summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-10-24 12:25:45 -0400
committerLeo Famulari <leo@famulari.name>2017-10-24 13:10:35 -0400
commit6dcc8239be807d7e96b3425310e0f565ed5218b8 (patch)
tree60600fd5b1909340d0dd228b1b5ed3eee85fa2fc
parentc330c27f7feea8172fa6881020a1425746bbb6a6 (diff)
gnu: icu4c: Fix CVE-2017-14952.
* gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. (icu4c-fixed): New variable.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/icu4c.scm10
-rw-r--r--gnu/packages/patches/icu4c-CVE-2017-14952.patch18
3 files changed, 29 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 6b70300fff..d02b250727 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -734,6 +734,7 @@ dist_patch_DATA = \
%D%/packages/patches/hydra-disable-darcs-test.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \
+ %D%/packages/patches/icu4c-CVE-2017-14952.patch \
%D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 3461285850..55bc9f2035 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,6 +32,7 @@
(define-public icu4c
(package
(name "icu4c")
+ (replacement icu4c-fixed)
(version "58.2")
(source (origin
(method url-fetch)
@@ -70,6 +71,15 @@ C/C++ part.")
(license x11)
(home-page "http://site.icu-project.org/")))
+(define icu4c-fixed
+ (package
+ (inherit icu4c)
+ (source (origin
+ (inherit (package-source icu4c))
+ (patches (append
+ (origin-patches (package-source icu4c))
+ (search-patches "icu4c-CVE-2017-14952.patch")))))))
+
(define-public java-icu4j
(package
(name "java-icu4j")
diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
new file mode 100644
index 0000000000..564f69d01d
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
@@ -0,0 +1,18 @@
+Fix CVE-2017-14952:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
+
+Index: trunk/icu4c/source/i18n/zonemeta.cpp
+===================================================================
+--- icu/source/i18n/zonemeta.cpp (revision 40283)
++++ icu/source/i18n/zonemeta.cpp (revision 40324)
+@@ -691,5 +691,4 @@
+ if (U_FAILURE(status)) {
+ delete mzMappings;
+- deleteOlsonToMetaMappingEntry(entry);
+ uprv_free(entry);
+ break;