git.ipfire.org Git - ipfire-2.x.git/commit

author	Peter Müller <peter.mueller@ipfire.org>
	Sat, 21 Sep 2024 12:29:30 +0000 (12:29 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 22 Sep 2024 14:38:08 +0000 (14:38 +0000)
commit	578b22e4d7014736a2a351262ae9f619e5382e96
tree	a6b773d30482cc1de0b9574816bd87435e4493c0	tree \| snapshot
parent	c55ce64de5dfbb6944ad93556c1f0f581ca9c140	commit \| diff

apr: Update to 1.7.5

Full changelog of this release:

  *) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
     Unexpected lax shared memory permissions (cve.mitre.org)
     Lax permissions set by the Apache Portable Runtime library on
     Unix platforms would allow local users read access to named
     shared memory segments, potentially revealing sensitive
     application data.
     This issue does not affect non-Unix platforms, or builds with
     APR_USE_SHMEM_SHMGET=1 (apr.h)
     Users are recommended to upgrade to APR version 1.7.5, which
     fixes this issue.
     Credits: Thomas Stangner

  *) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
     and "classic mmap" shared memory implementations.  [Joe Orton,
     Ruediger Pluem]

  *) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
     [Yann Ylavic]

  *) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
     [Yann Ylavic]

  *) Improve platform detection by updating config.guess and config.sub.
     [Rainer Jung]

  *) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]

  *) CMake: Enable support for MSVC runtime library selection by abstraction.
     [Ivan Zhakov]

  *) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
     to apr:: namespace. [Ivan Zhakov]

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/common/apr		diff \| blob \| blame \| history
lfs/apr		diff \| blob \| blame \| history