package/apr-util: security bump to version 1.6.3

*) SECURITY: CVE-2022-25147 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. https://downloads.apache.org/apr/Announcement-aprutil-1.x.html https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 4231054b05) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-13 19:13:32 +01:00 · 2023-02-13 19:13:32 +01:00 · 62b2303df3
parent 0ec207bed5
commit 62b2303df3
2 changed files with 3 additions and 3 deletions
--- a/package/apr-util/apr-util.hash
+++ b/package/apr-util/apr-util.hash
@ -1,4 +1,4 @@
-# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256
-sha256  d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b  apr-util-1.6.1.tar.bz2
+# From http://www.apache.org/dist/apr/apr-util-1.6.3.tar.bz2.sha256
+sha256  a41076e3710746326c3945042994ad9a4fcac0ce0277dd8fea076fec3c9772b5  apr-util-1.6.3.tar.bz2
 # Locally calculated
 sha256  ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2  LICENSE
--- a/package/apr-util/apr-util.mk
+++ b/package/apr-util/apr-util.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-APR_UTIL_VERSION = 1.6.1
+APR_UTIL_VERSION = 1.6.3
 APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2
 APR_UTIL_SITE = https://archive.apache.org/dist/apr
 APR_UTIL_LICENSE = Apache-2.0