From a0ea09e0df470defe34c07a0a0fb1e05edfb988a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20N=C3=A9ri?= <dne+alpine@mayonnaise.net>
Date: Fri, 30 Aug 2024 10:02:25 +0200
Subject: [PATCH] main/apr: security upgrade to 1.7.5

Fix CVE-2023-49582: Lax permissions set by the Apache Portable Runtime
library on Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive application
data. This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h)

- https://downloads.apache.org/apr/CHANGES-APR-1.7
- https://www.cve.org/CVERecord?id=CVE-2023-49582
---
 main/apr/APKBUILD | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/main/apr/APKBUILD b/main/apr/APKBUILD
index b069a4d96db..31127f1d0ee 100644
--- a/main/apr/APKBUILD
+++ b/main/apr/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apr
-pkgver=1.7.4
+pkgver=1.7.5
 pkgrel=0
 pkgdesc="The Apache Portable Runtime"
 url="https://apr.apache.org/"
@@ -15,6 +15,8 @@ source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2
 	"
 
 # secfixes:
+#   1.7.5-r0:
+#     - CVE-2023-49582
 #   1.7.1-r0:
 #     - CVE-2022-24963
 #     - CVE-2022-25147
@@ -62,7 +64,7 @@ dev() {
 }
 
 sha512sums="
-2342c997765ea2ca96eac158e5fd260232dba68fc41b90a79a7ba9b25c539fc217981867362090e0ebebe632289257c342275e3c5baedb698c474ef8f49a9dcd  apr-1.7.4.tar.bz2
+d8a7553642da0c81261ac3992536efd9d43ecb9154934ef1a10ae808d6a3ce8198b40433091d3a6d04f61e67c59426fb5276193a37e810ae4bc74a8a10fb651b  apr-1.7.5.tar.bz2
 9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef  apr-1.6.2-dont-test-dlclose.patch
 5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8  semtimedop-s390x.patch
 "