me/guix
Archived
1
0
Fork 0
Code Activity

gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270.

Browse source 
* gnu/packages/patches/icu4c-CVE-2014-6585.patch,
  gnu/packages/patches/icu4c-CVE-2015-1270.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/icu4c.scm (icu4c)[source]: Add patches.
This commit is contained in:
Mark H Weaver 2015-09-19 21:35:18 -04:00
parent 257abebba3
commit 65d54af49f
4 changed files with 41 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
gnu-system.am
View file

@ -504,6 +504,8 @@ dist_patch_DATA = \
gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \ gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \
gnu/packages/patches/icecat-freetype-2.6.patch \ gnu/packages/patches/icecat-freetype-2.6.patch \
gnu/packages/patches/icecat-libvpx-1.4.patch \ gnu/packages/patches/icecat-libvpx-1.4.patch \
gnu/packages/patches/icu4c-CVE-2014-6585.patch \
gnu/packages/patches/icu4c-CVE-2015-1270.patch \
gnu/packages/patches/icu4c-CVE-2015-4760.patch \ gnu/packages/patches/icu4c-CVE-2015-4760.patch \
gnu/packages/patches/imagemagick-test-segv.patch \ gnu/packages/patches/imagemagick-test-segv.patch \
gnu/packages/patches/irrlicht-mesa-10.patch \ gnu/packages/patches/irrlicht-mesa-10.patch \

4
gnu/packages/icu4c.scm
View file

@ -38,7 +38,9 @@
"-src.tgz")) "-src.tgz"))
(sha256 (sha256
(base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1")) (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
(patches (list (search-patch "icu4c-CVE-2015-4760.patch"))))) (patches (map search-patch '("icu4c-CVE-2014-6585.patch"
"icu4c-CVE-2015-1270.patch"
"icu4c-CVE-2015-4760.patch")))))
(build-system gnu-build-system) (build-system gnu-build-system)
(inputs (inputs
`(("perl" ,perl))) `(("perl" ,perl)))

21
gnu/packages/patches/icu4c-CVE-2014-6585.patch Normal file
View file

@ -0,0 +1,21 @@
Copied from Debian.
description: out-of-bounds read
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
--- a/source/layout/LETableReference.h
+++ b/source/layout/LETableReference.h
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
}
const T& operator()(le_uint32 i, LEErrorCode &success) const {
- return *getAlias(i,success);
+ const T *ret = getAlias(i,success);
+ if (LE_FAILURE(success) || ret==NULL) {
+ return *(new T());
+ } else {
+ return *ret;
+ }
}
size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {

15
gnu/packages/patches/icu4c-CVE-2015-1270.patch Normal file
View file

@ -0,0 +1,15 @@
Copied from Debian.
diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp
index 5dd35d8..4424664 100644
--- a/source/common/ucnv_io.cpp
+++ b/source/common/ucnv_io.cpp
@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p
* the name begins with 'x-'. If it does, strip it off and try
* again. This behaviour is similar to how ICU4J does it.
*/
- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
+ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
aliasTmp = aliasTmp+2;
} else {
break;