1 files changed, 174 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
new file mode 100644
index 0000000..71b2f0e
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,174 @@
+                                                     -*- coding: utf-8 -*-
+Changes for APR 1.7.1
+
+  *) SECURITY: CVE-2022-24963 (cve.mitre.org)
+     Integer Overflow or Wraparound vulnerability in apr_encode functions of 
+     Apache Portable Runtime (APR) allows an attacker to write beyond bounds 
+     of a buffer.
+
+  *) SECURITY: CVE-2022-28331 (cve.mitre.org)
+     On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond 
+     the end of a stack based buffer in apr_socket_sendv(). This is a result 
+     of integer overflow.
+
+  *) SECURITY: CVE-2021-35940 (cve.mitre.org)
+     Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
+     (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
+     later 1.6.x releases, but was missing in 1.7.0.)  [Stefan Sperling]
+
+  *) configure: Fix various build issues for compilers enforcing
+     strict C99 compliance.  PR 66396, 66408, 66426.
+     [Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
+
+  *) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
+
+  *) configure: Prefer posix name-based shared memory over SysV IPC.
+     [Jim Jagielski]
+
+  *) configure: Add --disable-sctp argument to forcibly disable SCTP
+     support, or --enable-sctp which fails if SCTP support is not
+     detected.  [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
+
+  *) Fix handle leak in the Win32 apr_uid_current implementation.
+     PR 61165. [Ivan Zhakov]
+
+  *) Add error handling for lseek() failures in apr_file_write() and
+     apr_file_writev().  [Joe Orton]
+
+  *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
+     to avoid a fd and inode leak when/if later passed to apr_file_setaside().
+     [Yann Ylavic]
+
+  *) APR's configure script uses AC_TRY_RUN to detect whether the return type
+     of strerror_r is int. When cross-compiling this defaults to no.
+
+     This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
+     influence the outcome with a configure variable. [Sebastian Kemper
+     <sebastian_ml gmx net>]
+
+  *) Add a cache check with which users who cross-compile APR
+     can influence the outcome of the /dev/zero test by setting the variable
+     ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
+
+  *) Trick autoconf into printing the correct default prefix in the help.
+     [Stefan Fritsch]
+
+  *) Don't try to use PROC_PTHREAD by default when cross compiling.
+     [Yann Ylavic]
+
+  *) Add the ability to cross compile APR. [Graham Leggett]
+
+  *) While cross-compiling, the tools/gen_test_char could not
+     be executed at build time, use AX_PROG_CC_FOR_BUILD to
+     build native tools/gen_test_char
+
+     Support explicit libtool by variable assigning before buildcheck.sh,
+     it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
+     [Hongxu Jia <hongxu.jia windriver.com>]
+
+  *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
+     <r... hjortskov.dk>]
+
+  *) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
+     [Mike Frysinger <vapier gentoo.org>]
+
+  *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
+
+  *) apr_pools: Fix pool debugging output so that creation events are
+     always emitted before allocation events and subpool destruction
+     events are emitted on pool clear/destroy for proper accounting.
+     [Brane Čibej]
+
+  *) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
+     [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
+
+  *) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
+
+  *) Fix attempt to free invalid memory on exit when apr_app is used
+     on Windows. [Ivan Zhakov]
+
+  *) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
+
+  *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
+
+Changes for APR 1.7.0
+
+  *) apr_dir_read: [Unix] Dropped the preference of the dirread_r() flavor
+     for dirread(), because the former is both deprecated and unneeded.
+     [Yann Ylavic, William Rowe]
+
+  *) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points
+     as symlinks, and not other reparse tag types. PR47630
+     [Oleg Liatte <olegliatte gmail.com>]
+
+  *) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the
+     case of apparently equivilant long and long long types. [William Rowe]
+
+  *) Recognize APPLE predefined macros as equivilant to DARWIN. [Jim Jagielski]
+
+  *) Signals: Allow handling of SIGUSR2 in apr_signal_thread. [Yann Ylavic]
+
+  *) Atomics: Support for 64bit ints. [Jim Jagielski]
+
+  *) Add the apr_encode_* API that implements RFC4648 and RFC7515
+     compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16
+     encode/decode functions. [Graham Leggett]
+
+  *) rand: Use arc4random_buf() on BSD platforms and getrandom() on Linux,
+     when available. [Christian Weisgerber <naddy openbsd.org, Yann Ylavic]
+
+  *) Add apr_sockaddr_zone_set, apr_sockaddr_zone_set to set and retrieve
+     the zone for link-local IPv6 addresses.  [Joe Orton]
+
+  *) apr_sockaddr_equal: Compare link-local IPv6 addresses with different
+     zones as not equal.  [Joe Orton]
+
+  *) apr_sockaddr_ip_getbuf, apr_sockaddr_ip_get: Append "%zone" for
+     IPv6 link-local addresses.  [Joe Orton]
+
+  *) Locks: add a --disable-timedlocks config option in case users
+     encounter more platforms where it fails [Nick Kew].
+
+  *) apr_allocator, apr_pools: Add apr_allocator_page_size() and
+     apr_allocator_min_order_set() to respectively get the (system's) page size
+     in use and set the minimum allocation size for an allocator (expressed in
+     2^order pages).  [Yann Ylavic]
+
+  *) locks: provide portable implementations of timedlock()s for
+     posix-sems, sysv-sems and pthreads for those platforms that
+     lack native versions (eg: OSX/macOS). [Jim Jagielski]
+
+  *) locks: Introduce apr_{thread,proc,global}_mutex_timedlock().
+     [Yann Ylavic]
+
+Changes for APR 1.6.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.6.x/CHANGES?view=markup
+
+Changes for APR 1.5.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.5.x/CHANGES?view=markup
+
+Changes for APR 1.4.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/CHANGES?view=markup
+
+Changes for APR 1.3.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?view=markup
+
+Changes for APR 1.2.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/CHANGES?view=markup
+
+Changes for APR 1.1.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.1.x/CHANGES?view=markup
+
+Changes for APR 1.0.x and later:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/1.0.x/CHANGES?view=markup
+
+Changes for APR 0.9.x and later/earlier:
+
+  *) http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?view=markup