lp:ubuntu/intrepid-updates/apr-util
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/apr-util
Branch merges
Branch information
Recent revisions
- 15. By Jamie Strandboge
-
* SECURITY UPDATE: fix integer overflow in libaprutil
- debian/patches/ 020_CVE- 2009-2412. patch: adjust apr_rmm_malloc,
apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
size
- http://www.apache. org/dist/ apr/patches/ apr-util- 1.x-CVE- 2009-2412. patch
- CVE-2009-2412 - 14. By Jamie Strandboge
-
* SECURITY UPDATE: Fix underflow in apr_strmatch_
precompile
- debian/patches/ 017_CVE- 2009-0023. dpatch: adjust strmatch/ apr_strmatch. c
to properly evaluate strings as unsigned char rather than int
- CVE-2009-0023
* SECURITY UPDATE: Prevent "billion laughs" attack against expat
- debian/patches/ 018_CVE- 2009-1955. dpatch: adjust xml/apr_xml.c to disable
internal entity expansion. Also add test case to the internal test
suite
- CVE-2009-1955
* SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
- debian/patches/ 019_CVE- 2009-1956. dpatch: don't add null terminator to
vd.vbuff.curpos in buckets/apr_brigade. c
- CVE-2009-1956 - 12. By Stefan Fritsch
-
Make libaprutil1-dev depend on libmysqlclient1
5-dev. Libtool needs it for
linking (really closes: #482270). - 11. By Stefan Fritsch
-
Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if
libaprutil links to mysql, applications don't need to do it, too.
(Closes: #482270) - 10. By Stefan Fritsch
-
* Activate mysql support (closes: #395959). This is made possible by php5
now linking against the threadsafe version of libmysqlclient. Therefore
add a conflict with older versions of php5-mysql and with php4-mysql.
* Rebuild against apr with hardening options: CFLAGS are taken from apr, set
LDFLAGS=-Wl,-z, relro explicitly.
* Conflict with apache2 << 2.2.8-1, which used an older version of libldap
and now segfaults with current libaprutil1+libldap.
* Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the
uploaders field (thanks for your work). - 9. By Stefan Fritsch
-
* Fix integer overflow in apr_brigade_
partition on 32bit systems. Urgency
medium because this made apache segfault when resuming a file larger than
4GB.
* Point VCS tags in debian control to trunk, to make them useful with
debcheckout. - 7. By Stefan Fritsch
-
* Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
causes problems with sbuild.
* Change server in watch file since www.eu.apache.org is unreliable. - 6. By Martin Pitt
-
* debian/control: libdb 4.4 -> 4.6. (Debian #422465)
* Modify Maintainer value to match the DebianMaintainerField
specification.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/apr-util