블로그 이미지
News and Announcements (at) Apache Software Foundation. 노안돼지
Apache Software Foundation The Apache User Group KLDP From download

Recent Post»

Recent Comment»

Recent Trackback»

Archive»

« 2024/5 »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
 
 
아파치 소프트웨어 재단은 아파치 오픈 소스 소프트웨어 프로젝트 커뮤니티 지원을 제공합니다.
아파치 프로젝트는 협업과 개발 프로세스를 기반으로 하는 상호간의 공감대와 개방되어 있는 실용적인 소프트웨어 라이센스, 그 분야에서 선두를 달릴 수 있는 고품질 소프트웨어 개발을 추구하고 있습니다.

우리는 심플한 서버 공유 프로젝트의 모임이라고도 하지만 오히려 개발자와 사용자간의 커뮤니티라고 생각합니다.

Apache Portable Runtime 0.9.19와 APR Utility 0.9.19 릴리즈

뉴스/소식 | 2010. 10. 19. 00:18 | Posted by 노안돼지
The Apache Software Foundation and the Apache Portable Runtime Project are proud to announce the General Availability of version 0.9.19 of the APR Apache Portable Runtime library, and version 0.9.19 of the companion APR-util Apache Portable Utility library.

  The corresponding version 0.9.7 of the companion APR-iconv library, an alternative portable implementation of the 'iconv' library, remains current.

  APR is available for download from:

    http://apr.apache.org/download.cgi

  This version of APR is a security and bug fix release, and is provided only for users requiring APR 0.9 compatibility.  Most developers are encouraged to adopt the latest APR 1.x version to ensure the most comprehensive support and access to the latest features and enhancements.  For example, the Apache HTTP Server Project's httpd 2.0 release uses APR 0.9 for binary compatibility, while later httpd 2.2 releases require APR 1.2 or later for better support and additional features.

  The security fixes in the APR library release 0.9.19 and APR-util library release 0.9.19 must be evaluated in the context of how APR-consuming applications use them to determine if the application provides untrusted input to these specific functions, to determine if they represent vulnerabilities to the specific application.
 Refer questions to such APR-consuming projects for further guidance.  These fixes, which are also included in the current APR and APR-util 1.x releases announced previously, include:

  * APR: SECURITY: CVE-2009-2412 (cve.mitre.org)
    Fix overflow in pools and rmm, where size alignment was taking place.
    [Matt Lewis <mattlewis@google.com>, Sander Striker, William Rowe]

  * APR-util: SECURITY: CVE-2010-1623 (cve.mitre.org)
    Fix a denial of service attack against apr_brigade_split_line().
    [Stefan Fritsch]

  * APR-util: SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
    Fix two buffer over-read flaws in the bundled copy of expat which
    could cause applications to crash while parsing specially-crafted
    XML documents.  [Joe Orton, Rainer Jung]

  * APR-util: SECURITY: CVE-2009-2412 (cve.mitre.org)
    Fix overflow in rmm, where size alignment was taking place.
    [Matt Lewis <mattlewis@google.com>, Sander Striker]

  The mission of the Apache Portable Runtime Project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable if not identical behavior regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform-specific deficiencies or features.

  APR and its companion libraries are implemented entirely in C and provide a common programming interface across a wide variety of operating system platforms without sacrificing performance.
  Currently supported platforms include:

    UNIX variants
    Windows
    Netware
    Mac OS X
    OS/2

  To give a brief overview, the primary core
  subsystems of APR 0.9 include the following:

    Atomic operations
    Dynamic Shared Object loading
    File I/O
    Locks (mutexes, condition variables, etc)
    Memory management (high performance allocators)
    Memory-mapped files
    Network I/O
    Shared memory
    Thread and Process management
    Various data structures (tables, hashes, priority queues, etc)

  For a more complete list, please refer to the following URLs:

    http://apr.apache.org/docs/apr/modules.html
    http://apr.apache.org/docs/apr-util/modules.html

  Users of APR 0.9 should be aware that migrating to the APR 1.x
  programming interfaces may require some adjustments; APR 1.x is
  neither source nor binary compatible with earlier APR 0.9 releases.
  Users of APR 1.x can expect consistent interfaces and binary backwards
  compatibility throughout the entire APR 1.x release cycle, as defined
  in our versioning rules:

    http://apr.apache.org/versioning.html

  APR is already used extensively by the Apache HTTP Server
  version 2 and the Subversion revision control system, to
  name but a few.  We list all known projects using APR at
  http://apr.apache.org/projects.html -- so please let us know
  if you find our libraries useful in your own projects!
저작자표시 비영리 동일조건
:

Apache Portable Runtime Utility 1.3.10 릴리즈

뉴스/소식 | 2010. 10. 5. 09:40 | Posted by 노안돼지
Apache Portable Runtime Utility 1.3.10 Released

  The Apache Software Foundation and the Apache Portable Runtime  Project are proud to announce the General Availability of  version 1.3.10 of the APR Apache Portable Runtime Utility library.
  This is a bug fix release and corrects several potential security vulnerabilities and other defects.  Users of previous versions are strongly cautioned to update to this release.

  (See CHANGES-APR-UTIL-1.3 for more information.)

  Version 1.4.2 of the Apache Portable Runtime remains current.

  Version 1.2.1 of the companion APR-iconv library, an alternative portable implementation of the 'iconv' library, remains current.

  APR is available for download from:

    http://apr.apache.org/download.cgi

  The mission of the Apache Portable Runtime Project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable
  if not identical behavior regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform-specific deficiencies or features.

  APR and its companion libraries are implemented entirely in C and provide a common programming interface across a wide variety of operating system platforms without sacrificing performance.
  Currently supported platforms include:

    UNIX variants
    Windows
    Netware
    Mac OS X
    OS/2

  To give a brief overview, the primary core subsystems of APR 1.3 include the following:

    Atomic operations
    Dynamic Shared Object loading
    File I/O
    Locks (mutexes, condition variables, etc)
    Memory management (high performance allocators)
    Memory-mapped files
    Multicast Sockets
    Network I/O
    Shared memory
    Thread and Process management
    Various data structures (tables, hashes, priority queues, etc)

  For a more complete list, please refer to the following URLs:

    http://apr.apache.org/docs/apr/modules.html
    http://apr.apache.org/docs/apr-util/modules.html

  Users of APR 0.9 should be aware that migrating to the APR 1.x
  programming interfaces may require some adjustments; APR 1.x is
  neither source nor binary compatible with earlier APR 0.9 releases.
  Users of APR 1.x can expect consistent interfaces and binary backwards
  compatibility throughout the entire APR 1.x release cycle, as defined
  in our versioning rules:

    http://apr.apache.org/versioning.html

  APR is already used extensively by the Apache HTTP Server
  version 2 and the Subversion revision control system, to
  name but a few.  We list all known projects using APR at
  http://apr.apache.org/projects.html -- so please let us know
  if you find our libraries useful in your own projects!
저작자표시 비영리 동일조건
:
 

티스토리툴바