mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-02-15 12:52:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

main/icu: backport fix for CVE-2025-5222

Browse Source 
ref: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17335
(cherry picked from commit 1e3aa6a4519c8e3540f4afe12420b2ede47d2916)
(cherry picked from commit e62b56b09ba0bed460d61072fffd977992d936bc)
This commit is contained in:
Natanael Copa 2025-07-08 11:08:18 +02:00
parent 25b87239c6
commit dbc3f736ff
2 changed files with 164 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
main/icu/APKBUILD
View File

@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=icu
pkgver=74.2
pkgrel=0
pkgrel=1
pkgdesc="International Components for Unicode library"
url="https://icu.unicode.org/"
arch="all"
@ -25,6 +25,7 @@ source="https://github.com/unicode-org/icu/releases/download/release-${pkgver//.
https://github.com/unicode-org/icu/releases/download/release-${pkgver//./-}/icu4c-${pkgver//./_}-data-bin-b.zip
https://github.com/unicode-org/icu/releases/download/release-${pkgver//./-}/icu4c-${pkgver//./_}-data-bin-l.zip
standardize-vtzone-output.patch
CVE-2025-5222.patch
data-filter-en.yml
"
builddir="$srcdir/icu/source"
@ -35,6 +36,8 @@ x86) options="$options !check" ;;
esac
# secfixes:
# 74.2-r1:
# - CVE-2025-5222
# 66.1-r0:
# - CVE-2020-21913
# 65.1-r1:
@ -157,5 +160,6 @@ f9dbd303f78de1bf9089262211f3b618f1ec915e57877855d0bc6496332620f4ea92eabe1dff9fa7
76cc9a684be584ce2bd674b40191975a7506ef14c9c7a08cfe0a09d28c90e49529a2eb01baf698cf27895bec9f8fdf6b76c1d1bd010607fac04be7d12e954e50 icu4c-74_2-data-bin-b.zip
6ef1554c0af06cec777c454cbbeaca44884b8db028d777311323d44e5697a7638df394cfc53760ddcdab763d975f24043f47ac4828e20c9774b4108030a7be15 icu4c-74_2-data-bin-l.zip
c76fd529f92a7b27a45a307c8bb91c109910d012478414b08983af3320e29fbe76e03d8434c4efbde68ecaa56a86130d6514428c5a1085985634bc3650e8e96e standardize-vtzone-output.patch
eaf41940ff39aa31c8f825ef3fa3f0168115ef8c153fb8dc4e1929fec99cdc7e5db0dabb3e643e9d1518688f41e9a57f03c4eec922f90048b2215fb82fec59f9 CVE-2025-5222.patch
609541c1ac10c12b2b52f7800a2057d5c97e49dc9a1774a1b53e13d88599128baa7637f1a63b4de52dfe58b1038c7f3462ef29ad223dbe2ecb2862e3249a1cf4 data-filter-en.yml
"

159
main/icu/CVE-2025-5222.patch Normal file
View File

@ -0,0 +1,159 @@
From f16db14030c68546b8d178d5524736445a7b3520 Mon Sep 17 00:00:00 2001
From: Frank Tang <ftang@chromium.org>
Date: Wed, 22 Jan 2025 11:50:59 -0800
Subject: [PATCH] ICU-22973 Fix buffer overflow by using CharString
---
icu4c/source/tools/genrb/parse.cpp | 49 ++++++++++++++++++------------
1 file changed, 29 insertions(+), 20 deletions(-)
diff --git a/icu4c/source/tools/genrb/parse.cpp b/icu4c/source/tools/genrb/parse.cpp
index f487241cc189..eb85d5157a6f 100644
--- a/tools/genrb/parse.cpp
+++ b/tools/genrb/parse.cpp
@@ -1153,7 +1153,7 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp
struct UString *tokenValue;
struct UString comment;
enum ETokenType token;
- char subtag[1024];
+ CharString subtag;
UnicodeString rules;
UBool haveRules = false;
UVersionInfo version;
@@ -1189,15 +1189,15 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp
return nullptr;
}
- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1);
-
+ subtag.clear();
+ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status);
if (U_FAILURE(*status))
{
res_close(result);
return nullptr;
}
- member = parseResource(state, subtag, nullptr, status);
+ member = parseResource(state, subtag.data(), nullptr, status);
if (U_FAILURE(*status))
{
@@ -1208,7 +1208,7 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp
{
// Ignore the parsed resources, continue parsing.
}
- else if (uprv_strcmp(subtag, "Version") == 0 && member->isString())
+ else if (uprv_strcmp(subtag.data(), "Version") == 0 && member->isString())
{
StringResource *sr = static_cast<StringResource *>(member);
char ver[40];
@@ -1225,11 +1225,11 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp
result->add(member, line, *status);
member = nullptr;
}
- else if(uprv_strcmp(subtag, "%%CollationBin")==0)
+ else if(uprv_strcmp(subtag.data(), "%%CollationBin")==0)
{
/* discard duplicate %%CollationBin if any*/
}
- else if (uprv_strcmp(subtag, "Sequence") == 0 && member->isString())
+ else if (uprv_strcmp(subtag.data(), "Sequence") == 0 && member->isString())
{
StringResource *sr = static_cast<StringResource *>(member);
rules = sr->fString;
@@ -1395,7 +1395,7 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n
struct UString *tokenValue;
struct UString comment;
enum ETokenType token;
- char subtag[1024], typeKeyword[1024];
+ CharString subtag, typeKeyword;
uint32_t line;
result = table_open(state->bundle, tag, nullptr, status);
@@ -1437,7 +1437,8 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n
return nullptr;
}
- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1);
+ subtag.clear();
+ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status);
if (U_FAILURE(*status))
{
@@ -1445,9 +1446,9 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n
return nullptr;
}
- if (uprv_strcmp(subtag, "default") == 0)
+ if (uprv_strcmp(subtag.data(), "default") == 0)
{
- member = parseResource(state, subtag, nullptr, status);
+ member = parseResource(state, subtag.data(), nullptr, status);
if (U_FAILURE(*status))
{
@@ -1466,22 +1467,29 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n
if(token == TOK_OPEN_BRACE) {
token = getToken(state, &tokenValue, &comment, &line, status);
TableResource *collationRes;
- if (keepCollationType(subtag)) {
- collationRes = table_open(state->bundle, subtag, nullptr, status);
+ if (keepCollationType(subtag.data())) {
+ collationRes = table_open(state->bundle, subtag.data(), nullptr, status);
} else {
collationRes = nullptr;
}
// need to parse the collation data regardless
- collationRes = addCollation(state, collationRes, subtag, startline, status);
+ collationRes = addCollation(state, collationRes, subtag.data(), startline, status);
if (collationRes != nullptr) {
result->add(collationRes, startline, *status);
}
} else if(token == TOK_COLON) { /* right now, we'll just try to see if we have aliases */
/* we could have a table too */
token = peekToken(state, 1, &tokenValue, &line, &comment, status);
- u_UCharsToChars(tokenValue->fChars, typeKeyword, u_strlen(tokenValue->fChars) + 1);
- if(uprv_strcmp(typeKeyword, "alias") == 0) {
- member = parseResource(state, subtag, nullptr, status);
+ typeKeyword.clear();
+ typeKeyword.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status);
+ if (U_FAILURE(*status))
+ {
+ res_close(result);
+ return nullptr;
+ }
+
+ if(uprv_strcmp(typeKeyword.data(), "alias") == 0) {
+ member = parseResource(state, subtag.data(), nullptr, status);
if (U_FAILURE(*status))
{
res_close(result);
@@ -1523,7 +1531,7 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star
struct UString *tokenValue=nullptr;
struct UString comment;
enum ETokenType token;
- char subtag[1024];
+ CharString subtag;
uint32_t line;
UBool readToken = false;
@@ -1562,7 +1570,8 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star
}
if(uprv_isInvariantUString(tokenValue->fChars, -1)) {
- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1);
+ subtag.clear();
+ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status);
} else {
*status = U_INVALID_FORMAT_ERROR;
error(line, "invariant characters required for table keys");
@@ -1575,7 +1584,7 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star
return nullptr;
}
- member = parseResource(state, subtag, &comment, status);
+ member = parseResource(state, subtag.data(), &comment, status);
if (member == nullptr || U_FAILURE(*status))
{