Ubuntu
apr package

lp:ubuntu/lucid-security/apr

Lucid (10.04)
lucid-security

Created by James Westby on 2011-05-24 and last modified on 2011-05-24

Get this branch:: bzr branch lp:ubuntu/lucid-security/apr

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

12. By Steve Beattie on 2011-05-23

* SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
  apache's mod_index
  - debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite
    apr_fnmatch to have a better time bounds on execution.
  - CVE-2011-0419
  - debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible
    DoS introduced by patch for CVE-2011-0419.
  - CVE-2011-1928
* debian/patches/030_thumb2.dpatch; backport disabling process shared
  mutexes on arm to fix build hang (LP: #599874)

11. By Loïc Minier on 2010-02-12

No change rebuild to get rid of reference to libuuid.la in libapr-1.la
(causes a bunch of FTBFS).

10. By Peter Samuelson <email address hidden> on 2009-08-06

[ Stefan Fritsch ]
* Enable -fstack-protector for arm/armel. A workaround has been added to
gcc.

[ Peter Samuelson ]
* New upstream security release.
- Fix CVE-2009-2412, overflow in pool allocations, where size
alignment was taking place.

9. By Stefan Fritsch on 2009-07-24

New upstream release.

8. By Stefan Fritsch on 2009-06-23

* Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking
them to processes exec'ed by applications that fail to use the apr API
correctly (i.e. mod_php). Closes: #366124
* Bump standards-version (no changes).
* Override soname lintian warning (too late to change that).

7. By Stefan Fritsch on 2009-05-10

[ Ryan Niebur ]
* change the -dbg package's section to debug
* Fix building with newer libtool, thanks to John Wright for the patch
(Closes: #526346)
* use a symbols file without apr_socket_sendfile on kfreebsd based
architectures, fixing FTBFS (Closes: #520857)
* support nocheck in DEB_BUILD_OPTIONS
* Debian Policy 3.8.1

[ Stefan Fritsch ]
* Force use of bash in the embedded libtool

6. By Michael Casadevall on 2009-05-05

* debian/patches/025_force_buildconf_to_call_autoreconf.dpatch
  - As part of APR's build process, it calls autoconf automatically. This
    patch forces that call to autoreconf, which forces macros to be updated
    and updates libtool properly, resolving an FTBFS on karmic. (LP: #372068)
* debian/control:
  - Added automake to the build-deps for aclocal

5. By Stefan Fritsch on 2009-02-27

Reduce stack size for the 'testatomic' test since it may otherwise run out
of virtual memory on some buildds. This sometimes caused FTBFS on hppa.

4. By Stefan Fritsch on 2008-10-08

Actually switch to /dev/urandom instead of only adding a non-functional
patch. Closes: #501497

3. By Andreas Barth <email address hidden> on 2006-12-20

* Non-maintainer upload.
* Apply better working 015_sendfile_lfs.dpatch this time.
Again Closes: #396631

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/oneiric/apr

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntuapr package