From 0006de77b5b32836130b7cc5c83f86a2dc6f139f Mon Sep 17 00:00:00 2001 From: Eike Rathke Date: Wed, 9 Oct 2013 17:27:41 +0200 Subject: [PATCH] Resolves: rhbz#1015594 CVE-2013-2924 use-after-free Added icu.10318.CVE-2013-2924_changeset_34076.patch from https://ssl.icu-project.org/trac/changeset/34076 assigned to https://ssl.icu-project.org/trac/ticket/10318 --- icu.10318.CVE-2013-2924_changeset_34076.patch | 36 +++++++++++++++++++ icu.spec | 7 +++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 icu.10318.CVE-2013-2924_changeset_34076.patch diff --git a/icu.10318.CVE-2013-2924_changeset_34076.patch b/icu.10318.CVE-2013-2924_changeset_34076.patch new file mode 100644 index 0000000..165d843 --- /dev/null +++ b/icu.10318.CVE-2013-2924_changeset_34076.patch @@ -0,0 +1,36 @@ +Index: /icu/trunk/source/i18n/csrucode.cpp +=================================================================== +--- orig.icu/source/i18n/csrucode.cpp (revision 34075) ++++ icu/source/i18n/csrucode.cpp (revision 34076) +@@ -1,5 +1,5 @@ + /* + ********************************************************************** +- * Copyright (C) 2005-2012, International Business Machines ++ * Copyright (C) 2005-2013, International Business Machines + * Corporation and others. All Rights Reserved. + ********************************************************************** +@@ -34,6 +34,7 @@ + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFE && input[1] == 0xFF) { ++ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) { + confidence = 100; + } +@@ -58,6 +59,7 @@ + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { ++ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { + confidence = 100; + } +@@ -82,5 +84,5 @@ + int32_t confidence = 0; + +- if (getChar(input, 0) == 0x0000FEFFUL) { ++ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) { + hasBOM = TRUE; + } diff --git a/icu.spec b/icu.spec index f58617b..fa0334c 100644 --- a/icu.spec +++ b/icu.spec @@ -1,6 +1,6 @@ Name: icu Version: 50.1.2 -Release: 8%{?dist} +Release: 9%{?dist} Summary: International Components for Unicode Group: Development/Tools License: MIT and UCD and Public Domain @@ -20,6 +20,7 @@ Patch4: icu.9948.mlym-crash.patch Patch5: gennorm2-man.patch Patch6: icuinfo-man.patch Patch7: icu.10143.memory.leak.crash.patch +Patch8: icu.10318.CVE-2013-2924_changeset_34076.patch %description Tools and utilities for developing with icu. @@ -70,6 +71,7 @@ BuildArch: noarch %patch5 -p1 -b .gennorm2-man.patch %patch6 -p1 -b .icuinfo-man.patch %patch7 -p1 -b .icu10143.memory.leak.crash.patch +%patch8 -p1 -b .icu10318.CVE-2013-2924_changeset_34076.patch %build cd source @@ -177,6 +179,9 @@ make %{?_smp_mflags} -C source check %doc source/__docs/%{name}/html/* %changelog +* Wed Oct 09 2013 Eike Rathke - 50.1.2-9 +- Resolves: rhbz#1015594 CVE-2013-2924 use-after-free + * Fri Oct 04 2013 Eike Rathke - 50.1.2-8 - added %{?_isa} to Requires for multi-arch systems