summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-10-12 07:37:23 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-10-12 11:09:30 +0000
commite86e30788cfe889e9a7133713578da75083701b7 (patch)
tree25c928f6044d08c24af3d2b7b9d9d339b067d1fc
parent52ed476a6b470d0475f39ae277a0376568a2beb0 (diff)
main/icu: security fix for CVE-2015-1270
ref #4677 fixes #4682
Diffstat
-rw-r--r--main/icu/APKBUILD12
-rw-r--r--main/icu/CVE-2015-1270.patch18
2 files changed, 26 insertions, 4 deletions
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD
index b6d9416d641..4196f985032 100644
--- a/main/icu/APKBUILD
+++ b/main/icu/APKBUILD
@@ -5,7 +5,7 @@ pkgver=52.1
# convert x.y.z to x_y_z
_ver=${pkgver//./_}
-pkgrel=1
+pkgrel=2
pkgdesc="International Components for Unicode library"
url="http://www.icu-project.org/"
arch="all"
@@ -17,6 +17,7 @@ source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver
icu-timezone.patch
CVE-2014-8146.patch
CVE-2014-8147.patch
+ CVE-2015-1270.patch
"
_builddir="$srcdir"/icu/source
@@ -72,12 +73,15 @@ libs() {
md5sums="9e96ed4c1d99c0d14ac03c140f9f346c icu4c-52_1-src.tgz
7c5d8b8105c26afa78fa4300bb4bed48 icu-timezone.patch
59b258e7dedf329faa270d7c56efec59 CVE-2014-8146.patch
-e3a1beeff61e786176225bfd8883263c CVE-2014-8147.patch"
+e3a1beeff61e786176225bfd8883263c CVE-2014-8147.patch
+a96d030215717af9f86df767dad18c9d CVE-2015-1270.patch"
sha256sums="2f4d5e68d4698e87759dbdc1a586d053d96935787f79961d192c477b029d8092 icu4c-52_1-src.tgz
b5bff5392e5c6b8bacd8f06fd32bff08688c7884bd33ffc10ef4338f621c6ef5 icu-timezone.patch
ab82594942d372d6ae54c76a687d9388cc8f53b86360d6b11899ade7d8c28a3e CVE-2014-8146.patch
-6c7425c89a3699899420b0b4b81bb2f4dfd982454d2cd730bac6729742c82465 CVE-2014-8147.patch"
+6c7425c89a3699899420b0b4b81bb2f4dfd982454d2cd730bac6729742c82465 CVE-2014-8147.patch
+ab91523197421856caa4dfd2d0540901d098d1a470a7b3d8fec1986f0ad0f305 CVE-2015-1270.patch"
sha512sums="5300b1d97340850d3d72af220ff5cbc2ae2820aff4367b60e52f17ead9831011dcda3d4c5af57c899d47b6fc964b23c9c8922954b32d314d669eb1a479a2efb0 icu4c-52_1-src.tgz
fc424cf0b78c9dcdea309e161b4ead3537207dc1b0ef8a2b0d824360a261f7b358cc0261e8c9e74f61244b67db106c92902ff63fcbaabf31d701d38e37a8e658 icu-timezone.patch
fecf44dd06701978014779f791c6b10c3544a3bc8d9f1fda4f7f93adff84f31361b128e61637bace221e733d95063cefcc23bd7e2e86a7d5d68cfad0a52ef736 CVE-2014-8146.patch
-0fabe1dd15a3957dcf9ae32e053876e4bdc0348a9f5bfd9549d375a76f38a1691836a2cad26bc26ac26b39487cc5924b2b8e0dbc280cee1141d49d379dfa173b CVE-2014-8147.patch"
+0fabe1dd15a3957dcf9ae32e053876e4bdc0348a9f5bfd9549d375a76f38a1691836a2cad26bc26ac26b39487cc5924b2b8e0dbc280cee1141d49d379dfa173b CVE-2014-8147.patch
+129ff2e3f12bbce46bfaee13660348fe28a0665b19c27af58484dc25a4ce25cfc8bce3a3c4155bc5ff18fd8269d6e1f061dbbcb5679f285678167b8abcd1f809 CVE-2015-1270.patch"
diff --git a/main/icu/CVE-2015-1270.patch b/main/icu/CVE-2015-1270.patch
new file mode 100644
index 00000000000..57e128f7b33
--- /dev/null
+++ b/main/icu/CVE-2015-1270.patch
@@ -0,0 +1,18 @@
+Index: /icu/trunk/source/common/ucnv_io.cpp
+===================================================================
+--- source/common/ucnv_io.cpp (revision 37485)
++++ source/common/ucnv_io.cpp (revision 37486)
+@@ -2,5 +2,5 @@
+ ******************************************************************************
+ *
+-* Copyright (C) 1999-2013, International Business Machines
++* Copyright (C) 1999-2015, International Business Machines
+ * Corporation and others. All Rights Reserved.
+ *
+@@ -745,5 +745,5 @@
+ * again. This behaviour is similar to how ICU4J does it.
+ */
+- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
++ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
+ aliasTmp = aliasTmp+2;
+ } else {
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-19 06:50:20 +0000