On 06/12/2017 02:19 PM, Josef Moellers wrote: >>> And then go back to v1.18 and try to build/test that (or eventually to >>> v1.17.1). That should compile with libidn instead libidn2. >> >> I'll first try to build 1.14 without any ouf our local patches. As you >> say: it works on your system (maybe I should also try on a local Ubuntu >> machine), so it's strange that it doesn't work on my VM. Maybe there's >> something in one of the patches ... > > FYI It's the attached patch which is supposed to fix CVE-2016-4971! > > Without this patch, the test succeeds, with this patch, the test fails.
Thanks for letting us know. Sigh, it means that someone (at SuSE ?) picked a patch that was made for v1.18 and applied it to 1.14 without testing it (well, it is just a 'make check'). Smells somewhat like a greenhorn's mistake. This makes me feel somewhat desperate :-( SuSE should really thank you working on OpenCA and finding this out ! > > Josef With Best Regards, Tim
signature.asc
Description: OpenPGP digital signature
