icu: 57.1 -> 58.2

[rasendubi]

Firefox requires new version of the icu to build:

checking for icu-i18n >= 58.1... Requested 'icu-i18n >= 58.1' but version of icu-i18n is 57.1
configure: error: Library requirements (icu-i18n >= 58.1) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.

Things done

• Tested using sandboxing
  (nix.useSandbox on NixOS,
  or option build-use-sandbox in nix.conf
  on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • Linux
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

---

[mention-bot]

@rasendubi, thanks for your PR! By analyzing the history of the files in this pull request, we identified @urkud, @edolstra and @pikajude to be potential reviewers.

[rasendubi]

@grahamc, I have removed security patches as they all fail to apply. I think they were fixed upstream; is there any quick way I can check that's correct?

[grahamc]

@rasendubi I think it is fairly safe to assume you're right. When they failed to apply, did it say something about it being a reverse patch?

[rasendubi]

I don't remember that. (I'm currently away from the computer, so can't check.)

I remember it said it skips chunks because could not find the context, and later on fails because none of the chunks have applied.

[c0bw3b]

According to ICU's TRAC #12276 CVE-2015-2632, CVE-2015-4844 and CVE-2016-0494 are not present in 58.x since the vulnerable module was removed.

According to Debian's DSA-3725 CVE-2016-6293 and CVE-2016-7415 was fixed in their 57.1-5 package.
The corresponding TRAC tickets are not public so can't be sure it was fixed upstream in 58.x

[c0bw3b]

Ah! Found the right page : http://site.icu-project.org/security

--> all CVEs are fixed in 58.2