diff options
author | spz <spz@pkgsrc.org> | 2019-02-13 20:51:57 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2019-02-13 20:51:57 +0000 |
commit | 68f4ceec4f37b7045b6b68b3cd198b70004e2c60 (patch) | |
tree | 7c163cfedab39ff552e05ff06cb7cde2db8dc76f /textproc/icu | |
parent | 79a6794fc056056002c3192c706e0380de0127fd (diff) | |
download | pkgsrc-68f4ceec4f37b7045b6b68b3cd198b70004e2c60.tar.gz |
add patch for CVE-2018-18928 from upstream
Diffstat (limited to 'textproc/icu')
-rw-r--r-- | textproc/icu/Makefile | 4 | ||||
-rw-r--r-- | textproc/icu/distinfo | 3 | ||||
-rw-r--r-- | textproc/icu/patches/patch-CVE-2018-18928 | 49 |
3 files changed, 53 insertions, 3 deletions
diff --git a/textproc/icu/Makefile b/textproc/icu/Makefile index 479e65ce92b..647c296b9f3 100644 --- a/textproc/icu/Makefile +++ b/textproc/icu/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.120 2018/12/18 15:23:07 kamil Exp $ +# $NetBSD: Makefile,v 1.121 2019/02/13 20:51:57 spz Exp $ DISTNAME= icu4c-63_1-src PKGNAME= ${DISTNAME:S/4c//:S/-src//:S/_/./g} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc MASTER_SITES= http://download.icu-project.org/files/icu4c/${PKGVERSION_NOREV}/ EXTRACT_SUFX= .tgz diff --git a/textproc/icu/distinfo b/textproc/icu/distinfo index 34441bf2d59..43e9322c5ea 100644 --- a/textproc/icu/distinfo +++ b/textproc/icu/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.80 2018/12/11 10:15:55 abs Exp $ +$NetBSD: distinfo,v 1.81 2019/02/13 20:51:57 spz Exp $ SHA1 (icu4c-63_1-src.tgz) = ad523232f19af1c698c6489f8e15f7e9824f1662 RMD160 (icu4c-63_1-src.tgz) = 5c895a6e2b135978df59e135ed772747aec0065f SHA512 (icu4c-63_1-src.tgz) = 9ab407ed840a00cdda7470dcc4c40299a125ad246ae4d019c4b1ede54781157fd63af015a8228cd95dbc47e4d15a0932b2c657489046a19788e5e8266eac079c Size (icu4c-63_1-src.tgz) = 23746939 bytes +SHA1 (patch-CVE-2018-18928) = 74e8248c215bcb5ca98a63d161dc5516531a83b3 SHA1 (patch-Makefile.in) = 67440d3af9b62b8c0be258c490255ba17f778ab4 SHA1 (patch-acinclude.m4) = f7de1a16aad0ca77c4bbc457ba76b6171199ce09 SHA1 (patch-common_putil.cpp) = 6aa70b8698d663d3c798bafd9010a824c9609c20 diff --git a/textproc/icu/patches/patch-CVE-2018-18928 b/textproc/icu/patches/patch-CVE-2018-18928 new file mode 100644 index 00000000000..41ab02ffe77 --- /dev/null +++ b/textproc/icu/patches/patch-CVE-2018-18928 @@ -0,0 +1,49 @@ +$NetBSD: patch-CVE-2018-18928,v 1.1 2019/02/13 20:51:57 spz Exp $ + +fix for CVE-2018-18928 from +https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51 + +--- i18n/fmtable.cpp.orig 2018-09-29 00:34:42.000000000 +0000 ++++ i18n/fmtable.cpp +@@ -734,7 +734,7 @@ CharString *Formattable::internalGetChar + // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). + if (fDecimalQuantity->isZero()) { + fDecimalStr->append("0", -1, status); +- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { ++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); + } else { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); + +--- i18n/number_decimalquantity.cpp.orig 2018-10-01 22:39:56.000000000 +0000 ++++ i18n/number_decimalquantity.cpp +@@ -820,7 +820,10 @@ UnicodeString DecimalQuantity::toScienti + } + result.append(u'E'); + int32_t _scale = upperPos + scale; +- if (_scale < 0) { ++ if (_scale == INT32_MIN) { ++ result.append({u"-2147483648", -1}); ++ return result; ++ } else if (_scale < 0) { + _scale *= -1; + result.append(u'-'); + } else { + +--- test/intltest/numfmtst.cpp.orig 2018-10-01 22:39:56.000000000 +0000 ++++ test/intltest/numfmtst.cpp +@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_Scienti + assertEquals(u"Should not overflow and should parse only the first exponent", + u"1E-2147483647", + {sp.data(), sp.length(), US_INV}); ++ ++ // Test edge case overflow of exponent ++ result = Formattable(); ++ nf->parse(u".0003e-2147483644", result, status); ++ sp = result.getDecimalNumber(status); ++ assertEquals(u"Should not overflow", ++ u"3E-2147483648", ++ {sp.data(), sp.length(), US_INV}); + } + + void NumberFormatTest::Test13840_ParseLongStringCrash() { |