CVE-2008-1036 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1036): International Components for Unicode (ICU) in Apple Mac OS X before 10.5.3 omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
icu patches: http://bugs.icu-project.org/trac/changeset/23571 http://bugs.icu-project.org/trac/changeset/23572 icu4j patches: http://bugs.icu-project.org/trac/changeset/23606
*PING*
icu4j-4.0 in tree already has those fixes and 3.8.1 (latest stable in slot 0) doesn't have those classes. So icu4j is safe. Thanks for the report anyways.
I'm highly unlikely to do this. I've very limited time at the moment and I have never ever touched this package, nor do I have a clue why this is maintained by PHP at all (PHP6 is supposed to make use of it at some time, but I believe they use a bundled (and modified) version anyway)... Re-adding java herd, do you have any interest in maintaining this package?
dev-libs/icu-4.0.1 is now in the tree.
Arches, please test and mark stable: =dev-libs/icu-4.0.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
I'm seeing build failures here. Nothing jumps out at first glances. Others? powerpc-unknown-linux-gnu-gcc -D_REENTRANT -I../../common -I./../toolutil -O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec -c -o gennorm.o gennorm.c powerpc-unknown-linux-gnu-gcc -D_REENTRANT -I../../common -I./../toolutil -O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec -c -o store.o store.c powerpc-unknown-linux-gnu-g++ -O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec -Wl,-O1 -o ../../bin/gennorm gennorm.o store.o -L../../lib -licutu -L../../lib -licui18n -L../../lib -licuuc -L../../lib -L../../stubdata -licudata -lpthread -lm make[2]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools/gennorm' make[1]: Making `all' in `icuswap' make[2]: Entering directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools/icuswap' generating dependency information for icuswap.cpp make[2]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools/icuswap' make[2]: Entering directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools/icuswap' powerpc-unknown-linux-gnu-g++ -D_REENTRANT -I../../common -I./../toolutil -O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec -c -o icuswap.o icuswap.cpp powerpc-unknown-linux-gnu-g++ -O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec -Wl,-O1 -o ../../bin/icuswap icuswap.o -L../../lib -licutu -L../../lib -licui18n -L../../lib -licuuc -L../../lib -L../../stubdata -licudata -lpthread -lm make[2]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools/icuswap' make[2]: Entering directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools' make[2]: Nothing to be done for `all-local'. make[2]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools' make[1]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/tools' make[0]: Making `all' in `data' make[1]: Entering directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/data' make[1]: *** No rule to make target `out', needed by `out/icudt40b.dat'. Stop. make[1]: *** Waiting for unfinished jobs.... /bin/sh ../mkinstalldirs ./out ./out/build ./out/build/icudt40b ./out/build/icudt40b/brkitr ./out/build/icudt40b/coll ./out/build/icudt40b/rbnf ./out/build/icudt40b/translit ./out/tmp ./out/tmp/coll ./out/tmp/rbnf ./out/tmp/translit ./out/tmp/brkitr mkdir ./out mkdir ./out/build mkdir ./out/build/icudt40b mkdir ./out/build/icudt40b/brkitr mkdir ./out/build/icudt40b/coll mkdir ./out/build/icudt40b/rbnf mkdir ./out/build/icudt40b/translit mkdir ./out/tmp mkdir ./out/tmp/coll mkdir ./out/tmp/rbnf mkdir ./out/tmp/translit mkdir ./out/tmp/brkitr make[1]: Leaving directory `/var/tmp/portage/dev-libs/icu-4.0.1/work/icu/source/data' make: *** [all-recursive] Error 2 emerge --info as follows: quad icu # emerge --info Portage 2.1.6.11 (default/linux/powerpc/ppc64/2008.0/32bit-userland/desktop, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.27-gentoo-r8-g5-64 ppc64) ================================================================= System uname: Linux-2.6.27-gentoo-r8-g5-64-ppc64-PPC970MP,_altivec_supported-with-glibc2.0 Timestamp of tree: Mon, 13 Apr 2009 13:45:02 +0000 distcc 3.0 powerpc-unknown-linux-gnu [disabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r14, 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="ppc" CBUILD="powerpc-unknown-linux-gnu" CFLAGS="-O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec" CHOST="powerpc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec" DISTDIR="/usr/portage/distfiles" FEATURES="cvs distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.mirrors.tds.net/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/x11 /usr/portage/local/layman/powerpc /usr/portage/local/layman/cell /usr/local/portage" SYNC="rsync://butthead/gentoo-portage" USE="X acl alsa berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt ctype cups curl dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran ftp gcc64 gcj gdbm gif gnome gpm gstreamer gtk hal iconv imap ipv6 isdnlog jpeg kde kerberos ldap libnotify mad meanwhile midi mikmod motif mp3 mpeg msn mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppc ppds pppd python qt3 qt3support qt4 quicktime readline reflection samba sdl session sockets spell spl ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis xinerama xml xorg xulrunner xv zlib" ALSA_CARDS="aoa aoa-fabric-layout aoa-onyx aoa-soundbus aoa-soundbus-i2s aoa-tas aoa-toonie powermac usb-audio via82xx" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard evdev mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
thansk for the tests, we'll readd arches once bug 265128 is fixed.
It's fixed.
Please stabilize dev-libs/icu-4.0.1.
ppc and ppc64 done
amd64/x86 stable
Stable for HPPA.
Stable on alpha. All tests pass.
arm/ia64/s390/sh/sparc stable
Ready for voting, I'd say NO.
No too, kthxbye.
