rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Fri, 15 Sep 2017 04:40:20 +0000 (07:40 +0300)
committer	Peter Korsgaard <peter@korsgaard.com>
	Fri, 22 Sep 2017 15:36:42 +0000 (17:36 +0200)
commit	49cb795f7965328ce7a57cbc3736b0fc03919fe7
tree	abef3ea40f60b83fdfb2ab7fc8b5a61b78ce7d5e	tree \| snapshot
parent	a41d44a8c93b63e8ba2da32b1680333f77ec1452	commit \| diff

libidn: add fix for CVE-2017-14062

Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch	[new file with mode: 0644]	blob
package/libidn/libidn.mk		diff \| blob \| history