Commit df6821fe authored by Natanael Copa's avatar Natanael Copa

main/icu: Security fix (CVE-2016-6293)

fixes #6145
parent 5dfc3609
......@@ -5,7 +5,7 @@ pkgver=57.1
# convert x.y.z to x_y_z
_ver=${pkgver//./_}
pkgrel=0
pkgrel=1
pkgdesc="International Components for Unicode library"
url="http://www.icu-project.org/"
arch="all"
......@@ -15,8 +15,13 @@ depends=
makedepends=
source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz
icu-timezone.patch
CVE-2016-6293.patch
"
# secfixes:
# 57.1-r1:
# - CVE-2016-6293
_builddir="$srcdir"/icu/source
prepare() {
......@@ -68,8 +73,11 @@ libs() {
}
md5sums="976734806026a4ef8bdd17937c8898b9 icu4c-57_1-src.tgz
2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch"
2c81d9c9a6ea0af5b7391e001f37a5e0 icu-timezone.patch
7e65666fd48718440d819748118834ba CVE-2016-6293.patch"
sha256sums="ff8c67cb65949b1e7808f2359f2b80f722697048e90e7cfc382ec1fe229e9581 icu4c-57_1-src.tgz
1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch"
1c3c432228ee254af7adc995d65b65a4c9dac3b868fe1e49fe588a0ffa55a158 icu-timezone.patch
4b7322fa2d222bf20e74f8fb5d31f3ee44f214fc4b17e60dd89cc6252348435e CVE-2016-6293.patch"
sha512sums="a3c701e9c81622db545bcf93f315c7b13159750f43f009d0aec59ceae3a8e1ccb751826d4b8a7387aca47f38bff2a85816b1a123b07d2bf731558c7b66e47b8a icu4c-57_1-src.tgz
40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch"
40489c36e28e160f08e045acab6c19cdb712ad3b7f87f67099deac7d579aaf13d8841cd3278a6bb0e998b5c34a378348a13fcc8bb14c9c4eb4f6adbd10d66825 icu-timezone.patch
8fba91b583896c52c12a0c8327f12fb77826779e453f91752826143bfdd5d2a2abe8db9836cdb6e12bcd31b9c683c00163e7c787807209d2e87ee8558d6293fb CVE-2016-6293.patch"
Index: /icu/trunk/source/common/ucnv_io.cpp
===================================================================
--- source/common/ucnv_io.cpp (revision 37485)
+++ source/common/ucnv_io.cpp (revision 37486)
@@ -2,5 +2,5 @@
******************************************************************************
*
-* Copyright (C) 1999-2013, International Business Machines
+* Copyright (C) 1999-2015, International Business Machines
* Corporation and others. All Rights Reserved.
*
@@ -745,5 +745,5 @@
* again. This behaviour is similar to how ICU4J does it.
*/
- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
+ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
aliasTmp = aliasTmp+2;
} else {
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment