rpm/apr
SHA256
1
0
Fork 0
forked from pool/apr
Code Pull Requests Activity

Accepting request 915695 from Apache

Browse Source 
- security update
- added patches
  fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp)
  + apr-CVE-2021-3594.patch

OBS-URL: https://build.opensuse.org/request/show/915695
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apr?expand=0&rev=12
This commit is contained in:
Dominique Leuenberger 2021-09-04 20:32:08 +00:00 committed by Git OBS Bridge
commit 5c8ae660bc
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apr-CVE-2021-3594.patch Normal file
View File

@ -0,0 +1,14 @@
--- 1.7.x/time/unix/time.c 2021/07/02 11:07:15 1891197
+++ 1.7.x/time/unix/time.c 2021/07/02 11:10:33 1891198
@@ -142,6 +142,9 @@
static const int dayoffset[12] =
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
+ return APR_EBADDATE;
+
/* shift new year to 1st March in order to make leap year calc easy */
if (xt->tm_mon < 2)

8
apr.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Sep 2 07:15:59 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp)
+ apr-CVE-2021-3594.patch
-------------------------------------------------------------------
Sat Aug 3 14:11:24 UTC 2019 - Manu Maier <mmanu84@outlook.de>

5
apr.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apr
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -34,6 +34,8 @@ Patch5: apr-visibility.patch
Patch9: apr-proc-mutex-map-anon.patch
# prevent random failures of the testsuite (sendfile test)
Patch10: apr-test-sendfile-timeout.patch
# CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp)
Patch11: apr-CVE-2021-3594.patch
BuildRequires: doxygen
BuildRequires: fdupes
BuildRequires: libtool
@ -86,6 +88,7 @@ that want to make use of APR.
%patch5 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
# Do not put date to doxy content
sed -i \