packages/apr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Delete the patch because CVE-2017-12613 is already fixed

Browse Source
This commit is contained in:
17764591921 2020-07-14 16:21:27 +08:00
parent 10a509424e
commit f821ba3d53
2 changed files with 12 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Bounds-check-human-readable-date-fields-credit-Stefa.patch
View File

@ -1,53 +0,0 @@
From ad958385a4180d7a83d90589689fcd36e3bbc57a Mon Sep 17 00:00:00 2001
From: Nick Kew <niq@apache.org>
Date: Sun, 10 Sep 2017 22:30:14 +0000
Subject: [PATCH] Bounds-check human-readable date fields (credit: Stefan
Sperling)
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1807975 13f79535-47bb-0310-9956-ffa450edef68
---
time/unix/time.c | 3 +++
time/win32/time.c | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/time/unix/time.c b/time/unix/time.c
index dfa45e6..7f09581 100644
--- a/time/unix/time.c
+++ b/time/unix/time.c
@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt)
static const int dayoffset[12] =
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+ return APR_EBADDATE;
+
/* shift new year to 1st March in order to make leap year calc easy */
if (xt->tm_mon < 2)
diff --git a/time/win32/time.c b/time/win32/time.c
index 2349799..1a70544 100644
--- a/time/win32/time.c
+++ b/time/win32/time.c
@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm)
static const int dayoffset[12] =
{0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ if (tm->wMonth < 1 || tm->wMonth > 12)
+ return APR_EBADDATE;
+
/* Note; the caller is responsible for filling in detailed tm_usec,
* tm_gmtoff and tm_isdst data when applicable.
*/
@@ -224,6 +227,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t,
static const int dayoffset[12] =
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+ return APR_EBADDATE;
+
/* shift new year to 1st March in order to make leap year calc easy */
if (xt->tm_mon < 2)
--
1.8.3.1

20
apr.spec
View File

@ -2,7 +2,7 @@
Name: apr
Version: 1.6.5
Release: 5
Release: 6
Summary: Apache Portable Runtime.
License: ASL 2.0 and BSD with advertising and ISC and BSD
URL: http://apr.apache.org
@ -11,13 +11,11 @@ Source1: apr-wrapper.h
Patch0: apr-1.2.2-libdir.patch
Patch1: apr-1.2.7-pkgconf.patch
Patch0000: Merge-r1834494-from-trunk.patch
Patch0001: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch
Patch0002: Split-apr_pool_check_integrity-into-two-parts.patch
Patch0003: Pool-debugging-fixes.patch
Patch0004: Fix-pool-debugging-output-so-that-creation-events-ar.patch
Patch0005: Bounds-check-human-readable-date-fields-credit-Stefa.patch
Patch2: Merge-r1834494-from-trunk.patch
Patch3: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch
Patch4: Split-apr_pool_check_integrity-into-two-parts.patch
Patch5: Pool-debugging-fixes.patch
Patch6: Fix-pool-debugging-output-so-that-creation-events-ar.patch
BuildRequires: gcc autoconf libtool libuuid-devel python3 lksctp-tools-devel
@ -101,6 +99,12 @@ make check
%doc docs/incomplete_types docs/non_apr_programs
%changelog
* Tue Jul 14 2020 linwei<linwei54@huawei.com> - 1.6.5-6
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: Delete the patch because CVE-2017-12613 is already fixed
* Wed Jun 24 2020 linwei<linwei54@huawei.com> - 1.6.5-5
- Type: cves
- ID: CVE-2017-12613