From df7f63aab569bad8c93469f5284356de55850b8f Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:12:14 +0200 Subject: Adding debian version 1.6.3-1. Signed-off-by: Daniel Baumann --- debian/changelog | 593 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 593 insertions(+) create mode 100644 debian/changelog (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..15fac96 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,593 @@ +apr-util (1.6.3-1) unstable; urgency=medium + + [ Stefan Fritsch ] + * Incorporate NMUs. Closes: #1028435 + * New upstream version: + - CVE-2022-25147: Fix Integer Overflow or Wraparound vulnerability + in apr_base64 + * Bump libapr1-dev Build-Dep to 1.7.2-1 + + [ Debian Janitor ] + * Use secure URI in Homepage field. + * Set debhelper-compat version in Build-Depends. + * Drop unnecessary dh arguments: --parallel + * Rely on pre-initialized dpkg-architecture variables. + * Remove constraints unnecessary since buster (oldstable): + + libaprutil1: Drop conflict with removed package libapr1 (<< 1.4.8-2~) in + Breaks. + + [ Jelmer Vernooij ] + * Set Repository and Repository-Browse fields in + debian/upstream/metadata. + * Drop transition for old debug package migration. + * Update standards version to 4.6.1, no changes needed. + + + -- Stefan Fritsch Fri, 03 Feb 2023 21:15:18 +0100 + +apr-util (1.6.1-5.2) unstable; urgency=medium + + * Non-maintainer upload by the Reproducible Builds team. + * debian/rules: Remove the build path from apt-1-config, using exactly the + patch from Vagrant Cascadian in #1006865. + + -- Holger Levsen Thu, 12 Jan 2023 20:28:37 +0100 + +apr-util (1.6.1-5.1) unstable; urgency=medium + + * Non-maintainer upload by the Reproducible Builds team. + * debian/rules: Remove the build path from apt-1-config, based on a patch by + Vagrant Cascadian. Closes: #1006865. + + -- Holger Levsen Thu, 29 Dec 2022 19:37:54 +0100 + +apr-util (1.6.1-5) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Remove debug package libaprutil1-dbg. + * Trim trailing whitespace. + + [ Xavier Guimard ] + * Update signing-key.asc + * Declare compliance with policy 4.2.1 + * Remove dependency version to libapr1-dev + + [ Stefan Fritsch ] + * Build-depend on apr >> 1.7.0-1, which switched to python3. + Remove the python build-dep in apr-util as libapr1-dev now has a + fixed dependency on python3. Closes: #936129, #969064 + + -- Stefan Fritsch Sat, 29 Aug 2020 11:51:07 +0200 + +apr-util (1.6.1-4) unstable; urgency=medium + + * Fix libaprutil1-dbd-mysql with mariadb 10.3. Closes: #926400 + + -- Stefan Fritsch Sun, 21 Apr 2019 09:39:02 +0200 + +apr-util (1.6.1-3) unstable; urgency=medium + + [ Stefan Fritsch ] + * Migrate from alioth to salsa + + [ Matthias Klose ] + * Drop build dependency on libpcre3-dev. Closes: #909077. LP: #1792544. + + -- Stefan Fritsch Tue, 18 Sep 2018 21:14:24 +0200 + +apr-util (1.6.1-2) unstable; urgency=medium + + * Avoid empty build target, fixes FTBFS. Thanks to Niels Thykier for the + patch. Closes: #890108 + * Fix handling of gdbm_errno in gdbm driver. Closes: #889170 + * Bump debhelper compat level to 11 and drop deprecated autotools-dev + sequence. Thanks to Niels Thykier for the patch. + * Bump Standards-Version (no changes) + * Fix mysql/mariadb header detection, broken since 1.5.3-3. + * Include NOTICE file in packages, as required by license. + + -- Stefan Fritsch Sun, 25 Feb 2018 12:40:36 +0100 + +apr-util (1.6.1-1) unstable; urgency=medium + + * New upstream release + - Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database. + Closes: #879996 + + -- Stefan Fritsch Mon, 06 Nov 2017 19:48:34 +0100 + +apr-util (1.6.0-2) unstable; urgency=medium + + * Switch off FULL_PATH_NAMES in doxygen to make builds reproducible. + * Bump Standards-Version: + - remove "Priority: extra" in control + + -- Stefan Fritsch Fri, 11 Aug 2017 17:49:25 +0200 + +apr-util (1.6.0-1) unstable; urgency=medium + + * New upstream release + * Remove Peter Samuelson from uploaders. Thanks for your work in the past. + Closes: #852221 + + -- Stefan Fritsch Fri, 04 Aug 2017 21:37:03 +0200 + +apr-util (1.5.4-3) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix unsatisfiable cross Build-Depends: (Closes: #840892) + + Drop binutils from Build-Depends as it is build-essential. + + Annotate Build-Depends: python with :any. + + [ Stefan Fritsch ] + * Enable support for gdbm. Closes: #843206 + * Switch build-depends to default-libmysqlclient-dev. Closes: #845823 + + -- Stefan Fritsch Fri, 09 Dec 2016 18:19:55 +0100 + +apr-util (1.5.4-2) unstable; urgency=medium + + [ Jean-Michel Vourgère ] + * d/watch: Check gpg signature of upstream source. + * Update Vcs-Browser: address. + + [ Stefan Fritsch ] + * Bump standards version. No changes needed. + * Backport support for openssl 1.1 from upstream 1.5.x branch. + Closes: #828237 + + -- Stefan Fritsch Thu, 14 Jul 2016 12:00:56 +0200 + +apr-util (1.5.4-1) unstable; urgency=medium + + * New upstream release + * Remove dependencies on libpcre3-dev, libsqlite3-dev, libpq-dev, + and libmysqlclient-dev in libaprutil1-dev. They are no longer + necessary. Closes: #757140 + * Bump standards version. No changes needed. + + -- Stefan Fritsch Sat, 04 Oct 2014 14:19:46 +0200 + +apr-util (1.5.3-3) unstable; urgency=medium + + * Allow building with libmariadbclient-dev instead of + libmysqlclient-dev. Closes: #759158 + * Update Vcs-Git URL in control file. + + -- Stefan Fritsch Mon, 25 Aug 2014 22:10:38 +0200 + +apr-util (1.5.3-2) unstable; urgency=medium + + * Fix FTBFS with make 4.0. Closes: #748369 + + -- Stefan Fritsch Thu, 29 May 2014 16:52:08 +0200 + +apr-util (1.5.3-1) unstable; urgency=low + + * New upstream version. + * When querying the berkley db version, strip the epoch from the + version number. + + -- Stefan Fritsch Sun, 24 Nov 2013 14:21:14 +0100 + +apr-util (1.5.2-2) unstable; urgency=low + + * Remove dbd-freetds driver because it has security issues. + * Switch build system to dh. + * Bump Standards-Version (no additional changes). + * Support multi-arch. + * Adjust dependencies to a multi-arch enabled apr. + * Speed up build by not searching for lots of berkley db versions that + are not installed. Closes: #717327 + + -- Stefan Fritsch Wed, 06 Nov 2013 22:27:45 +0100 + +apr-util (1.5.2-1) unstable; urgency=low + + * New upstream release. + * Ship find_apu.m4 in libaprutil1-dev. Closes: #699327 + + -- Stefan Fritsch Sun, 05 May 2013 15:43:34 +0200 + +apr-util (1.4.1-3) unstable; urgency=low + + * Fix apr_password_validate() to work with sha512-crypt hashes. + Closes: #684268 + + -- Stefan Fritsch Wed, 15 Aug 2012 20:10:55 +0200 + +apr-util (1.4.1-2) unstable; urgency=low + + * Remove obsolete version on binutils dependency. Closes: #666260 + * Re-enable test suite on hurd. Closes: #657043 + * Switch VCS to git + * Switch to packaging format "3.0 quilt", remove dpatch. Thanks to Jari + Aalto for the patch. Closes: #664307 + * Update to Standards-Version to 3.9.3 (no changes) + * Bump to debhelper 9. + * Remove obsolete workaround for #651147, ldap detection is fixed in 1.4.x + * Fix lintian warnings + - use dh_prep + - omit driver libraries from symbol files + - add build-arch and build-indep targets + + -- Stefan Fritsch Sun, 20 May 2012 22:14:38 +0200 + +apr-util (1.4.1-1) unstable; urgency=low + + * New upstream release + * Build new apr_crypto API (using openssl). + * Stop repacking the source tarball to remove the MD4/MD5 implementations + derived from RSA's code. RSA has released a statement that revised the + conditions of use for this code. Debian uses the code according to the + conditions from this statement, which is now included in the copyright + file of the Debian package. + + -- Stefan Fritsch Sun, 08 Jan 2012 20:44:17 +0100 + +apr-util (1.3.12+dfsg-3) unstable; urgency=high + + * Add workaround for ldap detection problem, to fix FTBFS with gcc 4.6. + Closes: #651147 + * Remove Tollef Fog Heen and Ryan Niebur from uploaders. Thanks for your + work in the past. + + -- Stefan Fritsch Wed, 07 Dec 2011 20:25:16 +0100 + +apr-util (1.3.12+dfsg-2) unstable; urgency=low + + * Fix unsafe pool usage in apr_thread_pool. This hopefully fixes the + occasional testreslist failures. + + -- Stefan Fritsch Sun, 22 May 2011 20:37:08 +0200 + +apr-util (1.3.12+dfsg-1) unstable; urgency=low + + * New upstream version + * Make apu-config not output dbm libs by default. Closes: #622081 + * Set DEB_GCC_NO_O3=1 for the benefit of ppc64 on Ubuntu. + + -- Stefan Fritsch Sun, 22 May 2011 01:27:59 +0200 + +apr-util (1.3.10+dfsg-2) unstable; urgency=low + + * Remove libdb4.8-dev dependency in libaprutil1-dev. This allows packages + build-depending on apr-util1 to use a different version of db than + apr-util. + * With the libdb build-dependency decoupled from subversion, we can now + build-depend on libdb-dev instead of libdb4.8-dev. Users of APU_WANT_DB + in apu_want.h would have to depend on libdb-dev explicitly, but there + are none outside of apr-util itself. Closes: #621366 + * Add configure support for libdb 5.1. + * Bump standards version to 3.9.2 (no changes) + * Fix some lintian warnings about the short descriptions. + + -- Stefan Fritsch Fri, 08 Apr 2011 19:19:23 +0200 + +apr-util (1.3.10+dfsg-1) unstable; urgency=low + + * New upstream release. + * Add ${misc:Depends} to Depends. + * Remove some old Conflicts and Breaks. + * Bump standards version to 3.9.1: + - empty dependency_libs section in libaprutil-1.la + + -- Stefan Fritsch Tue, 08 Feb 2011 22:53:01 +0100 + +apr-util (1.3.9+dfsg-5) unstable; urgency=low + + * Backports from 1.3.10: + - apr_thread_pool: Fix some potential deadlock situations. PR 49709. + - apr_thread_pool_create: Fix pool corruption caused by multithreaded + use of the pool when multiple initial threads are created. PR 47843. + - apr_thread_pool_create: Only set the output variable on success. + + -- Stefan Fritsch Fri, 01 Oct 2010 22:05:54 +0200 + +apr-util (1.3.9+dfsg-4) unstable; urgency=high + + * CVE-2010-1623: Fix denial of service vulnerability through memory + consumption in apr_brigade_split_line() + + -- Stefan Fritsch Fri, 01 Oct 2010 18:19:38 +0200 + +apr-util (1.3.9+dfsg-3) unstable; urgency=low + + * Update to db4.8 (closes: #550443) + * Bump standards-version: + - Use DEB_*_ARCH_* where applicable + + -- Stefan Fritsch Sun, 01 Nov 2009 10:40:53 +0100 + +apr-util (1.3.9+dfsg-2) unstable; urgency=low + + * Fix FTBFS (closes: #545718). The FTBFS didn't happen with dash as /bin/sh + due to dash bug #514863. + * Ship the html documentation in the -dev package. Thanks to Joel Smith for + the patch (closes: #543554). + * Make libaprutil1-dev depend on libmysqlclient-dev instead of + libmysqlclient15-dev. + + -- Stefan Fritsch Sat, 12 Sep 2009 15:04:55 +0200 + +apr-util (1.3.9+dfsg-1) unstable; urgency=high + + [ Stefan Fritsch ] + * Enable -fstack-protector for arm/armel. A workaround has been added to + gcc. + * Remove obsolete libmysqlclient15off dependency. Update build-dep to + libmysqlclient-dev. + + [ Peter Samuelson ] + * New upstream security release. + - Fix CVE-2009-2412, overflow in RMM allocations due to alignment. + * Add myself to Uploaders. + + -- Peter Samuelson Thu, 06 Aug 2009 13:21:48 -0500 + +apr-util (1.3.8+dfsg-1) unstable; urgency=low + + * New upstream version. + * Add two CVE ids to 1.3.7+dfsg-1 changelog entry. + * Bump standards version (no changes). + * Make libaprutil1-dbd-sqlite3 the default dbd driver, to reduce the size + of dependencies pulled in by apache2.2-bin by default (closes: #536466) + + -- Stefan Fritsch Sat, 25 Jul 2009 20:08:37 +0200 + +apr-util (1.3.7+dfsg-1) unstable; urgency=high + + * New upstream version: + - CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes + remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2. + - CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling of + internal xml entities. + - CVE-2009-1956: Fix off by one overflow in apr_brigade_vprintf. + * Disable test suite on hurd for now (closes: #530287). + * Override lintian warning about soname. + + -- Stefan Fritsch Thu, 04 Jun 2009 20:53:47 +0200 + +apr-util (1.3.4+dfsg-2) unstable; urgency=low + + [ Ryan Niebur ] + * move the versioned libmysqlclient15off dependency from libaprutil1 + to libaprutil1-dbd-mysql (Closes: #481976) + + [ Stefan Fritsch ] + * Add workaround to fix FTBFS when doing parallel build (closes: #527812) + * Add "Breaks: apache2.2-common << 2.2.11-3", to make upgrades from lenny + to squeeze less noisy. + + -- Stefan Fritsch Sun, 10 May 2009 19:18:48 +0200 + +apr-util (1.3.4+dfsg-1) unstable; urgency=low + + [ Ryan Niebur ] + * New upstream version + * add me to Uploaders + * add repack.sh + * update to libdb4.7-dev (Closes: #519818) + * Debian policy 3.8.1 + * remove *.dirs, they're not needed + * lintian overrides for the symbols file depending on different + packages, we have those "unusual circumstances" :) + - debhelper 6 (needed for dh_lintian) + * remove build/apr_common.m4 in the clean target, it gets modified + during build and is automatically generated + * switch the libaprutil1-dbg package to the debug section + * don't output ldap libs by default from apu-config + * upload to unstable this time + + [ Stefan Fritsch ] + * Fix description for libaprutil1-dbg (closes: #508145). + * Recognize DEB_BUILD_OPTIONS=nocheck in addition to notest (closes: #515352). + * Make dpkg-shlibdeps automatically generate the needed dependencies for + programs that use apr_ldap_init() or apr_dbd_init(). + For dbd, we will genreate an ORed dependency on all libaprutil1-dbd-* + packages, using libaprutil1-dbd-mysql as default. + + -- Ryan Niebur Thu, 26 Mar 2009 22:25:48 -0700 + +apr-util (1.3.2+dfsg-1) experimental; urgency=low + + [ Ryan Niebur ] + * new upstream release + * added a note to README.source about repackaging upstream tarballs + * put the mysql, sqlite3, pgsql, and ldap drivers into their own package. + (Closes: #481976, #482946) + * use symbol files + * fixed watch file + + [ Stefan Fritsch ] + * Compile drivers for odbc and freetds and add packages for them. + + -- Stefan Fritsch Tue, 29 Jul 2008 23:09:01 +0200 + +apr-util (1.2.12+dfsg-8) unstable; urgency=low + + [ Ryan Niebur ] + * Upgraded to policy version 3.8.0 + - Reference the copyright in common-licenses instead of including it + - support for noopt in DEB_BUILD_OPTIONS + - Added a README.source + - added support for parallel in DEB_BUILD_OPTIONS + * Dropped the XS- prefix for the Vcs fields in debian/control + * Made the watch file notice 1.3.x + + [ Stefan Fritsch ] + * Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some + bugs that can make apache2 hang (closes: #490859). + * Add 'Provides' for the modules that are still included in libaprutil1, but + will be moved to separate packages with apr-util 1.3.x. This will make + back-porting packages from lenny+1 to lenny easier. + + -- Stefan Fritsch Wed, 20 Aug 2008 22:29:26 +0200 + +apr-util (1.2.12+dfsg-7) unstable; urgency=medium + + * Apply hardening build options independently from apr. + + -- Stefan Fritsch Sat, 21 Jun 2008 13:29:48 +0200 + +apr-util (1.2.12+dfsg-6) unstable; urgency=low + + * Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for + linking (really closes: #482270). + + -- Stefan Fritsch Mon, 26 May 2008 23:45:44 +0200 + +apr-util (1.2.12+dfsg-5) unstable; urgency=low + + * Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if + libaprutil links to mysql, applications don't need to do it, too. + (Closes: #482270) + + -- Stefan Fritsch Sun, 25 May 2008 22:53:36 +0200 + +apr-util (1.2.12+dfsg-4) unstable; urgency=low + + * Activate mysql support (closes: #395959). This is made possible by php5 + now linking against the threadsafe version of libmysqlclient. Therefore + add a conflict with older versions of php5-mysql and with php4-mysql. + * Rebuild against apr with hardening options: CFLAGS are taken from apr, set + LDFLAGS=-Wl,-z,relro explicitly. + * Conflict with apache2 << 2.2.8-1, which used an older version of libldap + and now segfaults with current libaprutil1+libldap. + * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the + uploaders field (thanks for your work). + + -- Stefan Fritsch Sun, 18 May 2008 17:13:24 +0200 + +apr-util (1.2.12+dfsg-3) unstable; urgency=medium + + * Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency + medium because this made apache segfault when resuming a file larger than + 4GB. + * Point VCS tags in debian control to trunk, to make them useful with + debcheckout. + + -- Stefan Fritsch Fri, 29 Feb 2008 20:59:49 +0100 + +apr-util (1.2.12+dfsg-2) unstable; urgency=low + + * Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter + causes problems with sbuild. + * Change server in watch file since www.eu.apache.org is unreliable. + + -- Stefan Fritsch Sat, 12 Jan 2008 10:17:09 +0100 + +apr-util (1.2.12+dfsg-1) unstable; urgency=low + + [ Stefan Fritsch ] + * New upstream version (Closes: #447146) + * Fix debian/rules clean + * Don't ship .svn directories. (Closes: #431508) + * Fix some lintian warnings: + - Use ${binary:Version} instead of ${Source-Version}. + - Bump standards-version to 3.7.3 (no changes). + - Remove empty /usr/share/doc/libapr1.0/. + - Don't ignore make clean errors. + * Add myself to Uploaders. + * Add Vcs info and homepage to debian/control. + * Change handling of CFLAGS in debian/rules so that they are actually used. + Fixes DEB_BUILD_OPTIONS=debug. + + [ Tollef Fog Heen ] + * Make libaprutil1-dbg Priority: extra to match overrides. + + [ Peter Samuelson ] + * Compile with db 4.6. (Closes: #422465, #429025) + * Add watch file. + + -- Stefan Fritsch Fri, 11 Jan 2008 18:43:17 +0100 + +apr-util (1.2.7+dfsg-2) unstable; urgency=low + + * Fix stupid code duplication in apr_md[45].c resulting from C&P. + Thanks to Peter Samuelson for notifying me. This makes md[45] work + correctly. + + -- Tollef Fog Heen Fri, 18 Aug 2006 19:50:31 +0200 + +apr-util (1.2.7+dfsg-1) unstable; urgency=low + + * Remove dependency on libgdbm1 from libaprutil1-dev. + * Build against libdb 4.4. Closes: #354510 + * Remove most libs from apu-config --link-ld --libs. Thanks to Peter + Samuelson, Closes: #378105 + * Use md4 and md5 implementation from Solar Designer as this is in the + public domain and not subject to RSA copyright. This requires a + repacked source, so add +dfsg to the version number. + + -- Tollef Fog Heen Fri, 14 Jul 2006 15:31:22 +0200 + +apr-util (1.2.7-2) unstable; urgency=low + + * Fix override disparity. + * Compile without gdbm. + * Get rid of all the evil libtool hacks and adjust build-depends + accordingly. + * Remove --includedir parameter and adjust config.layout instead. This + works around damage in newer autoconfs. + + -- Tollef Fog Heen Mon, 1 May 2006 17:05:28 +0200 + +apr-util (1.2.7-1) unstable; urgency=low + + * New upstream release + * Tighten build dependency on apr to a version which ships + get-version.sh + * Grab get-version.sh from APR build + * Pass --with-berkeley-db to configure so it actually picks up our + preferred BDB version. + + -- Tollef Fog Heen Fri, 28 Apr 2006 21:59:55 +0200 + +apr-util (1.2.2-4) unstable; urgency=low + + * Compile with -fPIC. Closes: #350677 + * Build with -i to avoid .svn directories in source. Closes: #357175 + + -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 + +apr-util (1.2.2-3) unstable; urgency=low + + * Add proper depends to libaprutil1-dev + * Rename source package to match upstream. + * Rename to libaprutil1 instead of libaprutil1.0 + * Use libdb4.3, not 4.2 + * Conflict with old package names + * Add gdbm support + * Fix call to configure to avoid double linking to sqlite and sqlite3 + * Update to Standards Version: 3.6.2.2: no changes. + * Add apu-config compatibility symlink. + + -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 + +apr-util1.0 (1.2.2-2) unstable; urgency=low + + * Upgrade to debhelper v5 + * Call dh_installdocs, so we actually get a copyright. + + -- Thom May Tue, 3 Jan 2006 13:05:02 +0000 + +apr-util1.0 (1.2.2-1) unstable; urgency=low + + * New upstream version + * Enable postgres and sqlite3 support + + -- Thom May Fri, 30 Dec 2005 10:40:03 +0000 + +apr-util1.0 (1.1.2-1) unstable; urgency=low + + * New upstream release + + -- Thom May Sun, 8 May 2005 17:12:22 +0100 + +apr-util1.0 (1.1.0-1) unstable; urgency=low + + * New Upstream Release + * First Package Release + + -- Thom May Wed, 17 Nov 2004 11:51:32 -0800 -- cgit v1.2.3