-*- coding: utf-8 -*- Changes with APR-util 0.9.20 *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] Changes with APR-util 0.9.19 *) Resolve build failure using bundled expat on some platforms. [Rainer Jung] Changes with APR-util 0.9.18 *) SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). [Stefan Fritsch] *) SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause applications to crash while parsing specially-crafted XML documents. [Joe Orton, Rainer Jung] *) SECURITY: CVE-2009-2412 (cve.mitre.org) Fix overflow in rmm, where size alignment was taking place. [Matt Lewis , Sander Striker] *) Upgrade bundled copy of expat library to 1.95.7. [Joe Orton, Rainer Jung] *) Make bundled expat compatible with libtool 2.x. This only affects the release process. [Rainer Jung] *) Prefer libtool 1.x when searching for libtool in bundled expat release process. [Rainer Jung, Jim Jagielski] *) Improve platform detection for bundled expat by updating config.guess and config.sub. [Rainer Jung] *) Add support for Berkeley DB 4.6 to 4.8. [Arfrever Frehtes Taifersar Arahesis , Rainer Jung] Changes with APR-util 0.9.17 *) SECURITY: CVE-2009-1955 (cve.mitre.org) Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. [Joe Orton] Changes with APR-util 0.9.16 *) SECURITY: CVE-2009-0023 (cve.mitre.org) Fix underflow in apr_strmatch_precompile. [Matthew Palmer ] *) SECURITY: CVE-2009-1956 (cve.mitre.org) Fix off by one overflow in apr_brigade_vprintf. [C. Michael Pilato ] *) Better error detection for bucket allocation failures. [Jim Jagielski] Changes with APR-util 0.9.15 *) Test improvements to validate testmd4 and testdbm, unattended. [Bojan Smojver] Changes with APR-util 0.9.14 *) Fix handling of attribute namespaces in apr_xml_to_text() when a namespace map is provided. PR 41908. [Joe Orton] Changes with APR-util 0.9.13 *) Add support for Berkeley DB 4.5 to the configure scripts. [Garrett Rooney] *) Allow apr_queue.h to be included before other APR headers. PR 40891 [Henry Jen ] *) Provide folding in autogenerated .manifest files for Win32 builders using VisualStudio 2005 [William Rowe] *) Fix incorrect byte order (PR 37342) and incorrect timestamp type in the fallback UUID generator used when no external UUID generator is detected by APR. [Max Bowsher] Changes with APR-util 0.9.12 *) Win32 / Netware - add missing apu_version.c for apu_version_string() to the Windows and Netware specific builds. Unix platforms supported this API since 0.9.1. [William Rowe, Brad Nicholes]. Changes with APR-util 0.9.11 *) Sync get-version.sh from apr source at ./buildconf time, to correctly retrieve 2 digit subversion, which broke the 0.9.10 candidate, and keep any other updates in sync going forwards. [William Rowe] *) Port apr tree change for 'make check' test/ binaries on Darwin to avoid -no-install which can break the tests. [William Rowe, Joe Orton] Changes with APR-util 0.9.10 *) Minor build and runtime fixes. Changes with APR-util 0.9.9 *) Unix: No longer require an APR source directory to be available at ./configure time, by making use of mkdir.sh, make_exports.awk, make_var_export.awk installed to the installbuilddir by APR >= 0.9.9. [Max Bowsher] *) Stop trying to link against Berkeley DB by default. To enable use of Berkeley DB users must now explicitly pass --with-berkeley-db to configure, since Berkeley DB is released under a viral license that requires distribution of source code for any program that uses it. [Garrett Rooney] *) Stop trying to link against GDBM by default. To enable use of GDBM users must now explicitly pass --with-gdbm to configure, since GDBM is licensed under the GPL. [Garrett Rooney] *) Fix VPATH builds, and symlink builds where apr and apr-util reside in parallel as symlinks to directories with more explicit names, e.g. apr-1.x and apr-util-1.x. This solves various breakage on Solaris in particular with ./buildconf and ./configure. [William Rowe] *) Add support for Berkeley DB 4.4 to the configure scripts. [Garrett Rooney] Changes with APR-util 0.9.7 *) Fix apr_rmm_realloc() offset calculation bug. [Keith Kelleman ] *) Fix handling of a premature EOF with the FILE bucket; a new bucket is not inserted for each attempt to read past EOF. PR 34708. [Jeff Trawick, Joe Orton] *) Fix build failure with non-threaded APR on AIX. PR 34655. [Ryan Murray ] *) Backport the apr_reslist_timeout_set and apr_reslist_invalidate functions already in APR 1.0.x. [Paul Querna] *) Fix linking problem on cygwin. [Max Bowsher ] Changes with APR-util 0.9.6 *) Fix the detection of ldap.h on Solaris - it needs lber.h to be defined first. [Graham Leggett] *) Add an RPM spec file. [Graham Leggett] *) Add a build script to create a solaris package. [Graham Leggett] *) Add support for Berkeley DB 4.3. [Jani Averbach ] Changes with APR-util 0.9.5 *) Guarantee and require default address alignment for block offsets within segments in the apr_rmm interface. PR 29873. [Joe Orton] *) SECURITY: CAN-2004-0786 (cve.mitre.org) Fix input validation in apr_uri_parse() to avoid passing negative length to memcpy for malformed IPv6 literal addresses. [Joe Orton] *) Fix build issues in paths containing symlinks. PR 8867. [Joe Orton] *) Fix corrupt output from the apr_xlate_* interfaces on AIX 4.x. [Joe Orton] *) Change the order in which ldap.h and lber.h are defined, to fix a compile bug in Solaris v2.8 which requires lber.h then ldap.h. PR 27379. [Andrew Connors ] *) Restore support for SHA1 passwords in apr_validate_password. PR 17343. [Paul Querna ] *) Fix DESTDIR install for bundled expat library. PR 14076 [David S. Madole ] *) Fix occasional crash in apr_rmm_realloc(). PR 22915. [Jay Shrauner ] *) Fix apr_dbm_exists() for sdbm when sizeof(int) != sizeof(size_t). [Joe Orton] *) The whole codebase was relicensed and is now available under the Apache License, Version 2.0 (http://www.apache.org/licenses). [Apache Software Foundation] *) Fix xlate.c compile failure on AIX 5.2. PR 25701. [Jeff Trawick] *) Fixed a bug in apr_rmm that would cause it to mishandle blocks of a size close to the one requested from the allocator. [Kevin Wang ] Changes with APR-util 0.9.4 *) Changed apr_bucket_alloc_create() so that it uses the allocator from the pool that was passed in rather than creating its own. Also, the bucket_allocator is now allocated from the apr_allocator_t rather than using apr_palloc(). Added apr_bucket_alloc_create_ex() which takes an apr_allocator_t* directly rather than an apr_pool_t*. [Cliff Woolley, Jean-Jacques Clar] *) Added debugging consistency checks to the buckets code. Add -DAPR_BUCKET_DEBUG to the build flags to enable. [Cliff Woolley] *) Make the version of the db library APU built against visible. [Thom May] *) Fix a problem with VPATH builds copying the APR rules.mk into the source directory rather than the build directory. [Justin Erenkrantz] *) SECURITY [httpd incident CAN-2003-0189] Address a thread safety issue with apr_password_validate() on AIX, Linux, Mac OS X, and possibly other platforms. [Jeff Trawick, Justin Erenkrantz] *) Fix a problem with LDAP configuration which caused subsequent configure tests to fail since LIBS contained LDAP libraries for subsequent tests but LDFLAGS no longer included the path to such LDAP libraries. [Jeff Trawick] *) Fix a problem preventing the use of the bundled Expat when APR-util is built stand-alone. [Jeff Trawick] *) Use the same compiler and preprocessor for the APR-util config tests which were used by APR. The user can override this via CC and CPP. This was done all along for the actual build, but not necessarily for the config tests. [Jeff Trawick] *) Fix apr_uuid_parse() on EBCDIC machines. [Jeff Trawick] *) Fix alignment problem when allocating memory using apr_rmm. The problem showed up while trying to write a double in the memory allocated. [Madhusudan Mathihalli] Changes with APR-util 0.9.3 *) Allow apr_date_parse_rfc to parse 'Sun, 06-Nov-1994 08:49:37 GMT' as a valid date. [Dmitri Tikhonov ] *) Fix error in apu-config when symlinks are involved. [Garrett Rooney ] Changes with APR-util 0.9.2 *) Fix the APR_BUCKET_IS_foo() macros so they parenthesize their parameter. This fixes compile problems with some types of parameters. [Jim Carlson ] *) Queue overwrite, we now return the item pushed, not a reference to it. [Paul Marquis ] *) Remove include/apr_ldap.h on distclean. PR 15592. [Justin Erenkrantz] *) Fix race conditions in apr_queue. [Jacob Lewallen ] *) Stop buildconf copying rules.mk, copy it at configure time. [Thom May] *) Make buildconf copy rules.mk as well. [Garrett Rooney ] *) Add --includedir flag to apu-config. [Justin Erenkrantz] *) Fix brokenness in sdbm when sizeof(int) != sizeof(size_t) (e.g., 64-bit AIX, 64-bit Solaris). PR 14861. [Jeff Trawick] *) Have buildconf copy required files from apr so that apr-util can build on its own. [Craig Rodrigues ] *) Detect OpenLDAP when used with Solaris 9. PR 13427. [Gary Algier ] *) Detect Berkeley DB 4.1 when compiled with --with-uniquenames [Thom May] *) Allow apu-config to work in symlinked install directories when 'realpath' is available. [Justin Erenkrantz] *) Fix bug in apr_strmatch when used with case-insensitive patterns. [Justin Erenkrantz] *) Allow apr_queue to have greater than int number of elements. [Justin Erenkrantz] *) Detect Berkeley DB 4.0 compiled with --with-uniquenames. [Philip Martin ] *) Allocate brigades from a bucket allocator rather than a pool. [Brian Pane] *) Update with the latest APR renames [Thom May] *) Update doxygen tags. [Justin Erenkrantz] *) Add apr_ldap.hw for Windows build. [Andre Schild ] *) Add IPv6 literal address support to apr_uri_parse(), apr_uri_unparse(), and apr_uri_parse_hostinfo(). PR 11887 [Jeff Trawick] *) Add apr_brigade_writev() [Brian Pane] *) Add support for Berkeley DB 4.1. [Justin Erenkrantz] *) Add --bindir option to apu-config. [Justin Erenkrantz] Changes with APR-util 0.9.1 *) Add versioning infrastructure. [Justin Erenkrantz] *) Running "make check" in the toplevel directory or the test/ directory will build and run all test programs. [Aaron Bannert] *) Bug #9789 : NDBM support [Toomas Soome , Ian Holsman] *) Added a Thread safe FIFO bounded buffer (apr_queue) [Ian Holsman] *) Changed file_bucket_setaside() to use apr_file_setaside() instead of turning the file bucket into an mmap bucket. [Brian Pane] *) Install libaprutil support libraries before installing libaprutil itself, since on some platforms libaprutil is relinked during make install and the support libraries need to exist already. [Jeff Trawick] *) Added a Resource List API for threadsafe access to persistent and dynamically created user-defined resources. [Aaron Bannert] *) Adopted apr-util/xlate from apr/i18n for inclusion of apr-iconv as required by missing libiconv. [William Rowe] *) Adopted apr-util/crypto/ uuid and md5 from apr. [William Rowe] *) Look for expat in lib64 directories. [Peter Poeml ] *) Faster implementation of apr_brigade_puts() [Brian Pane] *) Fixed a segfault in apr_date_parse_rfc() for some date formats where it was trying to overlay a potentially static input string even though it didn't really need to. [Cliff Woolley, Doug MacEachern] *) Ensure that apu-config does not print libtool libraries when using --libs. [Justin Erenkrantz] *) Added apr_bucket_file_enable_mmap() function to the bucket API to let an application control whether a file bucket may be turned into an mmap bucket upon read. (The default remains to do the mmap, but this function lets the app prevent the mmap in contexts where mmap would be a bad idea. Examples include multiprocessors where mmap doesn't scale well and NFS-mounted filesystems where a bus error can result if a memory-mapped file is removed or truncated.) [Brian Pane] *) Added string-matching API (apr_strmatch.h) [Brian Pane] *) Rearrange INCLUDES so that APRUTIL_PRIV_INCLUDES is always first. [Garrett Rooney ] *) Add --old-expat option to apu-config to allow users of apr-util to determine what expat it should expect to be installed. If the flag is set to yes, it should include xmlparse.h. If it is set to no, it should include expat.h. [Justin Erenkrantz] *) Fix exporting of includes in apu-config. [Justin Erenkrantz] *) Change bucket brigades API to allow a "bucket allocator" to be passed in at certain points. This allows us to implement freelists so that we can stop using malloc/free so frequently. [Cliff Woolley, Brian Pane] *) add apr_rmm_realloc() function [Madhusudan Mathihalli ] *) renames: apr_ansi_time_to_apr_time becomes apr_time_ansi_put ap_exploded_time_t becomes apr_time_exp_t [Thom May ] *) Add detection support for FreeBSD's expat and expat2 ports. [Justin Erenkrantz] *) Deprecate check_brigade_flush(), which had several nasty bugs, and which was causing apr_brigade_write()'s logic to be less than obvious. Everything is now done in a slightly rearranged apr_brigade_write(). [Cliff Woolley] *) Don't add /usr/include to the INCLUDES variable on expat's account. [Joe Orton ] *) Remove the autoconf 2.5x cache directory in buildconf. [Joe Orton ] *) BerkleyDB should NULL out the key if it is @EOF in vt_db_nextkey [Ian Holsman] *) Add ability to natively fetch and split brigades based on LF lines. [Justin Erenkrantz] *) add --with-berkeley-db=DIR & --with-gdbm configure flags [Ian Holsman/Justin Erenkrantz] *) Fix expat detection to recognize installed versions. [Eric Gillespie, Jr. ] *) Add find_apu.m4 to allow third-party programs that use APR-util to have a standard m4 macro for detection. [Justin Erenkrantz] *) Add apu-config - a shell script to allow third-party programs easy access to APR configuration parameters. [Justin Erenkrantz] *) Add GMT offset calculation to apr_date_parse_rfc(). [Justin Erenkrantz] *) Introduce the apr_rmm api, to allow relocatable memory management of address-independent data stores, such as shared memory. [William Rowe] *) Rework and fix VPATH-build support. [Justin Erenkrantz] *) Add support for Berkeley DB4. [Justin Erenkrantz] *) Improve testdbm help. [Justin Erenkrantz] *) Improve autoconf detection of DBMs. [Justin Erenkrantz] *) BerkeleyDBM v2 now checks minor level for cursor ops [Ian Holsman] *) Reading a file bucket bigger than APR_MMAP_LIMIT (4MB) now yields a string of 4MB mmap buckets, rather than a string of 8KB heap buckets plus a 4MB mmap bucket. To accomodate this, the mmap bucket destroy function explicitly deletes the apr_mmap_t after last reference to avoid having too much of a large file mapped at once if possible. [Cliff Woolley] *) Multi-DBM support (via apr_dbm_open_ex). [Ian Holsman] *) Use apr_mmap_dup in mmap_setaside(). [Brian Pane ] *) Dropped the "w" parameter from apr_bucket_heap_create() and apr_bucket_heap_make(). That parameter was originally intended to return the amount of data copied into the bucket, but it ended up being unnecessary because that amount is invariant from the size of the data and is available as b->length in the resulting bucket anyway. [Cliff Woolley] *) Fix Makefile conversion for BSD/OS. [Cliff Woolley] *) Use APR_XtOffsetOf instead of offsetof() in the ring macros for portability. [Cliff Woolley] *) We now create exports.c and export_vars.h, which in turn create exports.c. From this we generate two more files with different purposes: aprutil.exp - list of exported symbols; and exports.lo (exports.o) - an object file that can be linked with an executable to force resolution of all apr-util symbols. [Aaron Bannert] *) Fix Berkley DBM support [Ian Holsman ] *) Fix apr_brigade_vprintf so that it can handle more than 4k of data at one time. [Cody Sherr ] *) prefix UNP_* flags with APR_URI_ rename: apr_uri_components -> apr_uri_t apr_uri_unparse_components -> apr_uri_unparse apr_uri_parse_components -> apr_uri_parse apr_uri_parse_hostinfo_components -> apr_uri_parse_hostinfo s/APU_URI_/APR_URI_/g [Perl] *) Landed the link-to-LDAP to the build process, and the LDAP v2/v3 compatibility functions. [Dave Carrigan , Graham Leggett] *) Fix URI unparse function to handle the case where it would place a @ when both the username and password were present but omitted. [Jon Travis ] *) Extend apr_bucket struct to add a pointer to a function used to free the bucket. This change enables custom buckets to completely specify how they are to be allocated and freed. Before this change, custom buckets were required to use the same memory allocation scheme as the standard APR buckets. [Saeid Sakhitab, Bill Stoddard, Cliff Woolley, Roy Fielding] *) Install Expat when installing APR-util. [Justin Erenkrantz] *) Make APR-util configure script rely on APR. This removes the locally generated copy of libtool and uses the one in APR. Fix up how we call the expat configure script. Generate config.nice file. [Justin Erenkrantz] *) The apr_bucket lengths are now consistently apr_size_t, while any apr_brigade lengths (short of a read) are consistently apr_off_t. This is required for APR_HAS_LARGE_FILES handling. [William Rowe] *) apr_bucket_file_create() and apr_bucket_file_make() now take a pool parameter which is the pool into which any needed data structures should be created during file_read(). This is used for MMAPing the file and reopening the file if the original apr_file_t is in XTHREAD mode. [Cliff Woolley] *) apr_brigade_partition() now returns an apr_status_t. [Cliff Woolley] *) Add MD4 implementation in crypto. [Sander Striker, Justin Erenkrantz] *) Moved httpd 2.0.18's util_date to apr_date and enhanced its parsing capabilities. [Justin Erenkrantz] *) Moved httpd 2.0.18's util_uri to apr_uri and name-protected its symbols and functions. [Justin Erenkrantz, Roy Fielding] *) Rename field "private" in struct apr_xml_elem to "priv" for C++ compatibility. PR #7727 [Joshua MacDonald ] *) Make APR_IMPLEMENT_EXTERNAL_HOOK_BASE generate a ${namespace}_hook_get_${hookname} function to fetch the list of registered hooks [Doug MacEachern] *) Allow LTFLAGS to be overridden by the configure command-line (default="--silent") and introduce LT_LDFLAGS. [Roy Fielding] *) Add APR_SHARELOCK support to apr_sdbm_open(), locking read operations with a shared lock and all write ops with an excl lock. [Will Rowe] *) Namespace protect apr_sdbm, and normalize the return values (including the apr_sdbm_fetch, apr_sdbm_firstkey and apr_sdbm_nextkey functions). Normalized the get/clear error function names, and stores the actual apr error for apr_sdbm_error_get. [Will Rowe] *) Introduce an apr_fileperms_t argument to apr_dbm_open(). [Will Rowe] *) Removed apr_bucket_do_create() macro, which was causing warnings about unreachable code in some compilers (notably MSVC). What used to be done by this macro is now done inline in the various apr_bucket_foo_create() functions. [Cliff Woolley] *) Make clean, distclean, and extraclean consistently according to the Gnu makefile guidelines. [Justin Erenkrantz ] *) Migrate the --disable-libtool changes from APR to APR-util. This cleans things up, and allows more flexibility when building programs. [Ryan Bloom] *) Allow APR-util to be compiled without libtool. The default is to use libtool, but it can turned off with --disable-libtool on the configure command. [Ryan Bloom] *) Repair calling convention for apr_register_optional_fn to eliminate GP fault on Win32. [William Rowe] *) Substantial changes to correct linkage and declarations for generic hooks on dso architectures. [Ben Laurie, Will Rowe] *) apr_bucket_shared_destroy() now returns a boolean value. [Cliff Woolley] *) We have to initialize the heap buckets to the correct length. we were seeing heap buckets with 17 chars in them reporting a length of 9017, because they were initialized to the amount of memory allocated, instead of the amount of memory used. This was only an issue for heap buckets created by the apr_brigade_* functions. [Ryan Bloom] *) apr_bucket_init_types() and apr_bucket_insert_type() have been removed... they're not needed anymore. [Cliff Woolley] *) The apr_bucket_shared and apr_bucket_simple structures have been removed as an API simplification/optimization. This should be transparent outside APR-util except to callers who attempt to directly manipulate the buckets' internal structure (which is not recommended anyway) and to callers who create their own bucket types. [Cliff Woolley] *) apr_bucket_simple_split() and apr_bucket_simple_copy() are now exported functions, which could be helpful in implementing external bucket types. [Cliff Woolley] *) The third parameter to apr_bucket_shared_make() is now 'apr_off_t length' rather than 'apr_off_t end', since the end usually had to be computed by the caller and all we really want is the length anyway. [Cliff Woolley]