apr: upgrade version 1.7.2 -> 1.7.5 to address CVE-2023-49582 (#10749)

mfrw · web-flow · commit db8338b9b17b · 2024-10-23T09:07:02.000+05:30
Changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7 Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
diff --git a/SPECS/apr/apr.signatures.json b/SPECS/apr/apr.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "apr-1.7.2.tar.gz": "3d8999b216f7b6235343a4e3d456ce9379aa9a380ffb308512f133f0c5eb2db9"
+  "apr-1.7.5.tar.gz": "3375fa365d67bcf945e52b52cba07abea57ef530f40b281ffbe977a9251361db"
  }
 }
diff --git a/SPECS/apr/apr.spec b/SPECS/apr/apr.spec
@@ -1,14 +1,15 @@
 %define         aprver  1
 Summary:        The Apache Portable Runtime
 Name:           apr
-Version:        1.7.2
-Release:        2%{?dist}
+Version:        1.7.5
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Libraries
 URL:            https://apr.apache.org/
 Source0:        https://dlcdn.apache.org/%{name}/%{name}-%{version}.tar.gz
+Patch0:         skip-known-test-failure.patch
 %if %{with_check}
 # test_serv_by_name test requires /etc/services file from iana-etc package
 BuildRequires:  iana-etc
@@ -25,7 +26,7 @@ Requires:       %{name} = %{version}-%{release}
 It contains the libraries and header files to create applications
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 ./configure --prefix=%{_prefix} \
@@ -64,6 +65,10 @@ make -j1 check
 %{_libdir}/pkgconfig
 
 %changelog
+* Wed Oct 16 2024 Muhammad Falak <mwani@microsoft.com> - 1.7.5-1
+- Upgrade version to address CVE-2023-49582
+- Enable ptests
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 1.7.2-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
diff --git a/SPECS/apr/skip-known-test-failure.patch b/SPECS/apr/skip-known-test-failure.patch
@@ -0,0 +1,31 @@
+From d4aa66b790e48f4745bcc6623b286577f2e0aef0 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <falakreyaz@gmail.com>
+Date: Wed, 16 Oct 2024 19:47:33 +0530
+Subject: [PATCH] test: skip known test failure
+
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ test/Makefile.in | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/test/Makefile.in b/test/Makefile.in
+index e3b71e0..b609c74 100644
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -172,6 +172,13 @@ check: $(TESTALL_COMPONENTS) $(STDTEST_PORTABLE) $(STDTEST_NONPORTABLE)
+ 					progfailed="$$progfailed '$$prog mode $$mode'"; \
+ 				fi; \
+ 			done; \
++		elif test "$$prog" = 'testall'; then \
++			./$$prog -v -x testsock; \
++			status=$$?; \
++			if test $$status != 0; then \
++				teststatus=$$status; \
++				progfailed="$$progfailed $$prog"; \
++			fi; \
+ 	        else \
+ 			./$$prog -v; \
+ 			status=$$?; \
+-- 
+2.40.1
+
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -505,8 +505,8 @@
         "type": "other",
         "other": {
           "name": "apr",
-          "version": "1.7.2",
-          "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.2.tar.gz"
+          "version": "1.7.5",
+          "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.5.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "apr-1.7.2.tar.gz": "3d8999b216f7b6235343a4e3d456ce9379aa9a380ffb308512f133f0c5eb2db9"`
	`3`	`+ "apr-1.7.5.tar.gz": "3375fa365d67bcf945e52b52cba07abea57ef530f40b281ffbe977a9251361db"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -505,8 +505,8 @@`
`505`	`505`	`"type": "other",`
`506`	`506`	`"other": {`
`507`	`507`	`"name": "apr",`
`508`		`- "version": "1.7.2",`
`509`		`- "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.2.tar.gz"`
	`508`	`+ "version": "1.7.5",`
	`509`	`+ "downloadUrl": "https://dlcdn.apache.org/apr/apr-1.7.5.tar.gz"`
`510`	`510`	`}`
`511`	`511`	`}`
`512`	`512`	`},`