apr-util (1.2.7+dfsg-2+etch3) oldstable-security; urgency=high

  * CVE-2009-2412: Fix overflow in RMM allocations due to alignment.

 -- Peter Samuelson <peter@p12n.org>  Thu, 06 Aug 2009 09:27:58 -0500

apr-util (1.2.7+dfsg-2+etch2) oldstable-security; urgency=high

  * CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
    remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
  * Fix DoS vulnerability (memory consumption) in handling of internal xml
    entities.

 -- Stefan Fritsch <sf@debian.org>  Wed, 03 Jun 2009 23:12:43 +0200

apr-util (1.2.7+dfsg-2) unstable; urgency=low

  * Fix stupid code duplication in apr_md[45].c resulting from C&P.
    Thanks to Peter Samuelson for notifying me.  This makes md[45] work
    correctly.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 18 Aug 2006 19:50:31 +0200

apr-util (1.2.7+dfsg-1) unstable; urgency=low

  * Remove dependency on libgdbm1 from libaprutil1-dev.
  * Build against libdb 4.4.  Closes: #354510
  * Remove most libs from apu-config --link-ld --libs.  Thanks to Peter
    Samuelson, Closes: #378105
  * Use md4 and md5 implementation from Solar Designer as this is in the
    public domain and not subject to RSA copyright.  This requires a
    repacked source, so add +dfsg to the version number.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 14 Jul 2006 15:31:22 +0200

apr-util (1.2.7-2) unstable; urgency=low

  * Fix override disparity.
  * Compile without gdbm.
  * Get rid of all the evil libtool hacks and adjust build-depends
    accordingly.
  * Remove --includedir parameter and adjust config.layout instead.  This
    works around damage in newer autoconfs.

 -- Tollef Fog Heen <tfheen@debian.org>  Mon,  1 May 2006 17:05:28 +0200

apr-util (1.2.7-1) unstable; urgency=low

  * New upstream release
  * Tighten build dependency on apr to a version which ships
    get-version.sh
  * Grab get-version.sh from APR build
  * Pass --with-berkeley-db to configure so it actually picks up our
    preferred BDB version.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 28 Apr 2006 21:59:55 +0200

apr-util (1.2.2-4) unstable; urgency=low

  * Compile with -fPIC.  Closes: #350677
  * Build with -i to avoid .svn directories in source.  Closes: #357175

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 27 Jan 2006 18:50:04 +0100

apr-util (1.2.2-3) unstable; urgency=low

  * Add proper depends to libaprutil1-dev
  * Rename source package to match upstream.
  * Rename to libaprutil1 instead of libaprutil1.0
  * Use libdb4.3, not 4.2
  * Conflict with old package names
  * Add gdbm support
  * Fix call to configure to avoid double linking to sqlite and sqlite3
  * Update to Standards Version: 3.6.2.2: no changes.
  * Add apu-config compatibility symlink.

 -- Tollef Fog Heen <tfheen@debian.org>  Fri, 27 Jan 2006 18:50:04 +0100

apr-util1.0 (1.2.2-2) unstable; urgency=low

  * Upgrade to debhelper v5
  * Call dh_installdocs, so we actually get a copyright.

 -- Thom May <thom@debian.org>  Tue,  3 Jan 2006 13:05:02 +0000

apr-util1.0 (1.2.2-1) unstable; urgency=low

  * New upstream version
  * Enable postgres and sqlite3 support

 -- Thom May <thom@debian.org>  Fri, 30 Dec 2005 10:40:03 +0000

apr-util1.0 (1.1.2-1) unstable; urgency=low

  * New upstream release

 -- Thom May <thom@debian.org>  Sun,  8 May 2005 17:12:22 +0100

apr-util1.0 (1.1.0-1) unstable; urgency=low

  * New Upstream Release
  * First Package Release

 -- Thom May <thom@debian.org>  Wed, 17 Nov 2004 11:51:32 -0800