!27 Fix CVE-2022-24963

From: @fly_fzc 
Reviewed-by: @zhoupengcheng11, @lvying6 
Signed-off-by: @lvying6

Bounds-check-human-readable-date-fields-credit-Stefa.patch

@@ -0,0 +1,53 @@
+From ad958385a4180d7a83d90589689fcd36e3bbc57a Mon Sep 17 00:00:00 2001
+From: Nick Kew <niq@apache.org>
+Date: Sun, 10 Sep 2017 22:30:14 +0000
+Subject: [PATCH] Bounds-check human-readable date fields (credit: Stefan
+ Sperling)
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1807975 13f79535-47bb-0310-9956-ffa450edef68
+---
+ time/unix/time.c  | 3 +++
+ time/win32/time.c | 6 ++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/time/unix/time.c b/time/unix/time.c
+index dfa45e6..7f09581 100644
+--- a/time/unix/time.c
++++ b/time/unix/time.c
+@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt)
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++        return APR_EBADDATE;
++
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
+diff --git a/time/win32/time.c b/time/win32/time.c
+index 2349799..1a70544 100644
+--- a/time/win32/time.c
++++ b/time/win32/time.c
+@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm)
+     static const int dayoffset[12] =
+     {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++    if (tm->wMonth < 1 || tm->wMonth > 12)
++        return APR_EBADDATE;
++
+     /* Note; the caller is responsible for filling in detailed tm_usec,
+      * tm_gmtoff and tm_isdst data when applicable.
+      */
+@@ -224,6 +227,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t,
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++        return APR_EBADDATE;
++
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
+-- 
+1.8.3.1
+

Follow-up-to-r1675967-trunk-resp.-r1863202-1.7.x.patch

@@ -0,0 +1,49 @@
+From 9032d8c633dbc0f6fe2cd3358f767f088ffbf1ef Mon Sep 17 00:00:00 2001
+From: Rainer Jung <rjung@apache.org>
+Date: Wed, 17 Jul 2019 11:31:02 +0000
+Subject: [PATCH] Follow up to r1675967 (trunk) resp. r1863202 (1.7.x): When
+ pool debugging is enabled, make sure we don't try to emit any debug events
+ after the debug log file handle has been closed.
+
+Backport of r1675970 from trunk.
+
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1863203 13f79535-47bb-0310-9956-ffa450edef68
+---
+ memory/unix/apr_pools.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
+index 9fdd001..eb173c8 100644
+--- a/memory/unix/apr_pools.c
++++ b/memory/unix/apr_pools.c
+@@ -636,6 +636,12 @@ static apr_allocator_t *global_allocator = NULL;
+ 
+ #if (APR_POOL_DEBUG & APR_POOL_DEBUG_VERBOSE_ALL)
+ static apr_file_t *file_stderr = NULL;
++static apr_status_t apr_pool_cleanup_file_stderr(void *data)
++{
++    file_stderr = NULL;
++    return APR_SUCCESS;
++}
++
+ #endif /* (APR_POOL_DEBUG & APR_POOL_DEBUG_VERBOSE_ALL) */
+ 
+ /*
+@@ -1706,6 +1712,13 @@ APR_DECLARE(apr_status_t) apr_pool_initialize(void)
+     file_stderr = debug_log;
+ 
+     if (file_stderr) {
++        /* Add a cleanup handler that sets the debug log file handle
++         * to NULL, otherwise we'll try to log the global pool
++         * destruction event with predictably disastrous results. */
++        apr_pool_cleanup_register(global_pool, NULL,
++                                  apr_pool_cleanup_file_stderr,
++                                  apr_pool_cleanup_null);
++
+         apr_file_printf(file_stderr,
+             "POOL DEBUG: [PID"
+ #if APR_HAS_THREADS
+-- 
+1.8.3.1
+

Merge-r1834494-from-trunk.patch

@@ -1,170 +0,0 @@
-This is an upstream patch from: http://svn.apache.org/viewvc?view=revision&revision=1834495
-
---- 1.7.x/buildconf	2018/06/27 11:41:30	1834494
-+++ 1.7.x/buildconf	2018/06/27 11:49:33	1834495
-@@ -112,8 +112,10 @@
- # Remove autoconf 2.5x's cache directory
- rm -rf autom4te*.cache
- 
-+PYTHON=${PYTHON-`build/PrintPath python3 python2 python`}
-+
- echo "buildconf: generating 'make' outputs ..."
--build/gen-build.py $verbose make
-+${PYTHON} build/gen-build.py $verbose make
- 
- # Create RPM Spec file
- if [ -f `which cut` ]; then
---- 1.7.x/build/gen-build.py	2018/06/27 11:41:30	1834494
-+++ 1.7.x/build/gen-build.py	2018/06/27 11:49:33	1834495
-@@ -10,7 +10,10 @@
- 
- 
- import os
--import ConfigParser
-+try:
-+  import configparser
-+except ImportError:
-+  import ConfigParser as configparser
- import getopt
- import string
- import glob
-@@ -36,7 +39,7 @@
- 
- 
- def main():
--  parser = ConfigParser.ConfigParser()
-+  parser = configparser.ConfigParser()
-   parser.read('build.conf')
- 
-   if parser.has_option('options', 'dsp'):
-@@ -62,7 +65,7 @@
-   # write out the platform-independent files
-   files = get_files(parser.get('options', 'paths'))
-   objects, dirs = write_objects(f, legal_deps, h_deps, files)
--  f.write('\nOBJECTS_all = %s\n\n' % string.join(objects))
-+  f.write('\nOBJECTS_all = %s\n\n' % " ".join(objects))
- 
-   # for each platform and each subdirectory holding platform-specific files,
-   # write out their compilation rules, and an OBJECT_<subdir>_<plat> symbol.
-@@ -86,11 +89,11 @@
-           inherit_files[-1] = inherit_files[-1][:-2] + '.lo'
-           # replace the \\'s with /'s
-           inherit_line = '/'.join(inherit_files)
--          if not inherit_parent.has_key(inherit_files[0]):
-+          if inherit_files[0] not in inherit_parent:
-             inherit_parent[inherit_files[0]] = []
-           inherit_parent[inherit_files[0]].append(inherit_line)
- 
--    for subdir in string.split(parser.get('options', 'platform_dirs')):
-+    for subdir in parser.get('options', 'platform_dirs').split():
-       path = '%s/%s' % (subdir, platform)
-       if not os.path.exists(path):
-         # this subdir doesn't have a subdir for this platform, so we'll
-@@ -106,7 +109,7 @@
-       files = get_files(path + '/*.c')
-       objects, _unused = write_objects(f, legal_deps, h_deps, files)
- 
--      if inherit_parent.has_key(subdir):
-+      if subdir in inherit_parent:
-         objects = objects + inherit_parent[subdir]
- 
-       symname = 'OBJECTS_%s_%s' % (subdir, platform)
-@@ -114,7 +117,7 @@
-       objects.sort()
- 
-       # and write the symbol for the whole group
--      f.write('\n%s = %s\n\n' % (symname, string.join(objects)))
-+      f.write('\n%s = %s\n\n' % (symname, " ".join(objects)))
- 
-       # and include that symbol in the group
-       group.append('$(%s)' % symname)
-@@ -122,18 +125,18 @@
-     group.sort()
- 
-     # write out a symbol which contains the necessary files
--    f.write('OBJECTS_%s = %s\n\n' % (platform, string.join(group)))
-+    f.write('OBJECTS_%s = %s\n\n' % (platform, " ".join(group)))
- 
--  f.write('HEADERS = $(top_srcdir)/%s\n\n' % string.join(headers, ' $(top_srcdir)/'))
--  f.write('SOURCE_DIRS = %s $(EXTRA_SOURCE_DIRS)\n\n' % string.join(dirs.keys()))
-+  f.write('HEADERS = $(top_srcdir)/%s\n\n' % ' $(top_srcdir)/'.join(headers))
-+  f.write('SOURCE_DIRS = %s $(EXTRA_SOURCE_DIRS)\n\n' % " ".join(dirs.keys()))
- 
-   if parser.has_option('options', 'modules'):
-     modules = parser.get('options', 'modules')
- 
--    for mod in string.split(modules):
-+    for mod in modules.split():
-       files = get_files(parser.get(mod, 'paths'))
-       objects, _unused = write_objects(f, legal_deps, h_deps, files)
--      flat_objects = string.join(objects)
-+      flat_objects = " ".join(objects)
-       f.write('OBJECTS_%s = %s\n' % (mod, flat_objects))
- 
-       if parser.has_option(mod, 'target'):
-@@ -153,9 +156,9 @@
-       d = os.path.dirname(d)
- 
-   # Sort so 'foo' is before 'foo/bar'
--  keys = alldirs.keys()
-+  keys = list(alldirs.keys())
-   keys.sort()
--  f.write('BUILD_DIRS = %s\n\n' % string.join(keys))
-+  f.write('BUILD_DIRS = %s\n\n' % " ".join(keys))
- 
-   f.write('.make.dirs: $(srcdir)/build-outputs.mk\n' \
-           '\t@for d in $(BUILD_DIRS); do test -d $$d || mkdir $$d; done\n' \
-@@ -177,12 +180,12 @@
- 
-     # what headers does this file include, along with the implied headers
-     deps = extract_deps(file, legal_deps)
--    for hdr in deps.keys():
-+    for hdr in list(deps.keys()):
-       deps.update(h_deps.get(hdr, {}))
- 
--    vals = deps.values()
-+    vals = list(deps.values())
-     vals.sort()
--    f.write('%s: %s .make.dirs %s\n' % (obj, file, string.join(vals)))
-+    f.write('%s: %s .make.dirs %s\n' % (obj, file, " ".join(vals)))
- 
-   objects.sort()
- 
-@@ -210,7 +213,7 @@
-     for hdr, deps in header_deps.items():
-       # print hdr, deps
-       start = len(deps)
--      for dep in deps.keys():
-+      for dep in list(deps.keys()):
-         deps.update(header_deps.get(dep, {}))
-       if len(deps) != start:
-         altered = 1
-@@ -220,7 +223,7 @@
- 
- def get_files(patterns):
-   files = [ ]
--  for pat in string.split(patterns):
-+  for pat in patterns.split():
-     files.extend(map(clean_path, glob.glob(pat)))
-   files.sort()
-   return files
---- 1.7.x/build/buildcheck.sh	2018/06/27 11:41:30	1834494
-+++ 1.7.x/build/buildcheck.sh	2018/06/27 11:49:33	1834495
-@@ -4,14 +4,14 @@
- res=0
- 
- # any python
--python=`build/PrintPath python`
-+python=${PYTHON-`build/PrintPath python3 python2 python`}
- if test -z "$python"; then
-   echo "buildconf: python not found."
-   echo "           You need python installed"
-   echo "           to build APR from SVN."
-   res=1
- else
--  py_version=`python -c 'import sys; print sys.version' 2>&1|sed 's/ .*//;q'`
-+  py_version=`$python -c 'import sys; print(sys.version)' 2>&1|sed 's/ .*//;q'`
-   echo "buildconf: python version $py_version (ok)"
- fi
- 
- 

Register-the-pool-debug-log-cleanup-handler-after-em.patch

@@ -0,0 +1,50 @@
+From dfce87282409fcb9ca012bcc2db0061183bf91c8 Mon Sep 17 00:00:00 2001
+From: Rainer Jung <rjung@apache.org>
+Date: Wed, 17 Jul 2019 11:32:12 +0000
+Subject: [PATCH] Register the pool debug log cleanup handler after emitting
+ the global pool creation event.  This ensures that the allocation event from
+ the cleanup registration written after the creation event.
+
+Backport of r1675982 from trunk.
+
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1863204 13f79535-47bb-0310-9956-ffa450edef68
+---
+ memory/unix/apr_pools.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
+index eb173c8..a59d9da 100644
+--- a/memory/unix/apr_pools.c
++++ b/memory/unix/apr_pools.c
+@@ -1712,13 +1712,6 @@ APR_DECLARE(apr_status_t) apr_pool_initialize(void)
+     file_stderr = debug_log;
+ 
+     if (file_stderr) {
+-        /* Add a cleanup handler that sets the debug log file handle
+-         * to NULL, otherwise we'll try to log the global pool
+-         * destruction event with predictably disastrous results. */
+-        apr_pool_cleanup_register(global_pool, NULL,
+-                                  apr_pool_cleanup_file_stderr,
+-                                  apr_pool_cleanup_null);
+-
+         apr_file_printf(file_stderr,
+             "POOL DEBUG: [PID"
+ #if APR_HAS_THREADS
+@@ -1728,6 +1721,13 @@ APR_DECLARE(apr_status_t) apr_pool_initialize(void)
+             "POOL       \"TAG\" <__FILE__:__LINE__> (ALLOCS/TOTAL ALLOCS/CLEARS)\n");
+ 
+         apr_pool_log_event(global_pool, "GLOBAL", __FILE__ ":apr_pool_initialize", 0);
++
++        /* Add a cleanup handler that sets the debug log file handle
++         * to NULL, otherwise we'll try to log the global pool
++         * destruction event with predictably disastrous results. */
++        apr_pool_cleanup_register(global_pool, NULL,
++                                  apr_pool_cleanup_file_stderr,
++                                  apr_pool_cleanup_null);
+     }
+ #endif /* (APR_POOL_DEBUG & APR_POOL_DEBUG_VERBOSE_ALL) */
+ 
+-- 
+1.8.3.1
+

apr.spec

@@ -1,8 +1,8 @@
 %define aprver 1
 
 Name: apr
-Version: 1.6.5
-Release: 4
+Version: 1.7.0
+Release: 5
 Summary: Apache Portable Runtime.
 License: ASL 2.0 and BSD with advertising and ISC and BSD
 URL: http://apr.apache.org
@@ -11,12 +11,17 @@ Source1: apr-wrapper.h
 
 Patch0: apr-1.2.2-libdir.patch
 Patch1: apr-1.2.7-pkgconf.patch
-
-Patch6000: Merge-r1834494-from-trunk.patch
-Patch6001: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch
-Patch6002: Split-apr_pool_check_integrity-into-two-parts.patch
-Patch6003: Pool-debugging-fixes.patch
-Patch6004: Fix-pool-debugging-output-so-that-creation-events-ar.patch
+Patch2: Split-apr_pool_check_integrity-into-two-parts.patch
+Patch3: Pool-debugging-fixes.patch
+Patch4: Fix-pool-debugging-output-so-that-creation-events-ar.patch
+Patch5: memory-unix-apr_pools.c-apr_pool_cleanup_register.patch
+Patch6: Follow-up-to-r1675967-trunk-resp.-r1863202-1.7.x.patch
+Patch7: Register-the-pool-debug-log-cleanup-handler-after-em.patch
+Patch8: backport-CVE-2017-12613-Bounds-check-human-readable-date-fields.patch
+Patch9: backport-Address-some-warnings-raised-by-MSVC-32-64.patch
+Patch10:backport-apr_encode_base32-fix-advertised-output-len-when-cal.patch
+Patch11:backport-apr_decode_base-64-32-16-stop-reading-before-not-inc.patch
+Patch12:backport-CVE-2022-24963-encoding-Better-check-inputs-of-apr_-encode-decode-_.patch
 
 BuildRequires: gcc autoconf libtool libuuid-devel python3 lksctp-tools-devel
 
@@ -100,6 +105,22 @@ make check
 %doc docs/incomplete_types docs/non_apr_programs
 
 %changelog
+* Mon Feb 13 2023 fuanan <fuanan3@h-partners.com> - 1.7.0-5
+- Fix CVE-2022-24963
+
+* Tue Mar 30 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 1.7.0-4
+- Rebuild for openEuler-rpm-config moving /usr/lib/rpm/openEuler/xxxx to 
+  /usr/lib/xxxx
+
+* Fri Mar 19 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 1.7.0-3
+- Fix CVE-2017-12613
+
+* Mon Jun 29 2020  linwei<linwei54@huawei.com> - 1.7.0-2
+- sync some patches from community
+
+* Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.7.0-1
+- update to 1.7.0-1
+
 * Tue Dec 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.6.5-4
 - quality enhancement synchronization github patch
 

backport-Address-some-warnings-raised-by-MSVC-32-64.patch

@@ -0,0 +1,181 @@
+From 66e41846004d40fd6d12811fd0acf08920a3d1cd Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Wed, 3 Apr 2019 13:54:46 +0000
+Subject: [PATCH] Address some warnings raised by MSVC-32/64.
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1856873 13f79535-47bb-0310-9956-ffa450edef68
+---
+ atomic/win32/apr_atomic64.c | 50 ++++++++-----------------------------
+ encoding/apr_encode.c       |  4 +--
+ file_io/win32/seek.c        |  2 +-
+ memory/unix/apr_pools.c     |  8 +++---
+ 4 files changed, 18 insertions(+), 46 deletions(-)
+
+diff --git a/atomic/win32/apr_atomic64.c b/atomic/win32/apr_atomic64.c
+index a5acc945e..e2cd06d6c 100644
+--- a/atomic/win32/apr_atomic64.c
++++ b/atomic/win32/apr_atomic64.c
+@@ -18,55 +18,35 @@
+ #include "apr_atomic.h"
+ #include "apr_thread_mutex.h"
+ 
+-APR_DECLARE(apr_uint64_t) apr_atomic_add64(volatile apr_uint64_t *mem, apr_uint64_t val)
+-{
+-#if (defined(_M_IA64) || defined(_M_AMD64))
+-    return InterlockedExchangeAdd64(mem, val);
+-#else
+-    return InterlockedExchangeAdd64((long *)mem, val);
+-#endif
+-}
+-
+ /* Of course we want the 2's compliment of the unsigned value, val */
+ #ifdef _MSC_VER
+ #pragma warning(disable: 4146)
+ #endif
+ 
++APR_DECLARE(apr_uint64_t) apr_atomic_add64(volatile apr_uint64_t *mem, apr_uint64_t val)
++{
++    return InterlockedExchangeAdd64((volatile LONG64 *)mem, val);
++}
++
+ APR_DECLARE(void) apr_atomic_sub64(volatile apr_uint64_t *mem, apr_uint64_t val)
+ {
+-#if (defined(_M_IA64) || defined(_M_AMD64))
+-    InterlockedExchangeAdd64(mem, -val);
+-#else
+-    InterlockedExchangeAdd64((long *)mem, -val);
+-#endif
++    InterlockedExchangeAdd64((volatile LONG64 *)mem, -val);
+ }
+ 
+ APR_DECLARE(apr_uint64_t) apr_atomic_inc64(volatile apr_uint64_t *mem)
+ {
+     /* we return old value, win64 returns new value :( */
+-#if (defined(_M_IA64) || defined(_M_AMD64)) && !defined(RC_INVOKED)
+-    return InterlockedIncrement64(mem) - 1;
+-#else
+-    return InterlockedIncrement64((long *)mem) - 1;
+-#endif
++    return InterlockedIncrement64((volatile LONG64 *)mem) - 1;
+ }
+ 
+ APR_DECLARE(int) apr_atomic_dec64(volatile apr_uint64_t *mem)
+ {
+-#if (defined(_M_IA64) || defined(_M_AMD64)) && !defined(RC_INVOKED)
+-    return InterlockedDecrement64(mem);
+-#else
+-    return InterlockedDecrement64((long *)mem);
+-#endif
++    return !!InterlockedDecrement64((volatile LONG64 *)mem);
+ }
+ 
+ APR_DECLARE(void) apr_atomic_set64(volatile apr_uint64_t *mem, apr_uint64_t val)
+ {
+-#if (defined(_M_IA64) || defined(_M_AMD64)) && !defined(RC_INVOKED)
+-    InterlockedExchange64(mem, val);
+-#else
+-    InterlockedExchange64((long*)mem, val);
+-#endif
++    InterlockedExchange64((volatile LONG64 *)mem, val);
+ }
+ 
+ APR_DECLARE(apr_uint64_t) apr_atomic_read64(volatile apr_uint64_t *mem)
+@@ -77,18 +57,10 @@ APR_DECLARE(apr_uint64_t) apr_atomic_read64(volatile apr_uint64_t *mem)
+ APR_DECLARE(apr_uint64_t) apr_atomic_cas64(volatile apr_uint64_t *mem, apr_uint64_t with,
+                                            apr_uint64_t cmp)
+ {
+-#if (defined(_M_IA64) || defined(_M_AMD64)) && !defined(RC_INVOKED)
+-    return InterlockedCompareExchange64(mem, with, cmp);
+-#else
+-    return InterlockedCompareExchange64((long*)mem, with, cmp);
+-#endif
++    return InterlockedCompareExchange64((volatile LONG64 *)mem, with, cmp);
+ }
+ 
+ APR_DECLARE(apr_uint64_t) apr_atomic_xchg64(volatile apr_uint64_t *mem, apr_uint64_t val)
+ {
+-#if (defined(_M_IA64) || defined(_M_AMD64)) && !defined(RC_INVOKED)
+-    return InterlockedExchange64(mem, val);
+-#else
+-    return InterlockedExchange64((long *)mem, val);
+-#endif
++    return InterlockedExchange64((volatile LONG64 *)mem, val);
+ }
+diff --git a/encoding/apr_encode.c b/encoding/apr_encode.c
+index 905185921..e44ae11f0 100644
+--- a/encoding/apr_encode.c
++++ b/encoding/apr_encode.c
+@@ -1062,7 +1062,7 @@ APR_DECLARE(apr_status_t) apr_encode_base16(char *dest,
+              const char *src, apr_ssize_t slen, int flags, apr_size_t * len)
+ {
+     const char *in = src;
+-    apr_size_t size;
++    apr_ssize_t size;
+ 
+     if (!src) {
+         return APR_NOTFOUND;
+@@ -1115,7 +1115,7 @@ APR_DECLARE(apr_status_t) apr_encode_base16_binary(char *dest,
+     const unsigned char *src, apr_ssize_t slen, int flags, apr_size_t * len)
+ {
+     const unsigned char *in = src;
+-    apr_size_t size;
++    apr_ssize_t size;
+ 
+     if (!src) {
+         return APR_NOTFOUND;
+diff --git a/file_io/win32/seek.c b/file_io/win32/seek.c
+index afe6edb00..dfef57716 100644
+--- a/file_io/win32/seek.c
++++ b/file_io/win32/seek.c
+@@ -170,7 +170,7 @@ APR_DECLARE(apr_status_t) apr_file_trunc(apr_file_t *thefile, apr_off_t offset)
+                 thefile->bufpos = 0;
+             }
+             else if (offset < thefile->filePtr + (apr_off_t)thefile->bufpos) {
+-                thefile->bufpos = offset - thefile->filePtr;
++                thefile->bufpos = (apr_size_t)(offset - thefile->filePtr);
+             }
+ 
+             if (thefile->bufpos != 0) {
+diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
+index 5fa7da1b5..0ca715efa 100644
+--- a/memory/unix/apr_pools.c
++++ b/memory/unix/apr_pools.c
+@@ -407,7 +407,7 @@ apr_memnode_t *allocator_alloc(apr_allocator_t *allocator, apr_size_t in_size)
+         return NULL;
+     }
+ #endif
+-    node->index = index;
++    node->index = (apr_uint32_t)index;
+     node->endp = (char *)node + size;
+ 
+ have_node:
+@@ -877,7 +877,7 @@ APR_DECLARE(void *) apr_palloc(apr_pool_t *pool, apr_size_t in_size)
+     free_index = (APR_ALIGN(active->endp - active->first_avail + 1,
+                             BOUNDARY_SIZE) - BOUNDARY_SIZE) >> BOUNDARY_INDEX;
+ 
+-    active->free_index = free_index;
++    active->free_index = (apr_uint32_t)free_index;
+     node = active->next;
+     if (free_index >= node->free_index)
+         goto have_mem;
+@@ -1289,7 +1289,7 @@ static int psprintf_flush(apr_vformatter_buff_t *vbuff)
+         free_index = (APR_ALIGN(active->endp - active->first_avail + 1,
+                                 BOUNDARY_SIZE) - BOUNDARY_SIZE) >> BOUNDARY_INDEX;
+ 
+-        active->free_index = free_index;
++        active->free_index = (apr_uint32_t)free_index;
+         node = active->next;
+         if (free_index < node->free_index) {
+             do {
+@@ -1445,7 +1445,7 @@ APR_DECLARE(char *) apr_pvsprintf(apr_pool_t *pool, const char *fmt, va_list ap)
+     free_index = (APR_ALIGN(active->endp - active->first_avail + 1,
+                             BOUNDARY_SIZE) - BOUNDARY_SIZE) >> BOUNDARY_INDEX;
+ 
+-    active->free_index = free_index;
++    active->free_index = (apr_uint32_t)free_index;
+     node = active->next;
+ 
+     if (free_index >= node->free_index) {
+-- 
+2.27.0
+

backport-CVE-2017-12613-Bounds-check-human-readable-date-fields.patch

@@ -0,0 +1,50 @@
+From ad958385a4180d7a83d90589689fcd36e3bbc57a Mon Sep 17 00:00:00 2001
+From: Nick Kew <niq@apache.org>
+Date: Sun, 10 Sep 2017 22:30:14 +0000
+Subject: [PATCH] Bounds-check human-readable date fields (credit: Stefan
+ Sperling)
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1807975 13f79535-47bb-0310-9956-ffa450edef68
+---
+ time/unix/time.c  | 3 +++
+ time/win32/time.c | 6 ++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/time/unix/time.c b/time/unix/time.c
+index dfa45e690c..7f09581927 100644
+--- a/time/unix/time.c
++++ b/time/unix/time.c
+@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt)
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++        return APR_EBADDATE;
++
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
+diff --git a/time/win32/time.c b/time/win32/time.c
+index 2349799356..1a705443b2 100644
+--- a/time/win32/time.c
++++ b/time/win32/time.c
+@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm)
+     static const int dayoffset[12] =
+     {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++    if (tm->wMonth < 1 || tm->wMonth > 12)
++        return APR_EBADDATE;
++
+     /* Note; the caller is responsible for filling in detailed tm_usec,
+      * tm_gmtoff and tm_isdst data when applicable.
+      */
+@@ -224,6 +227,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t,
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++        return APR_EBADDATE;
++
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)

backport-apr_decode_base-64-32-16-stop-reading-before-not-inc.patch

@@ -0,0 +1,199 @@
+From e70d77ecc4aa9e0dccac6e7e5ba74639f71f50cf Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Fri, 27 Nov 2020 17:04:06 +0000
+Subject: [PATCH] apr_decode_base{64,32,16}: stop reading before (not
+ including) NUL byte.
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1883870 13f79535-47bb-0310-9956-ffa450edef68
+---
+ encoding/apr_encode.c | 60 ++++++++++++++++++++++++++++++-------------
+ test/testencode.c     | 24 ++++++++++++-----
+ 2 files changed, 59 insertions(+), 25 deletions(-)
+
+diff --git a/encoding/apr_encode.c b/encoding/apr_encode.c
+index b3278c7fd..bc2dc5437 100644
+--- a/encoding/apr_encode.c
++++ b/encoding/apr_encode.c
+@@ -394,11 +394,15 @@ APR_DECLARE(apr_status_t) apr_decode_base64(char *dest, const char *src,
+         apr_status_t status;
+ 
+         bufin = (const unsigned char *)src;
+-        while (pr2six[*(bufin++)] < 64 && count)
++        while (count && pr2six[*bufin] < 64) {
+             count--;
+-        nprbytes = (bufin - (const unsigned char *)src) - 1;
+-        while (pr2six[*(bufin++)] > 64 && count)
++            bufin++;
++        }
++        nprbytes = bufin - (const unsigned char *)src;
++        while (count && pr2six[*bufin] > 64) {
+             count--;
++            bufin++;
++        }
+ 
+         status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+             count ? APR_BADCH : APR_SUCCESS;
+@@ -469,11 +473,15 @@ APR_DECLARE(apr_status_t) apr_decode_base64_binary(unsigned char *dest,
+         apr_status_t status;
+ 
+         bufin = (const unsigned char *)src;
+-        while (pr2six[*(bufin++)] < 64 && count)
++        while (count && pr2six[*bufin] < 64) {
+             count--;
+-        nprbytes = (bufin - (const unsigned char *)src) - 1;
+-        while (pr2six[*(bufin++)] > 64 && count)
++            bufin++;
++        }
++        nprbytes = bufin - (const unsigned char *)src;
++        while (count && pr2six[*bufin] > 64) {
+             count--;
++            bufin++;
++        }
+ 
+         status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+             count ? APR_BADCH : APR_SUCCESS;
+@@ -842,11 +850,15 @@ APR_DECLARE(apr_status_t) apr_decode_base32(char *dest, const char *src,
+         }
+ 
+         bufin = (const unsigned char *)src;
+-        while (pr2[*(bufin++)] < 32 && count)
++        while (count && pr2[*bufin] < 32) {
+             count--;
+-        nprbytes = (bufin - (const unsigned char *)src) - 1;
+-        while (pr2[*(bufin++)] > 32 && count)
++            bufin++;
++        }
++        nprbytes = bufin - (const unsigned char *)src;
++        while (count && pr2[*bufin] > 32) {
+             count--;
++            bufin++;
++        }
+ 
+         status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+             count ? APR_BADCH : APR_SUCCESS;
+@@ -945,11 +957,15 @@ APR_DECLARE(apr_status_t) apr_decode_base32_binary(unsigned char *dest,
+         }
+ 
+         bufin = (const unsigned char *)src;
+-        while (pr2[*(bufin++)] < 32 && count)
++        while (count && pr2[*bufin] < 32) {
+             count--;
+-        nprbytes = (bufin - (const unsigned char *)src) - 1;
+-        while (pr2[*(bufin++)] > 32 && count)
++            bufin++;
++        }
++        nprbytes = bufin - (const unsigned char *)src;
++        while (count && pr2[*bufin] > 32) {
+             count--;
++            bufin++;
++        }
+ 
+         status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+             count ? APR_BADCH : APR_SUCCESS;
+@@ -1220,11 +1236,15 @@ APR_DECLARE(apr_status_t) apr_decode_base16(char *dest,
+ 
+     count = slen;
+     bufin = (const unsigned char *)src;
+-    while (pr2two[*(bufin++)] != 16 && count)
++    while (count && pr2two[*bufin] != 16) {
+         count--;
+-    nprbytes = (bufin - (const unsigned char *)src) - 1;
+-    while (pr2two[*(bufin++)] > 16 && count)
++        bufin++;
++    }
++    nprbytes = bufin - (const unsigned char *)src;
++    while (count && pr2two[*bufin] > 16) {
+         count--;
++        bufin++;
++    }
+ 
+     status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+         count ? APR_BADCH : APR_SUCCESS;
+@@ -1310,11 +1330,15 @@ APR_DECLARE(apr_status_t) apr_decode_base16_binary(unsigned char *dest,
+ 
+     count = slen;
+     bufin = (const unsigned char *)src;
+-    while (pr2two[*(bufin++)] != 16 && count)
++    while (count && pr2two[*bufin] != 16) {
+         count--;
+-    nprbytes = (bufin - (const unsigned char *)src) - 1;
+-    while (pr2two[*(bufin++)] > 16 && count)
++        bufin++;
++    }
++    nprbytes = bufin - (const unsigned char *)src;
++    while (count && pr2two[*bufin] > 16) {
+         count--;
++        bufin++;
++    }
+ 
+     status = flags & APR_ENCODE_RELAXED ? APR_SUCCESS :
+         count ? APR_BADCH : APR_SUCCESS;
+diff --git a/test/testencode.c b/test/testencode.c
+index 3680fa380..ba23aaf28 100644
+--- a/test/testencode.c
++++ b/test/testencode.c
+@@ -134,37 +134,42 @@ static void test_decode_base64(abts_case * tc, void *data)
+     src = "";
+     target = "";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zg==";
+     target = "f";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
++
++    src = "Zg=";
++    target = "f";
++    dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zg";
+     target = "f";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zm8=";
+     target = "fo";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zm8";
+     target = "fo";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zm9v";
+     target = "foo";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     src = "Zm9v";
+     target = "foo";
+     dest = apr_pdecode_base64(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+-    ABTS_STR_EQUAL(tc, dest, target);
++    ABTS_STR_EQUAL(tc, target, dest);
+ 
+     apr_pool_destroy(pool);
+ }
+@@ -191,6 +196,11 @@ static void test_decode_base64_binary(abts_case * tc, void *data)
+     ABTS_ASSERT(tc, "apr_pdecode_base64_binary target!=dest", memcmp(ufoobar, udest, 1) == 0);
+     ABTS_INT_EQUAL(tc, len, 1);
+ 
++    src = "Zg=";
++    udest = apr_pdecode_base64_binary(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
++    ABTS_ASSERT(tc, "apr_pdecode_base64_binary target!=dest", memcmp(ufoobar, udest, 1) == 0);
++    ABTS_INT_EQUAL(tc, len, 1);
++
+     src = "Zg";
+     udest = apr_pdecode_base64_binary(pool, src, APR_ENCODE_STRING, APR_ENCODE_NONE, &len);
+     ABTS_ASSERT(tc, "apr_pdecode_base64_binary target!=dest", memcmp(ufoobar, udest, 1) == 0);
+-- 
+2.27.0
+

backport-apr_encode_base32-fix-advertised-output-len-when-cal.patch

@@ -0,0 +1,27 @@
+From 2b0eb50e43667ce8cebf0bb745a0eb7d493385c2 Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Fri, 27 Nov 2020 16:54:50 +0000
+Subject: [PATCH] apr_encode_base32: fix advertised output *len when called
+ with dst == NULL.
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1883868 13f79535-47bb-0310-9956-ffa450edef68
+---
+ encoding/apr_encode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/encoding/apr_encode.c b/encoding/apr_encode.c
+index e44ae11f0..b3278c7fd 100644
+--- a/encoding/apr_encode.c
++++ b/encoding/apr_encode.c
+@@ -665,7 +665,7 @@ APR_DECLARE(apr_status_t) apr_encode_base32(char *dest, const char *src,
+     }
+ 
+     if (len) {
+-        *len = ((slen + 2) / 3 * 4) + 1;
++        *len = ((slen + 4) / 5 * 8) + 1;
+     }
+ 
+     return APR_SUCCESS;
+-- 
+2.27.0
+

memory-unix-apr_pools.c-apr_pool_cleanup_register.patch

@@ -0,0 +1,33 @@
+From 54bc039ca9781c75b51ad39a01ae79d30efd6f09 Mon Sep 17 00:00:00 2001
+From: Rainer Jung <rjung@apache.org>
+Date: Wed, 17 Jul 2019 11:15:08 +0000
+Subject: [PATCH] * memory/unix/apr_pools.c (apr_pool_cleanup_register):  
+ [APR_POOL_DEBUG]: Catch NULL arguments which would lead to   strange
+ segfaults later.
+
+Backport of r1082177 from trunk.
+
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1863198 13f79535-47bb-0310-9956-ffa450edef68
+---
+ memory/unix/apr_pools.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
+index 524e9ac..3361f7a 100644
+--- a/memory/unix/apr_pools.c
++++ b/memory/unix/apr_pools.c
+@@ -2484,6 +2484,10 @@ APR_DECLARE(void) apr_pool_cleanup_register(apr_pool_t *p, const void *data,
+ 
+ #if APR_POOL_DEBUG
+     apr_pool_check_integrity(p);
++
++    if (!p || !plain_cleanup_fn || !child_cleanup_fn) {
++        abort();
++    }
+ #endif /* APR_POOL_DEBUG */
+ 
+     if (p != NULL) {
+-- 
+1.8.3.1
+

test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch

@@ -1,28 +0,0 @@
-From d6d48ddd4c3a5ef04749475ed75d26330a3e0dc6 Mon Sep 17 00:00:00 2001
-From: Joe Orton <jorton@apache.org>
-Date: Tue, 19 Sep 2017 16:38:40 +0000
-Subject: [PATCH] * test/testlock.c (test_timeoutcond): Increase fudge factor
- in   checking timeout precision; 100ms failed regularly in Fedora builds,  
- 500ms has Never Failed(TM).
-
-git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1808910 13f79535-47bb-0310-9956-ffa450edef68
----
- test/testlock.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/testlock.c b/test/testlock.c
-index 40da791b7..cd48768ca 100644
---- a/test/testlock.c
-+++ b/test/testlock.c
-@@ -334,7 +334,7 @@ static void test_timeoutcond(abts_case *tc, void *data)
-             continue;
-         }
-         ABTS_INT_EQUAL(tc, 1, APR_STATUS_IS_TIMEUP(s));
--        ABTS_ASSERT(tc, "Timer returned too late", end - begin - timeout < 100000);
-+        ABTS_ASSERT(tc, "Timer returned too late", end - begin - timeout < 500000);
-         break;
-     }
-     ABTS_ASSERT(tc, "Too many retries", i < MAX_RETRY);
--- 
-2.19.1
-