Now
pkgsrc-2009Q1 commitmail json YAML
Pullup ticket 2791 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.10
- pkgsrc/devel/apr-util/distinfo 1.6
Module Name: pkgsrc
Committed By: tron
Date: Mon Jun 8 13:19:20 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
- SECURITY:
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Minor build and bug fixes.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Fix off by one overflow in apr_brigade_vprintf.
- APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
Bug 23356
- Clean up ODBC types. Warnings seen when compiling packages for
Fedora 11.
- Use of my_init() requires my_global.h and my_sys.h.
- Fix apr_memcache_multgetp memory corruption and incorrect error
handling. Bug 46588
- Fix memcache memory leak with persistent connections.
Bug 46482
- Add Oracle 11 support.
- apr_dbd_freetds: Avoid segfault when process is NULL.
Do no print diagnostics to stderr. Never allow driver to exit
process.
- apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
or sybdb.h.
- LDAP detection improvements: --with-ldap now supports library names
containing non-alphanumeric characters, such as libldap-2.4.so. New
option --with-lber can be used to override the default liblber name.
Fix a problem reporting the lber library from apu-N-config.
- Suppress pgsql column-out-of-range warning.
- Fix a buffer overrun and password matching for SHA passwords.
- Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
loaded as .so's on first demand, unless --disable-util-dso is configured.
- Fix a segfault in the DBD testcase when the DBD modules were not present.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo
Security update
Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.10
- pkgsrc/devel/apr-util/distinfo 1.6
Module Name: pkgsrc
Committed By: tron
Date: Mon Jun 8 13:19:20 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
- SECURITY:
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Minor build and bug fixes.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Fix off by one overflow in apr_brigade_vprintf.
- APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
Bug 23356
- Clean up ODBC types. Warnings seen when compiling packages for
Fedora 11.
- Use of my_init() requires my_global.h and my_sys.h.
- Fix apr_memcache_multgetp memory corruption and incorrect error
handling. Bug 46588
- Fix memcache memory leak with persistent connections.
Bug 46482
- Add Oracle 11 support.
- apr_dbd_freetds: Avoid segfault when process is NULL.
Do no print diagnostics to stderr. Never allow driver to exit
process.
- apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
or sybdb.h.
- LDAP detection improvements: --with-ldap now supports library names
containing non-alphanumeric characters, such as libldap-2.4.so. New
option --with-lber can be used to override the default liblber name.
Fix a problem reporting the lber library from apu-N-config.
- Suppress pgsql column-out-of-range warning.
- Fix a buffer overrun and password matching for SHA passwords.
- Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
loaded as .so's on first demand, unless --disable-util-dso is configured.
- Fix a segfault in the DBD testcase when the DBD modules were not present.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo