Ubuntu

Change log for “apr-util” package in Ubuntu

146 of 46 results
Published in trusty-release on 2013-12-10
Deleted in trusty-proposed (Reason: moved to release)
apr-util (1.5.3-1) unstable; urgency=low


  * New upstream version.
  * When querying the berkley db version, strip the epoch from the
    version number.

 -- Stefan Fritsch <email address hidden>  Sun, 24 Nov 2013 14:21:14 +0100
Superseded in trusty-release on 2013-12-10
Deleted in trusty-proposed on 2013-12-11 (Reason: moved to release)
apr-util (1.5.2-2ubuntu1) trusty; urgency=low

  * Strip off any garbage before the first part of the DB version, so
    we don't FTBFS when libdb-dev has an epoch, as it currently does.
 -- Adam Conrad <email address hidden>   Thu, 07 Nov 2013 03:15:02 -0700
Superseded in trusty-proposed on 2013-11-07
apr-util (1.5.2-2) unstable; urgency=low


  * Remove dbd-freetds driver because it has security issues.
  * Switch build system to dh.
  * Bump Standards-Version (no additional changes).
  * Support multi-arch.
  * Adjust dependencies to a multi-arch enabled apr.
  * Speed up build by not searching for lots of berkley db versions that
    are not installed. Closes: #717327

 -- Stefan Fritsch <email address hidden>  Wed, 06 Nov 2013 22:27:45 +0100
Superseded in trusty-release on 2013-11-07
Deleted in trusty-proposed on 2013-11-09 (Reason: moved to release)
apr-util (1.5.2-1build1) trusty; urgency=low

  * No change rebuild against db 5.3.
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 01 Nov 2013 23:07:02 +0000
Superseded in trusty-release on 2013-11-01
Published in saucy-release on 2013-05-06
Deleted in saucy-proposed (Reason: moved to release)
apr-util (1.5.2-1) unstable; urgency=low


  * New upstream release.
  * Ship find_apu.m4 in libaprutil1-dev. Closes: #699327

 -- Stefan Fritsch <email address hidden>  Sun, 05 May 2013 15:43:34 +0200

Available diffs

Superseded in saucy-release on 2013-05-06
Published in raring-release on 2012-10-18
Published in quantal-release on 2012-09-19
apr-util (1.4.1-3) unstable; urgency=low


  * Fix apr_password_validate() to work with sha512-crypt hashes.
    Closes: #684268

 -- Stefan Fritsch <email address hidden>  Wed, 15 Aug 2012 20:10:55 +0200

Available diffs

Superseded in quantal-release on 2012-09-19
apr-util (1.4.1-2) unstable; urgency=low


  * Remove obsolete version on binutils dependency. Closes: #666260
  * Re-enable test suite on hurd. Closes: #657043
  * Switch VCS to git
  * Switch to packaging format "3.0 quilt", remove dpatch. Thanks to Jari
    Aalto for the patch. Closes: #664307
  * Update to Standards-Version to 3.9.3 (no changes)
  * Bump to debhelper 9.
  * Remove obsolete workaround for #651147, ldap detection is fixed in 1.4.x
  * Fix lintian warnings
    - use dh_prep
    - omit driver libraries from symbol files
    - add build-arch and build-indep targets

 -- Stefan Fritsch <email address hidden>  Sun, 20 May 2012 22:14:38 +0200

Available diffs

Superseded in quantal-release on 2012-05-24
apr-util (1.4.1-1) unstable; urgency=low


  * New upstream release
  * Build new apr_crypto API (using openssl).
  * Stop repacking the source tarball to remove the MD4/MD5 implementations
    derived from RSA's code. RSA has released a statement that revised the
    conditions of use for this code. Debian uses the code according to the
    conditions from this statement, which is now included in the copyright
    file of the Debian package.

 -- Stefan Fritsch <email address hidden>  Sun, 08 Jan 2012 20:44:17 +0100
Superseded in quantal-release on 2012-04-30
Published in precise-release on 2011-12-18
apr-util (1.3.12+dfsg-3) unstable; urgency=low

  * Add workaround for ldap detection problem, to fix FTBFS with gcc 4.6.
    Closes: #651147
  * Remove Tollef Fog Heen and Ryan Niebur from uploaders. Thanks for your
    work in the past.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Sun,  18 Dec 2011 22:33:05 +0000
Superseded in precise-release on 2011-12-18
apr-util (1.3.12+dfsg-2build1) precise; urgency=low

  * Rebuild for libmysqlclient transition
 -- Clint Byrum <email address hidden>   Wed, 23 Nov 2011 07:53:59 -0800
Superseded in precise-release on 2011-11-23
Published in oneiric-release on 2011-05-25
apr-util (1.3.12+dfsg-2) unstable; urgency=low

  * Fix unsafe pool usage in apr_thread_pool. This hopefully fixes the
    occasional testreslist failures.

Superseded in oneiric-release on 2011-05-25
apr-util (1.3.10+dfsg-2ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Build with -O2 on ppc64.
  * Dropped changes, superseded in Debian:
    - empty out dependency_libs from the .la files, per policy 10.2.

Superseded in oneiric-release on 2011-05-21
Obsolete in natty-release on 2013-06-04
apr-util (1.3.9+dfsg-5ubuntu3) natty; urgency=low

  * debian/rules: fix the sed call so that the package actually builds.
 -- Steve Langasek <email address hidden>   Mon, 21 Mar 2011 14:02:34 -0700
Superseded in natty-release on 2011-03-21
apr-util (1.3.9+dfsg-5ubuntu2) natty; urgency=low

  * debian/rules: empty out dependency_libs from the .la files, per policy
    10.2.
 -- Steve Langasek <email address hidden>   Mon, 21 Mar 2011 13:07:39 -0700
Superseded in natty-release on 2011-03-21
apr-util (1.3.9+dfsg-5ubuntu1) natty; urgency=low

  * Build with -O2 on ppc64.
 -- Matthias Klose <email address hidden>   Wed, 16 Mar 2011 15:40:01 +0100

Available diffs

Published in hardy-updates on 2010-11-25
Published in hardy-security on 2010-11-25
apr-util (1.2.12+dfsg-3ubuntu0.3) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via memory leak in
    apr_brigade_split_line function.
    - debian/patches/021_CVE-2010-1623.dpatch: properly destroy bucket in
      buckets/apr_brigade.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 09:48:13 -0500
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
apr-util (1.3.9+dfsg-1ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via memory leak in
    apr_brigade_split_line function.
    - debian/patches/016_CVE-2010-1623.dpatch: properly destroy bucket in
      buckets/apr_brigade.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 09:46:01 -0500
Published in lucid-updates on 2010-11-25
Published in lucid-security on 2010-11-25
apr-util (1.3.9+dfsg-3ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via memory leak in
    apr_brigade_split_line function.
    - debian/patches/016_CVE-2010-1623.dpatch: properly destroy bucket in
      buckets/apr_brigade.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 09:39:05 -0500
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
apr-util (1.3.9+dfsg-3ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via memory leak in
    apr_brigade_split_line function.
    - debian/patches/016_CVE-2010-1623.dpatch: properly destroy bucket in
      buckets/apr_brigade.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 09:39:05 -0500
Superseded in natty-release on 2011-03-16
apr-util (1.3.9+dfsg-5) unstable; urgency=low

  * Backports from 1.3.10:
    - apr_thread_pool: Fix some potential deadlock situations.  PR 49709.
    - apr_thread_pool_create: Fix pool corruption caused by multithreaded
      use of the pool when multiple initial threads are created.  PR 47843.
    - apr_thread_pool_create: Only set the output variable on success.

Superseded in natty-release on 2010-10-15
Obsolete in maverick-release on 2013-03-05
Published in lucid-release on 2010-03-25
apr-util (1.3.9+dfsg-3build1) lucid; urgency=low

  * No-change rebuild to remove reference to non-existent libuuid.la
    from libaprutil-1.la (LP: #525629).
 -- Ilya Barygin <email address hidden>   Mon, 22 Feb 2010 11:17:48 +0300

Available diffs

Superseded in lucid-release on 2010-03-25
apr-util (1.3.9+dfsg-3) unstable; urgency=low

  * Update to db4.8 (closes: #550443)
  * Bump standards-version:
    - Use DEB_*_ARCH_* where applicable

Superseded in lucid-release on 2009-11-24
Obsolete in karmic-release on 2013-03-04
apr-util (1.3.9+dfsg-1ubuntu1) karmic; urgency=low

  * Remove obsolete libmysqlclient15off dependency. Update libaprutil1-dev
    dependency to libmysqlclient-dev.

 -- Mathias Gug <email address hidden>   Mon, 17 Aug 2009 17:00:58 -0400

Available diffs

Superseded in karmic-release on 2009-08-17
apr-util (1.3.9+dfsg-1) unstable; urgency=high

  [ Stefan Fritsch ]
  * Enable -fstack-protector for arm/armel. A workaround has been added to
    gcc.
  * Remove obsolete libmysqlclient15off dependency. Update build-dep to
    libmysqlclient-dev.

  [ Peter Samuelson ]
  * New upstream security release.
    - Fix CVE-2009-2412, overflow in RMM allocations due to alignment.
  * Add myself to Uploaders.

Available diffs

Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
apr-util (1.2.12+dfsg-8ubuntu0.3) jaunty-security; urgency=low

  * SECURITY UPDATE: fix integer overflow in libaprutil
    - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
      apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
      size
    - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
    - CVE-2009-2412

 -- Jamie Strandboge <email address hidden>   Fri, 07 Aug 2009 12:42:06 -0500
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
apr-util (1.2.12+dfsg-7ubuntu0.3) intrepid-security; urgency=low

  * SECURITY UPDATE: fix integer overflow in libaprutil
    - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
      apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
      size
    - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
    - CVE-2009-2412

 -- Jamie Strandboge <email address hidden>   Fri, 07 Aug 2009 12:49:53 -0500
Superseded in hardy-updates on 2010-11-25
Superseded in hardy-security on 2010-11-25
apr-util (1.2.12+dfsg-3ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow in libaprutil
    - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
      apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
      size
    - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
    - CVE-2009-2412

 -- Jamie Strandboge <email address hidden>   Fri, 07 Aug 2009 12:28:25 -0500
Superseded in hardy-updates on 2009-08-08
Superseded in hardy-security on 2009-08-08
apr-util (1.2.12+dfsg-3ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
    - debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
      to properly evaluate strings as unsigned char rather than int
    - CVE-2009-0023
  * SECURITY UPDATE: Prevent "billion laughs" attack against expat
    - debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
      internal entity expansion. Also add test case to the internal test
      suite
    - CVE-2009-1955
  * SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
    - debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
      vd.vbuff.curpos in buckets/apr_brigade.c
    - CVE-2009-1956

 -- Jamie Strandboge <email address hidden>   Tue, 09 Jun 2009 11:47:52 -0500
Superseded in intrepid-updates on 2009-08-08
Superseded in intrepid-security on 2009-08-08
apr-util (1.2.12+dfsg-7ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
    - debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
      to properly evaluate strings as unsigned char rather than int
    - CVE-2009-0023
  * SECURITY UPDATE: Prevent "billion laughs" attack against expat
    - debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
      internal entity expansion. Also add test case to the internal test
      suite
    - CVE-2009-1955
  * SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
    - debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
      vd.vbuff.curpos in buckets/apr_brigade.c
    - CVE-2009-1956

 -- Jamie Strandboge <email address hidden>   Tue, 09 Jun 2009 11:45:43 -0500
Superseded in jaunty-updates on 2009-08-08
Superseded in jaunty-security on 2009-08-08
apr-util (1.2.12+dfsg-8ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
    - debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
      to properly evaluate strings as unsigned char rather than int
    - CVE-2009-0023
  * SECURITY UPDATE: Prevent "billion laughs" attack against expat
    - debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
      internal entity expansion. Also add test case to the internal test
      suite
    - CVE-2009-1955
  * SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
    - debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
      vd.vbuff.curpos in buckets/apr_brigade.c
    - CVE-2009-1956

 -- Jamie Strandboge <email address hidden>   Tue, 09 Jun 2009 11:17:47 -0500
Superseded in karmic-release on 2009-08-15
apr-util (1.3.7+dfsg-1) unstable; urgency=high

  * New upstream version:
    - CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
      remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
    - Fix DoS vulnerability (memory consumption) in handling of internal xml
      entities.
  * Disable test suite on hurd for now (closes: #530287).
  * Override lintian warning about soname.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  08 Jun 2009 10:59:23 +0100

Available diffs

Superseded in karmic-release on 2009-06-08
apr-util (1.3.4+dfsg-2) unstable; urgency=low

  [ Ryan Niebur ]
  * move the versioned libmysqlclient15off dependency from libaprutil1
    to libaprutil1-dbd-mysql (Closes: #481976)

  [ Stefan Fritsch ]
  * Add workaround to fix FTBFS when doing parallel build (closes: #527812)
  * Add "Breaks: apache2.2-common << 2.2.11-3", to make upgrades from lenny
    to squeeze less noisy.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  11 May 2009 12:07:26 +0100

Available diffs

Superseded in karmic-release on 2009-05-11
apr-util (1.3.4+dfsg-1) unstable; urgency=low

  [ Ryan Niebur ]
  * New upstream version
  * add me to Uploaders
  * add repack.sh
  * update to libdb4.7-dev (Closes: #519818)
  * Debian policy 3.8.1
  * remove *.dirs, they're not needed
  * lintian overrides for the symbols file depending on different
    packages, we have those "unusual circumstances" :)
    - debhelper 6 (needed for dh_lintian)
  * remove build/apr_common.m4 in the clean target, it gets modified
    during build and is automatically generated
  * switch the libaprutil1-dbg package to the debug section
  * don't output ldap libs by default from apu-config
  * upload to unstable this time

  [ Stefan Fritsch ]
  * Fix description for libaprutil1-dbg (closes: #508145).
  * Recognize DEB_BUILD_OPTIONS=nocheck in addition to notest (closes: #515352).
  * Make dpkg-shlibdeps automatically generate the needed dependencies for
    programs that use apr_ldap_init() or apr_dbd_init().
    For dbd, we will genreate an ORed dependency on all libaprutil1-dbd-*
    packages, using libaprutil1-dbd-mysql as default.

Available diffs

Superseded in karmic-release on 2009-04-28
Obsolete in jaunty-release on 2013-02-28
apr-util (1.2.12+dfsg-8) unstable; urgency=low

  [ Ryan Niebur ]
  * Upgraded to policy version 3.8.0
    - Reference the copyright in common-licenses instead of including it
    - support for noopt in DEB_BUILD_OPTIONS
    - Added a README.source
    - added support for parallel in DEB_BUILD_OPTIONS
  * Dropped the XS- prefix for the Vcs fields in debian/control
  * Made the watch file notice 1.3.x

  [ Stefan Fritsch ]
  * Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some
    bugs that can make apache2 hang (closes: #490859).
  * Add 'Provides' for the modules that are still included in libaprutil1, but
    will be moved to separate packages with apr-util 1.3.x. This will make
    back-porting packages from lenny+1 to lenny easier.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  04 Nov 2008 21:12:04 +0000

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
apr-util (1.2.12+dfsg-7) unstable; urgency=medium

  * Apply hardening build options independently from apr.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  21 Jun 2008 23:12:44 +0100

Available diffs

Superseded in intrepid-release on 2008-06-21
apr-util (1.2.12+dfsg-6) unstable; urgency=low

  * Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for
    linking (really closes: #482270).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  27 May 2008 20:39:37 +0100
Superseded in intrepid-release on 2008-05-27
apr-util (1.2.12+dfsg-5) unstable; urgency=low

  * Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if
    libaprutil links to mysql, applications don't need to do it, too.
    (Closes: #482270)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  26 May 2008 12:51:44 +0100
Superseded in intrepid-release on 2008-05-26
apr-util (1.2.12+dfsg-4) unstable; urgency=low

  * Activate mysql support (closes: #395959). This is made possible by php5
    now linking against the threadsafe version of libmysqlclient. Therefore
    add a conflict with older versions of php5-mysql and with php4-mysql.
  * Rebuild against apr with hardening options: CFLAGS are taken from apr, set
    LDFLAGS=-Wl,-z,relro explicitly.
  * Conflict with apache2 << 2.2.8-1, which used an older version of libldap
    and now segfaults with current libaprutil1+libldap.
  * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the
    uploaders field (thanks for your work).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  19 May 2008 07:39:28 +0100
Superseded in intrepid-release on 2008-05-19
Published in hardy-release on 2008-04-04
apr-util (1.2.12+dfsg-3) unstable; urgency=medium

  * Fix integer overflow in apr_brigade_partition on 32bit systems.  Urgency
    medium because this made apache segfault when resuming a file larger than
    4GB.
  * Point VCS tags in debian control to trunk, to make them useful with
    debcheckout.

 -- Daniel Hahler <email address hidden>   Fri,  04 Apr 2008 11:32:19 +0100
Superseded in hardy-release on 2008-04-04
apr-util (1.2.12+dfsg-2build1) hardy; urgency=low

  * No-change rebuild against libldap-2.4-2.

 -- Steve Langasek <email address hidden>   Wed, 23 Jan 2008 11:48:58 +0000
Superseded in hardy-release on 2008-01-23
apr-util (1.2.12+dfsg-2) unstable; urgency=low

  * Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
    causes problems with sbuild.
  * Change server in watch file since www.eu.apache.org is unreliable.

Superseded in hardy-release on 2008-01-15
apr-util (1.2.7+dfsg-2ubuntu1) hardy; urgency=low

  * debian/control: libdb 4.4 -> 4.6. (Debian #422465)
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Martin Pitt <email address hidden>   Wed, 02 Jan 2008 17:29:07 +0100
Superseded in hardy-release on 2008-01-03
Obsolete in gutsy-release on 2011-09-16
Obsolete in feisty-release on 2009-08-20
apr-util (1.2.7+dfsg-2build1) feisty; urgency=low

  * No-change upload for the libpq4->libpq5 transition.

 -- Martin Pitt <email address hidden>   Tue,  9 Jan 2007 10:37:19 +0100
Superseded in feisty-release on 2007-01-15
Superseded in feisty-release on 2006-12-19
apr-util (1.2.7+dfsg-2) unstable; urgency=low

  * Fix stupid code duplication in apr_md[45].c resulting from C&P.
    Thanks to Peter Samuelson for notifying me.  This makes md[45] work
    correctly.

Superseded in feisty-release on 2006-11-08
Obsolete in edgy-release on 2008-06-19
apr-util (1.2.7-2) unstable; urgency=low

  * Fix override disparity.
  * Compile without gdbm.
  * Get rid of all the evil libtool hacks and adjust build-depends
    accordingly.
  * Remove --includedir parameter and adjust config.layout instead.  This
    works around damage in newer autoconfs.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  19 Jun 2006 10:26:00 +0100
Superseded in edgy-release on 2006-06-19
apr-util (1.2.7-1) unstable; urgency=low

  * New upstream release
  * Tighten build dependency on apr to a version which ships
    get-version.sh
  * Grab get-version.sh from APR build
  * Pass --with-berkeley-db to configure so it actually picks up our
    preferred BDB version.

146 of 46 results