apr (1.2.12-5+lenny5) oldstable; urgency=low * Disable robust pthread mutexes on alpha, arm, and armel. This fixes build problems on buildds running newer Linux kernels. -- Stefan Fritsch Mon, 16 Jan 2012 15:45:55 +0100 apr (1.2.12-5+lenny4) oldstable-security; urgency=low * Fix regression introduced by fix for CVE-2011-0419: apr_fnmatch may consume 100% CPU. CVE-2011-1928 Closes: #627182 -- Stefan Fritsch Thu, 19 May 2011 07:51:18 +0200 apr (1.2.12-5+lenny3) oldstable-security; urgency=high * Fix DoS in apr_fnmatch (CVE-2011-0419) which can be exploited via Apache HTTPD's mod_autoindex. -- Stefan Fritsch Fri, 14 May 2011 09:46:15 +0200 apr (1.2.12-5+lenny2) stable; urgency=low * Set FD_CLOEXEC flag on file descriptors. Not doing so caused Apache httpd modules which do not use the apr API for executing other processes to leak file descriptors to the called processes. In some setups, this could cause security issues and/or problems with Apache failing to restart. This issue affected mod_php (but not mod_cgi). Closes: #366124 -- Stefan Fritsch Tue, 01 Jun 2010 23:11:19 +0200 apr (1.2.12-5+lenny1) stable-security; urgency=high * Fix CVE-2009-2412: overflow in pool allocations, where size alignment was taking place. -- Peter Samuelson Thu, 06 Aug 2009 09:22:28 -0500 apr (1.2.12-5) unstable; urgency=low * Actually switch to /dev/urandom instead of only adding a non-functional patch. Closes: #501497 -- Stefan Fritsch Wed, 08 Oct 2008 00:06:56 +0200 apr (1.2.12-4) unstable; urgency=medium * Use /dev/urandom instead of /dev/random (like 1.3.* does). * Update watch file to recognize 1.3.*. -- Stefan Fritsch Wed, 18 Jun 2008 23:12:35 +0200 apr (1.2.12-3) unstable; urgency=low * Enable hardening options in a way that does not include them in apr-config, which was a bad idea. * Point to /usr/share/common-licenses instead of including the license in the copyright file. -- Stefan Fritsch Wed, 11 Jun 2008 19:19:52 +0200 apr (1.2.12-2) unstable; urgency=high * Urgency high for RC bug fix. * Do not use -fstack-protector on arm and armel, since it is completely broken (see #469517). Closes: #477772 * Remove unneded libtool build dependency. -- Stefan Fritsch Wed, 30 Apr 2008 20:46:17 +0200 apr (1.2.12-1) unstable; urgency=low * New upstream version. - Remove 020_lfs_ino_t.dpatch now done by upstream configure. Adjust ino_t_test.c to check that this is the same definition of apr_ino_t as we had before. * Enable hardening options: -fstack-protector -Wformat-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro * Disable SCTP for now, in order to get a consistent build result in unclean build environments. * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the uploaders field (thanks for your work). * Fix some lintian warnings: - Bump Standards-Version to 3.7.3 (no changes). - Remove obsolete XS- from VCS tags. - Remove empty /usr/share/doc/libapr1.0 directory. - Provide patch description. * Point VCS tags in debian control to trunk, to make them useful with debcheckout. -- Stefan Fritsch Tue, 01 Apr 2008 22:17:47 +0200 apr (1.2.11-1) unstable; urgency=low * New upstream version (Closes: #441969) * Enable epoll (Closes: #441635). This means we don't support Linux 2.4 kernels anymore. Therefore we can also enable tcp_nodelay_with_cork. * Fix generation of docs (Closes: #413684, #442794) * Don't ship LaTeX source files in .deb * Build with -D_REENTRANT on kfreebsd (Closes: #301417) * Fix FTBFS on hurd because of missing PATH_MAX (Closes: #349418) * Do not build everything twice by using the correct path to config.status in debian/rules * Add myself to Uploaders * Add svn repository information to debian/control -- Stefan Fritsch Thu, 20 Sep 2007 20:56:37 +0200 apr (1.2.9-1) unstable; urgency=low * Acknowledge NMUs - thanks, Andi. [ Peter Samuelson ] * New upstream version. Minor bugfixes, no new features. - Update 015_sendfile_lfs.dpatch - Remove obsolete 099_config_guess_sub_update.dpatch * 020_lfs_ino_t.dpatch: update to support kfreebsd-amd64. Thanks to Petr Salinger. (Closes: #405564) * Standards-Version: 3.7.2 (from 3.6.2.2) - no changes. * Rename Source-Version substvar to binary:Version, for great justice. * libapr1-dev Suggests: python, in case someone wants to use the application build infrastructure in /usr/share/apr-1.0/build. * debian/rules: small cleanups. * Add watch file. * Add myself to Uploaders. -- Peter Samuelson Fri, 22 Jun 2007 14:03:20 -0500 apr (1.2.7-8.2) unstable; urgency=high * Non-maintainer upload. * Apply better working 015_sendfile_lfs.dpatch this time. Again Closes: #396631 -- Andreas Barth Wed, 20 Dec 2006 08:19:19 +0000 apr (1.2.7-8.1) unstable; urgency=high * Non-maintainer upload. * Fix 0-lenght files. Take 015_sendfile_lfs.dpatch from svn for this. Closes: #396631 -- Andreas Barth Sat, 9 Dec 2006 20:39:59 +0000 apr (1.2.7-8) unstable; urgency=low [ Peter Samuelson ] * Small kludge^Wtweak to apr_file_info.h to make the ABI stable across LFS/non-LFS preprocessor flags. (See: #397402) -- Tollef Fog Heen Wed, 15 Nov 2006 00:17:02 +0100 apr (1.2.7-7) unstable; urgency=low * Update rules to ensure we don't turn on features that aren't available on 2.4 kernels for !amd64 kernels. Closes: #392049 -- Tollef Fog Heen Tue, 7 Nov 2006 01:21:27 +0100 apr (1.2.7-6) unstable; urgency=low * Update 011_fix_apr-config to give out the libtool used to build apr with. Fixes Apache 2.2 FTBFS when we remove all the evil libtool hacks there too. * Make -dbg package Priority: extra as per overrides. -- Tollef Fog Heen Wed, 27 Sep 2006 22:16:51 +0200 apr (1.2.7-5) unstable; urgency=low * Add doxygen to build-deps. * Add sendfile hurd patch. Closes: #349416 -- Tollef Fog Heen Wed, 27 Sep 2006 19:32:10 +0200 apr (1.2.7-4) unstable; urgency=low * No longer force apr_lock_method. Closes: #384117 * Use srcdir != builddir. * Add docs to -dev package. Closes: #388146 -- Tollef Fog Heen Wed, 27 Sep 2006 17:26:56 +0200 apr (1.2.7-3) unstable; urgency=low * Fix override disparity * Backport of patch to work around kernel problems with sendfile on 64bit platforms * Update config.{guess,sub} to make libtool happier. This fixes the problem reported in #369881. Closes: #369881. * Remove some of the libtool hacks since they're no longer needed with the newer config.{guess,sub} -- Tollef Fog Heen Mon, 1 May 2006 17:06:37 +0200 apr (1.2.7-2) unstable; urgency=low * Ship get-version.sh too, needed by apr-util. -- Tollef Fog Heen Fri, 28 Apr 2006 22:57:43 +0200 apr (1.2.7-1) unstable; urgency=low * New upstream release. * Add apr-1-config man page. Closes: #357174, thanks to Vincent Danjean for the conversion job. -- Tollef Fog Heen Fri, 28 Apr 2006 19:45:08 +0000 apr (1.2.2-3) unstable; urgency=low * Rename source package to match upstream. * Rename binary packages to libapr1 etc. * Add conflicts for old packages. * libapr1-dev Depends: uuid-dev. * Add uuid-dev to Build-Dep: * Enable non-portable atomics. * Update Standards-Version: no changes. * Add apr-config compatibility symlink. -- Tollef Fog Heen Thu, 26 Jan 2006 12:42:30 +0100 apr1.0 (1.2.2-2) unstable; urgency=low * Up to debhelper v5 * Add call to dh_installdocs; not sure why I was not doing this already. -- Thom May Tue, 3 Jan 2006 13:01:56 +0000 apr1.0 (1.2.2-1) unstable; urgency=low * New upstream release -- Thom May Thu, 29 Dec 2005 17:05:42 +0000 apr1.0 (1.1.1-1) unstable; urgency=low * New upstream release -- Thom May Sun, 8 May 2005 17:12:09 +0100 apr1.0 (1.1.0-1) unstable; urgency=low * New Upstream Release * First Package Release -- Thom May Wed, 17 Nov 2004 11:51:32 -0800