Changes between Initial Version and Version 2 of Ticket #6445


Ignore:
Timestamp:
04/30/2015 03:53:57 PM (7 years ago)
Author:
Fernando de Oliveira
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #6445

    • Property Owner changed from blfs-book@… to Fernando de Oliveira
    • Property Status newassigned
  • Ticket #6445 – Description

    initial v2  
    11[https://archive.apache.org/dist/apr/apr-1.5.2.tar.bz2]
    22
    3 4e9769f3349fe11fc0a5e1b224c236aa *apr-1.5.2.tar.bz2
     3[https://www.apache.org/dist/apr/apr-1.5.2.tar.bz2.asc]
     4
     5[https://www.apache.org/dist/apr/apr-1.5.2.tar.bz2.md5]
     6
     74e9769f3349fe11fc0a5e1b224c236aa
     8
     9[https://archive.apache.org/dist/apr/CHANGES-APR-1.5]
     10
     11{{{
     12Changes for APR 1.5.2
     13  *) SECURITY: CVE-2015-1829 (cve.mitre.org)
     14     APR applications using APR named pipe support on Windows can be
     15     vulnerable to a pipe squatting attack from a local process; the extent
     16     of the vulnerability, when present, depends on the application.
     17     Initial analysis and report was provided by John Hernandez of Casaba
     18     Security via HP SSRT Security Alert.  [Yann Ylavic]
     19  *) Potential Windows build consideration: The increased use of
     20     UuidCreate() in APR may introduce a link error for applications
     21     which link with apr-1.lib.  Include the Windows library rpcrt4 if
     22     linking fails with an unresolved reference to UuidCreate().
     23  *) apr_atomic: Fix errors when building on Visual Studio 2013 while
     24     maintaining the ability to build on Visual Studio 6 with Windows
     25     Server 2003 R2 SDK. PR 57191. [Gregg Smith]
     26  *) Switch to generic atomics for early/unpatched Solaris 10 not exporting
     27     some atomic functions.  PR 55418.  [Yann Ylavic]
     28  *) apr_file_mktemp() on HP-UX: Remove limitation of 26 temporary files
     29     per process.  PR 57677.  [Jeff Trawick]
     30  *) apr_escape: Correctly calculate the size of the returned string in
     31     apr_escape_path and set the correct return value in case we actually
     32     escape the string. [<aduryagin gmail.com>] PR 57230.
     33  *) pollcb on Windows: Handle calls with no file/socket descriptors.
     34     Follow up to PR 49882. [Jeff Trawick, Yann Ylavic]
     35  *) apr_poll(cb): fix error paths returned values and leaks.  [Yann Ylavic]
     36  *) apr_thread_cond_*wait() on BeOS: Fix broken logic.  PR 45800.
     37     [Jochen Voss (no e-mail)]
     38  *) apr_skiplist: Optimize the number of allocations by reusing pooled or
     39     malloc()ed nodes for the lifetime of the skiplist.  [Yann Ylavic]
     40  *) apr_skiplist: Fix possible multiple-free() on the same value in
     41     apr_skiplist_remove_all().  [Yann Ylavic]
     42  *) apr_pollset: On z/OS, threadsafe apr_pollset_poll() may return
     43     "EDC8102I Operation would block" under load.
     44     [Pat Odonnell <patod us.ibm.com>]
     45  *) On z/OS, apr_sockaddr_info_get() with family == APR_UNSPEC was not
     46     returning IPv4 addresses if any IPv6 addresses were returned.
     47     [Eric Covener]
     48  *) Windows cmake build: Fix an incompatibility with cmake 2.8.12 and
     49     later.  [Jeff Trawick]
     50  *) apr_global_mutex/apr_proc_mutex: Resolve failures with the
     51     POSIX sem implementation in environments which receive signals.
     52     [Jeff Trawick]
     53  *) apr_skiplist: Fix potential corruption of skiplists leading to
     54     results or crashes. [Takashi Sato <takashi tks st>, Eric Covener]
     55     PR 56654.
     56  *) Improve platform detection by updating config.guess and config.sub.
     57     [Rainer Jung]
     58}}}