Hello community, here is the log from the commit of package libapr-util1 for openSUSE:Factory checked in at Tue Jun 9 17:41:07 CEST 2009. -------- --- libapr-util1/libapr-util1.changes 2008-11-11 16:54:22.000000000 +0100 +++ /mounts/work_src_done/STABLE/libapr-util1/libapr-util1.changes 2009-06-08 14:11:29.000000000 +0200 @@ -1,0 +2,42 @@ +Mon Jun 8 14:11:08 CEST 2009 - poeml@suse.de + +- update to 1.3.7 + *) SECURITY: + Fix a denial of service attack against the apr_xml_* interface + using the "billion laughs" entity expansion technique. + *) Minor build and bug fixes. + *) SECURITY: CVE-2009-0023 (cve.mitre.org) + Fix underflow in apr_strmatch_precompile. + *) Fix off by one overflow in apr_brigade_vprintf. + *) APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the + SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and + LDAP_NO_LIMIT/0) it is not safe to use a literal -1. + *) Clean up ODBC types. Warnings seen when compiling packages for + Fedora 11. + *) Use of my_init() requires my_global.h and my_sys.h. + *) Fix apr_memcache_multgetp memory corruption and incorrect error + handling. + *) Fix memcache memory leak with persistent connections. + *) Add Oracle 11 support. + *) apr_dbd_freetds: Avoid segfault when process is NULL. + Do no print diagnostics to stderr. Never allow driver to exit + process. + *) apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h + or sybdb.h. + *) LDAP detection improvements: --with-ldap now supports library names + containing non-alphanumeric characters, such as libldap-2.4.so. New + option --with-lber can be used to override the default liblber name. + Fix a problem reporting the lber library from apu-N-config. + *) Suppress pgsql column-out-of-range warning. + *) Fix a buffer overrun and password matching for SHA passwords. + *) Introduce DSO handling of the db, gdbm and ndbm drivers, so these are + loaded as .so's on first demand, unless --disable-util-dso is configured. + *) Fix a segfault in the DBD testcase when the DBD modules were not present. +- package %{dso_libdir}/apr_dbm_db* + +------------------------------------------------------------------- +Mon Mar 9 04:29:13 CET 2009 - poeml@suse.de + +- enable build on CentOS5 and RHEL5 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- apr-util-1.3.4.tar.bz2 New: ---- apr-util-1.3.7.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libapr-util1.spec ++++++ --- /var/tmp/diff_new_pack.w30770/_old 2009-06-09 17:40:32.000000000 +0200 +++ /var/tmp/diff_new_pack.w30770/_new 2009-06-09 17:40:32.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libapr-util1 (Version 1.3.4) +# spec file for package libapr-util1 (Version 1.3.7) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -75,13 +75,19 @@ %if %{?mandriva_version:1}0 BuildRequires: expat-devel libldap2.3_0-devel %endif +%if %{?rhel_version:1}0 +BuildRequires: expat-devel openldap2-devel +%endif +%if %{?centos_version:1}0 +BuildRequires: expat-devel openldap2-devel +%endif # Url: http://apr.apache.org/ License: Other uncritical OpenSource License; The Apache Software License Group: Development/Libraries/Other AutoReqProv: on -Version: 1.3.4 -Release: 12 +Version: 1.3.7 +Release: 1 Summary: Apache Portable Runtime (APR) Library Source: http://www.apache.org/dist/apr/apr-util-%{version}.tar.bz2 # @@ -261,6 +267,7 @@ %{_libdir}/libaprutil-%{apuver}.so.* %dir %{dso_libdir} %attr(755,root,root) %{dso_libdir}/apr_ldap* +%attr(755,root,root) %{dso_libdir}/apr_dbm_db* %if %{with_mysql} %files dbd-mysql @@ -299,6 +306,42 @@ %exclude %{_libdir}/*.la %changelog +* Mon Jun 08 2009 poeml@suse.de +- update to 1.3.7 + *) SECURITY: + Fix a denial of service attack against the apr_xml_* interface + using the "billion laughs" entity expansion technique. + *) Minor build and bug fixes. + *) SECURITY: CVE-2009-0023 (cve.mitre.org) + Fix underflow in apr_strmatch_precompile. + *) Fix off by one overflow in apr_brigade_vprintf. + *) APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the + SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and + LDAP_NO_LIMIT/0) it is not safe to use a literal -1. + *) Clean up ODBC types. Warnings seen when compiling packages for + Fedora 11. + *) Use of my_init() requires my_global.h and my_sys.h. + *) Fix apr_memcache_multgetp memory corruption and incorrect error + handling. + *) Fix memcache memory leak with persistent connections. + *) Add Oracle 11 support. + *) apr_dbd_freetds: Avoid segfault when process is NULL. + Do no print diagnostics to stderr. Never allow driver to exit + process. + *) apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h + or sybdb.h. + *) LDAP detection improvements: --with-ldap now supports library names + containing non-alphanumeric characters, such as libldap-2.4.so. New + option --with-lber can be used to override the default liblber name. + Fix a problem reporting the lber library from apu-N-config. + *) Suppress pgsql column-out-of-range warning. + *) Fix a buffer overrun and password matching for SHA passwords. + *) Introduce DSO handling of the db, gdbm and ndbm drivers, so these are + loaded as .so's on first demand, unless --disable-util-dso is configured. + *) Fix a segfault in the DBD testcase when the DBD modules were not present. +- package %%{dso_libdir}/apr_dbm_db* +* Mon Mar 09 2009 poeml@suse.de +- enable build on CentOS5 and RHEL5 * Tue Nov 11 2008 ro@suse.de - SLE-11 uses PPC64 instead of PPC, adapt baselibs.conf * Thu Oct 30 2008 skh@suse.de @@ -355,7 +398,7 @@ *) Fix win32 build failure for no modules (empty DBD_LIST). [William Rowe] * Thu Jul 17 2008 poeml@suse.de - add /usr/lib/apr-util-1 directory to RPM filelist. -* Mon Jun 16 2008 poeml@suse.de +* Tue Jun 17 2008 poeml@suse.de - pg_config is evil. Make sure it is not used to find PostgreSQL header files. Fixing build of of the PostgreSQL DBD adapter onopenSUSE 11.0. ++++++ apr-util-1.3.4.tar.bz2 -> apr-util-1.3.7.tar.bz2 ++++++ ++++ 51683 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org