From ohauer@gmx.de  Tue Feb 14 19:44:26 2012
Return-Path: <ohauer@gmx.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 83FD4106567B
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Feb 2012 19:44:26 +0000 (UTC)
	(envelope-from ohauer@gmx.de)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22])
	by mx1.freebsd.org (Postfix) with SMTP id 03C338FC23
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Feb 2012 19:44:25 +0000 (UTC)
Received: (qmail invoked by alias); 14 Feb 2012 19:17:45 -0000
Received: from p578be941.dip0.t-ipconnect.de (EHLO [192.168.0.100]) [87.139.233.65]
  by mail.gmx.net (mp032) with SMTP; 14 Feb 2012 20:17:45 +0100
Message-Id: <4F3AB355.7030606@gmx.de>
Date: Tue, 14 Feb 2012 20:17:41 +0100
From: olli hauer <ohauer@gmx.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
In-Reply-To: <201202141706.q1EH6EN7001645@frieza.p6m7g8.net>
Subject: Re: [PATCH] devel/apr: CVE / Update / exp-run / shlib bump
References: <201202141706.q1EH6EN7001645@frieza.p6m7g8.net>

>Number:         165151
>Category:       ports
>Synopsis:       Re: [PATCH] devel/apr: CVE / Update / exp-run / shlib bump
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 14 19:50:08 UTC 2012
>Closed-Date:    Tue Feb 14 20:28:15 UTC 2012
>Last-Modified:  Tue Mar 13 16:55:02 UTC 2012
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 This is a multi-part message in MIME format.
 --------------010501020704090605080708
 Content-Type: text/plain; charset=ISO-8859-15
 Content-Transfer-Encoding: 7bit
 
 On 2012-02-14 18:06, Philip M. Gollucci wrote:
 >> Submitter-Id:	current-users
 >> Originator:	Philip M. Gollucci
 
 
 > @@ -60,11 +60,6 @@
 >  ########## APR Options
 >  .if defined(WITHOUT_THREADS)
 >  APR_CONF_ARGS+=	--disable-threads
 > -.if defined(PKGNAMESUFFIX)
 > -PKGNAMESUFFIX:=	${PKGNAMESUFFIX}-nothr
 > -.else
 > -PKGNAMESUFFIX=	-nothr
 > -.endif
 >  .else
 >  APR_CONF_ARGS+=	--enable-threads
 >  .endif
 
 Hi Philip,
 
 my patch looks similar but I haven't done some live tests.
  + additional sorting of pkg-plist
  - remove of all PKGNAMESUFFIX(es)
 
 Is there a reason to remove all the PKGNAMESUFFIX(es) with your diff?
 
 http://people.freebsd.org/~ohauer/diffs/apr1-1.4.6.1.4.1.diff
 
 --
 Regards,
 olli
 
 
 --------------010501020704090605080708
 Content-Type: text/plain;
  name="apr1-1.4.6.1.4.1.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="apr1-1.4.6.1.4.1.diff"
 
 Index: Makefile
 ===================================================================
 RCS file: /home/pcvs/ports/devel/apr1/Makefile,v
 retrieving revision 1.118
 diff -u -r1.118 Makefile
 --- Makefile	23 Jan 2012 22:48:54 -0000	1.118
 +++ Makefile	14 Feb 2012 19:14:27 -0000
 @@ -6,7 +6,6 @@
  
  PORTNAME=	apr
  PORTVERSION=	${APR_VERSION}.${APU_VERSION}
 -PORTREVISION=	1
  CATEGORIES=	devel
  MASTER_SITES=	${MASTER_SITE_APACHE}
  MASTER_SITE_SUBDIR=	apr
 @@ -30,8 +29,8 @@
  		SQLITE  "Enable SQLite3 support in apr-util"		off \
  		DEVRANDOM "Use /dev/random or compatible in apr"	on
  
 -APR_VERSION=	1.4.5
 -APU_VERSION=	1.3.12
 +APR_VERSION=	1.4.6
 +APU_VERSION=	1.4.1
  
  USE_ICONV=		yes
  USE_AUTOTOOLS=	automake autoconf libtool:env
 @@ -48,7 +47,7 @@
  
  PLIST_SUB=	SHLIB_APR_MAJOR="${SHLIB_APR_MAJOR}" SHLIB_APU_MAJOR="${SHLIB_APU_MAJOR}"
  SHLIB_APR_MAJOR=	4
 -SHLIB_APU_MAJOR=	3
 +SHLIB_APU_MAJOR=	4
  
  APR_CONF_ARGS=	--with-installbuilddir=${DATADIR}/build-1
  APU_CONF_ARGS=	--with-apr=${APR_WRKDIR} \
 Index: distinfo
 ===================================================================
 RCS file: /home/pcvs/ports/devel/apr1/distinfo,v
 retrieving revision 1.29
 diff -u -r1.29 distinfo
 --- distinfo	22 May 2011 21:31:16 -0000	1.29
 +++ distinfo	14 Feb 2012 19:14:27 -0000
 @@ -1,4 +1,4 @@
 -SHA256 (apr-1.4.5.tar.gz) = 7323d5f72d6bddf7d1ecb63e4326df82a66210018bb2f1e8f6d97357e68302df
 -SIZE (apr-1.4.5.tar.gz) = 994320
 -SHA256 (apr-util-1.3.12.tar.gz) = 815b6fc82950f61050a5e711a7f3c20fd9b6ffcc7a4cacfe9f291fb241210cd8
 -SIZE (apr-util-1.3.12.tar.gz) = 769076
 +SHA256 (apr-1.4.6.tar.gz) = 538d593d805c36985fc6d200d31bf6c1b5f90df2a50b917902743a13bbc10e05
 +SIZE (apr-1.4.6.tar.gz) = 982243
 +SHA256 (apr-util-1.4.1.tar.gz) = d636d9ef95c6e50e47fc338d532aa375edd11e5d7a3c30dee48beb38ddf4ab4c
 +SIZE (apr-util-1.4.1.tar.gz) = 774770
 Index: pkg-plist
 ===================================================================
 RCS file: /home/pcvs/ports/devel/apr1/pkg-plist,v
 retrieving revision 1.24
 diff -u -r1.24 pkg-plist
 --- pkg-plist	18 May 2010 04:00:26 -0000	1.24
 +++ pkg-plist	14 Feb 2012 19:14:27 -0000
 @@ -1,16 +1,12 @@
  bin/apr-1-config
  bin/apu-1-config
 -%%DATADIR%%/build-1/apr_rules.mk
 -%%DATADIR%%/build-1/libtool
 -%%DATADIR%%/build-1/make_exports.awk
 -%%DATADIR%%/build-1/make_var_export.awk
 -%%DATADIR%%/build-1/mkdir.sh
  include/apr-1/apr.h
  include/apr-1/apr_allocator.h
  include/apr-1/apr_anylock.h
  include/apr-1/apr_atomic.h
  include/apr-1/apr_base64.h
  include/apr-1/apr_buckets.h
 +include/apr-1/apr_crypto.h
  include/apr-1/apr_date.h
  include/apr-1/apr_dbd.h
  include/apr-1/apr_dbm.h
 @@ -70,10 +66,37 @@
  include/apr-1/apr_xlate.h
  include/apr-1/apr_xml.h
  include/apr-1/apu.h
 +include/apr-1/apu_errno.h
  include/apr-1/apu_version.h
  include/apr-1/apu_want.h
 -libdata/pkgconfig/apr-1.pc
 -libdata/pkgconfig/apr-util-1.pc
 +%%MYSQL%%lib/apr-util-1/apr_dbd_mysql-1.so
 +%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.a
 +%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.la
 +%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.so
 +%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql-1.so
 +%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.a
 +%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.la
 +%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.so
 +%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3-1.so
 +%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.a
 +%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.la
 +%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.so
 +%%BDB%%lib/apr-util-1/apr_dbm_db-1.so
 +%%BDB%%lib/apr-util-1/apr_dbm_db.a
 +%%BDB%%lib/apr-util-1/apr_dbm_db.la
 +%%BDB%%lib/apr-util-1/apr_dbm_db.so
 +%%GDBM%%lib/apr-util-1/apr_dbm_gdbm-1.so
 +%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.a
 +%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.la
 +%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.so
 +%%NDBM%%lib/apr-util-1/apr_dbm_ndbm-1.so
 +%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.a
 +%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.la
 +%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.so
 +%%LDAP%%lib/apr-util-1/apr_ldap-1.so
 +%%LDAP%%lib/apr-util-1/apr_ldap.a
 +%%LDAP%%lib/apr-util-1/apr_ldap.la
 +%%LDAP%%lib/apr-util-1/apr_ldap.so
  lib/apr.exp
  lib/aprutil.exp
  lib/libapr-1.a
 @@ -84,35 +107,14 @@
  lib/libaprutil-1.la
  lib/libaprutil-1.so
  lib/libaprutil-1.so.%%SHLIB_APU_MAJOR%%
 -%%BDB%%lib/apr-util-1/apr_dbm_db-1.so
 -%%BDB%%lib/apr-util-1/apr_dbm_db.so
 -%%BDB%%lib/apr-util-1/apr_dbm_db.la
 -%%BDB%%lib/apr-util-1/apr_dbm_db.a
 -%%GDBM%%lib/apr-util-1/apr_dbm_gdbm-1.so
 -%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.so
 -%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.la
 -%%GDBM%%lib/apr-util-1/apr_dbm_gdbm.a
 -%%NDBM%%lib/apr-util-1/apr_dbm_ndbm-1.so
 -%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.so
 -%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.la
 -%%NDBM%%lib/apr-util-1/apr_dbm_ndbm.a
 -%%LDAP%%lib/apr-util-1/apr_ldap-1.so
 -%%LDAP%%lib/apr-util-1/apr_ldap.so
 -%%LDAP%%lib/apr-util-1/apr_ldap.la
 -%%LDAP%%lib/apr-util-1/apr_ldap.a
 -%%MYSQL%%lib/apr-util-1/apr_dbd_mysql-1.so
 -%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.so
 -%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.la
 -%%MYSQL%%lib/apr-util-1/apr_dbd_mysql.a
 -%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql-1.so
 -%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.so
 -%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.la
 -%%PGSQL%%lib/apr-util-1/apr_dbd_pgsql.a
 -%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3-1.so
 -%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.so
 -%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.la
 -%%SQLITE3%%lib/apr-util-1/apr_dbd_sqlite3.a
 -%%APU_EXTRAS%%@dirrm lib/apr-util-1
 +libdata/pkgconfig/apr-1.pc
 +libdata/pkgconfig/apr-util-1.pc
 +%%DATADIR%%/build-1/apr_rules.mk
 +%%DATADIR%%/build-1/libtool
 +%%DATADIR%%/build-1/make_exports.awk
 +%%DATADIR%%/build-1/make_var_export.awk
 +%%DATADIR%%/build-1/mkdir.sh
  @dirrm %%DATADIR%%/build-1
  @dirrm %%DATADIR%%
 +%%APU_EXTRAS%%@dirrm lib/apr-util-1
  @dirrm include/apr-1
 Index: files/patch-apr_hints.m4
 ===================================================================
 RCS file: /home/pcvs/ports/devel/apr1/files/patch-apr_hints.m4,v
 retrieving revision 1.23
 diff -u -r1.23 patch-apr_hints.m4
 --- files/patch-apr_hints.m4	22 May 2011 21:31:16 -0000	1.23
 +++ files/patch-apr_hints.m4	14 Feb 2012 19:14:27 -0000
 @@ -1,5 +1,5 @@
 ---- apr-1.4.5/build/apr_hints.m4.orig	Wed Oct 27 11:12:28 2004
 -+++ apr-1.4.5/build/apr_hints.m4	Wed Oct 27 11:25:32 2004
 +--- apr-1.4.6/build/apr_hints.m4.orig	Wed Oct 27 11:12:28 2004
 ++++ apr-1.4.6/build/apr_hints.m4	Wed Oct 27 11:25:32 2004
  @@ -159,11 +159,7 @@
   	;;
       *-freebsd*)
 Index: files/patch-apr_ldap_rebind.c
 ===================================================================
 RCS file: files/patch-apr_ldap_rebind.c
 diff -N files/patch-apr_ldap_rebind.c
 --- files/patch-apr_ldap_rebind.c	19 Jun 2011 10:27:11 -0000	1.1
 +++ /dev/null	1 Jan 1970 00:00:00 -0000
 @@ -1,15 +0,0 @@
 ---- apr-util-1.3.12/ldap/apr_ldap_rebind.c.orig	2011-06-18 14:42:15.000000000 +0000
 -+++ apr-util-1.3.12/ldap/apr_ldap_rebind.c	2011-06-18 14:42:28.000000000 +0000
 -@@ -81,11 +81,11 @@
 -     get_apd
 - #endif
 - 
 -+#if APR_HAS_THREADS
 -     /* run after apr_thread_mutex_create cleanup */
 -     apr_pool_cleanup_register(pool, &apr_ldap_xref_lock, apr_ldap_pool_cleanup_set_null,
 -                               apr_pool_cleanup_null);
 - 
 --#if APR_HAS_THREADS
 -     if (apr_ldap_xref_lock == NULL) {
 -         retcode = apr_thread_mutex_create(&apr_ldap_xref_lock, APR_THREAD_MUTEX_DEFAULT, pool);
 -     }
 
 --------------010501020704090605080708--
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: pgollucci 
State-Changed-When: Tue Feb 14 20:28:14 UTC 2012 
State-Changed-Why:  
duplicate of 165143 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165151 
>Unformatted:
