./textproc/icu, Robust and full-featured Unicode services

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2017Q1, Version: 58.2nb1, Package name: icu-58.2nb1, Maintainer: pkgsrc-users

The International Components for Unicode(ICU) is a C and C++ library that
provides robust and full-featured Unicode support on a wide variety of
platforms. The library provides:

- Calendar support
- Character set conversions
- Collation (language-sensitive)
- Date & time formatting
- Locales (140+ supported)
- Message catalogs (resources)
- Message formatting
- Normalization
- Number & currency formatting
- Time zones
- Transliteration
- Word, line & sentence breaks


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: b67913c90a484c59fda011797c6f3959d84bdc7c
RMD160: df06e7b18a87e383d3762564f2e9a59fd75865f9
Filesize: 22822.17 KB

Version history: (Expand)

CVS history: (Expand)


   2017-04-25 19:54:53 by Benny Siegert | Files touched by this commit (5) | Package updated
Log message:
Pullup ticket #5357 - requested by maya
textproc/icu: security fix (backported)

ICU had a vulnerability (CVE-2017-786[78])
Unfortunately they fixed it by doing a major release and have previously
broken other packages at runtime with such updates.

I've made backports of all the changesets that were mentioned in any of
the links, specifically the oss-fuzz report was somewhat broad and
mentioned 39673 which backported several 'crash' changesets:
http://bugs.icu-project.org/trac/changeset/39663
http://bugs.icu-project.org/trac/changeset/39669
http://bugs.icu-project.org/trac/changeset/39671

The advisory only references code changes relevant to 39671, we could
limit the backport to that.
https://www.debian.org/security/2017/dsa-3830

I've run make replace and smoke-tested with midori
they have a rather extensive testsuite. I've run it with 'make test' and
it didn't show any issues.

These are manual backports by myself as the patches did not apply
cleanly.