Resolves: rhbz#1184811 CVE-2014-6585 CVE-2014-6591
This commit is contained in:
Eike Rathke
parent
83ea2ba32d
commit
e347d1a528
125
icu.changeset_37086.patch
Normal file
125
icu.changeset_37086.patch
Normal file
@ -0,0 +1,125 @@
|
||||
# https://ssl.icu-project.org/trac/changeset/37086
|
||||
|
||||
Index: icu/source/layout/ContextualSubstSubtables.cpp
|
||||
===================================================================
|
||||
--- icu/source/layout/ContextualSubstSubtables.cpp (revision 37085)
|
||||
+++ icu/source/layout/ContextualSubstSubtables.cpp (revision 37086)
|
||||
@@ -1,4 +1,4 @@
|
||||
/*
|
||||
- * (C) Copyright IBM Corp. 1998-2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. 1998-2015 - All Rights Reserved
|
||||
*
|
||||
*/
|
||||
@@ -467,4 +467,10 @@
|
||||
(const ChainSubClassRuleTable *) ((char *) chainSubClassSetTable + chainSubClassRuleTableOffset);
|
||||
le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount);
|
||||
+
|
||||
+ // TODO: Ticket #11557 - enable this check, originally from ticket #11525.
|
||||
+ // Depends on other, more extensive, changes.
|
||||
+ // LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
|
||||
+ if( LE_FAILURE(success) ) { return 0; }
|
||||
+
|
||||
le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1;
|
||||
const le_uint16 *inputClassArray = &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1];
|
||||
Index: icu/source/layout/CursiveAttachmentSubtables.cpp
|
||||
===================================================================
|
||||
--- icu/source/layout/CursiveAttachmentSubtables.cpp (revision 37085)
|
||||
+++ icu/source/layout/CursiveAttachmentSubtables.cpp (revision 37086)
|
||||
@@ -1,4 +1,4 @@
|
||||
/*
|
||||
- * (C) Copyright IBM Corp. 1998 - 2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. 1998 - 2015 - All Rights Reserved
|
||||
*
|
||||
*/
|
||||
@@ -21,5 +21,8 @@
|
||||
le_uint16 eeCount = SWAPW(entryExitCount);
|
||||
|
||||
- if (coverageIndex < 0 || coverageIndex >= eeCount) {
|
||||
+ LEReferenceToArrayOf<EntryExitRecord>
|
||||
+ entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex);
|
||||
+
|
||||
+ if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) {
|
||||
glyphIterator->setCursiveGlyph();
|
||||
return 0;
|
||||
Index: icu/source/layout/Features.cpp
|
||||
===================================================================
|
||||
--- icu/source/layout/Features.cpp (revision 37085)
|
||||
+++ icu/source/layout/Features.cpp (revision 37086)
|
||||
@@ -2,5 +2,5 @@
|
||||
* @(#)Features.cpp 1.4 00/03/15
|
||||
*
|
||||
- * (C) Copyright IBM Corp. 1998-2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. 1998-2015 - All Rights Reserved
|
||||
*
|
||||
*/
|
||||
@@ -16,4 +16,7 @@
|
||||
LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
|
||||
{
|
||||
+ LEReferenceToArrayOf<FeatureRecord>
|
||||
+ featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
|
||||
+
|
||||
if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
|
||||
return LEReferenceTo<FeatureTable>();
|
||||
Index: icu/source/layout/LETableReference.h
|
||||
===================================================================
|
||||
--- icu/source/layout/LETableReference.h (revision 37085)
|
||||
+++ icu/source/layout/LETableReference.h (revision 37086)
|
||||
@@ -2,5 +2,5 @@
|
||||
* -*- c++ -*-
|
||||
*
|
||||
- * (C) Copyright IBM Corp. and others 2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. and others 2015 - All Rights Reserved
|
||||
*
|
||||
* Range checking
|
||||
@@ -314,5 +314,10 @@
|
||||
|
||||
const T& getObject(le_uint32 i, LEErrorCode &success) const {
|
||||
- return *getAlias(i,success);
|
||||
+ const T *ret = getAlias(i, success);
|
||||
+ if (LE_FAILURE(success) || ret==NULL) {
|
||||
+ return *(new T(0));
|
||||
+ } else {
|
||||
+ return *ret;
|
||||
+ }
|
||||
}
|
||||
|
||||
Index: icu/source/layout/LigatureSubstSubtables.cpp
|
||||
===================================================================
|
||||
--- icu/source/layout/LigatureSubstSubtables.cpp (revision 37085)
|
||||
+++ icu/source/layout/LigatureSubstSubtables.cpp (revision 37086)
|
||||
@@ -1,4 +1,4 @@
|
||||
/*
|
||||
- * (C) Copyright IBM Corp. 1998-2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. 1998-2015 - All Rights Reserved
|
||||
*
|
||||
*/
|
||||
@@ -28,4 +28,7 @@
|
||||
const LigatureTable *ligTable = (const LigatureTable *) ((char *)ligSetTable + ligTableOffset);
|
||||
le_uint16 compCount = SWAPW(ligTable->compCount) - 1;
|
||||
+ LEReferenceToArrayOf<TTGlyphID>
|
||||
+ componentArrayRef(base, success, ligTable->componentArray, compCount);
|
||||
+ if (LE_FAILURE(success)) { return 0; }
|
||||
le_int32 startPosition = glyphIterator->getCurrStreamPosition();
|
||||
TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph);
|
||||
Index: icu/source/layout/MultipleSubstSubtables.cpp
|
||||
===================================================================
|
||||
--- icu/source/layout/MultipleSubstSubtables.cpp (revision 37085)
|
||||
+++ icu/source/layout/MultipleSubstSubtables.cpp (revision 37086)
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
*
|
||||
- * (C) Copyright IBM Corp. 1998-2013 - All Rights Reserved
|
||||
+ * (C) Copyright IBM Corp. 1998-2015 - All Rights Reserved
|
||||
*
|
||||
*/
|
||||
@@ -36,5 +36,10 @@
|
||||
le_int32 coverageIndex = getGlyphCoverage(base, glyph, success);
|
||||
le_uint16 seqCount = SWAPW(sequenceCount);
|
||||
+ LEReferenceToArrayOf<Offset>
|
||||
+ sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount);
|
||||
|
||||
+ if (LE_FAILURE(success)) {
|
||||
+ return 0;
|
||||
+ }
|
||||
if (coverageIndex >= 0 && coverageIndex < seqCount) {
|
||||
Offset sequenceTableOffset = SWAPW(sequenceTableOffsetArray[coverageIndex]);
|
||||
7
icu.spec
7
icu.spec
@ -1,6 +1,6 @@
|
||||
Name: icu
|
||||
Version: 54.1
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: International Components for Unicode
|
||||
Group: Development/Tools
|
||||
License: MIT and UCD and Public Domain
|
||||
@ -15,6 +15,7 @@ Patch2: icu.8800.freeserif.crash.patch
|
||||
Patch3: icu.7601.Indic-ccmp.patch
|
||||
Patch4: gennorm2-man.patch
|
||||
Patch5: icuinfo-man.patch
|
||||
Patch6: icu.changeset_37086.patch
|
||||
|
||||
%description
|
||||
Tools and utilities for developing with icu.
|
||||
@ -62,6 +63,7 @@ BuildArch: noarch
|
||||
%patch3 -p1 -b .icu7601.Indic-ccmp.patch
|
||||
%patch4 -p1 -b .gennorm2-man.patch
|
||||
%patch5 -p1 -b .icuinfo-man.patch
|
||||
%patch6 -p1 -b .icu.changeset_37086.patch
|
||||
|
||||
%build
|
||||
cd source
|
||||
@ -170,6 +172,9 @@ make %{?_smp_mflags} -C source check
|
||||
%doc source/__docs/%{name}/html/*
|
||||
|
||||
%changelog
|
||||
* Mon Mar 09 2015 Eike Rathke <erack@redhat.com> - 54.1-2
|
||||
- Resolves: rhbz#1184811 CVE-2014-6585 CVE-2014-6591
|
||||
|
||||
* Mon Jan 26 2015 Eike Rathke <erack@redhat.com> - 54.1-1
|
||||
- Resolves: rhbz#1185433 upgrade to upstream ICU 54.1
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user