main/apr: fix CVE-2021-35940

b0366e84 · alice · 843bc975 · b0366e84 · b0366e84
Verified Commit b0366e84 authored 2 years ago by alice
--- a/main/apr/APKBUILD
+++ b/main/apr/APKBUILD
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apr
 pkgver=1.7.0
-pkgrel=1
+pkgrel=2
 pkgdesc="The Apache Portable Runtime"
 url="https://apr.apache.org/"
 arch="all"
@@ -12,8 +12,13 @@ subpackages="$pkgname-dev"
 source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2
 	apr-1.6.2-dont-test-dlclose.patch
 	semtimedop-s390x.patch
+	CVE-2021-35940.patch
 	"

+# secfixes:
+#   1.7.0-r2:
+#     - CVE-2021-35940.patch
+
 build() {
 	./configure \
 		--build=$CBUILD \
@@ -47,4 +52,5 @@ sha512sums="
 3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148  apr-1.7.0.tar.bz2
 9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef  apr-1.6.2-dont-test-dlclose.patch
 5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8  semtimedop-s390x.patch
+33c072ad4e27afee4b93df5b1076a8d858c6f4ef57df4e2dd1bf750f8b0390cb130744aa3bf67c4de359b35a558da07e479b10e0028ec935aa9a1ea4820c995e  CVE-2021-35940.patch
 "
--- a/main/apr/CVE-2021-35940.patch
+++ b/main/apr/CVE-2021-35940.patch
+Patch-Source: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c	(revision 1891197)
+++ b/time/unix/time.c	(revision 1891198)
+@@ -142,6 +142,9 @@
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
+    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+        return APR_EBADDATE;
+
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c	(revision 1891197)
+++ b/time/win32/time.c	(revision 1891198)
+@@ -54,6 +54,9 @@
+     static const int dayoffset[12] =
+     {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
+    if (tm->wMonth < 1 || tm->wMonth > 12)
+        return APR_EBADDATE;
+
+     /* Note; the caller is responsible for filling in detailed tm_usec,
+      * tm_gmtoff and tm_isdst data when applicable.
+      */
+@@ -228,6 +231,9 @@
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
+    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+        return APR_EBADDATE;
+
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)