CVE-2016-7415 Stack based buffer overflow in locid.cpp
---
main/icu/APKBUILD | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD
index a84f584f70..0cf163ecde 100644
--- a/main/icu/APKBUILD
+++ b/main/icu/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergey Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=icu
-pkgver=57.1
+pkgver=58.2
# convert x.y.z to x_y_z
_ver=${pkgver//./_}
@@ -15,19 +16,25 @@ depends=
makedepends=
source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz
icu-timezone.patch
- CVE-2016-6293.patch
"
# secfixes:
# 57.1-r1:
# - CVE-2016-6293
-_builddir="$srcdir"/icu/source
+builddir="$srcdir"/icu/source
prepare() {
- cd "$_builddir"
+ cd "$builddir"
update_config_sub || return 1
+ # strtod_l() is not supported by musl; also xlocale.h is missing
+ # It is not possible to disable its use via configure switches or env vars
+ # so monkey patching is needed. Idea was stollen from openembedded
+ # https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-support/icu/icu.inc#L30
+ sed -i -e 's,DU_HAVE_STRTOD_L=1,DU_HAVE_STRTOD_L=0,' configure.ac
+ sed -i -e 's,DU_HAVE_STRTOD_L=1,DU_HAVE_STRTOD_L=0,' configure
+
local x
# https://bugs.icu-project.org/trac/ticket/6102
for x in ARFLAGS CFLAGS CPPFLAGS CXXFLAGS FFLAGS LDFLAGS; do
@@ -46,7 +53,7 @@ prepare() {
}
build() {
- cd "$_builddir"
+ cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -60,7 +67,7 @@ build() {
}
package() {
- cd "$_builddir"
+ cd "$builddir"
make -j1 DESTDIR="$pkgdir" install || return 1
chmod +x "$pkgdir"/usr/bin/icu-config
install -Dm644 "$srcdir"/icu/license.html \
@@ -72,12 +79,9 @@ libs() {
replaces="icu"
}
-md5sums="976734806026a4ef8bdd17937c8898b9 icu4c-57_1-src.tgz
-2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch
-7e65666fd48718440d819748118834ba CVE-2016-6293.patch"
-sha256sums="ff8c67cb65949b1e7808f2359f2b80f722697048e90e7cfc382ec1fe229e9581 icu4c-57_1-src.tgz
-1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch
-4b7322fa2d222bf20e74f8fb5d31f3ee44f214fc4b17e60dd89cc6252348435e CVE-2016-6293.patch"
-sha512sums="a3c701e9c81622db545bcf93f315c7b13159750f43f009d0aec59ceae3a8e1ccb751826d4b8a7387aca47f38bff2a85816b1a123b07d2bf731558c7b66e47b8a icu4c-57_1-src.tgz
-40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch
-8fba91b583896c52c12a0c8327f12fb77826779e453f91752826143bfdd5d2a2abe8db9836cdb6e12bcd31b9c683c00163e7c787807209d2e87ee8558d6293fb CVE-2016-6293.patch"
+md5sums="fac212b32b7ec7ab007a12dff1f3aea1 icu4c-58_2-src.tgz
+2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch"
+sha256sums="2b0a4410153a9b20de0e20c7d8b66049a72aef244b53683d0d7521371683da0c icu4c-58_2-src.tgz
+1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch"
+sha512sums="5c21af748f48b392e6c0412bd0aee92162ea931820dcbfab4ec6e0299868504b303d88f7586cc95de55c777ac0dca3a29d6c8ca0892c646ebc864c8a5b5a162a icu4c-58_2-src.tgz
+40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch"
--
2.11.0
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---