Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock links2/2.18-2: It fixes a crash on invalid IDN URLs (e.g. http://test,ï.com/) which is currently present and easily reproducible in Debian Buster. See https://bugs.debian.org/926674 for the according Debian bug report. The patch has been provided by upstream to Debian and is part of upstream's 2.19 release (currently in Debian Experimental). Full debdiff between 2.18-1 and 2.18-2: diff -Nru links2-2.18/debian/changelog links2-2.18/debian/changelog --- links2-2.18/debian/changelog 2019-01-23 01:58:22.000000000 +0100 +++ links2-2.18/debian/changelog 2019-04-08 21:28:08.000000000 +0200 @@ -1,3 +1,10 @@ +links2 (2.18-2) unstable; urgency=low + + * Cherry-pick patch from upstream to fix crash on invalid IDN + URL. (Closes: #926674) + + -- Axel Beckert <a...@debian.org> Mon, 08 Apr 2019 21:28:08 +0200 + links2 (2.18-1) unstable; urgency=medium * Import new upstream release 2.18. diff -Nru links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch --- links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch 1970-01-01 01:00:00.000000000 +0100 +++ links2-2.18/debian/patches/fix-crash-on-invalid-idn-url.patch 2019-04-08 21:28:08.000000000 +0200 @@ -0,0 +1,20 @@ +Description: Fix a crash on invalid IDN URL + Example: http://test,ï.com/ + . + Found by lsxv...@gmail.com. +Origin: commit 9dc711da9b61431f83f863920583d4c9d3bea26d +Author: Mikulas Patocka <miku...@twibright.com> +Date: Sat Mar 30 22:36:43 2019 +0100 +Bug-Debian: https://bugs.debian.org/926674 + +--- a/url.c ++++ b/url.c +@@ -1153,6 +1153,8 @@ + url_enc = idn_encode_url(url_conv2, 0); + else + url_enc = idn_encode_host(url_conv2, (int)strlen(cast_const_char url_conv2), separator, 0); ++ if (!url_enc) ++ url_enc = stracpy(url_conv2), is_idn = 1; + mem_free(url_conv2); + if (!strcmp(cast_const_char url_enc, cast_const_char url)) { + if (is_idn && warn_idn) { diff -Nru links2-2.18/debian/patches/series links2-2.18/debian/patches/series --- links2-2.18/debian/patches/series 2018-03-29 01:51:56.000000000 +0200 +++ links2-2.18/debian/patches/series 2019-04-08 21:28:08.000000000 +0200 @@ -5,3 +5,4 @@ use-local-calibration-files.diff use-packaged-publicsuffix.diff fix-FTBFS-with-autoreconf-enabled.diff +fix-crash-on-invalid-idn-url.patch So please unblock links2/2.18-2 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
