乐胖代购免代理版

-*- coding: utf-8 -*- Changes for APR 1.7.5 *) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions (cve.mitre.org) Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. Credits: Thomas Stangner *) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem] *) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic] *) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic] *) Improve platform detection by updating config.guess and config.sub. [Rainer Jung] *) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov] *) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov] *) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov] Changes for APR 1.7.4 *) Fix a regression where writing to a file opened with both APR_FOPEN_APPEND and APR_FOPEN_BUFFERED did not properly append the data on Windows. (This regression was introduced in APR 1.7.3) [Evgeny Kotkov] Changes for APR 1.7.3 *) apr-1-config: Fix crosscompiling detection in apr-1-config. PR 66510 [Ruediger Pluem] *) configure: Add --enable-sysv-shm to use SysV shared memory (shmget) if available. [Ruediger Pluem] *) apr_socket_sendfile: Use WSAIoctl() to get TransmitFile function pointer on Windows. [Ivan Zhakov] *) apr_dir_read: Do not request short file names on Windows 7 and later. [Ivan Zhakov] *) apr_file_gets: Optimize for buffered files on Windows. [Evgeny Kotkov] *) Fix a deadlock when writing to locked files opened with APR_FOPEN_APPEND on Windows. PR 50058. [Evgeny Kotkov] *) Don't seek to the end when opening files with APR_FOPEN_APPEND on Windows. [Evgeny Kotkov] *) apr_file_write: Optimize large writes to buffered files on Windows. [Evgeny Kotkov] *) apr_file_read: Optimize large reads from buffered files on Windows. [Evgeny Kotkov] Changes for APR 1.7.2 *) Correct a packaging issue in 1.7.1. The contents of the release were correct, but the top level directory was misnamed. Changes for APR 1.7.1 *) SECURITY: CVE-2022-24963 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. *) SECURITY: CVE-2022-28331 (cve.mitre.org) On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. *) SECURITY: CVE-2021-35940 (cve.mitre.org) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] *) configure: Fix various build issues for compilers enforcing strict C99 compliance. PR 66396, 66408, 66426. [Florian Weimer , Sam James ] *) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov] *) configure: Prefer posix name-based shared memory over SysV IPC. [Jim Jagielski] *) configure: Add --disable-sctp argument to forcibly disable SCTP support, or --enable-sctp which fails if SCTP support is not detected. [Lubos Uhliarik , Joe Orton] *) Fix handle leak in the Win32 apr_uid_current implementation. PR 61165. [Ivan Zhakov] *) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file to avoid a fd and inode leak when/if later passed to apr_file_setaside(). [Yann Ylavic] *) APR's configure script uses AC_TRY_RUN to detect whether the return type of strerror_r is int. When cross-compiling this defaults to no. This commit adds an AC_CACHE_CHECK so users who cross-compile APR may influence the outcome with a configure variable. [Sebastian Kemper ] *) Add a cache check with which users who cross-compile APR can influence the outcome of the /dev/zero test by setting the variable ac_cv_mmap__dev_zero=yes [Sebastian Kemper ] *) Trick autoconf into printing the correct default prefix in the help. [Stefan Fritsch] *) Don't try to use PROC_PTHREAD by default when cross compiling. [Yann Ylavic] *) Add the ability to cross compile APR. [Graham Leggett] *) While cross-compiling, the tools/gen_test_char could not be executed at build time, use AX_PROG_CC_FOR_BUILD to build native tools/gen_test_char Support explicit libtool by variable assigning before buildcheck.sh, it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool) [Hongxu Jia ] *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen ] *) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053. [Mike Frysinger ] *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] *) apr_pools: Fix pool debugging output so that creation events are always emitted before allocation events and subpool destruction events are emitted on pool clear/destroy for proper accounting. [Brane Čibej] *) apr_socket_listen: Allow larger listen backlog values on Windows 8+. [Evgeny Kotkov ] *) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10 *) Fix attempt to free invalid memory on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov] Changes for APR 1.7.0 *) apr_dir_read: [Unix] Dropped the preference of the dirread_r() flavor for dirread(), because the former is both deprecated and unneeded. [Yann Ylavic, William Rowe] *) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points as symlinks, and not other reparse tag types. PR47630 [Oleg Liatte ] *) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the case of apparently equivilant long and long long types. [William Rowe] *) Recognize APPLE predefined macros as equivilant to DARWIN. [Jim Jagielski] *) Signals: Allow handling of SIGUSR2 in apr_signal_thread. [Yann Ylavic] *) Atomics: Support for 64bit ints. [Jim Jagielski] *) Add the apr_encode_* API that implements RFC4648 and RFC7515 compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16 encode/decode functions. [Graham Leggett] *) rand: Use arc4random_buf() on BSD platforms and getrandom() on Linux, when available. [Christian Weisgerber