From 2a47152a439b9747205655ca71541a917bbc6157 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Tue, 10 Jan 2012 14:28:39 +0000 Subject: main/icu: security fix (CVE-2011-4599) fixes #908 --- main/icu/APKBUILD | 6 ++++-- main/icu/cve-2011-4599.patch | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 main/icu/cve-2011-4599.patch (limited to 'main') diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD index 3ae127d8ab..948c581ec9 100644 --- a/main/icu/APKBUILD +++ b/main/icu/APKBUILD @@ -5,7 +5,7 @@ pkgver=4.8.1.1 # convert x.y.z to x_y_z _ver=${pkgver//./_} -pkgrel=0 +pkgrel=1 pkgdesc="International Components for Unicode library" url="http://www.icu-project.org/" arch="all" @@ -14,6 +14,7 @@ subpackages="$pkgname-dev $pkgname-doc" depends= makedepends= source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz + cve-2011-4599.patch " _builddir="$srcdir"/icu/source @@ -52,4 +53,5 @@ package() { install -Dm644 "$srcdir"/icu/license.html \ "$pkgdir"/usr/share/licenses/icu/license.html } -md5sums="ea93970a0275be6b42f56953cd332c17 icu4c-4_8_1_1-src.tgz" +md5sums="ea93970a0275be6b42f56953cd332c17 icu4c-4_8_1_1-src.tgz +f6798a48ee00015e2d5351a3c7a3bafe cve-2011-4599.patch" diff --git a/main/icu/cve-2011-4599.patch b/main/icu/cve-2011-4599.patch new file mode 100644 index 0000000000..4243370c9a --- /dev/null +++ b/main/icu/cve-2011-4599.patch @@ -0,0 +1,20 @@ +--- ./common/uloc.c.orig ++++ ./common/uloc.c +@@ -1797,7 +1797,7 @@ + int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n); + len -= variantLen; + if (variantLen > 0) { +- if (name[len-1] == '_') { /* delete trailing '_' */ ++ if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ + --len; + } + addKeyword = VARIANT_MAP[j].keyword; +@@ -1805,7 +1805,7 @@ + break; + } + } +- if (name[len-1] == '_') { /* delete trailing '_' */ ++ if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ + --len; + } + } -- cgit v1.2.3