commit libidn for openSUSE:Factory

Thu, 29 Mar 2018 02:52:04 -0700 

Hello community,

here is the log from the commit of package libidn for openSUSE:Factory checked 
in at 2018-03-29 11:51:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libidn (Old)
 and      /work/SRC/openSUSE:Factory/.libidn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libidn"

Thu Mar 29 11:51:15 2018 rev:50 rq:591041 version:1.33

Changes:
--------
--- /work/SRC/openSUSE:Factory/libidn/libidn.changes    2018-03-01 
12:05:54.902176389 +0100
+++ /work/SRC/openSUSE:Factory/.libidn.new/libidn.changes       2018-03-29 
11:51:16.555756047 +0200
@@ -1,0 +2,11 @@
+Mon Mar 26 11:19:51 UTC 2018 - [email protected]
+
+- Update summaries. Remove ineffective --with-pic.
+
+-------------------------------------------------------------------
+Mon Mar 26 08:36:44 UTC 2018 - [email protected]
+
+- Add patch to fix bsc#1056450 CVE-2017-14062:
+  * libidn-CVE-2017-14062.patch
+
+-------------------------------------------------------------------

New:
----
  libidn-CVE-2017-14062.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libidn.spec ++++++
--- /var/tmp/diff_new_pack.uNcDIH/_old  2018-03-29 11:51:17.563719747 +0200
+++ /var/tmp/diff_new_pack.uNcDIH/_new  2018-03-29 11:51:17.567719603 +0200
@@ -21,7 +21,7 @@
 Version:        1.33
 Release:        0
 Summary:        Support for Internationalized Domain Names (IDN)
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+ and Apache-2.0
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later 
AND Apache-2.0
 Group:          Development/Libraries/C and C++
 Url:            http://www.gnu.org/software/libidn/
 Source0:        http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz
@@ -29,6 +29,11 @@
 Source2:        libidn.keyring
 Source3:        baselibs.conf
 Patch0:         libidn-gcc7-part1.patch
+Patch1:         libidn-CVE-2017-14062.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  makeinfo
 BuildRequires:  pkgconfig
 Requires(post): %{install_info_prereq}
 
@@ -47,7 +52,7 @@
 
 %package tools
 Summary:        Command line utility to convert Int. Domain Names
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
 Group:          Productivity/Networking/DNS/Utilities
 
 %description tools
@@ -65,7 +70,7 @@
 
 %package -n %{lname}
 Summary:        Support for Internationalized Domain Names (IDN)
-License:        (GPL-2.0+ or LGPL-3.0+) and GPL-3.0+
+License:        (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
 Group:          System/Libraries
 
 %description -n %{lname}
@@ -82,8 +87,8 @@
 Compatible Encoding (ACE) via IDNA is supported.
 
 %package devel
-Summary:        Include Files and Libraries mandatory for Development
-License:        LGPL-2.1+
+Summary:        Development files for libidn
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 Requires:       %{lname} = %{version}
 Requires:       glibc-devel
@@ -104,11 +109,12 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
+autoreconf -fvi
 %configure \
     --disable-silent-rules \
-    --with-pic \
     --disable-static \
     --disable-gtk-doc
 make %{?_smp_mflags}
@@ -134,23 +140,20 @@
 %postun -n %{lname} -p /sbin/ldconfig
 
 %files tools -f %{name}.lang
-%defattr(-,root,root)
 %dir %{_datadir}/emacs
 %dir %{_datadir}/emacs/site-lisp
 %doc AUTHORS ChangeLog FAQ NEWS README THANKS TODO
 %{_infodir}/libidn*
 %{_bindir}/idn
-%{_mandir}/man1/idn.1%{ext_man}
+%{_mandir}/man1/idn.1%{?ext_man}
 %{_datadir}/emacs/site-lisp/idna.el
 %{_datadir}/emacs/site-lisp/punycode.el
 
 %files -n %{lname}
-%defattr(-,root,root)
 %license COPYING*
 %{_libdir}/libidn.so.11*
 
 %files devel
-%defattr(-,root,root)
 %{_libdir}/libidn.so
 %{_includedir}/*.h
 %{_libdir}/pkgconfig/libidn.pc


++++++ libidn-CVE-2017-14062.patch ++++++
Index: libidn-1.28/lib/punycode.c
===================================================================
--- libidn-1.28.orig/lib/punycode.c
+++ libidn-1.28/lib/punycode.c
@@ -89,11 +89,11 @@ enum
 /* point (for use in representing integers) in the range 0 to */
 /* base-1, or base if cp does not represent a value.          */
 
-static punycode_uint
-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
 {
-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
-    cp - 97 < 26 ? cp - 97 : base;
+  return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+    cp - 97 < 26 ? cp - 97 : base);
 }
 
 /* encode_digit(d,flag) returns the basic code point whose value      */
Index: libidn-1.28/tests/tst_idna.c
===================================================================
--- libidn-1.28.orig/tests/tst_idna.c
+++ libidn-1.28/tests/tst_idna.c
@@ -211,7 +211,7 @@ static const struct idna idna[] = {
     'x', 'n', '-', '-', 'f', 'o', 0x3067},
    IDNA_ACE_PREFIX "too long too long too long too long too long too "
    "long too long too long too long too long ", 0,
-   IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR}
+   IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH}
 };
 
 void

Reply via email to