apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via apache's mod_index - debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite apr_fnmatch to have a better time bounds on execution. - CVE-2011-0419 - debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible DoS introduced by patch for CVE-2011-0419. - CVE-2011-1928 * debian/patches/030_thumb2.dpatch; backport disabling process shared mutexes on arm to fix build hang (LP: #599874) -- Steve Beattie Mon, 23 May 2011 12:20:09 -0700 apr (1.3.8-1build1) lucid; urgency=low * No change rebuild to get rid of reference to libuuid.la in libapr-1.la (causes a bunch of FTBFS). -- Loïc Minier Fri, 12 Feb 2010 13:55:23 +0100 apr (1.3.8-1) unstable; urgency=high [ Stefan Fritsch ] * Enable -fstack-protector for arm/armel. A workaround has been added to gcc. [ Peter Samuelson ] * New upstream security release. - Fix CVE-2009-2412, overflow in pool allocations, where size alignment was taking place. -- Peter Samuelson Thu, 06 Aug 2009 13:00:03 -0500 apr (1.3.7-1) unstable; urgency=low * New upstream release. -- Stefan Fritsch Fri, 24 Jul 2009 11:12:20 +0200 apr (1.3.5-2) unstable; urgency=low * Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking them to processes exec'ed by applications that fail to use the apr API correctly (i.e. mod_php). Closes: #366124 * Bump standards-version (no changes). * Override soname lintian warning (too late to change that). -- Stefan Fritsch Tue, 23 Jun 2009 22:15:02 +0200 apr (1.3.5-1) unstable; urgency=low * New upstream version (really) -- Stefan Fritsch Mon, 08 Jun 2009 18:45:15 +0200 apr (1.3.4-1) unstable; urgency=low * New upstream version * Fix FTBFS on hurd (thanks to Marc Dequènes, closes: #530286) - define _GNU_SOURCE earlier - disable tests on hurd for now - Deactivate missing multicast support on Hurd (by removing HAVE_STRUCT_IPMREQ manually). * Omit spurious libs from apr-1-config --libs output (closes: #463399) -- Stefan Fritsch Sun, 07 Jun 2009 21:15:32 +0200 apr (1.3.3-4) unstable; urgency=low [ Ryan Niebur ] * change the -dbg package's section to debug * Fix building with newer libtool, thanks to John Wright for the patch (Closes: #526346) * use a symbols file without apr_socket_sendfile on kfreebsd based architectures, fixing FTBFS (Closes: #520857) * support nocheck in DEB_BUILD_OPTIONS * Debian Policy 3.8.1 [ Stefan Fritsch ] * Force use of bash in the embedded libtool -- Stefan Fritsch Sun, 10 May 2009 10:14:43 +0200 apr (1.3.3-3) unstable; urgency=low * Reduce stack size for the 'testatomic' test since it may otherwise run out of virtual memory on some buildds. This sometimes caused FTBFS on hppa. -- Stefan Fritsch Fri, 27 Feb 2009 14:58:02 +0100 apr (1.3.3-2) unstable; urgency=low [ Ryan Niebur ] * added support for parallel in DEB_BUILD_OPTIONS * add me to Uploaders [ Stefan Fritsch ] * Correct description for libapr1-dbg (closes: #508144). * Work around flock bug on hppa. This fixes the last remaining test failure, testprocmutex (closes: #492295). * Upload to unstable. -- Stefan Fritsch Mon, 23 Feb 2009 22:44:07 +0100 apr (1.3.3-1) experimental; urgency=low * New upstream release. * Not only ignore testsockets but also testsock to fix some more build failures. * Add some debugging output for m68k test problems (#495400). * Add -Wformat to CFLAGS to actually make use of -Wformat-security. -- Stefan Fritsch Fri, 26 Sep 2008 19:52:14 +0200 apr (1.3.2-3) experimental; urgency=low * Add netbase to build-deps to fix testsock test. * Ignore testsockets test only on vservers and if IPv6 is not configured. * Rerun buildconf during package build. This fixes FTBFS on powerpc (because of broken autoconf used by upstream, see #490820). * Remove kfreebsd hack no longer necessary with 1.3.x. -- Stefan Fritsch Mon, 04 Aug 2008 22:50:30 +0200 apr (1.3.2-2) experimental; urgency=low * Make tests more verbose to make debugging FTBFS easier. * Ignore testsock and testsockets tests which seem to fail if IPv6 is not configured. * Change watch file to www.apache.org, which is more reliable than www.eu.apache.org. -- Stefan Fritsch Sun, 27 Jul 2008 10:19:00 +0200 apr (1.3.2-1) experimental; urgency=low [ Ryan Niebur ] * new upstream version * use symbol files [ Stefan Fritsch ] * Upload to experimental -- Stefan Fritsch Wed, 23 Jul 2008 20:49:02 +0200 apr (1.2.12-6) UNRELEASED; urgency=low [ Ryan Niebur ] * Upgraded to policy version 3.8.0 - Added support for noopt in DEB_BUILD_OPTIONS - Added a README.source [ Stefan Fritsch ] * Add upstream homepage to debian/control. -- Ryan Niebur Fri, 27 Jun 2008 14:39:29 -0700 apr (1.2.12-5) unstable; urgency=low * Actually switch to /dev/urandom instead of only adding a non-functional patch. Closes: #501497 -- Stefan Fritsch Wed, 08 Oct 2008 00:06:56 +0200 apr (1.2.12-4) unstable; urgency=medium * Use /dev/urandom instead of /dev/random (like 1.3.* does). * Update watch file to recognize 1.3.*. -- Stefan Fritsch Wed, 18 Jun 2008 23:12:35 +0200 apr (1.2.12-3) unstable; urgency=low * Enable hardening options in a way that does not include them in apr-config, which was a bad idea. * Point to /usr/share/common-licenses instead of including the license in the copyright file. -- Stefan Fritsch Wed, 11 Jun 2008 19:19:52 +0200 apr (1.2.12-2) unstable; urgency=high * Urgency high for RC bug fix. * Do not use -fstack-protector on arm and armel, since it is completely broken (see #469517). Closes: #477772 * Remove unneded libtool build dependency. -- Stefan Fritsch Wed, 30 Apr 2008 20:46:17 +0200 apr (1.2.12-1) unstable; urgency=low * New upstream version. - Remove 020_lfs_ino_t.dpatch now done by upstream configure. Adjust ino_t_test.c to check that this is the same definition of apr_ino_t as we had before. * Enable hardening options: -fstack-protector -Wformat-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro * Disable SCTP for now, in order to get a consistent build result in unclean build environments. * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the uploaders field (thanks for your work). * Fix some lintian warnings: - Bump Standards-Version to 3.7.3 (no changes). - Remove obsolete XS- from VCS tags. - Remove empty /usr/share/doc/libapr1.0 directory. - Provide patch description. * Point VCS tags in debian control to trunk, to make them useful with debcheckout. -- Stefan Fritsch Tue, 01 Apr 2008 22:17:47 +0200 apr (1.2.11-1) unstable; urgency=low * New upstream version (Closes: #441969) * Enable epoll (Closes: #441635). This means we don't support Linux 2.4 kernels anymore. Therefore we can also enable tcp_nodelay_with_cork. * Fix generation of docs (Closes: #413684, #442794) * Don't ship LaTeX source files in .deb * Build with -D_REENTRANT on kfreebsd (Closes: #301417) * Fix FTBFS on hurd because of missing PATH_MAX (Closes: #349418) * Do not build everything twice by using the correct path to config.status in debian/rules * Add myself to Uploaders * Add svn repository information to debian/control -- Stefan Fritsch Thu, 20 Sep 2007 20:56:37 +0200 apr (1.2.9-1) unstable; urgency=low * Acknowledge NMUs - thanks, Andi. [ Peter Samuelson ] * New upstream version. Minor bugfixes, no new features. - Update 015_sendfile_lfs.dpatch - Remove obsolete 099_config_guess_sub_update.dpatch * 020_lfs_ino_t.dpatch: update to support kfreebsd-amd64. Thanks to Petr Salinger. (Closes: #405564) * Standards-Version: 3.7.2 (from 3.6.2.2) - no changes. * Rename Source-Version substvar to binary:Version, for great justice. * libapr1-dev Suggests: python, in case someone wants to use the application build infrastructure in /usr/share/apr-1.0/build. * debian/rules: small cleanups. * Add watch file. * Add myself to Uploaders. -- Peter Samuelson Fri, 22 Jun 2007 14:03:20 -0500 apr (1.2.7-8.2) unstable; urgency=high * Non-maintainer upload. * Apply better working 015_sendfile_lfs.dpatch this time. Again Closes: #396631 -- Andreas Barth Wed, 20 Dec 2006 08:19:19 +0000 apr (1.2.7-8.1) unstable; urgency=high * Non-maintainer upload. * Fix 0-lenght files. Take 015_sendfile_lfs.dpatch from svn for this. Closes: #396631 -- Andreas Barth Sat, 9 Dec 2006 20:39:59 +0000 apr (1.2.7-8) unstable; urgency=low [ Peter Samuelson ] * Small kludge^Wtweak to apr_file_info.h to make the ABI stable across LFS/non-LFS preprocessor flags. (See: #397402) -- Tollef Fog Heen Wed, 15 Nov 2006 00:17:02 +0100 apr (1.2.7-7) unstable; urgency=low * Update rules to ensure we don't turn on features that aren't available on 2.4 kernels for !amd64 kernels. Closes: #392049 -- Tollef Fog Heen Tue, 7 Nov 2006 01:21:27 +0100 apr (1.2.7-6) unstable; urgency=low * Update 011_fix_apr-config to give out the libtool used to build apr with. Fixes Apache 2.2 FTBFS when we remove all the evil libtool hacks there too. * Make -dbg package Priority: extra as per overrides. -- Tollef Fog Heen Wed, 27 Sep 2006 22:16:51 +0200 apr (1.2.7-5) unstable; urgency=low * Add doxygen to build-deps. * Add sendfile hurd patch. Closes: #349416 -- Tollef Fog Heen Wed, 27 Sep 2006 19:32:10 +0200 apr (1.2.7-4) unstable; urgency=low * No longer force apr_lock_method. Closes: #384117 * Use srcdir != builddir. * Add docs to -dev package. Closes: #388146 -- Tollef Fog Heen Wed, 27 Sep 2006 17:26:56 +0200 apr (1.2.7-3) unstable; urgency=low * Fix override disparity * Backport of patch to work around kernel problems with sendfile on 64bit platforms * Update config.{guess,sub} to make libtool happier. This fixes the problem reported in #369881. Closes: #369881. * Remove some of the libtool hacks since they're no longer needed with the newer config.{guess,sub} -- Tollef Fog Heen Mon, 1 May 2006 17:06:37 +0200 apr (1.2.7-2) unstable; urgency=low * Ship get-version.sh too, needed by apr-util. -- Tollef Fog Heen Fri, 28 Apr 2006 22:57:43 +0200 apr (1.2.7-1) unstable; urgency=low * New upstream release. * Add apr-1-config man page. Closes: #357174, thanks to Vincent Danjean for the conversion job. -- Tollef Fog Heen Fri, 28 Apr 2006 19:45:08 +0000 apr (1.2.2-3) unstable; urgency=low * Rename source package to match upstream. * Rename binary packages to libapr1 etc. * Add conflicts for old packages. * libapr1-dev Depends: uuid-dev. * Add uuid-dev to Build-Dep: * Enable non-portable atomics. * Update Standards-Version: no changes. * Add apr-config compatibility symlink. -- Tollef Fog Heen Thu, 26 Jan 2006 12:42:30 +0100 apr1.0 (1.2.2-2) unstable; urgency=low * Up to debhelper v5 * Add call to dh_installdocs; not sure why I was not doing this already. -- Thom May Tue, 3 Jan 2006 13:01:56 +0000 apr1.0 (1.2.2-1) unstable; urgency=low * New upstream release -- Thom May Thu, 29 Dec 2005 17:05:42 +0000 apr1.0 (1.1.1-1) unstable; urgency=low * New upstream release -- Thom May Sun, 8 May 2005 17:12:09 +0100 apr1.0 (1.1.0-1) unstable; urgency=low * New Upstream Release * First Package Release -- Thom May Wed, 17 Nov 2004 11:51:32 -0800