apr-util (1.2.12+dfsg-3ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow in libaprutil
    - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
      apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
      size
    - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
    - CVE-2009-2412

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 07 Aug 2009 12:28:25 -0500

apr-util (1.2.12+dfsg-3ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
    - debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
      to properly evaluate strings as unsigned char rather than int
    - CVE-2009-0023
  * SECURITY UPDATE: Prevent "billion laughs" attack against expat
    - debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
      internal entity expansion. Also add test case to the internal test
      suite
    - CVE-2009-1955
  * SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
    - debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
      vd.vbuff.curpos in buckets/apr_brigade.c
    - CVE-2009-1956

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 09 Jun 2009 11:47:52 -0500

apr-util (1.2.12+dfsg-3) unstable; urgency=medium

  * Fix integer overflow in apr_brigade_partition on 32bit systems.  Urgency
    medium because this made apache segfault when resuming a file larger than
    4GB.
  * Point VCS tags in debian control to trunk, to make them useful with
    debcheckout.

 -- Stefan Fritsch <sf@debian.org>  Fri, 29 Feb 2008 20:59:49 +0100

apr-util (1.2.12+dfsg-2) unstable; urgency=low

  * Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
    causes problems with sbuild.
  * Change server in watch file since www.eu.apache.org is unreliable.

 -- Stefan Fritsch <sf@debian.org>  Sat, 12 Jan 2008 10:17:09 +0100

apr-util (1.2.12+dfsg-1) unstable; urgency=low

  [ Stefan Fritsch ]
  * New upstream version (Closes: #447146)
  * Fix debian/rules clean
  * Don't ship .svn directories. (Closes: #431508)
  * Fix some lintian warnings:
    - Use ${binary:Version} instead of ${Source-Version}.
    - Bump standards-version to 3.7.3 (no changes).
    - Remove empty /usr/share/doc/libapr1.0/.
    - Don't ignore make clean errors.
  * Add myself to Uploaders.
  * Add Vcs info and homepage to debian/control.
  * Change handling of CFLAGS in debian/rules so that they are actually used.
    Fixes DEB_BUILD_OPTIONS=debug.

  [ Tollef Fog Heen ]
  * Make libaprutil1-dbg Priority: extra to match overrides.

  [ Peter Samuelson ]
  * Compile with db 4.6.  (Closes: #422465, #429025)
  * Add watch file.

 -- Stefan Fritsch <sf@debian.org>  Fri, 11 Jan 2008 18:43:17 +0100

apr-util (1.2.7+dfsg-2) unstable; urgency=low

  * Fix stupid code duplication in apr_md[45].c resulting from C&P.
    Thanks to Peter Samuelson for notifying me.  This makes md[45] work
    correctly.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 18 Aug 2006 19:50:31 +0200

apr-util (1.2.7+dfsg-1) unstable; urgency=low

  * Remove dependency on libgdbm1 from libaprutil1-dev.
  * Build against libdb 4.4.  Closes: #354510
  * Remove most libs from apu-config --link-ld --libs.  Thanks to Peter
    Samuelson, Closes: #378105
  * Use md4 and md5 implementation from Solar Designer as this is in the
    public domain and not subject to RSA copyright.  This requires a
    repacked source, so add +dfsg to the version number.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 14 Jul 2006 15:31:22 +0200

apr-util (1.2.7-2) unstable; urgency=low

  * Fix override disparity.
  * Compile without gdbm.
  * Get rid of all the evil libtool hacks and adjust build-depends
    accordingly.
  * Remove --includedir parameter and adjust config.layout instead.  This
    works around damage in newer autoconfs.

 -- Tollef Fog Heen <tfheen@debian.org>  Mon,  1 May 2006 17:05:28 +0200

apr-util (1.2.7-1) unstable; urgency=low

  * New upstream release
  * Tighten build dependency on apr to a version which ships
    get-version.sh
  * Grab get-version.sh from APR build
  * Pass --with-berkeley-db to configure so it actually picks up our
    preferred BDB version.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 28 Apr 2006 21:59:55 +0200

apr-util (1.2.2-4) unstable; urgency=low

  * Compile with -fPIC.  Closes: #350677
  * Build with -i to avoid .svn directories in source.  Closes: #357175

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 27 Jan 2006 18:50:04 +0100

apr-util (1.2.2-3) unstable; urgency=low

  * Add proper depends to libaprutil1-dev
  * Rename source package to match upstream.
  * Rename to libaprutil1 instead of libaprutil1.0
  * Use libdb4.3, not 4.2
  * Conflict with old package names
  * Add gdbm support
  * Fix call to configure to avoid double linking to sqlite and sqlite3
  * Update to Standards Version: 3.6.2.2: no changes.
  * Add apu-config compatibility symlink.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 27 Jan 2006 18:50:04 +0100

apr-util1.0 (1.2.2-2) unstable; urgency=low

  * Upgrade to debhelper v5
  * Call dh_installdocs, so we actually get a copyright.

 -- Thom May <thom@debian.org>  Tue,  3 Jan 2006 13:05:02 +0000

apr-util1.0 (1.2.2-1) unstable; urgency=low

  * New upstream version
  * Enable postgres and sqlite3 support

 -- Thom May <thom@debian.org>  Fri, 30 Dec 2005 10:40:03 +0000

apr-util1.0 (1.1.2-1) unstable; urgency=low

  * New upstream release

 -- Thom May <thom@debian.org>  Sun,  8 May 2005 17:12:22 +0100

apr-util1.0 (1.1.0-1) unstable; urgency=low

  * New Upstream Release
  * First Package Release

 -- Thom May <thom@debian.org>  Wed, 17 Nov 2004 11:51:32 -0800