Petr Gajdos
4a4e46d510
- deleted patches - apr-CVE-2021-3594.patch (renamed) - added patches + apr-CVE-2021-35940.patch (correct name) fix CVE-2021-35940 [bsc#1190072], Regression of fix in apr 1.7 + apr-CVE-2021-35940.patch OBS-URL: https://build.opensuse.org/package/show/Apache/apr?expand=0&rev=38
15 lines
414 B
Diff
15 lines
414 B
Diff
|
|
--- 1.7.x/time/unix/time.c 2021/07/02 11:07:15 1891197
|
|
+++ 1.7.x/time/unix/time.c 2021/07/02 11:10:33 1891198
|
|
@@ -142,6 +142,9 @@
|
|
static const int dayoffset[12] =
|
|
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
|
|
|
|
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
|
|
+ return APR_EBADDATE;
|
|
+
|
|
/* shift new year to 1st March in order to make leap year calc easy */
|
|
|
|
if (xt->tm_mon < 2)
|
|
|