Hello community, here is the log from the commit of package icu for openSUSE:12.1:Update:Test checked in at 2012-01-13 18:26:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/icu (Old) and /work/SRC/openSUSE:12.1:Update:Test/.icu.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "icu", Maintainer is "gnome-maintainers@suse.de" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/icu/icu.changes 2012-01-13 18:30:01.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.icu.new/icu.changes 2012-01-13 18:37:02.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Jan 12 22:31:06 UTC 2012 - sshaw@decriptor.com + +- Add icu-CVE-2010-4409.patch to fix symbol value check + (bnc#657910) +- Fix out of bounds access (bnc#736146) + +------------------------------------------------------------------- New: ---- icu-CVE-2010-4409.patch icu-CVE-2011-4599.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icu.spec ++++++ --- /var/tmp/diff_new_pack.oSipIu/_old 2012-01-13 18:38:57.000000000 +0100 +++ /var/tmp/diff_new_pack.oSipIu/_new 2012-01-13 18:38:57.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package icu # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,10 @@ Source3: SuSEconfig.icu # PATCH-FIX-UPSTREAM icu44-rpmlint.diff -- http://bugs.icu-project.org/trac/ticket/7808 Patch1: icu44-rpmlint.diff +# PATCH-FIX-UPSTREAM bnc657910 icu-CVE-2010-4409.patch stshaw@suse.com -- Taken from ICU Changeset 29683 +Patch2: icu-CVE-2010-4409.patch +# PATCH-FIX-UPSTREAM bnc736146 icu-CVE-2011-4599.patch stshaw@suse.com -- canonicalize2.patch from ICU#8984 +Patch3: icu-CVE-2011-4599.patch # PATCH-FIX-OPENSUSE icu-remove-datetime.patch vuntz@novell.com -- Do not put date/time in icu-config (needed for build-compare) Patch99: icu-remove-datetime.patch BuildRequires: gcc-c++ @@ -126,6 +130,8 @@ %prep %setup -q -n icu -a1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %patch99 -p1 %build ++++++ icu-CVE-2010-4409.patch ++++++ Index: icu/source/i18n/unum.cpp =================================================================== --- icu.orig/source/i18n/unum.cpp +++ icu/source/i18n/unum.cpp @@ -849,7 +849,7 @@ unum_getSymbol(const UNumberFormat *fmt, if(status==NULL || U_FAILURE(*status)) { return 0; } - if(fmt==NULL || (uint16_t)symbol>=UNUM_FORMAT_SYMBOL_COUNT) { + if(fmt==NULL || symbol< 0 || symbol>=UNUM_FORMAT_SYMBOL_COUNT) { *status=U_ILLEGAL_ARGUMENT_ERROR; return 0; } @@ -876,7 +876,7 @@ unum_setSymbol(UNumberFormat *fmt, if(status==NULL || U_FAILURE(*status)) { return; } - if(fmt==NULL || (uint16_t)symbol>=UNUM_FORMAT_SYMBOL_COUNT || value==NULL || length<-1) { + if(fmt==NULL || symbol< 0 || symbol>=UNUM_FORMAT_SYMBOL_COUNT || value==NULL || length<-1) { *status=U_ILLEGAL_ARGUMENT_ERROR; return; } ++++++ icu-CVE-2011-4599.patch ++++++ Index: icu/source/common/uloc.c =================================================================== --- icu.orig/source/common/uloc.c +++ icu/source/common/uloc.c @@ -1797,7 +1797,7 @@ _canonicalize(const char* localeID, int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n); len -= variantLen; if (variantLen > 0) { - if (name[len-1] == '_') { /* delete trailing '_' */ + if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ --len; } addKeyword = VARIANT_MAP[j].keyword; @@ -1805,7 +1805,7 @@ _canonicalize(const char* localeID, break; } } - if (name[len-1] == '_') { /* delete trailing '_' */ + if (len > 0 && len <= nameCapacity && name[len-1] == '_') { /* delete trailing '_' */ --len; } } ++++++ icu44-rpmlint.diff ++++++ --- /var/tmp/diff_new_pack.oSipIu/_old 2012-01-13 18:38:57.000000000 +0100 +++ /var/tmp/diff_new_pack.oSipIu/_new 2012-01-13 18:38:57.000000000 +0100 @@ -11,7 +11,7 @@ =================================================================== --- icu.orig/source/tools/pkgdata/pkgdata.cpp +++ icu/source/tools/pkgdata/pkgdata.cpp -@@ -1645,10 +1645,10 @@ static void loadLists(UPKGOptions *o, UE +@@ -1758,10 +1758,10 @@ static void loadLists(UPKGOptions *o, UE const char cmd[] = "icu-config --incpkgdatafile"; /* #1 try the same path where pkgdata was called from. */ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org