Package: libidn / 1.29-1+deb8u2

Metadata

Package Version Patches format
libidn 1.29-1+deb8u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_CVE 2015 2059.patch | (download)

lib/gl/Makefile.am | 10 9 + 1 - 0 !
lib/gl/m4/gnulib-cache.m4 | 3 2 + 1 - 0 !
lib/gl/m4/gnulib-comp.m4 | 5 5 + 0 - 0 !
lib/gl/unistr/u8-check.c | 105 105 + 0 - 0 !
lib/gltests/Makefile.am | 10 10 + 0 - 0 !
lib/gltests/unistr/test-u8-check.c | 188 188 + 0 - 0 !
lib/nfkc.c | 19 16 + 3 - 0 !
lib/strerror-idna.c | 2 1 + 1 - 0 !
lib/strerror-stringprep.c | 4 4 + 0 - 0 !
lib/stringprep.c | 5 4 + 1 - 0 !
lib/stringprep.h | 1 1 + 0 - 0 !
tests/Makefile.am | 2 1 + 1 - 0 !
tests/tst_badutf8.c | 50 50 + 0 - 0 !
tests/tst_idna4.c | 4 3 + 1 - 0 !
tests/tst_stringprep.c | 22 16 + 6 - 0 !
15 files changed, 415 insertions(+), 15 deletions(-)

 libidn: stringprep_utf8_to_ucs4 now rejects invalid utf-8. cve-2015-2059


02_CVE 2015 2059 2.patch | (download)

lib/idna.c | 10 8 + 2 - 0 !
tests/Makefile.am | 2 1 + 1 - 0 !
tests/tst_utf8crash.c | 48 48 + 0 - 0 !
3 files changed, 57 insertions(+), 3 deletions(-)

 libidn: fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz.


03_skip makeinfo.patch | (download)

doc/Makefile.am | 10 1 + 9 - 0 !
1 file changed, 1 insertion(+), 9 deletions(-)

---
04_CVE 2015 8948 idn Use getline instead of fgets with fixed size buf.patch | (download)

gl/Makefile.am | 196 195 + 1 - 0 !
gl/getdelim.c | 135 135 + 0 - 0 !
gl/getline.c | 27 27 + 0 - 0 !
gl/m4/getdelim.m4 | 88 88 + 0 - 0 !
gl/m4/getline.m4 | 96 96 + 0 - 0 !
gl/m4/gnulib-cache.m4 | 3 2 + 1 - 0 !
gl/m4/gnulib-comp.m4 | 40 35 + 5 - 0 !
gl/m4/realloc.m4 | 76 76 + 0 - 0 !
gl/realloc.c | 79 79 + 0 - 0 !
gl/stdint.in.h | 635 635 + 0 - 0 !
gl/stdlib.in.h | 954 954 + 0 - 0 !
gltests/Makefile.am | 171 18 + 153 - 0 !
gltests/test-getdelim.c | 94 94 + 0 - 0 !
gltests/test-getline.c | 94 94 + 0 - 0 !
src/idn.c | 35 18 + 17 - 0 !
15 files changed, 2546 insertions(+), 177 deletions(-)

 [patch] idn: use getline instead of fgets with fixed-size buffer.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes out-of-bounds read, reported by Hanno Böck.

05_CVE 2015 8948 Really fix bug when reading 00 inputs.patch | (download)

src/idn.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch] really fix bug when reading \00 inputs.


06_CVE 2016 6261 Add regression check for Hanno B ck s stack OOB issu.patch | (download)

tests/Makefile.am | 2 1 + 1 - 0 !
tests/tst_toascii64oob.c | 59 59 + 0 - 0 !
2 files changed, 60 insertions(+), 1 deletion(-)

 [patch] =?utf-8?q?add=20regression=20check=20for=20hanno=20b?=
 =?UTF-8?q?=C3=B6ck's=20stack=20OOB=20issue.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit


07_CVE 2016 6261 Fix out of bounds stack read. Report and patch by Ha.patch | (download)

lib/idna.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch] =?utf-8?q?fix=20out-of-bounds=20stack=20read.=20=20report?=
 =?UTF-8?q?=20and=20patch=20by=20Hanno=20B=C3=B6ck.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit


08_CVE 2016 6261 Fix memory leak in last fix.patch | (download)

lib/idna.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] fix memory leak in last fix.


09_CVE 2016 6263 stringprep_utf8_nfkc_normalize Reject invalid UTF8 i.patch | (download)

lib/nfkc.c | 10 10 + 0 - 0 !
tests/Makefile.am | 3 2 + 1 - 0 !
tests/tst_badutf8nfkc.c | 41 41 + 0 - 0 !
3 files changed, 53 insertions(+), 1 deletion(-)

 [patch] stringprep_utf8_nfkc_normalize: reject invalid utf8 instead
 of crashing.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also add regression self check.  Reported by Hanno Böck.