Mailing List Archive | ports@openbsd.org

From:: Stefan Sperling <stsp@stsp.name>
Subject:: Re: devel/apr: update to 1.7.5, fix CVE-2023-49582
To:: "Kirill A. Korinsky" <kirill@korins.ky>
Cc:: OpenBSD ports <ports@openbsd.org>, Klemens Nanni <kn@openbsd.org>
Date:: Thu, 7 Nov 2024 11:16:15 +0100

Download raw body.

Thread

2024-11-07 09:36 Kirill A. Korinsky:
devel/apr: update to 1.7.5, fix CVE-2023-49582
- 2024-11-07 10:16 Stefan Sperling:
  devel/apr: update to 1.7.5, fix CVE-2023-49582
- 2024-11-07 11:25 Stuart Henderson:
  devel/apr: update to 1.7.5, fix CVE-2023-49582
- - 2024-11-07 12:04 Kirill A. Korinsky:
    devel/apr: update to 1.7.5, fix CVE-2023-49582

On Thu, Nov 07, 2024 at 10:36:57AM +0100, Kirill A. Korinsky wrote:
> ports@,
> 
> Here an update for devel/apr to 1.7.5 which was released August 26, 2024 and
> which contains fix CVE-2023-49582.
> 
> Tested on -current/amd64 by rebuilding:
>  - devel/apr-util
>  - devel/subversion
>  - net/serf
>  - www/ap2-mod_dnssd
>  - www/ap2-mod_perl
>  - www/apache-httpd
>  - www/p5-libapreq2
> 
> /usr/src/lib/check_sym confrims that only one symbols was added.
> 
> Ok for -current and 7.6?

OK stsp@, thanks.

I already know that subversion and serf work fine with this.
Not sure about the other ports. But we do not really have a
better choice than upgrading devel/apr in any case.

2024-11-07 09:36 Kirill A. Korinsky:
devel/apr: update to 1.7.5, fix CVE-2023-49582
- 2024-11-07 10:16 Stefan Sperling:
  devel/apr: update to 1.7.5, fix CVE-2023-49582
- 2024-11-07 11:25 Stuart Henderson:
  devel/apr: update to 1.7.5, fix CVE-2023-49582
- - 2024-11-07 12:04 Kirill A. Korinsky:
    devel/apr: update to 1.7.5, fix CVE-2023-49582