Libidn2 NEWS -- History of user-visible changes. -*- outline -*- Copyright (C) 2011-2017 Simon Josefsson Copyright (C) 2018-2019 Tim Ruehsen See the end for copying conditions. * Version 2.x.x (unreleased) ** Mitre has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) ** Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Version 2.2.0 (released 2019-05-23) ** Perform A-Label roundtrip for lookup functions by default [...] That's mentioned in commit [1]. The solution might be to stabilise 2.2.0 but [2] suggests that the SONAME might need to be bumped because _idn2_punycode_decode was removed, or some symbols might need to be reinstated (this happens a lot with libidn/libidn2). [1] https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5 [2] https://gitlab.com/libidn/libidn2/issues/74
@ maintainer(s): How about rev bumping and adding https://gitlab.com/fweimer/libidn2/commit/fdd3b791c23d366c89264b15b50aeb5bb98ad1ce ?
(In reply to Jeroen Roovers from comment #0) > > The solution might be to stabilise 2.2.0 but [2] suggests that the SONAME > might need to be bumped because _idn2_punycode_decode was removed, or some > symbols might need to be reinstated (this happens a lot with libidn/libidn2). > That part is fixed in 2.3.0, so we should probably go for 2.3.0 instead. Has also the advantage of Unicode 11, bringing libidn2 back in step with glibc, and of fixing the related failures in the glibc test suite.
(In reply to Andreas K. Hüttel from comment #2) > (In reply to Jeroen Roovers from comment #0) > > > > The solution might be to stabilise 2.2.0 but [2] suggests that the SONAME > > might need to be bumped because _idn2_punycode_decode was removed, or some > > symbols might need to be reinstated (this happens a lot with libidn/libidn2). > > > > That part is fixed in 2.3.0, so we should probably go for 2.3.0 instead. Yes, hence the change dated 2019-11-14...
arm64 stable
hppa/sparc stable
amd64 stable
arm stable
s390 stable
ppc stable
ppc64 stable
ia64 stable
x86 stable
SuperH port disbanded.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=587cf62ba1aa7f20122547ae627532e544a91168 commit 587cf62ba1aa7f20122547ae627532e544a91168 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-03-29 10:24:58 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-03-29 10:25:01 +0000 net-dns/libidn2: destabilize down to ~m68k Bug: https://bugs.gentoo.org/697752 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> net-dns/libidn2/libidn2-2.1.1a-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Destabilized down to ~m68k.
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5973465138e4612bffbc5f71285dc0e403f3c2f7 commit 5973465138e4612bffbc5f71285dc0e403f3c2f7 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-03-30 04:03:08 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-03-30 04:03:29 +0000 net-dns/libidn2: Old Package-Manager: Portage-2.3.96, Repoman-2.3.22 Bug: https://bugs.gentoo.org/show_bug.cgi?id=697752 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-dns/libidn2/Manifest | 1 - net-dns/libidn2/libidn2-2.1.1a-r1.ebuild | 53 -------------------------------- 2 files changed, 54 deletions(-)
Thanks everyone.
Adding CVE-2019-18224. New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-63 at https://security.gentoo.org/glsa/202003-63 by GLSA coordinator Thomas Deutschmann (whissi).