apr-util (1.2.12+dfsg-8+lenny5) stable-security; urgency=high * CVE-2010-1623: Fix denial of service vulnerability through memory consumption in apr_brigade_split_line() -- Stefan Fritsch Thu, 30 Sep 2010 17:09:37 +0200 apr-util (1.2.12+dfsg-8+lenny4) stable-security; urgency=high * CVE-2009-2412: Fix overflow in RMM allocations due to alignment. -- Peter Samuelson Thu, 06 Aug 2009 09:27:58 -0500 apr-util (1.2.12+dfsg-8+lenny3) stable; urgency=low * CVE-2009-1956: Fix potential information disclosure bug on big-endian architectures. On little-endian systems, this is not security relevant but may still cause data corruption. * Add CVE reference to previous changelog entry. -- Stefan Fritsch Tue, 09 Jun 2009 21:51:09 +0200 apr-util (1.2.12+dfsg-8+lenny2) stable-security; urgency=high * CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2. * CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling of internal xml entities. -- Stefan Fritsch Wed, 03 Jun 2009 22:53:01 +0200 apr-util (1.2.12+dfsg-8) unstable; urgency=low [ Ryan Niebur ] * Upgraded to policy version 3.8.0 - Reference the copyright in common-licenses instead of including it - support for noopt in DEB_BUILD_OPTIONS - Added a README.source - added support for parallel in DEB_BUILD_OPTIONS * Dropped the XS- prefix for the Vcs fields in debian/control * Made the watch file notice 1.3.x [ Stefan Fritsch ] * Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some bugs that can make apache2 hang (closes: #490859). * Add 'Provides' for the modules that are still included in libaprutil1, but will be moved to separate packages with apr-util 1.3.x. This will make back-porting packages from lenny+1 to lenny easier. -- Stefan Fritsch Wed, 20 Aug 2008 22:29:26 +0200 apr-util (1.2.12+dfsg-7) unstable; urgency=medium * Apply hardening build options independently from apr. -- Stefan Fritsch Sat, 21 Jun 2008 13:29:48 +0200 apr-util (1.2.12+dfsg-6) unstable; urgency=low * Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for linking (really closes: #482270). -- Stefan Fritsch Mon, 26 May 2008 23:45:44 +0200 apr-util (1.2.12+dfsg-5) unstable; urgency=low * Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if libaprutil links to mysql, applications don't need to do it, too. (Closes: #482270) -- Stefan Fritsch Sun, 25 May 2008 22:53:36 +0200 apr-util (1.2.12+dfsg-4) unstable; urgency=low * Activate mysql support (closes: #395959). This is made possible by php5 now linking against the threadsafe version of libmysqlclient. Therefore add a conflict with older versions of php5-mysql and with php4-mysql. * Rebuild against apr with hardening options: CFLAGS are taken from apr, set LDFLAGS=-Wl,-z,relro explicitly. * Conflict with apache2 << 2.2.8-1, which used an older version of libldap and now segfaults with current libaprutil1+libldap. * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the uploaders field (thanks for your work). -- Stefan Fritsch Sun, 18 May 2008 17:13:24 +0200 apr-util (1.2.12+dfsg-3) unstable; urgency=medium * Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency medium because this made apache segfault when resuming a file larger than 4GB. * Point VCS tags in debian control to trunk, to make them useful with debcheckout. -- Stefan Fritsch Fri, 29 Feb 2008 20:59:49 +0100 apr-util (1.2.12+dfsg-2) unstable; urgency=low * Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter causes problems with sbuild. * Change server in watch file since www.eu.apache.org is unreliable. -- Stefan Fritsch Sat, 12 Jan 2008 10:17:09 +0100 apr-util (1.2.12+dfsg-1) unstable; urgency=low [ Stefan Fritsch ] * New upstream version (Closes: #447146) * Fix debian/rules clean * Don't ship .svn directories. (Closes: #431508) * Fix some lintian warnings: - Use ${binary:Version} instead of ${Source-Version}. - Bump standards-version to 3.7.3 (no changes). - Remove empty /usr/share/doc/libapr1.0/. - Don't ignore make clean errors. * Add myself to Uploaders. * Add Vcs info and homepage to debian/control. * Change handling of CFLAGS in debian/rules so that they are actually used. Fixes DEB_BUILD_OPTIONS=debug. [ Tollef Fog Heen ] * Make libaprutil1-dbg Priority: extra to match overrides. [ Peter Samuelson ] * Compile with db 4.6. (Closes: #422465, #429025) * Add watch file. -- Stefan Fritsch Fri, 11 Jan 2008 18:43:17 +0100 apr-util (1.2.7+dfsg-2) unstable; urgency=low * Fix stupid code duplication in apr_md[45].c resulting from C&P. Thanks to Peter Samuelson for notifying me. This makes md[45] work correctly. -- Tollef Fog Heen Fri, 18 Aug 2006 19:50:31 +0200 apr-util (1.2.7+dfsg-1) unstable; urgency=low * Remove dependency on libgdbm1 from libaprutil1-dev. * Build against libdb 4.4. Closes: #354510 * Remove most libs from apu-config --link-ld --libs. Thanks to Peter Samuelson, Closes: #378105 * Use md4 and md5 implementation from Solar Designer as this is in the public domain and not subject to RSA copyright. This requires a repacked source, so add +dfsg to the version number. -- Tollef Fog Heen Fri, 14 Jul 2006 15:31:22 +0200 apr-util (1.2.7-2) unstable; urgency=low * Fix override disparity. * Compile without gdbm. * Get rid of all the evil libtool hacks and adjust build-depends accordingly. * Remove --includedir parameter and adjust config.layout instead. This works around damage in newer autoconfs. -- Tollef Fog Heen Mon, 1 May 2006 17:05:28 +0200 apr-util (1.2.7-1) unstable; urgency=low * New upstream release * Tighten build dependency on apr to a version which ships get-version.sh * Grab get-version.sh from APR build * Pass --with-berkeley-db to configure so it actually picks up our preferred BDB version. -- Tollef Fog Heen Fri, 28 Apr 2006 21:59:55 +0200 apr-util (1.2.2-4) unstable; urgency=low * Compile with -fPIC. Closes: #350677 * Build with -i to avoid .svn directories in source. Closes: #357175 -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 apr-util (1.2.2-3) unstable; urgency=low * Add proper depends to libaprutil1-dev * Rename source package to match upstream. * Rename to libaprutil1 instead of libaprutil1.0 * Use libdb4.3, not 4.2 * Conflict with old package names * Add gdbm support * Fix call to configure to avoid double linking to sqlite and sqlite3 * Update to Standards Version: 3.6.2.2: no changes. * Add apu-config compatibility symlink. -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 apr-util1.0 (1.2.2-2) unstable; urgency=low * Upgrade to debhelper v5 * Call dh_installdocs, so we actually get a copyright. -- Thom May Tue, 3 Jan 2006 13:05:02 +0000 apr-util1.0 (1.2.2-1) unstable; urgency=low * New upstream version * Enable postgres and sqlite3 support -- Thom May Fri, 30 Dec 2005 10:40:03 +0000 apr-util1.0 (1.1.2-1) unstable; urgency=low * New upstream release -- Thom May Sun, 8 May 2005 17:12:22 +0100 apr-util1.0 (1.1.0-1) unstable; urgency=low * New Upstream Release * First Package Release -- Thom May Wed, 17 Nov 2004 11:51:32 -0800