Subject: CVS commit: pkgsrc/devel/apr
From: Havard Eidnes
Date: 2021-11-28 13:57:05
Message id: 20211128125705.55E65FAEC@cvs.NetBSD.org

Log Message:
Add a patch to deal with CVE-2021-35940.

An out-of-bounds array read in the apr_time_exp*() functions was
fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613).
The fix for this issue was not carried forward to the APR 1.7.x
branch, and hence version 1.7.0 regressed compared to 1.6.3 and is
vulnerable to the same issue.

https://svn.apache.org/viewvc?view=revision&revision=1891198

Bump PKGREVISION.

Files:
RevisionActionfile
1.83modifypkgsrc/devel/apr/Makefile
1.49modifypkgsrc/devel/apr/distinfo
1.1addpkgsrc/devel/apr/patches/patch-time_unix_time.c
1.1addpkgsrc/devel/apr/patches/patch-time_win32_time.c