pool/libidn
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add patch to fix bsc#1056450 CVE-2017-14062:

Browse Source 
* libidn-CVE-2017-14062.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libidn?expand=0&rev=55
This commit is contained in:
Tomáš Chvátal 2018-03-26 08:46:14 +00:00 committed by Git OBS Bridge
parent b17a2b889f
commit 592cbd312f
3 changed files with 52 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
libidn-CVE-2017-14062.patch Normal file
View File

@ -0,0 +1,33 @@
Index: libidn-1.28/lib/punycode.c
===================================================================
--- libidn-1.28.orig/lib/punycode.c
+++ libidn-1.28/lib/punycode.c
@@ -89,11 +89,11 @@ enum
/* point (for use in representing integers) in the range 0 to */
/* base-1, or base if cp does not represent a value. */
-static punycode_uint
-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
{
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
- cp - 97 < 26 ? cp - 97 : base;
+ return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+ cp - 97 < 26 ? cp - 97 : base);
}
/* encode_digit(d,flag) returns the basic code point whose value */
Index: libidn-1.28/tests/tst_idna.c
===================================================================
--- libidn-1.28.orig/tests/tst_idna.c
+++ libidn-1.28/tests/tst_idna.c
@@ -211,7 +211,7 @@ static const struct idna idna[] = {
'x', 'n', '-', '-', 'f', 'o', 0x3067},
IDNA_ACE_PREFIX "too long too long too long too long too long too "
"long too long too long too long too long ", 0,
- IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR}
+ IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH}
};
void

6
libidn.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 26 08:36:44 UTC 2018 - tchvatal@suse.com
- Add patch to fix bsc#1056450 CVE-2017-14062:
* libidn-CVE-2017-14062.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 22 15:10:36 UTC 2018 - fvogt@suse.com Thu Feb 22 15:10:36 UTC 2018 - fvogt@suse.com

22
libidn.spec
View File

@ -21,14 +21,19 @@ Name: libidn
Version: 1.33 Version: 1.33
Release: 0 Release: 0
Summary: Support for Internationalized Domain Names (IDN) Summary: Support for Internationalized Domain Names (IDN)
License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ and Apache-2.0 License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later AND Apache-2.0
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Url: http://www.gnu.org/software/libidn/ URL: http://www.gnu.org/software/libidn/
Source0: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz Source0: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz
Source1: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz.sig Source1: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz.sig
Source2: libidn.keyring Source2: libidn.keyring
Source3: baselibs.conf Source3: baselibs.conf
Patch0: libidn-gcc7-part1.patch Patch0: libidn-gcc7-part1.patch
Patch1: libidn-CVE-2017-14062.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: makeinfo
BuildRequires: pkgconfig BuildRequires: pkgconfig
Requires(post): %{install_info_prereq} Requires(post): %{install_info_prereq}
@ -47,7 +52,7 @@ IDNA is supported.
%package tools %package tools
Summary: Command line utility to convert Int. Domain Names Summary: Command line utility to convert Int. Domain Names
License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
Group: Productivity/Networking/DNS/Utilities Group: Productivity/Networking/DNS/Utilities
%description tools %description tools
@ -65,7 +70,7 @@ Compatible Encoding (ACE) via IDNA is supported.
%package -n %{lname} %package -n %{lname}
Summary: Support for Internationalized Domain Names (IDN) Summary: Support for Internationalized Domain Names (IDN)
License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
Group: System/Libraries Group: System/Libraries
%description -n %{lname} %description -n %{lname}
@ -83,7 +88,7 @@ Compatible Encoding (ACE) via IDNA is supported.
%package devel %package devel
Summary: Include Files and Libraries mandatory for Development Summary: Include Files and Libraries mandatory for Development
License: LGPL-2.1+ License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{lname} = %{version} Requires: %{lname} = %{version}
Requires: glibc-devel Requires: glibc-devel
@ -104,8 +109,10 @@ IDNA is supported.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
autoreconf -fvi
%configure \ %configure \
--disable-silent-rules \ --disable-silent-rules \
--with-pic \ --with-pic \
@ -134,23 +141,20 @@ make check %{?_smp_mflags}
%postun -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig
%files tools -f %{name}.lang %files tools -f %{name}.lang
%defattr(-,root,root)
%dir %{_datadir}/emacs %dir %{_datadir}/emacs
%dir %{_datadir}/emacs/site-lisp %dir %{_datadir}/emacs/site-lisp
%doc AUTHORS ChangeLog FAQ NEWS README THANKS TODO %doc AUTHORS ChangeLog FAQ NEWS README THANKS TODO
%{_infodir}/libidn* %{_infodir}/libidn*
%{_bindir}/idn %{_bindir}/idn
%{_mandir}/man1/idn.1%{ext_man} %{_mandir}/man1/idn.1%{?ext_man}
%{_datadir}/emacs/site-lisp/idna.el %{_datadir}/emacs/site-lisp/idna.el
%{_datadir}/emacs/site-lisp/punycode.el %{_datadir}/emacs/site-lisp/punycode.el
%files -n %{lname} %files -n %{lname}
%defattr(-,root,root)
%license COPYING* %license COPYING*
%{_libdir}/libidn.so.11* %{_libdir}/libidn.so.11*
%files devel %files devel
%defattr(-,root,root)
%{_libdir}/libidn.so %{_libdir}/libidn.so
%{_includedir}/*.h %{_includedir}/*.h
%{_libdir}/pkgconfig/libidn.pc %{_libdir}/pkgconfig/libidn.pc