Pullup ticket 2791 - requested by tron Security update Revisions pulled up: - pkgsrc/devel/apr-util/Makefile 1.10 - pkgsrc/devel/apr-util/distinfo 1.6 Module Name: pkgsrc Committed By: tron Date: Mon Jun 8 13:19:20 UTC 2009 Modified Files: pkgsrc/devel/apr-util: Makefile distinfo Log Message: Update "apr-util" package to version 1.3.7. Changes since version 1.3.4: - SECURITY: Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Minor build and bug fixes. - SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. - Fix off by one overflow in apr_brigade_vprintf. - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and LDAP_NO_LIMIT/0) it is not safe to use a literal -1. Bug 23356 - Clean up ODBC types. Warnings seen when compiling packages for Fedora 11. - Use of my_init() requires my_global.h and my_sys.h. - Fix apr_memcache_multgetp memory corruption and incorrect error handling. Bug 46588 - Fix memcache memory leak with persistent connections. Bug 46482 - Add Oracle 11 support. - apr_dbd_freetds: Avoid segfault when process is NULL. Do no print diagnostics to stderr. Never allow driver to exit process. - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h or sybdb.h. - LDAP detection improvements: --with-ldap now supports library names containing non-alphanumeric characters, such as libldap-2.4.so. New option --with-lber can be used to override the default liblber name. Fix a problem reporting the lber library from apu-N-config. - Suppress pgsql column-out-of-range warning. - Fix a buffer overrun and password matching for SHA passwords. - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are loaded as .so's on first demand, unless --disable-util-dso is configured. - Fix a segfault in the DBD testcase when the DBD modules were not present. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo

(spz)

 @@ -1,17 +1,16 @@
-# $NetBSD: Makefile,v 1.9 2008/11/02 15:05:11 cube Exp $
+# $NetBSD: Makefile,v 1.9.4.1 2009/06/08 20:27:49 spz Exp $
-DISTNAME=	apr-util-1.3.4
+DISTNAME=	apr-util-1.3.7
 PKGREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:=apr/}
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://apr.apache.org/
 COMMENT=	Apache Portable Runtime utilities
 PKG_DESTDIR_SUPPORT=	user-destdir
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 USE_LIBTOOL=	yes
 USE_TOOLS+=	pkg-config

 @@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2008/11/02 15:05:11 cube Exp $
+$NetBSD: distinfo,v 1.5.4.1 2009/06/08 20:27:49 spz Exp $
-SHA1 (apr-util-1.3.4.tar.gz) = c538c566447cf38b849288a40cf81e5267d9117f
+SHA1 (apr-util-1.3.7.tar.gz) = 1ddb686c1ae573a67784c24d51c6f3ba44cbe32b
-RMD160 (apr-util-1.3.4.tar.gz) = 741b9b8e9449ce3cae565aeac57deaeb688071d3
+RMD160 (apr-util-1.3.7.tar.gz) = 9e41d6c79fe601129c10c95e782c7e34f6058e11
-Size (apr-util-1.3.4.tar.gz) = 778902 bytes
+Size (apr-util-1.3.7.tar.gz) = 788206 bytes
 SHA1 (patch-aa) = 8266136e6211c3c98a1f2dee8a33cd2bac50fbce
 SHA1 (patch-ab) = 2eb58e941a54dc5f4531476b1017ac4f6ee1b4a6