pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/icu
Module Name: pkgsrc
Committed By: spz
Date: Wed Feb 13 20:51:57 UTC 2019
Modified Files:
pkgsrc/textproc/icu: Makefile distinfo
Added Files:
pkgsrc/textproc/icu/patches: patch-CVE-2018-18928
Log Message:
add patch for CVE-2018-18928 from upstream
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/textproc/icu/Makefile
cvs rdiff -u -r1.80 -r1.81 pkgsrc/textproc/icu/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/icu/patches/patch-CVE-2018-18928
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/icu/Makefile
diff -u pkgsrc/textproc/icu/Makefile:1.120 pkgsrc/textproc/icu/Makefile:1.121
--- pkgsrc/textproc/icu/Makefile:1.120 Tue Dec 18 15:23:07 2018
+++ pkgsrc/textproc/icu/Makefile Wed Feb 13 20:51:57 2019
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.120 2018/12/18 15:23:07 kamil Exp $
+# $NetBSD: Makefile,v 1.121 2019/02/13 20:51:57 spz Exp $
DISTNAME= icu4c-63_1-src
PKGNAME= ${DISTNAME:S/4c//:S/-src//:S/_/./g}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= textproc
MASTER_SITES= http://download.icu-project.org/files/icu4c/${PKGVERSION_NOREV}/
EXTRACT_SUFX= .tgz
Index: pkgsrc/textproc/icu/distinfo
diff -u pkgsrc/textproc/icu/distinfo:1.80 pkgsrc/textproc/icu/distinfo:1.81
--- pkgsrc/textproc/icu/distinfo:1.80 Tue Dec 11 10:15:55 2018
+++ pkgsrc/textproc/icu/distinfo Wed Feb 13 20:51:57 2019
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.80 2018/12/11 10:15:55 abs Exp $
+$NetBSD: distinfo,v 1.81 2019/02/13 20:51:57 spz Exp $
SHA1 (icu4c-63_1-src.tgz) = ad523232f19af1c698c6489f8e15f7e9824f1662
RMD160 (icu4c-63_1-src.tgz) = 5c895a6e2b135978df59e135ed772747aec0065f
SHA512 (icu4c-63_1-src.tgz) = 9ab407ed840a00cdda7470dcc4c40299a125ad246ae4d019c4b1ede54781157fd63af015a8228cd95dbc47e4d15a0932b2c657489046a19788e5e8266eac079c
Size (icu4c-63_1-src.tgz) = 23746939 bytes
+SHA1 (patch-CVE-2018-18928) = 74e8248c215bcb5ca98a63d161dc5516531a83b3
SHA1 (patch-Makefile.in) = 67440d3af9b62b8c0be258c490255ba17f778ab4
SHA1 (patch-acinclude.m4) = f7de1a16aad0ca77c4bbc457ba76b6171199ce09
SHA1 (patch-common_putil.cpp) = 6aa70b8698d663d3c798bafd9010a824c9609c20
Added files:
Index: pkgsrc/textproc/icu/patches/patch-CVE-2018-18928
diff -u /dev/null pkgsrc/textproc/icu/patches/patch-CVE-2018-18928:1.1
--- /dev/null Wed Feb 13 20:51:57 2019
+++ pkgsrc/textproc/icu/patches/patch-CVE-2018-18928 Wed Feb 13 20:51:57 2019
@@ -0,0 +1,49 @@
+$NetBSD: patch-CVE-2018-18928,v 1.1 2019/02/13 20:51:57 spz Exp $
+
+fix for CVE-2018-18928 from
+https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
+
+--- i18n/fmtable.cpp.orig 2018-09-29 00:34:42.000000000 +0000
++++ i18n/fmtable.cpp
+@@ -734,7 +734,7 @@ CharString *Formattable::internalGetChar
+ // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?).
+ if (fDecimalQuantity->isZero()) {
+ fDecimalStr->append("0", -1, status);
+- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) {
++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) {
+ fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status);
+ } else {
+ fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status);
+
+--- i18n/number_decimalquantity.cpp.orig 2018-10-01 22:39:56.000000000 +0000
++++ i18n/number_decimalquantity.cpp
+@@ -820,7 +820,10 @@ UnicodeString DecimalQuantity::toScienti
+ }
+ result.append(u'E');
+ int32_t _scale = upperPos + scale;
+- if (_scale < 0) {
++ if (_scale == INT32_MIN) {
++ result.append({u"-2147483648", -1});
++ return result;
++ } else if (_scale < 0) {
+ _scale *= -1;
+ result.append(u'-');
+ } else {
+
+--- test/intltest/numfmtst.cpp.orig 2018-10-01 22:39:56.000000000 +0000
++++ test/intltest/numfmtst.cpp
+@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_Scienti
+ assertEquals(u"Should not overflow and should parse only the first exponent",
+ u"1E-2147483647",
+ {sp.data(), sp.length(), US_INV});
++
++ // Test edge case overflow of exponent
++ result = Formattable();
++ nf->parse(u".0003e-2147483644", result, status);
++ sp = result.getDecimalNumber(status);
++ assertEquals(u"Should not overflow",
++ u"3E-2147483648",
++ {sp.data(), sp.length(), US_INV});
+ }
+
+ void NumberFormatTest::Test13840_ParseLongStringCrash() {
Home |
Main Index |
Thread Index |
Old Index