diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-10 14:28:39 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-10 14:36:25 +0000 |
commit | a9f1aa0785594722dbcebdf6b8c243a6c616a269 (patch) | |
tree | e2894799996126876a89f8d490d5dbc449d6bb36 | |
parent | db5342a8f067c8fa7f416df0b1bce672cb9de0ad (diff) | |
download | alpine_aports-a9f1aa0785594722dbcebdf6b8c243a6c616a269.tar.bz2 alpine_aports-a9f1aa0785594722dbcebdf6b8c243a6c616a269.tar.xz alpine_aports-a9f1aa0785594722dbcebdf6b8c243a6c616a269.zip |
main/icu: security fix (CVE-2011-4599)
fixes #909
(cherry picked from commit 2a47152a439b9747205655ca71541a917bbc6157)
Conflicts:
main/icu/APKBUILD
-rw-r--r-- | main/icu/APKBUILD | 18 | ||||
-rw-r--r-- | main/icu/cve-2011-4599.patch | 20 |
2 files changed, 26 insertions, 12 deletions
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD index 133c6fb058..948c581ec9 100644 --- a/main/icu/APKBUILD +++ b/main/icu/APKBUILD | |||
@@ -1,19 +1,11 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=icu | 2 | pkgname=icu |
3 | pkgver=4.8.1 | 3 | pkgver=4.8.1.1 |
4 | 4 | ||
5 | # convert x.y.z to x_y_z | 5 | # convert x.y.z to x_y_z |
6 | _x=${pkgver%%.*} | 6 | _ver=${pkgver//./_} |
7 | _y=${pkgver#$_x.} | ||
8 | _y=${_y%%.*} | ||
9 | _z=${pkgver#*.*.} | ||
10 | if [ "$_z" = "$pkgver" ]; then | ||
11 | _ver=${_x}_${_y} | ||
12 | else | ||
13 | _ver=${_x}_${_y}_${_z} | ||
14 | fi | ||
15 | 7 | ||
16 | pkgrel=0 | 8 | pkgrel=1 |
17 | pkgdesc="International Components for Unicode library" | 9 | pkgdesc="International Components for Unicode library" |
18 | url="http://www.icu-project.org/" | 10 | url="http://www.icu-project.org/" |
19 | arch="all" | 11 | arch="all" |
@@ -22,6 +14,7 @@ subpackages="$pkgname-dev $pkgname-doc" | |||
22 | depends= | 14 | depends= |
23 | makedepends= | 15 | makedepends= |
24 | source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz | 16 | source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz |
17 | cve-2011-4599.patch | ||
25 | " | 18 | " |
26 | 19 | ||
27 | _builddir="$srcdir"/icu/source | 20 | _builddir="$srcdir"/icu/source |
@@ -60,4 +53,5 @@ package() { | |||
60 | install -Dm644 "$srcdir"/icu/license.html \ | 53 | install -Dm644 "$srcdir"/icu/license.html \ |
61 | "$pkgdir"/usr/share/licenses/icu/license.html | 54 | "$pkgdir"/usr/share/licenses/icu/license.html |
62 | } | 55 | } |
63 | md5sums="af36f635271a239d76d038d6cf8da8df icu4c-4_8_1-src.tgz" | 56 | md5sums="ea93970a0275be6b42f56953cd332c17 icu4c-4_8_1_1-src.tgz |
57 | f6798a48ee00015e2d5351a3c7a3bafe cve-2011-4599.patch" | ||
diff --git a/main/icu/cve-2011-4599.patch b/main/icu/cve-2011-4599.patch new file mode 100644 index 0000000000..4243370c9a --- /dev/null +++ b/main/icu/cve-2011-4599.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | --- ./common/uloc.c.orig | ||
2 | +++ ./common/uloc.c | ||
3 | @@ -1797,7 +1797,7 @@ | ||
4 | int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n); | ||
5 | len -= variantLen; | ||
6 | if (variantLen > 0) { | ||
7 | - if (name[len-1] == '_') { /* delete trailing '_' */ | ||
8 | + if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ | ||
9 | --len; | ||
10 | } | ||
11 | addKeyword = VARIANT_MAP[j].keyword; | ||
12 | @@ -1805,7 +1805,7 @@ | ||
13 | break; | ||
14 | } | ||
15 | } | ||
16 | - if (name[len-1] == '_') { /* delete trailing '_' */ | ||
17 | + if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ | ||
18 | --len; | ||
19 | } | ||
20 | } | ||