From 49cb795f7965328ce7a57cbc3736b0fc03919fe7 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Fri, 15 Sep 2017 07:40:20 +0300 Subject: [PATCH] libidn: add fix for CVE-2017-14062 Add upstream patch fixing CVE-2017-14062: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. This issue also affects libidn. Unfortunately, the patch also triggers reconf of the documentation subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined in doc/Makefile.am. Add autoreconf to handle that. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- ....c-decode_digit-Fix-integer-overflow.patch | 36 +++++++++++++++++++ package/libidn/libidn.mk | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch diff --git a/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch b/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch new file mode 100644 index 0000000000..8a8ca47a66 --- /dev/null +++ b/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch @@ -0,0 +1,36 @@ +From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Fri, 1 Sep 2017 10:04:48 +0200 +Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow + +This fix is a backport from libidn2 and addresses +CVE-2017-14062. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit e9e81b8063b095 + + lib/punycode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/punycode.c b/lib/punycode.c +index 86819a7deb85..49250a13e2cc 100644 +--- a/lib/punycode.c ++++ b/lib/punycode.c +@@ -88,10 +88,10 @@ enum + /* point (for use in representing integers) in the range 0 to */ + /* base-1, or base if cp does not represent a value. */ + +-static punycode_uint +-decode_digit (punycode_uint cp) ++static unsigned ++decode_digit (int cp) + { +- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : ++ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : + cp - 97 < 26 ? cp - 97 : base; + } + +-- +2.14.1 + diff --git a/package/libidn/libidn.mk b/package/libidn/libidn.mk index b96e742621..420b8dfb91 100644 --- a/package/libidn/libidn.mk +++ b/package/libidn/libidn.mk @@ -12,6 +12,8 @@ LIBIDN_CONF_OPTS = --disable-java --enable-csharp=no LIBIDN_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES) $(if $(BR2_PACKAGE_LIBICONV),libiconv) LIBIDN_LICENSE = GPL-2.0+, GPL-3.0+, LGPL-3.0+ LIBIDN_LICENSE_FILES = COPYINGv2 COPYINGv3 COPYING.LESSERv3 +# lib/punycode.c patch triggers reconf in doc/ +LIBIDN_AUTORECONF = YES define LIBIDN_REMOVE_BINARY rm -f $(TARGET_DIR)/usr/bin/idn -- 2.30.2