[Pkg-apache-commits] r1398 - in /trunk/apr-util: README.source changelog copyright patches/00list patches/017_thread_pool_fix.dpatch patches/099_alternate_md4_md5_impl.dpatch repack.sh watch

sf at alioth.debian.org sf at alioth.debian.org
Sun Jan 8 19:00:10 UTC 2012 

Author: sf
Date: Sun Jan  8 19:00:10 2012
New Revision: 1398

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1398
Log:
Start moving to new upstream version 1.4.1, which is useful for httpd 2.3.
Some patches and the symbol files still need updates before it will build,
though.

No longer repack the source tarball. Instead, include RSA's updated
conditions of use in the copyright file.


Removed:
    trunk/apr-util/patches/017_thread_pool_fix.dpatch
    trunk/apr-util/patches/099_alternate_md4_md5_impl.dpatch
    trunk/apr-util/repack.sh
Modified:
    trunk/apr-util/README.source
    trunk/apr-util/changelog
    trunk/apr-util/copyright
    trunk/apr-util/patches/00list
    trunk/apr-util/watch

Modified: trunk/apr-util/README.source
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/README.source?rev=1398&op=diff
==============================================================================
--- trunk/apr-util/README.source (original)
+++ trunk/apr-util/README.source Sun Jan  8 19:00:10 2012
@@ -15,6 +15,3 @@
 To make it get used add it to debian/patches/00list .
 
 To make a patch not get used remove it from debian/patches/00list .
-
-Upstream tarballs need to be repackaged without crypto/apr_md4.c, crypto/apr_md5.c, include/apr_md4.h, and include/apr_md5.h because of their license.
-These are removed by debian/repack.sh, which is called from uscan.

Modified: trunk/apr-util/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/changelog?rev=1398&op=diff
==============================================================================
--- trunk/apr-util/changelog (original)
+++ trunk/apr-util/changelog Sun Jan  8 19:00:10 2012
@@ -1,3 +1,14 @@
+apr-util (1.4.1-1) UNRELEASED; urgency=low
+
+  * New upstream release
+  * Stop repacking the source tarball to remove the MD4/MD5 implementations
+    derived from RSA's code. RSA has made a statement that revised the
+    conditions of use for the code. Debian uses the code according to the
+    conditions from this statement, whic is now included in the copyright
+    file.
+
+ -- Stefan Fritsch <sf at debian.org>  Sun, 08 Jan 2012 19:24:12 +0100
+
 apr-util (1.3.12+dfsg-3) unstable; urgency=high
 
   * Add workaround for ldap detection problem, to fix FTBFS with gcc 4.6.

Modified: trunk/apr-util/copyright
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/copyright?rev=1398&op=diff
==============================================================================
--- trunk/apr-util/copyright (original)
+++ trunk/apr-util/copyright Sun Jan  8 19:00:10 2012
@@ -139,3 +139,58 @@
  * misrepresented as being the original software.
  * 
  * 3. This notice may not be removed or altered from any source distribution.
+
+
+The source files crypto/apr_md4.c and crypto/apr_md5.c contain code which is
+derived from reference code from RFC-1320, and RFC-1321. This code is
+copyright RSA Data Security, Inc. ("RSA"). RSA made the following statement
+about the conditions of use of this code. Debian choses to use and
+distribute this code according to the conditions outlined in this statement
+and NOT according to licence contained in the source files.
+
+  The following was recevied Fenbruary 23,2000 From: "Linn, John" February 19,
+  2000
+  
+  The purpose of this memo is to clarify the status of intellectual
+  property rights asserted by RSA Security Inc. ("RSA") in the MD2, MD4 and
+  MD5 message-digest algorithms, which are documented in RFC-1319, RFC-1320,
+  and RFC-1321 respectively. Implementations of these message-digest
+  algorithms, including implementations derived from the reference C code in
+  RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold without
+  license from RSA for any purpose. No rights other than the ones explicitly
+  set forth above are granted. Further, although RSA grants rights to
+  implement certain algorithms as defined by identified RFCs, including
+  implementations derived from the reference C code in those RFCs, no right to
+  use, copy, sell, or distribute any other implementations of the MD2, MD4, or
+  MD5 message-digest algorithms created, implemented, or distributed by RSA is
+  hereby granted by implication, estoppel, or otherwise. Parties interested in
+  licensing security components and toolkits written by RSA should contact the
+  company to discuss receiving a license. All other questions should be
+  directed to Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby
+  Drive, Bedford, Massachusetts 01730.  Implementations of the MD2, MD4, or
+  MD5 algorithms may be subject to United States laws and regulations
+  controlling the export of technical data, computer software, laboratory
+  prototypes and other commodities (including the Arms Export Control Act, as
+  amended, and the Export Administration Act of 1970). The transfer of certain
+  technical data and commodities may require a license from the cognizant
+  agency of the United States Government. RSA neither represents that a
+  license shall not be required for a particular implementation nor that, if
+  required, one shall be issued.
+  
+  DISCLAIMER: RSA MAKES NO REPRESENTATIONS AND EXTENDS NO WARRANTIES OF ANY
+  KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, VALIDITY OF INTELLECTUAL
+  PROPERTY RIGHTS, ISSUED OR PENDING, OR THE ABSENCE OF LATENT OR OTHER
+  DEFECTS, WHETHER OR NOT DISCOVERABLE, IN CONNECTION WITH THE MD2, MD4, OR
+  MD5 ALGORITHMS. NOTHING IN THIS GRANT OF RIGHTS SHALL BE CONSTRUED AS A
+  REPRESENTATION OR WARRANTY GIVEN BY RSA THAT THE IMPLEMENTATION OF THE
+  ALGORITHM WILL NOT INFRINGE THE INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD
+  PARTY. IN NO EVENT SHALL RSA, ITS TRUSTEES, DIRECTORS, OFFICERS, EMPLOYEES,
+  PARENTS AND AFFILIATES BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES OF
+  ANY KIND RESULTING FROM IMPLEMENTATION OF THIS ALGORITHM, INCLUDING ECONOMIC
+  DAMAGE OR INJURY TO PROPERTY AND LOST PROFITS, REGARDLESS OF WHETHER RSA
+  SHALL BE ADVISED, SHALL HAVE OTHER REASON TO KNOW, OR IN FACT SHALL KNOW OF
+  THE POSSIBILITY OF SUCH INJURY OR DAMAGE.
+
+The statement was downloaded from http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all
+on January 8th, 2012.

Modified: trunk/apr-util/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/patches/00list?rev=1398&op=diff
==============================================================================
--- trunk/apr-util/patches/00list (original)
+++ trunk/apr-util/patches/00list Sun Jan  8 19:00:10 2012
@@ -8,5 +8,3 @@
 014_apu_config_dont_list_indep_libs
 015_disable_expat_buildconf.dpatch
 016_avoid_db_by-default.dpatch
-017_thread_pool_fix.dpatch
-099_alternate_md4_md5_impl

Modified: trunk/apr-util/watch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/watch?rev=1398&op=diff
==============================================================================
--- trunk/apr-util/watch (original)
+++ trunk/apr-util/watch Sun Jan  8 19:00:10 2012
@@ -1,3 +1,2 @@
 version=3
-opts=dversionmangle=s/\+dfsg$// http://www.apache.org/dist/apr/apr-util-(1\..\..*)\.tar\.gz \
-debian bash debian/repack.sh
+http://www.apache.org/dist/apr/apr-util-(1\..\..*)\.tar\.gz debian

More information about the Pkg-apache-commits mailing list