gnu: icu4c: Fix CVE-2017-14952.

* gnu/packages/patches/icu4c-CVE-2017-14952.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. (icu4c-fixed): New variable.
2017-10-24 12:25:45 -04:00 · 2017-10-24 12:25:45 -04:00 · 6dcc8239be
parent c330c27f7f
commit 6dcc8239be
3 changed files with 29 additions and 0 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -734,6 +734,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/hydra-disable-darcs-test.patch		\
  %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
  %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch	\
+  %D%/packages/patches/icu4c-CVE-2017-14952.patch		\
  %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch	\
  %D%/packages/patches/id3lib-CVE-2007-4460.patch			\
  %D%/packages/patches/ilmbase-fix-tests.patch			\
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@ -32,6 +32,7 @@
 (define-public icu4c
  (package
   (name "icu4c")
+   (replacement icu4c-fixed)
   (version "58.2")
   (source (origin
            (method url-fetch)
@ -70,6 +71,15 @@ C/C++ part.")
   (license x11)
   (home-page "http://site.icu-project.org/")))

+(define icu4c-fixed
+  (package
+    (inherit icu4c)
+    (source (origin
+              (inherit (package-source icu4c))
+              (patches (append
+                         (origin-patches (package-source icu4c))
+                         (search-patches "icu4c-CVE-2017-14952.patch")))))))
+
 (define-public java-icu4j
  (package
    (name "java-icu4j")
--- a/gnu/packages/patches/icu4c-CVE-2017-14952.patch
+++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
@ -0,0 +1,18 @@
+Fix CVE-2017-14952:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
+
+Index: trunk/icu4c/source/i18n/zonemeta.cpp
+===================================================================
+--- icu/source/i18n/zonemeta.cpp	(revision 40283)
+++ icu/source/i18n/zonemeta.cpp	(revision 40324)
+@@ -691,5 +691,4 @@
+                     if (U_FAILURE(status)) {
+                         delete mzMappings;
+-                        deleteOlsonToMetaMappingEntry(entry);
+                         uprv_free(entry);
+                         break;