diff options
author | Leo Famulari <leo@famulari.name> | 2017-10-24 12:25:45 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-10-24 13:10:35 -0400 |
commit | 6dcc8239be807d7e96b3425310e0f565ed5218b8 (patch) | |
tree | 60600fd5b1909340d0dd228b1b5ed3eee85fa2fc | |
parent | c330c27f7feea8172fa6881020a1425746bbb6a6 (diff) |
gnu: icu4c: Fix CVE-2017-14952.
* gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/icu4c.scm (icu4c)[replacement]: New field.
(icu4c-fixed): New variable.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/icu4c.scm | 10 | ||||
-rw-r--r-- | gnu/packages/patches/icu4c-CVE-2017-14952.patch | 18 |
3 files changed, 29 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 6b70300fff..d02b250727 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -734,6 +734,7 @@ dist_patch_DATA = \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ + %D%/packages/patches/icu4c-CVE-2017-14952.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 3461285850..55bc9f2035 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -32,6 +32,7 @@ (define-public icu4c (package (name "icu4c") + (replacement icu4c-fixed) (version "58.2") (source (origin (method url-fetch) @@ -70,6 +71,15 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) +(define icu4c-fixed + (package + (inherit icu4c) + (source (origin + (inherit (package-source icu4c)) + (patches (append + (origin-patches (package-source icu4c)) + (search-patches "icu4c-CVE-2017-14952.patch"))))))) + (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch new file mode 100644 index 0000000000..564f69d01d --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch @@ -0,0 +1,18 @@ +Fix CVE-2017-14952: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 + +Patch copied from upstream source repository: + +http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 + +Index: trunk/icu4c/source/i18n/zonemeta.cpp +=================================================================== +--- icu/source/i18n/zonemeta.cpp (revision 40283) ++++ icu/source/i18n/zonemeta.cpp (revision 40324) +@@ -691,5 +691,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break; |