apr-util (1.6.3-1) unstable; urgency=medium [ Stefan Fritsch ] * Incorporate NMUs. Closes: #1028435 * New upstream version: - CVE-2022-25147: Fix Integer Overflow or Wraparound vulnerability in apr_base64 * Bump libapr1-dev Build-Dep to 1.7.2-1 [ Debian Janitor ] * Use secure URI in Homepage field. * Set debhelper-compat version in Build-Depends. * Drop unnecessary dh arguments: --parallel * Rely on pre-initialized dpkg-architecture variables. * Remove constraints unnecessary since buster (oldstable): + libaprutil1: Drop conflict with removed package libapr1 (<< 1.4.8-2~) in Breaks. [ Jelmer Vernooij ] * Set Repository and Repository-Browse fields in debian/upstream/metadata. * Drop transition for old debug package migration. * Update standards version to 4.6.1, no changes needed. -- Stefan Fritsch Fri, 03 Feb 2023 21:15:18 +0100 apr-util (1.6.1-5.2) unstable; urgency=medium * Non-maintainer upload by the Reproducible Builds team. * debian/rules: Remove the build path from apt-1-config, using exactly the patch from Vagrant Cascadian in #1006865. -- Holger Levsen Thu, 12 Jan 2023 20:28:37 +0100 apr-util (1.6.1-5.1) unstable; urgency=medium * Non-maintainer upload by the Reproducible Builds team. * debian/rules: Remove the build path from apt-1-config, based on a patch by Vagrant Cascadian. Closes: #1006865. -- Holger Levsen Thu, 29 Dec 2022 19:37:54 +0100 apr-util (1.6.1-5) unstable; urgency=medium [ Jelmer Vernooij ] * Remove debug package libaprutil1-dbg. * Trim trailing whitespace. [ Xavier Guimard ] * Update signing-key.asc * Declare compliance with policy 4.2.1 * Remove dependency version to libapr1-dev [ Stefan Fritsch ] * Build-depend on apr >> 1.7.0-1, which switched to python3. Remove the python build-dep in apr-util as libapr1-dev now has a fixed dependency on python3. Closes: #936129, #969064 -- Stefan Fritsch Sat, 29 Aug 2020 11:51:07 +0200 apr-util (1.6.1-4) unstable; urgency=medium * Fix libaprutil1-dbd-mysql with mariadb 10.3. Closes: #926400 -- Stefan Fritsch Sun, 21 Apr 2019 09:39:02 +0200 apr-util (1.6.1-3) unstable; urgency=medium [ Stefan Fritsch ] * Migrate from alioth to salsa [ Matthias Klose ] * Drop build dependency on libpcre3-dev. Closes: #909077. LP: #1792544. -- Stefan Fritsch Tue, 18 Sep 2018 21:14:24 +0200 apr-util (1.6.1-2) unstable; urgency=medium * Avoid empty build target, fixes FTBFS. Thanks to Niels Thykier for the patch. Closes: #890108 * Fix handling of gdbm_errno in gdbm driver. Closes: #889170 * Bump debhelper compat level to 11 and drop deprecated autotools-dev sequence. Thanks to Niels Thykier for the patch. * Bump Standards-Version (no changes) * Fix mysql/mariadb header detection, broken since 1.5.3-3. * Include NOTICE file in packages, as required by license. -- Stefan Fritsch Sun, 25 Feb 2018 12:40:36 +0100 apr-util (1.6.1-1) unstable; urgency=medium * New upstream release - Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database. Closes: #879996 -- Stefan Fritsch Mon, 06 Nov 2017 19:48:34 +0100 apr-util (1.6.0-2) unstable; urgency=medium * Switch off FULL_PATH_NAMES in doxygen to make builds reproducible. * Bump Standards-Version: - remove "Priority: extra" in control -- Stefan Fritsch Fri, 11 Aug 2017 17:49:25 +0200 apr-util (1.6.0-1) unstable; urgency=medium * New upstream release * Remove Peter Samuelson from uploaders. Thanks for your work in the past. Closes: #852221 -- Stefan Fritsch Fri, 04 Aug 2017 21:37:03 +0200 apr-util (1.5.4-3) unstable; urgency=medium [ Helmut Grohne ] * Fix unsatisfiable cross Build-Depends: (Closes: #840892) + Drop binutils from Build-Depends as it is build-essential. + Annotate Build-Depends: python with :any. [ Stefan Fritsch ] * Enable support for gdbm. Closes: #843206 * Switch build-depends to default-libmysqlclient-dev. Closes: #845823 -- Stefan Fritsch Fri, 09 Dec 2016 18:19:55 +0100 apr-util (1.5.4-2) unstable; urgency=medium [ Jean-Michel Vourgère ] * d/watch: Check gpg signature of upstream source. * Update Vcs-Browser: address. [ Stefan Fritsch ] * Bump standards version. No changes needed. * Backport support for openssl 1.1 from upstream 1.5.x branch. Closes: #828237 -- Stefan Fritsch Thu, 14 Jul 2016 12:00:56 +0200 apr-util (1.5.4-1) unstable; urgency=medium * New upstream release * Remove dependencies on libpcre3-dev, libsqlite3-dev, libpq-dev, and libmysqlclient-dev in libaprutil1-dev. They are no longer necessary. Closes: #757140 * Bump standards version. No changes needed. -- Stefan Fritsch Sat, 04 Oct 2014 14:19:46 +0200 apr-util (1.5.3-3) unstable; urgency=medium * Allow building with libmariadbclient-dev instead of libmysqlclient-dev. Closes: #759158 * Update Vcs-Git URL in control file. -- Stefan Fritsch Mon, 25 Aug 2014 22:10:38 +0200 apr-util (1.5.3-2) unstable; urgency=medium * Fix FTBFS with make 4.0. Closes: #748369 -- Stefan Fritsch Thu, 29 May 2014 16:52:08 +0200 apr-util (1.5.3-1) unstable; urgency=low * New upstream version. * When querying the berkley db version, strip the epoch from the version number. -- Stefan Fritsch Sun, 24 Nov 2013 14:21:14 +0100 apr-util (1.5.2-2) unstable; urgency=low * Remove dbd-freetds driver because it has security issues. * Switch build system to dh. * Bump Standards-Version (no additional changes). * Support multi-arch. * Adjust dependencies to a multi-arch enabled apr. * Speed up build by not searching for lots of berkley db versions that are not installed. Closes: #717327 -- Stefan Fritsch Wed, 06 Nov 2013 22:27:45 +0100 apr-util (1.5.2-1) unstable; urgency=low * New upstream release. * Ship find_apu.m4 in libaprutil1-dev. Closes: #699327 -- Stefan Fritsch Sun, 05 May 2013 15:43:34 +0200 apr-util (1.4.1-3) unstable; urgency=low * Fix apr_password_validate() to work with sha512-crypt hashes. Closes: #684268 -- Stefan Fritsch Wed, 15 Aug 2012 20:10:55 +0200 apr-util (1.4.1-2) unstable; urgency=low * Remove obsolete version on binutils dependency. Closes: #666260 * Re-enable test suite on hurd. Closes: #657043 * Switch VCS to git * Switch to packaging format "3.0 quilt", remove dpatch. Thanks to Jari Aalto for the patch. Closes: #664307 * Update to Standards-Version to 3.9.3 (no changes) * Bump to debhelper 9. * Remove obsolete workaround for #651147, ldap detection is fixed in 1.4.x * Fix lintian warnings - use dh_prep - omit driver libraries from symbol files - add build-arch and build-indep targets -- Stefan Fritsch Sun, 20 May 2012 22:14:38 +0200 apr-util (1.4.1-1) unstable; urgency=low * New upstream release * Build new apr_crypto API (using openssl). * Stop repacking the source tarball to remove the MD4/MD5 implementations derived from RSA's code. RSA has released a statement that revised the conditions of use for this code. Debian uses the code according to the conditions from this statement, which is now included in the copyright file of the Debian package. -- Stefan Fritsch Sun, 08 Jan 2012 20:44:17 +0100 apr-util (1.3.12+dfsg-3) unstable; urgency=high * Add workaround for ldap detection problem, to fix FTBFS with gcc 4.6. Closes: #651147 * Remove Tollef Fog Heen and Ryan Niebur from uploaders. Thanks for your work in the past. -- Stefan Fritsch Wed, 07 Dec 2011 20:25:16 +0100 apr-util (1.3.12+dfsg-2) unstable; urgency=low * Fix unsafe pool usage in apr_thread_pool. This hopefully fixes the occasional testreslist failures. -- Stefan Fritsch Sun, 22 May 2011 20:37:08 +0200 apr-util (1.3.12+dfsg-1) unstable; urgency=low * New upstream version * Make apu-config not output dbm libs by default. Closes: #622081 * Set DEB_GCC_NO_O3=1 for the benefit of ppc64 on Ubuntu. -- Stefan Fritsch Sun, 22 May 2011 01:27:59 +0200 apr-util (1.3.10+dfsg-2) unstable; urgency=low * Remove libdb4.8-dev dependency in libaprutil1-dev. This allows packages build-depending on apr-util1 to use a different version of db than apr-util. * With the libdb build-dependency decoupled from subversion, we can now build-depend on libdb-dev instead of libdb4.8-dev. Users of APU_WANT_DB in apu_want.h would have to depend on libdb-dev explicitly, but there are none outside of apr-util itself. Closes: #621366 * Add configure support for libdb 5.1. * Bump standards version to 3.9.2 (no changes) * Fix some lintian warnings about the short descriptions. -- Stefan Fritsch Fri, 08 Apr 2011 19:19:23 +0200 apr-util (1.3.10+dfsg-1) unstable; urgency=low * New upstream release. * Add ${misc:Depends} to Depends. * Remove some old Conflicts and Breaks. * Bump standards version to 3.9.1: - empty dependency_libs section in libaprutil-1.la -- Stefan Fritsch Tue, 08 Feb 2011 22:53:01 +0100 apr-util (1.3.9+dfsg-5) unstable; urgency=low * Backports from 1.3.10: - apr_thread_pool: Fix some potential deadlock situations. PR 49709. - apr_thread_pool_create: Fix pool corruption caused by multithreaded use of the pool when multiple initial threads are created. PR 47843. - apr_thread_pool_create: Only set the output variable on success. -- Stefan Fritsch Fri, 01 Oct 2010 22:05:54 +0200 apr-util (1.3.9+dfsg-4) unstable; urgency=high * CVE-2010-1623: Fix denial of service vulnerability through memory consumption in apr_brigade_split_line() -- Stefan Fritsch Fri, 01 Oct 2010 18:19:38 +0200 apr-util (1.3.9+dfsg-3) unstable; urgency=low * Update to db4.8 (closes: #550443) * Bump standards-version: - Use DEB_*_ARCH_* where applicable -- Stefan Fritsch Sun, 01 Nov 2009 10:40:53 +0100 apr-util (1.3.9+dfsg-2) unstable; urgency=low * Fix FTBFS (closes: #545718). The FTBFS didn't happen with dash as /bin/sh due to dash bug #514863. * Ship the html documentation in the -dev package. Thanks to Joel Smith for the patch (closes: #543554). * Make libaprutil1-dev depend on libmysqlclient-dev instead of libmysqlclient15-dev. -- Stefan Fritsch Sat, 12 Sep 2009 15:04:55 +0200 apr-util (1.3.9+dfsg-1) unstable; urgency=high [ Stefan Fritsch ] * Enable -fstack-protector for arm/armel. A workaround has been added to gcc. * Remove obsolete libmysqlclient15off dependency. Update build-dep to libmysqlclient-dev. [ Peter Samuelson ] * New upstream security release. - Fix CVE-2009-2412, overflow in RMM allocations due to alignment. * Add myself to Uploaders. -- Peter Samuelson Thu, 06 Aug 2009 13:21:48 -0500 apr-util (1.3.8+dfsg-1) unstable; urgency=low * New upstream version. * Add two CVE ids to 1.3.7+dfsg-1 changelog entry. * Bump standards version (no changes). * Make libaprutil1-dbd-sqlite3 the default dbd driver, to reduce the size of dependencies pulled in by apache2.2-bin by default (closes: #536466) -- Stefan Fritsch Sat, 25 Jul 2009 20:08:37 +0200 apr-util (1.3.7+dfsg-1) unstable; urgency=high * New upstream version: - CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2. - CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling of internal xml entities. - CVE-2009-1956: Fix off by one overflow in apr_brigade_vprintf. * Disable test suite on hurd for now (closes: #530287). * Override lintian warning about soname. -- Stefan Fritsch Thu, 04 Jun 2009 20:53:47 +0200 apr-util (1.3.4+dfsg-2) unstable; urgency=low [ Ryan Niebur ] * move the versioned libmysqlclient15off dependency from libaprutil1 to libaprutil1-dbd-mysql (Closes: #481976) [ Stefan Fritsch ] * Add workaround to fix FTBFS when doing parallel build (closes: #527812) * Add "Breaks: apache2.2-common << 2.2.11-3", to make upgrades from lenny to squeeze less noisy. -- Stefan Fritsch Sun, 10 May 2009 19:18:48 +0200 apr-util (1.3.4+dfsg-1) unstable; urgency=low [ Ryan Niebur ] * New upstream version * add me to Uploaders * add repack.sh * update to libdb4.7-dev (Closes: #519818) * Debian policy 3.8.1 * remove *.dirs, they're not needed * lintian overrides for the symbols file depending on different packages, we have those "unusual circumstances" :) - debhelper 6 (needed for dh_lintian) * remove build/apr_common.m4 in the clean target, it gets modified during build and is automatically generated * switch the libaprutil1-dbg package to the debug section * don't output ldap libs by default from apu-config * upload to unstable this time [ Stefan Fritsch ] * Fix description for libaprutil1-dbg (closes: #508145). * Recognize DEB_BUILD_OPTIONS=nocheck in addition to notest (closes: #515352). * Make dpkg-shlibdeps automatically generate the needed dependencies for programs that use apr_ldap_init() or apr_dbd_init(). For dbd, we will genreate an ORed dependency on all libaprutil1-dbd-* packages, using libaprutil1-dbd-mysql as default. -- Ryan Niebur Thu, 26 Mar 2009 22:25:48 -0700 apr-util (1.3.2+dfsg-1) experimental; urgency=low [ Ryan Niebur ] * new upstream release * added a note to README.source about repackaging upstream tarballs * put the mysql, sqlite3, pgsql, and ldap drivers into their own package. (Closes: #481976, #482946) * use symbol files * fixed watch file [ Stefan Fritsch ] * Compile drivers for odbc and freetds and add packages for them. -- Stefan Fritsch Tue, 29 Jul 2008 23:09:01 +0200 apr-util (1.2.12+dfsg-8) unstable; urgency=low [ Ryan Niebur ] * Upgraded to policy version 3.8.0 - Reference the copyright in common-licenses instead of including it - support for noopt in DEB_BUILD_OPTIONS - Added a README.source - added support for parallel in DEB_BUILD_OPTIONS * Dropped the XS- prefix for the Vcs fields in debian/control * Made the watch file notice 1.3.x [ Stefan Fritsch ] * Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some bugs that can make apache2 hang (closes: #490859). * Add 'Provides' for the modules that are still included in libaprutil1, but will be moved to separate packages with apr-util 1.3.x. This will make back-porting packages from lenny+1 to lenny easier. -- Stefan Fritsch Wed, 20 Aug 2008 22:29:26 +0200 apr-util (1.2.12+dfsg-7) unstable; urgency=medium * Apply hardening build options independently from apr. -- Stefan Fritsch Sat, 21 Jun 2008 13:29:48 +0200 apr-util (1.2.12+dfsg-6) unstable; urgency=low * Make libaprutil1-dev depend on libmysqlclient15-dev. Libtool needs it for linking (really closes: #482270). -- Stefan Fritsch Mon, 26 May 2008 23:45:44 +0200 apr-util (1.2.12+dfsg-5) unstable; urgency=low * Don't output "-lmysqlclient_r" in "apu-config --ldflags". It is enough if libaprutil links to mysql, applications don't need to do it, too. (Closes: #482270) -- Stefan Fritsch Sun, 25 May 2008 22:53:36 +0200 apr-util (1.2.12+dfsg-4) unstable; urgency=low * Activate mysql support (closes: #395959). This is made possible by php5 now linking against the threadsafe version of libmysqlclient. Therefore add a conflict with older versions of php5-mysql and with php4-mysql. * Rebuild against apr with hardening options: CFLAGS are taken from apr, set LDFLAGS=-Wl,-z,relro explicitly. * Conflict with apache2 << 2.2.8-1, which used an older version of libldap and now segfaults with current libaprutil1+libldap. * Remove Thom May, Fabio M. Di Nitto, Daniel Stone, and Adam Conrad from the uploaders field (thanks for your work). -- Stefan Fritsch Sun, 18 May 2008 17:13:24 +0200 apr-util (1.2.12+dfsg-3) unstable; urgency=medium * Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency medium because this made apache segfault when resuming a file larger than 4GB. * Point VCS tags in debian control to trunk, to make them useful with debcheckout. -- Stefan Fritsch Fri, 29 Feb 2008 20:59:49 +0100 apr-util (1.2.12+dfsg-2) unstable; urgency=low * Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter causes problems with sbuild. * Change server in watch file since www.eu.apache.org is unreliable. -- Stefan Fritsch Sat, 12 Jan 2008 10:17:09 +0100 apr-util (1.2.12+dfsg-1) unstable; urgency=low [ Stefan Fritsch ] * New upstream version (Closes: #447146) * Fix debian/rules clean * Don't ship .svn directories. (Closes: #431508) * Fix some lintian warnings: - Use ${binary:Version} instead of ${Source-Version}. - Bump standards-version to 3.7.3 (no changes). - Remove empty /usr/share/doc/libapr1.0/. - Don't ignore make clean errors. * Add myself to Uploaders. * Add Vcs info and homepage to debian/control. * Change handling of CFLAGS in debian/rules so that they are actually used. Fixes DEB_BUILD_OPTIONS=debug. [ Tollef Fog Heen ] * Make libaprutil1-dbg Priority: extra to match overrides. [ Peter Samuelson ] * Compile with db 4.6. (Closes: #422465, #429025) * Add watch file. -- Stefan Fritsch Fri, 11 Jan 2008 18:43:17 +0100 apr-util (1.2.7+dfsg-2) unstable; urgency=low * Fix stupid code duplication in apr_md[45].c resulting from C&P. Thanks to Peter Samuelson for notifying me. This makes md[45] work correctly. -- Tollef Fog Heen Fri, 18 Aug 2006 19:50:31 +0200 apr-util (1.2.7+dfsg-1) unstable; urgency=low * Remove dependency on libgdbm1 from libaprutil1-dev. * Build against libdb 4.4. Closes: #354510 * Remove most libs from apu-config --link-ld --libs. Thanks to Peter Samuelson, Closes: #378105 * Use md4 and md5 implementation from Solar Designer as this is in the public domain and not subject to RSA copyright. This requires a repacked source, so add +dfsg to the version number. -- Tollef Fog Heen Fri, 14 Jul 2006 15:31:22 +0200 apr-util (1.2.7-2) unstable; urgency=low * Fix override disparity. * Compile without gdbm. * Get rid of all the evil libtool hacks and adjust build-depends accordingly. * Remove --includedir parameter and adjust config.layout instead. This works around damage in newer autoconfs. -- Tollef Fog Heen Mon, 1 May 2006 17:05:28 +0200 apr-util (1.2.7-1) unstable; urgency=low * New upstream release * Tighten build dependency on apr to a version which ships get-version.sh * Grab get-version.sh from APR build * Pass --with-berkeley-db to configure so it actually picks up our preferred BDB version. -- Tollef Fog Heen Fri, 28 Apr 2006 21:59:55 +0200 apr-util (1.2.2-4) unstable; urgency=low * Compile with -fPIC. Closes: #350677 * Build with -i to avoid .svn directories in source. Closes: #357175 -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 apr-util (1.2.2-3) unstable; urgency=low * Add proper depends to libaprutil1-dev * Rename source package to match upstream. * Rename to libaprutil1 instead of libaprutil1.0 * Use libdb4.3, not 4.2 * Conflict with old package names * Add gdbm support * Fix call to configure to avoid double linking to sqlite and sqlite3 * Update to Standards Version: 3.6.2.2: no changes. * Add apu-config compatibility symlink. -- Tollef Fog Heen Fri, 27 Jan 2006 18:50:04 +0100 apr-util1.0 (1.2.2-2) unstable; urgency=low * Upgrade to debhelper v5 * Call dh_installdocs, so we actually get a copyright. -- Thom May Tue, 3 Jan 2006 13:05:02 +0000 apr-util1.0 (1.2.2-1) unstable; urgency=low * New upstream version * Enable postgres and sqlite3 support -- Thom May Fri, 30 Dec 2005 10:40:03 +0000 apr-util1.0 (1.1.2-1) unstable; urgency=low * New upstream release -- Thom May Sun, 8 May 2005 17:12:22 +0100 apr-util1.0 (1.1.0-1) unstable; urgency=low * New Upstream Release * First Package Release -- Thom May Wed, 17 Nov 2004 11:51:32 -0800