From d05d79bef0028fad766da813b1cdd2603d951e19 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 13 Feb 2023 19:13:32 +0100 Subject: [PATCH] package/apr-util: security bump to version 1.6.3 *) SECURITY: CVE-2022-25147 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. https://downloads.apache.org/apr/Announcement-aprutil-1.x.html https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard (cherry picked from commit 4231054b05436978795267330202f72be0d3a4d4) Signed-off-by: Peter Korsgaard --- package/apr-util/apr-util.hash | 4 ++-- package/apr-util/apr-util.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/apr-util/apr-util.hash b/package/apr-util/apr-util.hash index 59ef590109..7e2793cd77 100644 --- a/package/apr-util/apr-util.hash +++ b/package/apr-util/apr-util.hash @@ -1,4 +1,4 @@ -# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256 -sha256 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b apr-util-1.6.1.tar.bz2 +# From http://www.apache.org/dist/apr/apr-util-1.6.3.tar.bz2.sha256 +sha256 a41076e3710746326c3945042994ad9a4fcac0ce0277dd8fea076fec3c9772b5 apr-util-1.6.3.tar.bz2 # Locally calculated sha256 ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2 LICENSE diff --git a/package/apr-util/apr-util.mk b/package/apr-util/apr-util.mk index fb0735f5e7..02b6d5e277 100644 --- a/package/apr-util/apr-util.mk +++ b/package/apr-util/apr-util.mk @@ -4,7 +4,7 @@ # ################################################################################ -APR_UTIL_VERSION = 1.6.1 +APR_UTIL_VERSION = 1.6.3 APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2 APR_UTIL_SITE = https://archive.apache.org/dist/apr APR_UTIL_LICENSE = Apache-2.0