Subject: CVS commit: [pkgsrc-2009Q1] pkgsrc/devel/apr-util
From: S.P.Zeidler
Date: 2009-06-08 22:27:49
Message id: 20090608202749.76F0B175D0@cvs.netbsd.org

Log Message:
Pullup ticket 2791 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile	1.10
- pkgsrc/devel/apr-util/distinfo	1.6

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Mon Jun  8 13:19:20 UTC 2009

   Modified Files:
   	pkgsrc/devel/apr-util: Makefile distinfo

   Log Message:
   Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
   - SECURITY:
     Fix a denial of service attack against the apr_xml_* interface
     using the "billion laughs" entity expansion technique.
   - SECURITY: CVE-2009-0023 (cve.mitre.org)
     Fix underflow in apr_strmatch_precompile.
   - Minor build and bug fixes.
   - SECURITY: CVE-2009-0023 (cve.mitre.org)
     Fix underflow in apr_strmatch_precompile.
   - Fix off by one overflow in apr_brigade_vprintf.
   - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
     SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
     LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
     Bug 23356
   - Clean up ODBC types. Warnings seen when compiling packages for
     Fedora 11.
   - Use of my_init() requires my_global.h and my_sys.h.
   - Fix apr_memcache_multgetp memory corruption and incorrect error
     handling. Bug 46588
   - Fix memcache memory leak with persistent connections.
     Bug 46482
   - Add Oracle 11 support.
   - apr_dbd_freetds: Avoid segfault when process is NULL.
     Do no print diagnostics to stderr. Never allow driver to exit
     process.
   - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
     or sybdb.h.
   - LDAP detection improvements: --with-ldap now supports library names
     containing non-alphanumeric characters, such as libldap-2.4.so.  New
     option --with-lber can be used to override the default liblber name.
     Fix a problem reporting the lber library from apu-N-config.
   - Suppress pgsql column-out-of-range warning.
   - Fix a buffer overrun and password matching for SHA passwords.
   - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
     loaded as .so's on first demand, unless --disable-util-dso is configured.
   - Fix a segfault in the DBD testcase when the DBD modules were not present.

   To generate a diff of this commit:
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo

Files:
RevisionActionfile
1.9.4.1modifypkgsrc/devel/apr-util/Makefile
1.5.4.1modifypkgsrc/devel/apr-util/distinfo