diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-10-12 07:37:23 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-10-12 11:09:30 +0000 |
commit | e86e30788cfe889e9a7133713578da75083701b7 (patch) | |
tree | 25c928f6044d08c24af3d2b7b9d9d339b067d1fc | |
parent | 52ed476a6b470d0475f39ae277a0376568a2beb0 (diff) |
main/icu: security fix for CVE-2015-1270
-rw-r--r-- | main/icu/APKBUILD | 12 | ||||
-rw-r--r-- | main/icu/CVE-2015-1270.patch | 18 |
2 files changed, 26 insertions, 4 deletions
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD index b6d9416d641..4196f985032 100644 --- a/main/icu/APKBUILD +++ b/main/icu/APKBUILD @@ -5,7 +5,7 @@ pkgver=52.1 # convert x.y.z to x_y_z _ver=${pkgver//./_} -pkgrel=1 +pkgrel=2 pkgdesc="International Components for Unicode library" url="http://www.icu-project.org/" arch="all" @@ -17,6 +17,7 @@ source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver icu-timezone.patch CVE-2014-8146.patch CVE-2014-8147.patch + CVE-2015-1270.patch " _builddir="$srcdir"/icu/source @@ -72,12 +73,15 @@ libs() { md5sums="9e96ed4c1d99c0d14ac03c140f9f346c icu4c-52_1-src.tgz 7c5d8b8105c26afa78fa4300bb4bed48 icu-timezone.patch 59b258e7dedf329faa270d7c56efec59 CVE-2014-8146.patch -e3a1beeff61e786176225bfd8883263c CVE-2014-8147.patch" +e3a1beeff61e786176225bfd8883263c CVE-2014-8147.patch +a96d030215717af9f86df767dad18c9d CVE-2015-1270.patch" sha256sums="2f4d5e68d4698e87759dbdc1a586d053d96935787f79961d192c477b029d8092 icu4c-52_1-src.tgz b5bff5392e5c6b8bacd8f06fd32bff08688c7884bd33ffc10ef4338f621c6ef5 icu-timezone.patch ab82594942d372d6ae54c76a687d9388cc8f53b86360d6b11899ade7d8c28a3e CVE-2014-8146.patch -6c7425c89a3699899420b0b4b81bb2f4dfd982454d2cd730bac6729742c82465 CVE-2014-8147.patch" +6c7425c89a3699899420b0b4b81bb2f4dfd982454d2cd730bac6729742c82465 CVE-2014-8147.patch +ab91523197421856caa4dfd2d0540901d098d1a470a7b3d8fec1986f0ad0f305 CVE-2015-1270.patch" sha512sums="5300b1d97340850d3d72af220ff5cbc2ae2820aff4367b60e52f17ead9831011dcda3d4c5af57c899d47b6fc964b23c9c8922954b32d314d669eb1a479a2efb0 icu4c-52_1-src.tgz fc424cf0b78c9dcdea309e161b4ead3537207dc1b0ef8a2b0d824360a261f7b358cc0261e8c9e74f61244b67db106c92902ff63fcbaabf31d701d38e37a8e658 icu-timezone.patch fecf44dd06701978014779f791c6b10c3544a3bc8d9f1fda4f7f93adff84f31361b128e61637bace221e733d95063cefcc23bd7e2e86a7d5d68cfad0a52ef736 CVE-2014-8146.patch -0fabe1dd15a3957dcf9ae32e053876e4bdc0348a9f5bfd9549d375a76f38a1691836a2cad26bc26ac26b39487cc5924b2b8e0dbc280cee1141d49d379dfa173b CVE-2014-8147.patch" +0fabe1dd15a3957dcf9ae32e053876e4bdc0348a9f5bfd9549d375a76f38a1691836a2cad26bc26ac26b39487cc5924b2b8e0dbc280cee1141d49d379dfa173b CVE-2014-8147.patch +129ff2e3f12bbce46bfaee13660348fe28a0665b19c27af58484dc25a4ce25cfc8bce3a3c4155bc5ff18fd8269d6e1f061dbbcb5679f285678167b8abcd1f809 CVE-2015-1270.patch" diff --git a/main/icu/CVE-2015-1270.patch b/main/icu/CVE-2015-1270.patch new file mode 100644 index 00000000000..57e128f7b33 --- /dev/null +++ b/main/icu/CVE-2015-1270.patch @@ -0,0 +1,18 @@ +Index: /icu/trunk/source/common/ucnv_io.cpp
+===================================================================
+--- source/common/ucnv_io.cpp (revision 37485)
++++ source/common/ucnv_io.cpp (revision 37486)
+@@ -2,5 +2,5 @@
+ ******************************************************************************
+ *
+-* Copyright (C) 1999-2013, International Business Machines
++* Copyright (C) 1999-2015, International Business Machines
+ * Corporation and others. All Rights Reserved.
+ *
+@@ -745,5 +745,5 @@
+ * again. This behaviour is similar to how ICU4J does it.
+ */
+- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
++ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
+ aliasTmp = aliasTmp+2;
+ } else {
|