devel/apr1: Update to 1.7.5
ClosedPublic
Actions

Authored by ngie on Sep 2 2023, 5:21 PM.

Details

Reviewers

brnrd
joneum
kevans

Summary

This change updates the libapr component to 1.7.5 which addresses some
minor functional issues and security issues.

See the APR 1.7 changelog for more details.

PR: 274053

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59704
Build 56590: arc lint + arc unit

Event Timeline

joneum created this revision.Sep 2 2023, 5:21 PM

Herald added a subscriber: mat. · View Herald TranscriptSep 2 2023, 5:21 PM

joneum requested review of this revision.Sep 2 2023, 5:21 PM

Harbormaster completed remote builds in B53413: Diff 126818.Sep 2 2023, 5:21 PM

Please check D40366 as well re. removal of/support for BDB 1.85, license issues

devel/apr1/Makefile
48	IIRC BDB 5 is required for users that don't want to change licenses. Can we check on prior tickets?

We're now 2 subminor versions behind and this component is impacted by at least one CVE: CVE-2023-49582 (resolved in 1.7.5). Could this update please be done (along with considering my other patch in D40366)?

Update the diff to the latest version: 1.7.5

Harbormaster completed remote builds in B59704: Diff 144186.Oct 4 2024, 4:28 AM

ngie retitled this revision from devel/apr1: Update to 1.7.4 to devel/apr1: Update to 1.7.5.Oct 5 2024, 3:48 AM

ngie edited the summary of this revision. (Show Details)

ngie commandeered this revision.Oct 5 2024, 3:57 AM

ngie added a reviewer: joneum.

LGTM, but please give apache@ just another few days to speak up. I suspect no objection given known security issues and having dropped the potentially problematic BDB5 removal.

This revision is now accepted and ready to land.Oct 5 2024, 4:10 AM

Thanks for the heads-up! Done.