1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
-*- coding: utf-8 -*-
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Changes for APR 1.7.0
*) apr_dir_read: [Unix] Dropped the preference of the dirread_r() flavor
for dirread(), because the former is both deprecated and unneeded.
[Yann Ylavic, William Rowe]
*) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points
as symlinks, and not other reparse tag types. PR47630
[Oleg Liatte <olegliatte gmail.com>]
*) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the
case of apparently equivilant long and long long types. [William Rowe]
*) Recognize APPLE predefined macros as equivilant to DARWIN. [Jim Jagielski]
*) Signals: Allow handling of SIGUSR2 in apr_signal_thread. [Yann Ylavic]
*) Atomics: Support for 64bit ints. [Jim Jagielski]
*) Add the apr_encode_* API that implements RFC4648 and RFC7515
compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16
encode/decode functions. [Graham Leggett]
*) rand: Use arc4random_buf() on BSD platforms and getrandom() on Linux,
when available. [Christian Weisgerber <naddy openbsd.org, Yann Ylavic]
*) Add apr_sockaddr_zone_set, apr_sockaddr_zone_set to set and retrieve
the zone for link-local IPv6 addresses. [Joe Orton]
*) apr_sockaddr_equal: Compare link-local IPv6 addresses with different
zones as not equal. [Joe Orton]
*) apr_sockaddr_ip_getbuf, apr_sockaddr_ip_get: Append "%zone" for
IPv6 link-local addresses. [Joe Orton]
*) Locks: add a --disable-timedlocks config option in case users
encounter more platforms where it fails [Nick Kew].
*) apr_allocator, apr_pools: Add apr_allocator_page_size() and
apr_allocator_min_order_set() to respectively get the (system's) page size
in use and set the minimum allocation size for an allocator (expressed in
2^order pages). [Yann Ylavic]
*) locks: provide portable implementations of timedlock()s for
posix-sems, sysv-sems and pthreads for those platforms that
lack native versions (eg: OSX/macOS). [Jim Jagielski]
*) locks: Introduce apr_{thread,proc,global}_mutex_timedlock().
[Yann Ylavic]
Changes for APR 1.6.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.6.x/CHANGES?view=markup
Changes for APR 1.5.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.5.x/CHANGES?view=markup
Changes for APR 1.4.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/CHANGES?view=markup
Changes for APR 1.3.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?view=markup
Changes for APR 1.2.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/CHANGES?view=markup
Changes for APR 1.1.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.1.x/CHANGES?view=markup
Changes for APR 1.0.x and later:
*) http://svn.apache.org/viewvc/apr/apr/branches/1.0.x/CHANGES?view=markup
Changes for APR 0.9.x and later/earlier:
*) http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?view=markup
|