commit apr for openSUSE:Factory

Sat, 04 Feb 2023 05:12:00 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apr for openSUSE:Factory checked in 
at 2023-02-04 14:11:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apr (Old)
 and      /work/SRC/openSUSE:Factory/.apr.new.4462 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apr"

Sat Feb  4 14:11:10 2023 rev:16 rq:1063003 version:1.7.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/apr/apr.changes  2022-03-29 18:13:51.691042174 
+0200
+++ /work/SRC/openSUSE:Factory/.apr.new.4462/apr.changes        2023-02-04 
14:11:49.172362905 +0100
@@ -1,0 +2,16 @@
+Thu Feb  2 19:55:07 UTC 2023 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 1.7.2:
+  * CVE-2022-24963: Integer Overflow or Wraparound vulnerability in
+    apr_encode functions allows an attacker to write beyond bounds 
+    of a buffer (boo#1207870)
+  * Add error handling for lseek() failures in apr_file_write() and
+    apr_file_writev()
+  * Avoid an overflow on 32 bit platforms
+  * Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp()
+    created file to avoid a fd and inode leak when/if later passed
+    to apr_file_setaside().
+  * build system fixes and fixes for other platforms
+- drop apr-CVE-2021-35940.patch included upstream (CVE-2021-35940)
+
+-------------------------------------------------------------------

Old:
----
  apr-1.7.0.tar.bz2
  apr-1.7.0.tar.bz2.asc
  apr-CVE-2021-35940.patch

New:
----
  apr-1.7.2.tar.bz2
  apr-1.7.2.tar.bz2.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apr.spec ++++++
--- /var/tmp/diff_new_pack.21zvOR/_old  2023-02-04 14:11:49.776366172 +0100
+++ /var/tmp/diff_new_pack.21zvOR/_new  2023-02-04 14:11:49.780366194 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package apr
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 %define         installbuilddir %{_libdir}/apr-%{aprver}/build
 %define         includedir %{_includedir}/apr-%{aprver}
 Name:           apr
-Version:        1.7.0
+Version:        1.7.2
 Release:        0
 Summary:        Apache Portable Runtime (APR) Library
 License:        Apache-2.0
@@ -29,13 +29,11 @@
 URL:            https://apr.apache.org/
 Source0:        https://www.apache.org/dist/apr/apr-%{version}.tar.bz2
 Source1:        https://www.apache.org/dist/apr/apr-%{version}.tar.bz2.asc
-Source2:        %{name}.keyring
+Source2:        https://downloads.apache.org/apr/KEYS#/%{name}.keyring
 Patch5:         apr-visibility.patch
 Patch9:         apr-proc-mutex-map-anon.patch
 # prevent random failures of the testsuite (sendfile test)
 Patch10:        apr-test-sendfile-timeout.patch
-# CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to 
information disclosure (udp)
-Patch11:        apr-CVE-2021-35940.patch
 BuildRequires:  doxygen
 BuildRequires:  fdupes
 BuildRequires:  libuuid-devel
@@ -43,7 +41,6 @@
 # for the testsuite
 BuildRequires:  netcfg
 BuildRequires:  pkgconfig
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 APR is Apache's Portable Runtime Library, designed to be a support
@@ -83,11 +80,7 @@
 that want to make use of APR.
 
 %prep
-%setup -q
-%patch5 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
+%autosetup -p1
 
 # Do not put date to doxy content
 sed -i \
@@ -106,11 +99,11 @@
        --disable-static \
        --enable-posix-shm \
        --with-sendfile
-make %{?_smp_mflags} CFLAGS="%{optflags} -DREADDIR_IS_THREAD_SAFE 
-fvisibility=hidden -fPIC"
-make dox %{?_smp_mflags}
+%make_build CFLAGS="%{optflags} -DREADDIR_IS_THREAD_SAFE -fvisibility=hidden 
-fPIC"
+%make_build dox
 
 %install
-make DESTDIR=$RPM_BUILD_ROOT install %{?_smp_mflags}
+%make_install
 # Move docs to more convenient location
 mv docs/dox/html html
 # Unpackaged files:
@@ -128,9 +121,9 @@
 %check
 %if ! 0%{?qemu_user_space_build}
 %ifarch ppc ppc64 ppc64le
-make check -j1 || { echo "ignore PowerPC transient test failures"; exit 0; }
+%make_build check -j1 || { echo "ignore PowerPC transient test failures"; exit 
0; }
 %else
-make check -j1
+%make_build check -j1
 %endif
 %endif
 
@@ -138,12 +131,11 @@
 %postun -n %{libname} -p /sbin/ldconfig
 
 %files -n %{libname}
-%defattr(-,root,root,-)
 %doc CHANGES
 %if 0%{?suse_version} > 1315
 %license LICENSE
 %else
-%doc LICENSE
+%license LICENSE
 %endif
 %doc NOTICE
 %{_libdir}/libapr-%{aprver}.so.*
@@ -151,7 +143,6 @@
 %{_libdir}/libapr-%{aprver}.so
 
 %files devel
-%defattr(-,root,root,-)
 %doc docs/APRDesign.html
 %doc docs/canonical_filenames.html
 %doc docs/incomplete_types

++++++ apr-1.7.0.tar.bz2 -> apr-1.7.2.tar.bz2 ++++++
++++ 37238 lines of diff (skipped)

++++++ apr.keyring ++++++
++++ 7478 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/apr/apr.keyring
++++ and /work/SRC/openSUSE:Factory/.apr.new.4462/apr.keyring

Reply via email to