diff --git a/gnu/local.mk b/gnu/local.mk index 6b70300fff..d02b250727 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -734,6 +734,7 @@ dist_patch_DATA = \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ + %D%/packages/patches/icu4c-CVE-2017-14952.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 3461285850..55bc9f2035 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -32,6 +32,7 @@ (define-public icu4c (package (name "icu4c") + (replacement icu4c-fixed) (version "58.2") (source (origin (method url-fetch) @@ -70,6 +71,15 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) +(define icu4c-fixed + (package + (inherit icu4c) + (source (origin + (inherit (package-source icu4c)) + (patches (append + (origin-patches (package-source icu4c)) + (search-patches "icu4c-CVE-2017-14952.patch"))))))) + (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch new file mode 100644 index 0000000000..564f69d01d --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch @@ -0,0 +1,18 @@ +Fix CVE-2017-14952: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 + +Patch copied from upstream source repository: + +http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 + +Index: trunk/icu4c/source/i18n/zonemeta.cpp +=================================================================== +--- icu/source/i18n/zonemeta.cpp (revision 40283) ++++ icu/source/i18n/zonemeta.cpp (revision 40324) +@@ -691,5 +691,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break;