- Add patch to fix bsc#1056450 CVE-2017-14062:

* libidn-CVE-2017-14062.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libidn?expand=0&rev=55
2018-03-26 08:46:14 +00:00 · 2018-03-26 08:46:14 +00:00 · 592cbd312f
commit 592cbd312f
parent b17a2b889f
3 changed files with 52 additions and 9 deletions
--- a/libidn-CVE-2017-14062.patch
+++ b/libidn-CVE-2017-14062.patch
@ -0,0 +1,33 @@
+Index: libidn-1.28/lib/punycode.c
+===================================================================
+--- libidn-1.28.orig/lib/punycode.c
+++ libidn-1.28/lib/punycode.c
+@@ -89,11 +89,11 @@ enum
+ /* point (for use in representing integers) in the range 0 to */
+ /* base-1, or base if cp does not represent a value.          */
+ 
+-static punycode_uint
+-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
+ {
+-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+-    cp - 97 < 26 ? cp - 97 : base;
+  return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+    cp - 97 < 26 ? cp - 97 : base);
+ }
+ 
+ /* encode_digit(d,flag) returns the basic code point whose value      */
+Index: libidn-1.28/tests/tst_idna.c
+===================================================================
+--- libidn-1.28.orig/tests/tst_idna.c
+++ libidn-1.28/tests/tst_idna.c
+@@ -211,7 +211,7 @@ static const struct idna idna[] = {
+     'x', 'n', '-', '-', 'f', 'o', 0x3067},
+    IDNA_ACE_PREFIX "too long too long too long too long too long too "
+    "long too long too long too long too long ", 0,
+-   IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR}
+   IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH}
+ };
+ 
+ void
--- a/libidn.changes
+++ b/libidn.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 26 08:36:44 UTC 2018 - tchvatal@suse.com
+
+- Add patch to fix bsc#1056450 CVE-2017-14062:
+  * libidn-CVE-2017-14062.patch
+
 -------------------------------------------------------------------
 Thu Feb 22 15:10:36 UTC 2018 - fvogt@suse.com

--- a/libidn.spec
+++ b/libidn.spec
@ -21,14 +21,19 @@ Name:           libidn
 Version:        1.33
 Release:        0
 Summary:        Support for Internationalized Domain Names (IDN)
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ and Apache-2.0
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later AND Apache-2.0
 Group:          Development/Libraries/C and C++
-Url:            http://www.gnu.org/software/libidn/
+URL:            http://www.gnu.org/software/libidn/
 Source0:        http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz
 Source1:        http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz.sig
 Source2:        libidn.keyring
 Source3:        baselibs.conf
 Patch0:         libidn-gcc7-part1.patch
+Patch1:         libidn-CVE-2017-14062.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  makeinfo
 BuildRequires:  pkgconfig
 Requires(post): %{install_info_prereq}

@ -47,7 +52,7 @@ IDNA is supported.

 %package tools
 Summary:        Command line utility to convert Int. Domain Names
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
 Group:          Productivity/Networking/DNS/Utilities

 %description tools
@ -65,7 +70,7 @@ Compatible Encoding (ACE) via IDNA is supported.

 %package -n %{lname}
 Summary:        Support for Internationalized Domain Names (IDN)
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
 Group:          System/Libraries

 %description -n %{lname}
@ -83,7 +88,7 @@ Compatible Encoding (ACE) via IDNA is supported.

 %package devel
 Summary:        Include Files and Libraries mandatory for Development
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 Requires:       %{lname} = %{version}
 Requires:       glibc-devel
@ -104,8 +109,10 @@ IDNA is supported.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1

 %build
+autoreconf -fvi
 %configure \
    --disable-silent-rules \
    --with-pic \
@ -134,23 +141,20 @@ make check %{?_smp_mflags}
 %postun -n %{lname} -p /sbin/ldconfig

 %files tools -f %{name}.lang
-%defattr(-,root,root)
 %dir %{_datadir}/emacs
 %dir %{_datadir}/emacs/site-lisp
 %doc AUTHORS ChangeLog FAQ NEWS README THANKS TODO
 %{_infodir}/libidn*
 %{_bindir}/idn
-%{_mandir}/man1/idn.1%{ext_man}
+%{_mandir}/man1/idn.1%{?ext_man}
 %{_datadir}/emacs/site-lisp/idna.el
 %{_datadir}/emacs/site-lisp/punycode.el

 %files -n %{lname}
-%defattr(-,root,root)
 %license COPYING*
 %{_libdir}/libidn.so.11*

 %files devel
-%defattr(-,root,root)
 %{_libdir}/libidn.so
 %{_includedir}/*.h
 %{_libdir}/pkgconfig/libidn.pc