apr: upgrade version 1.7.4 -> 1.7.5 to address CVE-2023-49582 (micros…

…oft#10750) Changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7 Signed-off-by: Muhammad Falak R Wani <[email protected]>
JocelynBerrendonner · Jan 23, 2025 · 1e9be32 · 1e9be32
1 parent b27ef41
commit 1e9be32
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 8 deletions.
diff --git a/SPECS/apr/apr.signatures.json b/SPECS/apr/apr.signatures.json
@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "apr-1.7.4.tar.gz": "a4137dd82a185076fa50ba54232d920a17c6469c30b0876569e1c2a05ff311d9"
-  }
-}
+ "Signatures": {
+  "apr-1.7.5.tar.gz": "3375fa365d67bcf945e52b52cba07abea57ef530f40b281ffbe977a9251361db"
+ }
+}
diff --git a/SPECS/apr/apr.spec b/SPECS/apr/apr.spec
@@ -1,14 +1,15 @@
 %define         aprver  1
 Summary:        The Apache Portable Runtime
 Name:           apr
-Version:        1.7.4
+Version:        1.7.5
 Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Libraries
 URL:            https://apr.apache.org/
 Source0:        https://dlcdn.apache.org/%{name}/%{name}-%{version}.tar.gz
+Patch0:         skip-known-test-failure.patch
 %if 0%{?with_check}
 # test_serv_by_name test requires /etc/services file from iana-etc package
 BuildRequires:  iana-etc
@@ -25,7 +26,7 @@ Requires:       %{name} = %{version}-%{release}
 It contains the libraries and header files to create applications
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 ./configure --prefix=%{_prefix} \
@@ -64,6 +65,10 @@ make -j1 check
 %{_libdir}/pkgconfig
 
 %changelog
+* Wed Oct 16 2024 Muhammad Falak <[email protected]> - 1.7.5-1
+- Upgrade version to address CVE-2023-49582
+- Enable ptests
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 1.7.4-1
 - Auto-upgrade to 1.7.4 - Azure Linux 3.0 - package upgrades
 

diff --git a/SPECS/apr/skip-known-test-failure.patch b/SPECS/apr/skip-known-test-failure.patch
@@ -0,0 +1,31 @@
+From d4aa66b790e48f4745bcc6623b286577f2e0aef0 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <[email protected]>
+Date: Wed, 16 Oct 2024 19:47:33 +0530
+Subject: [PATCH] test: skip known test failure
+
+Signed-off-by: Muhammad Falak R Wani <[email protected]>
+---
+ test/Makefile.in | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/test/Makefile.in b/test/Makefile.in
+index e3b71e0..b609c74 100644
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -172,6 +172,13 @@ check: $(TESTALL_COMPONENTS) $(STDTEST_PORTABLE) $(STDTEST_NONPORTABLE)
+ 					progfailed="$$progfailed '$$prog mode $$mode'"; \
+ 				fi; \
+ 			done; \
++		elif test "$$prog" = 'testall'; then \
++			./$$prog -v -x testsock; \
++			status=$$?; \
++			if test $$status != 0; then \
++				teststatus=$$status; \
++				progfailed="$$progfailed $$prog"; \
++			fi; \
+ 	        else \
+ 			./$$prog -v; \
+ 			status=$$?; \
+-- 
+2.40.1
+
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -505,8 +505,8 @@
         "type": "other",
         "other": {
           "name": "apr",
-          "version": "1.7.4",
-          "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.4.tar.gz"
+          "version": "1.7.5",
+          "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.5.tar.gz"
         }
       }
     },