diff options
-rw-r--r-- | meta/recipes-support/apr/apr/CVE-2021-35940.patch | 58 | ||||
-rw-r--r-- | meta/recipes-support/apr/apr_1.7.0.bb | 1 |
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 0000000000..00befdacee --- /dev/null +++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | |||
2 | SECURITY: CVE-2021-35940 (cve.mitre.org) | ||
3 | |||
4 | Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though | ||
5 | was addressed in 1.6.x in 1.6.3 and later via r1807976. | ||
6 | |||
7 | The fix was merged back to 1.7.x in r1891198. | ||
8 | |||
9 | Since this was a regression in 1.7.0, a new CVE name has been assigned | ||
10 | to track this, CVE-2021-35940. | ||
11 | |||
12 | Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. | ||
13 | |||
14 | https://svn.apache.org/viewvc?view=revision&revision=1891198 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | CVE: CVE-2021-35940 | ||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | |||
21 | Index: time/unix/time.c | ||
22 | =================================================================== | ||
23 | --- a/time/unix/time.c (revision 1891197) | ||
24 | +++ b/time/unix/time.c (revision 1891198) | ||
25 | @@ -142,6 +142,9 @@ | ||
26 | static const int dayoffset[12] = | ||
27 | {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; | ||
28 | |||
29 | + if (xt->tm_mon < 0 || xt->tm_mon >= 12) | ||
30 | + return APR_EBADDATE; | ||
31 | + | ||
32 | /* shift new year to 1st March in order to make leap year calc easy */ | ||
33 | |||
34 | if (xt->tm_mon < 2) | ||
35 | Index: time/win32/time.c | ||
36 | =================================================================== | ||
37 | --- a/time/win32/time.c (revision 1891197) | ||
38 | +++ b/time/win32/time.c (revision 1891198) | ||
39 | @@ -54,6 +54,9 @@ | ||
40 | static const int dayoffset[12] = | ||
41 | {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; | ||
42 | |||
43 | + if (tm->wMonth < 1 || tm->wMonth > 12) | ||
44 | + return APR_EBADDATE; | ||
45 | + | ||
46 | /* Note; the caller is responsible for filling in detailed tm_usec, | ||
47 | * tm_gmtoff and tm_isdst data when applicable. | ||
48 | */ | ||
49 | @@ -228,6 +231,9 @@ | ||
50 | static const int dayoffset[12] = | ||
51 | {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; | ||
52 | |||
53 | + if (xt->tm_mon < 0 || xt->tm_mon >= 12) | ||
54 | + return APR_EBADDATE; | ||
55 | + | ||
56 | /* shift new year to 1st March in order to make leap year calc easy */ | ||
57 | |||
58 | if (xt->tm_mon < 2) | ||
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 432fa3255c..92cc61a864 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb | |||
@@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ | |||
23 | file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ | 23 | file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ |
24 | file://libtoolize_check.patch \ | 24 | file://libtoolize_check.patch \ |
25 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ | 25 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ |
26 | file://CVE-2021-35940.patch \ | ||
26 | " | 27 | " |
27 | 28 | ||
28 | SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" | 29 | SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" |