2 Changes with APR-util 0.9.19
4 *) Resolve build failure using bundled expat on some platforms.
7 Changes with APR-util 0.9.18
9 *) SECURITY: CVE-2010-1623 (cve.mitre.org)
10 Fix a denial of service attack against apr_brigade_split_line().
13 *) SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
14 Fix two buffer over-read flaws in the bundled copy of expat which
15 could cause applications to crash while parsing specially-crafted
16 XML documents. [Joe Orton, Rainer Jung]
18 *) SECURITY: CVE-2009-2412 (cve.mitre.org)
19 Fix overflow in rmm, where size alignment was taking place.
20 [Matt Lewis <mattlewis@google.com>, Sander Striker]
22 *) Upgrade bundled copy of expat library to 1.95.7.
23 [Joe Orton, Rainer Jung]
25 *) Make bundled expat compatible with libtool 2.x.
26 This only affects the release process. [Rainer Jung]
28 *) Prefer libtool 1.x when searching for libtool in
29 bundled expat release process. [Rainer Jung, Jim Jagielski]
31 *) Improve platform detection for bundled expat by updating
32 config.guess and config.sub. [Rainer Jung]
34 *) Add support for Berkeley DB 4.6 to 4.8.
35 [Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>,
38 Changes with APR-util 0.9.17
40 *) SECURITY: CVE-2009-1955 (cve.mitre.org)
41 Fix a denial of service attack against the apr_xml_* interface
42 using the "billion laughs" entity expansion technique.
45 Changes with APR-util 0.9.16
47 *) SECURITY: CVE-2009-0023 (cve.mitre.org)
48 Fix underflow in apr_strmatch_precompile.
49 [Matthew Palmer <mpalmer debian.org>]
51 *) SECURITY: CVE-2009-1956 (cve.mitre.org)
52 Fix off by one overflow in apr_brigade_vprintf.
53 [C. Michael Pilato <cmpilato collab.net>]
55 *) Better error detection for bucket allocation failures.
58 Changes with APR-util 0.9.15
60 *) Test improvements to validate testmd4 and testdbm, unattended.
63 Changes with APR-util 0.9.14
65 *) Fix handling of attribute namespaces in apr_xml_to_text() when
66 a namespace map is provided. PR 41908. [Joe Orton]
68 Changes with APR-util 0.9.13
70 *) Add support for Berkeley DB 4.5 to the configure scripts.
73 *) Allow apr_queue.h to be included before other APR headers.
74 PR 40891 [Henry Jen <henryjen ztune.net>]
76 *) Provide folding in autogenerated .manifest files for Win32 builders
77 using VisualStudio 2005 [William Rowe]
79 *) Fix incorrect byte order (PR 37342) and incorrect timestamp type
80 in the fallback UUID generator used when no external UUID generator
84 Changes with APR-util 0.9.12
86 *) Win32 / Netware - add missing apu_version.c for apu_version_string()
87 to the Windows and Netware specific builds. Unix platforms supported
88 this API since 0.9.1. [William Rowe, Brad Nicholes].
90 Changes with APR-util 0.9.11
92 *) Sync get-version.sh from apr source at ./buildconf time, to correctly
93 retrieve 2 digit subversion, which broke the 0.9.10 candidate, and
94 keep any other updates in sync going forwards. [William Rowe]
96 *) Port apr tree change for 'make check' test/ binaries on Darwin to
97 avoid -no-install which can break the tests. [William Rowe, Joe Orton]
99 Changes with APR-util 0.9.10
101 *) Minor build and runtime fixes.
103 Changes with APR-util 0.9.9
105 *) Unix: No longer require an APR source directory to be available at
106 ./configure time, by making use of mkdir.sh, make_exports.awk,
107 make_var_export.awk installed to the installbuilddir by APR >= 0.9.9.
110 *) Stop trying to link against Berkeley DB by default. To enable use
111 of Berkeley DB users must now explicitly pass --with-berkeley-db to
112 configure, since Berkeley DB is released under a viral license that
113 requires distribution of source code for any program that uses it.
116 *) Stop trying to link against GDBM by default. To enable use of GDBM
117 users must now explicitly pass --with-gdbm to configure, since GDBM
118 is licensed under the GPL.
121 *) Fix VPATH builds, and symlink builds where apr and apr-util
122 reside in parallel as symlinks to directories with more explicit
123 names, e.g. apr-1.x and apr-util-1.x. This solves various breakage
124 on Solaris in particular with ./buildconf and ./configure.
127 *) Add support for Berkeley DB 4.4 to the configure scripts.
130 Changes with APR-util 0.9.7
132 *) Fix apr_rmm_realloc() offset calculation bug. [Keith Kelleman
133 <keith.kelleman oracle.com>]
135 *) Fix handling of a premature EOF with the FILE bucket; a new bucket
136 is not inserted for each attempt to read past EOF. PR 34708.
137 [Jeff Trawick, Joe Orton]
139 *) Fix build failure with non-threaded APR on AIX. PR 34655.
140 [Ryan Murray <rmurray+apache cyberhqz.com>]
142 *) Backport the apr_reslist_timeout_set and apr_reslist_invalidate
143 functions already in APR 1.0.x. [Paul Querna]
145 *) Fix linking problem on cygwin. [Max Bowsher <maxb ukf.net>]
147 Changes with APR-util 0.9.6
149 *) Fix the detection of ldap.h on Solaris - it needs lber.h to be
150 defined first. [Graham Leggett]
152 *) Add an RPM spec file. [Graham Leggett]
154 *) Add a build script to create a solaris package. [Graham Leggett]
156 *) Add support for Berkeley DB 4.3. [Jani Averbach <jaa jaa.iki.fi>]
158 Changes with APR-util 0.9.5
160 *) Guarantee and require default address alignment for block offsets
161 within segments in the apr_rmm interface. PR 29873. [Joe Orton]
163 *) SECURITY: CAN-2004-0786 (cve.mitre.org)
164 Fix input validation in apr_uri_parse() to avoid passing negative
165 length to memcpy for malformed IPv6 literal addresses.
168 *) Fix build issues in paths containing symlinks. PR 8867.
171 *) Fix corrupt output from the apr_xlate_* interfaces on AIX 4.x.
174 *) Change the order in which ldap.h and lber.h are defined, to fix
175 a compile bug in Solaris v2.8 which requires lber.h then ldap.h.
176 PR 27379. [Andrew Connors <andy.connors idea.com>]
178 *) Restore support for SHA1 passwords in apr_validate_password.
179 PR 17343. [Paul Querna <chip force-elite.com>]
181 *) Fix DESTDIR install for bundled expat library. PR 14076
182 [David S. Madole <david madole.net>]
184 *) Fix occasional crash in apr_rmm_realloc(). PR 22915.
185 [Jay Shrauner <shrauner inktomi.com>]
187 *) Fix apr_dbm_exists() for sdbm when sizeof(int) != sizeof(size_t).
190 *) The whole codebase was relicensed and is now available under
191 the Apache License, Version 2.0 (http://www.apache.org/licenses).
192 [Apache Software Foundation]
194 *) Fix xlate.c compile failure on AIX 5.2. PR 25701. [Jeff Trawick]
196 *) Fixed a bug in apr_rmm that would cause it to mishandle blocks of
197 a size close to the one requested from the allocator.
198 [Kevin Wang <xwang_tech yahoo.com>]
200 Changes with APR-util 0.9.4
202 *) Changed apr_bucket_alloc_create() so that it uses the allocator
203 from the pool that was passed in rather than creating its own.
204 Also, the bucket_allocator is now allocated from the apr_allocator_t
205 rather than using apr_palloc(). Added apr_bucket_alloc_create_ex()
206 which takes an apr_allocator_t* directly rather than an apr_pool_t*.
207 [Cliff Woolley, Jean-Jacques Clar]
209 *) Added debugging consistency checks to the buckets code. Add
210 -DAPR_BUCKET_DEBUG to the build flags to enable.
213 *) Make the version of the db library APU built against visible.
216 *) Fix a problem with VPATH builds copying the APR rules.mk into the
217 source directory rather than the build directory. [Justin Erenkrantz]
219 *) SECURITY [httpd incident CAN-2003-0189] Address a thread safety
220 issue with apr_password_validate() on AIX, Linux, Mac OS X, and
221 possibly other platforms. [Jeff Trawick, Justin Erenkrantz]
223 *) Fix a problem with LDAP configuration which caused subsequent
224 configure tests to fail since LIBS contained LDAP libraries for
225 subsequent tests but LDFLAGS no longer included the path to such
226 LDAP libraries. [Jeff Trawick]
228 *) Fix a problem preventing the use of the bundled Expat when APR-util
229 is built stand-alone. [Jeff Trawick]
231 *) Use the same compiler and preprocessor for the APR-util config tests
232 which were used by APR. The user can override this via CC and CPP.
233 This was done all along for the actual build, but not necessarily
234 for the config tests. [Jeff Trawick]
236 *) Fix apr_uuid_parse() on EBCDIC machines. [Jeff Trawick]
238 *) Fix alignment problem when allocating memory using apr_rmm. The problem
239 showed up while trying to write a double in the memory allocated.
240 [Madhusudan Mathihalli]
242 Changes with APR-util 0.9.3
244 *) Allow apr_date_parse_rfc to parse 'Sun, 06-Nov-1994 08:49:37 GMT' as a
245 valid date. [Dmitri Tikhonov <dmitri@netilla.com>]
247 *) Fix error in apu-config when symlinks are involved.
248 [Garrett Rooney <rooneg@electricjellyfish.net>]
250 Changes with APR-util 0.9.2
252 *) Fix the APR_BUCKET_IS_foo() macros so they parenthesize their parameter.
253 This fixes compile problems with some types of parameters.
254 [Jim Carlson <jcarlson@jnous.com>]
256 *) Queue overwrite, we now return the item pushed, not a reference to it.
257 [Paul Marquis <PMarquis@pobox.com, Jacob Lewallen <jlwalle@cs.ucr.edu>]
259 *) Remove include/apr_ldap.h on distclean. PR 15592. [Justin Erenkrantz]
261 *) Fix race conditions in apr_queue.
262 [Jacob Lewallen <jlwalle@cs.ucr.edu>]
264 *) Stop buildconf copying rules.mk, copy it at configure time.
267 *) Make buildconf copy rules.mk as well.
268 [Garrett Rooney <rooneg@electricjellyfish.net>]
270 *) Add --includedir flag to apu-config. [Justin Erenkrantz]
272 *) Fix brokenness in sdbm when sizeof(int) != sizeof(size_t)
273 (e.g., 64-bit AIX, 64-bit Solaris). PR 14861. [Jeff Trawick]
275 *) Have buildconf copy required files from apr so that apr-util can build
276 on its own. [Craig Rodrigues <rodrigc@attbi.com>]
278 *) Detect OpenLDAP when used with Solaris 9. PR 13427.
279 [Gary Algier <gaa@ulticom.com>]
281 *) Detect Berkeley DB 4.1 when compiled with --with-uniquenames
284 *) Allow apu-config to work in symlinked install directories when
285 'realpath' is available. [Justin Erenkrantz]
287 *) Fix bug in apr_strmatch when used with case-insensitive patterns.
290 *) Allow apr_queue to have greater than int number of elements.
293 *) Detect Berkeley DB 4.0 compiled with --with-uniquenames.
294 [Philip Martin <philip@codematters.co.uk>]
296 *) Allocate brigades from a bucket allocator rather than a pool. [Brian Pane]
298 *) Update with the latest APR renames [Thom May]
300 *) Update doxygen tags. [Justin Erenkrantz]
302 *) Add apr_ldap.hw for Windows build.
303 [Andre Schild <A.Schild@aarboard.ch>]
305 *) Add IPv6 literal address support to apr_uri_parse(), apr_uri_unparse(),
306 and apr_uri_parse_hostinfo(). PR 11887 [Jeff Trawick]
308 *) Add apr_brigade_writev() [Brian Pane]
310 *) Add support for Berkeley DB 4.1. [Justin Erenkrantz]
312 *) Add --bindir option to apu-config. [Justin Erenkrantz]
314 Changes with APR-util 0.9.1
316 *) Add versioning infrastructure.
319 *) Running "make check" in the toplevel directory or the test/ directory
320 will build and run all test programs. [Aaron Bannert]
322 *) Bug #9789 : NDBM support
323 [Toomas Soome <tsoome@muhv.pri.ee>, Ian Holsman]
325 *) Added a Thread safe FIFO bounded buffer (apr_queue) [Ian Holsman]
327 *) Changed file_bucket_setaside() to use apr_file_setaside() instead
328 of turning the file bucket into an mmap bucket. [Brian Pane]
330 *) Install libaprutil support libraries before installing libaprutil
331 itself, since on some platforms libaprutil is relinked during
332 make install and the support libraries need to exist already.
335 *) Added a Resource List API for threadsafe access to persistent
336 and dynamically created user-defined resources. [Aaron Bannert]
338 *) Adopted apr-util/xlate from apr/i18n for inclusion of apr-iconv
339 as required by missing libiconv. [William Rowe]
341 *) Adopted apr-util/crypto/ uuid and md5 from apr. [William Rowe]
343 *) Look for expat in lib64 directories. [Peter Poeml <poeml@suse.de>]
345 *) Faster implementation of apr_brigade_puts() [Brian Pane]
347 *) Fixed a segfault in apr_date_parse_rfc() for some date formats
348 where it was trying to overlay a potentially static input
349 string even though it didn't really need to.
350 [Cliff Woolley, Doug MacEachern]
352 *) Ensure that apu-config does not print libtool libraries when
353 using --libs. [Justin Erenkrantz]
355 *) Added apr_bucket_file_enable_mmap() function to the bucket
356 API to let an application control whether a file bucket may
357 be turned into an mmap bucket upon read. (The default remains
358 to do the mmap, but this function lets the app prevent the
359 mmap in contexts where mmap would be a bad idea. Examples
360 include multiprocessors where mmap doesn't scale well and
361 NFS-mounted filesystems where a bus error can result if
362 a memory-mapped file is removed or truncated.) [Brian Pane]
364 *) Added string-matching API (apr_strmatch.h) [Brian Pane]
366 *) Rearrange INCLUDES so that APRUTIL_PRIV_INCLUDES is always
367 first. [Garrett Rooney <rooneg@electricjellyfish.net>]
369 *) Add --old-expat option to apu-config to allow users of apr-util to
370 determine what expat it should expect to be installed. If the
371 flag is set to yes, it should include xmlparse.h. If it is set to
372 no, it should include expat.h. [Justin Erenkrantz]
374 *) Fix exporting of includes in apu-config. [Justin Erenkrantz]
376 *) Change bucket brigades API to allow a "bucket allocator" to be
377 passed in at certain points. This allows us to implement freelists
378 so that we can stop using malloc/free so frequently.
379 [Cliff Woolley, Brian Pane]
381 *) add apr_rmm_realloc() function
382 [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
384 *) renames: apr_ansi_time_to_apr_time becomes apr_time_ansi_put
385 ap_exploded_time_t becomes apr_time_exp_t
386 [Thom May <thom@planetarytramp.net>]
388 *) Add detection support for FreeBSD's expat and expat2 ports.
391 *) Deprecate check_brigade_flush(), which had several nasty bugs, and
392 which was causing apr_brigade_write()'s logic to be less than obvious.
393 Everything is now done in a slightly rearranged apr_brigade_write().
396 *) Don't add /usr/include to the INCLUDES variable on expat's account.
397 [Joe Orton <joe@manyfish.co.uk>]
399 *) Remove the autoconf 2.5x cache directory in buildconf.
400 [Joe Orton <joe@manyfish.co.uk>]
402 *) BerkleyDB should NULL out the key if it is @EOF in vt_db_nextkey
405 *) Add ability to natively fetch and split brigades based on LF lines.
408 *) add --with-berkeley-db=DIR & --with-gdbm configure flags
409 [Ian Holsman/Justin Erenkrantz]
411 *) Fix expat detection to recognize installed versions.
412 [Eric Gillespie, Jr. <epg@pretzelnet.org>]
414 *) Add find_apu.m4 to allow third-party programs that use APR-util
415 to have a standard m4 macro for detection. [Justin Erenkrantz]
417 *) Add apu-config - a shell script to allow third-party programs
418 easy access to APR configuration parameters. [Justin Erenkrantz]
420 *) Add GMT offset calculation to apr_date_parse_rfc().
423 *) Introduce the apr_rmm api, to allow relocatable memory management
424 of address-independent data stores, such as shared memory.
427 *) Rework and fix VPATH-build support. [Justin Erenkrantz]
429 *) Add support for Berkeley DB4. [Justin Erenkrantz]
431 *) Improve testdbm help. [Justin Erenkrantz]
433 *) Improve autoconf detection of DBMs. [Justin Erenkrantz]
435 *) BerkeleyDBM v2 now checks minor level for cursor ops [Ian Holsman]
437 *) Reading a file bucket bigger than APR_MMAP_LIMIT (4MB) now yields
438 a string of 4MB mmap buckets, rather than a string of 8KB heap buckets
439 plus a 4MB mmap bucket. To accomodate this, the mmap bucket destroy
440 function explicitly deletes the apr_mmap_t after last reference
441 to avoid having too much of a large file mapped at once if possible.
444 *) Multi-DBM support (via apr_dbm_open_ex). [Ian Holsman]
446 *) Use apr_mmap_dup in mmap_setaside(). [Brian Pane <bpane@pacbell.net>]
448 *) Dropped the "w" parameter from apr_bucket_heap_create() and
449 apr_bucket_heap_make(). That parameter was originally intended
450 to return the amount of data copied into the bucket, but it
451 ended up being unnecessary because that amount is invariant from
452 the size of the data and is available as b->length in the
453 resulting bucket anyway. [Cliff Woolley]
455 *) Fix Makefile conversion for BSD/OS. [Cliff Woolley]
457 *) Use APR_XtOffsetOf instead of offsetof() in the ring macros for
458 portability. [Cliff Woolley]
460 *) We now create exports.c and export_vars.h, which in turn create
461 exports.c. From this we generate two more files with different
462 purposes: aprutil.exp - list of exported symbols; and exports.lo
463 (exports.o) - an object file that can be linked with an executable
464 to force resolution of all apr-util symbols. [Aaron Bannert]
466 *) Fix Berkley DBM support [Ian Holsman <ianh@apache.org>]
468 *) Fix apr_brigade_vprintf so that it can handle more than
469 4k of data at one time. [Cody Sherr <csherr@covalent.net>]
471 *) prefix UNP_* flags with APR_URI_
474 apr_uri_components -> apr_uri_t
475 apr_uri_unparse_components -> apr_uri_unparse
476 apr_uri_parse_components -> apr_uri_parse
477 apr_uri_parse_hostinfo_components -> apr_uri_parse_hostinfo
479 s/APU_URI_/APR_URI_/g
482 *) Landed the link-to-LDAP to the build process, and the LDAP v2/v3
483 compatibility functions.
484 [Dave Carrigan <dave@rudedog.org>, Graham Leggett]
486 *) Fix URI unparse function to handle the case where it would place a @
487 when both the username and password were present but omitted.
488 [Jon Travis <jtravis@covalent.net]
490 *) Added apr_xml_parse_file() routine and a testxml program.
491 [Ian Holsman <ianh@cnet.com>]
493 *) Extend apr_bucket struct to add a pointer to a function used
494 to free the bucket. This change enables custom buckets to
495 completely specify how they are to be allocated and freed.
496 Before this change, custom buckets were required to use the
497 same memory allocation scheme as the standard APR buckets.
498 [Saeid Sakhitab, Bill Stoddard, Cliff Woolley, Roy Fielding]
500 *) Install Expat when installing APR-util. [Justin Erenkrantz]
502 *) Make APR-util configure script rely on APR. This removes the locally
503 generated copy of libtool and uses the one in APR. Fix up how we
504 call the expat configure script. Generate config.nice file.
507 *) The apr_bucket lengths are now consistently apr_size_t, while any
508 apr_brigade lengths (short of a read) are consistently apr_off_t.
509 This is required for APR_HAS_LARGE_FILES handling. [William Rowe]
511 *) apr_bucket_file_create() and apr_bucket_file_make() now take a pool
512 parameter which is the pool into which any needed data structures
513 should be created during file_read(). This is used for MMAPing the
514 file and reopening the file if the original apr_file_t is in XTHREAD
515 mode. [Cliff Woolley]
517 *) apr_brigade_partition() now returns an apr_status_t. [Cliff Woolley]
519 *) Add MD4 implementation in crypto. [Sander Striker, Justin Erenkrantz]
521 *) Moved httpd 2.0.18's util_date to apr_date and enhanced its parsing
522 capabilities. [Justin Erenkrantz]
524 *) Moved httpd 2.0.18's util_uri to apr_uri and name-protected its
525 symbols and functions. [Justin Erenkrantz, Roy Fielding]
527 *) Rename field "private" in struct apr_xml_elem to "priv" for C++
528 compatibility. PR #7727 [Joshua MacDonald <jmacd@cs.berkeley.edu>]
530 *) Make APR_IMPLEMENT_EXTERNAL_HOOK_BASE generate a
531 ${namespace}_hook_get_${hookname} function to fetch the
532 list of registered hooks [Doug MacEachern]
534 *) Allow LTFLAGS to be overridden by the configure command-line
535 (default="--silent") and introduce LT_LDFLAGS. [Roy Fielding]
537 *) Add APR_SHARELOCK support to apr_sdbm_open(), locking read operations
538 with a shared lock and all write ops with an excl lock. [Will Rowe]
540 *) Namespace protect apr_sdbm, and normalize the return values (including
541 the apr_sdbm_fetch, apr_sdbm_firstkey and apr_sdbm_nextkey functions).
542 Normalized the get/clear error function names, and stores the actual
543 apr error for apr_sdbm_error_get. [Will Rowe]
545 *) Introduce an apr_fileperms_t argument to apr_dbm_open(). [Will Rowe]
547 *) Removed apr_bucket_do_create() macro, which was causing warnings
548 about unreachable code in some compilers (notably MSVC). What
549 used to be done by this macro is now done inline in the various
550 apr_bucket_foo_create() functions. [Cliff Woolley]
552 *) Make clean, distclean, and extraclean consistently according to the
553 Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz@ebuilt.com>]
555 *) Migrate the --disable-libtool changes from APR to APR-util.
556 This cleans things up, and allows more flexibility when building
557 programs. [Ryan Bloom]
559 *) Allow APR-util to be compiled without libtool. The default is
560 to use libtool, but it can turned off with --disable-libtool
561 on the configure command. [Ryan Bloom]
563 *) Repair calling convention for apr_register_optional_fn to
564 eliminate GP fault on Win32. [William Rowe]
566 *) Substantial changes to correct linkage and declarations for
567 generic hooks on dso architectures. [Ben Laurie, Will Rowe]
569 *) apr_bucket_shared_destroy() now returns a boolean value.
572 *) We have to initialize the heap buckets to the correct length.
573 we were seeing heap buckets with 17 chars in them reporting
574 a length of 9017, because they were initialized to the amount
575 of memory allocated, instead of the amount of memory used.
576 This was only an issue for heap buckets created by the
577 apr_brigade_* functions. [Ryan Bloom]
579 *) apr_bucket_init_types() and apr_bucket_insert_type() have been
580 removed... they're not needed anymore. [Cliff Woolley]
582 *) The apr_bucket_shared and apr_bucket_simple structures have been
583 removed as an API simplification/optimization. This should be
584 transparent outside APR-util except to callers who attempt to
585 directly manipulate the buckets' internal structure (which is
586 not recommended anyway) and to callers who create their own
587 bucket types. [Cliff Woolley]
589 *) apr_bucket_simple_split() and apr_bucket_simple_copy() are now
590 exported functions, which could be helpful in implementing
591 external bucket types. [Cliff Woolley]
593 *) The third parameter to apr_bucket_shared_make() is now
594 'apr_off_t length' rather than 'apr_off_t end', since the
595 end usually had to be computed by the caller and all we
596 really want is the length anyway. [Cliff Woolley]