[Buildroot] [PATCH] libidn: add fix for CVE-2017-14062

Peter Korsgaard peter at korsgaard.com
Sat Sep 23 07:38:20 UTC 2017


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Add upstream patch fixing CVE-2017-14062:
 > Integer overflow in the decode_digit function in puny_decode.c in
 > Libidn2 before 2.0.4 allows remote attackers to cause a denial of
 > service or possibly have unspecified other impact.

 > This issue also affects libidn.

 > Unfortunately, the patch also triggers reconf of the documentation
 > subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
 > in doc/Makefile.am. Add autoreconf to handle that.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

The autoreconf causes some build issues related to makeinfo. Care to
take a look?

http://autobuild.buildroot.net/results/b4a/b4a89f59b251cf0f11dac7095367f5d2fdab01ba/

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list