apr: add v1.7.5, deprecate older versions due to CVE (#46532)

author: Wouter Deconinck <wdconinc@gmail.com> 2024-09-25 16:47:12 -0500
committer: GitHub <noreply@github.com> 2024-09-25 23:47:12 +0200
commit: af9b3594786e2800e05badb0b25b17e3e494070f (patch)
tree: 3238ba0ab97fbf3778d2b99adfd39cdd72d47425
parent: 54ffc635e2ca5af640a6635bedd3535cfceb1f95 (diff)
download: spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.gz
spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.bz2
spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.xz
spack-af9b3594786e2800e05badb0b25b17e3e494070f.zip
1 files changed, 12 insertions, 8 deletions
diff --git a/var/spack/repos/builtin/packages/apr/package.py b/var/spack/repos/builtin/packages/apr/package.py
index 27ac0eb8d3..6b1eac1282 100644
--- a/var/spack/repos/builtin/packages/apr/package.py
+++ b/var/spack/repos/builtin/packages/apr/package.py
@@ -12,16 +12,20 @@ class Apr(AutotoolsPackage):
     homepage = "https://apr.apache.org/"
     url = "https://archive.apache.org/dist/apr/apr-1.7.0.tar.gz"
 
-    license("Apache-2.0")
+    license("Apache-2.0", checked_by="wdconinc")
 
-    version("1.7.4", sha256="a4137dd82a185076fa50ba54232d920a17c6469c30b0876569e1c2a05ff311d9")
-    version("1.7.3", sha256="af9bfd5b8a04425d6b419673f3e0a7656fade226aae78180d93f8a6f2d3d1c09")
-    version("1.7.2", sha256="3d8999b216f7b6235343a4e3d456ce9379aa9a380ffb308512f133f0c5eb2db9")
-    version("1.7.0", sha256="48e9dbf45ae3fdc7b491259ffb6ccf7d63049ffacbc1c0977cced095e4c2d5a2")
-    version("1.6.2", sha256="4fc24506c968c5faf57614f5d0aebe0e9d0b90afa47a883e1a1ca94f15f4a42e")
-    version("1.5.2", sha256="1af06e1720a58851d90694a984af18355b65bb0d047be03ec7d659c746d6dbdb")
+    version("1.7.5", sha256="3375fa365d67bcf945e52b52cba07abea57ef530f40b281ffbe977a9251361db")
 
-    depends_on("c", type="build")  # generated
+    # https://nvd.nist.gov/vuln/detail/CVE-2023-49582
+    with default_args(deprecated=True):
+        version("1.7.4", sha256="a4137dd82a185076fa50ba54232d920a17c6469c30b0876569e1c2a05ff311d9")
+        version("1.7.3", sha256="af9bfd5b8a04425d6b419673f3e0a7656fade226aae78180d93f8a6f2d3d1c09")
+        version("1.7.2", sha256="3d8999b216f7b6235343a4e3d456ce9379aa9a380ffb308512f133f0c5eb2db9")
+        version("1.7.0", sha256="48e9dbf45ae3fdc7b491259ffb6ccf7d63049ffacbc1c0977cced095e4c2d5a2")
+        version("1.6.2", sha256="4fc24506c968c5faf57614f5d0aebe0e9d0b90afa47a883e1a1ca94f15f4a42e")
+        version("1.5.2", sha256="1af06e1720a58851d90694a984af18355b65bb0d047be03ec7d659c746d6dbdb")
+
+    depends_on("c", type="build")
 
     patch("missing_includes.patch", when="@1.7.0")
author	Wouter Deconinck <wdconinc@gmail.com>	2024-09-25 16:47:12 -0500
committer	GitHub <noreply@github.com>	2024-09-25 23:47:12 +0200
commit	af9b3594786e2800e05badb0b25b17e3e494070f (patch)
tree	3238ba0ab97fbf3778d2b99adfd39cdd72d47425
parent	54ffc635e2ca5af640a6635bedd3535cfceb1f95 (diff)
download	spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.gz spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.bz2 spack-af9b3594786e2800e05badb0b25b17e3e494070f.tar.xz spack-af9b3594786e2800e05badb0b25b17e3e494070f.zip