Subject: CVS commit: [pkgsrc-2010Q2] pkgsrc/devel/apr-util
From: S.P.Zeidler
Date: 2010-10-15 09:06:49
Message id: 20101015070649.C2C5D175DD@cvs.netbsd.org

Log Message:
Pullup ticket 3243 - requested by tron
security update

Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile		1.17
- pkgsrc/devel/apr-util/distinfo		1.9
- pkgsrc/devel/apr-util/patches/patch-aa	1.3

Files removed:
- pkgsrc/devel/apr-util/patches/patch-ab

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Wed Oct 13 19:21:16 UTC 2010

   Modified Files:
           pkgsrc/devel/apr-util: Makefile distinfo
           pkgsrc/devel/apr-util/patches: patch-aa
   Removed Files:
           pkgsrc/devel/apr-util/patches: patch-ab

   Log Message:
   Update "apr-util" package to version 1.3.10. Changes since 1.3.9:
   - SECURITY: CVE-2010-1623 (cve.mitre.org)
     Fix a denial of service attack against apr_brigade_split_line().
     [Stefan Fritsch]
   - SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
     Fix two buffer over-read flaws in the bundled copy of expat which
     could cause applications to crash while parsing specially-crafted
     XML documents.  [Joe Orton]
   - Upgrade bundled copy of expat library to 1.95.7.  [Joe Orton]
   - apr_thread_pool: Fix some potential deadlock situations.  Bug 49709.
     [Joe Mudd <Joe.Mudd sas.com>]
   - apr_thread_pool_create: Fix pool corruption caused by multithreaded
     use of the pool when multiple initial threads are created.  Bug 47843.
     [Alex Korobka <akorobka fxcm.com>]
   - apr_thread_pool_create(): Only set the output thread pool handle on
     success.  [Paul Querna]
   - DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with
     several different data types, including APR_DBD_TYPE_TIME.  Bug 49645.
     [<kappa psilambda.com>]
   - Add support for Berkeley DB 4.8 and 5.0.  Bug 49866, Bug 49179.
     [Bernhard Rosenkraenzer <br blankpage.ch>,
      Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>]
   - Make bundled expat compatible with libtool 2.x.  Bug 49053.
     [Rainer Jung]
   - Prefer libtool 1.x when searching for libtool in
     bundled expat release process. [Rainer Jung, Jim Jagielski]
   - Improve platform detection for bundled expat by updating
     config.guess and config.sub. [Rainer Jung]

   Patch supplied by Mihai Chelaru, approved by Alistair Crooks.

   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/apr-util/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/apr-util/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/devel/apr-util/patches/patch-aa
   cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apr-util/patches/patch-ab

Files:
RevisionActionfile
1.15.2.1modifypkgsrc/devel/apr-util/Makefile
1.8.8.1modifypkgsrc/devel/apr-util/distinfo
1.2.14.1modifypkgsrc/devel/apr-util/patches/patch-aa
1.2removepkgsrc/devel/apr-util/patches/patch-ab