From 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d Mon Sep 17 00:00:00 2001
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Date: Fri, 10 Nov 2017 17:46:10 +0200
Subject: icu: CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode
(ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary
code via a crafted string, aka a "redundant UVector entry clean up
function call" issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14952

Upstream patches:
http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/recipes-support/icu/icu/CVE-2017-14952.patch | 28 +++++++++++++++++++++++
 meta/recipes-support/icu/icu_59.1.bb              |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-support/icu/icu/CVE-2017-14952.patch

diff --git a/meta/recipes-support/icu/icu/CVE-2017-14952.patch b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
new file mode 100644
index 0000000000..f759efc435
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
@@ -0,0 +1,28 @@
+From fc83cd832725d3968011f118637b9f5d212e8717 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Fri, 10 Nov 2017 16:51:25 +0200
+Subject: [PATCH] Removed redundant UVector entry clean up function call.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14952
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ i18n/zonemeta.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/i18n/zonemeta.cpp b/i18n/zonemeta.cpp
+index 84a9657..e163b00 100644
+--- a/i18n/zonemeta.cpp
++++ b/i18n/zonemeta.cpp
+@@ -690,7 +690,6 @@ ZoneMeta::createMetazoneMappings(const UnicodeString &tzid) {
+                     mzMappings = new UVector(deleteOlsonToMetaMappingEntry, NULL, status);
+                     if (U_FAILURE(status)) {
+                         delete mzMappings;
+-                        deleteOlsonToMetaMappingEntry(entry);
+                         uprv_free(entry);
+                         break;
+                     }
+-- 
+2.10.2
+
diff --git a/meta/recipes-support/icu/icu_59.1.bb b/meta/recipes-support/icu/icu_59.1.bb
index 31f017b370..9fb1be81cc 100644
--- a/meta/recipes-support/icu/icu_59.1.bb
+++ b/meta/recipes-support/icu/icu_59.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \
            file://icu-pkgdata-large-cmd.patch \
            file://fix-install-manx.patch \
            file://0001-i18n-Drop-include-xlocale.h.patch \
+           file://CVE-2017-14952.patch \
            "
 
 SRC_URI_append_class-target = "\
-- 
cgit 1.2.3-korg