-*- coding: utf-8 -*- Changes for APR 1.7.5 *) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem] *) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic] *) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic] *) Improve platform detection by updating config.guess and config.sub. [Rainer Jung] *) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov] *) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov] *) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov] Changes for APR 1.7.4 *) Fix a regression where writing to a file opened with both APR_FOPEN_APPEND and APR_FOPEN_BUFFERED did not properly append the data on Windows. (This regression was introduced in APR 1.7.3) [Evgeny Kotkov] Changes for APR 1.7.3 *) apr-1-config: Fix crosscompiling detection in apr-1-config. PR 66510 [Ruediger Pluem] *) configure: Add --enable-sysv-shm to use SysV shared memory (shmget) if available. [Ruediger Pluem] *) apr_socket_sendfile: Use WSAIoctl() to get TransmitFile function pointer on Windows. [Ivan Zhakov] *) apr_dir_read: Do not request short file names on Windows 7 and later. [Ivan Zhakov] *) apr_file_gets: Optimize for buffered files on Windows. [Evgeny Kotkov] *) Fix a deadlock when writing to locked files opened with APR_FOPEN_APPEND on Windows. PR 50058. [Evgeny Kotkov] *) Don't seek to the end when opening files with APR_FOPEN_APPEND on Windows. [Evgeny Kotkov] *) apr_file_write: Optimize large writes to buffered files on Windows. [Evgeny Kotkov] *) apr_file_read: Optimize large reads from buffered files on Windows. [Evgeny Kotkov] Changes for APR 1.7.2 *) Correct a packaging issue in 1.7.1. The contents of the release were correct, but the top level directory was misnamed. Changes for APR 1.7.1 *) SECURITY: CVE-2022-24963 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. *) SECURITY: CVE-2022-28331 (cve.mitre.org) On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. *) SECURITY: CVE-2021-35940 (cve.mitre.org) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] *) configure: Fix various build issues for compilers enforcing strict C99 compliance. PR 66396, 66408, 66426. [Florian Weimer , Sam James ] *) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov] *) configure: Prefer posix name-based shared memory over SysV IPC. [Jim Jagielski] *) configure: Add --disable-sctp argument to forcibly disable SCTP support, or --enable-sctp which fails if SCTP support is not detected. [Lubos Uhliarik , Joe Orton] *) Fix handle leak in the Win32 apr_uid_current implementation. PR 61165. [Ivan Zhakov] *) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file to avoid a fd and inode leak when/if later passed to apr_file_setaside(). [Yann Ylavic] *) APR's configure script uses AC_TRY_RUN to detect whether the return type of strerror_r is int. When cross-compiling this defaults to no. This commit adds an AC_CACHE_CHECK so users who cross-compile APR may influence the outcome with a configure variable. [Sebastian Kemper ] *) Add a cache check with which users who cross-compile APR can influence the outcome of the /dev/zero test by setting the variable ac_cv_mmap__dev_zero=yes [Sebastian Kemper ] *) Trick autoconf into printing the correct default prefix in the help. [Stefan Fritsch] *) Don't try to use PROC_PTHREAD by default when cross compiling. [Yann Ylavic] *) Add the ability to cross compile APR. [Graham Leggett] *) While cross-compiling, the tools/gen_test_char could not be executed at build time, use AX_PROG_CC_FOR_BUILD to build native tools/gen_test_char Support explicit libtool by variable assigning before buildcheck.sh, it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool) [Hongxu Jia ] *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen ] *) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053. [Mike Frysinger ] *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] *) apr_pools: Fix pool debugging output so that creation events are always emitted before allocation events and subpool destruction events are emitted on pool clear/destroy for proper accounting. [Brane Čibej] *) apr_socket_listen: Allow larger listen backlog values on Windows 8+. [Evgeny Kotkov ] *) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10 *) Fix attempt to free invalid memory on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov] Changes for APR 1.7.0 *) apr_dir_read: [Unix] Dropped the preference of the dirread_r() flavor for dirread(), because the former is both deprecated and unneeded. [Yann Ylavic, William Rowe] *) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points as symlinks, and not other reparse tag types. PR47630 [Oleg Liatte ] *) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the case of apparently equivilant long and long long types. [William Rowe] *) Recognize APPLE predefined macros as equivilant to DARWIN. [Jim Jagielski] *) Signals: Allow handling of SIGUSR2 in apr_signal_thread. [Yann Ylavic] *) Atomics: Support for 64bit ints. [Jim Jagielski] *) Add the apr_encode_* API that implements RFC4648 and RFC7515 compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16 encode/decode functions. [Graham Leggett] *) rand: Use arc4random_buf() on BSD platforms and getrandom() on Linux, when available. [Christian Weisgerber