From f821ba3d53827d4b7b02678d8d5934ec0298beb9 Mon Sep 17 00:00:00 2001 From: 17764591921 Date: Tue, 14 Jul 2020 16:21:27 +0800 Subject: [PATCH] Delete the patch because CVE-2017-12613 is already fixed --- ...an-readable-date-fields-credit-Stefa.patch | 53 ------------------- apr.spec | 20 ++++--- 2 files changed, 12 insertions(+), 61 deletions(-) delete mode 100644 Bounds-check-human-readable-date-fields-credit-Stefa.patch diff --git a/Bounds-check-human-readable-date-fields-credit-Stefa.patch b/Bounds-check-human-readable-date-fields-credit-Stefa.patch deleted file mode 100644 index f703ffd..0000000 --- a/Bounds-check-human-readable-date-fields-credit-Stefa.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ad958385a4180d7a83d90589689fcd36e3bbc57a Mon Sep 17 00:00:00 2001 -From: Nick Kew -Date: Sun, 10 Sep 2017 22:30:14 +0000 -Subject: [PATCH] Bounds-check human-readable date fields (credit: Stefan - Sperling) - -git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1807975 13f79535-47bb-0310-9956-ffa450edef68 ---- - time/unix/time.c | 3 +++ - time/win32/time.c | 6 ++++++ - 2 files changed, 9 insertions(+) - -diff --git a/time/unix/time.c b/time/unix/time.c -index dfa45e6..7f09581 100644 ---- a/time/unix/time.c -+++ b/time/unix/time.c -@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt) - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) -diff --git a/time/win32/time.c b/time/win32/time.c -index 2349799..1a70544 100644 ---- a/time/win32/time.c -+++ b/time/win32/time.c -@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm) - static const int dayoffset[12] = - {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; - -+ if (tm->wMonth < 1 || tm->wMonth > 12) -+ return APR_EBADDATE; -+ - /* Note; the caller is responsible for filling in detailed tm_usec, - * tm_gmtoff and tm_isdst data when applicable. - */ -@@ -224,6 +227,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) --- -1.8.3.1 - diff --git a/apr.spec b/apr.spec index 2555b1b..18ff55d 100644 --- a/apr.spec +++ b/apr.spec @@ -2,7 +2,7 @@ Name: apr Version: 1.6.5 -Release: 5 +Release: 6 Summary: Apache Portable Runtime. License: ASL 2.0 and BSD with advertising and ISC and BSD URL: http://apr.apache.org @@ -11,13 +11,11 @@ Source1: apr-wrapper.h Patch0: apr-1.2.2-libdir.patch Patch1: apr-1.2.7-pkgconf.patch - -Patch0000: Merge-r1834494-from-trunk.patch -Patch0001: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch -Patch0002: Split-apr_pool_check_integrity-into-two-parts.patch -Patch0003: Pool-debugging-fixes.patch -Patch0004: Fix-pool-debugging-output-so-that-creation-events-ar.patch -Patch0005: Bounds-check-human-readable-date-fields-credit-Stefa.patch +Patch2: Merge-r1834494-from-trunk.patch +Patch3: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch +Patch4: Split-apr_pool_check_integrity-into-two-parts.patch +Patch5: Pool-debugging-fixes.patch +Patch6: Fix-pool-debugging-output-so-that-creation-events-ar.patch BuildRequires: gcc autoconf libtool libuuid-devel python3 lksctp-tools-devel @@ -101,6 +99,12 @@ make check %doc docs/incomplete_types docs/non_apr_programs %changelog +* Tue Jul 14 2020 linwei - 1.6.5-6 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: Delete the patch because CVE-2017-12613 is already fixed + * Wed Jun 24 2020 linwei - 1.6.5-5 - Type: cves - ID: CVE-2017-12613