[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270.
From: |
Mark H. Weaver |
Subject: |
01/01: gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270. |
Date: |
Sun, 20 Sep 2015 01:36:16 +0000 |
mhw pushed a commit to branch core-updates
in repository guix.
commit 65d54af49f31a808a8481f34a95887eba4c8bb57
Author: Mark H Weaver <address@hidden>
Date: Sat Sep 19 21:35:18 2015 -0400
gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270.
* gnu/packages/patches/icu4c-CVE-2014-6585.patch,
gnu/packages/patches/icu4c-CVE-2015-1270.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/icu4c.scm (icu4c)[source]: Add patches.
---
gnu-system.am | 2 ++
gnu/packages/icu4c.scm | 4 +++-
gnu/packages/patches/icu4c-CVE-2014-6585.patch | 21 +++++++++++++++++++++
gnu/packages/patches/icu4c-CVE-2015-1270.patch | 15 +++++++++++++++
4 files changed, 41 insertions(+), 1 deletions(-)
diff --git a/gnu-system.am b/gnu-system.am
index 8fa25d2..9decf3e 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -504,6 +504,8 @@ dist_patch_DATA =
\
gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \
gnu/packages/patches/icecat-freetype-2.6.patch \
gnu/packages/patches/icecat-libvpx-1.4.patch \
+ gnu/packages/patches/icu4c-CVE-2014-6585.patch \
+ gnu/packages/patches/icu4c-CVE-2015-1270.patch \
gnu/packages/patches/icu4c-CVE-2015-4760.patch \
gnu/packages/patches/imagemagick-test-segv.patch \
gnu/packages/patches/irrlicht-mesa-10.patch \
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 46e5d12..d442b5e 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -38,7 +38,9 @@
"-src.tgz"))
(sha256
(base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
- (patches (list (search-patch "icu4c-CVE-2015-4760.patch")))))
+ (patches (map search-patch '("icu4c-CVE-2014-6585.patch"
+ "icu4c-CVE-2015-1270.patch"
+ "icu4c-CVE-2015-4760.patch")))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch
b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
new file mode 100644
index 0000000..d21a0d0
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
@@ -0,0 +1,21 @@
+Copied from Debian.
+
+description: out-of-bounds read
+origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
+
+--- a/source/layout/LETableReference.h
++++ b/source/layout/LETableReference.h
+@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
+ }
+
+ const T& operator()(le_uint32 i, LEErrorCode &success) const {
+- return *getAlias(i,success);
++ const T *ret = getAlias(i,success);
++ if (LE_FAILURE(success) || ret==NULL) {
++ return *(new T());
++ } else {
++ return *ret;
++ }
+ }
+
+ size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
diff --git a/gnu/packages/patches/icu4c-CVE-2015-1270.patch
b/gnu/packages/patches/icu4c-CVE-2015-1270.patch
new file mode 100644
index 0000000..2a7658d
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2015-1270.patch
@@ -0,0 +1,15 @@
+Copied from Debian.
+
+diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp
+index 5dd35d8..4424664 100644
+--- a/source/common/ucnv_io.cpp
++++ b/source/common/ucnv_io.cpp
+@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool
*containsOption, UErrorCode *p
+ * the name begins with 'x-'. If it does, strip it off and try
+ * again. This behaviour is similar to how ICU4J does it.
+ */
+- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
++ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
+ aliasTmp = aliasTmp+2;
+ } else {
+ break;