tl;dr: I just submitted a major update of libhtp to EPEL6 testing,
testing and feedback are more than welcome:
A security bug has been opened today against libhtp in EPEL6:
The bug is fixed in the latest upstream release (0.5.16), but EPEL6
still was using the (very old) 0.3.0.
Preferring not to break libhtp users in EPEL6, I first tried to just
backport the patch for the security issue.
Then I realized that the EPEL6 package wasn't running the unit tests in
%check, so I figured I'd add them, to be a bit more confident in my
This broke the build on PPC64. It seems that libhtp 0.3.0 never actually
worked on PPC64 in EPEL6.
Backporting a simple security fix is one thing, but making the library
work on PPC64 is more than I'm able to do for libhtp on EPEL6 these
As a result, I decided to instead try pushing the update to the latest
and greatest, as it both fixes the security issue and works on PPC64:
It seems nothing requires libhtp in EPEL6, but I thought I'd still send
an announcement about the bump, for people building their own stuff
If it really causes too much problem to upgrade it, then I'll welcome
any help to find another solution.
Sorry for the trouble,