-*- coding: utf-8 -*-
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Changes for APR 1.7.0
*) apr_dir_read: [Unix] Dropped the preference of the dirread_r() flavor
for dirread(), because the former is both deprecated and unneeded.
[Yann Ylavic, William Rowe]
*) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points
as symlinks, and not other reparse tag types. PR47630
[Oleg Liatte <olegliatte gmail.com>]
*) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the
case of apparently equivilant long and long long types. [William Rowe]
*) Recognize APPLE predefined macros as equivilant to DARWIN. [Jim Jagielski]
*) Signals: Allow handling of SIGUSR2 in apr_signal_thread. [Yann Ylavic]
*) Atomics: Support for 64bit ints. [Jim Jagielski]
*) Add the apr_encode_* API that implements RFC4648 and RFC7515
compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16
encode/decode functions. [Graham Leggett]
*) rand: Use arc4random_buf() on BSD platforms and getrandom() on Linux,
when available. [Christian Weisgerber <naddy openbsd.org, Yann Ylavic]
*) Add apr_sockaddr_zone_set, apr_sockaddr_zone_set to set and retrieve
the zone for link-local IPv6 addresses. [Joe Orton]
*) apr_sockaddr_equal: Compare link-local IPv6 addresses with different
zones as not equal. [Joe Orton]
*) apr_sockaddr_ip_getbuf, apr_sockaddr_ip_get: Append "%zone" for
IPv6 link-local addresses. [Joe Orton]
*) Locks: add a --disable-timedlocks config option in case users
encounter more platforms where it fails [Nick Kew].
*) apr_allocator, apr_pools: Add apr_allocator_page_size() and
apr_allocator_min_order_set() to respectively get the (system's) page size
in use and set the minimum allocation size for an allocator (expressed in
2^order pages). [Yann Ylavic]
*) locks: provide portable implementations of timedlock()s for
posix-sems, sysv-sems and pthreads for those platforms that
lack native versions (eg: OSX/macOS). [Jim Jagielski]
*) locks: Introduce apr_{thread,proc,global}_mutex_timedlock().
[Yann Ylavic]
Changes for APR 1.6.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.6.x/CHANGES?view=markup
Changes for APR 1.5.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.5.x/CHANGES?view=markup
Changes for APR 1.4.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/CHANGES?view=markup
Changes for APR 1.3.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?view=markup
Changes for APR 1.2.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/CHANGES?view=markup
Changes for APR 1.1.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.1.x/CHANGES?view=markup
Changes for APR 1.0.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.0.x/CHANGES?view=markup
Changes for APR 0.9.x and later/earlier:
*) http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?view=markup
Generated by dwww version 1.15 on Mon Jun 17 06:14:19 CEST 2024.