- version update to 1.7.5 [bsc#1229783] CVE-2023-49582

*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem] *) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic] *) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic] *) Improve platform detection by updating config.guess and config.sub. [Rainer Jung] *) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov] *) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov] *) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov] - modified patches % apr-visibility.patch (refreshed) % reproducible.patch (refreshed) OBS-URL: https://build.opensuse.org/package/show/Apache/apr?expand=0&rev=48
2024-09-18 10:16:28 +00:00 · 2024-09-18 10:16:28 +00:00 · fbf953bbf5
commit fbf953bbf5
13 changed files with 7951 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/apr-1.7.4.tar.bz2
+++ b/apr-1.7.4.tar.bz2
--- a/apr-1.7.4.tar.bz2.asc
+++ b/apr-1.7.4.tar.bz2.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCgAxFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmQ3ZCsTHGNvdmVuZXJA
+YXBhY2hlLm9yZwAKCRCCeB3kbVlU+mb9D/9Wl1CGZ/biEYEyLPAq3Ik0DrGvSQ49
+5wfaBCABRDBD2otD9YSuNrV+RZYkYys6xdPdGrQxUDkv5mh0hLZRvSK/Uf7eD9sD
+sDZ5ZSj6+KWvpww8+QWiYOFZLKFqcdt7/g8CWZYy+h2wkAB3jSeOW6kmum2MNowI
+8fE9ESMHwaR1nSNo+q7fTg4CyGtObEbDOcWdKwDW1Ib68Z2nj3zSz4i+rpZQZmCF
+FvPvQIYcM/TDFhitsJwc8f11NJhtZybmAnmH1kl8Ncy8WScuj08nltEpvBdPgw8V
+DG7tPrHNfbQnB3FUeBMlT8L1D6gGD7FZgynWmG49yc7V1Ll0JyW701mXsRcRCg6E
+6xMBTeAek/QQthguAmpCsRMiLrPPMiCLs8B9vlnMWQEqYG0ng9ehzXVAWz4ix5K+
+hWmVa95MHpxcoZ5joJL7G1AiVFjRuBJxyBA36qnYzleQWhtvmIW2Onf7QaknlXoC
+3ABOa6OCs8DTMynoPlLJKsPACNrOQX79rIg4xfr0jSueDJnBnfF1CVSJES7+75n8
+dt0kMm5Y718a44Vji9MtJrOXGDk9FhR8J3j++AE0vlYVpOGh5CXr2Ow0eldmaKWu
+bgtlUdB7ai3kLjtBNUBjWiz7mniDiSPSp6eskVlbmTnOkkqqXXJMyQjJ+XIGdXQJ
+8aDQ7ocCun+qhA==
+=eV/3
+-----END PGP SIGNATURE-----
--- a/apr-1.7.5.tar.bz2
+++ b/apr-1.7.5.tar.bz2
--- a/apr-1.7.5.tar.bz2.asc
+++ b/apr-1.7.5.tar.bz2.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmbFEoUACgkQgngd5G1Z
+VPp2/A/9Fy5UENuZ/D2E1T/+tA5gwDK62JNUYnKhlP8PxvBtxBBYmgYlo4HpSROt
+Z2GrvYn/khEEDgUHAVAVu+ehcgVoEJa1+DgNvhzYOc3XQjkPU3qEHrWuNuRYhlkT
+yAgXY5HgbEjc2im+SpeTL9K2it5ChEftw4b4WhSn6sdlglh+ncRkaH2f+YNQQ4et
+9NQkjyh/Z4ANeqGn3I8BvllxTgAbE4RQVTFi8O0rLY1cjj4gpP/HJ0K3wMBk+rzc
+V4llx8X2fdlNmxHB+FRFRVNAhdrMUkcOwRwbWb8CbkBPXKaoBbPyXUDeWTkzkfLs
+mVprIf3WCAtb92rGZj5tx8PMFzTCS36nZPI7Vm1nsB5BumOF1/TWWewkgBIXIgaP
+2dP4ySz97BSWJObHrySq+89nK3nisvxoP3gquhJDd8ilnlNv/BezQEuCxzid4ka/
+7DD65mEiEYYUR1DnyMR30vRf2FDR343TvgCsxGrs/dFC8aRySlq0EatslO36NYm
+g5Z7O9h0D/cXleU3Py6veMzCSwYOvKlrjROBF4CBJi+grsoPzSogfxP50DbD64N9
+DJGRVnl4WwWtXN+Za1ACeP6HaTMXghofNnmNUCg1BrsSlrOBY4dE7L3cO4QQ6shc
+xkzgzKt8/IfnTkYB6Uj068VXFAnNmEhiNQMVuvKLMOHjaZcj+vs=
+=XgMB
+-----END PGP SIGNATURE-----
--- a/apr-proc-mutex-map-anon.patch
+++ b/apr-proc-mutex-map-anon.patch
@ -0,0 +1,31 @@
+Index: apr-1.6.2/locks/unix/proc_mutex.c
+===================================================================
+--- apr-1.6.2.orig/locks/unix/proc_mutex.c
+++ apr-1.6.2/locks/unix/proc_mutex.c
+@@ -435,24 +435,16 @@ static apr_status_t proc_mutex_pthread_c
+                                               const char *fname)
+ {
+     apr_status_t rv;
+-    int fd;
+     pthread_mutexattr_t mattr;
+ 
+-    fd = open("/dev/zero", O_RDWR);
+-    if (fd < 0) {
+-        return errno;
+-    }
+-
+     new_mutex->os.pthread_interproc = mmap(NULL, sizeof(proc_pthread_mutex_t),
+-                                           PROT_READ | PROT_WRITE, MAP_SHARED,
+-                                           fd, 0); 
+                                           PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS,
+                                           -1, 0); 
+     if (new_mutex->os.pthread_interproc == MAP_FAILED) {
+         new_mutex->os.pthread_interproc = NULL;
+         rv = errno;
+-        close(fd);
+         return rv;
+     }
+-    close(fd);
+ 
+     new_mutex->pthread_refcounting = 1;
+     new_mutex->curr_locked = -1; /* until the mutex has been created */
--- a/apr-test-sendfile-timeout.patch
+++ b/apr-test-sendfile-timeout.patch
@ -0,0 +1,13 @@
+Index: apr-1.6.5/test/sendfile.c
+===================================================================
+--- apr-1.6.5.orig/test/sendfile.c	2013-10-14 15:45:05.000000000 +0200
+++ apr-1.6.5/test/sendfile.c	2019-02-08 10:58:50.731588817 +0100
+@@ -463,7 +463,7 @@ static int client(apr_pool_t *p, client_
+     /* in case this is the non-blocking test, set socket timeout;
+      * we're just waiting for EOF */
+ 
+-    rv = apr_socket_timeout_set(sock, apr_time_from_sec(3));
+    rv = apr_socket_timeout_set(sock, apr_time_from_sec(10));
+     if (rv != APR_SUCCESS) {
+         aprerr("apr_socket_timeout_set()", rv);
+     }
--- a/apr-visibility.patch
+++ b/apr-visibility.patch
@ -0,0 +1,44 @@
+Index: apr-1.7.5/include/apr.h.in
+===================================================================
+--- apr-1.7.5.orig/include/apr.h.in
+++ apr-1.7.5/include/apr.h.in
+@@ -504,7 +504,7 @@ typedef  apr_uint32_t            apr_uin
+  * headers, without defining APR_DECLARE_STATIC, will prepare the code to be
+  * linked to the dynamic library.
+  */
+-#define APR_DECLARE(type)            type 
+#define APR_DECLARE(type)            __attribute__ ((visibility ("default"))) type 
+ 
+ /**
+  * The public APR functions using variable arguments are declared with 
+@@ -517,7 +517,7 @@ typedef  apr_uint32_t            apr_uin
+  *
+  * </PRE>
+  */
+-#define APR_DECLARE_NONSTD(type)     type
+#define APR_DECLARE_NONSTD(type)      __attribute__ ((visibility ("default"))) type
+ 
+ /**
+  * The public APR variables are declared with AP_MODULE_DECLARE_DATA.
+@@ -533,7 +533,7 @@ typedef  apr_uint32_t            apr_uin
+  *
+  * </PRE>
+  */
+-#define APR_DECLARE_DATA
+#define APR_DECLARE_DATA  __attribute__ ((visibility ("default")))
+ 
+ #elif defined(APR_DECLARE_STATIC)
+ #define APR_DECLARE(type)            type __stdcall
+Index: apr-1.7.5/include/apr_support.h
+===================================================================
+--- apr-1.7.5.orig/include/apr_support.h
+++ apr-1.7.5/include/apr_support.h
+@@ -45,7 +45,7 @@ extern "C" {
+  *        otherwise wait for data to be able to be written. 
+  * @return APR_TIMEUP if we run out of time.
+  */
+-apr_status_t apr_wait_for_io_or_timeout(apr_file_t *f, apr_socket_t *s,
+APR_DECLARE(apr_status_t) apr_wait_for_io_or_timeout(apr_file_t *f, apr_socket_t *s,
+                                         int for_read);
+ 
+ /** @} */
--- a/apr.changes
+++ b/apr.changes
--- a/apr.keyring
+++ b/apr.keyring
--- a/apr.spec
+++ b/apr.spec
@ -0,0 +1,155 @@
+#
+# spec file for package apr
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define         aprver 1
+%define         libname lib%{name}%{aprver}-0
+%define         installbuilddir %{_libdir}/apr-%{aprver}/build
+%define         includedir %{_includedir}/apr-%{aprver}
+Name:           apr
+Version:        1.7.5
+Release:        0
+Summary:        Apache Portable Runtime (APR) Library
+License:        Apache-2.0
+Group:          Development/Libraries/C and C++
+URL:            https://apr.apache.org/
+Source0:        https://www.apache.org/dist/apr/apr-%{version}.tar.bz2
+Source1:        https://www.apache.org/dist/apr/apr-%{version}.tar.bz2.asc
+Source2:        https://downloads.apache.org/apr/KEYS#/%{name}.keyring
+Patch5:         apr-visibility.patch
+Patch9:         apr-proc-mutex-map-anon.patch
+# prevent random failures of the testsuite (sendfile test)
+Patch10:        apr-test-sendfile-timeout.patch
+Patch11:        reproducible.patch
+BuildRequires:  doxygen
+BuildRequires:  fdupes
+BuildRequires:  libuuid-devel
+BuildRequires:  lksctp-tools-devel
+# for the testsuite
+BuildRequires:  netcfg
+BuildRequires:  pkgconfig
+
+%description
+APR is Apache's Portable Runtime Library, designed to be a support
+library that provides a predictable and consistent interface to
+underlying platform-specific implementations.
+
+%package -n %{libname}
+Summary:        Apache Portable Runtime (APR) Library
+Group:          System/Libraries
+
+%description -n %{libname}
+APR is Apache's Portable Runtime Library, designed to be a support
+library that provides a predictable and consistent interface to
+underlying platform-specific implementations.
+
+The range of platform-spanning functionality provided by APR
+includes: Memory allocation and memory pool functionality, atomic
+operations, dynamic library handling, file I/O, command-argument
+parsing, locking, hash tables and arrays, mmap functionality, network
+sockets and protocols, threads, process and mutex functionality,
+shared memory functionality, time routines, as well as user and group
+ID services.
+
+%package devel
+Summary:        Development files for the Apache Portable Runtime (APR) library
+Group:          Development/Libraries/C and C++
+Requires:       %{libname} = %{version}
+Provides:       libapr1-devel = %{version}
+Obsoletes:      libapr1-devel < %{version}-%{release}
+
+%description devel
+APR is Apache's Portable Runtime Library, designed to be a support
+library that provides a predictable and consistent interface to
+underlying platform-specific implementations.
+
+This subpackage contains header files for developing applications
+that want to make use of APR.
+
+%prep
+%autosetup -p1
+
+# Do not put date to doxy content
+sed -i \
+	-e '4 iHTML_TIMESTAMP=NO' \
+	docs/doxygen.conf
+
+%build
+%configure \
+	--enable-other-child \
+	--with-installbuilddir=%{installbuilddir} \
+	--includedir=%{includedir} \
+	--with-devrandom=/dev/urandom \
+	--disable-static \
+	--enable-posix-shm \
+	--with-sendfile
+%make_build CFLAGS="%{optflags} -DREADDIR_IS_THREAD_SAFE -fvisibility=hidden -fPIC"
+%make_build dox
+
+%install
+%make_install
+# Move docs to more convenient location
+mv docs/dox/html html
+# Unpackaged files:
+rm -f %{buildroot}/%{_libdir}/apr.exp
+rm -f %{buildroot}%{_libdir}/libapr-%{aprver}.la
+
+# Trim exported dependecies
+sed -ri '/^LIBS=/{s,-l(uuid|crypt) ,,g;s/  */ /g}' \
+      %{buildroot}%{_bindir}/apr-%{aprver}-config
+sed -ri '/^Libs/{s,-l(uuid|crypt) ,,g}' \
+      %{buildroot}%{_libdir}/pkgconfig/apr-%{aprver}.pc
+
+%fdupes %{buildroot}
+
+%check
+%if ! 0%{?qemu_user_space_build}
+%ifarch ppc ppc64 ppc64le
+%make_build check -j1 || { echo "ignore PowerPC transient test failures"; exit 0; }
+%else
+%make_build check -j1
+%endif
+%endif
+
+%post -n %{libname} -p /sbin/ldconfig
+%postun -n %{libname} -p /sbin/ldconfig
+
+%files -n %{libname}
+%doc CHANGES
+%if 0%{?suse_version} > 1315
+%license LICENSE
+%else
+%license LICENSE
+%endif
+%doc NOTICE
+%{_libdir}/libapr-%{aprver}.so.*
+# Do NOT move to devel as this is utilized by Tomcat
+%{_libdir}/libapr-%{aprver}.so
+
+%files devel
+%doc docs/APRDesign.html
+%doc docs/canonical_filenames.html
+%doc docs/incomplete_types
+%doc docs/non_apr_programs
+%doc html
+%doc emacs-mode
+%{includedir}
+%{_bindir}/apr-%{aprver}-config
+%{_libdir}/pkgconfig/apr-%{aprver}.pc
+%{_libdir}/apr-%{aprver}
+
+%changelog
--- a/reproducible.patch
+++ b/reproducible.patch
@ -0,0 +1,17 @@
+Author: Bernhard M. Wiedemann <bwiedemann suse de>
+Date: 2023-12-18
+Subject: drop build machine host name
+
+Index: apr-1.7.5/configure
+===================================================================
+--- apr-1.7.5.orig/configure
+++ apr-1.7.5/configure
+@@ -36085,7 +36085,7 @@ printf "%s\n" "$as_me: executing $ac_fil
+     cat <<_LT_EOF >> "$cfgfile"
+ #! $SHELL
+ # Generated automatically by $as_me ($PACKAGE) $VERSION
+-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# Libtool was configured on build.opensuse.org
+ # NOTE: Changes made to this file will be lost: look at ltmain.sh.
+ 
+ # Provide generalized library-building support services.