debian/0000755000000000000000000000000013256460720007173 5ustar debian/icu-devtools.install0000644000000000000000000000003712256335042013175 0ustar usr/bin usr/sbin usr/share/man debian/rules0000755000000000000000000000354312256335042010255 0ustar #!/usr/bin/make -f export DEB_BUILD_HARDENING=1 # Install all ICU headers files in the architecture-specific location. # While most files are platform-independent, platform.h is different # between big and little endina systems, and it's easier to have all # header files in a single directory so that icu-config and pkg-config # continue to work. DEB_CONFIGURE_USER_FLAGS = --libdir="\$${prefix}/lib/$(DEB_HOST_MULTIARCH)" \ --includedir="\$${prefix}/include/$(DEB_HOST_MULTIARCH)" \ --disable-samples --enable-static --enable-weak-threads # To distinguish variables that are truly local to this file (rather # than for use by cdbs), we adopt the convention of starting local # variables' names with l_. l_SONAME := 52 # Turn off optimization on armel to avoid some internal compiler # errors. This can be removed once bug 484053 is resolved. ifeq ($(shell dpkg --print-architecture),armel) CFLAGS := $(filter-out -O%,$(CFLAGS)) -O0 CXXFLAGS := $(filter-out -O%,$(CXXFLAGS)) -O0 endif # Include cdbs rules files. include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk # Variables used by cdbs DEB_MAKE_INSTALL_TARGET := \ $(DEB_MAKE_INSTALL_TARGET:install=install install-doc) DEB_SRCDIR = source DEB_COMPRESS_EXCLUDE = html examples DEB_INSTALL_EXAMPLES_libicu-dev = \ source/samples/* DEB_DH_BUILDDEB_ARGS = -- -Zxz DEB_DBG_PACKAGE_libicu$(l_SONAME) = libicu$(l_SONAME)-dbg override DEB_MAKE_CHECK_TARGET = check clean:: $(RM) *.cdbs-config_list # The libicudata library contains no symbols, so its debug library is # useless and triggers lintian warnings. Just remove it. binary-predeb/libicu$(l_SONAME)-dbg:: for i in `find debian/libicu$(l_SONAME)-dbg/usr/lib/debug -type f -print`; do \ if ! nm -a $$i | grep -q debug; then rm $$i; fi; \ done -find debian/libicu$(l_SONAME)-dbg/usr/lib/debug -type d -empty -exec rmdir {} \; debian/control0000644000000000000000000000473012474110251010572 0ustar Source: icu Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Jay Berkenbilt Standards-Version: 3.9.5 Build-Depends: cdbs (>= 0.4.93~), debhelper (>> 9~), dpkg-dev (>= 1.16.1~), autotools-dev, hardening-wrapper Build-Depends-Indep: doxygen (>= 1.7.1) Homepage: http://www.icu-project.org Package: libicu52 Section: libs Multi-Arch: same Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Description: International Components for Unicode ICU is a C++ and C library that provides robust and full-featured Unicode and locale support. This package contains the runtime libraries for ICU. Package: libicu52-dbg Section: debug Priority: extra Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, libicu52 (= ${binary:Version}) Description: International Components for Unicode ICU is a C++ and C library that provides robust and full-featured Unicode and locale support. This package contains debugging symbols for the libraries. Package: libicu-dev Section: libdevel Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends}, libicu52 (= ${binary:Version}), icu-devtools (>= ${binary:Version}), libc6-dev | libc-dev Suggests: icu-doc Description: Development files for International Components for Unicode ICU is a C++ and C library that provides robust and full-featured Unicode and locale support. This package contains the development files for ICU. Package: icu-devtools Section: libdevel Architecture: any Multi-Arch: foreign Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Replaces: libicu-dev (<< ${binary:Version}), icu-tools (<< 52.1-3~) Breaks: libicu-dev (<< ${binary:Version}), icu-tools (<< 52.1-3~) Description: Development utilities for International Components for Unicode ICU is a C++ and C library that provides robust and full-featured Unicode and locale support. This package contains programs used to manipulate data files found in the ICU sources and is a dependency of libicu-dev. End users would generally not need to install this package. Package: icu-doc Section: doc Architecture: all Depends: ${misc:Depends} Description: API documentation for ICU classes and functions ICU is a C++ and C library that provides robust and full-featured Unicode and locale support. This package contains HTML files documenting the ICU APIs. debian/watch0000644000000000000000000000017712256335042010226 0ustar version=3 opts="uversionmangle=s/_/\./g" \ http://download.icu-project.org/files/icu4c/(\d+\.[\d\.]+)/icu4c-([\d_\.]+)-src.tgz debian/libicu-dev.install0000644000000000000000000000014412256335042012602 0ustar usr/lib/*/lib*.so usr/lib/*/lib*.a usr/lib/*/icu usr/lib/*/pkgconfig/*.pc usr/include usr/share/icu debian/patches/0000755000000000000000000000000013256460735010630 5ustar debian/patches/CVE-2015-8147.patch0000644000000000000000000000105512523130345013240 0ustar Description: fix integer overflow via incorrect state size Origin: backport, http://bugs.icu-project.org/trac/changeset/37080 Index: icu-52.1/source/common/ubidiimp.h =================================================================== --- icu-52.1.orig/source/common/ubidiimp.h 2013-10-04 16:49:24.000000000 -0400 +++ icu-52.1/source/common/ubidiimp.h 2015-05-08 08:20:48.901252416 -0400 @@ -193,8 +193,8 @@ typedef struct Isolate { int32_t start1; + int32_t state; int16_t stateImp; - int16_t state; } Isolate; typedef struct Run { debian/patches/series0000644000000000000000000000077313256460735012054 0ustar icudata-stdlibs.patch gennorm2-man.patch icuinfo-man.patch malayalam-rendering.patch indic-ccmp.patch mlym-crash.patch CVE-2014-65xx.patch CVE-2014-7923.patch CVE-2014-7926.patch CVE-2014-7940.patch CVE-2014-9654.patch two-digit-year-test.patch CVE-2015-8146.patch CVE-2015-8147.patch CVE-2015-1270.patch CVE-2015-2632.patch CVE-2015-4760.patch CVE-2014-9911.patch CVE-2015-4844.patch CVE-2016-0494.patch CVE-2016-6293.patch CVE-2016-7415.patch CVE-2017-786x.patch CVE-2017-14952.patch CVE-2017-15422.patch debian/patches/CVE-2015-8146.patch0000644000000000000000000000154612523130341013240 0ustar Description: fix heap overflow via incorrect isolateCount Origin: backport, http://bugs.icu-project.org/trac/changeset/37162 Index: icu-52.1/source/common/ubidi.c =================================================================== --- icu-52.1.orig/source/common/ubidi.c 2013-10-04 16:49:28.000000000 -0400 +++ icu-52.1/source/common/ubidi.c 2015-05-08 08:19:47.924746439 -0400 @@ -2049,7 +2049,7 @@ /* The isolates[] entries contain enough information to resume the bidi algorithm in the same state as it was when it was interrupted by an isolate sequence. */ - if(dirProps[start]==PDI) { + if(dirProps[start]==PDI && pBiDi->isolateCount >= 0) { start1=pBiDi->isolates[pBiDi->isolateCount].start1; stateImp=pBiDi->isolates[pBiDi->isolateCount].stateImp; levState.state=pBiDi->isolates[pBiDi->isolateCount].state; debian/patches/CVE-2015-2632.patch0000644000000000000000000000564712574553333013260 0ustar Description: fix information disclosure via overflows Origin: other, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/efc8652da937 Bug: http://bugs.icu-project.org/trac/ticket/11865 Index: icu-55.1/source/layout/Features.cpp =================================================================== --- icu-55.1.orig/source/layout/Features.cpp 2015-03-27 17:17:46.000000000 -0400 +++ icu-55.1/source/layout/Features.cpp 2015-09-11 08:21:26.318996833 -0400 @@ -16,7 +16,7 @@ LEReferenceTo FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const { LEReferenceToArrayOf - featureRecordArrayRef(base, success, featureRecordArray, featureIndex); + featureRecordArrayRef(base, success, featureRecordArray, featureIndex+1); if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { return LEReferenceTo(); Index: icu-55.1/source/layout/LETableReference.h =================================================================== --- icu-55.1.orig/source/layout/LETableReference.h 2015-09-11 08:19:32.393829155 -0400 +++ icu-55.1/source/layout/LETableReference.h 2015-09-11 08:22:38.791739469 -0400 @@ -180,6 +180,18 @@ } /** + * Throw an error if size*count overflows + */ + size_t verifyLength(size_t offset, size_t size, le_uint32 count, LEErrorCode &success) { + if(count!=0 && size>LE_UINT32_MAX/count) { + LE_DEBUG_TR3("verifyLength failed size=%u, count=%u", size, count); + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + return verifyLength(offset, size*count, success); + } + + /** * Change parent link to another */ LETableReference &reparent(const LETableReference &base) { @@ -269,7 +281,7 @@ if(count == LE_UNBOUNDED_ARRAY) { // not a known length count = getLength()/LETableVarSizer::getSize(); // fit to max size } - LETableReference::verifyLength(0, LETableVarSizer::getSize()*count, success); + LETableReference::verifyLength(0, LETableVarSizer::getSize(), count, success); } if(LE_FAILURE(success)) { fCount=0; @@ -284,7 +296,7 @@ if(count == LE_UNBOUNDED_ARRAY) { // not a known length count = getLength()/LETableVarSizer::getSize(); // fit to max size } - LETableReference::verifyLength(0, LETableVarSizer::getSize()*count, success); + LETableReference::verifyLength(0, LETableVarSizer::getSize(), count, success); } if(LE_FAILURE(success)) clear(); } @@ -295,7 +307,7 @@ if(count == LE_UNBOUNDED_ARRAY) { // not a known length count = getLength()/LETableVarSizer::getSize(); // fit to max size } - LETableReference::verifyLength(0, LETableVarSizer::getSize()*count, success); + LETableReference::verifyLength(0, LETableVarSizer::getSize(), count, success); } if(LE_FAILURE(success)) clear(); } debian/patches/CVE-2017-786x.patch0000644000000000000000000002433213102106407013352 0ustar Description: fix out-of-bounds write in common/utext.cpp Origin: backport, http://bugs.icu-project.org/trac/changeset/39671 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1684298 Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314 Index: icu-52.1/source/common/utext.cpp =================================================================== --- icu-52.1.orig/source/common/utext.cpp 2017-05-02 09:41:49.623660178 -0400 +++ icu-52.1/source/common/utext.cpp 2017-05-02 09:41:49.611660030 -0400 @@ -831,9 +831,15 @@ U_CDECL_END //------------------------------------------------------------------------------ // Chunk size. -// Must be less than 85, because of byte mapping from UChar indexes to native indexes. -// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes -// to two UChars.) +// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes. +// Worst case there are six UTF-8 bytes per UChar. +// obsolete 6 byte form fd + 5 trails maps to fffd +// obsolete 5 byte form fc + 4 trails maps to fffd +// non-shortest 4 byte forms maps to fffd +// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit +// mapToUChars array size must allow for the worst case, 6. +// This could be brought down to 4, by treating fd and fc as pure illegal, +// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros. // enum { UTF8_TEXT_CHUNK_SIZE=32 }; @@ -873,7 +879,7 @@ struct UTF8Buf { // Requires two extra slots, // one for a supplementary starting in the last normal position, // and one for an entry for the buffer limit position. - uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to + uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to // correspoding offset in filled part of buf. int32_t align; }; @@ -1016,6 +1022,7 @@ utf8TextAccess(UText *ut, int64_t index, // Requested index is in this buffer. u8b = (UTF8Buf *)ut->p; // the current buffer mapIndex = ix - u8b->toUCharsMapStart; + U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; return TRUE; @@ -1282,6 +1289,10 @@ fillReverse: // Can only do this if the incoming index is somewhere in the interior of the string. // If index is at the end, there is no character there to look at. if (ix != ut->b) { + // Note: this function will only move the index back if it is on a trail byte + // and there is a preceding lead byte and the sequence from the lead + // through this trail could be part of a valid UTF-8 sequence + // Otherwise the index remains unchanged. U8_SET_CP_START(s8, 0, ix); } @@ -1295,7 +1306,10 @@ fillReverse: UChar *buf = u8b->buf; uint8_t *mapToNative = u8b->mapToNative; uint8_t *mapToUChars = u8b->mapToUChars; - int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1); + int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1; + // Note that toUCharsMapStart can be negative. Happens when the remaining + // text from current position to the beginning is less than the buffer size. + // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry. int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region // at end of buffer to leave room // for a surrogate pair at the @@ -1322,6 +1336,7 @@ fillReverse: if (c<0x80) { // Special case ASCII range for speed. buf[destIx] = (UChar)c; + U_ASSERT(toUCharsMapStart <= srcIx); mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx; mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart); } else { @@ -1351,6 +1366,7 @@ fillReverse: do { mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx; } while (sIx >= srcIx); + U_ASSERT(toUCharsMapStart <= (srcIx+1)); // Set native indexing limit to be the current position. // We are processing a non-ascii, non-native-indexing char now; @@ -1525,6 +1541,7 @@ utf8TextMapIndexToUTF16(const UText *ut, U_ASSERT(index>=ut->chunkNativeStart+ut->nativeIndexingLimit); U_ASSERT(index<=ut->chunkNativeLimit); int32_t mapIndex = index - u8b->toUCharsMapStart; + U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; U_ASSERT(offset>=0 && offset<=ut->chunkLength); return offset; Index: icu-52.1/source/test/intltest/utxttest.cpp =================================================================== --- icu-52.1.orig/source/test/intltest/utxttest.cpp 2017-05-02 09:41:49.623660178 -0400 +++ icu-52.1/source/test/intltest/utxttest.cpp 2017-05-02 09:43:01.544547699 -0400 @@ -57,6 +57,8 @@ UTextTest::runIndexedTest(int32_t index, if (exec) Ticket5560(); break; case 4: name = "Ticket6847"; if (exec) Ticket6847(); break; + case 5: name = "Ticket12888"; + if (exec) Ticket12888(); break; default: name = ""; break; } } @@ -1452,3 +1454,63 @@ void UTextTest::Ticket6847() { utext_close(ut); } + +// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal, +// six byte utf-8 forms. Original implementation had an assumption that +// there would be at most three utf-8 bytes per UTF-16 code unit. +// The five and six byte sequences map to a single replacement character. + +void UTextTest::Ticket12888() { + const char *badString = + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" + "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"; + + UErrorCode status = U_ZERO_ERROR; + LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status)); + TEST_SUCCESS(status); + for (;;) { + UChar32 c = utext_next32(ut.getAlias()); + if (c == U_SENTINEL) { + break; + } + } + int32_t endIdx = utext_getNativeIndex(ut.getAlias()); + if (endIdx != (int32_t)strlen(badString)) { + errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx); + return; + } + + for (int32_t prevIndex = endIdx; prevIndex>0;) { + UChar32 c = utext_previous32(ut.getAlias()); + int32_t currentIndex = utext_getNativeIndex(ut.getAlias()); + if (c != 0xfffd) { + errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n", + __FILE__, __LINE__, 0xfffd, c, currentIndex); + break; + } + if (currentIndex != prevIndex - 6) { + errln("%s:%d: wrong index. Expected, actual = %d, %d", + __FILE__, __LINE__, prevIndex - 6, currentIndex); + break; + } + prevIndex = currentIndex; + } +} Index: icu-52.1/source/test/intltest/utxttest.h =================================================================== --- icu-52.1.orig/source/test/intltest/utxttest.h 2017-05-02 09:41:49.623660178 -0400 +++ icu-52.1/source/test/intltest/utxttest.h 2017-05-02 09:43:11.524670856 -0400 @@ -33,6 +33,7 @@ public: void FreezeTest(); void Ticket5560(); void Ticket6847(); + void Ticket12888(); private: struct m { // Map between native indices & code points. debian/patches/CVE-2016-0494.patch0000644000000000000000000000621013060553423013237 0ustar Description: Arrange font actions Origin: upstream, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ce5c56e0676f Bug: (no upstream bug yet) --- icu-4.8.1.1.orig/source/layout/IndicRearrangementProcessor.cpp +++ icu-4.8.1.1/source/layout/IndicRearrangementProcessor.cpp @@ -51,11 +51,11 @@ } if (flags & irfMarkFirst) { - firstGlyph = (le_uint32)currGlyph; + firstGlyph = currGlyph; } if (flags & irfMarkLast) { - lastGlyph = (le_uint32)currGlyph; + lastGlyph = currGlyph; } doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); @@ -93,7 +93,7 @@ if (firstGlyph == lastGlyph) break; if (firstGlyph + 1 < firstGlyph) { success = LE_INDEX_OUT_OF_BOUNDS_ERROR; - break; + break; } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); --- icu-4.8.1.1.orig/source/layout/IndicRearrangementProcessor.h +++ icu-4.8.1.1/source/layout/IndicRearrangementProcessor.h @@ -51,8 +51,8 @@ static UClassID getStaticClassID(); protected: - le_uint32 firstGlyph; - le_uint32 lastGlyph; + le_int32 firstGlyph; + le_int32 lastGlyph; LEReferenceTo indicRearrangementSubtableHeader; LEReferenceToArrayOf entryTable; --- icu-4.8.1.1.orig/source/layout/IndicRearrangementProcessor2.cpp +++ icu-4.8.1.1/source/layout/IndicRearrangementProcessor2.cpp @@ -49,11 +49,11 @@ } if (flags & irfMarkFirst) { - firstGlyph = (le_uint32)currGlyph; + firstGlyph = currGlyph; } if (flags & irfMarkLast) { - lastGlyph = (le_uint32)currGlyph; + lastGlyph = currGlyph; } doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); @@ -90,7 +90,7 @@ if (firstGlyph == lastGlyph) break; if (firstGlyph + 1 < firstGlyph) { success = LE_INDEX_OUT_OF_BOUNDS_ERROR; - break; + break; } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); --- icu-4.8.1.1.orig/source/layout/IndicRearrangementProcessor2.h +++ icu-4.8.1.1/source/layout/IndicRearrangementProcessor2.h @@ -51,8 +51,8 @@ static UClassID getStaticClassID(); protected: - le_uint32 firstGlyph; - le_uint32 lastGlyph; + le_int32 firstGlyph; + le_int32 lastGlyph; LEReferenceToArrayOf entryTable; LEReferenceTo indicRearrangementSubtableHeader; --- icu-4.8.1.1.orig/source/runConfigureICU +++ icu-4.8.1.1/source/runConfigureICU @@ -370,7 +370,7 @@ then case $CC in gcc|*/gcc|*-gcc-*|*/*-gcc-*) - RELEASE_CFLAGS=-O3 + RELEASE_CFLAGS=-O3 -fno-strict-overflow ;; esac fi @@ -382,7 +382,7 @@ then case $CXX in g++|*/g++|*-g++-*|*/*-g++-*) - RELEASE_CXXFLAGS=-O3 + RELEASE_CXXFLAGS=-O3 -fno-strict-overflow ;; esac fi debian/patches/icuinfo-man.patch0000644000000000000000000000770212256335042014053 0ustar Description: supply manual page for program that doesn't have one Author: Jay Berkenbilt Bug: http://bugs.icu-project.org/trac/ticket/7665 Index: icu-52~m1/source/tools/icuinfo/Makefile.in =================================================================== --- icu-52~m1.orig/source/tools/icuinfo/Makefile.in 2013-09-14 18:53:23.552040471 -0400 +++ icu-52~m1/source/tools/icuinfo/Makefile.in 2013-09-14 18:53:23.544040471 -0400 @@ -14,8 +14,15 @@ ## Build directory information subdir = tools/icuinfo +TARGET_STUB_NAME = icuinfo + +SECTION = 1 + +MAN_FILES = $(TARGET_STUB_NAME).$(SECTION) + + ## Extra files to remove for 'make clean' -CLEANFILES = *~ $(DEPS) $(PLUGIN_OBJECTS) $(PLUGINFILE) $(PLUGIN) +CLEANFILES = *~ $(DEPS) $(PLUGIN_OBJECTS) $(PLUGINFILE) $(PLUGIN) $(MAN_FILES) ## Target information TARGET = icuinfo$(EXEEXT) @@ -35,7 +42,8 @@ ## List of phony targets .PHONY : all all-local install install-local clean clean-local \ -distclean distclean-local dist dist-local check check-local plugin-check +distclean distclean-local dist dist-local check check-local plugin-check \ +install-man ## Clear suffix list .SUFFIXES : @@ -48,12 +56,16 @@ dist: dist-local check: all check-local -all-local: $(TARGET) +all-local: $(TARGET) $(MAN_FILES) -install-local: all-local +install-local: all-local install-man $(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(INSTALL) $(TARGET) $(DESTDIR)$(bindir) +install-man: $(MAN_FILES) + $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/man$(SECTION) + $(INSTALL_DATA) $? $(DESTDIR)$(mandir)/man$(SECTION) + dist-local: clean-local: @@ -95,6 +107,9 @@ plugin-check: $(PLUGIN) $(PLUGINFILE) $(INVOKE) ICU_PLUGINS="$(CURR_FULL_DIR)" ./$(TARGET) -v -L +%.$(SECTION): $(srcdir)/%.$(SECTION).in + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status ifeq (,$(MAKECMDGOALS)) -include $(DEPS) Index: icu-52~m1/source/tools/icuinfo/icuinfo.1.in =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ icu-52~m1/source/tools/icuinfo/icuinfo.1.in 2013-09-14 18:53:23.552040471 -0400 @@ -0,0 +1,76 @@ +.\" Hey, Emacs! This is -*-nroff-*- you know... +.\" +.\" icuinfo.1: manual page for the icuinfo utility +.\" +.\" Copyright (C) 2005-2006 International Business Machines Corporation and others +.\" +.TH ICUINFO 1 "1 May 2010" "ICU MANPAGE" "ICU @VERSION@ Manual" +.SH NAME +.B icuinfo +\- Shows some basic info about the current ICU +.SH SYNOPSIS +.B icuinfo +[ +.BR "\-h\fP, \fB\-?\fP, \fB\-\-help" +] +[ +.BR "\-V\fP, \fB\-\-version" +] +[ +.BR "\-c\fP, \fB\-\-copyright" +] +[ +.BI "\-i\fP, \fB\-\-icudatadir" " directory" +] +[ +.BR "\-v\fP, \fB\-\-verbose" +] +[ +.BI "\-L\fP, \fB\-\-list-plugins" +] +[ +.BI "\-m\fP, \fB\-\-milisecond-time" +] +[ +.BI "\-K\fP, \fB\-\-cleanup" +] +.SH DESCRIPTION +.B icuinfo +prints basic information about the current version of ICU. +.SH OPTIONS +.TP +.BR "\-h\fP, \fB\-?\fP, \fB\-\-help" +Print help about usage and exit. +.TP +.BR "\-V\fP, \fB\-\-version" +Print the version of +.B icuinfo +and exit. +.TP +.BR "\-c\fP, \fB\-\-copyright" +Embeds the standard ICU copyright into the +.IR output-file . +.TP +.BR "\-v\fP, \fB\-\-verbose" +Display extra informative messages during execution. +.TP +.BI "\-i\fP, \fB\-\-icudatadir" " directory" +Look for any necessary ICU data files in +.IR directory . +For example, the file +.B pnames.icu +must be located when ICU's data is not built as a shared library. +The default ICU data directory is specified by the environment variable +.BR ICU_DATA . +Most configurations of ICU do not require this argument. +.TP +.BI "\-L\fP, \fB\-\-list-plugins" +If specified, list and diagnose issues with ICU plugins. +.TP +.BI "\-K\fP, \fB\-\-cleanup" +Attempt to unload plugins before exiting. +.TP +.BI "\-m\fP, \fB\-\-milisecond-time" +Print the current UTC time in milliseconds. +.SH COPYRIGHT +Copyright (C) 2010 International Business Machines Corporation and others debian/patches/CVE-2014-65xx.patch0000644000000000000000000001305712474110160013451 0ustar Description: fix information disclosure via incorrect font file parsing Origin: backport, http://bugs.icu-project.org/trac/changeset/37086 Bug: http://bugs.icu-project.org/trac/ticket/11525 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776264 Index: icu-52.1/source/layout/ContextualSubstSubtables.cpp =================================================================== --- icu-52.1.orig/source/layout/ContextualSubstSubtables.cpp 2013-10-04 16:54:52.000000000 -0400 +++ icu-52.1/source/layout/ContextualSubstSubtables.cpp 2015-02-27 09:17:11.031727861 -0500 @@ -466,6 +466,12 @@ const ChainSubClassRuleTable *chainSubClassRuleTable = (const ChainSubClassRuleTable *) ((char *) chainSubClassSetTable + chainSubClassRuleTableOffset); le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount); + + // TODO: Ticket #11557 - enable this check, originally from ticket #11525. + // Depends on other, more extensive, changes. + // LEReferenceToArrayOf backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount); + if( LE_FAILURE(success) ) { return 0; } + le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1; const le_uint16 *inputClassArray = &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1]; le_uint16 lookaheadGlyphCount = SWAPW(inputClassArray[inputGlyphCount]); Index: icu-52.1/source/layout/CursiveAttachmentSubtables.cpp =================================================================== --- icu-52.1.orig/source/layout/CursiveAttachmentSubtables.cpp 2013-10-04 16:54:56.000000000 -0400 +++ icu-52.1/source/layout/CursiveAttachmentSubtables.cpp 2015-02-27 09:17:11.035727894 -0500 @@ -20,7 +20,10 @@ le_int32 coverageIndex = getGlyphCoverage(base, glyphID, success); le_uint16 eeCount = SWAPW(entryExitCount); - if (coverageIndex < 0 || coverageIndex >= eeCount) { + LEReferenceToArrayOf + entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex); + + if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) { glyphIterator->setCursiveGlyph(); return 0; } Index: icu-52.1/source/layout/Features.cpp =================================================================== --- icu-52.1.orig/source/layout/Features.cpp 2013-10-04 16:54:56.000000000 -0400 +++ icu-52.1/source/layout/Features.cpp 2015-02-27 09:17:11.035727894 -0500 @@ -15,6 +15,9 @@ LEReferenceTo FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const { + LEReferenceToArrayOf + featureRecordArrayRef(base, success, featureRecordArray, featureIndex); + if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { return LEReferenceTo(); } Index: icu-52.1/source/layout/LETableReference.h =================================================================== --- icu-52.1.orig/source/layout/LETableReference.h 2013-10-04 16:54:56.000000000 -0400 +++ icu-52.1/source/layout/LETableReference.h 2015-02-27 09:17:11.035727894 -0500 @@ -313,7 +313,12 @@ const T *getAliasRAW() const { LE_DEBUG_TR("getAliasRAW<>"); return (const T*)fStart; } const T& getObject(le_uint32 i, LEErrorCode &success) const { - return *getAlias(i,success); + const T *ret = getAlias(i, success); + if (LE_FAILURE(success) || ret==NULL) { + return *(new T(0)); + } else { + return *ret; + } } const T& operator()(le_uint32 i, LEErrorCode &success) const { Index: icu-52.1/source/layout/LigatureSubstSubtables.cpp =================================================================== --- icu-52.1.orig/source/layout/LigatureSubstSubtables.cpp 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/LigatureSubstSubtables.cpp 2015-02-27 09:17:11.035727894 -0500 @@ -27,6 +27,9 @@ Offset ligTableOffset = SWAPW(ligSetTable->ligatureTableOffsetArray[lig]); const LigatureTable *ligTable = (const LigatureTable *) ((char *)ligSetTable + ligTableOffset); le_uint16 compCount = SWAPW(ligTable->compCount) - 1; + LEReferenceToArrayOf + componentArrayRef(base, success, ligTable->componentArray, compCount); + if (LE_FAILURE(success)) { return 0; } le_int32 startPosition = glyphIterator->getCurrStreamPosition(); TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph); le_uint16 comp; Index: icu-52.1/source/layout/MultipleSubstSubtables.cpp =================================================================== --- icu-52.1.orig/source/layout/MultipleSubstSubtables.cpp 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/MultipleSubstSubtables.cpp 2015-02-27 09:17:11.035727894 -0500 @@ -35,7 +35,12 @@ le_int32 coverageIndex = getGlyphCoverage(base, glyph, success); le_uint16 seqCount = SWAPW(sequenceCount); + LEReferenceToArrayOf + sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount); + if (LE_FAILURE(success)) { + return 0; + } if (coverageIndex >= 0 && coverageIndex < seqCount) { Offset sequenceTableOffset = SWAPW(sequenceTableOffsetArray[coverageIndex]); const SequenceTable *sequenceTable = (const SequenceTable *) ((char *) this + sequenceTableOffset); debian/patches/mlym-crash.patch0000644000000000000000000000204312256335042013713 0ustar Description: Fix crash on rendering incremental Malayalam text input Author: Caolán McNamara Origin: other, https://ssl.icu-project.org/trac/ticket/9948 Forwarded: https://ssl.icu-project.org/trac/ticket/9948 Last-Update: 2013-03-13 Index: icu-52~m1/source/layout/IndicClassTables.cpp =================================================================== --- icu-52~m1.orig/source/layout/IndicClassTables.cpp 2013-09-14 18:53:23.844040474 -0400 +++ icu-52~m1/source/layout/IndicClassTables.cpp 2013-09-14 18:53:23.844040474 -0400 @@ -273,7 +273,7 @@ static const IndicClassTable kndaClassTable = {0x0C80, 0x0CEF, 4, KNDA_SCRIPT_FLAGS, kndaCharClasses, kndaSplitTable}; -static const IndicClassTable mlymClassTable = {0x0D00, 0x0D6F, 3, MLYM_SCRIPT_FLAGS, mlymCharClasses, mlymSplitTable}; +static const IndicClassTable mlymClassTable = {0x0D00, 0x0D6F, 4, MLYM_SCRIPT_FLAGS, mlymCharClasses, mlymSplitTable}; static const IndicClassTable sinhClassTable = {0x0D80, 0x0DF4, 4, SINH_SCRIPT_FLAGS, sinhCharClasses, sinhSplitTable}; debian/patches/CVE-2016-6293.patch0000644000000000000000000002704513060553433013254 0ustar --- /source/common/unicode/localpointer.h +++ /source/common/unicode/localpointer.h @@ -238,6 +238,24 @@ public: */ explicit LocalArray(T *p=NULL) : LocalPointerBase(p) {} /** + * Constructor takes ownership and reports an error if NULL. + * + * This constructor is intended to be used with other-class constructors + * that may report a failure UErrorCode, + * so that callers need to check only for U_FAILURE(errorCode) + * and not also separately for isNull(). + * + * @param p simple pointer to an array of T objects that is adopted + * @param errorCode in/out UErrorCode, set to U_MEMORY_ALLOCATION_ERROR + * if p==NULL and no other failure code had been set + * @stable ICU 56 + */ + LocalArray(T *p, UErrorCode &errorCode) : LocalPointerBase(p) { + if(p==NULL && U_SUCCESS(errorCode)) { + errorCode=U_MEMORY_ALLOCATION_ERROR; + } + } + /** * Destructor deletes the array it owns. * @stable ICU 4.4 */ Index: /source/common/uloc.cpp =================================================================== --- /source/common/uloc.cpp (revision 39108) +++ /source/common/uloc.cpp (revision 39109) @@ -46,6 +46,8 @@ #include /* for sprintf */ +#define UPRV_LENGTHOF(array) (int32_t)(sizeof(array)/sizeof((array)[0])) + /* ### Declarations **************************************************/ /* Locale stuff from locid.cpp */ @@ -2240,5 +2242,5 @@ float q; int32_t dummy; /* to avoid uninitialized memory copy from qsort */ - char *locale; + char locale[ULOC_FULLNAME_CAPACITY+1]; } _acceptLangItem; @@ -2282,7 +2284,5 @@ UErrorCode *status) { - _acceptLangItem *j; - _acceptLangItem smallBuffer[30]; - char **strs; + MaybeStackArray<_acceptLangItem, 4> items; // Struct for collecting items. char tmp[ULOC_FULLNAME_CAPACITY +1]; int32_t n = 0; @@ -2293,11 +2293,7 @@ uloc_acceptLanguageFromHTTP(char *result int32_t res; int32_t i; int32_t l = (int32_t)uprv_strlen(httpAcceptLanguage); - int32_t jSize; - char *tempstr; /* Use for null pointer check */ - j = smallBuffer; - jSize = sizeof(smallBuffer)/sizeof(smallBuffer[0]); if(U_FAILURE(*status)) { return -1; } @@ -2325,27 +2321,29 @@ uloc_acceptLanguageFromHTTP(char *result while(isspace(*t)) { t++; } - j[n].q = (float)_uloc_strtod(t,NULL); + items[n].q = (float)_uloc_strtod(t,NULL); } else { /* no semicolon - it's 1.0 */ - j[n].q = 1.0f; + items[n].q = 1.0f; paramEnd = itemEnd; } - j[n].dummy=0; + items[n].dummy=0; /* eat spaces prior to semi */ for(t=(paramEnd-1);(paramEnd>s)&&isspace(*t);t--) ; - /* Check for null pointer from uprv_strndup */ - tempstr = uprv_strndup(s,(int32_t)((t+1)-s)); - if (tempstr == NULL) { - *status = U_MEMORY_ALLOCATION_ERROR; - return -1; + int32_t slen = ((t+1)-s); + if(slen > ULOC_FULLNAME_CAPACITY) { + *status = U_BUFFER_OVERFLOW_ERROR; + return -1; // too big } - j[n].locale = tempstr; - uloc_canonicalize(j[n].locale,tmp,sizeof(tmp)/sizeof(tmp[0]),status); - if(strcmp(j[n].locale,tmp)) { - uprv_free(j[n].locale); - j[n].locale=uprv_strdup(tmp); + uprv_strncpy(items[n].locale, s, slen); + items[n].locale[slen]=0; // terminate + int32_t clen = uloc_canonicalize(items[n].locale, tmp, UPRV_LENGTHOF(tmp)-1, status); + if(U_FAILURE(*status)) return -1; + if((clen!=slen) || (uprv_strncmp(items[n].locale, tmp, slen))) { + // canonicalization had an effect- copy back + uprv_strncpy(items[n].locale, tmp, clen); + items[n].locale[clen] = 0; // terminate } #if defined(ULOC_DEBUG) /*fprintf(stderr,"%d: s <%s> q <%g>\n", n, j[n].locale, j[n].q);*/ @@ -2356,42 +2354,18 @@ s++; } - if(n>=jSize) { - if(j==smallBuffer) { /* overflowed the small buffer. */ - j = static_cast<_acceptLangItem *>(uprv_malloc(sizeof(j[0])*(jSize*2))); - if(j!=NULL) { - uprv_memcpy(j,smallBuffer,sizeof(j[0])*jSize); - } + if(n>=items.getCapacity()) { // If we need more items + if(NULL == items.resize(items.getCapacity()*2, items.getCapacity())) { + *status = U_MEMORY_ALLOCATION_ERROR; + return -1; + } #if defined(ULOC_DEBUG) - fprintf(stderr,"malloced at size %d\n", jSize); + fprintf(stderr,"malloced at size %d\n", items.getCapacity()); #endif - } else { - j = static_cast<_acceptLangItem *>(uprv_realloc(j, sizeof(j[0])*jSize*2)); -#if defined(ULOC_DEBUG) - fprintf(stderr,"re-alloced at size %d\n", jSize); -#endif - } - jSize *= 2; - if(j==NULL) { - *status = U_MEMORY_ALLOCATION_ERROR; - return -1; - } - } - } - uprv_sortArray(j, n, sizeof(j[0]), uloc_acceptLanguageCompare, NULL, TRUE, status); + } + } + uprv_sortArray(items.getAlias(), n, sizeof(items[0]), uloc_acceptLanguageCompare, NULL, TRUE, status); + LocalArray strs(new const char*[n], *status); if(U_FAILURE(*status)) { - if(j != smallBuffer) { -#if defined(ULOC_DEBUG) - fprintf(stderr,"freeing j %p\n", j); -#endif - uprv_free(j); - } - return -1; - } - strs = static_cast(uprv_malloc((size_t)(sizeof(strs[0])*n))); - /* Check for null pointer */ - if (strs == NULL) { - uprv_free(j); /* Free to avoid memory leak */ - *status = U_MEMORY_ALLOCATION_ERROR; - return -1; + return -1; } for(i=0;i q <%g>\n", i, j[i].locale, j[i].q);*/ #endif - strs[i]=j[i].locale; + strs[i]=items[i].locale; } res = uloc_acceptLanguage(result, resultAvailable, outResult, - (const char**)strs, n, availableLocales, status); - for(i=0;i0)&&uprv_strcmp(tmp, tests[i].expect)) { - log_err_status(status, "FAIL: #%d: expected %s but got %s\n", i, tests[i].expect, tmp); - log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n", - i, http[tests[i].httpSet], tests[i].icuSet, tests[i].expect, acceptResult(tests[i].res)); + } + if((outResult>0)&&uprv_strcmp(tmp, tests[i].expect)) { + log_err_status(status, "FAIL: #%d: expected %s but got %s\n", i, tests[i].expect, tmp); + log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n", + i, http[tests[i].httpSet], tests[i].icuSet, tests[i].expect, acceptResult(tests[i].res)); + } } } debian/patches/CVE-2014-7926.patch0000644000000000000000000000752512474110176013260 0ustar Description: fix denial of service or possible code execution in regular expressions Origin: backport, http://bugs.icu-project.org/trac/changeset/36727 Bug: http://bugs.icu-project.org/trac/ticket/11369 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265 Index: icu-52.1/source/i18n/regexcmp.cpp =================================================================== --- icu-52.1.orig/source/i18n/regexcmp.cpp 2015-02-27 09:18:11.180235669 -0500 +++ icu-52.1/source/i18n/regexcmp.cpp 2015-02-27 09:18:24.828361498 -0500 @@ -2337,7 +2337,15 @@ int32_t topOfBlock = blockTopLoc(FALSE); if (fIntervalUpper == 0) { // Pathological case. Attempt no matches, as if the block doesn't exist. + // Discard the generated code for the block. + // If the block included parens, discard the info pertaining to them as well. fRXPat->fCompiledPat->setSize(topOfBlock); + if (fMatchOpenParen >= topOfBlock) { + fMatchOpenParen = -1; + } + if (fMatchCloseParen >= topOfBlock) { + fMatchCloseParen = -1; + } return TRUE; } Index: icu-52.1/source/i18n/regexcmp.h =================================================================== --- icu-52.1.orig/source/i18n/regexcmp.h 2013-10-04 16:48:44.000000000 -0400 +++ icu-52.1/source/i18n/regexcmp.h 2015-02-27 09:18:24.828361498 -0500 @@ -182,7 +182,9 @@ int32_t fMatchOpenParen; // The position in the compiled pattern // of the slot reserved for a state save // at the start of the most recently processed - // parenthesized block. + // parenthesized block. Updated when processing + // a close to the location for the corresponding open. + int32_t fMatchCloseParen; // The position in the pattern of the first // location after the most recently processed // parenthesized block. Index: icu-52.1/source/test/testdata/regextst.txt =================================================================== --- icu-52.1.orig/source/test/testdata/regextst.txt 2015-02-27 09:18:11.180235669 -0500 +++ icu-52.1/source/test/testdata/regextst.txt 2015-02-27 09:18:24.832361534 -0500 @@ -1201,6 +1201,15 @@ "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" G "<0>bob.smith@foo.tv" "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" "joe" +# Bug 11369 +# Incorrect optimization of patterns with a zero length quantifier {0} + +"(.|b)(|b){0}\$(?#xxx){3}(?>\D*)" "AAAAABBBBBCCCCCDDDDEEEEE" +"(|b)ab(c)" "<0><1>ab<2>c" +"(|b){0}a{3}(D*)" "<0>aaa<2>" +"(|b){0,1}a{3}(D*)" "<0><1>aaa<2>" +"((|b){0})a{3}(D*)" "<0><1>aaa<3>" + # Bug 11370 # Max match length computation of look-behind expression gives result that is too big to fit in the # in the 24 bit operand portion of the compiled code. Expressions should fail to compile @@ -1208,6 +1217,7 @@ "(?4/1/2001" debian/patches/CVE-2015-1270.patch0000644000000000000000000000147012574553326013245 0ustar Description: fix denial of service via mishandling of converter names with initial x- substrings Origin: upstream, http://bugs.icu-project.org/trac/changeset/37486 Index: icu-55.1/source/common/ucnv_io.cpp =================================================================== --- icu-55.1.orig/source/common/ucnv_io.cpp 2015-03-27 17:10:42.000000000 -0400 +++ icu-55.1/source/common/ucnv_io.cpp 2015-09-11 08:19:13.757638112 -0400 @@ -744,7 +744,7 @@ * the name begins with 'x-'. If it does, strip it off and try * again. This behaviour is similar to how ICU4J does it. */ - if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') { + if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') { aliasTmp = aliasTmp+2; } else { break; debian/patches/CVE-2014-7923.patch0000644000000000000000000000563412474110171013247 0ustar Description: fix denial of service or possible code execution in regular expressions Origin: backport, http://bugs.icu-project.org/trac/changeset/36724 Bug: http://bugs.icu-project.org/trac/ticket/11370 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265 Index: icu-52.1/source/i18n/regexcmp.cpp =================================================================== --- icu-52.1.orig/source/i18n/regexcmp.cpp 2013-10-04 16:48:42.000000000 -0400 +++ icu-52.1/source/i18n/regexcmp.cpp 2015-02-27 09:17:55.636092295 -0500 @@ -2133,6 +2133,10 @@ int32_t patEnd = fRXPat->fCompiledPat->size() - 1; int32_t minML = minMatchLength(fMatchOpenParen, patEnd); int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd); + if (URX_TYPE(maxML) != 0) { + error(U_REGEX_LOOK_BEHIND_LIMIT); + break; + } if (maxML == INT32_MAX) { error(U_REGEX_LOOK_BEHIND_LIMIT); break; @@ -2166,6 +2170,10 @@ int32_t patEnd = fRXPat->fCompiledPat->size() - 1; int32_t minML = minMatchLength(fMatchOpenParen, patEnd); int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd); + if (URX_TYPE(maxML) != 0) { + error(U_REGEX_LOOK_BEHIND_LIMIT); + break; + } if (maxML == INT32_MAX) { error(U_REGEX_LOOK_BEHIND_LIMIT); break; Index: icu-52.1/source/test/testdata/regextst.txt =================================================================== --- icu-52.1.orig/source/test/testdata/regextst.txt 2013-10-04 16:48:12.000000000 -0400 +++ icu-52.1/source/test/testdata/regextst.txt 2015-02-27 09:17:55.644092369 -0500 @@ -1200,6 +1200,14 @@ "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" G "<0>foo12@foo.edu" "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" G "<0>bob.smith@foo.tv" "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" "joe" + +# Bug 11370 +# Max match length computation of look-behind expression gives result that is too big to fit in the +# in the 24 bit operand portion of the compiled code. Expressions should fail to compile +# (Look-behind match length must be bounded. This case is treated as unbounded, an error.) + +"(?4/1/2001" debian/patches/CVE-2015-4844.patch0000644000000000000000000004667613060553407013267 0ustar Description: backport of CVE-2015-4844 patch from JDK CVE-2015-4844 was fixed through dbb4e2bdfa9e in JDK, but never backported to ICU. This patch is a port that removes a chunk that doesn't apply. That chunk (documented in ticket #12020 upstream) is not necessary because the inner loop does the check and in 4.4.1, there are no other statements at the end of the loop. . Note that this patch introduces CVE-2016-0494 which requires a different patch. Author: Antoine Beaupré --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: upstream, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e#l2.15 Bug: https://ssl.icu-project.org/trac/ticket/12020 Forwarded: no Reviewed-By: no Last-Update: 2016-01-30 --- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor.cpp +++ icu-4.4.1/source/layout/IndicRearrangementProcessor.cpp @@ -51,14 +51,14 @@ ByteOffset IndicRearrangementProcessor:: } if (flags & irfMarkFirst) { - firstGlyph = currGlyph; + firstGlyph = (le_uint32)currGlyph; } if (flags & irfMarkLast) { - lastGlyph = currGlyph; + lastGlyph = (le_uint32)currGlyph; } - doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask)); + doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); if (!(flags & irfDontAdvance)) { // XXX: Should handle reverse too... @@ -72,18 +72,29 @@ void IndicRearrangementProcessor::endSta { } -void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const +void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const { LEGlyphID a, b, c, d; le_int32 ia, ib, ic, id, ix, x; - LEErrorCode success = LE_NO_ERROR; + + if (LE_FAILURE(success)) return; + + if (verb == irvNoAction) { + return; + } + if (firstGlyph > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return; + } switch(verb) { - case irvNoAction: - break; - case irvxA: + if (firstGlyph == lastGlyph) break; + if (firstGlyph + 1 < firstGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); x = firstGlyph + 1; @@ -100,6 +111,11 @@ void IndicRearrangementProcessor::doRear break; case irvDx: + if (firstGlyph == lastGlyph) break; + if (lastGlyph - 1 > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } d = glyphStorage[lastGlyph]; id = glyphStorage.getCharIndex(lastGlyph, success); x = lastGlyph - 1; @@ -128,6 +144,11 @@ void IndicRearrangementProcessor::doRear break; case irvxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error. + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -149,6 +170,11 @@ void IndicRearrangementProcessor::doRear break; case irvxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -170,6 +196,11 @@ void IndicRearrangementProcessor::doRear break; case irvCDx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -191,6 +222,11 @@ void IndicRearrangementProcessor::doRear break; case irvDCx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -212,6 +248,11 @@ void IndicRearrangementProcessor::doRear break; case irvCDxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -237,6 +278,11 @@ void IndicRearrangementProcessor::doRear break; case irvDCxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -262,6 +308,11 @@ void IndicRearrangementProcessor::doRear break; case irvDxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -287,6 +338,11 @@ void IndicRearrangementProcessor::doRear break; case irvDxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -312,6 +368,10 @@ void IndicRearrangementProcessor::doRear break; case irvCDxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -334,6 +394,10 @@ void IndicRearrangementProcessor::doRear break; case irvCDxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -356,6 +420,10 @@ void IndicRearrangementProcessor::doRear break; case irvDCxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -378,6 +446,10 @@ void IndicRearrangementProcessor::doRear break; case irvDCxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; --- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor.h +++ icu-4.4.1/source/layout/IndicRearrangementProcessor.h @@ -31,7 +31,7 @@ public: virtual void endStateTable(); - void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const; + void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const; IndicRearrangementProcessor(const LEReferenceTo &morphSubtableHeader, LEErrorCode &success); virtual ~IndicRearrangementProcessor(); @@ -51,8 +51,8 @@ public: static UClassID getStaticClassID(); protected: - le_int32 firstGlyph; - le_int32 lastGlyph; + le_uint32 firstGlyph; + le_uint32 lastGlyph; LEReferenceTo indicRearrangementSubtableHeader; LEReferenceToArrayOf entryTable; --- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor2.cpp +++ icu-4.4.1/source/layout/IndicRearrangementProcessor2.cpp @@ -49,14 +49,14 @@ le_uint16 IndicRearrangementProcessor2:: } if (flags & irfMarkFirst) { - firstGlyph = currGlyph; + firstGlyph = (le_uint32)currGlyph; } if (flags & irfMarkLast) { - lastGlyph = currGlyph; + lastGlyph = (le_uint32)currGlyph; } - doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask)); + doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); if (!(flags & irfDontAdvance)) { currGlyph += dir; @@ -69,18 +69,29 @@ void IndicRearrangementProcessor2::endSt { } -void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const +void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const { LEGlyphID a, b, c, d; le_int32 ia, ib, ic, id, ix, x; - LEErrorCode success = LE_NO_ERROR; + + if (LE_FAILURE(success)) return; + + if (verb == irvNoAction) { + return; + } + if (firstGlyph > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return; + } switch(verb) { - case irvNoAction: - break; - case irvxA: + if (firstGlyph == lastGlyph) break; + if (firstGlyph + 1 < firstGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); x = firstGlyph + 1; @@ -97,6 +108,11 @@ void IndicRearrangementProcessor2::doRea break; case irvDx: + if (firstGlyph == lastGlyph) break; + if (lastGlyph - 1 > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } d = glyphStorage[lastGlyph]; id = glyphStorage.getCharIndex(lastGlyph, success); x = lastGlyph - 1; @@ -125,6 +141,11 @@ void IndicRearrangementProcessor2::doRea break; case irvxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error. + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -146,6 +167,11 @@ void IndicRearrangementProcessor2::doRea break; case irvxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -167,6 +193,11 @@ void IndicRearrangementProcessor2::doRea break; case irvCDx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -188,6 +219,11 @@ void IndicRearrangementProcessor2::doRea break; case irvDCx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -209,6 +245,11 @@ void IndicRearrangementProcessor2::doRea break; case irvCDxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -234,6 +275,11 @@ void IndicRearrangementProcessor2::doRea break; case irvDCxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -259,6 +305,11 @@ void IndicRearrangementProcessor2::doRea break; case irvDxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -284,6 +335,11 @@ void IndicRearrangementProcessor2::doRea break; case irvDxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -309,6 +365,10 @@ void IndicRearrangementProcessor2::doRea break; case irvCDxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -331,6 +391,10 @@ void IndicRearrangementProcessor2::doRea break; case irvCDxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -353,6 +417,10 @@ void IndicRearrangementProcessor2::doRea break; case irvDCxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -375,6 +443,10 @@ void IndicRearrangementProcessor2::doRea break; case irvDCxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; --- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor2.h +++ icu-4.4.1/source/layout/IndicRearrangementProcessor2.h @@ -31,7 +31,7 @@ public: virtual void endStateTable(); - void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const; + void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const; IndicRearrangementProcessor2(const LEReferenceTo &morphSubtableHeader, LEErrorCode &success); virtual ~IndicRearrangementProcessor2(); @@ -51,8 +51,8 @@ public: static UClassID getStaticClassID(); protected: - le_int32 firstGlyph; - le_int32 lastGlyph; + le_uint32 firstGlyph; + le_uint32 lastGlyph; LEReferenceToArrayOf entryTable; LEReferenceTo indicRearrangementSubtableHeader; --- icu-4.4.1.orig/source/layout/MorphTables.cpp +++ icu-4.4.1/source/layout/MorphTables.cpp @@ -56,6 +56,8 @@ void MorphSubtableHeader::process(const { SubtableProcessor *processor = NULL; + if (LE_FAILURE(success)) return; + switch (SWAPW(coverage) & scfTypeMask) { case mstIndicRearrangement: --- icu-4.4.1.orig/source/layout/MorphTables2.cpp +++ icu-4.4.1/source/layout/MorphTables2.cpp @@ -164,6 +164,7 @@ void MorphTableHeader2::process(const LE if(subtable>0) { le_uint32 length = SWAPL(subtableHeader->length); subtableHeader.addOffset(length, success); // Don't addOffset for the last entry. + if (LE_FAILURE(success)) break; } le_uint32 coverage = SWAPL(subtableHeader->coverage); FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures); @@ -179,6 +180,8 @@ void MorphSubtableHeader2::process(const { SubtableProcessor2 *processor = NULL; + if (LE_FAILURE(success)) return; + switch (SWAPL(coverage) & scfTypeMask2) { case mstIndicRearrangement: --- icu-4.4.1.orig/source/layout/SegmentArrayProcessor.cpp +++ icu-4.4.1/source/layout/SegmentArrayProcessor.cpp @@ -38,6 +38,8 @@ void SegmentArrayProcessor::process(LEGl le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; const LookupSegment *lookupSegment = segmentArrayLookupTable->lookupSegment(segmentArrayLookupTable, segments, thisGlyph, success); --- icu-4.4.1.orig/source/layout/SegmentArrayProcessor2.cpp +++ icu-4.4.1/source/layout/SegmentArrayProcessor2.cpp @@ -38,6 +38,8 @@ void SegmentArrayProcessor2::process(LEG le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; const LookupSegment *lookupSegment = segmentArrayLookupTable->lookupSegment(segmentArrayLookupTable, segments, thisGlyph, success); --- icu-4.4.1.orig/source/layout/SegmentSingleProcessor2.cpp +++ icu-4.4.1/source/layout/SegmentSingleProcessor2.cpp @@ -39,6 +39,8 @@ void SegmentSingleProcessor2::process(LE le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; const LookupSegment *lookupSegment = segmentSingleLookupTable->lookupSegment(segmentSingleLookupTable, segments, thisGlyph, success); --- icu-4.4.1.orig/source/layout/SimpleArrayProcessor2.cpp +++ icu-4.4.1/source/layout/SimpleArrayProcessor2.cpp @@ -36,10 +36,11 @@ SimpleArrayProcessor2::~SimpleArrayProce void SimpleArrayProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &success) { - if (LE_FAILURE(success)) return; le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; if (LE_GET_GLYPH(thisGlyph) < 0xFFFF) { --- icu-4.4.1.orig/source/layout/SingleTableProcessor.cpp +++ icu-4.4.1/source/layout/SingleTableProcessor.cpp @@ -38,6 +38,8 @@ void SingleTableProcessor::process(LEGly le_int32 glyph; le_int32 glyphCount = glyphStorage.getGlyphCount(); + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { const LookupSingle *lookupSingle = singleTableLookupTable->lookupSingle(singleTableLookupTable, entries, glyphStorage[glyph], success); debian/patches/CVE-2014-7940.patch0000644000000000000000000000411112475631440013243 0ustar Description: fix denial of service or possible code execution via uninitialized memory in the collator implementation Origin: other, https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100/patches/col.patch Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265 Bug-Google: https://code.google.com/p/chromium/issues/detail?id=433866 Updated by Marc Deslauriers to also fix a regression when running the test suite because source->endp was being used without checking UCOL_ITER_HASLEN. Index: icu-52.1/source/i18n/ucol.cpp =================================================================== --- icu-52.1.orig/source/i18n/ucol.cpp 2015-03-04 11:30:22.517367124 -0500 +++ icu-52.1/source/i18n/ucol.cpp 2015-03-04 11:30:22.513367089 -0500 @@ -2259,6 +2259,9 @@ if (data->pos + 1 == data->endp) { return *(data->pos ++); } + if (data->pos >= data->endp) { + return (UChar) -1; // return U+FFFF (non-char) to indicate an error + } } else { if (innormbuf) { @@ -2820,8 +2823,16 @@ goBackOne(source); } } - } else if (U16_IS_LEAD(schar)) { - miss = U16_GET_SUPPLEMENTARY(schar, getNextNormalizedChar(source)); + } else if (U16_IS_LEAD(schar) && + ((source->flags & UCOL_ITER_HASLEN) == 0 || + source->pos + 1 < source->endp)) { + const UChar* prevPos = source->pos; + UChar nextChar = getNextNormalizedChar(source); + if (U16_IS_TRAIL(nextChar)) { + miss = U16_GET_SUPPLEMENTARY(schar, nextChar); + } else if (prevPos < source->pos) { + goBackOne(source); + } } uint8_t sCC; debian/patches/CVE-2016-7415.patch0000644000000000000000000001277513060553441013254 0ustar Index: source/common/locid.cpp =================================================================== --- a/source/common/locid.cpp (revision 39353) +++ b/source/common/locid.cpp (revision 39356) @@ -41,6 +41,7 @@ #include "uhash.h" #include "ucln_cmn.h" #include "ustr_imp.h" +#include "charstr.h" #define LENGTHOF(array) (int32_t)(sizeof(array)/sizeof((array)[0])) @@ -57,4 +58,10 @@ static UHashtable *gDefaultLocalesHashT = NULL; static Locale *gDefaultLocale = NULL; + +/** + * \def ULOC_STRING_LIMIT + * strings beyond this value crash in CharString + */ +#define ULOC_STRING_LIMIT 357913941 U_NAMESPACE_END @@ -253,5 +260,5 @@ else { - MaybeStackArray togo; + UErrorCode status = U_ZERO_ERROR; int32_t size = 0; int32_t lsize = 0; @@ -259,5 +266,4 @@ int32_t vsize = 0; int32_t ksize = 0; - char *p; // Calculate the size of the resulting string. @@ -267,6 +273,12 @@ { lsize = (int32_t)uprv_strlen(newLanguage); + if ( lsize < 0 || lsize > ULOC_STRING_LIMIT ) { // int32 wrap + setToBogus(); + return; + } size = lsize; } + + CharString togo(newLanguage, lsize, status); // start with newLanguage // _Country @@ -274,4 +286,8 @@ { csize = (int32_t)uprv_strlen(newCountry); + if ( csize < 0 || csize > ULOC_STRING_LIMIT ) { // int32 wrap + setToBogus(); + return; + } size += csize; } @@ -288,4 +304,8 @@ // remove trailing _'s vsize = (int32_t)uprv_strlen(newVariant); + if ( vsize < 0 || vsize > ULOC_STRING_LIMIT ) { // int32 wrap + setToBogus(); + return; + } while( (vsize>1) && (newVariant[vsize-1] == SEP_CHAR) ) { @@ -312,48 +332,34 @@ { ksize = (int32_t)uprv_strlen(newKeywords); + if ( ksize < 0 || ksize > ULOC_STRING_LIMIT ) { + setToBogus(); + return; + } size += ksize + 1; } - + if (size < 0) { + setToBogus(); + return; + } // NOW we have the full locale string.. - - /*if the whole string is longer than our internal limit, we need - to go to the heap for temporary buffers*/ - if (size >= togo.getCapacity()) - { - // If togo_heap could not be created, initialize with default settings. - if (togo.resize(size+1) == NULL) { - init(NULL, FALSE); - } - } - - togo[0] = 0; - // Now, copy it back. - p = togo.getAlias(); - if ( lsize != 0 ) - { - uprv_strcpy(p, newLanguage); - p += lsize; - } + + // newLanguage is already copied if ( ( vsize != 0 ) || (csize != 0) ) // at least: __v { // ^ - *p++ = SEP_CHAR; + togo.append(SEP_CHAR, status); } if ( csize != 0 ) { - uprv_strcpy(p, newCountry); - p += csize; + togo.append(newCountry, status); } if ( vsize != 0) { - *p++ = SEP_CHAR; // at least: __v - - uprv_strncpy(p, newVariant, vsize); // Must use strncpy because - p += vsize; // of trimming (above). - *p = 0; // terminate + togo.append(SEP_CHAR, status) + .append(newVariant, vsize, status); } @@ -361,19 +367,23 @@ { if (uprv_strchr(newKeywords, '=')) { - *p++ = '@'; /* keyword parsing */ + togo.append('@', status); /* keyword parsing */ } else { - *p++ = '_'; /* Variant parsing with a script */ + togo.append('_', status); /* Variant parsing with a script */ if ( vsize == 0) { - *p++ = '_'; /* No country found */ + togo.append('_', status); /* No country found */ } } - uprv_strcpy(p, newKeywords); - p += ksize; - } - + togo.append(newKeywords, status); + } + + if (U_FAILURE(status)) { + // Something went wrong with appending, etc. + setToBogus(); + return; + } // Parse it, because for example 'language' might really be a complete // string. - init(togo.getAlias(), FALSE); + init(togo.data(), FALSE); } } Index: source/test/intltest/numfmtst.cpp =================================================================== --- a/source/test/intltest/numfmtst.cpp (revision 39353) +++ b/source/test/intltest/numfmtst.cpp (revision 39356) @@ -1951,9 +1951,10 @@ const char *localeName = badLocales[i]; Locale locBad(localeName); + TEST_ASSERT_TRUE(!locBad.isBogus()); UErrorCode status = U_ZERO_ERROR; UnicodeString intlCurrencySymbol((UChar)0xa4); intlCurrencySymbol.append((UChar)0xa4); - + logln("Current locale is %s", Locale::getDefault().getName()); Locale::setDefault(locBad, status); debian/patches/malayalam-rendering.patch0000644000000000000000000001525312256335042015557 0ustar Description: revert change that broke Malayam rendering Origin: reverse patch from http://bugs.icu-project.org/trac/changeset/26090/icu/trunk/source/layout/IndicReordering.cpp Bug: http://bugs.icu-project.org/trac/ticket/8198 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=654200 Bug-Debian: http://bugs.debian.org/591615 Index: icu-52~m1/source/layout/IndicReordering.cpp =================================================================== --- icu-52~m1.orig/source/layout/IndicReordering.cpp 2013-09-14 18:53:23.656040472 -0400 +++ icu-52~m1/source/layout/IndicReordering.cpp 2013-09-14 18:53:23.656040472 -0400 @@ -129,10 +129,6 @@ le_int32 fSMIndex; FeatureMask fSMFeatures; - LEUnicode fPreBaseConsonant; - LEUnicode fPreBaseVirama; - le_int32 fPBCIndex; - FeatureMask fPBCFeatures; void saveMatra(LEUnicode matra, le_int32 matraIndex, IndicClassTable::CharClass matraClass) { @@ -179,8 +175,7 @@ fMpost(0), fMpostIndex(0), fLengthMark(0), fLengthMarkIndex(0), fAlLakuna(0), fAlLakunaIndex(0), fMatraFeatures(0), fMPreOutIndex(-1), fMPreFixups(mpreFixups), fVMabove(0), fVMpost(0), fVMIndex(0), fVMFeatures(0), - fSMabove(0), fSMbelow(0), fSMIndex(0), fSMFeatures(0), - fPreBaseConsonant(0), fPreBaseVirama(0), fPBCIndex(0), fPBCFeatures(0) + fSMabove(0), fSMbelow(0), fSMIndex(0), fSMFeatures(0) { // nothing else to do... } @@ -199,8 +194,6 @@ fVMabove = fVMpost = 0; fSMabove = fSMbelow = 0; - - fPreBaseConsonant = fPreBaseVirama = 0; } void writeChar(LEUnicode ch, le_uint32 charIndex, FeatureMask charFeatures) @@ -396,14 +389,6 @@ } } - void notePreBaseConsonant(le_uint32 index,LEUnicode PBConsonant, LEUnicode PBVirama, FeatureMask features) - { - fPBCIndex = index; - fPreBaseConsonant = PBConsonant; - fPreBaseVirama = PBVirama; - fPBCFeatures = features; - } - void noteBaseConsonant() { if (fMPreFixups != NULL && fMPreOutIndex >= 0) { @@ -483,22 +468,6 @@ } } - void writePreBaseConsonant() - { - // The TDIL spec says that consonant + virama + RRA should produce a rakar in Malayalam. However, - // it seems that almost none of the fonts for Malayalam are set up to handle this. - // So, we're going to force the issue here by using the rakar as defined with RA in most fonts. - - if (fPreBaseConsonant == 0x0d31) { // RRA - fPreBaseConsonant = 0x0d30; // RA - } - - if (fPreBaseConsonant != 0) { - writeChar(fPreBaseConsonant, fPBCIndex, fPBCFeatures); - writeChar(fPreBaseVirama,fPBCIndex-1,fPBCFeatures); - } - } - le_int32 getOutputIndex() { return fOutIndex; @@ -770,7 +739,6 @@ lastConsonant -= 1; } - IndicClassTable::CharClass charClass = CC_RESERVED; IndicClassTable::CharClass nextClass = CC_RESERVED; le_int32 baseConsonant = lastConsonant; @@ -778,11 +746,9 @@ le_int32 postBaseLimit = classTable->scriptFlags & SF_POST_BASE_LIMIT_MASK; le_bool seenVattu = FALSE; le_bool seenBelowBaseForm = FALSE; - le_bool seenPreBaseForm = FALSE; le_bool hasNukta = FALSE; le_bool hasBelowBaseForm = FALSE; le_bool hasPostBaseForm = FALSE; - le_bool hasPreBaseForm = FALSE; if (postBase < markStart && classTable->isNukta(chars[postBase])) { charClass = CC_NUKTA; @@ -796,22 +762,14 @@ hasBelowBaseForm = IndicClassTable::hasBelowBaseForm(charClass) && !hasNukta; hasPostBaseForm = IndicClassTable::hasPostBaseForm(charClass) && !hasNukta; - hasPreBaseForm = IndicClassTable::hasPreBaseForm(charClass) && !hasNukta; if (IndicClassTable::isConsonant(charClass)) { if (postBaseLimit == 0 || seenVattu || (baseConsonant > baseLimit && !classTable->isVirama(chars[baseConsonant - 1])) || - !(hasBelowBaseForm || hasPostBaseForm || hasPreBaseForm)) { + !(hasBelowBaseForm || hasPostBaseForm)) { break; } - // Note any pre-base consonants - if ( baseConsonant == lastConsonant && lastConsonant > 0 && - hasPreBaseForm && classTable->isVirama(chars[baseConsonant - 1])) { - output.notePreBaseConsonant(lastConsonant,chars[lastConsonant],chars[lastConsonant-1],tagArray2); - seenPreBaseForm = TRUE; - - } // consonants with nuktas are never vattus seenVattu = IndicClassTable::isVattu(charClass) && !hasNukta; @@ -844,14 +802,12 @@ } // write any pre-base consonants - output.writePreBaseConsonant(); - le_bool supressVattu = TRUE; for (i = baseLimit; i < baseConsonant; i += 1) { LEUnicode ch = chars[i]; - // Don't put 'pstf' or 'blwf' on anything before the base consonant. - FeatureMask features = tagArray1 & ~( pstfFeatureMask | blwfFeatureMask ); + // Don't put 'blwf' on first consonant. + FeatureMask features = (i == baseLimit? tagArray2 : tagArray1); charClass = classTable->getCharClass(ch); nextClass = classTable->getCharClass(chars[i + 1]); @@ -902,7 +858,7 @@ } // write below-base consonants - if (baseConsonant != lastConsonant && !seenPreBaseForm) { + if (baseConsonant != lastConsonant) { for (i = bcSpan + 1; i < postBase; i += 1) { output.writeChar(chars[i], i, tagArray1); } @@ -932,7 +888,7 @@ // write post-base consonants // FIXME: does this put the right tags on post-base consonants? - if (baseConsonant != lastConsonant && !seenPreBaseForm) { + if (baseConsonant != lastConsonant) { if (postBase <= lastConsonant) { for (i = postBase; i <= lastConsonant; i += 1) { output.writeChar(chars[i], i, tagArray3); @@ -1200,7 +1156,7 @@ } -void IndicReordering::getDynamicProperties( DynamicProperties *, const IndicClassTable *classTable ) { +void IndicReordering::getDynamicProperties( DynamicProperties */*dProps*/, const IndicClassTable *classTable ) { LEUnicode currentChar; debian/patches/CVE-2017-15422.patch0000644000000000000000000001246713256460735013342 0ustar Description: fix integer overflow in Persian Cal Origin: backport, http://bugs.icu-project.org/trac/changeset/40654 Bug-Google: https://code.google.com/p/chromium/issues/detail?id=774382 Index: icu-57.1/source/i18n/gregoimp.cpp =================================================================== --- icu-57.1.orig/source/i18n/gregoimp.cpp 2016-03-23 16:49:38.000000000 -0400 +++ icu-57.1/source/i18n/gregoimp.cpp 2018-03-27 10:37:58.889087220 -0400 @@ -29,6 +29,11 @@ int32_t ClockMath::floorDivide(int32_t n numerator / denominator : ((numerator + 1) / denominator) - 1; } +int64_t ClockMath::floorDivide(int64_t numerator, int64_t denominator) { + return (numerator >= 0) ? + numerator / denominator : ((numerator + 1) / denominator) - 1; +} + int32_t ClockMath::floorDivide(double numerator, int32_t denominator, int32_t& remainder) { double quotient; Index: icu-57.1/source/i18n/gregoimp.h =================================================================== --- icu-57.1.orig/source/i18n/gregoimp.h 2016-03-23 16:49:42.000000000 -0400 +++ icu-57.1/source/i18n/gregoimp.h 2018-03-27 10:37:58.897087230 -0400 @@ -39,6 +39,17 @@ class ClockMath { static int32_t floorDivide(int32_t numerator, int32_t denominator); /** + * Divide two integers, returning the floor of the quotient. + * Unlike the built-in division, this is mathematically + * well-behaved. E.g., -1/4 => 0 but + * floorDivide(-1,4) => -1. + * @param numerator the numerator + * @param denominator a divisor which must be != 0 + * @return the floor of the quotient + */ + static int64_t floorDivide(int64_t numerator, int64_t denominator); + + /** * Divide two numbers, returning the floor of the quotient. * Unlike the built-in division, this is mathematically * well-behaved. E.g., -1/4 => 0 but Index: icu-57.1/source/i18n/persncal.cpp =================================================================== --- icu-57.1.orig/source/i18n/persncal.cpp 2016-03-23 16:49:38.000000000 -0400 +++ icu-57.1/source/i18n/persncal.cpp 2018-03-27 10:37:58.897087230 -0400 @@ -211,7 +211,7 @@ void PersianCalendar::handleComputeField int32_t year, month, dayOfMonth, dayOfYear; int32_t daysSinceEpoch = julianDay - PERSIAN_EPOCH; - year = 1 + ClockMath::floorDivide(33 * daysSinceEpoch + 3, 12053); + year = 1 + (int32_t)ClockMath::floorDivide(33 * (int64_t)daysSinceEpoch + 3, (int64_t)12053); int32_t farvardin1 = 365 * (year - 1) + ClockMath::floorDivide(8 * year + 21, 33); dayOfYear = (daysSinceEpoch - farvardin1); // 0-based Index: icu-57.1/source/test/intltest/calregts.cpp =================================================================== --- icu-57.1.orig/source/test/intltest/calregts.cpp 2016-03-23 16:48:40.000000000 -0400 +++ icu-57.1/source/test/intltest/calregts.cpp 2018-03-27 10:37:58.901087235 -0400 @@ -10,6 +10,7 @@ #include "calregts.h" +#include "unicode/calendar.h" #include "unicode/gregocal.h" #include "unicode/simpletz.h" #include "unicode/smpdtfmt.h" @@ -89,6 +90,7 @@ CalendarRegressionTest::runIndexedTest( CASE(49,Test9019); CASE(50,TestT9452); default: name = ""; break; + CASE(52,TestPersianCalOverflow); } } @@ -1222,7 +1224,37 @@ void CalendarRegressionTest::test4103271 } if (fail) errln("Fail: Week of year misbehaving"); -} +} + +/** + * @bug ticket 13454 + */ +void CalendarRegressionTest::TestPersianCalOverflow(void) { + const char* localeID = "bs_Cyrl@calendar=persian"; + UErrorCode status = U_ZERO_ERROR; + Calendar* cal = Calendar::createInstance(Locale(localeID), status); + if(U_FAILURE(status)) { + dataerrln("FAIL: Calendar::createInstance for localeID %s: %s", localeID, u_errorName(status)); + } else { + int32_t maxMonth = cal->getMaximum(UCAL_MONTH); + int32_t maxDayOfMonth = cal->getMaximum(UCAL_DATE); + int32_t jd, month, dayOfMonth; + for (jd = 67023580; jd <= 67023584; jd++) { // year 178171, int32_t overflow if jd >= 67023582 + status = U_ZERO_ERROR; + cal->clear(); + cal->set(UCAL_JULIAN_DAY, jd); + month = cal->get(UCAL_MONTH, status); + dayOfMonth = cal->get(UCAL_DATE, status); + if ( U_FAILURE(status) ) { + errln("FAIL: Calendar->get MONTH/DATE for localeID %s, julianDay %d, status %s\n", localeID, jd, u_errorName(status)); + } else if (month > maxMonth || dayOfMonth > maxDayOfMonth) { + errln("FAIL: localeID %s, julianDay %d; maxMonth %d, got month %d; maxDayOfMonth %d, got dayOfMonth %d\n", + localeID, jd, maxMonth, month, maxDayOfMonth, dayOfMonth); + } + } + delete cal; + } +} /** * @bug 4106136 Index: icu-57.1/source/test/intltest/calregts.h =================================================================== --- icu-57.1.orig/source/test/intltest/calregts.h 2016-03-23 16:48:38.000000000 -0400 +++ icu-57.1/source/test/intltest/calregts.h 2018-03-27 10:37:58.901087235 -0400 @@ -78,6 +78,7 @@ public: void printdate(GregorianCalendar *cal, const char *string); void dowTest(UBool lenient) ; + void TestPersianCalOverflow(void); static UDate getAssociatedDate(UDate d, UErrorCode& status); debian/patches/CVE-2014-9654.patch0000644000000000000000000014767312474110211013257 0ustar Description: fix denial of service via incorrect pattern size limits Origin: backport, http://bugs.icu-project.org/trac/changeset/36801 Bug: http://bugs.icu-project.org/trac/ticket/11371 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719 Index: icu-52.1/source/common/unicode/utypes.h =================================================================== --- icu-52.1.orig/source/common/unicode/utypes.h 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/common/unicode/utypes.h 2015-02-27 09:42:29.197386579 -0500 @@ -647,6 +647,7 @@ U_REGEX_STACK_OVERFLOW, /**< Regular expression backtrack stack overflow. */ U_REGEX_TIME_OUT, /**< Maximum allowed match time exceeded */ U_REGEX_STOPPED_BY_CALLER, /**< Matching operation aborted by user callback fn. */ + U_REGEX_PATTERN_TOO_BIG, /**< Pattern exceeds limits on size or complexity. @draft ICU 55 */ U_REGEX_ERROR_LIMIT, /**< This must always be the last value to indicate the limit for regexp errors */ /* Index: icu-52.1/source/common/utypes.c =================================================================== --- icu-52.1.orig/source/common/utypes.c 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/common/utypes.c 2015-02-27 09:42:29.201386614 -0500 @@ -165,7 +165,8 @@ "U_REGEX_INVALID_RANGE", "U_REGEX_STACK_OVERFLOW", "U_REGEX_TIME_OUT", - "U_REGEX_STOPPED_BY_CALLER" + "U_REGEX_STOPPED_BY_CALLER", + "U_REGEX_PATTERN_TOO_BIG" }; static const char * const Index: icu-52.1/source/i18n/regexcmp.cpp =================================================================== --- icu-52.1.orig/source/i18n/regexcmp.cpp 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/i18n/regexcmp.cpp 2015-02-27 09:42:29.201386614 -0500 @@ -302,7 +302,7 @@ // present in the saved state: the input string position (int64_t) and // the position in the compiled pattern. // - fRXPat->fFrameSize+=RESTACKFRAME_HDRCOUNT; + allocateStackData(RESTACKFRAME_HDRCOUNT); // // Optimization pass 1: NOPs, back-references, and case-folding @@ -368,9 +368,9 @@ // the start of an ( grouping. //4 NOP Resreved, will be replaced by a save if there are // OR | operators at the top level - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_STATE_SAVE, 2), *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_JMP, 3), *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_FAIL, 0), *fStatus); + appendOp(URX_STATE_SAVE, 2); + appendOp(URX_JMP, 3); + appendOp(URX_FAIL, 0); // Standard open nonCapture paren action emits the two NOPs and // sets up the paren stack frame. @@ -393,7 +393,7 @@ } // add the END operation to the compiled pattern. - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_END, 0), *fStatus); + appendOp(URX_END, 0); // Terminate the pattern compilation state machine. returnVal = FALSE; @@ -415,14 +415,13 @@ int32_t savePosition = fParenStack.popi(); int32_t op = (int32_t)fRXPat->fCompiledPat->elementAti(savePosition); U_ASSERT(URX_TYPE(op) == URX_NOP); // original contents of reserved location - op = URX_BUILD(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+1); + op = buildOp(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+1); fRXPat->fCompiledPat->setElementAt(op, savePosition); // Append an JMP operation into the compiled pattern. The operand for // the JMP will eventually be the location following the ')' for the // group. This will be patched in later, when the ')' is encountered. - op = URX_BUILD(URX_JMP, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_JMP, 0); // Push the position of the newly added JMP op onto the parentheses stack. // This registers if for fixup when this block's close paren is encountered. @@ -431,7 +430,7 @@ // Append a NOP to the compiled pattern. This is the slot reserved // for a SAVE in the event that there is yet another '|' following // this one. - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); + appendOp(URX_NOP, 0); fParenStack.push(fRXPat->fCompiledPat->size()-1, *fStatus); } break; @@ -457,12 +456,10 @@ // END_CAPTURE is encountered. { fixLiterals(); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); - int32_t varsLoc = fRXPat->fFrameSize; // Reserve three slots in match stack frame. - fRXPat->fFrameSize += 3; - int32_t cop = URX_BUILD(URX_START_CAPTURE, varsLoc); - fRXPat->fCompiledPat->addElement(cop, *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); + appendOp(URX_NOP, 0); + int32_t varsLoc = allocateStackData(3); // Reserve three slots in match stack frame. + appendOp(URX_START_CAPTURE, varsLoc); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the two NOPs. Depending on what follows in the pattern, the @@ -487,8 +484,8 @@ // is an '|' alternation within the parens. { fixLiterals(); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); + appendOp(URX_NOP, 0); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the two NOPs. @@ -510,12 +507,10 @@ // is an '|' alternation within the parens. { fixLiterals(); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); - int32_t varLoc = fRXPat->fDataSize; // Reserve a data location for saving the - fRXPat->fDataSize += 1; // state stack ptr. - int32_t stoOp = URX_BUILD(URX_STO_SP, varLoc); - fRXPat->fCompiledPat->addElement(stoOp, *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); + appendOp(URX_NOP, 0); + int32_t varLoc = allocateData(1); // Reserve a data location for saving the state stack ptr. + appendOp(URX_STO_SP, varLoc); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the two NOPs. Depending on what follows in the pattern, the @@ -558,26 +553,14 @@ // Two data slots are reserved, for saving the stack ptr and the input position. { fixLiterals(); - int32_t dataLoc = fRXPat->fDataSize; - fRXPat->fDataSize += 2; - int32_t op = URX_BUILD(URX_LA_START, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+ 2); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_JMP, fRXPat->fCompiledPat->size()+ 3); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_LA_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_BACKTRACK, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_NOP, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); - fRXPat->fCompiledPat->addElement(op, *fStatus); + int32_t dataLoc = allocateData(2); + appendOp(URX_LA_START, dataLoc); + appendOp(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+ 2); + appendOp(URX_JMP, fRXPat->fCompiledPat->size()+ 3); + appendOp(URX_LA_END, dataLoc); + appendOp(URX_BACKTRACK, 0); + appendOp(URX_NOP, 0); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the NOPs. @@ -602,16 +585,10 @@ // an alternate (transparent) region. { fixLiterals(); - int32_t dataLoc = fRXPat->fDataSize; - fRXPat->fDataSize += 2; - int32_t op = URX_BUILD(URX_LA_START, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_STATE_SAVE, 0); // dest address will be patched later. - fRXPat->fCompiledPat->addElement(op, *fStatus); - - op = URX_BUILD(URX_NOP, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); + int32_t dataLoc = allocateData(2); + appendOp(URX_LA_START, dataLoc); + appendOp(URX_STATE_SAVE, 0); // dest address will be patched later. + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the StateSave and NOP. @@ -649,23 +626,19 @@ fixLiterals(); // Allocate data space - int32_t dataLoc = fRXPat->fDataSize; - fRXPat->fDataSize += 4; + int32_t dataLoc = allocateData(4); // Emit URX_LB_START - int32_t op = URX_BUILD(URX_LB_START, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LB_START, dataLoc); // Emit URX_LB_CONT - op = URX_BUILD(URX_LB_CONT, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - fRXPat->fCompiledPat->addElement(0, *fStatus); // MinMatchLength. To be filled later. - fRXPat->fCompiledPat->addElement(0, *fStatus); // MaxMatchLength. To be filled later. - - // Emit the NOP - op = URX_BUILD(URX_NOP, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LB_CONT, dataLoc); + appendOp(URX_RESERVED_OP, 0); // MinMatchLength. To be filled later. + appendOp(URX_RESERVED_OP, 0); // MaxMatchLength. To be filled later. + + // Emit the NOPs + appendOp(URX_NOP, 0); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the URX_LB_CONT and the NOP. @@ -705,24 +678,20 @@ fixLiterals(); // Allocate data space - int32_t dataLoc = fRXPat->fDataSize; - fRXPat->fDataSize += 4; + int32_t dataLoc = allocateData(4); // Emit URX_LB_START - int32_t op = URX_BUILD(URX_LB_START, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LB_START, dataLoc); // Emit URX_LBN_CONT - op = URX_BUILD(URX_LBN_CONT, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - fRXPat->fCompiledPat->addElement(0, *fStatus); // MinMatchLength. To be filled later. - fRXPat->fCompiledPat->addElement(0, *fStatus); // MaxMatchLength. To be filled later. - fRXPat->fCompiledPat->addElement(0, *fStatus); // Continue Loc. To be filled later. - - // Emit the NOP - op = URX_BUILD(URX_NOP, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LBN_CONT, dataLoc); + appendOp(URX_RESERVED_OP, 0); // MinMatchLength. To be filled later. + appendOp(URX_RESERVED_OP, 0); // MaxMatchLength. To be filled later. + appendOp(URX_RESERVED_OP, 0); // Continue Loc. To be filled later. + + // Emit the NOPs + appendOp(URX_NOP, 0); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the URX_LB_CONT and the NOP. @@ -792,12 +761,9 @@ if (URX_TYPE(repeatedOp) == URX_SETREF) { // Emit optimized code for [char set]+ - int32_t loopOpI = URX_BUILD(URX_LOOP_SR_I, URX_VAL(repeatedOp)); - fRXPat->fCompiledPat->addElement(loopOpI, *fStatus); - frameLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; - int32_t loopOpC = URX_BUILD(URX_LOOP_C, frameLoc); - fRXPat->fCompiledPat->addElement(loopOpC, *fStatus); + appendOp(URX_LOOP_SR_I, URX_VAL(repeatedOp)); + frameLoc = allocateStackData(1); + appendOp(URX_LOOP_C, frameLoc); break; } @@ -805,7 +771,7 @@ URX_TYPE(repeatedOp) == URX_DOTANY_ALL || URX_TYPE(repeatedOp) == URX_DOTANY_UNIX) { // Emit Optimized code for .+ operations. - int32_t loopOpI = URX_BUILD(URX_LOOP_DOT_I, 0); + int32_t loopOpI = buildOp(URX_LOOP_DOT_I, 0); if (URX_TYPE(repeatedOp) == URX_DOTANY_ALL) { // URX_LOOP_DOT_I operand is a flag indicating ". matches any" mode. loopOpI |= 1; @@ -813,11 +779,9 @@ if (fModeFlags & UREGEX_UNIX_LINES) { loopOpI |= 2; } - fRXPat->fCompiledPat->addElement(loopOpI, *fStatus); - frameLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; - int32_t loopOpC = URX_BUILD(URX_LOOP_C, frameLoc); - fRXPat->fCompiledPat->addElement(loopOpC, *fStatus); + appendOp(loopOpI); + frameLoc = allocateStackData(1); + appendOp(URX_LOOP_C, frameLoc); break; } @@ -831,18 +795,15 @@ // Zero length match is possible. // Emit the code sequence that can handle it. insertOp(topLoc); - frameLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; + frameLoc = allocateStackData(1); - int32_t op = URX_BUILD(URX_STO_INP_LOC, frameLoc); + int32_t op = buildOp(URX_STO_INP_LOC, frameLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc); - op = URX_BUILD(URX_JMP_SAV_X, topLoc+1); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_JMP_SAV_X, topLoc+1); } else { // Simpler code when the repeated body must match something non-empty - int32_t jmpOp = URX_BUILD(URX_JMP_SAV, topLoc); - fRXPat->fCompiledPat->addElement(jmpOp, *fStatus); + appendOp(URX_JMP_SAV, topLoc); } } break; @@ -854,8 +815,7 @@ // 3. ... { int32_t topLoc = blockTopLoc(FALSE); - int32_t saveStateOp = URX_BUILD(URX_STATE_SAVE, topLoc); - fRXPat->fCompiledPat->addElement(saveStateOp, *fStatus); + appendOp(URX_STATE_SAVE, topLoc); } break; @@ -869,7 +829,7 @@ // Insert the state save into the compiled pattern, and we're done. { int32_t saveStateLoc = blockTopLoc(TRUE); - int32_t saveStateOp = URX_BUILD(URX_STATE_SAVE, fRXPat->fCompiledPat->size()); + int32_t saveStateOp = buildOp(URX_STATE_SAVE, fRXPat->fCompiledPat->size()); fRXPat->fCompiledPat->setElementAt(saveStateOp, saveStateLoc); } break; @@ -888,14 +848,12 @@ int32_t jmp1_loc = blockTopLoc(TRUE); int32_t jmp2_loc = fRXPat->fCompiledPat->size(); - int32_t jmp1_op = URX_BUILD(URX_JMP, jmp2_loc+1); + int32_t jmp1_op = buildOp(URX_JMP, jmp2_loc+1); fRXPat->fCompiledPat->setElementAt(jmp1_op, jmp1_loc); - int32_t jmp2_op = URX_BUILD(URX_JMP, jmp2_loc+2); - fRXPat->fCompiledPat->addElement(jmp2_op, *fStatus); + appendOp(URX_JMP, jmp2_loc+2); - int32_t save_op = URX_BUILD(URX_STATE_SAVE, jmp1_loc+1); - fRXPat->fCompiledPat->addElement(save_op, *fStatus); + appendOp(URX_STATE_SAVE, jmp1_loc+1); } break; @@ -935,12 +893,10 @@ if (URX_TYPE(repeatedOp) == URX_SETREF) { // Emit optimized code for a [char set]* - int32_t loopOpI = URX_BUILD(URX_LOOP_SR_I, URX_VAL(repeatedOp)); + int32_t loopOpI = buildOp(URX_LOOP_SR_I, URX_VAL(repeatedOp)); fRXPat->fCompiledPat->setElementAt(loopOpI, topLoc); - dataLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; - int32_t loopOpC = URX_BUILD(URX_LOOP_C, dataLoc); - fRXPat->fCompiledPat->addElement(loopOpC, *fStatus); + dataLoc = allocateStackData(1); + appendOp(URX_LOOP_C, dataLoc); break; } @@ -948,7 +904,7 @@ URX_TYPE(repeatedOp) == URX_DOTANY_ALL || URX_TYPE(repeatedOp) == URX_DOTANY_UNIX) { // Emit Optimized code for .* operations. - int32_t loopOpI = URX_BUILD(URX_LOOP_DOT_I, 0); + int32_t loopOpI = buildOp(URX_LOOP_DOT_I, 0); if (URX_TYPE(repeatedOp) == URX_DOTANY_ALL) { // URX_LOOP_DOT_I operand is a flag indicating . matches any mode. loopOpI |= 1; @@ -957,10 +913,8 @@ loopOpI |= 2; } fRXPat->fCompiledPat->setElementAt(loopOpI, topLoc); - dataLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; - int32_t loopOpC = URX_BUILD(URX_LOOP_C, dataLoc); - fRXPat->fCompiledPat->addElement(loopOpC, *fStatus); + dataLoc = allocateStackData(1); + appendOp(URX_LOOP_C, dataLoc); break; } } @@ -969,30 +923,29 @@ // The optimizations did not apply. int32_t saveStateLoc = blockTopLoc(TRUE); - int32_t jmpOp = URX_BUILD(URX_JMP_SAV, saveStateLoc+1); + int32_t jmpOp = buildOp(URX_JMP_SAV, saveStateLoc+1); // Check for minimum match length of zero, which requires // extra loop-breaking code. if (minMatchLength(saveStateLoc, fRXPat->fCompiledPat->size()-1) == 0) { insertOp(saveStateLoc); - dataLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; + dataLoc = allocateStackData(1); - int32_t op = URX_BUILD(URX_STO_INP_LOC, dataLoc); + int32_t op = buildOp(URX_STO_INP_LOC, dataLoc); fRXPat->fCompiledPat->setElementAt(op, saveStateLoc+1); - jmpOp = URX_BUILD(URX_JMP_SAV_X, saveStateLoc+2); + jmpOp = buildOp(URX_JMP_SAV_X, saveStateLoc+2); } // Locate the position in the compiled pattern where the match will continue // after completing the *. (4 or 5 in the comment above) int32_t continueLoc = fRXPat->fCompiledPat->size()+1; - // Put together the save state op store it into the compiled code. - int32_t saveStateOp = URX_BUILD(URX_STATE_SAVE, continueLoc); + // Put together the save state op and store it into the compiled code. + int32_t saveStateOp = buildOp(URX_STATE_SAVE, continueLoc); fRXPat->fCompiledPat->setElementAt(saveStateOp, saveStateLoc); // Append the URX_JMP_SAV or URX_JMPX operation to the compiled pattern. - fRXPat->fCompiledPat->addElement(jmpOp, *fStatus); + appendOp(jmpOp); } break; @@ -1006,10 +959,9 @@ { int32_t jmpLoc = blockTopLoc(TRUE); // loc 1. int32_t saveLoc = fRXPat->fCompiledPat->size(); // loc 3. - int32_t jmpOp = URX_BUILD(URX_JMP, saveLoc); - int32_t stateSaveOp = URX_BUILD(URX_STATE_SAVE, jmpLoc+1); + int32_t jmpOp = buildOp(URX_JMP, saveLoc); fRXPat->fCompiledPat->setElementAt(jmpOp, jmpLoc); - fRXPat->fCompiledPat->addElement(stateSaveOp, *fStatus); + appendOp(URX_STATE_SAVE, jmpLoc+1); } break; @@ -1078,9 +1030,9 @@ // First the STO_SP before the start of the loop insertOp(topLoc); - int32_t varLoc = fRXPat->fDataSize; // Reserve a data location for saving the - fRXPat->fDataSize += 1; // state stack ptr. - int32_t op = URX_BUILD(URX_STO_SP, varLoc); + + int32_t varLoc = allocateData(1); // Reserve a data location for saving the + int32_t op = buildOp(URX_STO_SP, varLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc); int32_t loopOp = (int32_t)fRXPat->fCompiledPat->popi(); @@ -1089,8 +1041,7 @@ fRXPat->fCompiledPat->push(loopOp, *fStatus); // Then the LD_SP after the end of the loop - op = URX_BUILD(URX_LD_SP, varLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LD_SP, varLoc); } break; @@ -1126,55 +1077,49 @@ // scanned a ".", match any single character. { fixLiterals(FALSE); - int32_t op; if (fModeFlags & UREGEX_DOTALL) { - op = URX_BUILD(URX_DOTANY_ALL, 0); + appendOp(URX_DOTANY_ALL, 0); } else if (fModeFlags & UREGEX_UNIX_LINES) { - op = URX_BUILD(URX_DOTANY_UNIX, 0); + appendOp(URX_DOTANY_UNIX, 0); } else { - op = URX_BUILD(URX_DOTANY, 0); + appendOp(URX_DOTANY, 0); } - fRXPat->fCompiledPat->addElement(op, *fStatus); } break; case doCaret: { fixLiterals(FALSE); - int32_t op = 0; if ( (fModeFlags & UREGEX_MULTILINE) == 0 && (fModeFlags & UREGEX_UNIX_LINES) == 0) { - op = URX_CARET; + appendOp(URX_CARET, 0); } else if ((fModeFlags & UREGEX_MULTILINE) != 0 && (fModeFlags & UREGEX_UNIX_LINES) == 0) { - op = URX_CARET_M; + appendOp(URX_CARET_M, 0); } else if ((fModeFlags & UREGEX_MULTILINE) == 0 && (fModeFlags & UREGEX_UNIX_LINES) != 0) { - op = URX_CARET; // Only testing true start of input. + appendOp(URX_CARET, 0); // Only testing true start of input. } else if ((fModeFlags & UREGEX_MULTILINE) != 0 && (fModeFlags & UREGEX_UNIX_LINES) != 0) { - op = URX_CARET_M_UNIX; + appendOp(URX_CARET_M_UNIX, 0); } - fRXPat->fCompiledPat->addElement(URX_BUILD(op, 0), *fStatus); } break; case doDollar: { fixLiterals(FALSE); - int32_t op = 0; if ( (fModeFlags & UREGEX_MULTILINE) == 0 && (fModeFlags & UREGEX_UNIX_LINES) == 0) { - op = URX_DOLLAR; + appendOp(URX_DOLLAR, 0); } else if ((fModeFlags & UREGEX_MULTILINE) != 0 && (fModeFlags & UREGEX_UNIX_LINES) == 0) { - op = URX_DOLLAR_M; + appendOp(URX_DOLLAR_M, 0); } else if ((fModeFlags & UREGEX_MULTILINE) == 0 && (fModeFlags & UREGEX_UNIX_LINES) != 0) { - op = URX_DOLLAR_D; + appendOp(URX_DOLLAR_D, 0); } else if ((fModeFlags & UREGEX_MULTILINE) != 0 && (fModeFlags & UREGEX_UNIX_LINES) != 0) { - op = URX_DOLLAR_MD; + appendOp(URX_DOLLAR_MD, 0); } - fRXPat->fCompiledPat->addElement(URX_BUILD(op, 0), *fStatus); } break; case doBackslashA: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_CARET, 0), *fStatus); + appendOp(URX_CARET, 0); break; case doBackslashB: @@ -1186,7 +1131,7 @@ #endif fixLiterals(FALSE); int32_t op = (fModeFlags & UREGEX_UWORD)? URX_BACKSLASH_BU : URX_BACKSLASH_B; - fRXPat->fCompiledPat->addElement(URX_BUILD(op, 1), *fStatus); + appendOp(op, 1); } break; @@ -1199,63 +1144,59 @@ #endif fixLiterals(FALSE); int32_t op = (fModeFlags & UREGEX_UWORD)? URX_BACKSLASH_BU : URX_BACKSLASH_B; - fRXPat->fCompiledPat->addElement(URX_BUILD(op, 0), *fStatus); + appendOp(op, 0); } break; case doBackslashD: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKSLASH_D, 1), *fStatus); + appendOp(URX_BACKSLASH_D, 1); break; case doBackslashd: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKSLASH_D, 0), *fStatus); + appendOp(URX_BACKSLASH_D, 0); break; case doBackslashG: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKSLASH_G, 0), *fStatus); + appendOp(URX_BACKSLASH_G, 0); break; case doBackslashS: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement( - URX_BUILD(URX_STAT_SETREF_N, URX_ISSPACE_SET), *fStatus); + appendOp(URX_STAT_SETREF_N, URX_ISSPACE_SET); break; case doBackslashs: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement( - URX_BUILD(URX_STATIC_SETREF, URX_ISSPACE_SET), *fStatus); + appendOp(URX_STATIC_SETREF, URX_ISSPACE_SET); break; case doBackslashW: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement( - URX_BUILD(URX_STAT_SETREF_N, URX_ISWORD_SET), *fStatus); + appendOp(URX_STAT_SETREF_N, URX_ISWORD_SET); break; case doBackslashw: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement( - URX_BUILD(URX_STATIC_SETREF, URX_ISWORD_SET), *fStatus); + appendOp(URX_STATIC_SETREF, URX_ISWORD_SET); break; case doBackslashX: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKSLASH_X, 0), *fStatus); + appendOp(URX_BACKSLASH_X, 0); break; case doBackslashZ: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_DOLLAR, 0), *fStatus); + appendOp(URX_DOLLAR, 0); break; case doBackslashz: fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKSLASH_Z, 0), *fStatus); + appendOp(URX_BACKSLASH_Z, 0); break; case doEscapeError: @@ -1315,13 +1256,11 @@ U_ASSERT(groupNum > 0); // Shouldn't happen. '\0' begins an octal escape sequence, // and shouldn't enter this code path at all. fixLiterals(FALSE); - int32_t op; if (fModeFlags & UREGEX_CASE_INSENSITIVE) { - op = URX_BUILD(URX_BACKREF_I, groupNum); + appendOp(URX_BACKREF_I, groupNum); } else { - op = URX_BUILD(URX_BACKREF, groupNum); + appendOp(URX_BACKREF, groupNum); } - fRXPat->fCompiledPat->addElement(op, *fStatus); } break; @@ -1342,22 +1281,18 @@ { // Emit the STO_SP int32_t topLoc = blockTopLoc(TRUE); - int32_t stoLoc = fRXPat->fDataSize; - fRXPat->fDataSize++; // Reserve the data location for storing save stack ptr. - int32_t op = URX_BUILD(URX_STO_SP, stoLoc); + int32_t stoLoc = allocateData(1); // Reserve the data location for storing save stack ptr. + int32_t op = buildOp(URX_STO_SP, stoLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc); // Emit the STATE_SAVE - op = URX_BUILD(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+2); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_STATE_SAVE, fRXPat->fCompiledPat->size()+2); // Emit the JMP - op = URX_BUILD(URX_JMP, topLoc+1); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_JMP, topLoc+1); // Emit the LD_SP - op = URX_BUILD(URX_LD_SP, stoLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LD_SP, stoLoc); } break; @@ -1377,23 +1312,20 @@ insertOp(topLoc); // emit STO_SP loc - int32_t stoLoc = fRXPat->fDataSize; - fRXPat->fDataSize++; // Reserve the data location for storing save stack ptr. - int32_t op = URX_BUILD(URX_STO_SP, stoLoc); + int32_t stoLoc = allocateData(1); // Reserve the data location for storing save stack ptr. + int32_t op = buildOp(URX_STO_SP, stoLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc); // Emit the SAVE_STATE 5 int32_t L7 = fRXPat->fCompiledPat->size()+1; - op = URX_BUILD(URX_STATE_SAVE, L7); + op = buildOp(URX_STATE_SAVE, L7); fRXPat->fCompiledPat->setElementAt(op, topLoc+1); // Append the JMP operation. - op = URX_BUILD(URX_JMP, topLoc+1); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_JMP, topLoc+1); // Emit the LD_SP loc - op = URX_BUILD(URX_LD_SP, stoLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LD_SP, stoLoc); } break; @@ -1412,19 +1344,17 @@ insertOp(topLoc); // Emit the STO_SP - int32_t stoLoc = fRXPat->fDataSize; - fRXPat->fDataSize++; // Reserve the data location for storing save stack ptr. - int32_t op = URX_BUILD(URX_STO_SP, stoLoc); + int32_t stoLoc = allocateData(1); // Reserve the data location for storing save stack ptr. + int32_t op = buildOp(URX_STO_SP, stoLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc); // Emit the SAVE_STATE int32_t continueLoc = fRXPat->fCompiledPat->size()+1; - op = URX_BUILD(URX_STATE_SAVE, continueLoc); + op = buildOp(URX_STATE_SAVE, continueLoc); fRXPat->fCompiledPat->setElementAt(op, topLoc+1); // Emit the LD_SP - op = URX_BUILD(URX_LD_SP, stoLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LD_SP, stoLoc); } break; @@ -1481,8 +1411,8 @@ // is an '|' alternation within the parens. { fixLiterals(FALSE); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_NOP, 0), *fStatus); + appendOp(URX_NOP, 0); + appendOp(URX_NOP, 0); // On the Parentheses stack, start a new frame and add the postions // of the two NOPs (a normal non-capturing () frame, except for the @@ -1819,7 +1749,6 @@ // //------------------------------------------------------------------------------ void RegexCompile::fixLiterals(UBool split) { - int32_t op = 0; // An op from/for the compiled pattern. // If no literal characters have been scanned but not yet had code generated // for them, nothing needs to be done. @@ -1858,23 +1787,23 @@ // Single character, emit a URX_ONECHAR op to match it. if ((fModeFlags & UREGEX_CASE_INSENSITIVE) && u_hasBinaryProperty(lastCodePoint, UCHAR_CASE_SENSITIVE)) { - op = URX_BUILD(URX_ONECHAR_I, lastCodePoint); + appendOp(URX_ONECHAR_I, lastCodePoint); } else { - op = URX_BUILD(URX_ONECHAR, lastCodePoint); + appendOp(URX_ONECHAR, lastCodePoint); } - fRXPat->fCompiledPat->addElement(op, *fStatus); } else { // Two or more chars, emit a URX_STRING to match them. + if (fLiteralChars.length() > 0x00ffffff || fRXPat->fLiteralText.length() > 0x00ffffff) { + error(U_REGEX_PATTERN_TOO_BIG); + } if (fModeFlags & UREGEX_CASE_INSENSITIVE) { - op = URX_BUILD(URX_STRING_I, fRXPat->fLiteralText.length()); + appendOp(URX_STRING_I, fRXPat->fLiteralText.length()); } else { // TODO here: add optimization to split case sensitive strings of length two // into two single char ops, for efficiency. - op = URX_BUILD(URX_STRING, fRXPat->fLiteralText.length()); + appendOp(URX_STRING, fRXPat->fLiteralText.length()); } - fRXPat->fCompiledPat->addElement(op, *fStatus); - op = URX_BUILD(URX_STRING_LEN, fLiteralChars.length()); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_STRING_LEN, fLiteralChars.length()); // Add this string into the accumulated strings of the compiled pattern. fRXPat->fLiteralText.append(fLiteralChars); @@ -1884,8 +1813,58 @@ } +int32_t RegexCompile::buildOp(int32_t type, int32_t val) { + if (U_FAILURE(*fStatus)) { + return 0; + } + if (type < 0 || type > 255) { + U_ASSERT(FALSE); + error(U_REGEX_INTERNAL_ERROR); + type = URX_RESERVED_OP; + } + if (val > 0x00ffffff) { + U_ASSERT(FALSE); + error(U_REGEX_INTERNAL_ERROR); + val = 0; + } + if (val < 0) { + if (!(type == URX_RESERVED_OP_N || type == URX_RESERVED_OP)) { + U_ASSERT(FALSE); + error(U_REGEX_INTERNAL_ERROR); + return -1; + } + if (URX_TYPE(val) != 0xff) { + U_ASSERT(FALSE); + error(U_REGEX_INTERNAL_ERROR); + return -1; + } + type = URX_RESERVED_OP_N; + } + return (type << 24) | val; +} + +//------------------------------------------------------------------------------ +// +// appendOp() Append a new instruction onto the compiled pattern +// Includes error checking, limiting the size of the +// pattern to lengths that can be represented in the +// 24 bit operand field of an instruction. +// +//------------------------------------------------------------------------------ +void RegexCompile::appendOp(int32_t op) { + if (U_FAILURE(*fStatus)) { + return; + } + fRXPat->fCompiledPat->addElement(op, *fStatus); + if ((fRXPat->fCompiledPat->size() > 0x00fffff0) && U_SUCCESS(*fStatus)) { + error(U_REGEX_PATTERN_TOO_BIG); + } +} +void RegexCompile::appendOp(int32_t type, int32_t val) { + appendOp(buildOp(type, val)); +} //------------------------------------------------------------------------------ @@ -1901,7 +1880,7 @@ UVector64 *code = fRXPat->fCompiledPat; U_ASSERT(where>0 && where < code->size()); - int32_t nop = URX_BUILD(URX_NOP, 0); + int32_t nop = buildOp(URX_NOP, 0); code->insertElementAt(nop, where, *fStatus); // Walk through the pattern, looking for any ops with targets that @@ -1922,7 +1901,7 @@ // Target location for this opcode is after the insertion point and // needs to be incremented to adjust for the insertion. opValue++; - op = URX_BUILD(opType, opValue); + op = buildOp(opType, opValue); code->setElementAt(op, loc); } } @@ -1947,6 +1926,58 @@ } +//------------------------------------------------------------------------------ +// +// allocateData() Allocate storage in the matcher's static data area. +// Return the index for the newly allocated data. +// The storage won't actually exist until we are running a match +// operation, but the storage indexes are inserted into various +// opcodes while compiling the pattern. +// +//------------------------------------------------------------------------------ +int32_t RegexCompile::allocateData(int32_t size) { + if (U_FAILURE(*fStatus)) { + return 0; + } + if (size <= 0 || size > 0x100 || fRXPat->fDataSize < 0) { + error(U_REGEX_INTERNAL_ERROR); + return 0; + } + int32_t dataIndex = fRXPat->fDataSize; + fRXPat->fDataSize += size; + if (fRXPat->fDataSize >= 0x00fffff0) { + error(U_REGEX_INTERNAL_ERROR); + } + return dataIndex; +} + + +//------------------------------------------------------------------------------ +// +// allocateStackData() Allocate space in the back-tracking stack frame. +// Return the index for the newly allocated data. +// The frame indexes are inserted into various +// opcodes while compiling the pattern, meaning that frame +// size must be restricted to the size that will fit +// as an operand (24 bits). +// +//------------------------------------------------------------------------------ +int32_t RegexCompile::allocateStackData(int32_t size) { + if (U_FAILURE(*fStatus)) { + return 0; + } + if (size <= 0 || size > 0x100 || fRXPat->fFrameSize < 0) { + error(U_REGEX_INTERNAL_ERROR); + return 0; + } + int32_t dataIndex = fRXPat->fFrameSize; + fRXPat->fFrameSize += size; + if (fRXPat->fFrameSize >= 0x00fffff0) { + error(U_REGEX_PATTERN_TOO_BIG); + } + return dataIndex; +} + //------------------------------------------------------------------------------ // @@ -1989,7 +2020,7 @@ theLoc--; } if (reserveLoc) { - int32_t nop = URX_BUILD(URX_NOP, 0); + int32_t nop = buildOp(URX_NOP, 0); fRXPat->fCompiledPat->insertElementAt(nop, theLoc, *fStatus); } } @@ -2064,8 +2095,7 @@ U_ASSERT(URX_TYPE(captureOp) == URX_START_CAPTURE); int32_t frameVarLocation = URX_VAL(captureOp); - int32_t endCaptureOp = URX_BUILD(URX_END_CAPTURE, frameVarLocation); - fRXPat->fCompiledPat->addElement(endCaptureOp, *fStatus); + appendOp(URX_END_CAPTURE, frameVarLocation); } break; case atomic: @@ -2076,8 +2106,7 @@ int32_t stoOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen+1); U_ASSERT(URX_TYPE(stoOp) == URX_STO_SP); int32_t stoLoc = URX_VAL(stoOp); - int32_t ldOp = URX_BUILD(URX_LD_SP, stoLoc); - fRXPat->fCompiledPat->addElement(ldOp, *fStatus); + appendOp(URX_LD_SP, stoLoc); } break; @@ -2086,8 +2115,7 @@ int32_t startOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen-5); U_ASSERT(URX_TYPE(startOp) == URX_LA_START); int32_t dataLoc = URX_VAL(startOp); - int32_t op = URX_BUILD(URX_LA_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LA_END, dataLoc); } break; @@ -2097,19 +2125,16 @@ int32_t startOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen-1); U_ASSERT(URX_TYPE(startOp) == URX_LA_START); int32_t dataLoc = URX_VAL(startOp); - int32_t op = URX_BUILD(URX_LA_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - op = URX_BUILD(URX_BACKTRACK, 0); - fRXPat->fCompiledPat->addElement(op, *fStatus); - op = URX_BUILD(URX_LA_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LA_END, dataLoc); + appendOp(URX_BACKTRACK, 0); + appendOp(URX_LA_END, dataLoc); // Patch the URX_SAVE near the top of the block. // The destination of the SAVE is the final LA_END that was just added. int32_t saveOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen); U_ASSERT(URX_TYPE(saveOp) == URX_STATE_SAVE); int32_t dest = fRXPat->fCompiledPat->size()-1; - saveOp = URX_BUILD(URX_STATE_SAVE, dest); + saveOp = buildOp(URX_STATE_SAVE, dest); fRXPat->fCompiledPat->setElementAt(saveOp, fMatchOpenParen); } break; @@ -2122,10 +2147,8 @@ int32_t startOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen-4); U_ASSERT(URX_TYPE(startOp) == URX_LB_START); int32_t dataLoc = URX_VAL(startOp); - int32_t op = URX_BUILD(URX_LB_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); - op = URX_BUILD(URX_LA_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LB_END, dataLoc); + appendOp(URX_LA_END, dataLoc); // Determine the min and max bounds for the length of the // string that the pattern can match. @@ -2161,8 +2184,7 @@ int32_t startOp = (int32_t)fRXPat->fCompiledPat->elementAti(fMatchOpenParen-5); U_ASSERT(URX_TYPE(startOp) == URX_LB_START); int32_t dataLoc = URX_VAL(startOp); - int32_t op = URX_BUILD(URX_LBN_END, dataLoc); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(URX_LBN_END, dataLoc); // Determine the min and max bounds for the length of the // string that the pattern can match. @@ -2187,7 +2209,7 @@ // Insert the pattern location to continue at after a successful match // as the last operand of the URX_LBN_CONT - op = URX_BUILD(URX_RELOC_OPRND, fRXPat->fCompiledPat->size()); + int32_t op = buildOp(URX_RELOC_OPRND, fRXPat->fCompiledPat->size()); fRXPat->fCompiledPat->setElementAt(op, fMatchOpenParen-1); } break; @@ -2228,7 +2250,7 @@ case 0: { // Set of no elements. Always fails to match. - fRXPat->fCompiledPat->addElement(URX_BUILD(URX_BACKTRACK, 0), *fStatus); + appendOp(URX_BACKTRACK, 0); delete theSet; } break; @@ -2249,8 +2271,7 @@ // Put it into the compiled pattern as a set. int32_t setNumber = fRXPat->fSets->size(); fRXPat->fSets->addElement(theSet, *fStatus); - int32_t setOp = URX_BUILD(URX_SETREF, setNumber); - fRXPat->fCompiledPat->addElement(setOp, *fStatus); + appendOp(URX_SETREF, setNumber); } } } @@ -2289,13 +2310,10 @@ // counterLoc --> Loop counter // +1 --> Input index (for breaking non-progressing loops) // (Only present if unbounded upper limit on loop) - int32_t counterLoc = fRXPat->fFrameSize; - fRXPat->fFrameSize++; - if (fIntervalUpper < 0) { - fRXPat->fFrameSize++; - } + int32_t dataSize = fIntervalUpper < 0 ? 2 : 1; + int32_t counterLoc = allocateStackData(dataSize); - int32_t op = URX_BUILD(InitOp, counterLoc); + int32_t op = buildOp(InitOp, counterLoc); fRXPat->fCompiledPat->setElementAt(op, topOfBlock); // The second operand of CTR_INIT is the location following the end of the loop. @@ -2303,7 +2321,7 @@ // compilation of something later on causes the code to grow and the target // position to move. int32_t loopEnd = fRXPat->fCompiledPat->size(); - op = URX_BUILD(URX_RELOC_OPRND, loopEnd); + op = buildOp(URX_RELOC_OPRND, loopEnd); fRXPat->fCompiledPat->setElementAt(op, topOfBlock+1); // Followed by the min and max counts. @@ -2312,8 +2330,7 @@ // Apend the CTR_LOOP op. The operand is the location of the CTR_INIT op. // Goes at end of the block being looped over, so just append to the code so far. - op = URX_BUILD(LoopOp, topOfBlock); - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(LoopOp, topOfBlock); if ((fIntervalLow & 0xff000000) != 0 || (fIntervalUpper > 0 && (fIntervalUpper & 0xff000000) != 0)) { @@ -2366,7 +2383,7 @@ // int32_t endOfSequenceLoc = fRXPat->fCompiledPat->size()-1 + fIntervalUpper + (fIntervalUpper-fIntervalLow); - int32_t saveOp = URX_BUILD(URX_STATE_SAVE, endOfSequenceLoc); + int32_t saveOp = buildOp(URX_STATE_SAVE, endOfSequenceLoc); if (fIntervalLow == 0) { insertOp(topOfBlock); fRXPat->fCompiledPat->setElementAt(saveOp, topOfBlock); @@ -2379,13 +2396,10 @@ // it was put there when it was originally encountered. int32_t i; for (i=1; ifCompiledPat->addElement(saveOp, *fStatus); - } - if (i > fIntervalLow) { - fRXPat->fCompiledPat->addElement(saveOp, *fStatus); + if (i >= fIntervalLow) { + appendOp(saveOp); } - fRXPat->fCompiledPat->addElement(op, *fStatus); + appendOp(op); } return TRUE; } @@ -3516,7 +3530,7 @@ int32_t operandAddress = URX_VAL(op); U_ASSERT(operandAddress>=0 && operandAddressfCompiledPat->setElementAt(op, dst); dst++; break; @@ -3531,7 +3545,7 @@ break; } where = fRXPat->fGroupMap->elementAti(where-1); - op = URX_BUILD(opType, where); + op = buildOp(opType, where); fRXPat->fCompiledPat->setElementAt(op, dst); dst++; @@ -3883,7 +3897,7 @@ //------------------------------------------------------------------------------ // // scanNamedChar - // Get a UChar32 from a \N{UNICODE CHARACTER NAME} in the pattern. +// Get a UChar32 from a \N{UNICODE CHARACTER NAME} in the pattern. // // The scan position will be at the 'N'. On return // the scan position should be just after the '}' Index: icu-52.1/source/i18n/regexcmp.h =================================================================== --- icu-52.1.orig/source/i18n/regexcmp.h 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/i18n/regexcmp.h 2015-02-27 09:42:29.201386614 -0500 @@ -103,6 +103,13 @@ void fixLiterals(UBool split=FALSE); // Generate code for pending literal characters. void insertOp(int32_t where); // Open up a slot for a new op in the // generated code at the specified location. + void appendOp(int32_t op); // Append a new op to the compiled pattern. + void appendOp(int32_t type, int32_t val); // Build & append a new op to the compiled pattern. + int32_t buildOp(int32_t type, int32_t val); // Construct a new pcode instruction. + int32_t allocateData(int32_t size); // Allocate space in the matcher data area. + // Return index of the newly allocated data. + int32_t allocateStackData(int32_t size); // Allocate space in the match back-track stack frame. + // Return offset index in the frame. int32_t minMatchLength(int32_t start, int32_t end); int32_t maxMatchLength(int32_t start, Index: icu-52.1/source/i18n/regeximp.h =================================================================== --- icu-52.1.orig/source/i18n/regeximp.h 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/i18n/regeximp.h 2015-02-27 09:42:29.201386614 -0500 @@ -254,7 +254,6 @@ // // Convenience macros for assembling and disassembling a compiled operation. // -#define URX_BUILD(type, val) (int32_t)((type << 24) | (val)) #define URX_TYPE(x) ((uint32_t)(x) >> 24) #define URX_VAL(x) ((x) & 0xffffff) Index: icu-52.1/source/test/intltest/regextst.cpp =================================================================== --- icu-52.1.orig/source/test/intltest/regextst.cpp 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/test/intltest/regextst.cpp 2015-02-27 10:18:10.745686358 -0500 @@ -131,6 +131,9 @@ case 21: name = "Bug 9283"; if (exec) Bug9283(); break; + case 22: name = "TestBug11371"; + if (exec) TestBug11371(); + break; default: name = ""; break; //needed to end loop @@ -5219,6 +5222,49 @@ } } +void RegexTest::TestBug11371() { + if (quick) { + logln("Skipping test. Runs in exhuastive mode only."); + return; + } + UErrorCode status = U_ZERO_ERROR; + UnicodeString patternString; + + for (int i=0; i<8000000; i++) { + patternString.append(UnicodeString("()")); + } + LocalPointer compiledPat(RegexPattern::compile(patternString, 0, status)); + if (status != U_REGEX_PATTERN_TOO_BIG) { + errln("File %s, line %d expected status=U_REGEX_PATTERN_TOO_BIG; got %s.", + __FILE__, __LINE__, u_errorName(status)); + } + + status = U_ZERO_ERROR; + patternString = "("; + for (int i=0; i<20000000; i++) { + patternString.append(UnicodeString("A++")); + } + patternString.append(UnicodeString("){0}B++")); + LocalPointer compiledPat2(RegexPattern::compile(patternString, 0, status)); + if (status != U_REGEX_PATTERN_TOO_BIG) { + errln("File %s, line %d expected status=U_REGEX_PATTERN_TOO_BIG; got %s.", + __FILE__, __LINE__, u_errorName(status)); + } + + // Pattern with too much string data, such that string indexes overflow operand data field size + // in compiled instruction. + status = U_ZERO_ERROR; + patternString = ""; + while (patternString.length() < 0x00ffffff) { + patternString.append(UnicodeString("stuff and things dont you know, these are a few of my favorite strings\n")); + } + patternString.append(UnicodeString("X? trailing string")); + LocalPointer compiledPat3(RegexPattern::compile(patternString, 0, status)); + if (status != U_REGEX_PATTERN_TOO_BIG) { + errln("File %s, line %d expected status=U_REGEX_PATTERN_TOO_BIG; got %s.", + __FILE__, __LINE__, u_errorName(status)); + } +} void RegexTest::CheckInvBufSize() { if(inv_next>=INV_BUFSIZ) { Index: icu-52.1/source/test/intltest/regextst.h =================================================================== --- icu-52.1.orig/source/test/intltest/regextst.h 2015-02-27 09:42:29.205386650 -0500 +++ icu-52.1/source/test/intltest/regextst.h 2015-02-27 09:42:29.201386614 -0500 @@ -46,6 +46,7 @@ virtual void Bug8479(); virtual void Bug7029(); virtual void Bug9283(); + virtual void TestBug11371(); virtual void CheckInvBufSize(); // The following functions are internal to the regexp tests. debian/patches/two-digit-year-test.patch0000644000000000000000000000160412474113632015464 0ustar Description: update two-digit-year format test Origin: upstream, http://www.icu-project.org/trac/changeset/35803 Bug: http://bugs.icu-project.org/trac/ticket/10937 Bug-Debian: http://bugs.debian.org/746860 Index: icu/source/test/intltest/dtfmttst.cpp =================================================================== --- icu.orig/source/test/intltest/dtfmttst.cpp 2014-06-21 16:50:09.746088008 -0400 +++ icu/source/test/intltest/dtfmttst.cpp 2014-06-21 16:50:09.742087988 -0400 @@ -1128,8 +1128,8 @@ dataerrln("FAIL: SimpleDateFormat constructor - %s", u_errorName(ec)); return; } - parse2DigitYear(fmt, "5/6/17", date(117, UCAL_JUNE, 5)); - parse2DigitYear(fmt, "4/6/34", date(34, UCAL_JUNE, 4)); + parse2DigitYear(fmt, "5/6/30", date(130, UCAL_JUNE, 5)); + parse2DigitYear(fmt, "4/6/50", date(50, UCAL_JUNE, 4)); } // ------------------------------------- debian/patches/CVE-2014-9911.patch0000644000000000000000000000325213060553375013251 0ustar Index: source/common/uresbund.cpp =================================================================== --- a/source/common/uresbund.cpp (revision 35698) +++ b/source/common/uresbund.cpp (revision 35699) @@ -1,5 +1,5 @@ /* ****************************************************************************** -* Copyright (C) 1997-2013, International Business Machines Corporation and +* Copyright (C) 1997-2014, International Business Machines Corporation and * others. All Rights Reserved. ****************************************************************************** @@ -37,4 +37,5 @@ #include "uassert.h" +using namespace icu; /* @@ -1733,6 +1734,6 @@ if(res == RES_BOGUS) { UResourceDataEntry *dataEntry = resB->fData; - char path[256]; - char* myPath = path; + CharString path; + char *myPath = NULL; const char* resPath = resB->fResPath; int32_t len = resB->fResPathLen; @@ -1742,9 +1743,14 @@ if(dataEntry->fBogus == U_ZERO_ERROR) { + path.clear(); if (len > 0) { - uprv_memcpy(path, resPath, len); + path.append(resPath, len, *status); } - uprv_strcpy(path+len, inKey); - myPath = path; + path.append(inKey, *status); + if (U_FAILURE(*status)) { + ures_close(helper); + return fillIn; + } + myPath = path.data(); key = inKey; do { debian/patches/CVE-2017-14952.patch0000644000000000000000000000124513171406420013324 0ustar Description: Fixes double free Author: Yoshito Umaoka Index: icu-52.1/source/i18n/zonemeta.cpp =================================================================== --- icu-52.1.orig/source/i18n/zonemeta.cpp +++ icu-52.1/source/i18n/zonemeta.cpp @@ -685,7 +685,6 @@ ZoneMeta::createMetazoneMappings(const U mzMappings = new UVector(deleteOlsonToMetaMappingEntry, NULL, status); if (U_FAILURE(status)) { delete mzMappings; - deleteOlsonToMetaMappingEntry(entry); uprv_free(entry); break; } debian/patches/indic-ccmp.patch0000644000000000000000000000421112256335042013644 0ustar Description: support CCMP for Indic Author: Harshula Bug: http://bugs.icu-project.org/trac/ticket/7601 Bug-Debian: http://bugs.debian.org/655101 Index: icu-52~m1/source/layout/IndicReordering.cpp =================================================================== --- icu-52~m1.orig/source/layout/IndicReordering.cpp 2013-09-14 18:53:23.752040473 -0400 +++ icu-52~m1/source/layout/IndicReordering.cpp 2013-09-14 18:53:23.748040473 -0400 @@ -13,6 +13,7 @@ U_NAMESPACE_BEGIN +#define ccmpFeatureTag LE_CCMP_FEATURE_TAG #define loclFeatureTag LE_LOCL_FEATURE_TAG #define initFeatureTag LE_INIT_FEATURE_TAG #define nuktFeatureTag LE_NUKT_FEATURE_TAG @@ -35,6 +36,7 @@ #define caltFeatureTag LE_CALT_FEATURE_TAG #define kernFeatureTag LE_KERN_FEATURE_TAG +#define ccmpFeatureMask 0x00000001UL #define loclFeatureMask 0x80000000UL #define rphfFeatureMask 0x40000000UL #define blwfFeatureMask 0x20000000UL @@ -73,7 +75,7 @@ #define repositionedGlyphMask 0x00000002UL -#define basicShapingFormsMask ( loclFeatureMask | nuktFeatureMask | akhnFeatureMask | rkrfFeatureMask | blwfFeatureMask | halfFeatureMask | vatuFeatureMask | cjctFeatureMask ) +#define basicShapingFormsMask ( ccmpFeatureMask | loclFeatureMask | nuktFeatureMask | akhnFeatureMask | rkrfFeatureMask | blwfFeatureMask | halfFeatureMask | vatuFeatureMask | cjctFeatureMask ) #define positioningFormsMask ( kernFeatureMask | distFeatureMask | abvmFeatureMask | blwmFeatureMask ) #define presentationFormsMask ( presFeatureMask | abvsFeatureMask | blwsFeatureMask | pstsFeatureMask | halnFeatureMask | caltFeatureMask ) @@ -484,6 +486,7 @@ #define tagArray0 (rphfFeatureMask | tagArray1) static const FeatureMap featureMap[] = { + {ccmpFeatureTag, ccmpFeatureMask}, {loclFeatureTag, loclFeatureMask}, {initFeatureTag, initFeatureMask}, {nuktFeatureTag, nuktFeatureMask}, @@ -506,6 +509,7 @@ static const le_int32 featureCount = LE_ARRAY_SIZE(featureMap); static const FeatureMap v2FeatureMap[] = { + {ccmpFeatureTag, ccmpFeatureMask}, {loclFeatureTag, loclFeatureMask}, {nuktFeatureTag, nuktFeatureMask}, {akhnFeatureTag, akhnFeatureMask}, debian/patches/CVE-2015-4760.patch0000644000000000000000000002161512574553340013253 0ustar Description: fix denial of service and possible code execution via overflows Origin: other, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47 Bug: http://bugs.icu-project.org/trac/ticket/11865 Index: icu-52.1/source/layout/ContextualGlyphInsertionProc2.cpp =================================================================== --- icu-52.1.orig/source/layout/ContextualGlyphInsertionProc2.cpp 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/ContextualGlyphInsertionProc2.cpp 2015-09-11 08:46:42.275331792 -0400 @@ -82,6 +82,10 @@ le_int16 markIndex = SWAPW(entry->markedInsertionListIndex); if (markIndex > 0) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5; le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike); le_bool isBefore = (flags & cgiMarkInsertBefore); @@ -90,6 +94,10 @@ le_int16 currIndex = SWAPW(entry->currentInsertionListIndex); if (currIndex > 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = flags & cgiCurrentInsertCountMask; le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike); le_bool isBefore = (flags & cgiCurrentInsertBefore); Index: icu-52.1/source/layout/ContextualGlyphSubstProc.cpp =================================================================== --- icu-52.1.orig/source/layout/ContextualGlyphSubstProc.cpp 2013-10-04 16:54:50.000000000 -0400 +++ icu-52.1/source/layout/ContextualGlyphSubstProc.cpp 2015-09-11 08:46:42.275331792 -0400 @@ -51,6 +51,10 @@ WordOffset currOffset = SWAPW(entry->currOffset); if (markOffset != 0 && LE_SUCCESS(success)) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew. @@ -58,6 +62,10 @@ } if (currOffset != 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew. Index: icu-52.1/source/layout/ContextualGlyphSubstProc2.cpp =================================================================== --- icu-52.1.orig/source/layout/ContextualGlyphSubstProc2.cpp 2013-10-04 16:54:52.000000000 -0400 +++ icu-52.1/source/layout/ContextualGlyphSubstProc2.cpp 2015-09-11 08:46:42.275331792 -0400 @@ -45,17 +45,25 @@ if(LE_FAILURE(success)) return 0; le_uint16 newState = SWAPW(entry->newStateIndex); le_uint16 flags = SWAPW(entry->flags); - le_int16 markIndex = SWAPW(entry->markIndex); - le_int16 currIndex = SWAPW(entry->currIndex); + le_uint16 markIndex = SWAPW(entry->markIndex); + le_uint16 currIndex = SWAPW(entry->currIndex); - if (markIndex != -1) { + if (markIndex != 0x0FFFF) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(markIndex, success)); LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = lookup(offset, mGlyph, success); glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph); } - if (currIndex != -1) { + if (currIndex != 0x0FFFF) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(currIndex, success)); LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = lookup(offset, thisGlyph, success); Index: icu-52.1/source/layout/IndicRearrangementProcessor.cpp =================================================================== --- icu-52.1.orig/source/layout/IndicRearrangementProcessor.cpp 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/IndicRearrangementProcessor.cpp 2015-09-11 08:46:42.275331792 -0400 @@ -45,6 +45,11 @@ ByteOffset newState = SWAPW(entry->newStateOffset); IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } Index: icu-52.1/source/layout/IndicRearrangementProcessor2.cpp =================================================================== --- icu-52.1.orig/source/layout/IndicRearrangementProcessor2.cpp 2013-10-04 16:54:56.000000000 -0400 +++ icu-52.1/source/layout/IndicRearrangementProcessor2.cpp 2015-09-11 08:46:42.279331836 -0400 @@ -43,6 +43,11 @@ le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } Index: icu-52.1/source/layout/LigatureSubstProc.cpp =================================================================== --- icu-52.1.orig/source/layout/LigatureSubstProc.cpp 2013-10-04 16:54:52.000000000 -0400 +++ icu-52.1/source/layout/LigatureSubstProc.cpp 2015-09-11 08:46:42.279331836 -0400 @@ -48,7 +48,7 @@ const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); ByteOffset newState = SWAPW(entry->newStateOffset); - le_int16 flags = SWAPW(entry->flags); + le_uint16 flags = SWAPW(entry->flags); if (flags & lsfSetComponent) { if (++m >= nComponents) { Index: icu-52.1/source/layout/StateTableProcessor.cpp =================================================================== --- icu-52.1.orig/source/layout/StateTableProcessor.cpp 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/StateTableProcessor.cpp 2015-09-11 08:46:42.283331881 -0400 @@ -60,6 +60,7 @@ if (currGlyph == glyphCount) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); Index: icu-52.1/source/layout/StateTableProcessor2.cpp =================================================================== --- icu-52.1.orig/source/layout/StateTableProcessor2.cpp 2013-10-04 16:54:56.000000000 -0400 +++ icu-52.1/source/layout/StateTableProcessor2.cpp 2015-09-11 08:46:42.287331925 -0400 @@ -78,6 +78,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -109,6 +110,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -146,6 +148,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else if(currGlyph > glyphCount) { // note if > glyphCount, we've run off the end (bad font) currGlyph = glyphCount; @@ -186,6 +189,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); if (glyphCode == 0xFFFF) { Index: icu-52.1/source/layout/StateTables.h =================================================================== --- icu-52.1.orig/source/layout/StateTables.h 2013-10-04 16:54:54.000000000 -0400 +++ icu-52.1/source/layout/StateTables.h 2015-09-11 08:46:42.291331970 -0400 @@ -101,7 +101,7 @@ struct StateEntry { ByteOffset newStateOffset; - le_int16 flags; + le_uint16 flags; }; typedef le_uint16 EntryTableIndex2; debian/patches/icudata-stdlibs.patch0000644000000000000000000000120112256335042014706 0ustar Index: icu-52~m1/source/config/mh-linux =================================================================== --- icu-52~m1.orig/source/config/mh-linux 2013-09-14 18:53:23.284040467 -0400 +++ icu-52~m1/source/config/mh-linux 2013-09-14 18:53:23.284040467 -0400 @@ -21,7 +21,9 @@ LD_RPATH_PRE = -Wl,-rpath, ## These are the library specific LDFLAGS -LDFLAGSICUDT=-nodefaultlibs -nostdlib +#LDFLAGSICUDT=-nodefaultlibs -nostdlib +# Debian change: linking icudata as data only causes too many problems. +LDFLAGSICUDT= ## Compiler switch to embed a library name # The initial tab in the next line is to prevent icu-config from reading it. debian/patches/gennorm2-man.patch0000644000000000000000000000663712256335042014154 0ustar Description: supply manual page for program that doesn't have one Author: Jay Berkenbilt Bug: http://bugs.icu-project.org/trac/ticket/7554 Index: icu-52~m1/source/tools/gennorm2/Makefile.in =================================================================== --- icu-52~m1.orig/source/tools/gennorm2/Makefile.in 2013-09-14 18:53:23.432040469 -0400 +++ icu-52~m1/source/tools/gennorm2/Makefile.in 2013-09-14 18:53:23.428040469 -0400 @@ -16,8 +16,13 @@ TARGET_STUB_NAME = gennorm2 +SECTION = 8 + +MAN_FILES = $(TARGET_STUB_NAME).$(SECTION) + + ## Extra files to remove for 'make clean' -CLEANFILES = *~ $(DEPS) +CLEANFILES = *~ $(DEPS) $(MAN_FILES) ## Target information TARGET = $(BINDIR)/$(TARGET_STUB_NAME)$(EXEEXT) @@ -44,12 +49,16 @@ dist: dist-local check: all check-local -all-local: $(TARGET) +all-local: $(TARGET) $(MAN_FILES) -install-local: all-local +install-local: all-local install-man $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) $(INSTALL) $(TARGET) $(DESTDIR)$(sbindir) +install-man: $(MAN_FILES) + $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/man$(SECTION) + $(INSTALL_DATA) $? $(DESTDIR)$(mandir)/man$(SECTION) + dist-local: clean-local: @@ -70,6 +79,11 @@ $(POST_BUILD_STEP) +%.$(SECTION): $(srcdir)/%.$(SECTION).in + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + ifeq (,$(MAKECMDGOALS)) -include $(DEPS) else Index: icu-52~m1/source/tools/gennorm2/gennorm2.8.in =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ icu-52~m1/source/tools/gennorm2/gennorm2.8.in 2013-09-14 18:53:23.428040469 -0400 @@ -0,0 +1,71 @@ +.\" Hey, Emacs! This is -*-nroff-*- you know... +.\" +.\" gennorm2.8: manual page for the gennorm2 utility +.\" +.\" Copyright (C) 2005-2006 International Business Machines Corporation and others +.\" +.TH GENNORM2 8 "15 March 2010" "ICU MANPAGE" "ICU @VERSION@ Manual" +.SH NAME +.B gennorm2 +\- Builds binary data file with Unicode normalization data. +.SH SYNOPSIS +.B gennorm2 +[ +.BR "\-h\fP, \fB\-?\fP, \fB\-\-help" +] +[ +.BR "\-V\fP, \fB\-\-version" +] +[ +.BR "\-c\fP, \fB\-\-copyright" +] +[ +.BR "\-v\fP, \fB\-\-verbose" +] +[ +.BI "\-u\fP, \fB\-\-unicode" " unicode\-version\-number" +] +[ +.BI "\-s\fP, \fB\-\-sourcedir" " source\-directory" +] +[ +.BI "\-o\fP, \fB\-\-output" " output\-filename" +] +.BI "\fB\-\-fast" +.SH DESCRIPTION +.B gennorm2 +reads text files that define Unicode normalization, +them, and builds a binary data file. +.SH OPTIONS +.TP +.BR "\-h\fP, \fB\-?\fP, \fB\-\-help" +Print help about usage and exit. +.TP +.BR "\-V\fP, \fB\-\-version" +Print the version of +.B gennorm2 +and exit. +.TP +.BR "\-c\fP, \fB\-\-copyright" +Include a copyright notice. +.TP +.BR "\-v\fP, \fB\-\-verbose" +Display extra informative messages during execution. +.TP +.BR "\-u\fP, \fB\-\-unicode" +Specify Unicode version number, such as 5.2.0. +.TP +.BI "\-s\fP, \fB\-\-sourcedir" " source\-directory" +Specify the input directory. +.TP +.BI "\-s\fP, \fB\-\-sourcedir" " source\-directory" +Set the name of the output file. +.TP +.BI "\fB\-\-fast" +optimize the .nrm file for fast normalization, +which might increase its size (Writes fully decomposed +regular mappings instead of delta mappings. +You should measure the runtime speed to make sure that +this is a good trade-off.) +.SH COPYRIGHT +Copyright (C) 2009-2010 International Business Machines Corporation and others debian/README.source0000644000000000000000000000147612256335042011357 0ustar INFORMATION SPECIFIC TO ICU =========================== The packaging guidelines in the ICU documentation suggest that packagers should use the --enable-renaming option to ./configure. We should not do this could potentially result in using the same soname with ABI changes. Although ICU guarantees that no documented parts of the public ABI will change, there is nothing to stop people from using undocumented or deprecated interfaces. For additional details, please see the thread about this topic on the icu-design list. You can get to the mailing list archives here: http://sourceforge.net/mailarchive/forum.php?forum_name=icu-design and find the thread from June 10, 2008 with the subject "debian: use of --disable-rename and ICU library sonames". -- Jay Berkenbilt , Sat, 6 Feb 2010 16:47:07 -0500 debian/icu-doc.install0000644000000000000000000000005512256335042012103 0ustar usr/share/doc/icu/html usr/share/doc/icu-doc debian/icu-doc.doc-base0000644000000000000000000000054612256335042012117 0ustar Document: icu-doc Title: ICU API Documentation Author: IBM Corporation and Others Abstract: This manual describes the APIs of the International Components for Unicode C/C++ library. It is a useful reference for the ICU programmer. Section: Programming Format: HTML Index: /usr/share/doc/icu-doc/html/index.html Files: /usr/share/doc/icu-doc/html/*.html debian/compat0000644000000000000000000000000212256335042010366 0ustar 9 debian/copyright0000644000000000000000000001555012256335042011131 0ustar This package was debianized by Jay Berkenbilt on August 5, 2005. The original source was downloaded from http://icu-project.org/download/latest_milestone.html The main web site for ICU is http://www.icu-project.org/ ICU contains components with different licensing terms. ICU License =========== ICU License - ICU 1.8.1 and later COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1995-2013 International Business Machines Corporation and others All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder. ---------------------------------------------------------------------- All trademarks and registered trademarks mentioned herein are the property of their respective owners. Unicode Data License ==================== UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE Unicode Data Files include all data files under the directories http://www.unicode.org/Public/, http://www.unicode.org/reports/, and http://www.unicode.org/cldr/data/ . Unicode Software includes any source code published in the Unicode Standard or under the directories http://www.unicode.org/Public/, http://www.unicode.org/reports/, and http://www.unicode.org/cldr/data/. NOTICE TO USER: Carefully read the following legal agreement. BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"), YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE THE DATA FILES OR SOFTWARE. COPYRIGHT AND PERMISSION NOTICE Copyright © 1991-2008 Unicode, Inc. All rights reserved. Distributed under the Terms of Use in http://www.unicode.org/copyright.html. Permission is hereby granted, free of charge, to any person obtaining a copy of the Unicode data files and any associated documentation (the "Data Files") or Unicode software and any associated documentation (the "Software") to deal in the Data Files or Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Data Files or Software, and to permit persons to whom the Data Files or Software are furnished to do so, provided that (a) the above copyright notice(s) and this permission notice appear with all copies of the Data Files or Software, (b) both the above copyright notice(s) and this permission notice appear in associated documentation, and (c) there is clear notice in each modified Data File or in the Software as well as in the documentation associated with the Data File(s) or Software that the data or software has been modified. THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE DATA FILES OR SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in these Data Files or Software without prior written authorization of the copyright holder. Additional Copyrights ===================== Some files are copyright by the following additional copyright holders, though in all cases, the copyright is held jointly with IBM and is subject ICU license above: * Google Inc. * Yahoo! Inc. Some files in source/data/sprep contain data that was programmatically extracted from RFC 3454, but this programmatic extraction was done as a one-time activity and is not part of ICU's build process. The non-free RFC 3454 document is not part of the sources. The files generated from RFC 3454 could be considered derived works, so the RFC 3454 copyright requires the inclusion of the original RFC 3454 copyright notice: This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. debian/libicu52.shlibs0000644000000000000000000000043612256335042012017 0ustar libicudata 52 libicu52 (>= 52~m1-1~) libicui18n 52 libicu52 (>= 52~m1-1~) libicuio 52 libicu52 (>= 52~m1-1~) libicule 52 libicu52 (>= 52~m1-1~) libiculx 52 libicu52 (>= 52~m1-1~) libicutest 52 libicu52 (>= 52~m1-1~) libicutu 52 libicu52 (>= 52~m1-1~) libicuuc 52 libicu52 (>= 52~m1-1~) debian/source/0000755000000000000000000000000012256335042010470 5ustar debian/source/format0000644000000000000000000000001412256335042011676 0ustar 3.0 (quilt) debian/libicu52.lintian-overrides0000644000000000000000000000026012256335042014164 0ustar # libicu52 installs multiple shared libraries, none of which is # actually called libicu.so.52, but all of which are libicu*.so.52. libicu52: package-name-doesnt-match-sonames debian/libicu52.install0000644000000000000000000000002412256335042012172 0ustar usr/lib/*/lib*.so.* debian/NEWS0000644000000000000000000000067712256335042007701 0ustar icu (4.3.4-1) experimental; urgency=low * Versions of ICU newer than 4.2 name the static libraries compatibly with shared libraries so building with static ICU libraries doesn't require special build code anymore. In versions prior to 4.2, the static libraries had an extra "s" in their names. For details, see http://bugs.icu-project.org/trac/ticket/6332 -- Jay Berkenbilt Sat, 06 Feb 2010 17:25:04 -0500 debian/fix_substvars.pl0000644000000000000000000000162012256335042012426 0ustar # # Remove any whose names that match the given pattern from the # shlibs:Depends entry in the given substvars. # BEGIN { $^W = 1; } use strict; my $whoami = ($0 =~ m,([^/\\]*)$,) ? $1 : $0; die "usage: $whoami substvars-file pattern" unless @ARGV == 2; my ($file, $pattern) = @ARGV; if (! -f $file) { exit 0; } open(F, "<$file") or die "$whoami: can't open $file: $!\n"; my @in = (); close(F); my @out = (); for (@in) { if (m/(shlibs:Depends=)(.*)/) { my $prefix = $1; my $contents = $2; my @items = split(',\s*', $contents); my @new = (); foreach my $i (@items) { $i =~ m/^(\S+)/ or die; my $pkg = $1; if ($pkg !~ m/^${pattern}$/) { push(@new, $i); } } push(@out, $prefix . join(', ', @new) . "\n"); } else { push(@out, $_); } } open(F, ">$file") or die "$whoami: can't open $file.new: $!\n"; foreach (@out) { print F $_; } close(F); debian/changelog0000644000000000000000000007331513256460720011056 0ustar icu (52.1-3ubuntu0.8) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in Persian Cal - debian/patches/CVE-2017-15422.patch: use int64_t math for one operation to avoid overflow, add tests in source/i18n/gregoimp.cpp, source/i18n/gregoimp.h, source/i18n/persncal.cpp, source/test/intltest/calregts.cpp, source/test/intltest/calregts.h. - CVE-2017-15422 -- Marc Deslauriers Tue, 27 Mar 2018 11:22:56 -0400 icu (52.1-3ubuntu0.7) trusty-security; urgency=medium * SECURITY UPDATE: double free - debian/patches/CVE-2017-14952.patch: fixes double free in createMetaZoneMappings() source/i18n/zonemeta.cpp. - CVE-2017-14952 -- Leonidas S. Barbosa Tue, 17 Oct 2017 09:13:32 -0300 icu (52.1-3ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in common/utext.cpp (LP: #1684298) - debian/patches/CVE-2017-786x.patch: properly handle chunk size in source/common/utext.cpp, added test to source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h. - CVE-2017-7867 - CVE-2017-7868 -- Marc Deslauriers Tue, 02 May 2017 09:43:38 -0400 icu (52.1-3ubuntu0.5) trusty-security; urgency=medium * SECURITY UPDATE: Multiple security issues. Synchronize security fixes with Debian's 52.1-8+deb8u4 release. Thanks to Laszlo Boszormenyi for the work this update is based on. - debian/patches/CVE-2014-9911.patch - debian/patches/CVE-2015-4844.patch - debian/patches/CVE-2016-0494.patch - debian/patches/CVE-2016-6293.patch - debian/patches/CVE-2016-7415.patch - CVE-2014-9911 - CVE-2015-4844 - CVE-2016-0494 - CVE-2016-6293 - CVE-2016-7415 -- Marc Deslauriers Fri, 10 Mar 2017 11:41:10 -0500 icu (52.1-3ubuntu0.4) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via mishandling of converter names with initial x- substrings - debian/patches/CVE-2015-1270.patch: fix logic in source/common/ucnv_io.cpp. - CVE-2015-1270 * SECURITY UPDATE: information disclosure via overflows - debian/patches/CVE-2015-2632.patch: properly calculate index in source/layout/Features.cpp, check for overflows in source/layout/LETableReference.h. - CVE-2015-2632 * SECURITY UPDATE: denial of service and possible code execution via overflows - debian/patches/CVE-2015-4760.patch: check bounds in source/layout/ContextualGlyphInsertionProc2.cpp, source/layout/ContextualGlyphSubstProc.cpp, source/layout/ContextualGlyphSubstProc2.cpp, source/layout/IndicRearrangementProcessor.cpp, source/layout/IndicRearrangementProcessor2.cpp, use unsigned flags in source/layout/LigatureSubstProc.cpp, source/layout/StateTables.h, properly handle errors in source/layout/StateTableProcessor.cpp, source/layout/StateTableProcessor2.cpp. - CVE-2015-4760 -- Marc Deslauriers Fri, 11 Sep 2015 09:28:05 -0400 icu (52.1-3ubuntu0.3) trusty-security; urgency=medium * SECURITY UPDATE: heap overflow via incorrect isolateCount - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in source/common/ubidi.c. - CVE-2015-8146 * SECURITY UPDATE: integer overflow via incorrect state size - debian/patches/CVE-2015-8147.patch: change state to int32_t in source/common/ubidiimp.h. - CVE-2015-8147 -- Marc Deslauriers Fri, 08 May 2015 08:49:45 -0400 icu (52.1-3ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: information disclosure via incorrect font file parsing - debian/patches/CVE-2014-65xx.patch: add checks to source/layout/ContextualSubstSubtables.cpp, source/layout/CursiveAttachmentSubtables.cpp, source/layout/Features.cpp, source/layout/LETableReference.h, source/layout/LigatureSubstSubtables.cpp, source/layout/MultipleSubstSubtables.cpp. - CVE-2014-6585 - CVE-2014-6591 * SECURITY UPDATE: denial of service or possible code execution in regular expressions - debian/patches/CVE-2014-7923.patch: add limits to source/i18n/regexcmp.cpp, add test to source/test/testdata/regextst.txt. - CVE-2014-7923 * SECURITY UPDATE: denial of service or possible code execution in regular expressions - debian/patches/CVE-2014-7926.patch: fix incorrect optimization in source/i18n/regexcmp.cpp, fix comment in source/i18n/regexcmp.h, add test to source/test/testdata/regextst.txt. - CVE-2014-7926 * SECURITY UPDATE: denial of service or possible code execution via uninitialized memory in the collator implementation - debian/patches/CVE-2014-7940.patch: properly handle memory in source/i18n/ucol.cpp. - CVE-2014-7940 * SECURITY UPDATE: denial of service via incorrect pattern size limits - debian/patches/CVE-2014-9654.patch: check limits in source/common/unicode/utypes.h, source/common/utypes.c, source/i18n/regexcmp.cpp, source/i18n/regexcmp.h, source/i18n/regeximp.h, added test to source/test/intltest/regextst.cpp, source/test/intltest/regextst.h. - CVE-2014-9654 * debian/patches/two-digit-year-test.patch: fix FTBFS caused by known test suite failure. -- Marc Deslauriers Wed, 04 Mar 2015 11:30:28 -0500 icu (52.1-3) unstable; urgency=medium * Add package dependency information to assist with upgrades in Ubuntu. This eliminates the need for a delta on the Ubuntu version of the package. -- Jay Berkenbilt Tue, 24 Dec 2013 11:45:03 -0500 icu (52.1-2) unstable; urgency=low * Re-upload to unstable -- Jay Berkenbilt Tue, 03 Dec 2013 16:05:40 -0500 icu (52.1-1) experimental; urgency=low * New upstream release * Standards version 3.9.5 (no changes required) -- Jay Berkenbilt Wed, 13 Nov 2013 16:20:40 -0500 icu (52~m1-2) experimental; urgency=low * Updated year in copyright file * Standards version 3.9.4 (no changes required) -- Jay Berkenbilt Sun, 15 Sep 2013 09:02:30 -0400 icu (52~m1-1) experimental; urgency=low * New upstream release * Fixed debian/watch file based on new version numbering * Various bugs have been fixed upstream. (Closes: #712501, #690156) * Avoid packaging debugging library for libicudata since it has no debugging symbols in it. (Closes: #698696) * Clarify some ambiguous language in the copyright file, and address the issue of derived data from an IETF RFC that does not actually appear in the sources. (Closes: #721590) -- Jay Berkenbilt Sat, 14 Sep 2013 20:52:27 -0400 icu (4.8.1.1-14) unstable; urgency=high * Acknowledge NMU. Thanks. * Update standards version to 3.9.5. No changes required. * No changes other than version numbers; uploading with urgency=high. -- Jay Berkenbilt Wed, 13 Nov 2013 16:19:32 -0500 icu (4.8.1.1-13+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-2924: use-after-free issue in csrucode.cpp (closes: #726477). -- Michael Gilbert Sun, 27 Oct 2013 03:49:58 +0000 icu (4.8.1.1-13) unstable; urgency=low * Multi-arch libicu-dev. Thanks Dmitrijs Ledkovs ! (Closes: #699763) * Mark doxygen as architecture-independent build dependency. (Closes: #706795) * Depend on autotools-dev to update config.guess -- Jay Berkenbilt Wed, 21 Aug 2013 20:01:15 -0400 icu (4.8.1.1-12) unstable; urgency=high * Add patch to address CVE-2013-0900, a threading race condition. (Closes: #702346) -- Jay Berkenbilt Thu, 21 Mar 2013 11:29:08 -0400 icu (4.8.1.1-11) unstable; urgency=medium * Fix crash on rendering incremental Malayalam text input. Thanks Colin Watson. (Closes: #702982) -- Jay Berkenbilt Sat, 16 Mar 2013 14:58:15 -0400 icu (4.8.1.1-10) unstable; urgency=low * Include pkg-config files in dev package. Thanks Tommi Vainikainen. (Closes: #687339) -- Jay Berkenbilt Sat, 17 Nov 2012 14:37:40 -0500 icu (4.8.1.1-9) unstable; urgency=low * debian/rules: Use xz compression for binary packages. (Closes: #683901) -- Jay Berkenbilt Sat, 11 Aug 2012 12:41:28 -0400 icu (4.8.1.1-8) unstable; urgency=low * Switch hardening back to hardening-wrapper again since otherwise some things sneak into icu-config's output. -- Jay Berkenbilt Tue, 05 Jun 2012 14:27:27 -0400 icu (4.8.1.1-7) unstable; urgency=low * Switch hardening back to dpkg-buildoptions. * Fix doc install for newer doxygen. (Closes: #674382) -- Jay Berkenbilt Thu, 24 May 2012 13:55:13 -0400 icu (4.8.1.1-6) unstable; urgency=low * Remove 32-bit packages built on 64-bit architectures, and enable Multiarch. (Closes: #665416) -- Jay Berkenbilt Sun, 22 Apr 2012 08:40:16 -0400 icu (4.8.1.1-5) unstable; urgency=low * Enable security hardening flags. Thanks to Simon Ruderich for doing 100% of the work, sending a clean patch, and providing clear instructions on how to verify. (Closes: #663601) -- Jay Berkenbilt Fri, 23 Mar 2012 22:45:55 -0400 icu (4.8.1.1-4) unstable; urgency=low * Add patch to add CCMP support for Indic. (Closes: #655101) * Update standards version. -- Jay Berkenbilt Sun, 11 Mar 2012 18:30:29 -0400 icu (4.8.1.1-3) unstable; urgency=high * Add patch to address CVE-2011-4599, a potential buffer overflow. (Closes: #654883) -- Jay Berkenbilt Sat, 21 Jan 2012 19:44:44 -0500 icu (4.8.1.1-2) unstable; urgency=low * debian/patches/icudata-stdlibs.patch: Link stdlibs to libicudata so we get reasonably sane ELF headers on armhf. Thanks Adam Conrad . (Closes: #653457) -- Jay Berkenbilt Wed, 04 Jan 2012 09:52:11 -0500 icu (4.8.1.1-1) unstable; urgency=low * New upstream release * Add simple patch to define PATH_MAX when not defined. Not an ideal solution, but it will do for now. (Closes: #643661) -- Jay Berkenbilt Wed, 09 Nov 2011 09:59:08 -0500 icu (4.8.1-2) experimental; urgency=low * Fix 64-bit kfreebsd configure problem. Thanks Petr Salinger. (Closes: #630517) -- Jay Berkenbilt Sat, 10 Sep 2011 08:17:58 -0400 icu (4.8.1-1) experimental; urgency=low * New upstream release * Remove 32-bit source directory on clean. (Closes: #630514) -- Jay Berkenbilt Sat, 03 Sep 2011 10:14:57 -0400 icu (4.8-1) experimental; urgency=low * New upstream release * Upstream release includes fix to RegexMatch crash (Closes: #606886) * Updated standards to 3.9.2; no changes required -- Jay Berkenbilt Sat, 28 May 2011 11:30:22 -0400 icu (4.4.2-2) unstable; urgency=low * Apply patch to fix Malayam rendering. (Closes: #591615) -- Jay Berkenbilt Thu, 25 Nov 2010 12:51:18 -0500 icu (4.4.2-1) unstable; urgency=low * New upstream release * Updated standards version to 3.9.1; no changes required -- Jay Berkenbilt Sun, 17 Oct 2010 11:06:20 -0400 icu (4.4.1-7) testing-proposed-updates; urgency=high * Apply patch to fix Malayam rendering. (Closes: #591615) -- Jay Berkenbilt Thu, 25 Nov 2010 12:07:26 -0500 icu (4.4.1-6) unstable; urgency=low * Include patch from Alexander Kurtz to solve failure to build from source resulting from doxygen generating different files. (Closes: #590393) -- Jay Berkenbilt Wed, 28 Jul 2010 18:44:01 -0400 icu (4.4.1-5) unstable; urgency=low * Include patch from upstream to fix arm assembler bug. Thanks to Adam Barratt for finding the fix. (Closes: #589076) -- Jay Berkenbilt Sat, 17 Jul 2010 07:30:22 -0400 icu (4.4.1-4) unstable; urgency=low * Re-upload to unstable * Remove conficts and replaces for packages that have been gone since before the release of lenny * Updated standards version to 3.9.0 -- Jay Berkenbilt Sun, 11 Jul 2010 12:19:00 -0400 icu (4.4.1-3) experimental; urgency=low * Replace my patch with a complete fix from upstream. The fix in the previous upload behaves identically in a debian environment, but it's better to track with upstream. -- Jay Berkenbilt Sat, 22 May 2010 08:32:48 -0400 icu (4.4.1-2) experimental; urgency=low * Increase buffer sizes in pkgdata. Prevents bus errors in kfreebsd and undetected overruns everywhere else. (Closes: #581174) -- Jay Berkenbilt Fri, 21 May 2010 21:56:34 -0400 icu (4.4.1-1) experimental; urgency=low * New upstream release * Removed kfreebsd patch as kfreebsd works out of the box now, according to upstream. -- Jay Berkenbilt Sat, 01 May 2010 10:45:04 -0400 icu (4.4-1) experimental; urgency=low * New upstream release -- Jay Berkenbilt Fri, 09 Apr 2010 22:27:30 -0400 icu (4.4~rc1-1) experimental; urgency=low * New upstream release -- Jay Berkenbilt Sat, 06 Mar 2010 11:54:54 -0500 icu (4.3.4-1) experimental; urgency=low * New upstream release * Upstream release includes change of static library names to be consistent with normal standards. (Closes: #469454) * Updated standards to 3.8.4. No changes needed. * Updated source format to '3.0 (quilt)' -- Jay Berkenbilt Sat, 06 Feb 2010 16:55:29 -0500 icu (4.2.1-3) unstable; urgency=low * Change install-doc target to not fail if there are subdirectories of doc/html. This is necessary to handle the doc/html/search directory created by doxygen 3.6.1. (Closes: #544799) -- Jay Berkenbilt Fri, 04 Sep 2009 11:56:06 -0400 icu (4.2.1-2) unstable; urgency=low * Added missing 4.0.1-4 entry to changelog. -- Jay Berkenbilt Wed, 19 Aug 2009 21:58:56 -0400 icu (4.2.1-1) unstable; urgency=low * New upstream release * Updated standards version to 3.8.3. No changes required. * First unstable upload to not use tarball in tarball packaging. (Closes: #538560) -- Jay Berkenbilt Wed, 19 Aug 2009 17:11:40 -0400 icu (4.2.1~rc1-3) experimental; urgency=low * More aggressive fix to invalid object files being written by pkgdata. This is a temporary fix until upstream provides a better one. (Closes: #530568) -- Jay Berkenbilt Sun, 28 Jun 2009 09:57:40 -0400 icu (4.2.1~rc1-2) experimental; urgency=low * Bug 530568 is not fixed. Add some debugging code. -- Jay Berkenbilt Sat, 27 Jun 2009 09:34:16 -0400 icu (4.2.1~rc1-1) experimental; urgency=low * New upstream release * Fixed bug in pkgdata that was causing build failures on most platforms. (Closes: #530568) * Removed /emul/ia32-linux stuff. (Closes: #533850) * Updated standards version to 3.8.2 -- Jay Berkenbilt Fri, 26 Jun 2009 22:12:55 -0400 icu (4.0.1-4) unstable; urgency=high * Added conflicts on older versions of libc6-i386 for 32-bit versions of the libraries installed on 64-bit systems. (Closes: #538836) -- Jay Berkenbilt Tue, 04 Aug 2009 08:54:45 -0400 icu (4.0.1-3) unstable; urgency=low * Removed /emul/ia32-linux stuff. (Closes: #533850) * Updated standards version to 3.8.2 * Fixed section of -dbg package -- Jay Berkenbilt Fri, 26 Jun 2009 22:12:06 -0400 icu (4.2-1) experimental; urgency=low * New upstream release * Updated standards to 3.8.1: no changes required. * Removed arm workarounds since the underlying problem has been fixed upstream and arm is no longer supported anyway. * Now that upstream has removed obsolete debian directory, this package no longer uses tarball-in-tarball packaging. -- Jay Berkenbilt Sun, 24 May 2009 09:35:30 -0400 icu (4.0.1-2) unstable; urgency=low * Include work-around from 3.8.1-3, inadvertently omitted from 4.0.1-1. -- Jay Berkenbilt Sun, 08 Mar 2009 09:39:51 -0400 icu (4.0.1-1) unstable; urgency=low * New upstream release (Closes: #516674) * Create README.source, convert patch system to quilt, update standards version to 3.8.0 * Applied patch for compilation under gcc 4.4. This has also been fixed upstream. (Closes: #505371) -- Jay Berkenbilt Sat, 07 Mar 2009 19:19:39 -0500 icu (3.8.1-3) unstable; urgency=medium * Work around gcc internal error on armel. Temporary until bug 484053 is resolved. -- Jay Berkenbilt Thu, 10 Jul 2008 14:25:30 -0400 icu (4.0-1) experimental; urgency=low * New upstream release * Remove setBreakType patch. See http://bugs.icu-project.org/trac/ticket/5498 for a discussion. Based on this report, and looking at the OpenOffice.org bug tracking system, it seems that this is no longer needed by OpenOffice. -- Jay Berkenbilt Tue, 08 Jul 2008 12:08:13 -0400 icu (4.0~d3-1) experimental; urgency=low * New upstream release -- Jay Berkenbilt Fri, 27 Jun 2008 22:23:10 -0400 icu (3.8.1-2) unstable; urgency=low * Patch from Harshula to fix split conjuncts problem in Sinhala. (Closes: #483563) * Force structures to be padded at byte boundaries (rather than 32-bit boundaries) on arm. (Closes: #484138) * Update doc-base section. -- Jay Berkenbilt Sat, 07 Jun 2008 13:09:07 -0400 icu (3.8.1-1) unstable; urgency=low * New upstream release * Patch to support GNU/kFreeBSD. Thanks Aurelien Jarno. (Closes: #461782) -- Jay Berkenbilt Mon, 11 Feb 2008 20:11:00 -0500 icu (3.8-6) unstable; urgency=high * Add debian/patches/00-cve-2007-4770-4771.patch created from with svn diff -c 23292 \ http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8 to address the following security vulnerablilities: - CVE-2007-4770: reference to non-existent capture group may cause access to invalid memory - CVE-2007-4771: buffer overflow in regexcmp.cpp (Closes: #463688) * Updated standards version to 3.7.3: no changes required. -- Jay Berkenbilt Thu, 07 Feb 2008 12:58:34 -0500 icu (3.8-5) unstable; urgency=low * Filter out extraneous dependencies among different versions of the library packages. (Closes: #451767, 451978) -- Jay Berkenbilt Sat, 01 Dec 2007 09:47:32 -0500 icu (3.8-4) experimental; urgency=low * Include changes from 3.6-10. -- Jay Berkenbilt Sun, 18 Nov 2007 11:04:16 -0500 icu (3.6-10) unstable; urgency=low * It appears that amd64 requires 32-bit libraries to be in /emul/ia32-linux/usr/lib instead of /usr/lib32. Following zlib's example of moving them around for amd64 only. (Closes: #451495) -- Jay Berkenbilt Sun, 18 Nov 2007 11:03:10 -0500 icu (3.8-3) experimental; urgency=low * Include changes from 3.6-9. * Include -dbg package with unstripped versions of the libraries. -- Jay Berkenbilt Sat, 17 Nov 2007 15:02:36 -0500 icu (3.6-9) unstable; urgency=low * Yet another 32-bit library fix. Files were installed in /32 because of the debian/tmp32 thing. How did this ever work? (Closes: #451495) -- Jay Berkenbilt Sat, 17 Nov 2007 12:12:18 -0500 icu (3.8-2) experimental; urgency=low * Include changes from 3.6-8. (Closes: #448747) -- Jay Berkenbilt Tue, 06 Nov 2007 20:58:09 -0500 icu (3.6-8) unstable; urgency=low * Clean up 32-bit library patch to avoid excessive and unnecessary runs of configure. (Closes: #447771) * make setBreakType public in rbbi.h; needed by OpenOffice.org. This patch is included in OpenOffice.org's internal ICU. Including it here allows OpenOffice.org to continue to use this ICU package. Thanks Rene Engelhard. (Closes: #448745) * Rename debian/watch.not-yet to debian/no-watch so it won't get picked up even though it's not supposed to. ICU's ftp site uses a structure that isn't supported by uscan. (Closes: #449701) -- Jay Berkenbilt Tue, 06 Nov 2007 20:56:38 -0500 icu (3.8-1) experimental; urgency=low * New upstream release. All previously included patches have been incorporated into upstream. -- Jay Berkenbilt Sat, 20 Oct 2007 11:53:32 -0400 icu (3.6-7) unstable; urgency=low * Fix bug in which 32-bit library installs were overwriting files for 64-bit libraries on amd64. Thanks Robert Millan for the patch. (Closes: #447275) -- Jay Berkenbilt Sat, 20 Oct 2007 11:30:12 -0400 icu (3.6-6) unstable; urgency=low * Oops: fixed one more problem with 32-bit builds on a 64-bit platform. Thanks Aaron Ucko. (Closes: #398778) -- Jay Berkenbilt Mon, 17 Sep 2007 15:19:59 -0400 icu (3.6-5) unstable; urgency=low * Add additional Build-Depends for 64-bit platforms. Thanks Robert Millan. (Closes: #398778) -- Jay Berkenbilt Mon, 17 Sep 2007 10:42:32 -0400 icu (3.6-4) unstable; urgency=low * Accepted patch from Robert Millan (with very slight, mostly cosmetic modifications) to build 32-bit libraries on 64-bit architectures. Many thanks to Robert Millan for supplying this patch! (Closes: #398778) -- Jay Berkenbilt Sat, 15 Sep 2007 21:42:33 -0400 icu (3.8~d01-1) experimental; urgency=low * New upstream release * Configure with weak reference to thread library. (Closes: #389260) * The development package no longer has the library soname in its name. It is now just libicu-dev. -- Jay Berkenbilt Sat, 04 Aug 2007 11:04:49 -0400 icu (3.6-3) unstable; urgency=low * Include patch from Samuel Thibault to allow icu to build on gnu hurd. (Closes: #414446) -- Jay Berkenbilt Tue, 10 Jul 2007 17:31:56 -0400 icu (3.6-2) unstable; urgency=low * Include patch to fix error in IndicClassTables to fix worstCaseExpansion for Sinhala. Thanks to Harshula for forwarding this. -- Jay Berkenbilt Mon, 27 Nov 2006 21:19:09 -0500 icu (3.6-1) unstable; urgency=low * New upstream release * Provide libicu34-dev since ICU 3.6 provides backward compatible interfaces in addition to new ones. -- Jay Berkenbilt Tue, 19 Sep 2006 12:10:41 -0400 icu (3.6~d02-1) experimental; urgency=low * New upstream release. * Remove special optimization hack to work around now-fixed m68k build problems. (Closes: #360743) * Update standards version. No changes required. -- Jay Berkenbilt Tue, 15 Aug 2006 16:34:34 -0400 icu (3.4.1a-1) unstable; urgency=low * Upstream re-released 3.4.1 without changing the version number because the header file with 3.4.1 still said it was 3.4. Unfortunately, the debian 3.4.1 package had already been uploaded. This "3.4.1a" release now matches upstream's 3.4.1. -- Jay Berkenbilt Wed, 29 Mar 2006 22:19:08 -0500 icu (3.4.1-1) unstable; urgency=low * New upstream release -- Jay Berkenbilt Fri, 3 Mar 2006 23:07:52 -0500 icu (3.4-4) unstable; urgency=low * Build with g++ 4.0 with -fno-strict-aliasing to work around g++ 4.0 bugs that impact ICU. Future versions should work properly with the latest g++ without any special flags. (Closes: #342970) * Enable static libraries. -- Jay Berkenbilt Sun, 22 Jan 2006 11:36:59 -0500 icu (3.4-3) unstable; urgency=low * Explicitly build with g++ 3.4. The current ICU fails its test suite with 4.0 but not with 3.4. Future versions should work properly with 4.0. -- Jay Berkenbilt Sat, 19 Nov 2005 11:29:31 -0500 icu (3.4-2) unstable; urgency=low * Remove some extraneous build steps that may cause problems with autobuilders. -- Jay Berkenbilt Sat, 13 Aug 2005 12:41:35 -0400 icu (3.4-1) unstable; urgency=low * New upstream release * Completely new packaging -- Jay Berkenbilt Fri, 5 Aug 2005 21:57:15 -0400 icu (2.1-3) unstable; urgency=low * New maintainer as per discussion with Ivo. * g++ 4.0 transition: libicu21c102 is now libicu21c2. * Accepted changes from NMU below for now. This change will be reversed soon when icu is updated to the current upstream version. The icu28 package will also be removed at that time, as per discussion with the icu28 maintainer. Closes: #301316 * Add shlibs files -- Jay Berkenbilt Sat, 9 Jul 2005 13:33:35 -0400 icu (2.1-2.1) unstable; urgency=medium * Rename icu-doc to icu21-doc. icu-doc is built by the icu28 package. -- Matthias Klose Sat, 21 May 2005 22:44:31 +0200 icu (2.1-2) unstable; urgency=low * debian/control: Changed maintainer, added Daniel Glassey as Uploader. (Reference: http://lists.debian.org/debian-devel/2003/debian-devel-200308/msg01963.html) -- Ivo Timmermans Sun, 18 Jan 2004 23:52:03 +0100 icu (2.6.1-1) experimental; urgency=low * New upstream version. * Ivo Timmermans: * debian/rules Don't create arch-all packages in the binary-arch target. Closes: #184403 -- Ivo Timmermans Thu, 6 Nov 2003 09:03:44 +0100 icu (2.6-1) experimental; urgency=low * New upstream version. Closes: #162975 * debian/control: New maintainers * Daniel Glassey: * debian/rules Don't use --enable-static as it bloats the packages * debian/rules Change the optimisations to -O3 and -O to get it to build * debian/rules get the latest config.{sub,guess} from /usr/share/misc so add build-dep on autotools-dev * debian/postinst gencnval is now in {prefix}/bin * Ivo Timmermans: * debian/control Tightened debhelper build dependency * debian/control Update Standards-Version -- Daniel Glassey Wed, 3 Sep 2003 12:39:35 +0200 icu (2.1-1.2) unstable; urgency=low * NMU. * Updated source/config.{sub,guess}. Closes: #182697 -- Ivo Timmermans Fri, 7 Mar 2003 20:58:23 +0100 icu (2.1-1.1) unstable; urgency=low * NMU. * debian/control: Go through G++ ABI transition. Closes: #180124 * source/common/unicode/docmain.h: Fix \mainpage and \section tags, so doxygen doesn't get confused any more. Closes: #178344 * debian/copyright: Added upstream URL. Closes: #165780 -- Ivo Timmermans Fri, 14 Feb 2003 15:21:56 +0100 icu (2.1-1) unstable; urgency=low * ICU 2.1 release. * Changed the icu package description. Closes: 142886 * Use -O1 for CXXFLAGS for OS/390. Closes: 143021 -- Yves Arrouye Mon, 15 Apr 2002 14:03:12 -0700 icu (2.0.2-1) unstable; urgency=low * Minor release of ICU with fixes for threading and strTo/FromWCS -- Yves Arrouye Tue, 2 Apr 2002 09:06:00 -0800 icu (2.0-2.1pre20020318-1) unstable; urgency=low * Use the library number in the development package too. * ICU changed to version 2.1. -- Yves Arrouye Tue, 19 Mar 2002 18:38:37 -0800 icu (2.0-2.1pre20020303-1) unstable; urgency=low * Fixed a crash in uconv when no argument is passed to -f or -t. * Other upstream changes. * Fresh upload with an up to date orig tar file so that future diffs won't be 6 megabytes long! -- Yves Arrouye Sun, 3 Mar 2002 15:31:13 -0800 icu (2.0-2.1pre-1) unstable; urgency=low * Prerelease of 2.1 with a working upgraded uconv(1). -- Yves Arrouye Fri, 1 Mar 2002 21:51:47 -0800 icu (2.0-3) unstable; urgency=low * Renamed doc-base to icu-doc.doc-base. Closes: 127487 -- Yves Arrouye Fri, 18 Jan 2002 22:33:53 -0800 icu (2.0-2) unstable; urgency=low * Fixed a bug in uprv_uca_cloneTempTable(). Closes: 128484 * Update Debian bugs status. Closes: 104642 * Use the official 2.0 tarball as the original tar. * Added manual pages for every tool. -- Yves Arrouye Wed, 16 Jan 2002 20:45:42 -0800 icu (2.0-1) unstable; urgency=low * Update to ICU version 2.0. -- Yves Arrouye Sat, 10 Nov 2001 21:58:19 -0800 icu (1.8.1-2) unstable; urgency=low * Updated copyright file. Closes: 112488 * Updated icu-locales description. Closes: 75499 -- Yves Arrouye Sat, 10 Nov 2001 21:24:58 -0800 icu (1.8.1-1.1) unstable; urgency=low * NMU to resolve build failures on ia64 and (hopefully) hppa. * config.{sub|guess} update * source/tools/ctestfw/ctest.c: Add static declaration to global variables local to that module to avoid @gprel relocation errors. Closes: 104642 -- Yves Arrouye Sat, 10 Nov 2001 21:24:44 -0800 icu (1.8.1-1) unstable; urgency=low * Update to ICU version 1.8.1. -- root Mon, 21 May 2001 15:27:36 -0700 icu (1.7-1) unstable; urgency=low * Update to ICU version 1.7. -- Yves Arrouye Tue, 21 Nov 2000 22:54:52 -0800 icu (1.6.0.1-20001113-2) unstable; urgency=low * New snapshot with better ISO-2022. -- Yves Arrouye Mon, 13 Nov 2000 21:05:00 -0800 icu (1.6.0.1-20001027-1) unstable; urgency=low * Move architecture-dependent files into /usr/lib, instead of /usr/share. * Move convrtrs.txt into /etc/icu, make it a conffile, and generate /usr/lib/icu/1.6.0.1/cnvalias.dat from it at postinst time. * Manage a /usr/lib/icu/current symbolic link across installations of the libicuXX packages. The symlink will always point to the highest numbered version of ICU. -- Yves Arrouye Fri, 27 Oct 2000 15:40:12 -0700 icu (1.6.0.1-20001017-1) unstable; urgency=low * Initial Release. -- Yves Arrouye Tue, 24 Oct 2000 16:14:12 -0700