From: Hirokazu MORIKAWA <redacted>
Date: Tue, 24 Oct 2017 02:51:14 +0000 (+0900)
Subject: icu: fix CVE-2017-14952 Double-Free Vulnerability
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=f90bba4046a2509d13cf38dafd2606c536516c22;p=openwrt-packages.git

icu: fix CVE-2017-14952 Double-Free Vulnerability

http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/

https://security-tracker.debian.org/tracker/CVE-2017-14952

Signed-off-by: Hirokazu MORIKAWA <redacted>
---

diff --git a/libs/icu/Makefile b/libs/icu/Makefile
index aa86869db..2bed85af8 100644
--- a/libs/icu/Makefile
+++ b/libs/icu/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icu4c
 PKG_VERSION:=59.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-59_1-src.tgz
 PKG_SOURCE_URL:=http://download.icu-project.org/files/$(PKG_NAME)/$(PKG_VERSION)
diff --git a/libs/icu/patches/CVE-2017-14952.patch b/libs/icu/patches/CVE-2017-14952.patch
new file mode 100644
index 000000000..f353ac774
--- /dev/null
+++ b/libs/icu/patches/CVE-2017-14952.patch
@@ -0,0 +1,10 @@
+Index: source/i18n/zonemeta.cpp
+===================================================================
+--- source/i18n/zonemeta.cpp	(revision 40283)
++++ source/i18n/zonemeta.cpp	(revision 40324)
+@@ -691,5 +691,4 @@
+                     if (U_FAILURE(status)) {
+                         delete mzMappings;
+-                        deleteOlsonToMetaMappingEntry(entry);
+                         uprv_free(entry);
+                         break;