2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 0000000000..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+The fix was merged back to 1.7.x in r1891198.
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c  (revision 1891197)
+++ b/time/unix/time.c  (revision 1891198)
+@@ -142,6 +142,9 @@
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
+    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+        return APR_EBADDATE;
+
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c (revision 1891197)
+++ b/time/win32/time.c (revision 1891198)
+@@ -54,6 +54,9 @@
+     static const int dayoffset[12] =
+     {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
+    if (tm->wMonth < 1 || tm->wMonth > 12)
+        return APR_EBADDATE;
+
+     /* Note; the caller is responsible for filling in detailed tm_usec,
+      * tm_gmtoff and tm_isdst data when applicable.
+      */
+@@ -228,6 +231,9 @@
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
+    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+        return APR_EBADDATE;
+
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb
index 432fa3255c..92cc61a864 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
           file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
           file://libtoolize_check.patch \
           file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+           file://CVE-2021-35940.patch \
           "
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"

diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 0000000000..00befdacee --- /dev/null +++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
		1
		2	SECURITY: CVE-2021-35940 (cve.mitre.org)
		3
		4	Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
		5	was addressed in 1.6.x in 1.6.3 and later via r1807976.
		6
		7	The fix was merged back to 1.7.x in r1891198.
		8
		9	Since this was a regression in 1.7.0, a new CVE name has been assigned
		10	to track this, CVE-2021-35940.
		11
		12	Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
		13
		14	https://svn.apache.org/viewvc?view=revision&revision=1891198
		15
		16	Upstream-Status: Backport
		17	CVE: CVE-2021-35940
		18	Signed-off-by: Armin Kuster <akuster@mvista.com>
		19
		20
		21	Index: time/unix/time.c
		22	===================================================================
		23	--- a/time/unix/time.c (revision 1891197)
		24	+++ b/time/unix/time.c (revision 1891198)
		25	@@ -142,6 +142,9 @@
		26	static const int dayoffset[12] =
		27	{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
		28
		29	+ if (xt->tm_mon < 0 \|\| xt->tm_mon >= 12)
		30	+ return APR_EBADDATE;
		31	+
		32	/* shift new year to 1st March in order to make leap year calc easy */
		33
		34	if (xt->tm_mon < 2)
		35	Index: time/win32/time.c
		36	===================================================================
		37	--- a/time/win32/time.c (revision 1891197)
		38	+++ b/time/win32/time.c (revision 1891198)
		39	@@ -54,6 +54,9 @@
		40	static const int dayoffset[12] =
		41	{0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
		42
		43	+ if (tm->wMonth < 1 \|\| tm->wMonth > 12)
		44	+ return APR_EBADDATE;
		45	+
		46	/* Note; the caller is responsible for filling in detailed tm_usec,
		47	* tm_gmtoff and tm_isdst data when applicable.
		48	*/
		49	@@ -228,6 +231,9 @@
		50	static const int dayoffset[12] =
		51	{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
		52
		53	+ if (xt->tm_mon < 0 \|\| xt->tm_mon >= 12)
		54	+ return APR_EBADDATE;
		55	+
		56	/* shift new year to 1st March in order to make leap year calc easy */
		57
		58	if (xt->tm_mon < 2)


diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 432fa3255c..92cc61a864 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
23	file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \	23	file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
24	file://libtoolize_check.patch \	24	file://libtoolize_check.patch \
25	file://0001-Add-option-to-disable-timed-dependant-tests.patch \	25	file://0001-Add-option-to-disable-timed-dependant-tests.patch \
		26	file://CVE-2021-35940.patch \
26	"	27	"
27		28
28	SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"	29	SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"