main/apr: security upgrade to 1.7.5

Fix CVE-2023-49582: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) - https://downloads.apache.org/apr/CHANGES-APR-1.7 - https://www.cve.org/CVERecord?id=CVE-2023-49582
2024-09-20 11:23:16 +00:00 · 2024-08-30 10:02:25 +02:00 · 2024-08-30 10:02:25 +02:00 · d392a45c63
commit d392a45c63
parent 5de2c8bae4
1 changed files with 4 additions and 2 deletions
--- a/main/apr/APKBUILD
+++ b/main/apr/APKBUILD
@ -1,6 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apr
-pkgver=1.7.4
+pkgver=1.7.5
 pkgrel=0
 pkgdesc="The Apache Portable Runtime"
 url="https://apr.apache.org/"
@ -15,6 +15,8 @@ source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2
 	"

 # secfixes:
+#   1.7.5-r0:
+#     - CVE-2023-49582
 #   1.7.1-r0:
 #     - CVE-2022-24963
 #     - CVE-2022-25147
@ -62,7 +64,7 @@ dev() {
 }

 sha512sums="
-2342c997765ea2ca96eac158e5fd260232dba68fc41b90a79a7ba9b25c539fc217981867362090e0ebebe632289257c342275e3c5baedb698c474ef8f49a9dcd  apr-1.7.4.tar.bz2
+d8a7553642da0c81261ac3992536efd9d43ecb9154934ef1a10ae808d6a3ce8198b40433091d3a6d04f61e67c59426fb5276193a37e810ae4bc74a8a10fb651b  apr-1.7.5.tar.bz2
 9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef  apr-1.6.2-dont-test-dlclose.patch
 5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8  semtimedop-s390x.patch
 "