diff options
| author | psykose <alice@ayaya.dev> | 2022-05-30 20:57:22 +0000 |
|---|---|---|
| committer | psykose <alice@ayaya.dev> | 2022-05-30 22:57:23 +0200 |
| commit | 905ae740f87a3bdd1cc7347f87f586bdc138e5ee (patch) | |
| tree | 399e07afe191b7f6ce5ce9e2d8c476a6cba8a914 | |
| parent | dae0cf5f6d1d0493581ed8ada63783384bd39d7d (diff) | |
main/apr: fix CVE-2021-35940
| -rw-r--r-- | main/apr/APKBUILD | 8 | ||||
| -rw-r--r-- | main/apr/CVE-2021-35940.patch | 53 |
2 files changed, 60 insertions, 1 deletions
diff --git a/main/apr/APKBUILD b/main/apr/APKBUILD index 2d34189e0bd..431eb17f363 100644 --- a/main/apr/APKBUILD +++ b/main/apr/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apr pkgver=1.7.0 -pkgrel=1 +pkgrel=2 pkgdesc="The Apache Portable Runtime" url="https://apr.apache.org/" arch="all" @@ -12,8 +12,13 @@ subpackages="$pkgname-dev" source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2 apr-1.6.2-dont-test-dlclose.patch semtimedop-s390x.patch + CVE-2021-35940.patch " +# secfixes: +# 1.7.0-r2: +# - CVE-2021-35940.patch + build() { ./configure \ --build=$CBUILD \ @@ -47,4 +52,5 @@ sha512sums=" 3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148 apr-1.7.0.tar.bz2 9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef apr-1.6.2-dont-test-dlclose.patch 5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch +33c072ad4e27afee4b93df5b1076a8d858c6f4ef57df4e2dd1bf750f8b0390cb130744aa3bf67c4de359b35a558da07e479b10e0028ec935aa9a1ea4820c995e CVE-2021-35940.patch " diff --git a/main/apr/CVE-2021-35940.patch b/main/apr/CVE-2021-35940.patch new file mode 100644 index 00000000000..0b72ab964cd --- /dev/null +++ b/main/apr/CVE-2021-35940.patch @@ -0,0 +1,53 @@ +Patch-Source: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. + +https://svn.apache.org/viewvc?view=revision&revision=1891198 + +Index: time/unix/time.c +=================================================================== +--- a/time/unix/time.c (revision 1891197) ++++ b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=================================================================== +--- a/time/win32/time.c (revision 1891197) ++++ b/time/win32/time.c (revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++ if (tm->wMonth < 1 || tm->wMonth > 12) ++ return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) |