![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / devel / apr
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
apr: update to 1.7.1.
Changes for APR 1.7.1
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Update to 1.5.0
* BUILDLINK_{API,ABI}_DEPENDS.apr are bumped
Changelog:
Changes for APR 1.5.0
*) Fix Linux kernel version check to recognize more versions,
including versions 3.10 and later. Bug 55690. [Joe Orton,
Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>]
*) Add apr_sockaddr_is_wildcard() to check if a socket address
refers to the wildcard address for the protocol family (e.g.,
0.0.0.0/INADDR_ANY for IPv4). [Jeff Trawick]
*) apr_file_dup2() on Windows: Fix debug RTL assertion in when
attempting to _commit(stdout) or _commit(stderr). [Mike Rumph
<mike.rumph oracle.com>]
*) apr_socket_connect() on Windows: Handle WSAEISCONN. Bug 48736.
[<inoue ariel-networks.com>, Jeff Trawick]
*) z/OS: threadsafe apr_pollset_poll support for sockets [Greg Ames]
*) Windows: Don't obtain a mutex for buffered file I/O unless the
file was opened with the APR_FOPEN_XTHREAD flag. [Ivan Zhakov
<ivan visualsvn.com>]
*) Windows: Create named shared memory segments under the "Local"
namespace if the caller is unprivileged, fixing an inability of
unprivileged callers to use apr_shm_create() with named shared
memory segments under recent Windows. As before, shared memory
segments are created under the "Global" namespace for privileged
callers. Add apr_shm_create_ex() and apr_shm_attach_ex(), which
provide the ability to override the normal namespace selection.
[Jeff Trawick]
*) Update compile settings for MINT OS. Bug 47181. [Alan Hourihane
<alanh fairlite.co.uk>]
*) Files and pipes on Windows: Don't create an unused pollset when
files and pipes are opened. [Mladen Turk]
*) apr_socket_timeout_set() on Windows: If the socket was in a non-
blocking state before, disable that setting so that timeouts work.
[Jeff Trawick]
*) File info APIs: Fix calculation of atime and mtime on AIX. Bug 51146.
[Ruediger Pluem]
*) Add the apr_escape interface. [Graham Leggett]
*) Cygwin build fixes. Bugs 51016 and 55586. [Carlo Bramini
<carlo.bramix libero.it>]
*) Add apr_skiplist family. [Jim Jagielski]
*) Add experimental cmake-based build system for Windows. Refer to
README.cmake for more information. [Jeff Trawick, Tom Donovan]
*) Add the apr_table_getm() call, which transparently handles the
merging of keys with multiple values. [Graham Leggett]
*) Add apr_hash_this_key(), apr_hash_this_key_len(), and
apr_hash_this_val() for easier access to those attributes from
a hash iterator. [Hyrum K. Wright <hyrum_wright mail.utexas.edu>]
*) MinGW/MSYS: Support shared builds of APR, other general improvements
to support of this toolchain. Bug 46175. [Carlo Bramini
<carlo.bramix libero.it>]
*) Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]
*) apr_socket_opt_set: Add support for APR_SO_BROADCAST. PR 46389.
[Armin Müller <mueller itestra com>]
*) Enable platform specific support for the opening of a file or
pipe in non-blocking mode through the APR_FOPEN_NONBLOCK flag.
[Graham Leggett]
"For efficiency reasons, please include bsd.fast.prefs.mk instead of bsd.prefs.mk."
Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=) It turns out there were a lot of these.
devel/libuuid is only needed for uuid support on Linux and SunOS. Bump PKGREVISION
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Make live easier for Apache 2.2 modules and provide apr-config and apu-config in .buildlink/bin.
Add "include/apr-1" to BUILDLINK_INCDIRS.apr, as programs using this library apparently expect to find it in their include path.
devel/apr:
Update to 1.2.8 (formerly in devel/apr1), no longer build from the
httpd distfile.
devel/rapidsvn:
devel/subversion-base:
parallel/ganglia-monitor-core:
security/hydra:
www/apache2:
Use devel/apr0.
www/apache22:
Use devel/apr and devel/apr-util.
Replace mk/bsd.prefs.mk includes with bsd.fast.prefs.mk includes. The redundant parsing of bsd.prefs.mk is mostly avoided now and parse time e.g. for x11/kdebase3 gets reduced by up to 10%.
Include iconv's b3.mk for systems without native iconv to allow proper linking.
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Fixed pkglint warnings.
The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default.
Aligned the last line of the buildlink3.mk files with the first line, so that they look nicer.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Recursive revision bump / recommended bump for gettext ABI change.
Bump BUILDLINK_RECOMMENDED of textproc/expat to 2.0.0 because of the shlib major bump. PKGREVISION++ for the dependencies.
Rename MAKE_VARS to MAKEVARS so that it more closely resembles "MAKEFLAGS". Both "MAKEVARS" and "MAKEFLAGS" affect the package-level make process, not the software's own make process.
I mixed up MAKE_FLAGS with MAKEFLAGS. The latter is what we actually use to pass make flags to bmake.
Don't assign to PKG_OPTIONS.<pkg> which has special meaning to the options framework. Rename PKG_OPTIONS.* to PKG_BUILD_OPTIONS.*.
Teach bsd.pkg.mk to create a phase-specific "makevars.mk" file that caches variable definitions that were computed by make. These variables are specified by listing them in MAKE_VARS, e.g., .if !defined(FOO) FOO!= very_time_consuming_command .endif MAKE_VARS+= FOO bsd.pkg.mk will include only the one generated during the most recent phase. A particular phase's makevars.mk file consists of variable definitions that are a superset of all of the ones produced in previous phases of the build. The caching is useful because bsd.pkg.mk invokes make recursively, which in the example above has the potential to run the very time-consuming command each time unless we cause FOO to be defined for the sub-make processes. We don't cache via MAKE_FLAGS because MAKE_FLAGS isn't consistently applied to every invocation of make, and also because MAKE_FLAGS can overflow the maximum length of a make variable very quickly if we add many values to it. One important and desirable property of variables cached via MAKE_VARS is that they only apply to the current package, and not to any dependencies whose builds may have been triggered by the current package. The makevars.mk files are generated by new targets fetch-vars, extract-vars, patch-vars, etc., and these targets are built during the corresponding real-* target to ensure that they are being invoked with PKG_PHASE set to the proper value. Also, remove the variables cache file that bsd.wrapper.mk was generating since the new makevars.mk files provide the same functionality at a higher level. Change all WRAPPER_VARS definitions that were used by the old wrapper-phase cache file into MAKE_VARS definitions.
PKG_OPTIONS.<pkg> isn't a good approximation to PKG_OPTIONS for the package because PKG_OPTION.<pkg> could contain negative options, which are never part of PKG_OPTIONS. Instead, use the show-var target to display the value. We cache it in WRAPPER_VARS and in MAKE_FLAGS to prevent reinvoking the show-var target recursively.
reorder library linker arguments so that -lcrypt comes after -laprutil-0. fixes build on Interix. patch from HIRAMATSU Yoshifumi in PR pkg/29336.
APR abstracts the dl*() functions across different platforms.
The global PKG_OPTION is "ldap", not "openldap".
PKG_OPTIONS.apr needs to be defined before trying to get its value.
Convert to use bsd.options.mk and use subst.mk instead of using sed(1)/mv(1). # XXX Support for the following variables will be removed after the # XXX pkgsrc-2004Q3 branch is released: # XXX # XXX APR_USE_DB4 # XXX APR_USE_OPENLDAP
Replace the .elif statement for APR_USE_OPENLDAP with a new .if block to fix the problem reported in PR pkg/27442 by Rasputin.
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
APR_USE_DB4 recently changed from YES to NO, so bump the PKGREVISION and bump the buildlink dependency needed because previously it wanted libdb4 and now it doesn't it. This fixes build problem with apache2 because of missing -ldb4.
- Update apr to 2.0.51 - Fix permissions on installed .h files - ok'ed snj@, wiz@ - Thanks to epg@ for final check This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities: An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy. [CAN-2004-0786] A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file. [CAN-2004-0747] A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [CAN-2004-0751] A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [CAN-2004-0748] A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request. [CAN-2004-0809] For further details, see http://www.apache.org/dist/httpd/Announcement2.html and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.
Enable OpenLDAP support in devel/apr, by default it's disabled. If you want to use it, "APR_USE_OPENLDAP" should be set to [Yy][Ee][Ss]. This closes PR pkg/25356.
Pullup ticket 57 to the pkgsrc-2004Q2 branch, requested by Grant Beattie. Security and other bug fixes for apache2. Module Name: pkgsrc Committed By: adrianp Date: Wed Jul 14 08:28:51 UTC 2004 Modified Files: pkgsrc/www/apache2: Makefile Makefile.common PLIST buildlink3.mk distinfo pkgsrc/www/apache2/patches: patch-aa Added Files: pkgsrc/www/apache2: PLIST.deffiles Removed Files: pkgsrc/www/apache2/patches: patch-as Log Message: - Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES and Module Name: pkgsrc Committed By: adrianp Date: Wed Jul 14 08:31:12 UTC 2004 Modified Files: pkgsrc/devel/apr: buildlink3.mk distinfo Log Message: - Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES
- Update to apache 2.0.50
- Add new build def APACHE_DEFAULT_FILES
Changes with Apache 2.0.50
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) mod_cgi: Handle output on stderr during script execution on Unix
platforms; preventing deadlock when stderr output fills pipe buffer.
Also fixes case where stderr from nph- scripts could be lost.
PR 22030, 18348. [Joe Orton, Jeff Trawick]
*) mod_alias now emits a warning if it detects overlapping *Alias*
directives. [André Malo]
*) mod_rewrite no longer turns forward proxy requests into reverse proxy
requests. PR 28125 [ast domdv.de, André Malo]
*) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
exported on Win32 and Netware as well (minor MMN bump). PR 28523.
[Edward Rudd <eddie omegaware.com>, André Malo]
*) Restore the ability to disable the use of AcceptEx on Win9x systems
automatically (broken in 2.0.49). PR 28529. [André Malo]
*) <VirtualHost myhost> now applies to all IP addresses for myhost
instead of just the first one reported by the resolver. This
corrects a regression since 1.3. [Jeff Trawick]
*) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
against ServerRoot PR#26602 [Brad Nicholes]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
*) mod_dav_fs: Fix MKCOL response for missing parent collections, which
caused issues for the Eclipse WebDAV extension.
PR 29034. [Joe Orton]
*) mod_deflate: Fix memory consumption (which was proportional to the
response size). PR 29318. [Joe Orton]
*) mod_ssl: Log the errors returned on failure to load or initialize
a crypto accelerator engine. [Joe Orton]
*) Allow RequestHeader directives to be conditional. PR 27951.
[Vincent Deffontaines <vincent gryzor.com>, André Malo]
*) Allow LimitRequestBody to be reset to unlimited. PR 29106
[André Malo]
*) Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects: mod_setenvif, mod_usertrack,
mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
*) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
*) Remove 2Gb log file size restriction on some 32-bit platforms.
PR 13511. [Joe Orton]
*) mod_logio no longer removes the EOS bucket. PR 27928.
[Bojan Smojver <bojan rexursive.com>]
*) htpasswd no longer refuses to process files that contain empty
lines. [André Malo]
*) Regression from 1.3: At startup, suexec now will be checked for
availability, the setuid bit and user root. The works only if
httpd is compiled with the shipped APR version (0.9.5).
PR 28287. [André Malo]
*) Unix MPMs: Stop dropping connections when the file descriptor
is at least FD_SETSIZE. [Jeff Trawick]
*) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
*) mod_isapi: send_response_header() failed to copy status string's
last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
*) Fix a segfault when requests for shared memory fails and returns
NULL. Fix a segfault caused by a lack of bounds checking on the
cache. PR 24801. [Graham Leggett]
*) Throw an error message if an attempt is made to use the LDAPTrustedCA
or LDAPTrustedCAType directives in a VirtualHost. PR 26390
[Brad Nicholes]
*) Fix a potential segfault if the bind password in the LDAP cache
is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
*) Quotes cannot be used around require group and require dn
directives, update the documentation to reflect this. Also add
quotes around the dn and group within debug messages, to make it
more obvious why authentication is failing if quotes are used in
error. PR 19304. [Graham Leggett]
*) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
from escaping filters twice when the backslash character is used.
PR 24437. [Jess Holle <jessh ptc.com>]
*) Overhaul handling of LDAP error conditions, so that the util_ldap_*
functions leave the connections in a sane state after errors have
occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
27271 [Graham Leggett]
*) mod_ldap calls ldap_simple_bind_s() to validate the user
credentials. If the bind fails, the connection is left
in an unbound state. Make sure that the ldap connection
record is updated to show that the connection is no longer
bound. [Brad Nicholes]
*) Ensure that lines in the request which are too long are
properly terminated before logging.
[Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
*) Update the bind credentials for the cached LDAP connection to
reflect the last bind. This prevents util_ldap from creating
unnecessary connections rather than reusing cached connections.
[Brad Nicholes]
*) mod_isapi: GetServerVariable returned improperly terminated header
fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
[Jesse Pelton <jsp pkc.com>]
*) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
size. PR 20617. [Jesse Pelton <jsp pkc.com>]
*) mod_dav: Fix a problem that could cause crashes when manipulating
locks on some platforms. [Jeff Trawick]
*) mod_headers no longer crashes if an empty header value should
be added. [André Malo]
*) Fix segfault in mod_expires, which occured under certain
circumstances. PR 28047. [André Malo]
*) htpasswd: use apr_temp_dir_get() and general cleanup
[Guenter Knauf <eflash gmx.net>, Thom May]
*) mod_ssl: Fix memory leak in session cache handling. PR 26562
[Madhusudan Mathihalli]
*) mod_ssl: Fix potential segfaults when performing SSL shutdown from
a pool cleanup. PR 27945. [Joe Orton]
*) Add forensic logging module (mod_log_forensic).
[Ben Laurie]
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
*) Fix the comment delimiter in htdbm so that it correctly parses the
username comment. Also add a terminate function to allow NetWare
to pause the output before the screen is destroyed.
[Guenter Knauf <eflash gmx.net>, Brad Nicholes]
*) Fix crash when Apache was started with no Listen directives.
[Michael Corcoran <mcorcoran warpsolutions.com>]
*) core_output_filter: Fix bug that could result in sending
garbage over the network when module handlers construct
bucket brigades containing multiple file buckets all referencing
the same open file descriptor. [Bojan Smojver]
*) Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
[Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
*) Win32: Tweak worker thread accounting routines to eliminate
server hang when number of Listen directives in httpd.conf
is greater than or equal to the setting of ThreadsPerChild.
[Bill Stoddard]
Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properly by moving the inclusion of buildlink3.mk files outside of the protected region. This bug would be seen by users that have set PREFER_PKGSRC or PREFER_NATIVE to non-default values. BUILDLINK_PACKAGES should be ordered so that for any package in the list, that package doesn't depend on any packages to the left of it in the list. This ordering property is used to check for builtin packages in the correct order. The problem was that including a buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed from BUILDLINK_PACKAGES and appended to the end. However, since the inclusion of any other buildlink3.mk files within that buildlink3.mk was in a region that was protected against multiple inclusion, those dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
bl3ify.