Hi,
tl;dr: I just submitted a major update of libhtp to EPEL6 testing, testing and feedback are more than welcome:
https://admin.fedoraproject.org/updates/libhtp-0.5.16-1.el6
-----
A security bug has been opened today against libhtp in EPEL6:
https://bugzilla.redhat.com/show_bug.cgi?id=1173610
The bug is fixed in the latest upstream release (0.5.16), but EPEL6 still was using the (very old) 0.3.0.
Preferring not to break libhtp users in EPEL6, I first tried to just backport the patch for the security issue.
Then I realized that the EPEL6 package wasn't running the unit tests in %check, so I figured I'd add them, to be a bit more confident in my backported fix.
This broke the build on PPC64. It seems that libhtp 0.3.0 never actually worked on PPC64 in EPEL6.
Backporting a simple security fix is one thing, but making the library work on PPC64 is more than I'm able to do for libhtp on EPEL6 these days.
As a result, I decided to instead try pushing the update to the latest and greatest, as it both fixes the security issue and works on PPC64:
https://admin.fedoraproject.org/updates/libhtp-0.5.16-1.el6
It seems nothing requires libhtp in EPEL6, but I thought I'd still send an announcement about the bump, for people building their own stuff against it.
If it really causes too much problem to upgrade it, then I'll welcome any help to find another solution.
Sorry for the trouble,
epel-announce@lists.fedoraproject.org