M gnu/local.mk => gnu/local.mk +1 -0
@@ 734,6 734,7 @@ dist_patch_DATA = \
%D%/packages/patches/hydra-disable-darcs-test.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \
+ %D%/packages/patches/icu4c-CVE-2017-14952.patch \
%D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
M gnu/packages/icu4c.scm => gnu/packages/icu4c.scm +10 -0
@@ 32,6 32,7 @@
(define-public icu4c
(package
(name "icu4c")
+ (replacement icu4c-fixed)
(version "58.2")
(source (origin
(method url-fetch)
@@ 70,6 71,15 @@ C/C++ part.")
(license x11)
(home-page "http://site.icu-project.org/")))
+(define icu4c-fixed
+ (package
+ (inherit icu4c)
+ (source (origin
+ (inherit (package-source icu4c))
+ (patches (append
+ (origin-patches (package-source icu4c))
+ (search-patches "icu4c-CVE-2017-14952.patch")))))))
+
(define-public java-icu4j
(package
(name "java-icu4j")
A gnu/packages/patches/icu4c-CVE-2017-14952.patch => gnu/packages/patches/icu4c-CVE-2017-14952.patch +18 -0
@@ 0,0 1,18 @@
+Fix CVE-2017-14952:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
+
+Index: trunk/icu4c/source/i18n/zonemeta.cpp
+===================================================================
+--- icu/source/i18n/zonemeta.cpp (revision 40283)
++++ icu/source/i18n/zonemeta.cpp (revision 40324)
+@@ -691,5 +691,4 @@
+ if (U_FAILURE(status)) {
+ delete mzMappings;
+- deleteOlsonToMetaMappingEntry(entry);
+ uprv_free(entry);
+ break;