apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olli hauer <oha...@gmx.de>
Subject Re: expat upgrade to 2.1.0
Date Sun, 01 Nov 2015 20:10:09 GMT
On 2015-10-31 18:48, Michael Felt wrote:
> On 2015-09-08 12:50, Stefan Hett wrote:
>> Hi,
>> a while ago I've been pointed by Bert to the fact that APRUtil 1.5.4
>> includes Expat 1.95.7 which is rather old (from October 2003). According
>> tohttp://www.libexpat.org/  there has been another 1.95 release with
>> mostly bugfixes (1.95.8 in July 2004) and the latest one is 2.1.0 (from
>> March 2012).
> I would like to repspond positively on this suggestion that "something" be done.
> It could be updated, and fortunately expat is not a package with frequent (security)
> but it is external. What may have been good before is perhaps not as correct anymore.
> a) expat needs to be closer to mainstream: there are many features
> in expat that have been introduced since then.
> The embedded expat is not packaged as an internal (aka static) library - but appears
as a separate library.
> I ran into this problem when packaging something else that needed the latest and greatest
(i.e., 2.0.1 as base).
> My solution is to repackage apr, apr-util and httpd after removing
> the internal expat - so that I have latest and greatest for both - and can update it,
> in principle - separate from apr.
> I would vote to make external expat the default and/or just remove expat from apr.

In case you build apache from source, there is already an option to build apr-util against
expat-2.0.1, no need to change the bundled one.
Use `--with-expat=$path/to/libexpat' as configure arg to apr-util and you are done.

I suspect most every distribution / project building binary packages will overwrite the bundled
expat explicit.
E.g. FreeBSD [1], RHEL (and derivates like CentOS and ScientificLinux [2]).

[1] https://svnweb.freebsd.org/ports/head/devel/apr1/Makefile?view=markup
[2] http://ftp1.scientificlinux.org/linux/scientific/7x/SRPMS/vendor/apr-util-1.5.2-6.el7.src.rpm


View raw message