where size alignment was taking place. [Matt Lewis <mattlewis@google.com>, Sander Striker] - Make sure that "make check" is used in the RPM spec file, so that the crypto, dbd and dbm tests pass. [Graham Leggett] - Make sure the mysql version of dbd_mysql_get_entry() respects the rule that if the column number exceeds the number of columns, we return NULL. [Graham Leggett] - Ensure the dbm module is packaged up correctly in the RPM. [Graham Leggett] - Clarify the error messages within the dbd tests. [Graham Leggett]
Upgrade apr-util to version 1.3.8, which, unlike 1.3.7, is still downloadable. Changes since 1.3.7: - Use locally scoped variables in PostgreSQL driver to avoid stomping on return codes. - Fix race conditions in initialisation of DBD, DBM and DSO. - Expose DBM libs in apu-1-config by default. To avoid that, use apu-1-config --avoid-dbm --libs. To get just DBM libs, use apu-1-config --dbm-libs. - Make sure --without-ldap works.
Configure --without-sqlite2 in case it's unavoidably on the include path.
Pullup ticket 2791 - requested by tron Security update Revisions pulled up: - pkgsrc/devel/apr-util/Makefile 1.10 - pkgsrc/devel/apr-util/distinfo 1.6 Module Name: pkgsrc Committed By: tron Date: Mon Jun 8 13:19:20 UTC 2009 Modified Files: pkgsrc/devel/apr-util: Makefile distinfo Log Message: Update "apr-util" package to version 1.3.7. Changes since version 1.3.4: - SECURITY: Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Minor build and bug fixes. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Fix off by one overflow in apr_brigade_vprintf. - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and LDAP_NO_LIMIT/0) it is not safe to use a literal -1. Bug 23356 - Clean up ODBC types. Warnings seen when compiling packages for Fedora 11. - Use of my_init() requires my_global.h and my_sys.h. - Fix apr_memcache_multgetp memory corruption and incorrect error handling. Bug 46588 - Fix memcache memory leak with persistent connections. Bug 46482 - Add Oracle 11 support. - apr_dbd_freetds: Avoid segfault when process is NULL. Do no print diagnostics to stderr. Never allow driver to exit process. - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h or sybdb.h. - LDAP detection improvements: --with-ldap now supports library names containing non-alphanumeric characters, such as libldap-2.4.so. New option --with-lber can be used to override the default liblber name. Fix a problem reporting the lber library from apu-N-config. - Suppress pgsql column-out-of-range warning. - Fix a buffer overrun and password matching for SHA passwords. - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are loaded as .so's on first demand, unless --disable-util-dso is configured. - Fix a segfault in the DBD testcase when the DBD modules were not present. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo
Set the license type to "apache-2.0".
Update "apr-util" package to version 1.3.7. Changes since version 1.3.4: - SECURITY: Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Minor build and bug fixes. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Fix off by one overflow in apr_brigade_vprintf. - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and LDAP_NO_LIMIT/0) it is not safe to use a literal -1. Bug 23356 - Clean up ODBC types. Warnings seen when compiling packages for Fedora 11. - Use of my_init() requires my_global.h and my_sys.h. - Fix apr_memcache_multgetp memory corruption and incorrect error handling. Bug 46588 - Fix memcache memory leak with persistent connections. Bug 46482 - Add Oracle 11 support. - apr_dbd_freetds: Avoid segfault when process is NULL. Do no print diagnostics to stderr. Never allow driver to exit process. - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h or sybdb.h. - LDAP detection improvements: --with-ldap now supports library names containing non-alphanumeric characters, such as libldap-2.4.so. New option --with-lber can be used to override the default liblber name. Fix a problem reporting the lber library from apu-N-config. - Suppress pgsql column-out-of-range warning. - Fix a buffer overrun and password matching for SHA passwords. - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are loaded as .so's on first demand, unless --disable-util-dso is configured. - Fix a segfault in the DBD testcase when the DBD modules were not present.
Don't let the build's LDFLAGS be polluted by what provides apr, because apr doesn't know about all dependencies of apr-util. Otherwise the final binary wouldn't have the proper RPATHs. Bump PKGREVISION.
The current version of apr-utils does not build with apr-1.2.x because it uses APR_SIZE_MAX, which is defined in apr-1.3.x. Add apr>=1.3.0 to BUILDLINK_API_DEPENDS.apr.
Remove --without-sqlite3 from Makefile
PLIST fix for LDAP; Added options for pgsql, mysql, sqlite3
Update to 1.3.4: Changes with APR-util 1.3.4 *) Fix a memory leak introduced in r683756 and a free call to a non malloced pointer in the case that the platform has no threads. [Jeff Trawick, Ruediger Pluem] Changes with APR-util 1.3.3 *) Add Berkeley DB 4.7 support. [Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>] *) PostgreSQL rows (internally) start from zero, not one. Account for it in row fetching function. [Bojan Smojver] *) Detection of PostgreSQL may fail if LIBS contains all libs returned by pg_config. Use it only as the last resort. [Bojan Smojver] *) When searching for DSOs, look in apr-util-APU_MAJOR_VERSION subdirectory of each component of APR_DSOPATH. PR 45327 [Joe Orton, William Rowe, Bojan Smojver] *) Give MySQL DBD driver reconnect option. PR 45407 [Bojan Smojver] Changes with APR-util 1.3.2 *) Fix parameter parsing error in ODBC DBD driver. [Tom Donovan] *) Older OpenLDAP implementations may have ldap_set_rebind_proc() with two args. Provide detection code and alternative implementation. [Ruediger Pluem] *) Use pool memory when setting DBD driver name into the hash. [Bojan Smojver] Changes with APR-util 1.3.1 *) Add ODBC DBD Driver. [Tom Donovan] *) Fix build of the FreeTDS and MySQL drivers. [Bojan Smojver] *) Fix build failure for no modules (--disable-dso). [Jean-Frederic Clere] *) Fix win32 build failure for no modules (empty DBD_LIST). [William Rowe] Changes with APR-util 1.3.0 *) apr_reslist: destroy all resources in apr_cleanup (don't give up on error). PR 45086 [Nick Kew] *) Add apr_brigade_split_ex for reusing existing brigades in situation where brigades need to be split often during the lifetime of a pool. [Ruediger Pluem] *) Amend apr_reslist to expire resources whose idle time exceeds ttl. PR 42841 [Tom Donovan, Nick Kew, Ruediger Pluem] *) Modularize ldap's stub with the dbd dso modular structure, and teach the apu dso's to respect the system specific shared lib path var. To link to an application without ldap libs, query `apu-1-config --avoid-ldap --libs` (in addition to the usual linker queries for compiling and linking). [William Rowe] *) Support building DBD drivers as DSOs by default; use --disable-util-dso flag to configure to use static link. [Joe Orton, Bojan Smojver] *) All DBD drivers now count rows from 1, which affects PostgreSQL and MySQL drivers in particular. Using row number zero is an error. [Bojan Smojver] *) Add support for OpenLDAP's ability to support a directory of certificate authorities. [Eric Covener] *) Better error detection for bucket allocation failures. [Jim Jagielski] *) Ensure that the LDAP code can compile cleanly on platforms that do not define the LDAP_OPT_REFHOPLIMIT symbol, most specifically Windows. [Victor <victorjss@gmail.com>, Graham Leggett] *) Fix the setting of LDAP_OPT_SSL on Win2k, which expects a pointer to the value LDAP_OPT_ON, and not the value itself. XP works with both. [Victor <victorjss@gmail.com>] *) Fix a regression in apr_brigade_partition that causes integer overflows on systems where apr_off_t > apr_size_t. [Ruediger Pluem] *) Ensure that apr_uri_unparse does not add scheme to URI if APR_URI_UNP_OMITSITEPART flag is set. PR 44044 [Michael Clark <michael metaparadigm.com>] *) Add an LDAP rebind implementation so that authentication can be carried through referrals. [Paul J. Reder] *) Fix the make test target in the spec file. [Graham Leggett] *) Introduce apr_dbd_open_ex() [Bojan Smojver] *) Make md5 hash files portable between EBCDIC and ASCII platforms [David Jones] *) Add limited apr_dbd_freetds driver (MSSQL and Sybase) [Nick Kew] *) Commit relicensed apr_dbd_mysql driver to /trunk/ [Nick Kew] *) Support BerkeleyDB 4.6. [Arfrever Frehtes Taifersar Arahesis] *) Support Tivoli ITDS LDAP client library. [Paul Reder] *) Portably implement testdate's long-time constants to solve compilation faults where #LL isn't valid. [Curt Arnold] *) Use buffered I/O with SDBM. [Joe Schaefer] *) Unify parsing of prepared statements and add binary argument functions to DBD [Bojan Smojver with help from many on the APR list] *) Rewrite detection of expat in configure to fix build on e.g. biarch Linux platforms. PR 28205. [Joe Orton] *) Add apr_thread_pool implementation. [Henry Jen <henryjen ztune.net>] *) Add support for Berkeley DB 4.5 to the configure scripts. [Garrett Rooney] *) Allow apr_queue.h to be included before other APR headers. PR 40891 [Henry Jen <henryjen ztune.net>] *) Fix precedence problem in error checking for sdbm dbm back end. PR 40659 [Larry Cipriani <lvc lucent.com>] *) Add an apr_reslist_acquired_count, for determining how many outstanding resources there are in a reslist. [Ryan Phillips <ryan trolocsis.com>] *) Provide folding in autogenerated .manifest files for Win32 builders using VisualStudio 2005 [William Rowe] *) Implement DBD transaction modes [Bojan Smojver with help from many on the APR list] *) Implement prepared statement support in SQLite3 DBD driver [Bojan Smojver] *) Add get (column) name to apr_dbd API [Bojan Smojver <bojan rexursive.com>] and [Chris Darroch <chrisd pearsoncmg com>] *) Make the DBD autoconf-glue use LDFLAGS instead of LIBS in several places, fixing some configure issues on Solaris. [Henry Jen <henryjen ztune.net>] *) Make apr_dbd.h work as a stand alone header, without needing other files to be included before it. [Henry Jen <henryjen ztune.net>] *) On platforms that use autoconf stop automatically linking against apr-iconv when an apr-iconv source dir is found in ../apr-iconv. Instead, add a --with-apr-iconv option to configure that lets you specify the relative path to your apr-iconv source directory. [Garrett Rooney] *) APR_FIND_APU macro now supports customisable detailed checks on each installed apr-util. [Justin Erenkrantz, Colm MacCárthaigh] *) APR_FIND_APU macro no longer checks /usr/local/apache2/ [Colm MacCárthaigh] *) Add apr_dbd_oracle driver [Nick Kew and Chris Darroch]
Update "apr-util" package to version 1.2.10. Changes since version 1.2.8: - Support BerkeleyDB 4.6. - Test improvements to validate testmd4 and testdbm, unattended. Changes with APR-util 1.2.9 - Ensure that an apr_reslist shrinks back to SMAX via the TTL by reorganising the resource list from a queue to a stack. Apache Bug 40348. - Fix Solaris 2.8+ fdatasync() detection. The fdatasync() function is marked as part of the Realtime library functions. Apache Bug 37343. - Change configure's expat detection to use standard linker-based tests, fixing build on e.g. biarch Linux systems. Apache Bug 28205. - Portably implement testdate's long-time constants to solve compilation faults where #LL isn't valid. - APR_FIND_APU macro no longer checks /usr/local/apache2/. Apache Bug 42089. - Fix handling of attribute namespaces in apr_xml_to_text() when a namespace map is provided. Apache Bug 41908.
I don't have time to maintain packages that might be affected by security vulnerabilities.
Use libtool in the wrapper directory instead of the one installed by apr. Otherwise, dependency_libs in libaprutil-1.la is set incorrectly. Bump PKGREVISION.
Import apr-util-1.2.8. The Apache Portable Run-time mission is to provide a library of routines that allows programmers to write a program once and be able to compile it anywhere.
Initial revision