You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by tr...@apache.org on 2011/05/21 01:11:40 UTC
svn commit: r318 - in /release/apr: Announcement1.x.html Announcement1.x.txt CHANGES-APR-1.4 CHANGES-APR-UTIL-1.3 HEADER.html README.html

Author: trawick
Date: Fri May 20 23:11:38 2011
New Revision: 318

Log:
updates to mirrored docs for apr 1.4.5 and apr-util 1.3.12

Also: Remove mention of apr-1.3.12

Modified:
    release/apr/Announcement1.x.html
    release/apr/Announcement1.x.txt
    release/apr/CHANGES-APR-1.4
    release/apr/CHANGES-APR-UTIL-1.3
    release/apr/HEADER.html
    release/apr/README.html

Modified: release/apr/Announcement1.x.html
==============================================================================
--- release/apr/Announcement1.x.html (original)
+++ release/apr/Announcement1.x.html Fri May 20 23:11:38 2011
@@ -3,41 +3,45 @@
  <head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
        <meta name="author" content="APR" /><meta name="email" content="dev@apr.apache.org" />
-    <title>Apache Portable Runtime 1.4.4 and Apache Portable Runtime Utility 1.3.11 Released</title>
+    <title>Apache Portable Runtime 1.4.5 and Apache Portable Runtime Utility 1.3.12 Released</title>
  </head>
  <body bgcolor="#ffffff" text="#000000" link="#525D76">
 <p><a href="http://apr.apache.org/"><img src="http://apr.apache.org/images/apr_logo_wide.png" alt="The Apache Portable Runtime Project" border="0"/></a></p>
 
 <h1>
-   Apache Portable Runtime 1.4.4 and
-   Apache Portable Runtime Utility 1.3.11 Released
+   Apache Portable Runtime 1.4.5 and
+   Apache Portable Runtime Utility 1.3.12 Released
 </h1>
 
 <p>
-  The Apache Software Foundation and the Apache Portable Runtime
+   The Apache Software Foundation and the Apache Portable Runtime
    Project are proud to announce the General Availability of version
-   1.4.4 of the APR Apache Portable Runtime library, and version
-   1.3.11 of the APR Apache Portable Runtime Utility library.
+   1.4.5 of the APR Apache Portable Runtime library, and version
+   1.3.12 of the APR Apache Portable Runtime Utility library.
    These are bug fix releases.  Users of previous versions are
-   encouraged to update to these releases.
+   cautioned to update to these releases.
 </p>
 
 <p>
-   Note especially a security fix to APR 1.4.4, excessive CPU 
-   consumption was possible due to an unconstrained, recursive
-   invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
+   APR 1.4.5 contains a fix for a vulnerability affecting some 
+   applications which use the apr_fnmatch() API which could result 
+   in excessive CPU consumption.
 </p>
 
 <ul><li>
-     Security: CVE-2011-0419 (http://cve.mitre.org)<br />
-     Reimplement apr_fnmatch() from scratch using a non-recursive
-     algorithm; now has improved compliance with the fnmatch() spec.
-     [William Rowe]
+     Security: CVE-2011-1928<BR>
+     apr_fnmatch(): Fix high CPU loop.  [William Rowe]
 </li></ul>
-     
+
+<p>
+   APR 1.4.5 also contains a correction to a regression in APR 1.4.4
+   affecting APR applications on Windows.
+</p>
+
 <p>
-   The APR Project thanks Maksymilian Arciemowicz of SecurityReason
-   for his research and reporting of this issue.
+   APR-Util 1.3.12 contains a correction to a regression in APR-Util
+   1.3.11 affecting some applications which use the APR-Util LDAP
+   APIs, such as Apache HTTP Server 2.3.x.
 </p>
 
 <p>

Modified: release/apr/Announcement1.x.txt
==============================================================================
--- release/apr/Announcement1.x.txt (original)
+++ release/apr/Announcement1.x.txt Fri May 20 23:11:38 2011
@@ -1,24 +1,26 @@
-   Apache Portable Runtime 1.4.4 and
-   Apache Portable Runtime Utility 1.3.11 Released
+   Apache Portable Runtime 1.4.5 and
+   Apache Portable Runtime Utility 1.3.12 Released
  
    The Apache Software Foundation and the Apache Portable Runtime
    Project are proud to announce the General Availability of version
-   1.4.4 of the APR Apache Portable Runtime library, and version
-   1.3.11 of the APR Apache Portable Runtime Utility library.
+   1.4.5 of the APR Apache Portable Runtime library, and version
+   1.3.12 of the APR Apache Portable Runtime Utility library.
    These are bug fix releases.  Users of previous versions are
-   encouraged to update to these releases.
+   cautioned to update to these releases.
 
-   Note especially a security fix to APR 1.4.4, excessive CPU 
-   consumption was possible due to an unconstrained, recursive
-   invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
-
-   * Security: CVE-2011-0419 (http://cve.mitre.org)
-     Reimplement apr_fnmatch() from scratch using a non-recursive
-     algorithm; now has improved compliance with the fnmatch() spec.
-     [William Rowe]
-     
-   The APR Project thanks Maksymilian Arciemowicz of SecurityReason
-   for his research and reporting of this issue.
+   APR 1.4.5 contains a fix for a vulnerability affecting some 
+   applications which use the apr_fnmatch() API which could result 
+   in excessive CPU consumption.
+
+     Security: CVE-2011-1928
+     apr_fnmatch(): Fix high CPU loop.  [William Rowe]
+
+   APR 1.4.5 also contains a correction to a regression in APR 1.4.4
+   affecting APR applications on Windows.
+
+   APR-Util 1.3.12 contains a correction to a regression in APR-Util
+   1.3.11 affecting some applications which use the APR-Util LDAP
+   APIs, such as Apache HTTP Server 2.3.x.
 
    (See CHANGES-APR-1.4 and CHANGES-APR-UTIL-1.3 for more information.)
 

Modified: release/apr/CHANGES-APR-1.4
==============================================================================
--- release/apr/CHANGES-APR-1.4 (original)
+++ release/apr/CHANGES-APR-1.4 Fri May 20 23:11:38 2011
@@ -1,4 +1,11 @@
-ï»¿                                                     -*- coding: utf-8 -*-
+                                                     -*- coding: utf-8 -*-
+Changes for APR 1.4.5
+
+  *) Security: CVE-2011-1928
+     apr_fnmatch(): Fix high CPU loop.  [William Rowe]
+
+  *) Fix top_builddir in installed apr_rules.mk.  [Bojan Smojver]
+
 Changes for APR 1.4.4
 
   *) Windows: Fix command-line builds.  [William Rowe]

Modified: release/apr/CHANGES-APR-UTIL-1.3
==============================================================================
--- release/apr/CHANGES-APR-UTIL-1.3 (original)
+++ release/apr/CHANGES-APR-UTIL-1.3 Fri May 20 23:11:38 2011
@@ -1,4 +1,9 @@
                                                      -*- coding: utf-8 -*-
+Changes with APR-util 1.3.12
+
+  *) apr_ldap: Fix crash because of NULL cleanup registered by
+     apr_ldap_rebind_init().  [Rainer Jung]
+
 Changes with APR-util 1.3.11
 
   *) apr_dbd_oracle: fix endianness issue in prepared statements.

Modified: release/apr/HEADER.html
==============================================================================
--- release/apr/HEADER.html (original)
+++ release/apr/HEADER.html Fri May 20 23:11:38 2011
@@ -11,10 +11,9 @@
 
 <ul>
 <li><a href="#mirrors">Download from your nearest mirror site!</a></li>
-<li><a href="#apr">APR 1.4.4 is the latest available version</a></li>
-<li><a href="#aprutil">APR-util 1.3.11 is the latest available version</a></li>
+<li><a href="#apr">APR 1.4.5 is the latest available version</a></li>
+<li><a href="#aprutil">APR-util 1.3.12 is the latest available version</a></li>
 <li><a href="#apriconv">APR-iconv 1.2.1 is the latest available version</a></li>
-<li><a href="#apr">APR 1.3.12 is also available</a></li>
 <li><a href="#apr09">APR 0.9.19 is also available</a></li>
 <li><a href="#aprutil09">APR-util 0.9.19 is also available</a></li>
 <li><a href="#apriconv09">APR-iconv 0.9.7 is also available</a></li>

Modified: release/apr/README.html
==============================================================================
--- release/apr/README.html (original)
+++ release/apr/README.html Fri May 20 23:11:38 2011
@@ -8,20 +8,32 @@
       here to find your nearest mirror.</a>
 </p>
 
-<h2><a name="apr">APR 1.4.4 is the latest available version</a></h2>
+<h2><a name="apr">APR 1.4.5 is the latest available version</a></h2>
 
 <p>
-    APR 1.4.4 has been released, and should be considered
+    APR 1.4.5 has been released, and should be considered
     "general availability".
 </p>
 
-<h2><a name="aprutil">APR-util 1.3.11 is the latest available version</a></h2>
+<p>
+    APR 1.4.5 corrected a vulnerability affecting some applications.
+    Users of all previous releases are cautioned to upgrade to the
+    latest version.
+</p>
+
+<h2><a name="aprutil">APR-util 1.3.12 is the latest available version</a></h2>
 
 <p>
-    APR-util 1.3.11 has been released, and should be considered 
+    APR-util 1.3.12 has been released, and should be considered 
     "general availability".
 </p>
 
+<p>
+    APR-util 1.3.10 and earlier versions had vulnerabilites affecting
+    some applications.  Users of 1.3.10 and previous versions are 
+    cautioned to upgrade to the latest version.
+<p>
+
 <h2><a name="apriconv">APR-iconv 1.2.1 is the latest available version</a></h2>
 
 <p>
@@ -29,12 +41,6 @@
     "general availability".
 </p>
 
-<h2><a name="apr13">APR 1.3.12 is also available</a></h2>
-
-<p>
-    APR 1.3.12 has also been released.  This is a bug-fix release for
-    the 1.3.x series.
-</p>
 <h2><a name="apr09">APR 0.9.19 is also available</a></h2>
 
 <p>