apr-util (1.6.1-4+deb10u1) buster-security; urgency=medium
* Non-maintainer upload by the LTS team.
* CVE-2022-25147: Integer Overflow or Wraparound vulnerability
in apr_base64().
-- Adrian Bunk <bunk@debian.org> Tue, 21 Feb 2023 18:59:52 +0200
apr-util (1.6.1-4) unstable; urgency=medium
* Fix libaprutil1-dbd-mysql with mariadb 10.3. Closes: #926400
-- Stefan Fritsch <sf@debian.org> Sun, 21 Apr 2019 09:39:02 +0200
apr-util (1.6.1-3) unstable; urgency=medium
[ Stefan Fritsch ]
* Migrate from alioth to salsa
[ Matthias Klose ]
* Drop build dependency on libpcre3-dev. Closes: #909077. LP: #1792544.
-- Stefan Fritsch <sf@debian.org> Tue, 18 Sep 2018 21:14:24 +0200
apr-util (1.6.1-2) unstable; urgency=medium
* Avoid empty build target, fixes FTBFS. Thanks to Niels Thykier for the
patch. Closes: #890108
* Fix handling of gdbm_errno in gdbm driver. Closes: #889170
* Bump debhelper compat level to 11 and drop deprecated autotools-dev
sequence. Thanks to Niels Thykier for the patch.
* Bump Standards-Version (no changes)
* Fix mysql/mariadb header detection, broken since 1.5.3-3.
* Include NOTICE file in packages, as required by license.
-- Stefan Fritsch <sf@debian.org> Sun, 25 Feb 2018 12:40:36 +0100
apr-util (1.6.1-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.
Closes: #879996
-- Stefan Fritsch <sf@debian.org> Mon, 06 Nov 2017 19:48:34 +0100
apr-util (1.6.0-2) unstable; urgency=medium
* Switch off FULL_PATH_NAMES in doxygen to make builds reproducible.
* Bump Standards-Version:
- remove "Priority: extra" in control
-- Stefan Fritsch <sf@debian.org> Fri, 11 Aug 2017 17:49:25 +0200
apr-util (1.6.0-1) unstable; urgency=medium
* New upstream release
* Remove Peter Samuelson from uploaders. Thanks for your work in the past.
Closes: #852221
-- Stefan Fritsch <sf@debian.org> Fri, 04 Aug 2017 21:37:03 +0200
apr-util (1.5.4-3) unstable; urgency=medium
[ Helmut Grohne ]
* Fix unsatisfiable cross Build-Depends: (Closes: #840892)
+ Drop binutils from Build-Depends as it is build-essential.
+ Annotate Build-Depends: python with :any.
[ Stefan Fritsch ]
* Enable support for gdbm. Closes: #843206
* Switch build-depends to default-libmysqlclient-dev. Closes: #845823
-- Stefan Fritsch <sf@debian.org> Fri, 09 Dec 2016 18:19:55 +0100
apr-util (1.5.4-2) unstable; urgency=medium
[ Jean-Michel Vourgère ]
* d/watch: Check gpg signature of upstream source.
* Update Vcs-Browser: address.
[ Stefan Fritsch ]
* Bump standards version. No changes needed.
* Backport support for openssl 1.1 from upstream 1.5.x branch.
Closes: #828237
-- Stefan Fritsch <sf@debian.org> Thu, 14 Jul 2016 12:00:56 +0200
apr-util (1.5.4-1) unstable; urgency=medium
* New upstream release
* Remove dependencies on libpcre3-dev, libsqlite3-dev, libpq-dev,
and libmysqlclient-dev in libaprutil1-dev. They are no longer
necessary. Closes: #757140
* Bump standards version. No changes needed.
-- Stefan Fritsch <sf@debian.org> Sat, 04 Oct 2014 14:19:46 +0200
apr-util (1.5.3-3) unstable; urgency=medium
* Allow building with libmariadbclient-dev instead of
libmysqlclient-dev. Closes: #759158
* Update Vcs-Git URL in control file.
-- Stefan Fritsch <sf@debian.org> Mon, 25 Aug 2014 22:10:38 +0200
apr-util (1.5.3-2) unstable; urgency=medium
* Fix FTBFS with make 4.0. Closes: #748369
-- Stefan Fritsch <sf@debian.org> Thu, 29 May 2014 16:52:08 +0200
apr-util (1.5.3-1) unstable; urgency=low
* New upstream version.
* When querying the berkley db version, strip the epoch from the
version number.
-- Stefan Fritsch <sf@debian.org> Sun, 24 Nov 2013 14:21:14 +0100
apr-util (1.5.2-2) unstable; urgency=low
* Remove dbd-freetds driver because it has security issues.
* Switch build system to dh.
* Bump Standards-Version (no additional changes).
* Support multi-arch.
* Adjust dependencies to a multi-arch enabled apr.
* Speed up build by not searching for lots of berkley db versions that
are not installed. Closes: #717327
-- Stefan Fritsch <sf@debian.org> Wed, 06 Nov 2013 22:27:45 +0100
apr-util (1.5.2-1) unstable; urgency=low
* New upstream release.
* Ship find_apu.m4 in libaprutil1-dev. Closes: #699327
-- Stefan Fritsch <sf@debian.org> Sun, 05 May 2013 15:43:34 +0200
apr-util (1.4.1-3) unstable; urgency=low
* Fix apr_password_validate() to work with sha512-crypt hashes.
Closes: #684268
-- Stefan Fritsch <sf@debian.org> Wed, 15 Aug 2012 20:10:55 +0200
apr-util (1.4.1-2) unstable; urgency=low
* Remove obsolete version on binutils dependency. Closes: #666260
* Re-enable test suite on hurd. Closes: #657043
* Switch VCS to git
* Switch to packaging format "3.0 quilt", remove dpatch. Thanks to Jari
Aalto for the patch. Closes: #664307
* Update to Standards-Version to 3.9.3 (no changes)
* Bump to debhelper 9.
* Remove obsolete workaround for #651147, ldap detection is fixed in 1.4.x
* Fix lintian warnings
- use dh_prep
- omit driver libraries from symbol files
- add build-arch and build-indep targets
-- Stefan Fritsch <sf@debian.org> Sun, 20 May 2012 22:14:38 +0200
apr-util (1.4.1-1) unstable; urgency=low
* New upstream release
* Build new apr_crypto API (using openssl).
* Stop repacking the source tarball to remove the MD4/MD5 implementations
derived from RSA's code. RSA has released a statement that revised the
conditions of use for this code. Debian uses the code according to the
conditions from this statement, which is now included in the copyright
file of the Debian package.
-- Stefan Fritsch <sf@debian.org> Sun, 08 Jan 2012 20:44:17 +0100
apr-util (1.3.12+dfsg-3) unstable; urgency=high
* Add workaround for ldap detection problem, to fix FTBFS with gcc 4.6.
Closes: #651147
* Remove Tollef Fog Heen and Ryan Niebur from uploaders. Thanks for your
work in the past.
-- Stefan Fritsch <sf@debian.org> Wed, 07 Dec 2011 20:25:16 +0100
apr-util (1.3.12+dfsg-2) unstable; urgency=low
* Fix unsafe pool usage in apr_thread_pool. This hopefully fixes the
occasional testreslist failures.
-- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 20:37:08 +0200
apr-util (1.3.12+dfsg-1) unstable; urgency=low
* New upstream version
* Make apu-config not output dbm libs by default. Closes: #622081
* Set DEB_GCC_NO_O3=1 for the benefit of ppc64 on Ubuntu.
-- Stefan Fritsch <sf@debian.org> Sun, 22 May 2011 01:27:59 +0200
apr-util (1.3.10+dfsg-2) unstable; urgency=low
* Remove libdb4.8-dev dependency in libaprutil1-dev. This allows packages
build-depending on apr-util1 to use a different version of db than
apr-util.
* With the libdb build-dependency decoupled from subversion, we can now
build-depend on libdb-dev instead of libdb4.8-dev. Users of APU_WANT_DB
in apu_want.h would have to depend on libdb-dev explicitly, but there
are none outside of apr-util itself. Closes: #621366
* Add configure support for libdb 5.1.
* Bump standards version to 3.9.2 (no changes)
* Fix some lintian warnings about the short descriptions.
-- Stefan Fritsch <sf@debian.org> Fri, 08 Apr 2011 19:19:23 +0200
apr-util (1.3.10+dfsg-1) unstable; urgency=low
* New upstream release.
* Add ${misc:Depends} to Depends.
* Remove some old Conflicts and Breaks.
* Bump standards version to 3.9.1:
- empty dependency_libs section in libaprutil-1.la
-- Stefan Fritsch <sf@debian.org> Tue, 08 Feb 2011 22:53:01 +0100
apr-util (1.3.9+dfsg-5) unstable; urgency=low
* Backports from 1.3.10:
- apr_thread_pool: Fix some potential deadlock situations. PR 49709.
- apr_thread_pool_create: Fix pool corruption caused by multithreaded
use of the pool when multiple initial threads are created. PR 47843.
- apr_thread_pool_create: Only set the output variable on success.
-- Stefan Fritsch <sf@debian.org> Fri, 01 Oct 2010 22:05:54 +0200
apr-util (1.3.9+dfsg-4) unstable; urgency=high
* CVE-2010-1623: Fix denial of service vulnerability through memory
consumption in apr_brigade_split_line()
-- Stefan Fritsch <sf@debian.org> Fri, 01 Oct 2010 18:19:38 +0200
apr-util (1.3.9+dfsg-3) unstable; urgency=low
* Update to db4.8 (closes: #550443)
* Bump standards-version:
- Use DEB_*_ARCH_* where applicable
-- Stefan Fritsch <sf@debian.org> Sun, 01 Nov 2009 10:40:53 +0100
apr-util (1.3.9+dfsg-2) unstable; urgency=low
* Fix FTBFS (closes: #545718). The FTBFS didn't happen with dash as /bin/sh
due to dash bug #514863.
* Ship the html documentation in the -dev package. Thanks to Joel Smith for
the patch (closes: #543554).
* Make libaprutil1-dev depend on libmysqlclient-dev instead of
libmysqlclient15-dev.
-- Stefan Fritsch <sf@debian.org> Sat, 12 Sep 2009 15:04:55 +0200
apr-util (1.3.9+dfsg-1) unstable; urgency=high
[ Stefan Fritsch ]
* Enable -fstack-protector for arm/armel. A workaround has been added to
gcc.
* Remove obsolete libmysqlclient15off dependency. Update build-dep to
libmysqlclient-dev.
[ Peter Samuelson ]
* New upstream security release.
- Fix CVE-2009-2412, overflow in RMM allocations due to alignment.
* Add myself to Uploaders.
-- Peter Samuelson <peter@p12n.org> Thu, 06 Aug 2009 13:21:48 -0500
apr-util (1.3.8+dfsg-1) unstable; urgency=low
* New upstream version.
* Add two CVE ids to 1.3.7+dfsg-1 changelog entry.
* Bump standards version (no changes).
* Make libaprutil1-dbd-sqlite3 the default dbd driver, to reduce the size
of dependencies pulled in by apache2.2-bin by default (closes: #536466)
-- Stefan Fritsch <sf@debian.org> Sat, 25 Jul 2009 20:08:37 +0200
apr-util (1.3.7+dfsg-1) unstable; urgency=high
* New upstream version:
- CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
- CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling of
internal xml entities.
- CVE-2009-1956: Fix off by one overflow in apr_brigade_vprintf.
* Disable test suite on hurd for now (closes: #530287).
* Override lintian warning about soname.
-- Stefan Fritsch <sf@debian.org> Thu, 04 Jun 2009 20:53:47 +0200
apr-util (1.3.4+dfsg-2) unstable; urgency=low
[ Ryan Niebur ]
* move the versioned libmysqlclient15off dependency from libaprutil1
to libaprutil1-dbd-mysql (Closes: #481976)
[ Stefan Fritsch ]
* Add workaround to fix FTBFS when doing parallel build (closes: #527812)
* Add "Breaks: apache2.2-common << 2.2.11-3", to make upgrades from lenny
to squeeze less noisy.
-- Stefan Fritsch <sf@debian.org> Sun, 10 May 2009 19:18:48 +0200
apr-util (1.3.4+dfsg-1) unstable; urgency=low
[ Ryan Niebur ]
* New upstream version
* add me to Uploaders
* add repack.sh
* update to libdb4.7-dev (Closes: #519818)
* Debian policy 3.8.1
* remove *.dirs, they're not needed
* lintian overrides for the symbols file depending on different
packages, we have those "unusual circumstances" :)
- debhelper 6 (needed for dh_lintian)
* remove build/apr_common.m4 in the clean target, it gets modified
during build and is automatically generated
* switch the libaprutil1-dbg package to the debug section
* don't output ldap libs by default from apu-config
* upload to unstable this time
[ Stefan Fritsch ]
* Fix description for libaprutil1-dbg (closes: #508145).
* Recognize DEB_BUILD_OPTIONS=nocheck in addition to notest (closes: #515352).
* Make dpkg-shlibdeps automatically generate the needed dependencies for
programs that use apr_ldap_init() or apr_dbd_init().
For dbd, we will genreate an ORed dependency on all libaprutil1-dbd-*
packages, using libaprutil1-dbd-mysql as default.
-- Ryan Niebur <ryanryan52@gmail.com> Thu, 26 Mar 2009 22:25:48 -0700
apr-util (1.3.2+dfsg-1) experimental; urgency=low
[ Ryan Niebur ]
* new upstream release
* added a note to README.source about repackaging upstream tarballs
* put the mysql, sqlite3, pgsql, and ldap drivers into their own package.
(Closes: #481976, #482946)
* use symbol files
* fixed watch file
[ Stefan Fritsch ]
* Compile drivers for odbc and freetds and add packages for them.
-- Stefan Fritsch <sf@debian.org> Tue, 29 Jul 2008 23:09:01 +0200
apr-util (1.2.12+dfsg-8) unstable; urgency=low
[ Ryan Niebur ]
* Upgraded to policy version 3.8.0
- Reference the copyright in common-licenses instead of including it
- support for noopt in DEB_BUILD_OPTIONS
- Added a README.source
- added support for parallel in DEB_BUILD_OPTIONS
* Dropped the XS- prefix for the Vcs fields in debian/control
* Made the watch file notice 1.3.x
[ Stefan Fritsch ]
* Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some
bugs that can make apache2 hang (closes: #490859).
* Add 'Provides' for the modules that are still included in libaprutil1, but
will be moved to separate packages with apr-util 1.3.x. This will make
back-porting packages from lenny+1 to lenny easier.
-- Stefan Fritsch <sf@debian.org> Wed, 20 Aug 2008 22:29:26 +0200
apr-util (1.2.12+dfsg-7) unstable; urgency=medium
* Apply hardening build options independently from apr.
-- Stefan Fritsch <sf@debian.org> Sat, 21 Jun 2008 13:29:48 +0200
apr-util (1.2.12+dfsg-6) unstable; urgency=low
* Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for
linking (really closes: #482270).
-- Stefan Fritsch <sf@debian.org> Mon, 26 May 2008 23:45:44 +0200
apr-util (1.2.12+dfsg-5) unstable; urgency=low
* Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if
libaprutil links to mysql, applications don't need to do it, too.
(Closes: #482270)
-- Stefan Fritsch <sf@debian.org> Sun, 25 May 2008 22:53:36 +0200
apr-util (1.2.12+dfsg-4) unstable; urgency=low
* Activate mysql support (closes: #395959). This is made possible by php5
now linking against the threadsafe version of libmysqlclient. Therefore
add a conflict with older versions of php5-mysql and with php4-mysql.
* Rebuild against apr with hardening options: CFLAGS are taken from apr, set
LDFLAGS=-Wl,-z,relro explicitly.
* Conflict with apache2 << 2.2.8-1, which used an older version of libldap
and now segfaults with current libaprutil1+libldap.
* Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the
uploaders field (thanks for your work).
-- Stefan Fritsch <sf@debian.org> Sun, 18 May 2008 17:13:24 +0200
apr-util (1.2.12+dfsg-3) unstable; urgency=medium
* Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency
medium because this made apache segfault when resuming a file larger than
4GB.
* Point VCS tags in debian control to trunk, to make them useful with
debcheckout.
-- Stefan Fritsch <sf@debian.org> Fri, 29 Feb 2008 20:59:49 +0100
apr-util (1.2.12+dfsg-2) unstable; urgency=low
* Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
causes problems with sbuild.
* Change server in watch file since www.eu.apache.org is unreliable.
-- Stefan Fritsch <sf@debian.org> Sat, 12 Jan 2008 10:17:09 +0100
apr-util (1.2.12+dfsg-1) unstable; urgency=low
[ Stefan Fritsch ]
* New upstream version (Closes: #447146)
* Fix debian/rules clean
* Don't ship .svn directories. (Closes: #431508)
* Fix some lintian warnings:
- Use ${binary:Version} instead of ${Source-Version}.
- Bump standards-version to 3.7.3 (no changes).
- Remove empty /usr/share/doc/libapr1.0/.
- Don't ignore make clean errors.
* Add myself to Uploaders.
* Add Vcs info and homepage to debian/control.
* Change handling of CFLAGS in debian/rules so that they are actually used.
Fixes DEB_BUILD_OPTIONS=debug.
[ Tollef Fog Heen ]
* Make libaprutil1-dbg Priority: extra to match overrides.
[ Peter Samuelson ]
* Compile with db 4.6. (Closes: #422465, #429025)
* Add watch file.
-- Stefan Fritsch <sf@debian.org> Fri, 11 Jan 2008 18:43:17 +0100
apr-util (1.2.7+dfsg-2) unstable; urgency=low
* Fix stupid code duplication in apr_md[45].c resulting from C&P.
Thanks to Peter Samuelson for notifying me. This makes md[45] work
correctly.
-- Tollef Fog Heen <tfheen@debian.org> Fri, 18 Aug 2006 19:50:31 +0200
apr-util (1.2.7+dfsg-1) unstable; urgency=low
* Remove dependency on libgdbm1 from libaprutil1-dev.
* Build against libdb 4.4. Closes: #354510
* Remove most libs from apu-config --link-ld --libs. Thanks to Peter
Samuelson, Closes: #378105
* Use md4 and md5 implementation from Solar Designer as this is in the
public domain and not subject to RSA copyright. This requires a
repacked source, so add +dfsg to the version number.
-- Tollef Fog Heen <tfheen@debian.org> Fri, 14 Jul 2006 15:31:22 +0200
apr-util (1.2.7-2) unstable; urgency=low
* Fix override disparity.
* Compile without gdbm.
* Get rid of all the evil libtool hacks and adjust build-depends
accordingly.
* Remove --includedir parameter and adjust config.layout instead. This
works around damage in newer autoconfs.
-- Tollef Fog Heen <tfheen@debian.org> Mon, 1 May 2006 17:05:28 +0200
apr-util (1.2.7-1) unstable; urgency=low
* New upstream release
* Tighten build dependency on apr to a version which ships
get-version.sh
* Grab get-version.sh from APR build
* Pass --with-berkeley-db to configure so it actually picks up our
preferred BDB version.
-- Tollef Fog Heen <tfheen@debian.org> Fri, 28 Apr 2006 21:59:55 +0200
apr-util (1.2.2-4) unstable; urgency=low
* Compile with -fPIC. Closes: #350677
* Build with -i to avoid .svn directories in source. Closes: #357175
-- Tollef Fog Heen <tfheen@debian.org> Fri, 27 Jan 2006 18:50:04 +0100
apr-util (1.2.2-3) unstable; urgency=low
* Add proper depends to libaprutil1-dev
* Rename source package to match upstream.
* Rename to libaprutil1 instead of libaprutil1.0
* Use libdb4.3, not 4.2
* Conflict with old package names
* Add gdbm support
* Fix call to configure to avoid double linking to sqlite and sqlite3
* Update to Standards Version: 3.6.2.2: no changes.
* Add apu-config compatibility symlink.
-- Tollef Fog Heen <tfheen@debian.org> Fri, 27 Jan 2006 18:50:04 +0100
apr-util1.0 (1.2.2-2) unstable; urgency=low
* Upgrade to debhelper v5
* Call dh_installdocs, so we actually get a copyright.
-- Thom May <thom@debian.org> Tue, 3 Jan 2006 13:05:02 +0000
apr-util1.0 (1.2.2-1) unstable; urgency=low
* New upstream version
* Enable postgres and sqlite3 support
-- Thom May <thom@debian.org> Fri, 30 Dec 2005 10:40:03 +0000
apr-util1.0 (1.1.2-1) unstable; urgency=low
* New upstream release
-- Thom May <thom@debian.org> Sun, 8 May 2005 17:12:22 +0100
apr-util1.0 (1.1.0-1) unstable; urgency=low
* New Upstream Release
* First Package Release
-- Thom May <thom@debian.org> Wed, 17 Nov 2004 11:51:32 -0800