main/icu: security fix (CVE-2011-4599)

fixes #908

2 files changed, 24 insertions, 2 deletions

diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD
index 3ae127d8a..948c581ec 100644
--- a/main/icu/APKBUILD
+++ b/main/icu/APKBUILD
@@ -5,7 +5,7 @@ pkgver=4.8.1.1
 # convert x.y.z to x_y_z
 _ver=${pkgver//./_}
 
-pkgrel=0
+pkgrel=1
 pkgdesc="International Components for Unicode library"
 url="http://www.icu-project.org/"
 arch="all"
@@ -14,6 +14,7 @@ subpackages="$pkgname-dev $pkgname-doc"
 depends=
 makedepends=
 source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz
+	cve-2011-4599.patch
 	"
 
 _builddir="$srcdir"/icu/source
@@ -52,4 +53,5 @@ package() {
 	install -Dm644 "$srcdir"/icu/license.html \
 		"$pkgdir"/usr/share/licenses/icu/license.html
 }
-md5sums="ea93970a0275be6b42f56953cd332c17  icu4c-4_8_1_1-src.tgz"
+md5sums="ea93970a0275be6b42f56953cd332c17  icu4c-4_8_1_1-src.tgz
+f6798a48ee00015e2d5351a3c7a3bafe  cve-2011-4599.patch"
diff --git a/main/icu/cve-2011-4599.patch b/main/icu/cve-2011-4599.patch
new file mode 100644
index 000000000..4243370c9
--- /dev/null
+++ b/main/icu/cve-2011-4599.patch
@@ -0,0 +1,20 @@
+--- ./common/uloc.c.orig
++++ ./common/uloc.c
+@@ -1797,7 +1797,7 @@
+                 int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n);
+                 len -= variantLen;
+                 if (variantLen > 0) {
+-                    if (name[len-1] == '_') { /* delete trailing '_' */
++                    if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */
+                         --len;
+                     }
+                     addKeyword = VARIANT_MAP[j].keyword;
+@@ -1805,7 +1805,7 @@
+                     break;
+                 }
+             }
+-            if (name[len-1] == '_') { /* delete trailing '_' */
++            if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */
+                 --len;
+             }
+         }