CVE-2016-7415 Stack based buffer overflow in locid.cpp
---
main/icu/APKBUILD | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD
index a84f584f70..c7755041b0 100644
--- a/main/icu/APKBUILD
+++ b/main/icu/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergey Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=icu
-pkgver=57.1
+pkgver=58.1
# convert x.y.z to x_y_z
_ver=${pkgver//./_}
@@ -15,19 +16,25 @@ depends=
makedepends=
source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz
icu-timezone.patch
- CVE-2016-6293.patch
"
# secfixes:
# 57.1-r1:
# - CVE-2016-6293
-_builddir="$srcdir"/icu/source
+builddir="$srcdir"/icu/source
prepare() {
- cd "$_builddir"
+ cd "$builddir"
update_config_sub || return 1
+ # strtod_l() is not supported by musl; also xlocale.h is missing
+ # It is not possible to disable its use via configure switches or env vars
+ # so monkey patching is needed. Idea was stollen from openembedded
+ # https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-support/icu/icu.inc#L30
+ sed -i -e 's,DU_HAVE_STRTOD_L=1,DU_HAVE_STRTOD_L=0,' configure.ac
+ sed -i -e 's,DU_HAVE_STRTOD_L=1,DU_HAVE_STRTOD_L=0,' configure
+
local x
# https://bugs.icu-project.org/trac/ticket/6102
for x in ARFLAGS CFLAGS CPPFLAGS CXXFLAGS FFLAGS LDFLAGS; do
@@ -46,7 +53,7 @@ prepare() {
}
build() {
- cd "$_builddir"
+ cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -60,7 +67,7 @@ build() {
}
package() {
- cd "$_builddir"
+ cd "$builddir"
make -j1 DESTDIR="$pkgdir" install || return 1
chmod +x "$pkgdir"/usr/bin/icu-config
install -Dm644 "$srcdir"/icu/license.html \
@@ -72,12 +79,9 @@ libs() {
replaces="icu"
}
-md5sums="976734806026a4ef8bdd17937c8898b9 icu4c-57_1-src.tgz
-2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch
-7e65666fd48718440d819748118834ba CVE-2016-6293.patch"
-sha256sums="ff8c67cb65949b1e7808f2359f2b80f722697048e90e7cfc382ec1fe229e9581 icu4c-57_1-src.tgz
-1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch
-4b7322fa2d222bf20e74f8fb5d31f3ee44f214fc4b17e60dd89cc6252348435e CVE-2016-6293.patch"
-sha512sums="a3c701e9c81622db545bcf93f315c7b13159750f43f009d0aec59ceae3a8e1ccb751826d4b8a7387aca47f38bff2a85816b1a123b07d2bf731558c7b66e47b8a icu4c-57_1-src.tgz
-40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch
-8fba91b583896c52c12a0c8327f12fb77826779e453f91752826143bfdd5d2a2abe8db9836cdb6e12bcd31b9c683c00163e7c787807209d2e87ee8558d6293fb CVE-2016-6293.patch"
+md5sums="1901302aaff1c1633ef81862663d2917 icu4c-58_1-src.tgz
+2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch"
+sha256sums="0eb46ba3746a9c2092c8ad347a29b1a1b4941144772d13a88667a7b11ea30309 icu4c-58_1-src.tgz
+1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch"
+sha512sums="59b2a76834192a35125fda326587e613ef4486152cf0278c6f22568d4ae02c4b2d897efcea2654ef2b11bd1c3154aecd38cb68a70f69430736f343689f94c155 icu4c-58_1-src.tgz
+40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch"
--
2.11.0
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---