From 6dcc8239be807d7e96b3425310e0f565ed5218b8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 24 Oct 2017 12:25:45 -0400 Subject: [PATCH] gnu: icu4c: Fix CVE-2017-14952. * gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. (icu4c-fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/icu4c.scm | 10 ++++++++++ .../patches/icu4c-CVE-2017-14952.patch | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 gnu/packages/patches/icu4c-CVE-2017-14952.patch diff --git a/gnu/local.mk b/gnu/local.mk index 6b70300fff..d02b250727 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -734,6 +734,7 @@ dist_patch_DATA = \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ + %D%/packages/patches/icu4c-CVE-2017-14952.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 3461285850..55bc9f2035 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -32,6 +32,7 @@ (define-module (gnu packages icu4c) (define-public icu4c (package (name "icu4c") + (replacement icu4c-fixed) (version "58.2") (source (origin (method url-fetch) @@ -70,6 +71,15 @@ (define-public icu4c (license x11) (home-page "http://site.icu-project.org/"))) +(define icu4c-fixed + (package + (inherit icu4c) + (source (origin + (inherit (package-source icu4c)) + (patches (append + (origin-patches (package-source icu4c)) + (search-patches "icu4c-CVE-2017-14952.patch"))))))) + (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch new file mode 100644 index 0000000000..564f69d01d --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch @@ -0,0 +1,18 @@ +Fix CVE-2017-14952: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 + +Patch copied from upstream source repository: + +http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 + +Index: trunk/icu4c/source/i18n/zonemeta.cpp +=================================================================== +--- icu/source/i18n/zonemeta.cpp (revision 40283) ++++ icu/source/i18n/zonemeta.cpp (revision 40324) +@@ -691,5 +691,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break;