Ubuntu has issued an advisory on October 23: https://usn.ubuntu.com/usn/usn-3458-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron. Advisory: ======================== Updated icu packages fix security vulnerability: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue (CVE-2017-14952). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 https://usn.ubuntu.com/usn/usn-3458-1/ ======================== Updated packages in core/updates_testing: ======================== icu-53.1-12.8.mga5 icu53-data-53.1-12.8.mga5 icu-doc-53.1-12.8.mga5 libicu53-53.1-12.8.mga5 libicu-devel-53.1-12.8.mga5 icu-58.2-3.1.mga6 icu58-data-58.2-3.1.mga6 icu-doc-58.2-3.1.mga6 libicu58-58.2-3.1.mga6 libicu-devel-58.2-3.1.mga6 from SRPMS: icu-53.1-12.8.mga5.src.rpm icu-58.2-3.1.mga6.src.rpm
Version: Cauldron => 6Assignee: shlomif => qa-bugsCC: (none) => shlomifWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
It didn't build in Cauldron due to test failures: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20171110203059.luigiwalser.duvel.27947/log/icu-59.1-3.mga7/build.0.20171110203106.log CC'ing tv who upgraded it to 59.1.
CC: (none) => thierry.vignaud
MGA5-32 on Asus A6000VM Xfce No installation issues Following some of the tests in bug 20706 Comment 5: at CLI: $ icuinfo <icuSystemParams type="icu4c"> <param name="copyright"> Copyright (C) 2014, International Business Machines Corporation and others. All Rights Reserved. </param> <param name="product">icu4c</param> <param name="product.full">International Components for Unicode for C/C++</param> <param name="version">53.1</param> <param name="version.unicode">6.3</param> ...and more of those </icuSystemParams> ICU Initialization returned: U_ZERO_ERROR Plugin file is: /usr/lib/icu/icuplugins53.txt $ uconv --list UTF-8 ibm-1208 ibm-1209 ibm-5304 ibm-5305 ibm-13496 ibm-13497 ibm-17592 ibm-17593 windows-65001 cp1208 x-UTF_8J unicode-1-1-utf-8 unicode-2-0-utf-8 and a lot more $ uconv --default-code UTF-8 using some txt file from previous update traces: $ uconv -f UTF8 -t UTF16 -o botan16.txt botan.txt used hexedit to see both files, result looks OK.
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OKCC: (none) => herman.viaene
Mageia 6 on x86_64 Updated the packages. Note that wine was updated as well. - icu-58.2-3.1.mga6.x86_64 - icu-doc-58.2-3.1.mga6.noarch - icu58-data-58.2-3.1.mga6.noarch - lib64icu-devel-58.2-3.1.mga6.x86_64 - lib64icu58-58.2-3.1.mga6.x86_64 - wine64-2.0.3-1.mga6.x86_64 $ icuinfo returned information about the installation, parameters etc. Finished on "ICU Initialization returned: U_ZERO_ERROR Plugins are disabled." $ ls /usr/lib64/icu 58.2/ current@ Makefile.inc@ pkgdata.inc@ As Herman says uconv returns a very long list of encodings. $ uconv --list UTF-8 ibm-1208 ibm-1209 ibm-5304 ibm-5305 ibm-13496 ibm-13497 ibm-17592 ibm-17593 windows-65001 cp1208 x-UTF_8J unicode-1-1-utf-8 unicode-2-0-utf-8 ............................... $ uconv --default-code UTF-8 $ uconv -f UTF-8 -t SJIS -o sjis.txt jabberwocky $ diff jabberwocky sjis.txt $ $ uconv -f SJIS -t ISO-8859-1 -o iso.txt sjis.txt diff, hexdump and file show that there is no difference between these three files; jabberwocky, iso.txt and sjis.txt. $ cat part2 π = 3.14159 or thereabouts $ uconv -f UTF-8 -t SJIS -o part3 part2 $ cat part3 �� = 3.14159 or thereabouts $ file part3 part3: Non-ISO extended-ASCII text $ uconv -f UTF-8 -t ISO-8859-1 -o part4 part2 Conversion from Unicode to codepage failed at input byte position 0. Unicode: 03c0 Error: Invalid character found So, the pi character cannot be handled at all by iso-8859-1. sjis can but transforms it to an unprintable character. $ hexdump part2 0000000 80cf 3d20 3320 312e 3134 3935 6f20 2072 0000010 6874 7265 6165 6f62 7475 0a73 000001c $ hexdump part3 0000000 ce83 3d20 3320 312e 3134 3935 6f20 2072 0000010 6874 7265 6165 6f62 7475 0a73 000001c π is the first two bytes of the dump. $ uconv -f UTF-8 -t IBM-1047 -o ibm.txt jabberwocky [lcl@belexeuli icu]$ cat ibm.txt %㦁�@�������@���@���@������@�����%ĉ�@����@���@���@������@��@���@����K%���@�����@����@���@���������%���@���@����@�����@��������K%% $ file ibm.txt ibm.txt: Non-ISO extended-ASCII text, with NEL line terminators $ uconv -f IBM-1047 -t us-ascii -o usa.txt ibm.txt $ file usa.txt usa.txt: ASCII text $ cat usa.txt Twas brillig and the slithy toves Did gyre and and gimble in the wabe. All mimsy were the borogoves And the mome raths outgrabe. This looks fine for 64 bits.
CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA-64-OK
Whiteboard: MGA5TOO MGA5-32-OK MGA-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
Updated the packages on Mageia 5 for x86_64. Clean install. Followed the same testing procedure as in comment 5. $ icuinfo ended with the lines: ICU Initialization returned: U_ZERO_ERROR Plugin file is: /usr/lib64/icu/icuplugins53.txt That file does not exist. $ ls -l /usr/lib64/icu/ drwxr-xr-x 2 root root 4096 Nov 12 20:18 53.1/ lrwxrwxrwx 1 root root 4 Nov 10 20:42 current -> 53.1/ lrwxrwxrwx 1 root root 20 Nov 10 20:42 Makefile.inc -> current/Makefile.inc lrwxrwxrwx 1 root root 19 Nov 10 20:42 pkgdata.inc -> current/pkgdata.inc Ran 'uconv --list' OK. $ uconv --default-code UTF-8 Ran conversions on available text files as before. No problems. Converting to a non-printing code and back again to ascii worked fine. Passing this for 64 bits.
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OK
Mageia 6 : i586 in virtualbox The five packages upgraded cleanly. Copied the previous tests and the results agreed in every detail. Good for 32 bits.
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OK MGA6-32-OK
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
advisory uploaded
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0411.html
Status: NEW => RESOLVEDResolution: (none) => FIXED