diff --git a/icu.spec b/icu.spec index 95d6c81..5beef02 100644 --- a/icu.spec +++ b/icu.spec @@ -2,7 +2,7 @@ Name: icu Version: 62.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: International Components for Unicode License: MIT and UCD and Public Domain @@ -17,6 +17,7 @@ Requires: lib%{name}%{?_isa} = %{version}-%{release} Patch4: gennorm2-man.patch Patch5: icuinfo-man.patch +Patch6: rhbz1646703-icu4c-ICU-20246-integer-overflow.patch Patch100: armv7hl-disable-tests.patch %description @@ -60,6 +61,7 @@ BuildArch: noarch %setup -q -n %{name} %patch4 -p1 -b .gennorm2-man.patch %patch5 -p1 -b .icuinfo-man.patch +%patch6 -p2 -b .rhbz1646703-icu4c-ICU-20246-integer-overflow.patch %ifarch armv7hl %patch100 -p1 -b .armv7hl-disable-tests.patch %endif @@ -187,6 +189,9 @@ LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:$LD_LIBRARY_PATH bin/uconv -l %changelog +* Tue Nov 06 2018 Eike Rathke - 62.1-3 +- Resolves: rhbz#1646703 CVE-2018-18928 + * Fri Jul 13 2018 Fedora Release Engineering - 62.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/rhbz1646703-icu4c-ICU-20246-integer-overflow.patch b/rhbz1646703-icu4c-ICU-20246-integer-overflow.patch new file mode 100644 index 0000000..3debd3f --- /dev/null +++ b/rhbz1646703-icu4c-ICU-20246-integer-overflow.patch @@ -0,0 +1,50 @@ +From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001 +From: Shane Carr +Date: Mon, 29 Oct 2018 23:52:44 -0700 +Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing. + +--- + icu4c/source/i18n/fmtable.cpp | 2 +- + icu4c/source/i18n/number_decimalquantity.cpp | 5 ++++- + icu4c/source/test/intltest/numfmtst.cpp | 8 ++++++++ + .../icu/impl/number/DecimalQuantity_AbstractBCD.java | 5 ++++- + .../impl/number/DecimalQuantity_DualStorageBCD.java | 10 +++++++++- + .../com/ibm/icu/dev/test/format/NumberFormatTest.java | 5 +++++ + 6 files changed, 31 insertions(+), 4 deletions(-) + +erAck: +* obviously removed the icu4j *.java patch parts +* stripped the icu4c/source/test/intltest/numfmtst.cpp part because it + added code to a test that does not exist yet in ICU 62.1 + * TODO: when upgrading to ICU 63.1 add that back in from + https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51.patch + +diff --git a/icu4c/source/i18n/fmtable.cpp b/icu4c/source/i18n/fmtable.cpp +index 45c7024fc29..8601d95f4a6 100644 +--- a/icu4c/source/i18n/fmtable.cpp ++++ b/icu4c/source/i18n/fmtable.cpp +@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) { + // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). + if (fDecimalQuantity->isZero()) { + fDecimalStr->append("0", -1, status); +- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { ++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); + } else { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); +diff --git a/icu4c/source/i18n/number_decimalquantity.cpp b/icu4c/source/i18n/number_decimalquantity.cpp +index 47b930a564b..d5dd7ae694c 100644 +--- a/icu4c/source/i18n/number_decimalquantity.cpp ++++ b/icu4c/source/i18n/number_decimalquantity.cpp +@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const { + } + result.append(u'E'); + int32_t _scale = upperPos + scale; +- if (_scale < 0) { ++ if (_scale == INT32_MIN) { ++ result.append({u"-2147483648", -1}); ++ return result; ++ } else if (_scale < 0) { + _scale *= -1; + result.append(u'-'); + } else {