GNU bug report logs -
#28968
[PATCH] gnu: icu4c: Fix CVE-2017-14952.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 24 Oct 2017 16:37:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
* gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/icu4c.scm (icu4c)[replacement]: New field.
(icu4c-fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/icu4c.scm | 10 ++++++++++
gnu/packages/patches/icu4c-CVE-2017-14952.patch | 18 ++++++++++++++++++
3 files changed, 29 insertions(+)
create mode 100644 gnu/packages/patches/icu4c-CVE-2017-14952.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 6b70300ff..d02b25072 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -734,6 +734,7 @@ dist_patch_DATA = \
%D%/packages/patches/hydra-disable-darcs-test.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \
+ %D%/packages/patches/icu4c-CVE-2017-14952.patch \
%D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 346128585..55bc9f203 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,6 +32,7 @@
(define-public icu4c
(package
(name "icu4c")
+ (replacement icu4c-fixed)
(version "58.2")
(source (origin
(method url-fetch)
@@ -70,6 +71,15 @@ C/C++ part.")
(license x11)
(home-page "http://site.icu-project.org/")))
+(define icu4c-fixed
+ (package
+ (inherit icu4c)
+ (source (origin
+ (inherit (package-source icu4c))
+ (patches (append
+ (origin-patches (package-source icu4c))
+ (search-patches "icu4c-CVE-2017-14952.patch")))))))
+
(define-public java-icu4j
(package
(name "java-icu4j")
diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
new file mode 100644
index 000000000..564f69d01
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
@@ -0,0 +1,18 @@
+Fix CVE-2017-14952:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
+
+Index: trunk/icu4c/source/i18n/zonemeta.cpp
+===================================================================
+--- icu/source/i18n/zonemeta.cpp (revision 40283)
++++ icu/source/i18n/zonemeta.cpp (revision 40324)
+@@ -691,5 +691,4 @@
+ if (U_FAILURE(status)) {
+ delete mzMappings;
+- deleteOlsonToMetaMappingEntry(entry);
+ uprv_free(entry);
+ break;
--
2.14.3
This bug report was last modified 7 years and 213 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.