diff options
| author | Armin Kuster <akuster808@gmail.com> | 2021-09-10 19:59:17 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-11 22:39:20 +0100 |
| commit | 54a8d36902d6a6544cbc3c49a3d5325d331c428f (patch) | |
| tree | f99a0740995dd33a12e8647e0185acc85d0311b0 /meta/recipes-support/apr/apr_1.7.0.bb | |
| parent | 9886ef691aa117d67e4342c6a5e3f79f6a05f8d5 (diff) | |
| download | poky-54a8d36902d6a6544cbc3c49a3d5325d331c428f.tar.gz | |
apr: Security fix for CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
(From OE-Core rev: d52b78c75323fb254b5d0216f9183573b353abd3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/apr/apr_1.7.0.bb')
| -rw-r--r-- | meta/recipes-support/apr/apr_1.7.0.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 08d9edf3c2..5f8fd6a461 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb | |||
| @@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ | |||
| 24 | file://libtoolize_check.patch \ | 24 | file://libtoolize_check.patch \ |
| 25 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ | 25 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ |
| 26 | file://autoconf270.patch \ | 26 | file://autoconf270.patch \ |
| 27 | file://CVE-2021-35940.patch \ | ||
| 27 | " | 28 | " |
| 28 | 29 | ||
| 29 | SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" | 30 | SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" |