| 3 | | 4e9769f3349fe11fc0a5e1b224c236aa *apr-1.5.2.tar.bz2 |
| | 3 | [https://www.apache.org/dist/apr/apr-1.5.2.tar.bz2.asc] |
| | 4 | |
| | 5 | [https://www.apache.org/dist/apr/apr-1.5.2.tar.bz2.md5] |
| | 6 | |
| | 7 | 4e9769f3349fe11fc0a5e1b224c236aa |
| | 8 | |
| | 9 | [https://archive.apache.org/dist/apr/CHANGES-APR-1.5] |
| | 10 | |
| | 11 | {{{ |
| | 12 | Changes for APR 1.5.2 |
| | 13 | *) SECURITY: CVE-2015-1829 (cve.mitre.org) |
| | 14 | APR applications using APR named pipe support on Windows can be |
| | 15 | vulnerable to a pipe squatting attack from a local process; the extent |
| | 16 | of the vulnerability, when present, depends on the application. |
| | 17 | Initial analysis and report was provided by John Hernandez of Casaba |
| | 18 | Security via HP SSRT Security Alert. [Yann Ylavic] |
| | 19 | *) Potential Windows build consideration: The increased use of |
| | 20 | UuidCreate() in APR may introduce a link error for applications |
| | 21 | which link with apr-1.lib. Include the Windows library rpcrt4 if |
| | 22 | linking fails with an unresolved reference to UuidCreate(). |
| | 23 | *) apr_atomic: Fix errors when building on Visual Studio 2013 while |
| | 24 | maintaining the ability to build on Visual Studio 6 with Windows |
| | 25 | Server 2003 R2 SDK. PR 57191. [Gregg Smith] |
| | 26 | *) Switch to generic atomics for early/unpatched Solaris 10 not exporting |
| | 27 | some atomic functions. PR 55418. [Yann Ylavic] |
| | 28 | *) apr_file_mktemp() on HP-UX: Remove limitation of 26 temporary files |
| | 29 | per process. PR 57677. [Jeff Trawick] |
| | 30 | *) apr_escape: Correctly calculate the size of the returned string in |
| | 31 | apr_escape_path and set the correct return value in case we actually |
| | 32 | escape the string. [<aduryagin gmail.com>] PR 57230. |
| | 33 | *) pollcb on Windows: Handle calls with no file/socket descriptors. |
| | 34 | Follow up to PR 49882. [Jeff Trawick, Yann Ylavic] |
| | 35 | *) apr_poll(cb): fix error paths returned values and leaks. [Yann Ylavic] |
| | 36 | *) apr_thread_cond_*wait() on BeOS: Fix broken logic. PR 45800. |
| | 37 | [Jochen Voss (no e-mail)] |
| | 38 | *) apr_skiplist: Optimize the number of allocations by reusing pooled or |
| | 39 | malloc()ed nodes for the lifetime of the skiplist. [Yann Ylavic] |
| | 40 | *) apr_skiplist: Fix possible multiple-free() on the same value in |
| | 41 | apr_skiplist_remove_all(). [Yann Ylavic] |
| | 42 | *) apr_pollset: On z/OS, threadsafe apr_pollset_poll() may return |
| | 43 | "EDC8102I Operation would block" under load. |
| | 44 | [Pat Odonnell <patod us.ibm.com>] |
| | 45 | *) On z/OS, apr_sockaddr_info_get() with family == APR_UNSPEC was not |
| | 46 | returning IPv4 addresses if any IPv6 addresses were returned. |
| | 47 | [Eric Covener] |
| | 48 | *) Windows cmake build: Fix an incompatibility with cmake 2.8.12 and |
| | 49 | later. [Jeff Trawick] |
| | 50 | *) apr_global_mutex/apr_proc_mutex: Resolve failures with the |
| | 51 | POSIX sem implementation in environments which receive signals. |
| | 52 | [Jeff Trawick] |
| | 53 | *) apr_skiplist: Fix potential corruption of skiplists leading to |
| | 54 | results or crashes. [Takashi Sato <takashi tks st>, Eric Covener] |
| | 55 | PR 56654. |
| | 56 | *) Improve platform detection by updating config.guess and config.sub. |
| | 57 | [Rainer Jung] |
| | 58 | }}} |
