summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-07-07 07:42:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-07-07 07:42:42 +0000
commitc39e1e7d975c3e32c645a176095862a74461463e (patch)
treed8b1bc2dc1bc640012d61362d91bf640eb5ac825
parentReleasing progress-linux version 67.1-6~progress5+u1. (diff)
downloadicu-c39e1e7d975c3e32c645a176095862a74461463e.tar.xz
icu-c39e1e7d975c3e32c645a176095862a74461463e.zip
Merging debian version 67.1-7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/locid_operators.patch41
-rw-r--r--debian/patches/series1
3 files changed, 49 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 92bdc26..2eb51ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+icu (67.1-7) unstable; urgency=high
+
+ * Backport upstream security fix for CVE-2021-30535: crash caused by locale
+ assign/move operators.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 30 Jun 2021 18:07:32 +0200
+
icu (67.1-6~progress5+u1) engywuck-backports; urgency=medium
* Uploading to engywuck-backports, remaining changes:
diff --git a/debian/patches/locid_operators.patch b/debian/patches/locid_operators.patch
new file mode 100644
index 0000000..d27b2a9
--- /dev/null
+++ b/debian/patches/locid_operators.patch
@@ -0,0 +1,41 @@
+diff --git a/patches/locid_operators.patch b/patches/locid_operators.patch
+new file mode 100644
+index 0000000..7428558
+--- /dev/null
++++ b/patches/locid_operators.patch
+@@ -0,0 +1,35 @@
++diff --git a/source/common/locid.cpp b/source/common/locid.cpp
++index 0d506293..4743db53 100644
++--- a/source/common/locid.cpp
+++++ b/source/common/locid.cpp
++@@ -469,14 +469,18 @@ Locale& Locale::operator=(Locale&& other) U_NOEXCEPT {
++ if ((baseName != fullName) && (baseName != fullNameBuffer)) uprv_free(baseName);
++ if (fullName != fullNameBuffer) uprv_free(fullName);
++
++- if (other.fullName == other.fullNameBuffer) {
+++ if (other.fullName == other.fullNameBuffer || other.baseName == other.fullNameBuffer) {
++ uprv_strcpy(fullNameBuffer, other.fullNameBuffer);
+++ }
+++ if (other.fullName == other.fullNameBuffer) {
++ fullName = fullNameBuffer;
++ } else {
++ fullName = other.fullName;
++ }
++
++- if (other.baseName == other.fullName) {
+++ if (other.baseName == other.fullNameBuffer) {
+++ baseName = fullNameBuffer;
+++ } else if (other.baseName == other.fullName) {
++ baseName = fullName;
++ } else {
++ baseName = other.baseName;
++@@ -2696,6 +2700,9 @@ Locale::setKeywordValue(const char* keywordName, const char* keywordValue, UErro
++ if (fullName != fullNameBuffer) {
++ // if full Name is already on the heap, need to free it.
++ uprv_free(fullName);
+++ if (baseName == fullName) {
+++ baseName = newFullName; // baseName should not point to freed memory.
+++ }
++ }
++ fullName = newFullName;
++ status = U_ZERO_ERROR;
diff --git a/debian/patches/series b/debian/patches/series
index 78949ae..1d069ba 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ hurd-fix.diff
layout-test-fix.patch
#flaky-tests.patch
ICU-13786_Fix_addLikelySubtags_minimizeSubtags.patch
+locid_operators.patch