diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD index 084a54e34d7..0c8c486c030 100644 --- a/main/icu/APKBUILD +++ b/main/icu/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa pkgname=icu pkgver=74.2 -pkgrel=0 +pkgrel=1 pkgdesc="International Components for Unicode library" url="https://icu.unicode.org/" arch="all" @@ -25,6 +25,7 @@ source="https://github.com/unicode-org/icu/releases/download/release-${pkgver//. https://github.com/unicode-org/icu/releases/download/release-${pkgver//./-}/icu4c-${pkgver//./_}-data-bin-b.zip https://github.com/unicode-org/icu/releases/download/release-${pkgver//./-}/icu4c-${pkgver//./_}-data-bin-l.zip standardize-vtzone-output.patch + CVE-2025-5222.patch data-filter-en.yml " builddir="$srcdir/icu/source" @@ -35,6 +36,8 @@ x86) options="$options !check" ;; esac # secfixes: +# 74.2-r1: +# - CVE-2025-5222 # 66.1-r0: # - CVE-2020-21913 # 65.1-r1: @@ -157,5 +160,6 @@ f9dbd303f78de1bf9089262211f3b618f1ec915e57877855d0bc6496332620f4ea92eabe1dff9fa7 76cc9a684be584ce2bd674b40191975a7506ef14c9c7a08cfe0a09d28c90e49529a2eb01baf698cf27895bec9f8fdf6b76c1d1bd010607fac04be7d12e954e50 icu4c-74_2-data-bin-b.zip 6ef1554c0af06cec777c454cbbeaca44884b8db028d777311323d44e5697a7638df394cfc53760ddcdab763d975f24043f47ac4828e20c9774b4108030a7be15 icu4c-74_2-data-bin-l.zip c76fd529f92a7b27a45a307c8bb91c109910d012478414b08983af3320e29fbe76e03d8434c4efbde68ecaa56a86130d6514428c5a1085985634bc3650e8e96e standardize-vtzone-output.patch +eaf41940ff39aa31c8f825ef3fa3f0168115ef8c153fb8dc4e1929fec99cdc7e5db0dabb3e643e9d1518688f41e9a57f03c4eec922f90048b2215fb82fec59f9 CVE-2025-5222.patch 609541c1ac10c12b2b52f7800a2057d5c97e49dc9a1774a1b53e13d88599128baa7637f1a63b4de52dfe58b1038c7f3462ef29ad223dbe2ecb2862e3249a1cf4 data-filter-en.yml " diff --git a/main/icu/CVE-2025-5222.patch b/main/icu/CVE-2025-5222.patch new file mode 100644 index 00000000000..92731107a4b --- /dev/null +++ b/main/icu/CVE-2025-5222.patch @@ -0,0 +1,159 @@ +From f16db14030c68546b8d178d5524736445a7b3520 Mon Sep 17 00:00:00 2001 +From: Frank Tang +Date: Wed, 22 Jan 2025 11:50:59 -0800 +Subject: [PATCH] ICU-22973 Fix buffer overflow by using CharString + +--- + icu4c/source/tools/genrb/parse.cpp | 49 ++++++++++++++++++------------ + 1 file changed, 29 insertions(+), 20 deletions(-) + +diff --git a/icu4c/source/tools/genrb/parse.cpp b/icu4c/source/tools/genrb/parse.cpp +index f487241cc189..eb85d5157a6f 100644 +--- a/tools/genrb/parse.cpp ++++ b/tools/genrb/parse.cpp +@@ -1153,7 +1153,7 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp + struct UString *tokenValue; + struct UString comment; + enum ETokenType token; +- char subtag[1024]; ++ CharString subtag; + UnicodeString rules; + UBool haveRules = false; + UVersionInfo version; +@@ -1189,15 +1189,15 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp + return nullptr; + } + +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); +- ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + if (U_FAILURE(*status)) + { + res_close(result); + return nullptr; + } + +- member = parseResource(state, subtag, nullptr, status); ++ member = parseResource(state, subtag.data(), nullptr, status); + + if (U_FAILURE(*status)) + { +@@ -1208,7 +1208,7 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp + { + // Ignore the parsed resources, continue parsing. + } +- else if (uprv_strcmp(subtag, "Version") == 0 && member->isString()) ++ else if (uprv_strcmp(subtag.data(), "Version") == 0 && member->isString()) + { + StringResource *sr = static_cast(member); + char ver[40]; +@@ -1225,11 +1225,11 @@ addCollation(ParseState* state, TableResource *result, const char *collationTyp + result->add(member, line, *status); + member = nullptr; + } +- else if(uprv_strcmp(subtag, "%%CollationBin")==0) ++ else if(uprv_strcmp(subtag.data(), "%%CollationBin")==0) + { + /* discard duplicate %%CollationBin if any*/ + } +- else if (uprv_strcmp(subtag, "Sequence") == 0 && member->isString()) ++ else if (uprv_strcmp(subtag.data(), "Sequence") == 0 && member->isString()) + { + StringResource *sr = static_cast(member); + rules = sr->fString; +@@ -1395,7 +1395,7 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n + struct UString *tokenValue; + struct UString comment; + enum ETokenType token; +- char subtag[1024], typeKeyword[1024]; ++ CharString subtag, typeKeyword; + uint32_t line; + + result = table_open(state->bundle, tag, nullptr, status); +@@ -1437,7 +1437,8 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n + return nullptr; + } + +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + + if (U_FAILURE(*status)) + { +@@ -1445,9 +1446,9 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n + return nullptr; + } + +- if (uprv_strcmp(subtag, "default") == 0) ++ if (uprv_strcmp(subtag.data(), "default") == 0) + { +- member = parseResource(state, subtag, nullptr, status); ++ member = parseResource(state, subtag.data(), nullptr, status); + + if (U_FAILURE(*status)) + { +@@ -1466,22 +1467,29 @@ parseCollationElements(ParseState* state, char *tag, uint32_t startline, UBool n + if(token == TOK_OPEN_BRACE) { + token = getToken(state, &tokenValue, &comment, &line, status); + TableResource *collationRes; +- if (keepCollationType(subtag)) { +- collationRes = table_open(state->bundle, subtag, nullptr, status); ++ if (keepCollationType(subtag.data())) { ++ collationRes = table_open(state->bundle, subtag.data(), nullptr, status); + } else { + collationRes = nullptr; + } + // need to parse the collation data regardless +- collationRes = addCollation(state, collationRes, subtag, startline, status); ++ collationRes = addCollation(state, collationRes, subtag.data(), startline, status); + if (collationRes != nullptr) { + result->add(collationRes, startline, *status); + } + } else if(token == TOK_COLON) { /* right now, we'll just try to see if we have aliases */ + /* we could have a table too */ + token = peekToken(state, 1, &tokenValue, &line, &comment, status); +- u_UCharsToChars(tokenValue->fChars, typeKeyword, u_strlen(tokenValue->fChars) + 1); +- if(uprv_strcmp(typeKeyword, "alias") == 0) { +- member = parseResource(state, subtag, nullptr, status); ++ typeKeyword.clear(); ++ typeKeyword.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); ++ if (U_FAILURE(*status)) ++ { ++ res_close(result); ++ return nullptr; ++ } ++ ++ if(uprv_strcmp(typeKeyword.data(), "alias") == 0) { ++ member = parseResource(state, subtag.data(), nullptr, status); + if (U_FAILURE(*status)) + { + res_close(result); +@@ -1523,7 +1531,7 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star + struct UString *tokenValue=nullptr; + struct UString comment; + enum ETokenType token; +- char subtag[1024]; ++ CharString subtag; + uint32_t line; + UBool readToken = false; + +@@ -1562,7 +1570,8 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star + } + + if(uprv_isInvariantUString(tokenValue->fChars, -1)) { +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + } else { + *status = U_INVALID_FORMAT_ERROR; + error(line, "invariant characters required for table keys"); +@@ -1575,7 +1584,7 @@ realParseTable(ParseState* state, TableResource *table, char *tag, uint32_t star + return nullptr; + } + +- member = parseResource(state, subtag, &comment, status); ++ member = parseResource(state, subtag.data(), &comment, status); + + if (member == nullptr || U_FAILURE(*status)) + {