diff --git a/Add-libidn2_register_fuzzer-and-corpora.patch b/Add-libidn2_register_fuzzer-and-corpora.patch new file mode 100644 index 0000000..41f6f54 --- /dev/null +++ b/Add-libidn2_register_fuzzer-and-corpora.patch @@ -0,0 +1,174 @@ +From a35e324d9245835abb07166910ffc9ec9d690038 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Sat, 5 Jan 2019 21:10:04 +0100 +Subject: [PATCH] Add libidn2_register_fuzzer and corpora + +--- + fuzz/Makefile.am | 4 +- + fuzz/libidn2_register_fuzzer.c | 68 ++++++++++++++++++++++++++++++++++ + lib/context.c | 24 ++++++++---- + 3 files changed, 87 insertions(+), 9 deletions(-) + create mode 100644 fuzz/libidn2_register_fuzzer.c + +diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am +index bc55d30..6f6d7c8 100644 +--- a/fuzz/Makefile.am ++++ b/fuzz/Makefile.am +@@ -6,12 +6,14 @@ LDADD = ../lib/libidn2.la ../gl/libgnu.la $(LTLIBUNISTRING) + + IDN_TESTS = \ + libidn2_to_ascii_8z_fuzzer$(EXEEXT) \ +- libidn2_to_unicode_8z8z_fuzzer$(EXEEXT) ++ libidn2_to_unicode_8z8z_fuzzer$(EXEEXT) \ ++ libidn2_register_fuzzer$(EXEEXT) + + check_PROGRAMS = $(IDN_TESTS) + + libidn2_to_ascii_8z_fuzzer_SOURCES = libidn2_to_ascii_8z_fuzzer.c main.c fuzzer.h + libidn2_to_unicode_8z8z_fuzzer_SOURCES = libidn2_to_unicode_8z8z_fuzzer.c main.c fuzzer.h ++libidn2_register_fuzzer_SOURCES = libidn2_register_fuzzer.c main.c fuzzer.h + + dist-hook: + find . -name '*.options' -exec cp -v '{}' $(distdir) ';' +diff --git a/fuzz/libidn2_register_fuzzer.c b/fuzz/libidn2_register_fuzzer.c +new file mode 100644 +index 0000000..7164a93 +--- /dev/null ++++ b/fuzz/libidn2_register_fuzzer.c +@@ -0,0 +1,68 @@ ++/* ++ * Copyright(c) 2019 Tim Ruehsen ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a ++ * copy of this software and associated documentation files (the "Software"), ++ * to deal in the Software without restriction, including without limitation ++ * the rights to use, copy, modify, merge, publish, distribute, sublicense, ++ * and/or sell copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ++ * DEALINGS IN THE SOFTWARE. ++ * ++ * This file is part of libidn2. ++ */ ++ ++#include ++ ++#include /* assert */ ++#include /* malloc, free */ ++#include /* memcpy */ ++ ++#include "idn2.h" ++#include "fuzzer.h" ++ ++int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) ++{ ++ char *ulabel, *alabel; ++ char *out; ++ ++ if (size > 1024) ++ return 0; ++ ++ ulabel = (char *) malloc(size + 1); ++ assert(ulabel != NULL); ++ ++ /* 0 terminate */ ++ memcpy(ulabel, data, size); ++ ulabel[size] = 0; ++ ++ if (idn2_register_ul(ulabel, NULL, &out, 0) == IDNA_SUCCESS) ++ idn2_free(out); ++ ++ free(ulabel); ++ ++ alabel = (char *) malloc(size + 4 + 1); ++ assert(alabel != NULL); ++ ++ /* 0 terminate */ ++ memcpy(alabel, "xn--", 4); ++ memcpy(alabel + 4, data, size); ++ alabel[size] = 0; ++ ++ if (idn2_register_ul(NULL, alabel, &out, 0) == IDNA_SUCCESS) ++ idn2_free(out); ++ ++ free(alabel); ++ ++ return 0; ++} +diff --git a/lib/context.c b/lib/context.c +index 991ec9f..1ee9ba3 100644 +--- a/lib/context.c ++++ b/lib/context.c +@@ -29,11 +29,8 @@ + #include + + #include "idn2.h" +- + #include "tables.h" +- + #include /* uc_combining_class, UC_CCC_VR */ +- + #include "context.h" + + int +@@ -115,6 +112,17 @@ _idn2_contextj_rule (const uint32_t * label, size_t llen, size_t pos) + return IDN2_CONTEXTJ_NO_RULE; + } + ++static inline const char * ++_uc_script_name (ucs4_t uc) ++{ ++ const uc_script_t *ucs = uc_script(uc); ++ ++ if (!ucs) ++ return ""; ++ ++ return ucs->name; ++} ++ + int + _idn2_contexto_rule (const uint32_t * label, size_t llen, size_t pos) + { +@@ -140,7 +148,7 @@ _idn2_contexto_rule (const uint32_t * label, size_t llen, size_t pos) + /* GREEK LOWER NUMERAL SIGN (KERAIA) */ + if (pos == llen - 1) + return IDN2_CONTEXTO; +- if (strcmp (uc_script (label[pos + 1])->name, "Greek") == 0) ++ if (strcmp (_uc_script_name (label[pos + 1]), "Greek") == 0) + return IDN2_OK; + return IDN2_CONTEXTO; + break; +@@ -151,7 +159,7 @@ _idn2_contexto_rule (const uint32_t * label, size_t llen, size_t pos) + /* HEBREW PUNCTUATION GERSHAYIM */ + if (pos == 0) + return IDN2_CONTEXTO; +- if (strcmp (uc_script (label[pos - 1])->name, "Hebrew") == 0) ++ if (strcmp (_uc_script_name (label[pos - 1]), "Hebrew") == 0) + return IDN2_OK; + return IDN2_CONTEXTO; + break; +@@ -202,9 +210,9 @@ _idn2_contexto_rule (const uint32_t * label, size_t llen, size_t pos) + bool script_ok = false; + + for (i = 0; !script_ok && i < llen; i++) +- if (strcmp (uc_script (label[i])->name, "Hiragana") == 0 +- || strcmp (uc_script (label[i])->name, "Katakana") == 0 +- || strcmp (uc_script (label[i])->name, "Han") == 0) ++ if (strcmp (_uc_script_name (label[i]), "Hiragana") == 0 ++ || strcmp (_uc_script_name (label[i]), "Katakana") == 0 ++ || strcmp (_uc_script_name (label[i]), "Han") == 0) + script_ok = true; + + if (script_ok) +-- +2.19.1 + diff --git a/Fix-free-of-random-stack-value-in-idn2_to_ascii_4i.patch b/Fix-free-of-random-stack-value-in-idn2_to_ascii_4i.patch new file mode 100644 index 0000000..62231e4 --- /dev/null +++ b/Fix-free-of-random-stack-value-in-idn2_to_ascii_4i.patch @@ -0,0 +1,28 @@ +From dfedd4024b01bf08d5b55ed8fb29c009b887f083 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Sat, 5 Jan 2019 22:49:13 +0100 +Subject: [PATCH] Fix free of random (stack) value in idn2_to_ascii_4i() + +--- + lib/lookup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/lookup.c b/lib/lookup.c +index 14e87da..7c5b52b 100644 +--- a/lib/lookup.c ++++ b/lib/lookup.c +@@ -619,9 +619,10 @@ idn2_to_ascii_4i (const uint32_t * input, size_t inlen, char * output, int flags + */ + if (output) + strcpy (output, (const char *) output_u8); ++ ++ free(output_u8); + } + +- free(output_u8); + return rc; + } + +-- +1.7.12.4 + diff --git a/README.en.md b/README.en.md deleted file mode 100644 index 213ae19..0000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# libidn2 - -#### Description -{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**} - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md deleted file mode 100644 index 1ccea0c..0000000 --- a/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# libidn2 - -#### 介绍 -{**以下是码云平台说明,您可以替换此简介** -码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台 -无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)} - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 码云特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目 -5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/Restrict-output-length-to-63.patch b/Restrict-output-length-to-63.patch new file mode 100644 index 0000000..e247c40 --- /dev/null +++ b/Restrict-output-length-to-63.patch @@ -0,0 +1,37 @@ +From e4d1558aa2c1c04a05066ee8600f37603890ba8c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Wed, 9 Jan 2019 14:36:16 +0100 +Subject: [PATCH] idn2_to_ascii_4i(): Restrict output length to 63 + +--- + lib/lookup.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/lib/lookup.c b/lib/lookup.c +index 7c5b52bb..cc918d95 100644 +--- a/lib/lookup.c ++++ b/lib/lookup.c +@@ -617,10 +617,18 @@ idn2_to_ascii_4i (const uint32_t * input, size_t inlen, char * output, int flags + * char * out output zero terminated string that must have room for at + * least 63 characters plus the terminating zero. + */ ++ size_t len = strlen ((char *) output_u8); ++ ++ if (len > 63) ++ { ++ free (output_u8); ++ return IDN2_TOO_BIG_DOMAIN; ++ } ++ + if (output) +- strcpy (output, (const char *) output_u8); ++ strcpy (output, (char *) output_u8); + +- free(output_u8); ++ free (output_u8); + } + + return rc; +-- +2.22.0 + diff --git a/bugfix-libidn2-change-rpath.patch b/bugfix-libidn2-change-rpath.patch new file mode 100644 index 0000000..2127f9a --- /dev/null +++ b/bugfix-libidn2-change-rpath.patch @@ -0,0 +1,57 @@ +From bd59ee8712c74487f02891508ad9de51fe670588 Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam +Date: Wed, 1 Jan 2020 00:46:32 +0800 +Subject: [PATCH] change rpath + +--- + libidn2-2.0.5/configure | 4 +++- + libidn2-2.0.5/m4/libtool.m4 | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/libidn2-2.0.5/configure b/libidn2-2.0.5/configure +index c726942..f7dc93a 100755 +--- a/libidn2-2.0.5/configure ++++ b/libidn2-2.0.5/configure +@@ -14295,6 +14295,8 @@ fi + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes ++ ++ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not +@@ -14304,7 +14306,7 @@ fi + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` +- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" ++ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on +diff --git a/libidn2-2.0.5/m4/libtool.m4 b/libidn2-2.0.5/m4/libtool.m4 +index ee80844..2ff9b60 100644 +--- a/libidn2-2.0.5/m4/libtool.m4 ++++ b/libidn2-2.0.5/m4/libtool.m4 +@@ -2865,6 +2865,8 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes ++ ++ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not +@@ -2874,7 +2876,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` +- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" ++ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on +-- +1.8.3.1 + diff --git a/fix-compile-error-about-missing-aclocal.patch b/fix-compile-error-about-missing-aclocal.patch new file mode 100644 index 0000000..61594e1 --- /dev/null +++ b/fix-compile-error-about-missing-aclocal.patch @@ -0,0 +1,26 @@ +From c178e8f982802db37fcf6173331bcc7a8128f4ee Mon Sep 17 00:00:00 2001 +From: wangjia +Date: Thu, 20 Dec 2018 03:04:48 +0000 +Subject: [PATCH] libidn2: fix compile error about missing aclocal + +reason: fix compile error about missing aclocal +--- + configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure b/configure +index 8651a7a..31a5ed9 100755 +--- a/configure ++++ b/configure +@@ -3285,7 +3285,7 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + ac_config_headers="$ac_config_headers config.h" + + +-am__api_version='1.15' ++am__api_version='1.16' + + # Find a good install program. We prefer a C program (faster), + # so one script is as good as another. But avoid the broken or +-- +2.19.1 + diff --git a/libidn2-2.0.5.tar.gz b/libidn2-2.0.5.tar.gz new file mode 100644 index 0000000..06e2a98 Binary files /dev/null and b/libidn2-2.0.5.tar.gz differ diff --git a/libidn2-2.0.5.tar.gz.sig b/libidn2-2.0.5.tar.gz.sig new file mode 100644 index 0000000..b1307cc Binary files /dev/null and b/libidn2-2.0.5.tar.gz.sig differ diff --git a/libidn2.spec b/libidn2.spec new file mode 100644 index 0000000..a5b246a --- /dev/null +++ b/libidn2.spec @@ -0,0 +1,94 @@ +Name: libidn2 +Version: 2.0.5 +Release: 6 +Summary: GNU IDN Library +License: (GPLv2+ or LGPLv3+) and GPLv3+ +URL: https://www.gnu.org/software/libidn/#libidn2 +Source0: https://ftp.gnu.org/gnu/libidn/%{name}-%{version}.tar.gz + +Patch0: bugfix-libidn2-change-rpath.patch +Patch6000: Fix-free-of-random-stack-value-in-idn2_to_ascii_4i.patch +Patch6001: Add-libidn2_register_fuzzer-and-corpora.patch +Patch6002: Restrict-output-length-to-63.patch +Patch9000: fix-compile-error-about-missing-aclocal.patch + +#Dependency +BuildRequires: gcc gettext libunistring-devel autoconf texinfo +Provides: bundled(gnulib) +Provides: idn2 +Obsoletes: idn2 + +%description +Libidn2 is a free software implementation of IDNA2008, Punycode and TR46. +Its purpose is to encode and decode internationalized domain names. + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +Files for %{name} development + +%package_help + +#Build sections +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +autoreconf +%configure --disable-static +%make_build + +%install +%make_install +%delete_la +make %{?_smp_mflags} -C examples distclean +%find_lang %{name} + +%check +make %{?_smp_mflags} -C tests check + +#Install and uninstall scripts +%pre + +%preun + +%ldconfig_scriptlets + +%files -f %{name}.lang +%doc AUTHORS NEWS README.md +%license COPYING COPYING.LESSERv3 COPYING.unicode COPYINGv2 +%{_bindir}/idn2 +%{_libdir}/%{name}.so.* +%exclude %{_datadir}/info/dir + + +%files devel +%{_includedir}/*.h +%{_libdir}/%{name}.so +%doc doc/%{name}.html examples +%{_libdir}/pkgconfig/%{name}.pc + +%files help +%{_mandir}/man1/idn2.1* +%{_mandir}/man3/* +%{_infodir}/%{name}.info* +%{_datadir}/gtk-doc/ + +%changelog +* Wed Jan 1 2020 openEuler Buildteam - 2.0.5-6 +- Fix bug in patched + +* Sat Dec 21 2019 openEuler Buildteam - 2.0.5-5 +- Fix Memory access out of bounds + +* Mon Oct 28 2019 shenyangyang - 2.0.5-4 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add build requires of texinfo to solve the build problem + +* Wed Jul 18 2018 openEuler Buildteam - 2.0.5-3 +- Package init