diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-10-12 07:37:23 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-10-12 07:39:43 +0000 |
| commit | 4979be8d1a8b85e58bc4836a5844392625025576 (patch) | |
| tree | a1d1ec2e2298f0f86b3549582f405b571e5be6c3 | |
| parent | cc537cdb1d7fbece6d0a700831e2e0107e2d7047 (diff) | |
| download | aports-4979be8d1a8b85e58bc4836a5844392625025576.tar.bz2 aports-4979be8d1a8b85e58bc4836a5844392625025576.tar.xz | |
main/icu: security fix for CVE-2015-1270
| -rw-r--r-- | main/icu/APKBUILD | 12 | ||||
| -rw-r--r-- | main/icu/CVE-2015-1270.patch | 18 |
2 files changed, 26 insertions, 4 deletions
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD index 2caff3981f..621b6f6152 100644 --- a/main/icu/APKBUILD +++ b/main/icu/APKBUILD @@ -5,7 +5,7 @@ pkgver=55.1 # convert x.y.z to x_y_z _ver=${pkgver//./_} -pkgrel=1 +pkgrel=2 pkgdesc="International Components for Unicode library" url="http://www.icu-project.org/" arch="all" @@ -15,6 +15,7 @@ depends= makedepends= source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz icu-timezone.patch + CVE-2015-1270.patch " _builddir="$srcdir"/icu/source @@ -68,8 +69,11 @@ libs() { } md5sums="e2d523df79d6cb7855c2fbe284f4db29 icu4c-55_1-src.tgz -2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch" +2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch +a96d030215717af9f86df767dad18c9d CVE-2015-1270.patch" sha256sums="e16b22cbefdd354bec114541f7849a12f8fc2015320ca5282ee4fd787571457b icu4c-55_1-src.tgz -1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch" +1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch +ab91523197421856caa4dfd2d0540901d098d1a470a7b3d8fec1986f0ad0f305 CVE-2015-1270.patch" sha512sums="21a3eb2c3678cd27b659eed073f8f1bd99c9751291d077820e9a370fd90b7d9b3bf414cc03dec4acb7fa61087e02d04f9f40e91a32c5180c718e2102fbd0cd35 icu4c-55_1-src.tgz -40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch" +40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch +129ff2e3f12bbce46bfaee13660348fe28a0665b19c27af58484dc25a4ce25cfc8bce3a3c4155bc5ff18fd8269d6e1f061dbbcb5679f285678167b8abcd1f809 CVE-2015-1270.patch" diff --git a/main/icu/CVE-2015-1270.patch b/main/icu/CVE-2015-1270.patch new file mode 100644 index 0000000000..57e128f7b3 --- /dev/null +++ b/main/icu/CVE-2015-1270.patch @@ -0,0 +1,18 @@ +Index: /icu/trunk/source/common/ucnv_io.cpp
+===================================================================
+--- source/common/ucnv_io.cpp (revision 37485)
++++ source/common/ucnv_io.cpp (revision 37486)
+@@ -2,5 +2,5 @@
+ ******************************************************************************
+ *
+-* Copyright (C) 1999-2013, International Business Machines
++* Copyright (C) 1999-2015, International Business Machines
+ * Corporation and others. All Rights Reserved.
+ *
+@@ -745,5 +745,5 @@
+ * again. This behaviour is similar to how ICU4J does it.
+ */
+- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
++ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
+ aliasTmp = aliasTmp+2;
+ } else {
|