Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Andreas Hüttel" <dilfridge@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/icu/, dev-libs/icu/files/
Date: Fri, 26 May 2017 15:50:12
Message-Id: 1495813780.216c7c2dad182bafb04859f6650f2aaaad95fed3.dilfridge@gentoo
1 commit: 216c7c2dad182bafb04859f6650f2aaaad95fed3
2 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3 AuthorDate: Fri May 26 15:48:50 2017 +0000
4 Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
5 CommitDate: Fri May 26 15:49:40 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=216c7c2d
7
8 dev-libs/icu: Add backport for bug 616468
9
10 Package-Manager: Portage-2.3.6, Repoman-2.3.2
11
12 dev-libs/icu/files/icu-58.2-CVE-2017-7867.patch | 155 +++++++++++++++++++++++
13 dev-libs/icu/icu-58.2-r1.ebuild | 158 ++++++++++++++++++++++++
14 2 files changed, 313 insertions(+)
15
16 diff --git a/dev-libs/icu/files/icu-58.2-CVE-2017-7867.patch b/dev-libs/icu/files/icu-58.2-CVE-2017-7867.patch
17 new file mode 100644
18 index 00000000000..a34537bb6cb
19 --- /dev/null
20 +++ b/dev-libs/icu/files/icu-58.2-CVE-2017-7867.patch
21 @@ -0,0 +1,155 @@
22 +Index: /trunk/icu4c/source/common/utext.cpp
23 +===================================================================
24 +--- a/common/utext.cpp (revision 39670)
25 ++++ b/common/utext.cpp (revision 39671)
26 +@@ -848,7 +848,13 @@
27 +
28 + // Chunk size.
29 +-// Must be less than 85, because of byte mapping from UChar indexes to native indexes.
30 +-// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes
31 +-// to two UChars.)
32 ++// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes.
33 ++// Worst case there are six UTF-8 bytes per UChar.
34 ++// obsolete 6 byte form fd + 5 trails maps to fffd
35 ++// obsolete 5 byte form fc + 4 trails maps to fffd
36 ++// non-shortest 4 byte forms maps to fffd
37 ++// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
38 ++// mapToUChars array size must allow for the worst case, 6.
39 ++// This could be brought down to 4, by treating fd and fc as pure illegal,
40 ++// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
41 + //
42 + enum { UTF8_TEXT_CHUNK_SIZE=32 };
43 +@@ -890,5 +896,5 @@
44 + // one for a supplementary starting in the last normal position,
45 + // and one for an entry for the buffer limit position.
46 +- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
47 ++ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
48 + // correspoding offset in filled part of buf.
49 + int32_t align;
50 +@@ -1033,4 +1039,5 @@
51 + u8b = (UTF8Buf *)ut->p; // the current buffer
52 + mapIndex = ix - u8b->toUCharsMapStart;
53 ++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
54 + ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
55 + return TRUE;
56 +@@ -1299,4 +1306,8 @@
57 + // If index is at the end, there is no character there to look at.
58 + if (ix != ut->b) {
59 ++ // Note: this function will only move the index back if it is on a trail byte
60 ++ // and there is a preceding lead byte and the sequence from the lead
61 ++ // through this trail could be part of a valid UTF-8 sequence
62 ++ // Otherwise the index remains unchanged.
63 + U8_SET_CP_START(s8, 0, ix);
64 + }
65 +@@ -1312,5 +1323,8 @@
66 + uint8_t *mapToNative = u8b->mapToNative;
67 + uint8_t *mapToUChars = u8b->mapToUChars;
68 +- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
69 ++ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
70 ++ // Note that toUCharsMapStart can be negative. Happens when the remaining
71 ++ // text from current position to the beginning is less than the buffer size.
72 ++ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
73 + int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region
74 + // at end of buffer to leave room
75 +@@ -1339,4 +1353,5 @@
76 + // Special case ASCII range for speed.
77 + buf[destIx] = (UChar)c;
78 ++ U_ASSERT(toUCharsMapStart <= srcIx);
79 + mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
80 + mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
81 +@@ -1368,4 +1383,5 @@
82 + mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
83 + } while (sIx >= srcIx);
84 ++ U_ASSERT(toUCharsMapStart <= (srcIx+1));
85 +
86 + // Set native indexing limit to be the current position.
87 +@@ -1542,4 +1558,5 @@
88 + U_ASSERT(index<=ut->chunkNativeLimit);
89 + int32_t mapIndex = index - u8b->toUCharsMapStart;
90 ++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
91 + int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
92 + U_ASSERT(offset>=0 && offset<=ut->chunkLength);
93 +Index: /trunk/icu4c/source/test/intltest/utxttest.cpp
94 +===================================================================
95 +--- a/test/intltest/utxttest.cpp (revision 39670)
96 ++++ b/test/intltest/utxttest.cpp (revision 39671)
97 +@@ -68,4 +68,6 @@
98 + case 7: name = "Ticket12130";
99 + if (exec) Ticket12130(); break;
100 ++ case 8: name = "Ticket12888";
101 ++ if (exec) Ticket12888(); break;
102 + default: name = ""; break;
103 + }
104 +@@ -1584,2 +1586,62 @@
105 + utext_close(&ut);
106 + }
107 ++
108 ++// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
109 ++// six byte utf-8 forms. Original implementation had an assumption that
110 ++// there would be at most three utf-8 bytes per UTF-16 code unit.
111 ++// The five and six byte sequences map to a single replacement character.
112 ++
113 ++void UTextTest::Ticket12888() {
114 ++ const char *badString =
115 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
116 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
117 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
118 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
119 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
120 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
121 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
122 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
123 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
124 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
125 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
126 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
127 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
128 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
129 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
130 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
131 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
132 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
133 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
134 ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
135 ++
136 ++ UErrorCode status = U_ZERO_ERROR;
137 ++ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
138 ++ TEST_SUCCESS(status);
139 ++ for (;;) {
140 ++ UChar32 c = utext_next32(ut.getAlias());
141 ++ if (c == U_SENTINEL) {
142 ++ break;
143 ++ }
144 ++ }
145 ++ int32_t endIdx = utext_getNativeIndex(ut.getAlias());
146 ++ if (endIdx != (int32_t)strlen(badString)) {
147 ++ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
148 ++ return;
149 ++ }
150 ++
151 ++ for (int32_t prevIndex = endIdx; prevIndex>0;) {
152 ++ UChar32 c = utext_previous32(ut.getAlias());
153 ++ int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
154 ++ if (c != 0xfffd) {
155 ++ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
156 ++ __FILE__, __LINE__, 0xfffd, c, currentIndex);
157 ++ break;
158 ++ }
159 ++ if (currentIndex != prevIndex - 6) {
160 ++ errln("%s:%d: wrong index. Expected, actual = %d, %d",
161 ++ __FILE__, __LINE__, prevIndex - 6, currentIndex);
162 ++ break;
163 ++ }
164 ++ prevIndex = currentIndex;
165 ++ }
166 ++}
167 +Index: /trunk/icu4c/source/test/intltest/utxttest.h
168 +===================================================================
169 +--- a/test/intltest/utxttest.h (revision 39670)
170 ++++ b/test/intltest/utxttest.h (revision 39671)
171 +@@ -39,4 +39,5 @@
172 + void Ticket10983();
173 + void Ticket12130();
174 ++ void Ticket12888();
175 +
176 + private:
177
178 diff --git a/dev-libs/icu/icu-58.2-r1.ebuild b/dev-libs/icu/icu-58.2-r1.ebuild
179 new file mode 100644
180 index 00000000000..7404a17ca15
181 --- /dev/null
182 +++ b/dev-libs/icu/icu-58.2-r1.ebuild
183 @@ -0,0 +1,158 @@
184 +# Copyright 1999-2017 Gentoo Foundation
185 +# Distributed under the terms of the GNU General Public License v2
186 +
187 +EAPI=6
188 +
189 +inherit eutils flag-o-matic toolchain-funcs autotools multilib-minimal
190 +
191 +DESCRIPTION="International Components for Unicode"
192 +HOMEPAGE="http://www.icu-project.org/"
193 +SRC_URI="http://download.icu-project.org/files/icu4c/${PV/_/}/icu4c-${PV//./_}-src.tgz"
194 +
195 +LICENSE="BSD"
196 +
197 +SLOT="0/${PV}"
198 +
199 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
200 +IUSE="debug doc examples static-libs"
201 +
202 +DEPEND="
203 + virtual/pkgconfig
204 + doc? (
205 + app-doc/doxygen[dot]
206 + )
207 +"
208 +
209 +S="${WORKDIR}/${PN}/source"
210 +
211 +MULTILIB_CHOST_TOOLS=(
212 + /usr/bin/icu-config
213 +)
214 +
215 +PATCHES=(
216 + "${FILESDIR}/${PN}-58.1-remove-bashisms.patch"
217 + "${FILESDIR}/${PN}-58.1-iterator.patch"
218 + "${FILESDIR}/${PN}-58.2-CVE-2017-7867.patch"
219 +)
220 +
221 +pkg_pretend() {
222 + if tc-is-gcc ; then
223 + if [[ $(gcc-major-version) == 4 && $(gcc-minor-version) -lt 9 \
224 + || $(gcc-major-version) -lt 4 ]] ; then
225 + die "You need at least sys-devel/gcc-4.9"
226 + fi
227 + fi
228 +}
229 +
230 +src_prepare() {
231 + # apply patches
232 + default
233 +
234 + local variable
235 +
236 + # Disable renaming as it is stupid thing to do
237 + sed -i \
238 + -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \
239 + common/unicode/uconfig.h || die
240 +
241 + # Fix linking of icudata
242 + sed -i \
243 + -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \
244 + config/mh-linux || die
245 +
246 + # Append doxygen configuration to configure
247 + sed -i \
248 + -e 's:icudefs.mk:icudefs.mk Doxyfile:' \
249 + configure.ac || die
250 +
251 + eautoreconf
252 +}
253 +
254 +src_configure() {
255 + # Use C++14
256 + append-cxxflags -std=c++14
257 +
258 + if tc-is-gcc ; then
259 + if [[ $(gcc-major-version) == 4 && $(gcc-minor-version) -lt 9 \
260 + || $(gcc-major-version) -lt 4 ]] ; then
261 + die "You need at least sys-devel/gcc-4.9"
262 + fi
263 + fi
264 +
265 + if tc-is-cross-compiler; then
266 + mkdir "${WORKDIR}"/host || die
267 + pushd "${WORKDIR}"/host >/dev/null || die
268 +
269 + CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \
270 + CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \
271 + RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \
272 + "${S}"/configure --disable-renaming --disable-debug \
273 + --disable-samples --enable-static || die
274 + emake
275 +
276 + popd >/dev/null || die
277 + fi
278 +
279 + multilib-minimal_src_configure
280 +}
281 +
282 +multilib_src_configure() {
283 + local myeconfargs=(
284 + --disable-renaming
285 + --disable-samples
286 + --disable-layoutex
287 + $(use_enable debug)
288 + $(use_enable static-libs static)
289 + )
290 +
291 + multilib_is_native_abi && myeconfargs+=(
292 + $(use_enable examples samples)
293 + )
294 + tc-is-cross-compiler && myeconfargs+=(
295 + --with-cross-build="${WORKDIR}"/host
296 + )
297 +
298 + # icu tries to use clang by default
299 + tc-export CC CXX
300 +
301 + ECONF_SOURCE=${S} \
302 + econf "${myeconfargs[@]}"
303 +}
304 +
305 +multilib_src_compile() {
306 + default
307 +
308 + if multilib_is_native_abi && use doc; then
309 + doxygen -u Doxyfile || die
310 + doxygen Doxyfile || die
311 + fi
312 +}
313 +
314 +multilib_src_test() {
315 + # INTLTEST_OPTS: intltest options
316 + # -e: Exhaustive testing
317 + # -l: Reporting of memory leaks
318 + # -v: Increased verbosity
319 + # IOTEST_OPTS: iotest options
320 + # -e: Exhaustive testing
321 + # -v: Increased verbosity
322 + # CINTLTST_OPTS: cintltst options
323 + # -e: Exhaustive testing
324 + # -v: Increased verbosity
325 + emake -j1 VERBOSE="1" check
326 +}
327 +
328 +multilib_src_install() {
329 + default
330 +
331 + if multilib_is_native_abi && use doc; then
332 + docinto html
333 + dodoc -r doc/html/*
334 + fi
335 +}
336 +
337 +multilib_src_install_all() {
338 + einstalldocs
339 + docinto html
340 + dodoc ../readme.html
341 +}
Report Message
Find on MARC Find on Google Groups