diff --git a/cmake/BuildICU.cmake b/cmake/BuildICU.cmake
index 28bb6428f28edfef15c70827e3e4c431e6b5ce68..68b94861c452ae7cbb1d67d959aa40f8622a2f17 100644
--- a/cmake/BuildICU.cmake
+++ b/cmake/BuildICU.cmake
@@ -42,10 +42,6 @@ ExternalProject_Add(bundled-icu-project
${CMAKE_COMMAND} -E touch <BINARY_DIR>/uconfig.h &&
cat <BINARY_DIR>/uconfig.h.prepend <INSTALL_DIR>/include/unicode/uconfig.h >> <BINARY_DIR>/uconfig.h &&
${CMAKE_COMMAND} -E copy_if_different <BINARY_DIR>/uconfig.h <INSTALL_DIR>/include/unicode/uconfig.h
- PATCH_COMMAND patch -d <SOURCE_DIR> -p1 -i "${ICU_PATCHES_DIR}/icu-tarantool-security-45.patch"
- COMMAND patch -d <SOURCE_DIR> -p1 -i "${ICU_PATCHES_DIR}/icu-tarantool-security-59.patch"
- COMMAND patch -d <SOURCE_DIR> -p1 -i "${ICU_PATCHES_DIR}/icu-tarantool-security-61.patch"
- COMMAND patch -d <SOURCE_DIR> -p1 -i "${ICU_PATCHES_DIR}/icu-tarantool-security-96.patch"
BUILD_BYPRODUCTS ${ICU_I18N_LIBRARY} ${ICU_UC_LIBRARY} ${ICU_DATA_LIBRARY}
DOWNLOAD_EXTRACT_TIMESTAMP TRUE
)
diff --git a/cmake/BuildReadline.cmake b/cmake/BuildReadline.cmake
index 70738b3e336e8233af417c3bd7116736bd8b684d..41c821e95493d500c470c4f300a9d0844d71e690 100644
--- a/cmake/BuildReadline.cmake
+++ b/cmake/BuildReadline.cmake
@@ -89,8 +89,6 @@ ExternalProject_Add(bundled-readline-project
--prefix=<INSTALL_DIR>
--disable-shared
- PATCH_COMMAND patch -d <SOURCE_DIR> -p0 -i "${READLINE_PATCHES_DIR}/readline80-001.patch"
- COMMAND patch -d <SOURCE_DIR> -p1 -i "${READLINE_PATCHES_DIR}/readline-tarantool-security-95.patch"
BUILD_BYPRODUCTS ${READLINE_LIBRARY}
DOWNLOAD_EXTRACT_TIMESTAMP TRUE
)
diff --git a/patches/icu-tarantool-security-45.patch b/patches/icu-tarantool-security-45.patch
deleted file mode 100644
index 6aa44a903475aa2f6cb14866520074d20d4452d5..0000000000000000000000000000000000000000
--- a/patches/icu-tarantool-security-45.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/source/i18n/reldtfmt.cpp b/source/i18n/reldtfmt.cpp
-index 5fdef1c..7f65fcd 100644
---- a/source/i18n/reldtfmt.cpp
-+++ b/source/i18n/reldtfmt.cpp
-@@ -495,7 +495,7 @@ struct RelDateFmtDataSink : public ResourceSink {
-
- // Put in the proper spot, but don't override existing data.
- n = offset + UDAT_DIRECTION_THIS; // Converts to index in UDAT_R
-- if (n < fDatesLen && fDatesPtr[n].string == NULL) {
-+ if (0 <= n && n < fDatesLen && fDatesPtr[n].string == NULL) {
- // Not found and n is an empty slot.
- fDatesPtr[n].offset = offset;
- fDatesPtr[n].string = value.getString(len, errorCode);
diff --git a/patches/icu-tarantool-security-59.patch b/patches/icu-tarantool-security-59.patch
deleted file mode 100644
index f41ec006adb0847931e92c5a274cff459a897e7c..0000000000000000000000000000000000000000
--- a/patches/icu-tarantool-security-59.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/source/common/utrie2.cpp b/source/common/utrie2.cpp
-index 24ef578..359952a 100644
---- a/source/common/utrie2.cpp
-+++ b/source/common/utrie2.cpp
-@@ -574,7 +574,15 @@ enumEitherTrie(const UTrie2 *trie,
- c+=UTRIE2_DATA_BLOCK_LENGTH;
- } else {
- for(j=0; j<UTRIE2_DATA_BLOCK_LENGTH; ++j) {
-- value=enumValue(context, data32!=NULL ? data32[block+j] : idx[block+j]);
-+ if (data32!=NULL) {
-+ value=enumValue(context, data32[block+j]);
-+ } else if (idx!=NULL) {
-+ value=enumValue(context, idx[block+j]);
-+ } else {
-+ /* data32 and idx are not supposed to be NULL at the same time */
-+ U_ASSERT(false);
-+ return;
-+ }
- if(value!=prevValue) {
- if(prev<c && !enumRange(context, prev, c-1, prevValue)) {
- return;
diff --git a/patches/icu-tarantool-security-61.patch b/patches/icu-tarantool-security-61.patch
deleted file mode 100644
index d9fce1906d15d2526022b63314879a847078e7dd..0000000000000000000000000000000000000000
--- a/patches/icu-tarantool-security-61.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/source/i18n/unum.cpp b/source/i18n/unum.cpp
-index 7043f7a..0f70c5c 100644
---- a/source/i18n/unum.cpp
-+++ b/source/i18n/unum.cpp
-@@ -164,7 +164,9 @@ unum_clone(const UNumberFormat *fmt,
- } else {
- const RuleBasedNumberFormat* rbnf = dynamic_cast<const RuleBasedNumberFormat*>(nf);
- U_ASSERT(rbnf != NULL);
-- res = rbnf->clone();
-+ if (rbnf != NULL) {
-+ res = rbnf->clone();
-+ }
- }
-
- if(res == 0) {
diff --git a/patches/icu-tarantool-security-96.patch b/patches/icu-tarantool-security-96.patch
deleted file mode 100644
index 748b50566cb4f35799d4dece2c3645972d527e83..0000000000000000000000000000000000000000
--- a/patches/icu-tarantool-security-96.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/source/i18n/dangical.cpp b/source/i18n/dangical.cpp
-index 234c44b..f5343d0 100644
---- a/source/i18n/dangical.cpp
-+++ b/source/i18n/dangical.cpp
-@@ -136,7 +136,7 @@ static void U_CALLCONV initDangiCalZoneAstroCalc(UErrorCode &status) {
- ucln_i18n_registerCleanup(UCLN_I18N_DANGI_CALENDAR, calendar_dangi_cleanup);
- }
-
--const TimeZone* DangiCalendar::getDangiCalZoneAstroCalc(UErrorCode &status) const {
-+const TimeZone* DangiCalendar::getDangiCalZoneAstroCalc(UErrorCode &status) {
- umtx_initOnce(gDangiCalendarInitOnce, &initDangiCalZoneAstroCalc, status);
- return gDangiCalendarZoneAstroCalc;
- }
-diff --git a/source/i18n/dangical.h b/source/i18n/dangical.h
-index 128f3af..e240272 100644
---- a/source/i18n/dangical.h
-+++ b/source/i18n/dangical.h
-@@ -74,7 +74,7 @@ class DangiCalendar : public ChineseCalendar {
-
- private:
-
-- const TimeZone* getDangiCalZoneAstroCalc(UErrorCode &status) const;
-+ static const TimeZone* getDangiCalZoneAstroCalc(UErrorCode &status);
-
- // UObject stuff
- public:
diff --git a/patches/readline-tarantool-security-95.patch b/patches/readline-tarantool-security-95.patch
deleted file mode 100644
index c4fa559815a95c0ea2d2391b0eed4fd0213572c2..0000000000000000000000000000000000000000
--- a/patches/readline-tarantool-security-95.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- readline.old/histfile.c 2023-02-17 13:01:18.515248292 +0300
-+++ readline/histfile.c 2023-02-17 13:02:42.034252562 +0300
-@@ -492,6 +492,7 @@
- tempname = 0;
- file = filename ? open (filename, O_RDONLY|O_BINARY, 0666) : -1;
- rv = exists = 0;
-+ orig_lines = lines;
-
- /* Don't try to truncate non-regular files. */
- if (file == -1 || fstat (file, &finfo) == -1)
-@@ -547,7 +548,6 @@
- goto truncate_exit;
- }
-
-- orig_lines = lines;
- /* Count backwards from the end of buffer until we have passed
- LINES lines. bp1 is set funny initially. But since bp[1] can't
- be a comment character (since it's off the end) and *bp can't be
diff --git a/patches/readline80-001.patch b/patches/readline80-001.patch
deleted file mode 100644
index aa72a9dfa72774b9ce53fa37f1c2f13fc4dd3709..0000000000000000000000000000000000000000
--- a/patches/readline80-001.patch
+++ /dev/null
@@ -1,38 +0,0 @@
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 8.0
-Patch-ID: readline80-001
-
-Bug-Reported-by: chet.ramey@case.edu
-Bug-Reference-ID:
-Bug-Reference-URL:
-
-Bug-Description:
-
-The history file reading code doesn't close the file descriptor open to
-the history file when it encounters a zero-length file.
-
-Patch (apply with `patch -p0'):
-
-*** ../readline-8.0-patched/histfile.c 2018-06-11 09:14:52.000000000 -0400
---- histfile.c 2019-05-16 15:55:57.000000000 -0400
-***************
-*** 306,309 ****
---- 312,316 ----
- {
- free (input);
-+ close (file);
- return 0; /* don't waste time if we don't have to */
- }
-*** ../readline-8.0/patchlevel 2013-11-15 08:11:11.000000000 -0500
---- patchlevel 2014-03-21 08:28:40.000000000 -0400
-***************
-*** 1,3 ****
- # Do not edit -- exists only for use by patch
-
-! 0
---- 1,3 ----
- # Do not edit -- exists only for use by patch
-
-! 1
diff --git a/vendor/icu4c-71_1/source/common/utrie2.cpp b/vendor/icu4c-71_1/source/common/utrie2.cpp
index 24ef5782c90565c7567dac81e3758256bbdceeb5..359952a571656f10b0f5d9ea6127ddf2882e445a 100644
--- a/vendor/icu4c-71_1/source/common/utrie2.cpp
+++ b/vendor/icu4c-71_1/source/common/utrie2.cpp
@@ -574,7 +574,15 @@ enumEitherTrie(const UTrie2 *trie,
c+=UTRIE2_DATA_BLOCK_LENGTH;
} else {
for(j=0; j<UTRIE2_DATA_BLOCK_LENGTH; ++j) {
- value=enumValue(context, data32!=NULL ? data32[block+j] : idx[block+j]);
+ if (data32!=NULL) {
+ value=enumValue(context, data32[block+j]);
+ } else if (idx!=NULL) {
+ value=enumValue(context, idx[block+j]);
+ } else {
+ /* data32 and idx are not supposed to be NULL at the same time */
+ U_ASSERT(false);
+ return;
+ }
if(value!=prevValue) {
if(prev<c && !enumRange(context, prev, c-1, prevValue)) {
return;
diff --git a/vendor/icu4c-71_1/source/i18n/dangical.cpp b/vendor/icu4c-71_1/source/i18n/dangical.cpp
index 57fe80220b9ab67f5ecdf71033b1a7e4907db4c8..51e1af25130595a0ad680e876835f6dad9cb2055 100644
--- a/vendor/icu4c-71_1/source/i18n/dangical.cpp
+++ b/vendor/icu4c-71_1/source/i18n/dangical.cpp
@@ -136,7 +136,7 @@ static void U_CALLCONV initDangiCalZoneAstroCalc(UErrorCode &status) {
ucln_i18n_registerCleanup(UCLN_I18N_DANGI_CALENDAR, calendar_dangi_cleanup);
}
-const TimeZone* DangiCalendar::getDangiCalZoneAstroCalc(UErrorCode &status) const {
+const TimeZone* DangiCalendar::getDangiCalZoneAstroCalc(UErrorCode &status) {
umtx_initOnce(gDangiCalendarInitOnce, &initDangiCalZoneAstroCalc, status);
return gDangiCalendarZoneAstroCalc;
}
diff --git a/vendor/icu4c-71_1/source/i18n/dangical.h b/vendor/icu4c-71_1/source/i18n/dangical.h
index 9d0437264ef175bdaa6edcf1193344b7065e92db..642fa6caccda74bb193ceaefa81bd3967b772907 100644
--- a/vendor/icu4c-71_1/source/i18n/dangical.h
+++ b/vendor/icu4c-71_1/source/i18n/dangical.h
@@ -74,7 +74,7 @@ class DangiCalendar : public ChineseCalendar {
private:
- const TimeZone* getDangiCalZoneAstroCalc(UErrorCode &status) const;
+ static const TimeZone* getDangiCalZoneAstroCalc(UErrorCode &status);
// UObject stuff
public:
diff --git a/vendor/icu4c-71_1/source/i18n/reldtfmt.cpp b/vendor/icu4c-71_1/source/i18n/reldtfmt.cpp
index 5fdef1c0d676d4339990f37f589e55dac7d65cf6..7f65fcddb3befc0fcb5b2f30d6aecd3759967608 100644
--- a/vendor/icu4c-71_1/source/i18n/reldtfmt.cpp
+++ b/vendor/icu4c-71_1/source/i18n/reldtfmt.cpp
@@ -495,7 +495,7 @@ struct RelDateFmtDataSink : public ResourceSink {
// Put in the proper spot, but don't override existing data.
n = offset + UDAT_DIRECTION_THIS; // Converts to index in UDAT_R
- if (n < fDatesLen && fDatesPtr[n].string == NULL) {
+ if (0 <= n && n < fDatesLen && fDatesPtr[n].string == NULL) {
// Not found and n is an empty slot.
fDatesPtr[n].offset = offset;
fDatesPtr[n].string = value.getString(len, errorCode);
diff --git a/vendor/icu4c-71_1/source/i18n/unum.cpp b/vendor/icu4c-71_1/source/i18n/unum.cpp
index 7043f7adc12308cd8a34c012a52e08800e69d128..0f70c5cc34a3aa2ed9ce061776a5d7896e5404bc 100644
--- a/vendor/icu4c-71_1/source/i18n/unum.cpp
+++ b/vendor/icu4c-71_1/source/i18n/unum.cpp
@@ -164,7 +164,9 @@ unum_clone(const UNumberFormat *fmt,
} else {
const RuleBasedNumberFormat* rbnf = dynamic_cast<const RuleBasedNumberFormat*>(nf);
U_ASSERT(rbnf != NULL);
- res = rbnf->clone();
+ if (rbnf != NULL) {
+ res = rbnf->clone();
+ }
}
if(res == 0) {
diff --git a/vendor/openssl-3.2.3/ssl/statem/extensions_clnt.c b/vendor/openssl-3.2.3/ssl/statem/extensions_clnt.c
index 5bce30b584f01ffe5cebc70945be9d1a433ca49a..7d6454310b8e4fafb35596005cdc04769e8935c6 100644
--- a/vendor/openssl-3.2.3/ssl/statem/extensions_clnt.c
+++ b/vendor/openssl-3.2.3/ssl/statem/extensions_clnt.c
@@ -286,6 +286,7 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+ || !s->session
|| !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
diff --git a/vendor/readline-8.0/histfile.c b/vendor/readline-8.0/histfile.c
index dc64bde1c5acf8c117080eb7c783a2cd3181311d..cfd6273cd37b234d8df60f83314dd9cfae848a41 100644
--- a/vendor/readline-8.0/histfile.c
+++ b/vendor/readline-8.0/histfile.c
@@ -491,6 +491,7 @@ history_truncate_file (const char *fname, int lines)
tempname = 0;
file = filename ? open (filename, O_RDONLY|O_BINARY, 0666) : -1;
rv = exists = 0;
+ orig_lines = lines;
/* Don't try to truncate non-regular files. */
if (file == -1 || fstat (file, &finfo) == -1)
@@ -546,7 +547,6 @@ history_truncate_file (const char *fname, int lines)
goto truncate_exit;
}
- orig_lines = lines;
/* Count backwards from the end of buffer until we have passed
LINES lines. bp1 is set funny initially. But since bp[1] can't
be a comment character (since it's off the end) and *bp can't be