new file mode 100644

@@ -0,0 +1,34 @@

+--- apr/apr/branches/1.6.x/time/unix/time.c	2017/09/10 22:30:14	1807975

+@@ -142,6 +142,9 @@

+     static const int dayoffset[12] =

+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};

+ 

++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)

++        return APR_EBADDATE;

++

+     /* shift new year to 1st March in order to make leap year calc easy */

+ 

+     if (xt->tm_mon < 2)

+--- apr/apr/branches/1.6.x/time/win32/time.c	2017/09/10 22:30:14	1807975

+@@ -54,6 +54,9 @@

+     static const int dayoffset[12] =

+     {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};

+ 

++    if (tm->wMonth < 1 || tm->wMonth > 12)

++        return APR_EBADDATE;

++

+     /* Note; the caller is responsible for filling in detailed tm_usec,

+      * tm_gmtoff and tm_isdst data when applicable.

+      */

+@@ -224,6 +227,9 @@

+     static const int dayoffset[12] =

+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};

+ 

++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)

++        return APR_EBADDATE;

++

+     /* shift new year to 1st March in order to make leap year calc easy */

+ 

+     if (xt->tm_mon < 2)

@@ -1,25 +1,27 @@

-Summary:    The Apache Portable Runtime

-Name:       apr

-Version:    1.5.2

-Release:    6%{?dist}

-License:    Apache License 2.0

-URL:        https://apr.apache.org/

-Group:      System Environment/Libraries

-Vendor:     VMware, Inc.

-Distribution: Photon

-Source0:    http://archive.apache.org/dist/apr/%{name}-%{version}.tar.gz

-%define sha1 apr=2ef2ac9a8de7f97f15ef32cddf1ed7325163d84c

-%define	    aprver  1

+Summary:        The Apache Portable Runtime

+Name:           apr

+Version:        1.5.2

+Release:        7%{?dist}

+License:        Apache License 2.0

+URL:            https://apr.apache.org/

+Group:          System Environment/Libraries

+Vendor:         VMware, Inc.

+Distribution:   Photon

+Source0:        http://archive.apache.org/dist/apr/%{name}-%{version}.tar.gz

+%define sha1    apr=2ef2ac9a8de7f97f15ef32cddf1ed7325163d84c

+%define         aprver  1

+Patch0:         apr-CVE-2017-12613.patch

 %description

 The Apache Portable Runtime.

-%package	devel

-Summary:	Header and development files

-Requires:	%{name} = %{version}

-%description	devel

+%package        devel

+Summary:        Header and development files

+Requires:       %{name} = %{version}

+%description    devel

 It contains the libraries and header files to create applications 

 %prep

 %setup -q

+%patch0 -p4

 %build

 ./configure --prefix=/usr \

         --includedir=%{_includedir}/apr-%{aprver} \

@@ -50,7 +52,7 @@ make %{?_smp_mflags}

 %exclude %{_libdir}/pkgconfig

 %{_bindir}/*

-%files	devel

+%files  devel

 %defattr(-,root,root)

 %{_includedir}/*

 %{_libdir}/*.la

@@ -59,10 +61,12 @@ make %{?_smp_mflags}

 %{_libdir}/pkgconfig

 %changelog

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.5.2-6

--	GA - Bump release of all rpms

-*	Mon Sep 21 2015 Harish Udaiya Kumar<hudaiyakumar@vmware.com> 1.5.2-5

--	Repacked to move the include files in devel package. 

+*   Fri Dec 08 2017 Xiaolin Li <xiaolinl@vmware.com> 1.5.2-7

+-   Fix CVE-2017-12613

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.5.2-6

+-   GA - Bump release of all rpms

+*   Mon Sep 21 2015 Harish Udaiya Kumar<hudaiyakumar@vmware.com> 1.5.2-5

+-   Repacked to move the include files in devel package.

 *   Wed Jul 15 2015 Sarah Choi <sarahc@vmware.com> 1.5.2-4

 -   Use aprver(=1) instead of version for mesos

 *   Mon Jul 13 2015 Alexey Makhalov <amakhalov@vmware.com> 1.5.2-3