Hello community, here is the log from the commit of package libidn for openSUSE:Factory checked in at 2018-03-29 11:51:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libidn (Old) and /work/SRC/openSUSE:Factory/.libidn.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libidn" Thu Mar 29 11:51:15 2018 rev:50 rq:591041 version:1.33 Changes: -------- --- /work/SRC/openSUSE:Factory/libidn/libidn.changes 2018-03-01 12:05:54.902176389 +0100 +++ /work/SRC/openSUSE:Factory/.libidn.new/libidn.changes 2018-03-29 11:51:16.555756047 +0200 @@ -1,0 +2,11 @@ +Mon Mar 26 11:19:51 UTC 2018 - jengelh@inai.de + +- Update summaries. Remove ineffective --with-pic. + +------------------------------------------------------------------- +Mon Mar 26 08:36:44 UTC 2018 - tchvatal@suse.com + +- Add patch to fix bsc#1056450 CVE-2017-14062: + * libidn-CVE-2017-14062.patch + +------------------------------------------------------------------- New: ---- libidn-CVE-2017-14062.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libidn.spec ++++++ --- /var/tmp/diff_new_pack.uNcDIH/_old 2018-03-29 11:51:17.563719747 +0200 +++ /var/tmp/diff_new_pack.uNcDIH/_new 2018-03-29 11:51:17.567719603 +0200 @@ -21,7 +21,7 @@ Version: 1.33 Release: 0 Summary: Support for Internationalized Domain Names (IDN) -License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ and Apache-2.0 +License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later AND Apache-2.0 Group: Development/Libraries/C and C++ Url: http://www.gnu.org/software/libidn/ Source0: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz @@ -29,6 +29,11 @@ Source2: libidn.keyring Source3: baselibs.conf Patch0: libidn-gcc7-part1.patch +Patch1: libidn-CVE-2017-14062.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: makeinfo BuildRequires: pkgconfig Requires(post): %{install_info_prereq} @@ -47,7 +52,7 @@ %package tools Summary: Command line utility to convert Int. Domain Names -License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ +License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later Group: Productivity/Networking/DNS/Utilities %description tools @@ -65,7 +70,7 @@ %package -n %{lname} Summary: Support for Internationalized Domain Names (IDN) -License: (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ +License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later Group: System/Libraries %description -n %{lname} @@ -82,8 +87,8 @@ Compatible Encoding (ACE) via IDNA is supported. %package devel -Summary: Include Files and Libraries mandatory for Development -License: LGPL-2.1+ +Summary: Development files for libidn +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: glibc-devel @@ -104,11 +109,12 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build +autoreconf -fvi %configure \ --disable-silent-rules \ - --with-pic \ --disable-static \ --disable-gtk-doc make %{?_smp_mflags} @@ -134,23 +140,20 @@ %postun -n %{lname} -p /sbin/ldconfig %files tools -f %{name}.lang -%defattr(-,root,root) %dir %{_datadir}/emacs %dir %{_datadir}/emacs/site-lisp %doc AUTHORS ChangeLog FAQ NEWS README THANKS TODO %{_infodir}/libidn* %{_bindir}/idn -%{_mandir}/man1/idn.1%{ext_man} +%{_mandir}/man1/idn.1%{?ext_man} %{_datadir}/emacs/site-lisp/idna.el %{_datadir}/emacs/site-lisp/punycode.el %files -n %{lname} -%defattr(-,root,root) %license COPYING* %{_libdir}/libidn.so.11* %files devel -%defattr(-,root,root) %{_libdir}/libidn.so %{_includedir}/*.h %{_libdir}/pkgconfig/libidn.pc ++++++ libidn-CVE-2017-14062.patch ++++++ Index: libidn-1.28/lib/punycode.c =================================================================== --- libidn-1.28.orig/lib/punycode.c +++ libidn-1.28/lib/punycode.c @@ -89,11 +89,11 @@ enum /* point (for use in representing integers) in the range 0 to */ /* base-1, or base if cp does not represent a value. */ -static punycode_uint -decode_digit (punycode_uint cp) +static unsigned +decode_digit (int cp) { - return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : - cp - 97 < 26 ? cp - 97 : base; + return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : + cp - 97 < 26 ? cp - 97 : base); } /* encode_digit(d,flag) returns the basic code point whose value */ Index: libidn-1.28/tests/tst_idna.c =================================================================== --- libidn-1.28.orig/tests/tst_idna.c +++ libidn-1.28/tests/tst_idna.c @@ -211,7 +211,7 @@ static const struct idna idna[] = { 'x', 'n', '-', '-', 'f', 'o', 0x3067}, IDNA_ACE_PREFIX "too long too long too long too long too long too " "long too long too long too long too long ", 0, - IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR} + IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH} }; void