rpms/mingw-icu
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2013-2924 (RHBZ #1015595)

Browse Source
This commit is contained in:
Erik van Pienbroek 2014-05-29 16:33:13 +02:00
parent 917ce748f9
commit ecbc40f40b
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
icu.10318.CVE-2013-2924_changeset_34076.patch Normal file
View File

@ -0,0 +1,36 @@
Index: /icu/trunk/source/i18n/csrucode.cpp
===================================================================
--- orig.icu/source/i18n/csrucode.cpp (revision 34075)
+++ icu/source/i18n/csrucode.cpp (revision 34076)
@@ -1,5 +1,5 @@
/*
**********************************************************************
- * Copyright (C) 2005-2012, International Business Machines
+ * Copyright (C) 2005-2013, International Business Machines
* Corporation and others. All Rights Reserved.
**********************************************************************
@@ -34,6 +34,7 @@
const uint8_t *input = textIn->fRawInput;
int32_t confidence = 0;
+ int32_t length = textIn->fRawLength;
- if (input[0] == 0xFE && input[1] == 0xFF) {
+ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
confidence = 100;
}
@@ -58,6 +59,7 @@
const uint8_t *input = textIn->fRawInput;
int32_t confidence = 0;
+ int32_t length = textIn->fRawLength;
- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
+ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
confidence = 100;
}
@@ -82,5 +84,5 @@
int32_t confidence = 0;
- if (getChar(input, 0) == 0x0000FEFFUL) {
+ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
hasBOM = TRUE;
}

5
mingw-icu.spec
View File

@ -17,6 +17,7 @@ BuildArch: noarch
Patch0: icu4c-4_6_1-crossbuild.patch
Patch1: icu4c-4_6_1-use-correct-genccode-assembly-on-win32-and-win64.patch
Patch2: icu4c-4_6_1-mingw-w64-mkdir-compatibility.patch
Patch3: icu.10318.CVE-2013-2924_changeset_34076.patch
BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc
@ -77,6 +78,7 @@ line, and sentence breaking, etc.
%patch0 -p1 -b .crossbuild
%patch1 -p1 -b .genccode
%patch2 -p1 -b .mingw-w64
%patch3 -p1 -b .CVE-2013-2924
# Needed for patch1
pushd source
@ -232,6 +234,9 @@ rm -fr $RPM_BUILD_ROOT%{mingw64_libdir}/icu/pkgdata.inc
%changelog
* Thu May 29 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 50.1.2-3
- Fix CVE-2013-2924 (RHBZ #1015595)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 50.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild