From e8ec7aa8e38a93f5b034ac74cebce5de23710317 Mon Sep 17 00:00:00 2001 From: hongbotian Date: Mon, 30 Nov 2015 01:45:08 -0500 Subject: upload http JIRA: BOTTLENECK-10 Change-Id: I7598427ff904df438ce77c2819ee48ac75ffa8da Signed-off-by: hongbotian --- rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES | 597 ++++++++++++++++++++++++ 1 file changed, 597 insertions(+) create mode 100644 rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES (limited to 'rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES') diff --git a/rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES b/rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES new file mode 100644 index 00000000..94e28427 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/srclib/apr-util/CHANGES @@ -0,0 +1,597 @@ + -*- coding: utf-8 -*- +Changes with APR-util 0.9.19 + + *) Resolve build failure using bundled expat on some platforms. + [Rainer Jung] + +Changes with APR-util 0.9.18 + + *) SECURITY: CVE-2010-1623 (cve.mitre.org) + Fix a denial of service attack against apr_brigade_split_line(). + [Stefan Fritsch] + + *) SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) + Fix two buffer over-read flaws in the bundled copy of expat which + could cause applications to crash while parsing specially-crafted + XML documents. [Joe Orton, Rainer Jung] + + *) SECURITY: CVE-2009-2412 (cve.mitre.org) + Fix overflow in rmm, where size alignment was taking place. + [Matt Lewis , Sander Striker] + + *) Upgrade bundled copy of expat library to 1.95.7. + [Joe Orton, Rainer Jung] + + *) Make bundled expat compatible with libtool 2.x. + This only affects the release process. [Rainer Jung] + + *) Prefer libtool 1.x when searching for libtool in + bundled expat release process. [Rainer Jung, Jim Jagielski] + + *) Improve platform detection for bundled expat by updating + config.guess and config.sub. [Rainer Jung] + + *) Add support for Berkeley DB 4.6 to 4.8. + [Arfrever Frehtes Taifersar Arahesis , + Rainer Jung] + +Changes with APR-util 0.9.17 + + *) SECURITY: CVE-2009-1955 (cve.mitre.org) + Fix a denial of service attack against the apr_xml_* interface + using the "billion laughs" entity expansion technique. + [Joe Orton] + +Changes with APR-util 0.9.16 + + *) SECURITY: CVE-2009-0023 (cve.mitre.org) + Fix underflow in apr_strmatch_precompile. + [Matthew Palmer ] + + *) SECURITY: CVE-2009-1956 (cve.mitre.org) + Fix off by one overflow in apr_brigade_vprintf. + [C. Michael Pilato ] + + *) Better error detection for bucket allocation failures. + [Jim Jagielski] + +Changes with APR-util 0.9.15 + + *) Test improvements to validate testmd4 and testdbm, unattended. + [Bojan Smojver] + +Changes with APR-util 0.9.14 + + *) Fix handling of attribute namespaces in apr_xml_to_text() when + a namespace map is provided. PR 41908. [Joe Orton] + +Changes with APR-util 0.9.13 + + *) Add support for Berkeley DB 4.5 to the configure scripts. + [Garrett Rooney] + + *) Allow apr_queue.h to be included before other APR headers. + PR 40891 [Henry Jen ] + + *) Provide folding in autogenerated .manifest files for Win32 builders + using VisualStudio 2005 [William Rowe] + + *) Fix incorrect byte order (PR 37342) and incorrect timestamp type + in the fallback UUID generator used when no external UUID generator + is detected by APR. + [Max Bowsher] + +Changes with APR-util 0.9.12 + + *) Win32 / Netware - add missing apu_version.c for apu_version_string() + to the Windows and Netware specific builds. Unix platforms supported + this API since 0.9.1. [William Rowe, Brad Nicholes]. + +Changes with APR-util 0.9.11 + + *) Sync get-version.sh from apr source at ./buildconf time, to correctly + retrieve 2 digit subversion, which broke the 0.9.10 candidate, and + keep any other updates in sync going forwards. [William Rowe] + + *) Port apr tree change for 'make check' test/ binaries on Darwin to + avoid -no-install which can break the tests. [William Rowe, Joe Orton] + +Changes with APR-util 0.9.10 + + *) Minor build and runtime fixes. + +Changes with APR-util 0.9.9 + + *) Unix: No longer require an APR source directory to be available at + ./configure time, by making use of mkdir.sh, make_exports.awk, + make_var_export.awk installed to the installbuilddir by APR >= 0.9.9. + [Max Bowsher] + + *) Stop trying to link against Berkeley DB by default. To enable use + of Berkeley DB users must now explicitly pass --with-berkeley-db to + configure, since Berkeley DB is released under a viral license that + requires distribution of source code for any program that uses it. + [Garrett Rooney] + + *) Stop trying to link against GDBM by default. To enable use of GDBM + users must now explicitly pass --with-gdbm to configure, since GDBM + is licensed under the GPL. + [Garrett Rooney] + + *) Fix VPATH builds, and symlink builds where apr and apr-util + reside in parallel as symlinks to directories with more explicit + names, e.g. apr-1.x and apr-util-1.x. This solves various breakage + on Solaris in particular with ./buildconf and ./configure. + [William Rowe] + + *) Add support for Berkeley DB 4.4 to the configure scripts. + [Garrett Rooney] + +Changes with APR-util 0.9.7 + + *) Fix apr_rmm_realloc() offset calculation bug. [Keith Kelleman + ] + + *) Fix handling of a premature EOF with the FILE bucket; a new bucket + is not inserted for each attempt to read past EOF. PR 34708. + [Jeff Trawick, Joe Orton] + + *) Fix build failure with non-threaded APR on AIX. PR 34655. + [Ryan Murray ] + + *) Backport the apr_reslist_timeout_set and apr_reslist_invalidate + functions already in APR 1.0.x. [Paul Querna] + + *) Fix linking problem on cygwin. [Max Bowsher ] + +Changes with APR-util 0.9.6 + + *) Fix the detection of ldap.h on Solaris - it needs lber.h to be + defined first. [Graham Leggett] + + *) Add an RPM spec file. [Graham Leggett] + + *) Add a build script to create a solaris package. [Graham Leggett] + + *) Add support for Berkeley DB 4.3. [Jani Averbach ] + +Changes with APR-util 0.9.5 + + *) Guarantee and require default address alignment for block offsets + within segments in the apr_rmm interface. PR 29873. [Joe Orton] + + *) SECURITY: CAN-2004-0786 (cve.mitre.org) + Fix input validation in apr_uri_parse() to avoid passing negative + length to memcpy for malformed IPv6 literal addresses. + [Joe Orton] + + *) Fix build issues in paths containing symlinks. PR 8867. + [Joe Orton] + + *) Fix corrupt output from the apr_xlate_* interfaces on AIX 4.x. + [Joe Orton] + + *) Change the order in which ldap.h and lber.h are defined, to fix + a compile bug in Solaris v2.8 which requires lber.h then ldap.h. + PR 27379. [Andrew Connors ] + + *) Restore support for SHA1 passwords in apr_validate_password. + PR 17343. [Paul Querna ] + + *) Fix DESTDIR install for bundled expat library. PR 14076 + [David S. Madole ] + + *) Fix occasional crash in apr_rmm_realloc(). PR 22915. + [Jay Shrauner ] + + *) Fix apr_dbm_exists() for sdbm when sizeof(int) != sizeof(size_t). + [Joe Orton] + + *) The whole codebase was relicensed and is now available under + the Apache License, Version 2.0 (http://www.apache.org/licenses). + [Apache Software Foundation] + + *) Fix xlate.c compile failure on AIX 5.2. PR 25701. [Jeff Trawick] + + *) Fixed a bug in apr_rmm that would cause it to mishandle blocks of + a size close to the one requested from the allocator. + [Kevin Wang ] + +Changes with APR-util 0.9.4 + + *) Changed apr_bucket_alloc_create() so that it uses the allocator + from the pool that was passed in rather than creating its own. + Also, the bucket_allocator is now allocated from the apr_allocator_t + rather than using apr_palloc(). Added apr_bucket_alloc_create_ex() + which takes an apr_allocator_t* directly rather than an apr_pool_t*. + [Cliff Woolley, Jean-Jacques Clar] + + *) Added debugging consistency checks to the buckets code. Add + -DAPR_BUCKET_DEBUG to the build flags to enable. + [Cliff Woolley] + + *) Make the version of the db library APU built against visible. + [Thom May] + + *) Fix a problem with VPATH builds copying the APR rules.mk into the + source directory rather than the build directory. [Justin Erenkrantz] + + *) SECURITY [httpd incident CAN-2003-0189] Address a thread safety + issue with apr_password_validate() on AIX, Linux, Mac OS X, and + possibly other platforms. [Jeff Trawick, Justin Erenkrantz] + + *) Fix a problem with LDAP configuration which caused subsequent + configure tests to fail since LIBS contained LDAP libraries for + subsequent tests but LDFLAGS no longer included the path to such + LDAP libraries. [Jeff Trawick] + + *) Fix a problem preventing the use of the bundled Expat when APR-util + is built stand-alone. [Jeff Trawick] + + *) Use the same compiler and preprocessor for the APR-util config tests + which were used by APR. The user can override this via CC and CPP. + This was done all along for the actual build, but not necessarily + for the config tests. [Jeff Trawick] + + *) Fix apr_uuid_parse() on EBCDIC machines. [Jeff Trawick] + + *) Fix alignment problem when allocating memory using apr_rmm. The problem + showed up while trying to write a double in the memory allocated. + [Madhusudan Mathihalli] + +Changes with APR-util 0.9.3 + + *) Allow apr_date_parse_rfc to parse 'Sun, 06-Nov-1994 08:49:37 GMT' as a + valid date. [Dmitri Tikhonov ] + + *) Fix error in apu-config when symlinks are involved. + [Garrett Rooney ] + +Changes with APR-util 0.9.2 + + *) Fix the APR_BUCKET_IS_foo() macros so they parenthesize their parameter. + This fixes compile problems with some types of parameters. + [Jim Carlson ] + + *) Queue overwrite, we now return the item pushed, not a reference to it. + [Paul Marquis ] + + *) Remove include/apr_ldap.h on distclean. PR 15592. [Justin Erenkrantz] + + *) Fix race conditions in apr_queue. + [Jacob Lewallen ] + + *) Stop buildconf copying rules.mk, copy it at configure time. + [Thom May] + + *) Make buildconf copy rules.mk as well. + [Garrett Rooney ] + + *) Add --includedir flag to apu-config. [Justin Erenkrantz] + + *) Fix brokenness in sdbm when sizeof(int) != sizeof(size_t) + (e.g., 64-bit AIX, 64-bit Solaris). PR 14861. [Jeff Trawick] + + *) Have buildconf copy required files from apr so that apr-util can build + on its own. [Craig Rodrigues ] + + *) Detect OpenLDAP when used with Solaris 9. PR 13427. + [Gary Algier ] + + *) Detect Berkeley DB 4.1 when compiled with --with-uniquenames + [Thom May] + + *) Allow apu-config to work in symlinked install directories when + 'realpath' is available. [Justin Erenkrantz] + + *) Fix bug in apr_strmatch when used with case-insensitive patterns. + [Justin Erenkrantz] + + *) Allow apr_queue to have greater than int number of elements. + [Justin Erenkrantz] + + *) Detect Berkeley DB 4.0 compiled with --with-uniquenames. + [Philip Martin ] + + *) Allocate brigades from a bucket allocator rather than a pool. [Brian Pane] + + *) Update with the latest APR renames [Thom May] + + *) Update doxygen tags. [Justin Erenkrantz] + + *) Add apr_ldap.hw for Windows build. + [Andre Schild ] + + *) Add IPv6 literal address support to apr_uri_parse(), apr_uri_unparse(), + and apr_uri_parse_hostinfo(). PR 11887 [Jeff Trawick] + + *) Add apr_brigade_writev() [Brian Pane] + + *) Add support for Berkeley DB 4.1. [Justin Erenkrantz] + + *) Add --bindir option to apu-config. [Justin Erenkrantz] + +Changes with APR-util 0.9.1 + + *) Add versioning infrastructure. + [Justin Erenkrantz] + + *) Running "make check" in the toplevel directory or the test/ directory + will build and run all test programs. [Aaron Bannert] + + *) Bug #9789 : NDBM support + [Toomas Soome , Ian Holsman] + + *) Added a Thread safe FIFO bounded buffer (apr_queue) [Ian Holsman] + + *) Changed file_bucket_setaside() to use apr_file_setaside() instead + of turning the file bucket into an mmap bucket. [Brian Pane] + + *) Install libaprutil support libraries before installing libaprutil + itself, since on some platforms libaprutil is relinked during + make install and the support libraries need to exist already. + [Jeff Trawick] + + *) Added a Resource List API for threadsafe access to persistent + and dynamically created user-defined resources. [Aaron Bannert] + + *) Adopted apr-util/xlate from apr/i18n for inclusion of apr-iconv + as required by missing libiconv. [William Rowe] + + *) Adopted apr-util/crypto/ uuid and md5 from apr. [William Rowe] + + *) Look for expat in lib64 directories. [Peter Poeml ] + + *) Faster implementation of apr_brigade_puts() [Brian Pane] + + *) Fixed a segfault in apr_date_parse_rfc() for some date formats + where it was trying to overlay a potentially static input + string even though it didn't really need to. + [Cliff Woolley, Doug MacEachern] + + *) Ensure that apu-config does not print libtool libraries when + using --libs. [Justin Erenkrantz] + + *) Added apr_bucket_file_enable_mmap() function to the bucket + API to let an application control whether a file bucket may + be turned into an mmap bucket upon read. (The default remains + to do the mmap, but this function lets the app prevent the + mmap in contexts where mmap would be a bad idea. Examples + include multiprocessors where mmap doesn't scale well and + NFS-mounted filesystems where a bus error can result if + a memory-mapped file is removed or truncated.) [Brian Pane] + + *) Added string-matching API (apr_strmatch.h) [Brian Pane] + + *) Rearrange INCLUDES so that APRUTIL_PRIV_INCLUDES is always + first. [Garrett Rooney ] + + *) Add --old-expat option to apu-config to allow users of apr-util to + determine what expat it should expect to be installed. If the + flag is set to yes, it should include xmlparse.h. If it is set to + no, it should include expat.h. [Justin Erenkrantz] + + *) Fix exporting of includes in apu-config. [Justin Erenkrantz] + + *) Change bucket brigades API to allow a "bucket allocator" to be + passed in at certain points. This allows us to implement freelists + so that we can stop using malloc/free so frequently. + [Cliff Woolley, Brian Pane] + + *) add apr_rmm_realloc() function + [Madhusudan Mathihalli ] + + *) renames: apr_ansi_time_to_apr_time becomes apr_time_ansi_put + ap_exploded_time_t becomes apr_time_exp_t + [Thom May ] + + *) Add detection support for FreeBSD's expat and expat2 ports. + [Justin Erenkrantz] + + *) Deprecate check_brigade_flush(), which had several nasty bugs, and + which was causing apr_brigade_write()'s logic to be less than obvious. + Everything is now done in a slightly rearranged apr_brigade_write(). + [Cliff Woolley] + + *) Don't add /usr/include to the INCLUDES variable on expat's account. + [Joe Orton ] + + *) Remove the autoconf 2.5x cache directory in buildconf. + [Joe Orton ] + + *) BerkleyDB should NULL out the key if it is @EOF in vt_db_nextkey + [Ian Holsman] + + *) Add ability to natively fetch and split brigades based on LF lines. + [Justin Erenkrantz] + + *) add --with-berkeley-db=DIR & --with-gdbm configure flags + [Ian Holsman/Justin Erenkrantz] + + *) Fix expat detection to recognize installed versions. + [Eric Gillespie, Jr. ] + + *) Add find_apu.m4 to allow third-party programs that use APR-util + to have a standard m4 macro for detection. [Justin Erenkrantz] + + *) Add apu-config - a shell script to allow third-party programs + easy access to APR configuration parameters. [Justin Erenkrantz] + + *) Add GMT offset calculation to apr_date_parse_rfc(). + [Justin Erenkrantz] + + *) Introduce the apr_rmm api, to allow relocatable memory management + of address-independent data stores, such as shared memory. + [William Rowe] + + *) Rework and fix VPATH-build support. [Justin Erenkrantz] + + *) Add support for Berkeley DB4. [Justin Erenkrantz] + + *) Improve testdbm help. [Justin Erenkrantz] + + *) Improve autoconf detection of DBMs. [Justin Erenkrantz] + + *) BerkeleyDBM v2 now checks minor level for cursor ops [Ian Holsman] + + *) Reading a file bucket bigger than APR_MMAP_LIMIT (4MB) now yields + a string of 4MB mmap buckets, rather than a string of 8KB heap buckets + plus a 4MB mmap bucket. To accomodate this, the mmap bucket destroy + function explicitly deletes the apr_mmap_t after last reference + to avoid having too much of a large file mapped at once if possible. + [Cliff Woolley] + + *) Multi-DBM support (via apr_dbm_open_ex). [Ian Holsman] + + *) Use apr_mmap_dup in mmap_setaside(). [Brian Pane ] + + *) Dropped the "w" parameter from apr_bucket_heap_create() and + apr_bucket_heap_make(). That parameter was originally intended + to return the amount of data copied into the bucket, but it + ended up being unnecessary because that amount is invariant from + the size of the data and is available as b->length in the + resulting bucket anyway. [Cliff Woolley] + + *) Fix Makefile conversion for BSD/OS. [Cliff Woolley] + + *) Use APR_XtOffsetOf instead of offsetof() in the ring macros for + portability. [Cliff Woolley] + + *) We now create exports.c and export_vars.h, which in turn create + exports.c. From this we generate two more files with different + purposes: aprutil.exp - list of exported symbols; and exports.lo + (exports.o) - an object file that can be linked with an executable + to force resolution of all apr-util symbols. [Aaron Bannert] + + *) Fix Berkley DBM support [Ian Holsman ] + + *) Fix apr_brigade_vprintf so that it can handle more than + 4k of data at one time. [Cody Sherr ] + + *) prefix UNP_* flags with APR_URI_ + + rename: + apr_uri_components -> apr_uri_t + apr_uri_unparse_components -> apr_uri_unparse + apr_uri_parse_components -> apr_uri_parse + apr_uri_parse_hostinfo_components -> apr_uri_parse_hostinfo + + s/APU_URI_/APR_URI_/g + [Perl] + + *) Landed the link-to-LDAP to the build process, and the LDAP v2/v3 + compatibility functions. + [Dave Carrigan , Graham Leggett] + + *) Fix URI unparse function to handle the case where it would place a @ + when both the username and password were present but omitted. + [Jon Travis ] + + *) Extend apr_bucket struct to add a pointer to a function used + to free the bucket. This change enables custom buckets to + completely specify how they are to be allocated and freed. + Before this change, custom buckets were required to use the + same memory allocation scheme as the standard APR buckets. + [Saeid Sakhitab, Bill Stoddard, Cliff Woolley, Roy Fielding] + + *) Install Expat when installing APR-util. [Justin Erenkrantz] + + *) Make APR-util configure script rely on APR. This removes the locally + generated copy of libtool and uses the one in APR. Fix up how we + call the expat configure script. Generate config.nice file. + [Justin Erenkrantz] + + *) The apr_bucket lengths are now consistently apr_size_t, while any + apr_brigade lengths (short of a read) are consistently apr_off_t. + This is required for APR_HAS_LARGE_FILES handling. [William Rowe] + + *) apr_bucket_file_create() and apr_bucket_file_make() now take a pool + parameter which is the pool into which any needed data structures + should be created during file_read(). This is used for MMAPing the + file and reopening the file if the original apr_file_t is in XTHREAD + mode. [Cliff Woolley] + + *) apr_brigade_partition() now returns an apr_status_t. [Cliff Woolley] + + *) Add MD4 implementation in crypto. [Sander Striker, Justin Erenkrantz] + + *) Moved httpd 2.0.18's util_date to apr_date and enhanced its parsing + capabilities. [Justin Erenkrantz] + + *) Moved httpd 2.0.18's util_uri to apr_uri and name-protected its + symbols and functions. [Justin Erenkrantz, Roy Fielding] + + *) Rename field "private" in struct apr_xml_elem to "priv" for C++ + compatibility. PR #7727 [Joshua MacDonald ] + + *) Make APR_IMPLEMENT_EXTERNAL_HOOK_BASE generate a + ${namespace}_hook_get_${hookname} function to fetch the + list of registered hooks [Doug MacEachern] + + *) Allow LTFLAGS to be overridden by the configure command-line + (default="--silent") and introduce LT_LDFLAGS. [Roy Fielding] + + *) Add APR_SHARELOCK support to apr_sdbm_open(), locking read operations + with a shared lock and all write ops with an excl lock. [Will Rowe] + + *) Namespace protect apr_sdbm, and normalize the return values (including + the apr_sdbm_fetch, apr_sdbm_firstkey and apr_sdbm_nextkey functions). + Normalized the get/clear error function names, and stores the actual + apr error for apr_sdbm_error_get. [Will Rowe] + + *) Introduce an apr_fileperms_t argument to apr_dbm_open(). [Will Rowe] + + *) Removed apr_bucket_do_create() macro, which was causing warnings + about unreachable code in some compilers (notably MSVC). What + used to be done by this macro is now done inline in the various + apr_bucket_foo_create() functions. [Cliff Woolley] + + *) Make clean, distclean, and extraclean consistently according to the + Gnu makefile guidelines. [Justin Erenkrantz ] + + *) Migrate the --disable-libtool changes from APR to APR-util. + This cleans things up, and allows more flexibility when building + programs. [Ryan Bloom] + + *) Allow APR-util to be compiled without libtool. The default is + to use libtool, but it can turned off with --disable-libtool + on the configure command. [Ryan Bloom] + + *) Repair calling convention for apr_register_optional_fn to + eliminate GP fault on Win32. [William Rowe] + + *) Substantial changes to correct linkage and declarations for + generic hooks on dso architectures. [Ben Laurie, Will Rowe] + + *) apr_bucket_shared_destroy() now returns a boolean value. + [Cliff Woolley] + + *) We have to initialize the heap buckets to the correct length. + we were seeing heap buckets with 17 chars in them reporting + a length of 9017, because they were initialized to the amount + of memory allocated, instead of the amount of memory used. + This was only an issue for heap buckets created by the + apr_brigade_* functions. [Ryan Bloom] + + *) apr_bucket_init_types() and apr_bucket_insert_type() have been + removed... they're not needed anymore. [Cliff Woolley] + + *) The apr_bucket_shared and apr_bucket_simple structures have been + removed as an API simplification/optimization. This should be + transparent outside APR-util except to callers who attempt to + directly manipulate the buckets' internal structure (which is + not recommended anyway) and to callers who create their own + bucket types. [Cliff Woolley] + + *) apr_bucket_simple_split() and apr_bucket_simple_copy() are now + exported functions, which could be helpful in implementing + external bucket types. [Cliff Woolley] + + *) The third parameter to apr_bucket_shared_make() is now + 'apr_off_t length' rather than 'apr_off_t end', since the + end usually had to be computed by the caller and all we + really want is the length anyway. [Cliff Woolley] + -- cgit 1.2.3-korg