Ubuntu
apr-util package

lp:ubuntu/jaunty-updates/apr-util

  1. Jaunty (9.04)
  2. jaunty-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/jaunty-updates/apr-util
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

16. By Jamie Strandboge

* SECURITY UPDATE: fix integer overflow in libaprutil
  - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
    apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
    size
  - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
  - CVE-2009-2412

15. By Jamie Strandboge

* SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
  - debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
    to properly evaluate strings as unsigned char rather than int
  - CVE-2009-0023
* SECURITY UPDATE: Prevent "billion laughs" attack against expat
  - debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
    internal entity expansion. Also add test case to the internal test
    suite
  - CVE-2009-1955
* SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
  - debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
    vd.vbuff.curpos in buckets/apr_brigade.c
  - CVE-2009-1956

14. By Stefan Fritsch

[ Ryan Niebur ]
* Upgraded to policy version 3.8.0
  - Reference the copyright in common-licenses instead of including it
  - support for noopt in DEB_BUILD_OPTIONS
  - Added a README.source
  - added support for parallel in DEB_BUILD_OPTIONS
* Dropped the XS- prefix for the Vcs fields in debian/control
* Made the watch file notice 1.3.x

[ Stefan Fritsch ]
* Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some
  bugs that can make apache2 hang (closes: #490859).
* Add 'Provides' for the modules that are still included in libaprutil1, but
  will be moved to separate packages with apr-util 1.3.x. This will make
  back-porting packages from lenny+1 to lenny easier.

13. By Stefan Fritsch

Apply hardening build options independently from apr.

12. By Stefan Fritsch

Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for
linking (really closes: #482270).

11. By Stefan Fritsch

Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if
libaprutil links to mysql, applications don't need to do it, too.
(Closes: #482270)

10. By Stefan Fritsch

* Activate mysql support (closes: #395959). This is made possible by php5
  now linking against the threadsafe version of libmysqlclient. Therefore
  add a conflict with older versions of php5-mysql and with php4-mysql.
* Rebuild against apr with hardening options: CFLAGS are taken from apr, set
  LDFLAGS=-Wl,-z,relro explicitly.
* Conflict with apache2 << 2.2.8-1, which used an older version of libldap
  and now segfaults with current libaprutil1+libldap.
* Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the
  uploaders field (thanks for your work).

9. By Stefan Fritsch

* Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency
  medium because this made apache segfault when resuming a file larger than
  4GB.
* Point VCS tags in debian control to trunk, to make them useful with
  debcheckout.

8. By Steve Langasek

No-change rebuild against libldap-2.4-2.

7. By Stefan Fritsch

* Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
  causes problems with sbuild.
* Change server in watch file since www.eu.apache.org is unreliable.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/apr-util
This branch contains Public information 
Everyone can see this information.

Subscribers