Changelog for
libidn2-0-32bit-2.2.0-lp150.2.3.1.x86_64.rpm :
* Tue May 28 2019 Martin Pluskal
- Update to version 2.2.0 CVE-2019-12290 bsc#1154884:
* Perform A-Label roundtrip for lookup functions by default
* Stricter check of input to punycode decoder
* Fix punycode decoding with no ASCII chars but given delimiter
* Fix \'idn2 --no-tr64\' (was a no-op)
* Allow _ as a basic code point in domain labels
* Fail building documentation if \'ronn\' isn\'t installed
* git tag changed to reflect https://semver.org/
* Wed Feb 20 2019 Andreas Stieger - update to 2.1.1 CVE-2019-18224 bsc#1154887:
* Revert SONAME bump from release 2.1.0
* Fix NULL dereference in idn2_register_u8() and idn2_register_ul()
* Fix free of random value in idn2_to_ascii_4i()
* Improved fuzzer (which found the above issues)
* Check for valid unicode input in punycode encoder
* Avoid excessive CPU usage in punycode encoding with large inputs
* Deprecate idn2_to_ascii_4i() in favor of idn2_to_ascii_4i2()
* Restrict output length of idn2_to_ascii_4i() to 63 bytes
* Sat Jan 05 2019 astiegerAATTsuse.com- update to 2.1.0:
* Two internal functions are no longer exposed, soname bump
* Fix label length check for idn2_register_u8()
* Add missing error messages to idn2_strerror_name()
* Mon May 28 2018 astiegerAATTsuse.com- update to 2.0.5:
* Switch the default library behavior to IDNA2008 as amended by TR#46 (non-transitional). That default behavior is enabled when no flags are specified to function calls. Applications can utilize the %IDN2_NO_TR46 flag to switch to the unamended IDNA2008. This is done in the interest of interoperability based on the fact that this is what application writers care about rather than strict compliance with a particular protocol
* Fixed memory leak in idn2_to_unicode_8zlz()
* Return error (IDN2_ICONV_FAIL) on charset conversion errors
* Fixed issue with STD3 rules applying in non-transitional TR46 mode
* idn2: added option --usestd3asciirules- put translations into libidn2-lang- correct location of install_info_prereq macro to be on tools
* Wed Aug 30 2017 astiegerAATTsuse.com- update to 2.0.4:
* Fix integer overflow in bidi.c/_isBidi() bsc#1056451
* Fix integer overflow in puny_decode.c/decode_digit() bsc#1056450
* Fix idna_free() to idn_free()- enable documentation again
* Mon Jul 24 2017 astiegerAATTsuse.com- update to 2.0.3:
* %IDN2_USE_STD3_ASCII_RULES disabled by default. Previously libidn2 was eliminating non-STD3 characters from domain strings such as _443._tcp.example.com, or IPs such as 1.2.3.4/24 provided to libidn2 functions. That was an unexpected regression for applications switching from libidn and thus it is no longer applied by default. Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again.- disable documentation, does not build correctly
* Sat May 20 2017 astiegerAATTsuse.com- update to 2.0.2:
* Fix TR46 transitional mode
* Fix several documentation issues
* Tue Apr 25 2017 pmonrealgonzalezAATTsuse.com- Sources updated from http://alpha.gnu.org to https://ftp.gnu.org
* Mon Apr 24 2017 pmonrealgonzalezAATTsuse.com- Update to version 2.0.1- Version 2.0.1 (released 2017-04-22)
* idn2 utility now using IDNA2008 + TR46 by default- Version 2.0.0 (released 2017-03-29) [alpha]
* Version numbering scheme changed
* Added to ASCII conversion functions corresponding to libidn1 functions: - idn2_to_ascii_4i - idn2_to_ascii_4z - idn2_to_ascii_8z - idn2_to_ascii_lz
* Added to unicode conversion functions corresponding to libidn1 functions: - idn2_to_unicode_8z4z - idn2_to_unicode_4z4z - idn2_to_unicode_44i - idn2_to_unicode_8z8z - idn2_to_unicode_8zlz - idn2_to_unicode_lzlz
* Including idn2.h will provide libidn1 compatibility functions unless IDN2_SKIP_LIBIDN_COMPAT is defined. That allows converting applications from libidn1 (which offers IDNA2003) to libidn2 (which offers IDNA2008) by replacing idna.h to idn2.h in the applications\' source.- Dropped patch not needed after revision
* libidn2-no-examples-build.patch
* Thu Jan 19 2017 shshyukrievAATTsuse.com- Update to version 0.16
* build: Fix idn2_cmd.h build rule.
* API and ABI is backwards compatible with the previous version.- Update to version 0.15 (released 2017-01-14)
* Fix out-of-bounds read.
* Fix NFC input conversion (regression).
* Shrink TR46 static mapping data.
* API and ABI is backwards compatible with the previous version.- Update to version 0.14 (released 2016-12-30)
* build: Fix gentr46map build.
* API and ABI is backwards compatible with the previous version.- Update to version 0.13:
* build: Doesn\'t download external files during build.
* doc: Clarify license.
* build: Generate ChangeLog file properly.
* doc: API documentation related to TR46 flags.
* API and ABI is backwards compatible with the previous version.- Update to version 0.12:
* Builds/links with libunistring.
* Fix two possible crashes with unchecked NULL pointers.
* Memleak fix.
* Binary search for codepoints in tables.
* Do not taint output variable on error in idn2_register_u8().
* Do not taint output variable on error in idn2_lookup_u8().
* Update to Unicode 6.3.0 IDNA tables.
* Add TR46 / UTS#46 support to API and idn2 utility.
* Add NFC quick check.
* Add make target \'check-coverage\' for test coverage report.
* Add tests to increase test code coverage.
* API and ABI is backwards compatible with the previous version.
* Thu Dec 08 2016 astiegerAATTsuse.com- update to 0.11:
* Fix stack underflow in \'idn2\' command line tool. [boo#1014473]
* Fix gdoc script to fix texinfo syntax error.
* API and ABI is backwards compatible with the previous version.
* Fri Oct 21 2016 tchvatalAATTsuse.com- Convert to libidn2 package started to being used, namely by curl- Alternative implementation based on new specification from 2008 + completely different codebase with no ties to libidn
* Wed Jul 20 2016 astiegerAATTsuse.com- libidn 1.33:
* bnc#990189 CVE-2015-8948 CVE-2016-6262
* bnc#990190 CVE-2016-6261
* bnc#990191 CVE-2016-6263
* libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.
* idn: Solve out-of-bounds-read when reading one zero byte as input.
* libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8.
* Thu Aug 13 2015 mpluskalAATTsuse.com- Update to 1.32
* libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz. This problem was introduced in 1.31.
* API and ABI is backwards compatible with the previous version.- Update gpg keyring
* Thu Jul 09 2015 tchvatalAATTsuse.com- Add Apache-2.0 license to the license line. Under this is the java code, but we don\'t build it -> just the sources license
* Thu Jul 09 2015 tchvatalAATTsuse.com- Version bump to 1.31:
* Fixes bnc#923241 CVE-2015-2059 out-of-bounds read with stringprep on invalid UTF-8
* Few other triv changes
* Fri Mar 13 2015 tchvatalAATTsuse.com- Version bump to 1.30:
* punycode.{c,h} files were reimported- Cleanup with spec-cleaner
* Mon Oct 20 2014 iAATTmarguerite.su- update version 1.29:
* libidn: Mark internal variable \"g_utf8_skip\" as static.
* idn: Flush stdout to simplify for tools that buffer too heavily.
* i18n: Added Brazilian Portuguese translation.
* Update gnulib files.
* API and ABI is backwards compatible with the previous version.