Re: svn commit: r20203 - /dev/apr/Announcement1.x.txt

2017-06-27 Thread William A Rowe Jr 
On Tue, Jun 27, 2017 at 3:38 AM, Nick Kew  wrote:
> On Mon, 2017-06-26 at 19:41 -0500, William A Rowe Jr wrote:
>> Yes, I did that file arrives from apu, not apr, but I believe(?) We
>> fixed both?
>
> We have patches for both, but it's a sequencing thing.
> The APR patch was applied for 1.6.1 (past tense).
> APU 1.6.1 remains future tense.

ACK - thanks.

Since we have the various Windows oddities to patch, I'm happy to offer
to tag and roll sometime between tomorrow and Sunday to get 1.6.1
out there (and then this whole Announce would make sense :)

Re: svn commit: r20203 - /dev/apr/Announcement1.x.txt

2017-06-27 Thread Nick Kew 
On Mon, 2017-06-26 at 19:41 -0500, William A Rowe Jr wrote:
> Yes, I did that file arrives from apu, not apr, but I believe(?) We
> fixed both?

We have patches for both, but it's a sequencing thing.
The APR patch was applied for 1.6.1 (past tense).
APU 1.6.1 remains future tense.

-- 
Nick Kew

Re: svn commit: r20203 - /dev/apr/Announcement1.x.txt

2017-06-26 Thread William A Rowe Jr 
Yes, I did that file arrives from apu, not apr, but I believe(?) We fixed
both?


On Jun 26, 2017 6:41 PM, "Nick Kew"  wrote:

> On Mon, 2017-06-26 at 17:53 -0500, William A Rowe Jr wrote:
> > Nick, I went ahead and took the static text of previous announcements
> > and worked in all of your advisories as our persistent Announcement
> > draft during the 1.6 phase; I hope you don't mind.
>
> Why should I mind?  You found a page that needed updating, you
> updated it.  Great - thanks.
>
> > https://dist.apache.org/repos/dist/dev/apr/
> >
> > Edits welcome.
>
> Will cast an eye over it sometime when it's daytime ...
>
> > > +- Build files find_apr.m4, find_apu.m4 and apr_common.m4 are now
> > > +  exported for the benefit of packagers.
>
> From memory, haven't you magicked up an extra .m4 there?
>
> --
> Nick Kew
>
>

Re: svn commit: r20203 - /dev/apr/Announcement1.x.txt

2017-06-26 Thread Nick Kew 
On Mon, 2017-06-26 at 17:53 -0500, William A Rowe Jr wrote:
> Nick, I went ahead and took the static text of previous announcements
> and worked in all of your advisories as our persistent Announcement
> draft during the 1.6 phase; I hope you don't mind.

Why should I mind?  You found a page that needed updating, you
updated it.  Great - thanks.

> https://dist.apache.org/repos/dist/dev/apr/
> 
> Edits welcome.

Will cast an eye over it sometime when it's daytime ...

> > +- Build files find_apr.m4, find_apu.m4 and apr_common.m4 are now
> > +  exported for the benefit of packagers.

>From memory, haven't you magicked up an extra .m4 there?

-- 
Nick Kew

Re: svn commit: r20203 - /dev/apr/Announcement1.x.txt

2017-06-26 Thread William A Rowe Jr 
Nick, I went ahead and took the static text of previous announcements
and worked in all of your advisories as our persistent Announcement
draft during the 1.6 phase; I hope you don't mind.

All, if you have edits to add, we should fix these in the dev location
before we try to push this at the mirrors. I'll also recommend we
rename the file to 1.6 in the process for the few mirrors which will
not replace files (on a lack-of-trust that their plain request has been
hijacked by some MITM/DNS attack.) You can find this draft, if you
are a member of apr or the foundation, within;

https://dist.apache.org/repos/dist/dev/apr/

Edits welcome.

On Mon, Jun 26, 2017 at 4:55 PM,   wrote:
> Author: wrowe
> Date: Mon Jun 26 21:55:21 2017
> New Revision: 20203
>
> Log:
> Text draft of apr 1.6 language for community review; current still says 1.5
>
> Modified:
> dev/apr/Announcement1.x.txt
>
> Modified: dev/apr/Announcement1.x.txt
> ==
> --- dev/apr/Announcement1.x.txt (original)
> +++ dev/apr/Announcement1.x.txt Mon Jun 26 21:55:21 2017
> @@ -1,27 +1,52 @@
> -   Apache Portable Runtime library 1.5.2 Released
> +   Apache Portable Runtime and Utilities 1.6 released
>
> The Apache Software Foundation and the Apache Portable Runtime
> Project are proud to announce the General Availability of version
> -   1.5.2 of the Apache Portable Runtime library.
> +   1.6.2 of the Apache Portable Runtime library, and version 1.6.0
> +   of the Apache Portable Runtime Utility library
>
> -   APR 1.5.2 resolves an important issue on the Windows platform
> -   that can result in vulnerabilities in APR applications which use
> -   APR pipes; this issue is tracked by CVE-2015-1829.
> -
> -   APR 1.5.2 fixes a number of additional run-time and build-time bugs
> -   affecting multiple platforms.  See CHANGES-APR-1.5 for more
> -   information.
> -
> -   Version 1.5.4 of the Apache Portable Runtime Utility library remains
> -   current.
> +   APR 1.6.2 and APR-util 1.6.0 fix a number of additional run-time
> +   and build-time bugs affecting multiple platforms, and introduce
> +   several new features. See CHANGES-APR-1.6 and CHANGES-APR-UTIL 1.6
> +   for more information.
>
> Version 1.2.1 of the companion APR-iconv library, an alternative
> portable implementation of the 'iconv' library, remains current.
>
> -   As announced previously, the 0.9.x branches of Apache Portable Runtime
> -   library, Apache Portable Runtime Utility library, and the companion
> -   APR-iconv library have been retired.  No further bug or security
> -   fixes will be available for these branches.
> +   Most notably there are a number of changes in how APR is deployed
> +   and how APR-util deals with external dependencies, which may be
> +   disruptive to existing build strategies:
> +
> +- Build files find_apr.m4, find_apu.m4 and apr_common.m4 are now
> +  exported for the benefit of packagers.
> +
> +- XML:
> +
> +  Expat sources are no longer bundled, this is now an external
> +  dependency. You must install expat on your system to build
> +  or deploy APR-UTIL (expat is installed as standard on most
> +  systems). Deploy expat (2.x recommended) development and
> +  runtime packages using your system's package management schema
> +  or obtain and build expat 2.2 (or more recent) source from
> +  https://libexpat.github.io/ - note that 2.2 addressed some
> +  security vulnerabilities of earlier libexpat project releases.
> +
> +- CRYPTO:
> +
> +  OpenSSL support is updated to support OpenSSL version 1.1.
> +
> +  Apple's CommonCrypto is supported for Mac and IOS platforms.
> +
> +- DATABASE:
> +
> +  MySQL support has been updated as advised by the MySQL developers.
> +  MySQL versions older than 5.5 should not be used.  Or if you
> +  do use an old MySQL version, you will need to hack the build
> +  to use the thread-safe libmysqlclient_r version of the library.
> +
> +  FreeTDS partial and incomplete support has been dropped.
> +  Users of MSSQL and SYBASE databases are recommended to use
> +  the ODBC driver instead.
>
> APR is available for download from:
>
>
>