You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by tr...@apache.org on 2011/05/21 01:11:40 UTC
svn commit: r318 - in /release/apr: Announcement1.x.html Announcement1.x.txt
CHANGES-APR-1.4 CHANGES-APR-UTIL-1.3 HEADER.html README.html
Author: trawick
Date: Fri May 20 23:11:38 2011
New Revision: 318
Log:
updates to mirrored docs for apr 1.4.5 and apr-util 1.3.12
Also: Remove mention of apr-1.3.12
Modified:
release/apr/Announcement1.x.html
release/apr/Announcement1.x.txt
release/apr/CHANGES-APR-1.4
release/apr/CHANGES-APR-UTIL-1.3
release/apr/HEADER.html
release/apr/README.html
Modified: release/apr/Announcement1.x.html
==============================================================================
--- release/apr/Announcement1.x.html (original)
+++ release/apr/Announcement1.x.html Fri May 20 23:11:38 2011
@@ -3,41 +3,45 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta name="author" content="APR" /><meta name="email" content="dev@apr.apache.org" />
- <title>Apache Portable Runtime 1.4.4 and Apache Portable Runtime Utility 1.3.11 Released</title>
+ <title>Apache Portable Runtime 1.4.5 and Apache Portable Runtime Utility 1.3.12 Released</title>
</head>
<body bgcolor="#ffffff" text="#000000" link="#525D76">
<p><a href="http://apr.apache.org/"><img src="http://apr.apache.org/images/apr_logo_wide.png" alt="The Apache Portable Runtime Project" border="0"/></a></p>
<h1>
- Apache Portable Runtime 1.4.4 and
- Apache Portable Runtime Utility 1.3.11 Released
+ Apache Portable Runtime 1.4.5 and
+ Apache Portable Runtime Utility 1.3.12 Released
</h1>
<p>
- The Apache Software Foundation and the Apache Portable Runtime
+ The Apache Software Foundation and the Apache Portable Runtime
Project are proud to announce the General Availability of version
- 1.4.4 of the APR Apache Portable Runtime library, and version
- 1.3.11 of the APR Apache Portable Runtime Utility library.
+ 1.4.5 of the APR Apache Portable Runtime library, and version
+ 1.3.12 of the APR Apache Portable Runtime Utility library.
These are bug fix releases. Users of previous versions are
- encouraged to update to these releases.
+ cautioned to update to these releases.
</p>
<p>
- Note especially a security fix to APR 1.4.4, excessive CPU
- consumption was possible due to an unconstrained, recursive
- invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
+ APR 1.4.5 contains a fix for a vulnerability affecting some
+ applications which use the apr_fnmatch() API which could result
+ in excessive CPU consumption.
</p>
<ul><li>
- Security: CVE-2011-0419 (http://cve.mitre.org)<br />
- Reimplement apr_fnmatch() from scratch using a non-recursive
- algorithm; now has improved compliance with the fnmatch() spec.
- [William Rowe]
+ Security: CVE-2011-1928<BR>
+ apr_fnmatch(): Fix high CPU loop. [William Rowe]
</li></ul>
-
+
+<p>
+ APR 1.4.5 also contains a correction to a regression in APR 1.4.4
+ affecting APR applications on Windows.
+</p>
+
<p>
- The APR Project thanks Maksymilian Arciemowicz of SecurityReason
- for his research and reporting of this issue.
+ APR-Util 1.3.12 contains a correction to a regression in APR-Util
+ 1.3.11 affecting some applications which use the APR-Util LDAP
+ APIs, such as Apache HTTP Server 2.3.x.
</p>
<p>
Modified: release/apr/Announcement1.x.txt
==============================================================================
--- release/apr/Announcement1.x.txt (original)
+++ release/apr/Announcement1.x.txt Fri May 20 23:11:38 2011
@@ -1,24 +1,26 @@
- Apache Portable Runtime 1.4.4 and
- Apache Portable Runtime Utility 1.3.11 Released
+ Apache Portable Runtime 1.4.5 and
+ Apache Portable Runtime Utility 1.3.12 Released
The Apache Software Foundation and the Apache Portable Runtime
Project are proud to announce the General Availability of version
- 1.4.4 of the APR Apache Portable Runtime library, and version
- 1.3.11 of the APR Apache Portable Runtime Utility library.
+ 1.4.5 of the APR Apache Portable Runtime library, and version
+ 1.3.12 of the APR Apache Portable Runtime Utility library.
These are bug fix releases. Users of previous versions are
- encouraged to update to these releases.
+ cautioned to update to these releases.
- Note especially a security fix to APR 1.4.4, excessive CPU
- consumption was possible due to an unconstrained, recursive
- invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
-
- * Security: CVE-2011-0419 (http://cve.mitre.org)
- Reimplement apr_fnmatch() from scratch using a non-recursive
- algorithm; now has improved compliance with the fnmatch() spec.
- [William Rowe]
-
- The APR Project thanks Maksymilian Arciemowicz of SecurityReason
- for his research and reporting of this issue.
+ APR 1.4.5 contains a fix for a vulnerability affecting some
+ applications which use the apr_fnmatch() API which could result
+ in excessive CPU consumption.
+
+ Security: CVE-2011-1928
+ apr_fnmatch(): Fix high CPU loop. [William Rowe]
+
+ APR 1.4.5 also contains a correction to a regression in APR 1.4.4
+ affecting APR applications on Windows.
+
+ APR-Util 1.3.12 contains a correction to a regression in APR-Util
+ 1.3.11 affecting some applications which use the APR-Util LDAP
+ APIs, such as Apache HTTP Server 2.3.x.
(See CHANGES-APR-1.4 and CHANGES-APR-UTIL-1.3 for more information.)
Modified: release/apr/CHANGES-APR-1.4
==============================================================================
--- release/apr/CHANGES-APR-1.4 (original)
+++ release/apr/CHANGES-APR-1.4 Fri May 20 23:11:38 2011
@@ -1,4 +1,11 @@
- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
+Changes for APR 1.4.5
+
+ *) Security: CVE-2011-1928
+ apr_fnmatch(): Fix high CPU loop. [William Rowe]
+
+ *) Fix top_builddir in installed apr_rules.mk. [Bojan Smojver]
+
Changes for APR 1.4.4
*) Windows: Fix command-line builds. [William Rowe]
Modified: release/apr/CHANGES-APR-UTIL-1.3
==============================================================================
--- release/apr/CHANGES-APR-UTIL-1.3 (original)
+++ release/apr/CHANGES-APR-UTIL-1.3 Fri May 20 23:11:38 2011
@@ -1,4 +1,9 @@
-*- coding: utf-8 -*-
+Changes with APR-util 1.3.12
+
+ *) apr_ldap: Fix crash because of NULL cleanup registered by
+ apr_ldap_rebind_init(). [Rainer Jung]
+
Changes with APR-util 1.3.11
*) apr_dbd_oracle: fix endianness issue in prepared statements.
Modified: release/apr/HEADER.html
==============================================================================
--- release/apr/HEADER.html (original)
+++ release/apr/HEADER.html Fri May 20 23:11:38 2011
@@ -11,10 +11,9 @@
<ul>
<li><a href="#mirrors">Download from your nearest mirror site!</a></li>
-<li><a href="#apr">APR 1.4.4 is the latest available version</a></li>
-<li><a href="#aprutil">APR-util 1.3.11 is the latest available version</a></li>
+<li><a href="#apr">APR 1.4.5 is the latest available version</a></li>
+<li><a href="#aprutil">APR-util 1.3.12 is the latest available version</a></li>
<li><a href="#apriconv">APR-iconv 1.2.1 is the latest available version</a></li>
-<li><a href="#apr">APR 1.3.12 is also available</a></li>
<li><a href="#apr09">APR 0.9.19 is also available</a></li>
<li><a href="#aprutil09">APR-util 0.9.19 is also available</a></li>
<li><a href="#apriconv09">APR-iconv 0.9.7 is also available</a></li>
Modified: release/apr/README.html
==============================================================================
--- release/apr/README.html (original)
+++ release/apr/README.html Fri May 20 23:11:38 2011
@@ -8,20 +8,32 @@
here to find your nearest mirror.</a>
</p>
-<h2><a name="apr">APR 1.4.4 is the latest available version</a></h2>
+<h2><a name="apr">APR 1.4.5 is the latest available version</a></h2>
<p>
- APR 1.4.4 has been released, and should be considered
+ APR 1.4.5 has been released, and should be considered
"general availability".
</p>
-<h2><a name="aprutil">APR-util 1.3.11 is the latest available version</a></h2>
+<p>
+ APR 1.4.5 corrected a vulnerability affecting some applications.
+ Users of all previous releases are cautioned to upgrade to the
+ latest version.
+</p>
+
+<h2><a name="aprutil">APR-util 1.3.12 is the latest available version</a></h2>
<p>
- APR-util 1.3.11 has been released, and should be considered
+ APR-util 1.3.12 has been released, and should be considered
"general availability".
</p>
+<p>
+ APR-util 1.3.10 and earlier versions had vulnerabilites affecting
+ some applications. Users of 1.3.10 and previous versions are
+ cautioned to upgrade to the latest version.
+<p>
+
<h2><a name="apriconv">APR-iconv 1.2.1 is the latest available version</a></h2>
<p>
@@ -29,12 +41,6 @@
"general availability".
</p>
-<h2><a name="apr13">APR 1.3.12 is also available</a></h2>
-
-<p>
- APR 1.3.12 has also been released. This is a bug-fix release for
- the 1.3.x series.
-</p>
<h2><a name="apr09">APR 0.9.19 is also available</a></h2>
<p>